zitadel/internal/domain/human.go

package domain

import (
	"time"

	"github.com/zitadel/zitadel/internal/crypto"
	caos_errors "github.com/zitadel/zitadel/internal/errors"
	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
)

type HumanDetails struct {
	ID string
	ObjectDetails
}

type Human struct {
	es_models.ObjectRoot

	Username string
	State    UserState
	*Password
	*Profile
	*Email
	*Phone
	*Address
}

func (h Human) GetUsername() string {
	return h.Username
}

func (h Human) GetState() UserState {
	return h.State
}

type InitUserCode struct {
	es_models.ObjectRoot

	Code   *crypto.CryptoValue
	Expiry time.Duration
}

type Gender int32

const (
	GenderUnspecified Gender = iota
	GenderFemale
	GenderMale
	GenderDiverse

	genderCount
)

func (f Gender) Valid() bool {
	return f >= 0 && f < genderCount
}

func (f Gender) Specified() bool {
	return f > GenderUnspecified && f < genderCount
}

func (u *Human) IsValid() bool {
	return u.Username != "" && u.Profile != nil && u.Profile.IsValid() && u.Email != nil && u.Email.IsValid() && u.Phone == nil || (u.Phone != nil && u.Phone.PhoneNumber != "" && u.Phone.IsValid())
}

func (u *Human) CheckDomainPolicy(policy *DomainPolicy) error {
	if policy == nil {
		return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.DomainPolicyNil")
	}
	if !policy.UserLoginMustBeDomain && u.Profile != nil && u.Username == "" && u.Email != nil {
		u.Username = u.EmailAddress
	}
	return nil
}

func (u *Human) SetNamesAsDisplayname() {
	if u.Profile != nil && u.DisplayName == "" && u.FirstName != "" && u.LastName != "" {
		u.DisplayName = u.FirstName + " " + u.LastName
	}
}

func (u *Human) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
	if u.Password != nil {
		u.Password.ChangeRequired = onetime
		return u.Password.HashPasswordIfExisting(policy, passwordAlg)
	}
	return nil
}

func (u *Human) IsInitialState(passwordless, externalIDPs bool) bool {
	return u.Email == nil || !u.IsEmailVerified || !externalIDPs && !passwordless && (u.Password == nil || u.SecretString == "")
}

func NewInitUserCode(generator crypto.Generator) (*InitUserCode, error) {
	initCodeCrypto, _, err := crypto.NewCode(generator)
	if err != nil {
		return nil, err
	}
	return &InitUserCode{
		Code:   initCodeCrypto,
		Expiry: generator.Expiry(),
	}, nil
}

func GenerateLoginName(username, domain string, appendDomain bool) string {
	if !appendDomain {
		return username
	}
	return username + "@" + domain
}
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`package domain`
feat: user events (#1062) * feat: user new eventstore * feat: rename query builder * feat: human events * feat: human events * feat: events * feat: phone events * feat: phone events * feat: profile, address events * feat: mfa, otp * feat: webauthn events * feat: webauthn events * feat: webauthn events * feat: enums * feat: new events * feat: user events * feat: domain events * feat: all v2 events * feat: all v1 events * feat: pkg structure * feat: change events * feat: better naming * feat: better naming 2020-12-10 15:18:52 +00:00
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`import (`
fix: import user, hide login name suffix (#1474) * fix: import user, and label policy command side * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc388494d6ec99b1db9e16d16c28ee9649) * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc388494d6ec99b1db9e16d16c28ee9649) * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc388494d6ec99b1db9e16d16c28ee9649) * fix: label policy events * loginname placeholder * fix: tests * fix: tests * Update internal/command/iam_policy_label_model.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-03-25 13:41:07 +00:00			`"time"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/crypto"`
			`caos_errors "github.com/zitadel/zitadel/internal/errors"`
			`es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`)`

fix: v2 human command (#3435) * add/register human command done * validations * crypto * move clientid * keys * fix: clientID * remove v2 package * tests * tests running * revert old code * instance domain from ctx * chore: rename zitadel app ids * comments * fix: test 2022-04-12 14:20:17 +00:00			`type HumanDetails struct {`
			`ID string`
			`ObjectDetails`
			`}`

fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`type Human struct {`
			`es_models.ObjectRoot`

feat: new user auth api (#1168) * fix: correct selectors for extended writemodel * fix: no previous checks in eventstore * start check previous * feat: auth user commands * feat: auth user commands * feat: auth user commands * feat: otp * feat: corrections from pr merge * feat: webauthn * feat: comment old webauthn * feat: refactor user, human, machine * feat: webauth command side * feat: command and query side in login * feat: fix user writemodel append events * fix: remove creation dates on command side * fix: remove previous sequence * previous sequence * fix: external idps * Update internal/api/grpc/management/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/user_human_email.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr changes * fix: phone verification Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-15 08:32:59 +00:00			`Username string`
			`State UserState`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`*Password`
			`*Profile`
			`*Email`
			`*Phone`
			`*Address`
			`}`

feat: new user auth api (#1168) * fix: correct selectors for extended writemodel * fix: no previous checks in eventstore * start check previous * feat: auth user commands * feat: auth user commands * feat: auth user commands * feat: otp * feat: corrections from pr merge * feat: webauthn * feat: comment old webauthn * feat: refactor user, human, machine * feat: webauth command side * feat: command and query side in login * feat: fix user writemodel append events * fix: remove creation dates on command side * fix: remove previous sequence * previous sequence * fix: external idps * Update internal/api/grpc/management/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/user_human_email.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr changes * fix: phone verification Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-15 08:32:59 +00:00			`func (h Human) GetUsername() string {`
			`return h.Username`
			`}`

			`func (h Human) GetState() UserState {`
			`return h.State`
			`}`

fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`type InitUserCode struct {`
			`es_models.ObjectRoot`

			`Code *crypto.CryptoValue`
			`Expiry time.Duration`
			`}`

feat: user events (#1062) * feat: user new eventstore * feat: rename query builder * feat: human events * feat: human events * feat: events * feat: phone events * feat: phone events * feat: profile, address events * feat: mfa, otp * feat: webauthn events * feat: webauthn events * feat: webauthn events * feat: enums * feat: new events * feat: user events * feat: domain events * feat: all v2 events * feat: all v1 events * feat: pkg structure * feat: change events * feat: better naming * feat: better naming 2020-12-10 15:18:52 +00:00			`type Gender int32`

			`const (`
			`GenderUnspecified Gender = iota`
			`GenderFemale`
			`GenderMale`
			`GenderDiverse`

			`genderCount`
			`)`

			`func (f Gender) Valid() bool {`
			`return f >= 0 && f < genderCount`
			`}`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00
fix(projections): add base users (#2733) * fix(projections): add base users * add user v1 events 2021-11-30 07:57:51 +00:00			`func (f Gender) Specified() bool {`
			`return f > GenderUnspecified && f < genderCount`
			`}`

fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`func (u *Human) IsValid() bool {`
fix: register user on org (#1614) * fix: user register * fix: user register translation * display suffix correctly * Update auth_request.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-04-19 10:43:17 +00:00			`return u.Username != "" && u.Profile != nil && u.Profile.IsValid() && u.Email != nil && u.Email.IsValid() && u.Phone == nil \|\| (u.Phone != nil && u.Phone.PhoneNumber != "" && u.Phone.IsValid())`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`

fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`func (u Human) CheckDomainPolicy(policy DomainPolicy) error {`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`if policy == nil {`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.DomainPolicyNil")`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`if !policy.UserLoginMustBeDomain && u.Profile != nil && u.Username == "" && u.Email != nil {`
			`u.Username = u.EmailAddress`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`
			`return nil`
			`}`

			`func (u *Human) SetNamesAsDisplayname() {`
			`if u.Profile != nil && u.DisplayName == "" && u.FirstName != "" && u.LastName != "" {`
			`u.DisplayName = u.FirstName + " " + u.LastName`
			`}`
			`}`

			`func (u Human) HashPasswordIfExisting(policy PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {`
			`if u.Password != nil {`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`u.Password.ChangeRequired = onetime`
			`return u.Password.HashPasswordIfExisting(policy, passwordAlg)`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`
			`return nil`
			`}`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 10:12:56 +00:00
fix: tos on external registration (#2164) * faet: add tos checkbox to external login * fix: add tos to external not found option * fix: add tos to external not found option * fix: show register external user overview * fix: no init user mail on external register * fix: custom login text * add missing custom text tests on org * add missing custom text tests on iam * fix: custom login text external registration overview tests * fix: back button on registration overview * fix: add texts, change register form * fix: external not found html * fix: remove form validation Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-08-11 11:50:03 +00:00			`func (u *Human) IsInitialState(passwordless, externalIDPs bool) bool {`
			`return u.Email == nil \|\| !u.IsEmailVerified \|\| !externalIDPs && !passwordless && (u.Password == nil \|\| u.SecretString == "")`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 10:12:56 +00:00			`}`

			`func NewInitUserCode(generator crypto.Generator) (*InitUserCode, error) {`
			`initCodeCrypto, _, err := crypto.NewCode(generator)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &InitUserCode{`
			`Code: initCodeCrypto,`
			`Expiry: generator.Expiry(),`
			`}, nil`
			`}`
feat: new user auth api (#1168) * fix: correct selectors for extended writemodel * fix: no previous checks in eventstore * start check previous * feat: auth user commands * feat: auth user commands * feat: auth user commands * feat: otp * feat: corrections from pr merge * feat: webauthn * feat: comment old webauthn * feat: refactor user, human, machine * feat: webauth command side * feat: command and query side in login * feat: fix user writemodel append events * fix: remove creation dates on command side * fix: remove previous sequence * previous sequence * fix: external idps * Update internal/api/grpc/management/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/user_human_email.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr changes * fix: phone verification Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-15 08:32:59 +00:00
			`func GenerateLoginName(username, domain string, appendDomain bool) string {`
			`if !appendDomain {`
			`return username`
			`}`
			`return username + "@" + domain`
			`}`