zitadel/internal/command/instance_policy_domain.go

package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command/preparation"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/instance"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
	"github.com/zitadel/zitadel/internal/zerrors"
)

func (c *Commands) AddDefaultDomainPolicy(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (*domain.ObjectDetails, error) {
	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddDefaultDomainPolicy(instanceAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain))
	if err != nil {
		return nil, err
	}
	pushedEvents, err := c.eventstore.Push(ctx, cmds...)
	if err != nil {
		return nil, err
	}
	return pushedEventsToObjectDetails(pushedEvents), nil
}

func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (*domain.ObjectDetails, error) {
	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareChangeDefaultDomainPolicy(instanceAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain))
	if err != nil {
		return nil, err
	}
	pushedEvents, err := c.eventstore.Push(ctx, cmds...)
	if err != nil {
		return nil, err
	}
	// returning the values of the first event as this is the one from the instance
	return &domain.ObjectDetails{
		Sequence:      pushedEvents[0].Sequence(),
		EventDate:     pushedEvents[0].CreatedAt(),
		ResourceOwner: pushedEvents[0].Aggregate().ResourceOwner,
	}, nil
}

func (c *Commands) getDefaultDomainPolicy(ctx context.Context) (*domain.DomainPolicy, error) {
	policyWriteModel, err := c.instanceDomainPolicyWriteModel(ctx)
	if err != nil {
		return nil, err
	}
	if !policyWriteModel.State.Exists() {
		return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-3n8fs", "Errors.IAM.PasswordComplexityPolicy.NotFound")
	}
	policy := writeModelToDomainPolicy(policyWriteModel)
	policy.Default = true
	return policy, nil
}

func (c *Commands) instanceDomainPolicyWriteModel(ctx context.Context) (policy *InstanceDomainPolicyWriteModel, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()

	writeModel := NewInstanceDomainPolicyWriteModel(ctx)
	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
	if err != nil {
		return nil, err
	}
	return writeModel, nil
}

func prepareAddDefaultDomainPolicy(
	a *instance.Aggregate,
	userLoginMustBeDomain,
	validateOrgDomains,
	smtpSenderAddressMatchesInstanceDomain bool,
) preparation.Validation {
	return func() (preparation.CreateCommands, error) {
		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
			writeModel, err := instanceDomainPolicy(ctx, filter)
			if err != nil {
				return nil, err
			}
			if writeModel.State == domain.PolicyStateActive {
				return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.DomainPolicy.AlreadyExists")
			}
			return []eventstore.Command{
				instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate,
					userLoginMustBeDomain,
					validateOrgDomains,
					smtpSenderAddressMatchesInstanceDomain,
				),
			}, nil
		}, nil
	}
}

func prepareChangeDefaultDomainPolicy(
	a *instance.Aggregate,
	userLoginMustBeDomain,
	validateOrgDomains,
	smtpSenderAddressMatchesInstanceDomain bool,
) preparation.Validation {
	return func() (preparation.CreateCommands, error) {
		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
			writeModel, err := instanceDomainPolicy(ctx, filter)
			if err != nil {
				return nil, err
			}
			if !writeModel.State.Exists() {
				return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0Pl0d", "Errors.Instance.DomainPolicy.NotFound")
			}
			changedEvent, usernameChange, err := writeModel.NewChangedEvent(ctx, &a.Aggregate,
				userLoginMustBeDomain,
				validateOrgDomains,
				smtpSenderAddressMatchesInstanceDomain,
			)
			if err != nil {
				return nil, err
			}
			cmds := []eventstore.Command{changedEvent}
			// if the UserLoginMustBeDomain has not changed, no further changes are needed
			if !usernameChange {
				return cmds, err
			}
			// get all organisations without a custom domain policy
			orgsWriteModel, err := domainPolicyOrgs(ctx, filter)
			if err != nil {
				return nil, err
			}
			// loop over all found organisations to get their usernames
			// and to compute the username changed events
			for _, orgID := range orgsWriteModel.OrgIDs {
				usersWriteModel, err := domainPolicyUsernames(ctx, filter, orgID)
				if err != nil {
					return nil, err
				}
				cmds = append(cmds, usersWriteModel.NewUsernameChangedEvents(ctx, userLoginMustBeDomain)...)
			}
			return cmds, nil
		}, nil
	}
}
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`package command`

			`import (`
			`"context"`

fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/command/preparation"`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`"github.com/zitadel/zitadel/internal/repository/instance"`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`"github.com/zitadel/zitadel/internal/zerrors"`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`)`

fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`func (c Commands) AddDefaultDomainPolicy(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (domain.ObjectDetails, error) {`
			`instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())`
			`cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddDefaultDomainPolicy(instanceAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain))`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`pushedEvents, err := c.eventstore.Push(ctx, cmds...)`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`return pushedEventsToObjectDetails(pushedEvents), nil`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`}`

fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`func (c Commands) ChangeDefaultDomainPolicy(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (domain.ObjectDetails, error) {`
			`instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())`
			`cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareChangeDefaultDomainPolicy(instanceAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain))`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`pushedEvents, err := c.eventstore.Push(ctx, cmds...)`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`// returning the values of the first event as this is the one from the instance`
			`return &domain.ObjectDetails{`
			`Sequence: pushedEvents[0].Sequence(),`
feat(eventstore): increase parallel write capabilities (#5940) This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events. 2023-10-19 10:19:10 +00:00			`EventDate: pushedEvents[0].CreatedAt(),`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`ResourceOwner: pushedEvents[0].Aggregate().ResourceOwner,`
			`}, nil`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`}`

			`func (c Commands) getDefaultDomainPolicy(ctx context.Context) (domain.DomainPolicy, error) {`
feat: user service v2 create, update and remove (#6996) * feat: user service v2 remove user * feat: user service v2 add user human * feat: user service v2 change user human * feat: user service v2 change user human unit tests * feat: user service v2 reactivate, deactivate, lock, unlock user * feat: user service v2 integration tests * fix: merge back origin/main * lint: linter corrections * fix: move permission check for isVerfied and password change * fix: add deprecated notices and other review comments * fix: consistent naming in proto * fix: errors package renaming * fix: remove / delete user renaming in integration test * fix: machine user status changes through user v2 api * fix: linting changes * fix: linting changes * fix: changes from review * fix: changes from review * fix: changes from review * fix: changes from review * fix: changes from review --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-21 09:03:37 +00:00			`policyWriteModel, err := c.instanceDomainPolicyWriteModel(ctx)`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if !policyWriteModel.State.Exists() {`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-3n8fs", "Errors.IAM.PasswordComplexityPolicy.NotFound")`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`}`
			`policy := writeModelToDomainPolicy(policyWriteModel)`
			`policy.Default = true`
			`return policy, nil`
			`}`

feat: user service v2 create, update and remove (#6996) * feat: user service v2 remove user * feat: user service v2 add user human * feat: user service v2 change user human * feat: user service v2 change user human unit tests * feat: user service v2 reactivate, deactivate, lock, unlock user * feat: user service v2 integration tests * fix: merge back origin/main * lint: linter corrections * fix: move permission check for isVerfied and password change * fix: add deprecated notices and other review comments * fix: consistent naming in proto * fix: errors package renaming * fix: remove / delete user renaming in integration test * fix: machine user status changes through user v2 api * fix: linting changes * fix: linting changes * fix: changes from review * fix: changes from review * fix: changes from review * fix: changes from review * fix: changes from review --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-21 09:03:37 +00:00			`func (c Commands) instanceDomainPolicyWriteModel(ctx context.Context) (policy InstanceDomainPolicyWriteModel, err error) {`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`

feat: Instance commands (#3385) * fix: add events for domain * fix: add/remove domain command side * fix: add/remove domain command side * fix: add/remove domain query side * fix: create instance * fix: merge v2 * fix: instance domain * fix: instance domain * fix: instance domain * fix: instance domain * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from api * fix: remove domain.IAMID * fix: remove domain.IAMID * fix: add instance domain queries * fix: fix after merge * Update auth_request.go * fix keypair * remove unused code * feat: read instance id from context * feat: remove unused code * feat: use instance id from context * some fixes Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-04-05 05:58:09 +00:00			`writeModel := NewInstanceDomainPolicyWriteModel(ctx)`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`err = c.eventstore.FilterToQueryReducer(ctx, writeModel)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return writeModel, nil`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00
			`func prepareAddDefaultDomainPolicy(`
			`a *instance.Aggregate,`
			`userLoginMustBeDomain,`
			`validateOrgDomains,`
			`smtpSenderAddressMatchesInstanceDomain bool,`
			`) preparation.Validation {`
			`return func() (preparation.CreateCommands, error) {`
			`return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`writeModel, err := instanceDomainPolicy(ctx, filter)`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if writeModel.State == domain.PolicyStateActive {`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.DomainPolicy.AlreadyExists")`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`}`
			`return []eventstore.Command{`
			`instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate,`
			`userLoginMustBeDomain,`
			`validateOrgDomains,`
			`smtpSenderAddressMatchesInstanceDomain,`
			`),`
			`}, nil`
			`}, nil`
			`}`
			`}`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00
			`func prepareChangeDefaultDomainPolicy(`
			`a *instance.Aggregate,`
			`userLoginMustBeDomain,`
			`validateOrgDomains,`
			`smtpSenderAddressMatchesInstanceDomain bool,`
			`) preparation.Validation {`
			`return func() (preparation.CreateCommands, error) {`
			`return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {`
			`writeModel, err := instanceDomainPolicy(ctx, filter)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if !writeModel.State.Exists() {`
refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0Pl0d", "Errors.Instance.DomainPolicy.NotFound")`
fix: handle UserLoginMustBeDomain changes correctly (#4765) * fix: handle UserLoginMustBeDomain changes correctly * fix: remove verified domains (and not only primary) as suffix * fix: ensure testability by changing map to slice * cleanup * reduce complexity of DomainPolicyUsernamesWriteModel.Reduce() * add test for removed org policy 2022-12-06 08:01:31 +00:00			`}`
			`changedEvent, usernameChange, err := writeModel.NewChangedEvent(ctx, &a.Aggregate,`
			`userLoginMustBeDomain,`
			`validateOrgDomains,`
			`smtpSenderAddressMatchesInstanceDomain,`
			`)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cmds := []eventstore.Command{changedEvent}`
			`// if the UserLoginMustBeDomain has not changed, no further changes are needed`
			`if !usernameChange {`
			`return cmds, err`
			`}`
			`// get all organisations without a custom domain policy`
			`orgsWriteModel, err := domainPolicyOrgs(ctx, filter)`
			`if err != nil {`
			`return nil, err`
			`}`
			`// loop over all found organisations to get their usernames`
			`// and to compute the username changed events`
			`for _, orgID := range orgsWriteModel.OrgIDs {`
			`usersWriteModel, err := domainPolicyUsernames(ctx, filter, orgID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cmds = append(cmds, usersWriteModel.NewUsernameChangedEvents(ctx, userLoginMustBeDomain)...)`
			`}`
			`return cmds, nil`
			`}, nil`
			`}`
			`}`