2020-05-18 10:06:36 +00:00
|
|
|
package handler
|
|
|
|
|
|
|
|
|
|
import (
|
2020-06-16 09:40:18 +00:00
|
|
|
"context"
|
2023-12-14 10:07:47 +00:00
|
|
|
"time"
|
2022-01-21 07:52:12 +00:00
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view"
|
2024-05-22 15:26:02 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2023-10-19 10:19:10 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
2022-04-26 23:01:45 +00:00
|
|
|
query2 "github.com/zitadel/zitadel/internal/query"
|
2022-10-26 13:06:48 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
|
|
|
user_repo "github.com/zitadel/zitadel/internal/repository/user"
|
|
|
|
|
view_model "github.com/zitadel/zitadel/internal/user/repository/view/model"
|
2023-12-08 14:30:55 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2020-05-18 10:06:36 +00:00
|
|
|
)
|
|
|
|
|
|
2020-12-18 15:47:45 +00:00
|
|
|
const (
|
2024-05-22 15:26:02 +00:00
|
|
|
userTable = "auth.users3"
|
2020-12-18 15:47:45 +00:00
|
|
|
)
|
|
|
|
|
|
2020-05-18 10:06:36 +00:00
|
|
|
type User struct {
|
2023-10-19 10:19:10 +00:00
|
|
|
view *auth_view.View
|
|
|
|
|
queries *query2.Queries
|
|
|
|
|
es handler.EventStore
|
2020-05-18 10:06:36 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
var _ handler.Projection = (*User)(nil)
|
|
|
|
|
|
2020-12-18 15:47:45 +00:00
|
|
|
func newUser(
|
2022-11-22 06:36:48 +00:00
|
|
|
ctx context.Context,
|
2023-10-19 10:19:10 +00:00
|
|
|
config handler.Config,
|
|
|
|
|
view *auth_view.View,
|
2022-01-21 07:52:12 +00:00
|
|
|
queries *query2.Queries,
|
2023-10-19 10:19:10 +00:00
|
|
|
) *handler.Handler {
|
|
|
|
|
return handler.NewHandler(
|
|
|
|
|
ctx,
|
|
|
|
|
&config,
|
|
|
|
|
&User{
|
|
|
|
|
view: view,
|
|
|
|
|
queries: queries,
|
|
|
|
|
es: config.Eventstore,
|
|
|
|
|
},
|
|
|
|
|
)
|
2020-12-18 15:47:45 +00:00
|
|
|
}
|
2020-05-18 10:06:36 +00:00
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
func (*User) Name() string {
|
2020-05-18 10:06:36 +00:00
|
|
|
return userTable
|
|
|
|
|
}
|
2023-10-19 10:19:10 +00:00
|
|
|
func (u *User) Reducers() []handler.AggregateReducer {
|
|
|
|
|
return []handler.AggregateReducer{
|
|
|
|
|
{
|
|
|
|
|
Aggregate: user_repo.AggregateType,
|
|
|
|
|
EventReducers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanOTPSMSRemovedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanOTPEmailRemovedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanAddedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1AddedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1RegisteredType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanRegisteredType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1PhoneRemovedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1MFAOTPVerifiedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1MFAInitSkippedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1PasswordChangedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanPhoneRemovedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanMFAOTPVerifiedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanU2FTokenVerifiedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanMFAInitSkippedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanPasswordChangedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanInitialCodeAddedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1InitialCodeAddedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserV1InitializedCheckSucceededType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanInitializedCheckSucceededType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanPasswordlessInitCodeAddedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.HumanPasswordlessInitCodeRequestedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user_repo.UserRemovedType,
|
|
|
|
|
Reduce: u.ProcessUser,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Aggregate: org.AggregateType,
|
|
|
|
|
EventReducers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: org.OrgRemovedEventType,
|
|
|
|
|
Reduce: u.ProcessOrg,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Aggregate: instance.AggregateType,
|
|
|
|
|
EventReducers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: instance.InstanceRemovedEventType,
|
|
|
|
|
Reduce: u.ProcessInstance,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2020-06-16 09:40:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
//nolint:gocognit
|
|
|
|
|
func (u *User) ProcessUser(event eventstore.Event) (_ *handler.Statement, err error) {
|
2024-05-22 15:26:02 +00:00
|
|
|
// in case anything needs to be change here check if appendEvent function needs the change as well
|
|
|
|
|
switch event.Type() {
|
|
|
|
|
case user_repo.UserV1AddedType,
|
|
|
|
|
user_repo.HumanAddedType:
|
|
|
|
|
e, ok := event.(*user_repo.HumanAddedEvent)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, zerrors.ThrowInvalidArgumentf(nil, "MODEL-SDAGF", "reduce.wrong.event.type %s", user_repo.HumanAddedType)
|
|
|
|
|
}
|
|
|
|
|
return u.setPasswordData(event, e.Secret, e.EncodedHash), nil
|
|
|
|
|
case user_repo.UserV1RegisteredType,
|
|
|
|
|
user_repo.HumanRegisteredType:
|
|
|
|
|
e, ok := event.(*user_repo.HumanRegisteredEvent)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, zerrors.ThrowInvalidArgumentf(nil, "MODEL-AS1hz", "reduce.wrong.event.type %s", user_repo.HumanRegisteredType)
|
2020-08-18 06:57:16 +00:00
|
|
|
}
|
2024-05-22 15:26:02 +00:00
|
|
|
return u.setPasswordData(event, e.Secret, e.EncodedHash), nil
|
|
|
|
|
case user_repo.UserV1PasswordChangedType,
|
|
|
|
|
user_repo.HumanPasswordChangedType:
|
|
|
|
|
e, ok := event.(*user_repo.HumanPasswordChangedEvent)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, zerrors.ThrowInvalidArgumentf(nil, "MODEL-Gd31w", "reduce.wrong.event.type %s", user_repo.HumanPasswordChangedType)
|
2020-08-18 06:57:16 +00:00
|
|
|
}
|
2024-05-22 15:26:02 +00:00
|
|
|
return u.setPasswordData(event, e.Secret, e.EncodedHash), nil
|
|
|
|
|
case user_repo.UserV1PhoneRemovedType,
|
|
|
|
|
user_repo.HumanPhoneRemovedType,
|
|
|
|
|
user_repo.UserV1MFAOTPVerifiedType,
|
|
|
|
|
user_repo.HumanMFAOTPVerifiedType,
|
|
|
|
|
user_repo.HumanOTPSMSRemovedType,
|
|
|
|
|
user_repo.HumanOTPEmailRemovedType,
|
|
|
|
|
user_repo.HumanU2FTokenVerifiedType:
|
|
|
|
|
return handler.NewUpdateStatement(event,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyMFAInitSkipped, time.Time{}),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
}), nil
|
|
|
|
|
case user_repo.UserV1MFAInitSkippedType,
|
|
|
|
|
user_repo.HumanMFAInitSkippedType:
|
|
|
|
|
return handler.NewUpdateStatement(event,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyMFAInitSkipped, event.CreatedAt()),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
}), nil
|
|
|
|
|
case user_repo.UserV1InitialCodeAddedType,
|
|
|
|
|
user_repo.HumanInitialCodeAddedType:
|
|
|
|
|
return handler.NewUpdateStatement(event,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyInitRequired, true),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
}), nil
|
|
|
|
|
case user_repo.UserV1InitializedCheckSucceededType,
|
|
|
|
|
user_repo.HumanInitializedCheckSucceededType:
|
|
|
|
|
return handler.NewUpdateStatement(event,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyInitRequired, false),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
}), nil
|
|
|
|
|
case user_repo.HumanPasswordlessInitCodeAddedType,
|
|
|
|
|
user_repo.HumanPasswordlessInitCodeRequestedType:
|
|
|
|
|
return handler.NewUpdateStatement(event,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyPasswordlessInitRequired, true),
|
|
|
|
|
handler.NewCol(view_model.UserKeyPasswordInitRequired, false),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyPasswordSet, false),
|
|
|
|
|
}), nil
|
|
|
|
|
case user_repo.UserRemovedType:
|
|
|
|
|
return handler.NewDeleteStatement(event,
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
}), nil
|
|
|
|
|
default:
|
|
|
|
|
return handler.NewNoOpStatement(event), nil
|
|
|
|
|
}
|
2020-06-16 09:40:18 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-22 15:26:02 +00:00
|
|
|
func (u *User) setPasswordData(event eventstore.Event, secret *crypto.CryptoValue, hash string) *handler.Statement {
|
|
|
|
|
set := secret != nil || hash != ""
|
|
|
|
|
columns := []handler.Column{
|
|
|
|
|
handler.NewCol(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCol(view_model.UserKeyUserID, event.Aggregate().ID),
|
|
|
|
|
handler.NewCol(view_model.UserKeyResourceOwner, event.Aggregate().ResourceOwner),
|
|
|
|
|
handler.NewCol(view_model.UserKeyChangeDate, event.CreatedAt()),
|
|
|
|
|
handler.NewCol(view_model.UserKeyPasswordSet, set),
|
|
|
|
|
handler.NewCol(view_model.UserKeyPasswordInitRequired, !set),
|
|
|
|
|
handler.NewCol(view_model.UserKeyPasswordChange, event.CreatedAt()),
|
2020-06-16 09:40:18 +00:00
|
|
|
}
|
2024-05-22 15:26:02 +00:00
|
|
|
return handler.NewUpsertStatement(event, columns[0:2], columns)
|
2020-06-16 09:40:18 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
func (u *User) ProcessOrg(event eventstore.Event) (_ *handler.Statement, err error) {
|
2024-05-22 15:26:02 +00:00
|
|
|
// in case anything needs to be change here check if appendEvent function needs the change as well
|
|
|
|
|
switch event.Type() {
|
|
|
|
|
case org.OrgRemovedEventType:
|
|
|
|
|
return handler.NewDeleteStatement(event,
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(view_model.UserKeyResourceOwner, event.Aggregate().ID),
|
|
|
|
|
},
|
|
|
|
|
), nil
|
|
|
|
|
default:
|
|
|
|
|
return handler.NewNoOpStatement(event), nil
|
|
|
|
|
}
|
2020-06-16 09:40:18 +00:00
|
|
|
}
|
2020-06-17 05:25:04 +00:00
|
|
|
|
2023-10-19 10:19:10 +00:00
|
|
|
func (u *User) ProcessInstance(event eventstore.Event) (_ *handler.Statement, err error) {
|
2024-05-22 15:26:02 +00:00
|
|
|
// in case anything needs to be change here check if appendEvent function needs the change as well
|
2023-10-19 10:19:10 +00:00
|
|
|
switch event.Type() {
|
2022-10-26 13:06:48 +00:00
|
|
|
case instance.InstanceRemovedEventType:
|
2024-05-22 15:26:02 +00:00
|
|
|
return handler.NewDeleteStatement(event,
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(view_model.UserKeyInstanceID, event.Aggregate().InstanceID),
|
2023-10-19 10:19:10 +00:00
|
|
|
},
|
|
|
|
|
), nil
|
2022-10-26 13:06:48 +00:00
|
|
|
default:
|
2023-10-19 10:19:10 +00:00
|
|
|
return handler.NewNoOpStatement(event), nil
|
2022-10-26 13:06:48 +00:00
|
|
|
}
|
|
|
|
|
}
|
