zitadel/internal/domain/org_domain.go

package domain

import (
	"regexp"
	"strings"

	http_util "github.com/zitadel/zitadel/internal/api/http"
	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
	"github.com/zitadel/zitadel/internal/zerrors"
)

type OrgDomain struct {
	models.ObjectRoot

	Domain         string
	Primary        bool
	Verified       bool
	ValidationType OrgDomainValidationType
	ValidationCode *crypto.CryptoValue
}

func (domain *OrgDomain) IsValid() bool {
	return domain.Domain != ""
}

func (domain *OrgDomain) GenerateVerificationCode(codeGenerator crypto.Generator) (string, error) {
	validationCodeCrypto, validationCode, err := crypto.NewCode(codeGenerator)
	if err != nil {
		return "", err
	}
	domain.ValidationCode = validationCodeCrypto
	return validationCode, nil
}

func NewIAMDomainName(orgName, iamDomain string) (string, error) {
	// Reference: label domain requirements https://www.nic.ad.jp/timeline/en/20th/appendix1.html

	// Replaces spaces in org name with hyphens
	label := strings.ReplaceAll(orgName, " ", "-")

	// The label must only contains alphanumeric characters and hyphens
	// Invalid characters are replaced with and empty space but as #6471,
	// as these domains are not used to host ZITADEL, but only for user names,
	// the characters shouldn't matter that much so we'll accept unicode
	// characters, accented characters (\p{L}\p{M}), numbers and hyphens.
	label = string(regexp.MustCompile(`[^\p{L}\p{M}0-9-]`).ReplaceAll([]byte(label), []byte("")))

	// The label cannot exceed 63 characters
	if len(label) > 63 {
		label = label[:63]
	}

	// The total length of the resulting domain can't exceed 253 characters
	domain := label + "." + iamDomain
	if len(domain) > 253 {
		truncateNChars := len(domain) - 253
		label = label[:len(label)-truncateNChars]
	}

	// Label (maybe truncated) can't start with a hyphen
	if len(label) > 0 && label[0:1] == "-" {
		label = label[1:]
	}

	// Label (maybe truncated) can't end with a hyphen
	if len(label) > 0 && label[len(label)-1:] == "-" {
		label = label[:len(label)-1]
	}

	// Empty string should be invalid
	if len(label) > 0 {
		return strings.ToLower(label + "." + iamDomain), nil
	}

	return "", zerrors.ThrowInvalidArgument(nil, "ORG-RrfXY", "Errors.Org.Domain.EmptyString")
}

type OrgDomainValidationType int32

const (
	OrgDomainValidationTypeUnspecified OrgDomainValidationType = iota
	OrgDomainValidationTypeHTTP
	OrgDomainValidationTypeDNS
)

func (t OrgDomainValidationType) CheckType() (http_util.CheckType, bool) {
	switch t {
	case OrgDomainValidationTypeHTTP:
		return http_util.CheckTypeHTTP, true
	case OrgDomainValidationTypeDNS:
		return http_util.CheckTypeDNS, true
	default:
		return -1, false
	}
}

type OrgDomainState int32

const (
	OrgDomainStateUnspecified OrgDomainState = iota
	OrgDomainStateActive
	OrgDomainStateRemoved

	orgDomainStateCount
)

func (f OrgDomainState) Valid() bool {
	return f >= 0 && f < orgDomainStateCount
}
feat: set up org (#1157) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes 2021-01-08 10:33:45 +00:00			`package domain`

			`import (`
fix: sanitize primary domain for orgs (#6125) * fix: sanitize primary domain for orgs * fix: add @stebenz requested changes --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-18 12:42:57 +00:00			`"regexp"`
feat: custom domain feature (#1618) * fix: custom domain * fix: custom domain * fix: custom domain * fix: custom domain feature in proto * fix: remove custom domains on feature downgrade * fix test * fix: custom domain feature in proto * ensure tests work Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2021-04-19 14:43:36 +00:00			`"strings"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`http_util "github.com/zitadel/zitadel/internal/api/http"`
			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/eventstore/v1/models"`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`"github.com/zitadel/zitadel/internal/zerrors"`
feat: set up org (#1157) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes 2021-01-08 10:33:45 +00:00			`)`

			`type OrgDomain struct {`
			`models.ObjectRoot`

			`Domain string`
			`Primary bool`
			`Verified bool`
			`ValidationType OrgDomainValidationType`
			`ValidationCode *crypto.CryptoValue`
			`}`

feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`func (domain *OrgDomain) IsValid() bool {`
feat: new es testing2 (#1428) * fix: org tests * fix: org tests * fix: user grant test * fix: user grant test * fix: project and project role test * fix: project grant test * fix: project grant test * fix: project member, grant member, app changed tests * fix: application tests * fix: application tests * fix: add oidc app test * fix: add oidc app test * fix: add api keys test * fix: iam policies * fix: iam and org member tests * fix: idp config tests * fix: iam tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: org domain test * fix: org tests * fix: org tests * fix: implement org idps * fix: pr requests * fix: email tests * fix: fix idp check * fix: fix user profile 2021-03-19 10:12:56 +00:00			`return domain.Domain != ""`
feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`}`

			`func (domain *OrgDomain) GenerateVerificationCode(codeGenerator crypto.Generator) (string, error) {`
			`validationCodeCrypto, validationCode, err := crypto.NewCode(codeGenerator)`
			`if err != nil {`
			`return "", err`
			`}`
			`domain.ValidationCode = validationCodeCrypto`
			`return validationCode, nil`
			`}`

fix: allow unicode characters in org domains (#6675) Co-authored-by: Elio Bischof <eliobischof@gmail.com> 2023-10-11 07:55:01 +00:00			`func NewIAMDomainName(orgName, iamDomain string) (string, error) {`
fix: sanitize primary domain for orgs (#6125) * fix: sanitize primary domain for orgs * fix: add @stebenz requested changes --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-18 12:42:57 +00:00			`// Reference: label domain requirements https://www.nic.ad.jp/timeline/en/20th/appendix1.html`

			`// Replaces spaces in org name with hyphens`
			`label := strings.ReplaceAll(orgName, " ", "-")`

			`// The label must only contains alphanumeric characters and hyphens`
fix: allow unicode characters in org domains (#6675) Co-authored-by: Elio Bischof <eliobischof@gmail.com> 2023-10-11 07:55:01 +00:00			`// Invalid characters are replaced with and empty space but as #6471,`
			`// as these domains are not used to host ZITADEL, but only for user names,`
			`// the characters shouldn't matter that much so we'll accept unicode`
			`// characters, accented characters (\p{L}\p{M}), numbers and hyphens.`
			label = string(regexp.MustCompile(`[^\p{L}\p{M}0-9-]`).ReplaceAll([]byte(label), []byte("")))
fix: sanitize primary domain for orgs (#6125) * fix: sanitize primary domain for orgs * fix: add @stebenz requested changes --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-18 12:42:57 +00:00
			`// The label cannot exceed 63 characters`
			`if len(label) > 63 {`
			`label = label[:63]`
			`}`

			`// The total length of the resulting domain can't exceed 253 characters`
			`domain := label + "." + iamDomain`
			`if len(domain) > 253 {`
			`truncateNChars := len(domain) - 253`
			`label = label[:len(label)-truncateNChars]`
			`}`

			`// Label (maybe truncated) can't start with a hyphen`
			`if len(label) > 0 && label[0:1] == "-" {`
			`label = label[1:]`
			`}`

			`// Label (maybe truncated) can't end with a hyphen`
			`if len(label) > 0 && label[len(label)-1:] == "-" {`
			`label = label[:len(label)-1]`
			`}`

fix: allow unicode characters in org domains (#6675) Co-authored-by: Elio Bischof <eliobischof@gmail.com> 2023-10-11 07:55:01 +00:00			`// Empty string should be invalid`
			`if len(label) > 0 {`
			`return strings.ToLower(label + "." + iamDomain), nil`
			`}`

refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`return "", zerrors.ThrowInvalidArgument(nil, "ORG-RrfXY", "Errors.Org.Domain.EmptyString")`
feat: custom domain feature (#1618) * fix: custom domain * fix: custom domain * fix: custom domain * fix: custom domain feature in proto * fix: remove custom domains on feature downgrade * fix test * fix: custom domain feature in proto * ensure tests work Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2021-04-19 14:43:36 +00:00			`}`

feat: set up org (#1157) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes 2021-01-08 10:33:45 +00:00			`type OrgDomainValidationType int32`

			`const (`
			`OrgDomainValidationTypeUnspecified OrgDomainValidationType = iota`
			`OrgDomainValidationTypeHTTP`
			`OrgDomainValidationTypeDNS`
			`)`

feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`func (t OrgDomainValidationType) CheckType() (http_util.CheckType, bool) {`
			`switch t {`
			`case OrgDomainValidationTypeHTTP:`
			`return http_util.CheckTypeHTTP, true`
			`case OrgDomainValidationTypeDNS:`
			`return http_util.CheckTypeDNS, true`
			`default:`
			`return -1, false`
			`}`
			`}`

feat: set up org (#1157) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes 2021-01-08 10:33:45 +00:00			`type OrgDomainState int32`

			`const (`
			`OrgDomainStateUnspecified OrgDomainState = iota`
			`OrgDomainStateActive`
			`OrgDomainStateRemoved`

			`orgDomainStateCount`
			`)`

			`func (f OrgDomainState) Valid() bool {`
			`return f >= 0 && f < orgDomainStateCount`
			`}`