2021-01-04 13:52:13 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2021-02-18 13:48:27 +00:00
|
|
|
|
2021-02-08 10:30:30 +00:00
|
|
|
"github.com/caos/zitadel/internal/eventstore/models"
|
2021-01-15 08:32:59 +00:00
|
|
|
"github.com/caos/zitadel/internal/eventstore/v2"
|
2021-01-08 10:33:45 +00:00
|
|
|
|
2021-01-04 13:52:13 +00:00
|
|
|
caos_errs "github.com/caos/zitadel/internal/errors"
|
|
|
|
"github.com/caos/zitadel/internal/v2/domain"
|
|
|
|
"github.com/caos/zitadel/internal/v2/repository/user"
|
|
|
|
)
|
|
|
|
|
2021-01-15 08:32:59 +00:00
|
|
|
func (r *CommandSide) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) {
|
2021-02-18 13:48:27 +00:00
|
|
|
human, err := r.getHumanWriteModelByID(ctx, userID, resourceowner)
|
2021-01-15 08:32:59 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
if !isUserStateExists(human.UserState) {
|
2021-01-15 08:32:59 +00:00
|
|
|
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound")
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
return writeModelToHuman(human), nil
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) {
|
2021-02-18 13:48:27 +00:00
|
|
|
events, addedHuman, err := r.addHuman(ctx, orgID, human)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
|
2021-01-08 10:33:45 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
|
|
|
|
err = AppendAndReduce(addedHuman, pushedEvents...)
|
2021-01-08 10:33:45 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return writeModelToHuman(addedHuman), nil
|
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
func (r *CommandSide) addHuman(ctx context.Context, orgID string, human *domain.Human) ([]eventstore.EventPusher, *HumanWriteModel, error) {
|
2021-01-04 13:52:13 +00:00
|
|
|
if !human.IsValid() {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid")
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
return r.createHuman(ctx, orgID, human, nil, false)
|
|
|
|
}
|
|
|
|
|
2021-02-08 10:30:30 +00:00
|
|
|
func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, orgMemberRoles []string) (*domain.Human, error) {
|
2021-02-18 13:48:27 +00:00
|
|
|
userEvents, registeredHuman, err := r.registerHuman(ctx, orgID, human, externalIDP)
|
2021-01-15 08:32:59 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-08 10:30:30 +00:00
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
orgMemberWriteModel := NewOrgMemberWriteModel(orgID, registeredHuman.AggregateID)
|
2021-02-08 10:30:30 +00:00
|
|
|
orgAgg := OrgAggregateFromWriteModel(&orgMemberWriteModel.WriteModel)
|
2021-02-18 13:48:27 +00:00
|
|
|
if len(orgMemberRoles) > 0 {
|
2021-02-08 10:30:30 +00:00
|
|
|
orgMember := &domain.Member{
|
|
|
|
ObjectRoot: models.ObjectRoot{
|
|
|
|
AggregateID: orgID,
|
|
|
|
},
|
2021-02-18 13:48:27 +00:00
|
|
|
UserID: human.AggregateID,
|
2021-02-08 10:30:30 +00:00
|
|
|
Roles: orgMemberRoles,
|
2021-01-21 09:49:38 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
memberEvent, err := r.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
userEvents = append(userEvents, memberEvent)
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
pushedEvents, err := r.eventstore.PushEvents(ctx, userEvents...)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-08 10:30:30 +00:00
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
err = AppendAndReduce(registeredHuman, pushedEvents...)
|
2021-02-08 10:30:30 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
return writeModelToHuman(registeredHuman), nil
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
func (r *CommandSide) registerHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP) ([]eventstore.EventPusher, *HumanWriteModel, error) {
|
2021-01-15 08:32:59 +00:00
|
|
|
if !human.IsValid() || externalIDP == nil && (human.Password == nil || human.SecretString == "") {
|
|
|
|
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-9dk45", "Errors.User.Invalid")
|
|
|
|
}
|
|
|
|
return r.createHuman(ctx, orgID, human, externalIDP, true)
|
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, selfregister bool) ([]eventstore.EventPusher, *HumanWriteModel, error) {
|
2021-01-04 13:52:13 +00:00
|
|
|
userID, err := r.idGenerator.Next()
|
|
|
|
if err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
|
|
|
human.AggregateID = userID
|
2021-01-08 10:33:45 +00:00
|
|
|
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, orgID)
|
2021-01-04 13:52:13 +00:00
|
|
|
if err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
2021-01-18 10:24:15 +00:00
|
|
|
pwPolicy, err := r.getOrgPasswordComplexityPolicy(ctx, orgID)
|
2021-01-05 08:33:45 +00:00
|
|
|
if err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-05 08:33:45 +00:00
|
|
|
}
|
2021-02-08 10:30:30 +00:00
|
|
|
if err := human.CheckOrgIAMPolicy(orgIAMPolicy); err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-07 15:06:45 +00:00
|
|
|
}
|
2021-01-04 13:52:13 +00:00
|
|
|
human.SetNamesAsDisplayname()
|
2021-01-07 15:06:45 +00:00
|
|
|
if err := human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true); err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-07 15:06:45 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
addedHuman := NewHumanWriteModel(human.AggregateID, orgID)
|
|
|
|
//TODO: adlerhurst maybe we could simplify the code below
|
2021-01-04 13:52:13 +00:00
|
|
|
userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel)
|
2021-02-18 13:48:27 +00:00
|
|
|
var events []eventstore.EventPusher
|
|
|
|
|
2021-01-15 08:32:59 +00:00
|
|
|
if selfregister {
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, createRegisterHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
|
2021-01-15 08:32:59 +00:00
|
|
|
} else {
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, createAddHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
|
|
|
|
2021-01-15 08:32:59 +00:00
|
|
|
if externalIDP != nil {
|
2021-02-18 13:48:27 +00:00
|
|
|
event, err := r.addHumanExternalIDP(ctx, userAgg, externalIDP)
|
2021-02-08 10:30:30 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, event)
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
|
2021-01-06 10:12:56 +00:00
|
|
|
if human.IsInitialState() {
|
|
|
|
initCode, err := domain.NewInitUserCode(r.initializeUserCode)
|
|
|
|
if err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry))
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
|
2021-01-04 13:52:13 +00:00
|
|
|
if human.Email != nil && human.EmailAddress != "" && human.IsEmailVerified {
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, user.NewHumanEmailVerifiedEvent(ctx, userAgg))
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
|
2021-01-06 10:12:56 +00:00
|
|
|
if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified {
|
|
|
|
phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode)
|
|
|
|
if err != nil {
|
2021-01-08 10:33:45 +00:00
|
|
|
return nil, nil, err
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry))
|
2021-01-06 10:12:56 +00:00
|
|
|
} else if human.Phone != nil && human.PhoneNumber != "" && human.IsPhoneVerified {
|
2021-02-18 13:48:27 +00:00
|
|
|
events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
return events, addedHuman, nil
|
2021-01-04 13:52:13 +00:00
|
|
|
}
|
2021-01-06 10:12:56 +00:00
|
|
|
|
2021-02-08 10:30:30 +00:00
|
|
|
func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) {
|
2021-01-15 08:32:59 +00:00
|
|
|
if userID == "" {
|
2021-02-08 10:30:30 +00:00
|
|
|
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing")
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
|
2021-02-08 10:30:30 +00:00
|
|
|
existingHuman, err := r.getHumanWriteModelByID(ctx, userID, resourceowner)
|
2021-01-06 10:12:56 +00:00
|
|
|
if err != nil {
|
2021-01-15 08:32:59 +00:00
|
|
|
return err
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
if !isUserStateExists(existingHuman.UserState) {
|
2021-02-08 10:30:30 +00:00
|
|
|
return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound")
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
|
|
|
|
_, err = r.eventstore.PushEvents(ctx,
|
|
|
|
user.NewHumanMFAInitSkippedEvent(ctx, UserAggregateFromWriteModel(&existingHuman.WriteModel)))
|
|
|
|
return err
|
2021-01-15 08:32:59 +00:00
|
|
|
}
|
2021-01-06 10:12:56 +00:00
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
///TODO: adlerhurst maybe we can simplify createAddHumanEvent and createRegisterHumanEvent
|
|
|
|
func createAddHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanAddedEvent {
|
2021-01-15 08:32:59 +00:00
|
|
|
addEvent := user.NewHumanAddedEvent(
|
2021-01-06 10:12:56 +00:00
|
|
|
ctx,
|
2021-02-18 13:48:27 +00:00
|
|
|
aggregate,
|
2021-01-21 09:49:38 +00:00
|
|
|
human.Username,
|
2021-01-06 10:12:56 +00:00
|
|
|
human.FirstName,
|
|
|
|
human.LastName,
|
|
|
|
human.NickName,
|
|
|
|
human.DisplayName,
|
|
|
|
human.PreferredLanguage,
|
|
|
|
human.Gender,
|
|
|
|
human.EmailAddress,
|
2021-01-21 09:49:38 +00:00
|
|
|
userLoginMustBeDomain,
|
2021-01-06 10:12:56 +00:00
|
|
|
)
|
|
|
|
if human.Phone != nil {
|
|
|
|
addEvent.AddPhoneData(human.PhoneNumber)
|
|
|
|
}
|
|
|
|
if human.Address != nil {
|
|
|
|
addEvent.AddAddressData(
|
|
|
|
human.Country,
|
|
|
|
human.Locality,
|
|
|
|
human.PostalCode,
|
|
|
|
human.Region,
|
|
|
|
human.StreetAddress)
|
|
|
|
}
|
|
|
|
if human.Password != nil {
|
|
|
|
addEvent.AddPasswordData(human.SecretCrypto, human.ChangeRequired)
|
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
return addEvent
|
|
|
|
}
|
2021-01-06 10:12:56 +00:00
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
func createRegisterHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanRegisteredEvent {
|
2021-01-15 08:32:59 +00:00
|
|
|
addEvent := user.NewHumanRegisteredEvent(
|
|
|
|
ctx,
|
2021-02-18 13:48:27 +00:00
|
|
|
aggregate,
|
2021-01-21 09:49:38 +00:00
|
|
|
human.Username,
|
2021-01-15 08:32:59 +00:00
|
|
|
human.FirstName,
|
|
|
|
human.LastName,
|
|
|
|
human.NickName,
|
|
|
|
human.DisplayName,
|
|
|
|
human.PreferredLanguage,
|
|
|
|
human.Gender,
|
|
|
|
human.EmailAddress,
|
2021-01-21 09:49:38 +00:00
|
|
|
userLoginMustBeDomain,
|
2021-01-15 08:32:59 +00:00
|
|
|
)
|
|
|
|
if human.Phone != nil {
|
|
|
|
addEvent.AddPhoneData(human.PhoneNumber)
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
if human.Address != nil {
|
|
|
|
addEvent.AddAddressData(
|
|
|
|
human.Country,
|
|
|
|
human.Locality,
|
|
|
|
human.PostalCode,
|
|
|
|
human.Region,
|
|
|
|
human.StreetAddress)
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
if human.Password != nil {
|
|
|
|
addEvent.AddPasswordData(human.SecretCrypto, human.ChangeRequired)
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
return addEvent
|
2021-01-06 10:12:56 +00:00
|
|
|
}
|
2021-01-07 15:06:45 +00:00
|
|
|
|
2021-02-08 10:30:30 +00:00
|
|
|
func (r *CommandSide) HumansSignOut(ctx context.Context, agentID string, userIDs []string) error {
|
|
|
|
if agentID == "" {
|
|
|
|
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
events := make([]eventstore.EventPusher, len(userIDs))
|
2021-02-08 10:30:30 +00:00
|
|
|
for i, userID := range userIDs {
|
|
|
|
existingUser, err := r.getHumanWriteModelByID(ctx, userID, "")
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
if !isUserStateExists(existingUser.UserState) {
|
2021-02-08 10:30:30 +00:00
|
|
|
continue
|
|
|
|
}
|
2021-02-18 13:48:27 +00:00
|
|
|
events[i] = user.NewHumanSignedOutEvent(
|
|
|
|
ctx,
|
|
|
|
UserAggregateFromWriteModel(&existingUser.WriteModel),
|
|
|
|
agentID)
|
2021-02-08 10:30:30 +00:00
|
|
|
}
|
|
|
|
|
2021-02-18 13:48:27 +00:00
|
|
|
_, err := r.eventstore.PushEvents(ctx, events...)
|
2021-02-08 10:30:30 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-01-15 08:32:59 +00:00
|
|
|
func (r *CommandSide) getHumanWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanWriteModel, error) {
|
|
|
|
humanWriteModel := NewHumanWriteModel(userID, resourceowner)
|
|
|
|
err := r.eventstore.FilterToQueryReducer(ctx, humanWriteModel)
|
2021-01-07 15:06:45 +00:00
|
|
|
if err != nil {
|
2021-01-15 08:32:59 +00:00
|
|
|
return nil, err
|
2021-01-07 15:06:45 +00:00
|
|
|
}
|
2021-01-15 08:32:59 +00:00
|
|
|
return humanWriteModel, nil
|
2021-01-07 15:06:45 +00:00
|
|
|
}
|