2024-08-28 21:46:45 +02:00
|
|
|
package user
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
resource_object "github.com/zitadel/zitadel/internal/api/grpc/resources/object/v3alpha"
|
|
|
|
"github.com/zitadel/zitadel/internal/command"
|
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
|
|
object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
|
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (s *Server) CreateUser(ctx context.Context, req *user.CreateUserRequest) (_ *user.CreateUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
schemauser, err := createUserRequestToCreateSchemaUser(ctx, req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-09-25 15:31:31 +02:00
|
|
|
details, err := s.command.CreateSchemaUser(ctx, schemauser)
|
|
|
|
if err != nil {
|
2024-08-28 21:46:45 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.CreateUserResponse{
|
2024-09-25 15:31:31 +02:00
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
EmailCode: schemauser.ReturnCodeEmail,
|
|
|
|
PhoneCode: schemauser.ReturnCodePhone,
|
2024-08-28 21:46:45 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2024-09-27 17:52:18 +02:00
|
|
|
type authenticators struct {
|
|
|
|
Usernames []*command.Username
|
|
|
|
Password *command.SchemaUserPassword
|
|
|
|
PublicKeys []*command.PublicKey
|
|
|
|
PATs []*command.PAT
|
|
|
|
}
|
|
|
|
|
|
|
|
func setAuthenticatorsToAuthenticators(set *user.SetAuthenticators) *authenticators {
|
|
|
|
if set == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
auths := &authenticators{}
|
|
|
|
for _, u := range set.GetUsernames() {
|
|
|
|
auths.Usernames = append(auths.Usernames, setUsernameToAddUsername(u))
|
|
|
|
}
|
|
|
|
if set.GetPassword() != nil {
|
|
|
|
auths.Password = setPasswordToSchemaUserPassword(set.GetPassword().GetPassword(), set.GetPassword().GetHash(), set.GetPassword().GetChangeRequired())
|
|
|
|
}
|
|
|
|
for _, p := range set.GetPublicKey() {
|
|
|
|
auths.PublicKeys = append(auths.PublicKeys, setPublicKeyToAddPublicKey(p))
|
|
|
|
}
|
|
|
|
for _, p := range set.GetPersonalAccessToken() {
|
|
|
|
auths.PATs = append(auths.PATs, setPersonalAccessTokenToAddPAT(p))
|
|
|
|
}
|
|
|
|
return auths
|
|
|
|
}
|
|
|
|
|
2024-08-28 21:46:45 +02:00
|
|
|
func createUserRequestToCreateSchemaUser(ctx context.Context, req *user.CreateUserRequest) (*command.CreateSchemaUser, error) {
|
|
|
|
data, err := req.GetUser().GetData().MarshalJSON()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-09-17 10:27:48 +02:00
|
|
|
|
2024-09-27 17:52:18 +02:00
|
|
|
user := &command.CreateSchemaUser{
|
2024-09-17 10:27:48 +02:00
|
|
|
ResourceOwner: organizationToCreateResourceOwner(ctx, req.Organization),
|
2024-08-28 21:46:45 +02:00
|
|
|
SchemaID: req.GetUser().GetSchemaId(),
|
|
|
|
ID: req.GetUser().GetUserId(),
|
|
|
|
Data: data,
|
2024-09-25 15:31:31 +02:00
|
|
|
Email: setEmailToEmail(req.GetUser().GetContact().GetEmail()),
|
|
|
|
Phone: setPhoneToPhone(req.GetUser().GetContact().GetPhone()),
|
2024-09-27 17:52:18 +02:00
|
|
|
}
|
|
|
|
if auths := setAuthenticatorsToAuthenticators(req.GetUser().Authenticators); auths != nil {
|
|
|
|
user.Usernames = auths.Usernames
|
|
|
|
user.Password = auths.Password
|
|
|
|
user.PublicKeys = auths.PublicKeys
|
|
|
|
user.PATs = auths.PATs
|
|
|
|
}
|
|
|
|
return user, nil
|
2024-08-28 21:46:45 +02:00
|
|
|
}
|
|
|
|
|
2024-09-17 10:27:48 +02:00
|
|
|
func organizationToCreateResourceOwner(ctx context.Context, org *object.Organization) string {
|
|
|
|
resourceOwner := authz.GetCtxData(ctx).OrgID
|
|
|
|
if resourceOwnerReq := resource_object.ResourceOwnerFromOrganization(org); resourceOwnerReq != "" {
|
|
|
|
return resourceOwnerReq
|
|
|
|
}
|
|
|
|
return resourceOwner
|
|
|
|
}
|
|
|
|
|
|
|
|
func organizationToUpdateResourceOwner(org *object.Organization) string {
|
|
|
|
if resourceOwnerReq := resource_object.ResourceOwnerFromOrganization(org); resourceOwnerReq != "" {
|
|
|
|
return resourceOwnerReq
|
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2024-08-28 21:46:45 +02:00
|
|
|
func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-09-17 10:27:48 +02:00
|
|
|
details, err := s.command.DeleteSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
|
2024-08-28 21:46:45 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.DeleteUserResponse{
|
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkUserSchemaEnabled(ctx context.Context) error {
|
|
|
|
if authz.GetInstance(ctx).Features().UserSchema {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return zerrors.ThrowPreconditionFailed(nil, "TODO", "Errors.UserSchema.NotEnabled")
|
|
|
|
}
|
2024-09-17 10:27:48 +02:00
|
|
|
|
|
|
|
func (s *Server) PatchUser(ctx context.Context, req *user.PatchUserRequest) (_ *user.PatchUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
schemauser, err := patchUserRequestToChangeSchemaUser(req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-09-25 15:31:31 +02:00
|
|
|
details, err := s.command.ChangeSchemaUser(ctx, schemauser)
|
|
|
|
if err != nil {
|
2024-09-17 10:27:48 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.PatchUserResponse{
|
2024-09-25 15:31:31 +02:00
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
EmailCode: schemauser.ReturnCodeEmail,
|
|
|
|
PhoneCode: schemauser.ReturnCodePhone,
|
2024-09-17 10:27:48 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func patchUserRequestToChangeSchemaUser(req *user.PatchUserRequest) (_ *command.ChangeSchemaUser, err error) {
|
2024-09-25 15:31:31 +02:00
|
|
|
schemaUser, err := setSchemaUserToSchemaUser(req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
email, phone := setContactToContact(req.GetUser().GetContact())
|
|
|
|
return &command.ChangeSchemaUser{
|
|
|
|
ResourceOwner: organizationToUpdateResourceOwner(req.Organization),
|
|
|
|
ID: req.GetId(),
|
|
|
|
SchemaUser: schemaUser,
|
|
|
|
Email: email,
|
|
|
|
Phone: phone,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func setSchemaUserToSchemaUser(req *user.PatchUserRequest) (_ *command.SchemaUser, err error) {
|
|
|
|
if req.GetUser() == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
2024-09-17 10:27:48 +02:00
|
|
|
var data []byte
|
|
|
|
if req.GetUser().Data != nil {
|
|
|
|
data, err = req.GetUser().GetData().MarshalJSON()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-09-25 15:31:31 +02:00
|
|
|
return &command.SchemaUser{
|
|
|
|
SchemaID: req.GetUser().GetSchemaId(),
|
|
|
|
Data: data,
|
2024-09-17 10:27:48 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2024-09-25 15:31:31 +02:00
|
|
|
func setContactToContact(contact *user.SetContact) (*command.Email, *command.Phone) {
|
|
|
|
if contact == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
return setEmailToEmail(contact.GetEmail()), setPhoneToPhone(contact.GetPhone())
|
|
|
|
}
|
|
|
|
|
2024-09-17 10:27:48 +02:00
|
|
|
func (s *Server) DeactivateUser(ctx context.Context, req *user.DeactivateUserRequest) (_ *user.DeactivateUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
details, err := s.command.DeactivateSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.DeactivateUserResponse{
|
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) ActivateUser(ctx context.Context, req *user.ActivateUserRequest) (_ *user.ActivateUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
details, err := s.command.ActivateSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.ActivateUserResponse{
|
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) LockUser(ctx context.Context, req *user.LockUserRequest) (_ *user.LockUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
details, err := s.command.LockSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.LockUserResponse{
|
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) UnlockUser(ctx context.Context, req *user.UnlockUserRequest) (_ *user.UnlockUserResponse, err error) {
|
|
|
|
if err := checkUserSchemaEnabled(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
details, err := s.command.UnlockSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &user.UnlockUserResponse{
|
|
|
|
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
|
|
|
|
}, nil
|
|
|
|
}
|