2023-02-15 09:14:59 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2025-03-18 15:23:12 +00:00
|
|
|
"crypto/x509"
|
2023-02-15 09:14:59 +01:00
|
|
|
"strings"
|
|
|
|
|
|
2023-09-29 11:26:14 +02:00
|
|
|
"github.com/zitadel/saml/pkg/provider/xml"
|
|
|
|
|
|
2023-02-15 09:14:59 +01:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/command/preparation"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2024-12-03 11:38:28 +01:00
|
|
|
"github.com/zitadel/zitadel/internal/idp/providers/saml"
|
2023-02-15 09:14:59 +01:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
2023-12-08 16:30:55 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2023-02-15 09:14:59 +01:00
|
|
|
)
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) AddInstanceGenericOAuthProvider(ctx context.Context, provider GenericOAuthProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewOAuthInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceOAuthProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGenericOAuthProvider(ctx context.Context, id string, provider GenericOAuthProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewOAuthInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceOAuthProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-27 16:32:18 +01:00
|
|
|
func (c *Commands) AddInstanceGenericOIDCProvider(ctx context.Context, provider GenericOIDCProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewOIDCInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceOIDCProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGenericOIDCProvider(ctx context.Context, id string, provider GenericOIDCProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewOIDCInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceOIDCProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-08 00:50:53 +02:00
|
|
|
func (c *Commands) MigrateInstanceGenericOIDCToAzureADProvider(ctx context.Context, id string, provider AzureADProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
return c.migrateInstanceGenericOIDC(ctx, id, provider)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) MigrateInstanceGenericOIDCToGoogleProvider(ctx context.Context, id string, provider GoogleProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
return c.migrateInstanceGenericOIDC(ctx, id, provider)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) migrateInstanceGenericOIDC(ctx context.Context, id string, provider interface{}) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewOIDCInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
|
|
|
|
|
var validation preparation.Validation
|
|
|
|
|
switch p := provider.(type) {
|
|
|
|
|
case AzureADProvider:
|
|
|
|
|
validation = c.prepareMigrateInstanceOIDCToAzureADProvider(instanceAgg, writeModel, p)
|
|
|
|
|
case GoogleProvider:
|
|
|
|
|
validation = c.prepareMigrateInstanceOIDCToGoogleProvider(instanceAgg, writeModel, p)
|
|
|
|
|
default:
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-s9219", "Errors.IDPConfig.NotExisting")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-27 16:32:18 +01:00
|
|
|
func (c *Commands) AddInstanceJWTProvider(ctx context.Context, provider JWTProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewJWTInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceJWTProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceJWTProvider(ctx context.Context, id string, provider JWTProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewJWTInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceJWTProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-15 07:48:37 +01:00
|
|
|
func (c *Commands) AddInstanceAzureADProvider(ctx context.Context, provider AzureADProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewAzureADInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceAzureADProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceAzureADProvider(ctx context.Context, id string, provider AzureADProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewAzureADInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceAzureADProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-08 11:17:28 +01:00
|
|
|
func (c *Commands) AddInstanceGitHubProvider(ctx context.Context, provider GitHubProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewGitHubInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceGitHubProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGitHubProvider(ctx context.Context, id string, provider GitHubProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewGitHubInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceGitHubProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) AddInstanceGitHubEnterpriseProvider(ctx context.Context, provider GitHubEnterpriseProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewGitHubEnterpriseInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceGitHubEnterpriseProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGitHubEnterpriseProvider(ctx context.Context, id string, provider GitHubEnterpriseProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewGitHubEnterpriseInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceGitHubEnterpriseProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-13 17:34:29 +01:00
|
|
|
func (c *Commands) AddInstanceGitLabProvider(ctx context.Context, provider GitLabProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewGitLabInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceGitLabProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGitLabProvider(ctx context.Context, id string, provider GitLabProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewGitLabInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceGitLabProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) AddInstanceGitLabSelfHostedProvider(ctx context.Context, provider GitLabSelfHostedProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewGitLabSelfHostedInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceGitLabSelfHostedProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGitLabSelfHostedProvider(ctx context.Context, id string, provider GitLabSelfHostedProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewGitLabSelfHostedInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceGitLabSelfHostedProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-21 18:18:28 +01:00
|
|
|
func (c *Commands) AddInstanceGoogleProvider(ctx context.Context, provider GoogleProvider) (string, *domain.ObjectDetails, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
2023-02-21 18:18:28 +01:00
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel := NewGoogleInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceGoogleProvider(instanceAgg, writeModel, provider))
|
2023-02-21 18:18:28 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceGoogleProvider(ctx context.Context, id string, provider GoogleProvider) (*domain.ObjectDetails, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewGoogleInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceGoogleProvider(instanceAgg, writeModel, provider))
|
2023-02-21 18:18:28 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
2023-02-24 15:16:06 +01:00
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-15 09:14:59 +01:00
|
|
|
func (c *Commands) AddInstanceLDAPProvider(ctx context.Context, provider LDAPProvider) (string, *domain.ObjectDetails, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
2023-02-15 09:14:59 +01:00
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel := NewLDAPInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceLDAPProvider(instanceAgg, writeModel, provider))
|
2023-02-15 09:14:59 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceLDAPProvider(ctx context.Context, id string, provider LDAPProvider) (*domain.ObjectDetails, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewLDAPInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceLDAPProvider(instanceAgg, writeModel, provider))
|
2023-02-15 09:14:59 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
2023-02-24 15:16:06 +01:00
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-31 08:39:16 +02:00
|
|
|
func (c *Commands) AddInstanceAppleProvider(ctx context.Context, provider AppleProvider) (string, *domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
id, err := c.idGenerator.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewAppleInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceAppleProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UpdateInstanceAppleProvider(ctx context.Context, id string, provider AppleProvider) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewAppleInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceAppleProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-03 11:38:28 +01:00
|
|
|
func (c *Commands) AddInstanceSAMLProvider(ctx context.Context, provider *SAMLProvider) (id string, details *domain.ObjectDetails, err error) {
|
2023-09-29 11:26:14 +02:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
2024-12-03 11:38:28 +01:00
|
|
|
id, err = c.idGenerator.Next()
|
2023-09-29 11:26:14 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel := NewSAMLInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceSAMLProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
return id, pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-03 11:38:28 +01:00
|
|
|
func (c *Commands) UpdateInstanceSAMLProvider(ctx context.Context, id string, provider *SAMLProvider) (details *domain.ObjectDetails, err error) {
|
2023-09-29 11:26:14 +02:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewSAMLInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceSAMLProvider(instanceAgg, writeModel, provider))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) RegenerateInstanceSAMLProviderCertificate(ctx context.Context, id string) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
|
instanceAgg := instance.NewAggregate(instanceID)
|
|
|
|
|
writeModel := NewSAMLInstanceIDPWriteModel(instanceID, id)
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareRegenerateInstanceSAMLProviderCertificate(instanceAgg, writeModel))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if len(cmds) == 0 {
|
|
|
|
|
// no change, so return directly
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: writeModel.ProcessedSequence,
|
|
|
|
|
EventDate: writeModel.ChangeDate,
|
|
|
|
|
ResourceOwner: writeModel.ResourceOwner,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-15 09:14:59 +01:00
|
|
|
func (c *Commands) DeleteInstanceProvider(ctx context.Context, id string) (*domain.ObjectDetails, error) {
|
|
|
|
|
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
|
|
|
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareDeleteInstanceProvider(instanceAgg, id))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return pushedEventsToObjectDetails(pushedEvents), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-28 21:20:58 +01:00
|
|
|
func ExistsInstanceIDP(ctx context.Context, filter preparation.FilterToQueryReducer, id string) (exists bool, err error) {
|
|
|
|
|
instanceWriteModel := NewInstanceIDPRemoveWriteModel(authz.GetInstance(ctx).InstanceID(), id)
|
|
|
|
|
events, err := filter(ctx, instanceWriteModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(events) == 0 {
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
|
|
|
|
instanceWriteModel.AppendEvents(events...)
|
|
|
|
|
if err := instanceWriteModel.Reduce(); err != nil {
|
|
|
|
|
return false, err
|
|
|
|
|
}
|
|
|
|
|
return instanceWriteModel.State.Exists(), nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) prepareAddInstanceOAuthProvider(a *instance.Aggregate, writeModel *InstanceOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-D32ef", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dbgzf", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-DF4ga", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-B23bs", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-D2gj8", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fb8jk", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
2023-03-03 11:38:49 +01:00
|
|
|
if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3f", "Errors.Invalid.Argument")
|
2023-03-03 11:38:49 +01:00
|
|
|
}
|
2023-02-24 15:16:06 +01:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewOAuthIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.AuthorizationEndpoint,
|
|
|
|
|
provider.TokenEndpoint,
|
|
|
|
|
provider.UserEndpoint,
|
2023-03-03 11:38:49 +01:00
|
|
|
provider.IDAttribute,
|
2023-02-24 15:16:06 +01:00
|
|
|
provider.Scopes,
|
2025-02-26 13:20:47 +01:00
|
|
|
provider.UsePKCE,
|
2023-02-24 15:16:06 +01:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceOAuthProvider(a *instance.Aggregate, writeModel *InstanceOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
2023-03-13 17:34:29 +01:00
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAffg", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
2023-02-24 15:16:06 +01:00
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sf3gh", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SHJ3ui", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SVrgh", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-DJKeio", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-ILSJi", "Errors.Invalid.Argument")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
2023-03-03 11:38:49 +01:00
|
|
|
if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKD3h", "Errors.Invalid.Argument")
|
2023-03-03 11:38:49 +01:00
|
|
|
}
|
2023-02-24 15:16:06 +01:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting")
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.AuthorizationEndpoint,
|
|
|
|
|
provider.TokenEndpoint,
|
|
|
|
|
provider.UserEndpoint,
|
2023-03-03 11:38:49 +01:00
|
|
|
provider.IDAttribute,
|
2023-02-24 15:16:06 +01:00
|
|
|
provider.Scopes,
|
2025-02-26 13:20:47 +01:00
|
|
|
provider.UsePKCE,
|
2023-02-24 15:16:06 +01:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
2023-02-27 16:32:18 +01:00
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareAddInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sgtj5", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Hz6zj", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-fb5jm", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sfdf4", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
2023-02-24 15:16:06 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-02-27 16:32:18 +01:00
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewOIDCIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
2023-03-16 16:47:22 +01:00
|
|
|
provider.IsIDTokenMapping,
|
2025-02-26 13:20:47 +01:00
|
|
|
provider.UsePKCE,
|
2023-02-27 16:32:18 +01:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAfd3", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dvf4f", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-BDfr3", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Db3bs", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Dg331", "Errors.IDPConfig.NotExisting")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
2023-03-16 16:47:22 +01:00
|
|
|
provider.IsIDTokenMapping,
|
2025-02-26 13:20:47 +01:00
|
|
|
provider.UsePKCE,
|
2023-02-27 16:32:18 +01:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-08 00:50:53 +02:00
|
|
|
func (c *Commands) prepareMigrateInstanceOIDCToAzureADProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider AzureADProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Dg29201", "Errors.IDPConfig.NotExisting")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewOIDCIDPMigratedAzureADEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.Tenant,
|
|
|
|
|
provider.EmailVerified,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareMigrateInstanceOIDCToGoogleProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GoogleProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Dg29202", "Errors.IDPConfig.NotExisting")
|
2023-06-08 00:50:53 +02:00
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewOIDCIDPMigratedGoogleEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-27 16:32:18 +01:00
|
|
|
func (c *Commands) prepareAddInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-JLKef", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-WNJK3", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKSD", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKE3", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-2rlks", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewJWTIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.JWTEndpoint,
|
|
|
|
|
provider.KeyEndpoint,
|
|
|
|
|
provider.HeaderName,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-HUe3q", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKLS2", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKs3f", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKS2", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SJk2d", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SJK2f", "Errors.Invalid.Argument")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Bhju5", "Errors.IDPConfig.NotExisting")
|
2023-02-27 16:32:18 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.JWTEndpoint,
|
|
|
|
|
provider.KeyEndpoint,
|
|
|
|
|
provider.HeaderName,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
2023-02-24 15:16:06 +01:00
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-15 07:48:37 +01:00
|
|
|
func (c *Commands) prepareAddInstanceAzureADProvider(a *instance.Aggregate, writeModel *InstanceAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewAzureADIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.Tenant,
|
|
|
|
|
provider.EmailVerified,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceAzureADProvider(a *instance.Aggregate, writeModel *InstanceAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAgh2", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-fh3h1", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-dmitg", "Errors.Invalid.Argument")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-BHz3q", "Errors.IDPConfig.NotExisting")
|
2023-03-15 07:48:37 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.Tenant,
|
|
|
|
|
provider.EmailVerified,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-08 11:17:28 +01:00
|
|
|
func (c *Commands) prepareAddInstanceGitHubProvider(a *instance.Aggregate, writeModel *InstanceGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Jdsgf", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-dsgz3", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewGitHubIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceGitHubProvider(a *instance.Aggregate, writeModel *InstanceGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf4h", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-fdh5z", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Dr1gs", "Errors.IDPConfig.NotExisting")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
2023-03-13 17:34:29 +01:00
|
|
|
if err != nil || event == nil {
|
2023-03-08 11:17:28 +01:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareAddInstanceGitHubEnterpriseProvider(a *instance.Aggregate, writeModel *InstanceGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dg4td", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-dgj53", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ghjjs", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sani2", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-agj42", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sd5hn", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewGitHubEnterpriseIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.AuthorizationEndpoint,
|
|
|
|
|
provider.TokenEndpoint,
|
|
|
|
|
provider.UserEndpoint,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceGitHubEnterpriseProvider(a *instance.Aggregate, writeModel *InstanceGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdfh3", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-shj42", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdh73", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-acx2w", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-dgj6q", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-ybj62", "Errors.Invalid.Argument")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-GBr42", "Errors.IDPConfig.NotExisting")
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.AuthorizationEndpoint,
|
|
|
|
|
provider.TokenEndpoint,
|
|
|
|
|
provider.UserEndpoint,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
2023-03-13 17:34:29 +01:00
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareAddInstanceGitLabProvider(a *instance.Aggregate, writeModel *InstanceGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-adsg2", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-GD1j2", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
2023-03-08 11:17:28 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-03-13 17:34:29 +01:00
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewGitLabIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceGitLabProvider(a *instance.Aggregate, writeModel *InstanceGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-HJK91", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-D12t6", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-HBReq", "Errors.IDPConfig.NotExisting")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareAddInstanceGitLabSelfHostedProvider(a *instance.Aggregate, writeModel *InstanceGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-jw4ZT", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-AST4S", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-DBZHJ", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SDGJ4", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewGitLabSelfHostedIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceGitLabSelfHostedProvider(a *instance.Aggregate, writeModel *InstanceGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAFG4", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-DG4H", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SD4eb", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-GHWE3", "Errors.Invalid.Argument")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-D2tg1", "Errors.IDPConfig.NotExisting")
|
2023-03-13 17:34:29 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Issuer,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
2023-03-08 11:17:28 +01:00
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) prepareAddInstanceGoogleProvider(a *instance.Aggregate, writeModel *InstanceGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation {
|
2023-02-21 18:18:28 +01:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument")
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument")
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewGoogleIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel.ID,
|
2023-02-21 18:18:28 +01:00
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
secret,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) prepareUpdateInstanceGoogleProvider(a *instance.Aggregate, writeModel *InstanceGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation {
|
2023-02-21 18:18:28 +01:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-S32t1", "Errors.Invalid.Argument")
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-ds432", "Errors.Invalid.Argument")
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting")
|
2023-02-21 18:18:28 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel.ID,
|
2023-02-21 18:18:28 +01:00
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.ClientSecret,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
2023-02-27 16:32:18 +01:00
|
|
|
if err != nil || event == nil {
|
2023-02-21 18:18:28 +01:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation {
|
2023-02-15 09:14:59 +01:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAfdd", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
|
|
|
|
if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sv31s", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdgf4", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if provider.BindPassword = strings.TrimSpace(provider.BindPassword); provider.BindPassword == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-AEG2w", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAD5n", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if len(provider.Servers) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAx905n", "Errors.Invalid.Argument")
|
2023-03-24 16:18:56 +01:00
|
|
|
}
|
|
|
|
|
if len(provider.UserObjectClasses) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-S1x905n", "Errors.Invalid.Argument")
|
2023-03-24 16:18:56 +01:00
|
|
|
}
|
|
|
|
|
if len(provider.UserFilters) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx905n", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2025-03-18 15:23:12 +00:00
|
|
|
if len(provider.RootCA) > 0 {
|
|
|
|
|
if err := validateRootCA(provider.RootCA); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-15 09:14:59 +01:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
secret, err := crypto.Encrypt([]byte(provider.BindPassword), c.idpConfigEncryption)
|
2023-02-15 09:14:59 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewLDAPIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel.ID,
|
2023-02-15 09:14:59 +01:00
|
|
|
provider.Name,
|
2023-03-24 16:18:56 +01:00
|
|
|
provider.Servers,
|
|
|
|
|
provider.StartTLS,
|
2023-02-15 09:14:59 +01:00
|
|
|
provider.BaseDN,
|
2023-03-24 16:18:56 +01:00
|
|
|
provider.BindDN,
|
2023-02-15 09:14:59 +01:00
|
|
|
secret,
|
2023-03-24 16:18:56 +01:00
|
|
|
provider.UserBase,
|
|
|
|
|
provider.UserObjectClasses,
|
|
|
|
|
provider.UserFilters,
|
|
|
|
|
provider.Timeout,
|
2025-02-18 10:06:50 +00:00
|
|
|
provider.RootCA,
|
2023-02-15 09:14:59 +01:00
|
|
|
provider.LDAPAttributes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-18 15:23:12 +00:00
|
|
|
func validateRootCA(pemCerts []byte) error {
|
|
|
|
|
rootCAs := x509.NewCertPool()
|
|
|
|
|
if ok := rootCAs.AppendCertsFromPEM(pemCerts); !ok {
|
|
|
|
|
return zerrors.ThrowInvalidArgument(nil, "INST-cwqVVdBwKt", "Errors.Invalid.Argument")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-24 15:16:06 +01:00
|
|
|
func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation {
|
2023-02-15 09:14:59 +01:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
2023-02-24 15:16:06 +01:00
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dgdbs", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sffgd", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
|
|
|
|
if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-vb3ss", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-hbere", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-DG45z", "Errors.Invalid.Argument")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-03-24 16:18:56 +01:00
|
|
|
if len(provider.Servers) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAx945n", "Errors.Invalid.Argument")
|
2023-03-24 16:18:56 +01:00
|
|
|
}
|
|
|
|
|
if len(provider.UserObjectClasses) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-S1x605n", "Errors.Invalid.Argument")
|
2023-03-24 16:18:56 +01:00
|
|
|
}
|
|
|
|
|
if len(provider.UserFilters) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx901n", "Errors.Invalid.Argument")
|
2023-03-24 16:18:56 +01:00
|
|
|
}
|
2025-03-18 15:23:12 +00:00
|
|
|
if len(provider.RootCA) > 0 {
|
|
|
|
|
if err := validateRootCA(provider.RootCA); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-02-15 09:14:59 +01:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-ASF3F", "Errors.IDPConfig.NotExisting")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
2023-02-24 15:16:06 +01:00
|
|
|
writeModel.ID,
|
2023-02-15 09:14:59 +01:00
|
|
|
provider.Name,
|
2023-03-24 16:18:56 +01:00
|
|
|
provider.Servers,
|
|
|
|
|
provider.StartTLS,
|
2023-02-15 09:14:59 +01:00
|
|
|
provider.BaseDN,
|
2023-03-24 16:18:56 +01:00
|
|
|
provider.BindDN,
|
|
|
|
|
provider.BindPassword,
|
|
|
|
|
provider.UserBase,
|
|
|
|
|
provider.UserObjectClasses,
|
|
|
|
|
provider.UserFilters,
|
|
|
|
|
provider.Timeout,
|
2025-02-18 10:06:50 +00:00
|
|
|
provider.RootCA,
|
2023-02-15 09:14:59 +01:00
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.LDAPAttributes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
2023-02-27 16:32:18 +01:00
|
|
|
if err != nil || event == nil {
|
2023-02-15 09:14:59 +01:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-31 08:39:16 +02:00
|
|
|
func (c *Commands) prepareAddInstanceAppleProvider(a *instance.Aggregate, writeModel *InstanceAppleIDPWriteModel, provider AppleProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-jkn3w", "Errors.IDP.ClientIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ffg32", "Errors.IDP.TeamIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-GDjm5", "Errors.IDP.KeyIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if len(provider.PrivateKey) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-GVD4n", "Errors.IDP.PrivateKeyMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
privateKey, err := crypto.Encrypt(provider.PrivateKey, c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewAppleIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.TeamID,
|
|
|
|
|
provider.KeyID,
|
|
|
|
|
privateKey,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareUpdateInstanceAppleProvider(a *instance.Aggregate, writeModel *InstanceAppleIDPWriteModel, provider AppleProvider) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-FRHBH", "Errors.IDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SFm4l", "Errors.IDP.ClientIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-SG34t", "Errors.IDP.TeamIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-Gh4z2", "Errors.IDP.KeyIDMissing")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-SG3bh", "Errors.IDPConfig.NotExisting")
|
2023-08-31 08:39:16 +02:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.ClientID,
|
|
|
|
|
provider.TeamID,
|
|
|
|
|
provider.KeyID,
|
|
|
|
|
provider.PrivateKey,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Scopes,
|
|
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-03 11:38:28 +01:00
|
|
|
func (c *Commands) prepareAddInstanceSAMLProvider(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel, provider *SAMLProvider) preparation.Validation {
|
2023-09-29 11:26:14 +02:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-o07zjotgnd", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
2024-10-11 10:09:51 +02:00
|
|
|
if len(provider.Metadata) == 0 && provider.MetadataURL != "" {
|
2023-09-29 11:26:14 +02:00
|
|
|
data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL)
|
|
|
|
|
if err != nil {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(err, "INST-8vam1khq22", "Errors.Project.App.SAMLMetadataMissing")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
provider.Metadata = data
|
|
|
|
|
}
|
2024-10-11 10:09:51 +02:00
|
|
|
if len(provider.Metadata) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-3bi3esi16t", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
2024-12-03 11:38:28 +01:00
|
|
|
if _, err := saml.ParseMetadata(provider.Metadata); err != nil {
|
|
|
|
|
return nil, zerrors.ThrowInvalidArgument(err, "INST-SF3rwhgh", "Errors.Project.App.SAMLMetadataFormat")
|
|
|
|
|
}
|
2023-09-29 11:26:14 +02:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
key, cert, err := c.samlCertificateAndKeyGenerator(writeModel.ID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
keyEnc, err := crypto.Encrypt(key, c.idpConfigEncryption)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{
|
|
|
|
|
instance.NewSAMLIDPAddedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Metadata,
|
|
|
|
|
keyEnc,
|
|
|
|
|
cert,
|
|
|
|
|
provider.Binding,
|
|
|
|
|
provider.WithSignedRequest,
|
2024-05-23 07:04:07 +02:00
|
|
|
provider.NameIDFormat,
|
|
|
|
|
provider.TransientMappingAttributeName,
|
feat: federated logout for SAML IdPs (#9931)
# Which Problems Are Solved
Currently if a user signs in using an IdP, once they sign out of
Zitadel, the corresponding IdP session is not terminated. This can be
the desired behavior. In some cases, e.g. when using a shared computer
it results in a potential security risk, since a follower user might be
able to sign in as the previous using the still open IdP session.
# How the Problems Are Solved
- Admins can enabled a federated logout option on SAML IdPs through the
Admin and Management APIs.
- During the termination of a login V1 session using OIDC end_session
endpoint, Zitadel will check if an IdP was used to authenticate that
session.
- In case there was a SAML IdP used with Federated Logout enabled, it
will intercept the logout process, store the information into the shared
cache and redirect to the federated logout endpoint in the V1 login.
- The V1 login federated logout endpoint checks every request on an
existing cache entry. On success it will create a SAML logout request
for the used IdP and either redirect or POST to the configured SLO
endpoint. The cache entry is updated with a `redirected` state.
- A SLO endpoint is added to the `/idp` handlers, which will handle the
SAML logout responses. At the moment it will check again for an existing
federated logout entry (with state `redirected`) in the cache. On
success, the user is redirected to the initially provided
`post_logout_redirect_uri` from the end_session request.
# Additional Changes
None
# Additional Context
- This PR merges the https://github.com/zitadel/zitadel/pull/9841 and
https://github.com/zitadel/zitadel/pull/9854 to main, additionally
updating the docs on Entra ID SAML.
- closes #9228
- backport to 3.x
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
(cherry picked from commit 2cf3ef4de4ef993367daec6ff3974bdbdf70d2f3)
2025-05-23 13:52:25 +02:00
|
|
|
provider.FederatedLogoutEnabled,
|
2023-09-29 11:26:14 +02:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
),
|
|
|
|
|
}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-03 11:38:28 +01:00
|
|
|
func (c *Commands) prepareUpdateInstanceSAMLProvider(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel, provider *SAMLProvider) preparation.Validation {
|
2023-09-29 11:26:14 +02:00
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-7o3rq1owpm", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-q2s9rak7o9", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
if provider.Metadata == nil && provider.MetadataURL == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-iw1rxnf4sf", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
if provider.Metadata == nil && provider.MetadataURL != "" {
|
|
|
|
|
data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL)
|
|
|
|
|
if err != nil {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(err, "INST-iijz4h01if", "Errors.Project.App.SAMLMetadataMissing")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
provider.Metadata = data
|
|
|
|
|
}
|
2024-12-03 11:38:28 +01:00
|
|
|
if _, err := saml.ParseMetadata(provider.Metadata); err != nil {
|
|
|
|
|
return nil, zerrors.ThrowInvalidArgument(err, "INST-dsfj3kl2", "Errors.Project.App.SAMLMetadataFormat")
|
|
|
|
|
}
|
2023-09-29 11:26:14 +02:00
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
provider.Name,
|
|
|
|
|
provider.Metadata,
|
|
|
|
|
nil,
|
|
|
|
|
nil,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
provider.Binding,
|
|
|
|
|
provider.WithSignedRequest,
|
2024-05-23 07:04:07 +02:00
|
|
|
provider.NameIDFormat,
|
|
|
|
|
provider.TransientMappingAttributeName,
|
feat: federated logout for SAML IdPs (#9931)
# Which Problems Are Solved
Currently if a user signs in using an IdP, once they sign out of
Zitadel, the corresponding IdP session is not terminated. This can be
the desired behavior. In some cases, e.g. when using a shared computer
it results in a potential security risk, since a follower user might be
able to sign in as the previous using the still open IdP session.
# How the Problems Are Solved
- Admins can enabled a federated logout option on SAML IdPs through the
Admin and Management APIs.
- During the termination of a login V1 session using OIDC end_session
endpoint, Zitadel will check if an IdP was used to authenticate that
session.
- In case there was a SAML IdP used with Federated Logout enabled, it
will intercept the logout process, store the information into the shared
cache and redirect to the federated logout endpoint in the V1 login.
- The V1 login federated logout endpoint checks every request on an
existing cache entry. On success it will create a SAML logout request
for the used IdP and either redirect or POST to the configured SLO
endpoint. The cache entry is updated with a `redirected` state.
- A SLO endpoint is added to the `/idp` handlers, which will handle the
SAML logout responses. At the moment it will check again for an existing
federated logout entry (with state `redirected`) in the cache. On
success, the user is redirected to the initially provided
`post_logout_redirect_uri` from the end_session request.
# Additional Changes
None
# Additional Context
- This PR merges the https://github.com/zitadel/zitadel/pull/9841 and
https://github.com/zitadel/zitadel/pull/9854 to main, additionally
updating the docs on Entra ID SAML.
- closes #9228
- backport to 3.x
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
(cherry picked from commit 2cf3ef4de4ef993367daec6ff3974bdbdf70d2f3)
2025-05-23 13:52:25 +02:00
|
|
|
provider.FederatedLogoutEnabled,
|
2023-09-29 11:26:14 +02:00
|
|
|
provider.IDPOptions,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) prepareRegenerateInstanceSAMLProviderCertificate(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "INST-7de108gqya", "Errors.Invalid.Argument")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-76dbwsv9vm", "Errors.IDPConfig.NotExisting")
|
2023-09-29 11:26:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
key, cert, err := c.samlCertificateAndKeyGenerator(writeModel.ID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
event, err := writeModel.NewChangedEvent(
|
|
|
|
|
ctx,
|
|
|
|
|
&a.Aggregate,
|
|
|
|
|
writeModel.ID,
|
|
|
|
|
writeModel.Name,
|
|
|
|
|
writeModel.Metadata,
|
|
|
|
|
key,
|
|
|
|
|
cert,
|
|
|
|
|
c.idpConfigEncryption,
|
|
|
|
|
writeModel.Binding,
|
|
|
|
|
writeModel.WithSignedRequest,
|
2024-05-23 07:04:07 +02:00
|
|
|
writeModel.NameIDFormat,
|
|
|
|
|
writeModel.TransientMappingAttributeName,
|
feat: federated logout for SAML IdPs (#9931)
# Which Problems Are Solved
Currently if a user signs in using an IdP, once they sign out of
Zitadel, the corresponding IdP session is not terminated. This can be
the desired behavior. In some cases, e.g. when using a shared computer
it results in a potential security risk, since a follower user might be
able to sign in as the previous using the still open IdP session.
# How the Problems Are Solved
- Admins can enabled a federated logout option on SAML IdPs through the
Admin and Management APIs.
- During the termination of a login V1 session using OIDC end_session
endpoint, Zitadel will check if an IdP was used to authenticate that
session.
- In case there was a SAML IdP used with Federated Logout enabled, it
will intercept the logout process, store the information into the shared
cache and redirect to the federated logout endpoint in the V1 login.
- The V1 login federated logout endpoint checks every request on an
existing cache entry. On success it will create a SAML logout request
for the used IdP and either redirect or POST to the configured SLO
endpoint. The cache entry is updated with a `redirected` state.
- A SLO endpoint is added to the `/idp` handlers, which will handle the
SAML logout responses. At the moment it will check again for an existing
federated logout entry (with state `redirected`) in the cache. On
success, the user is redirected to the initially provided
`post_logout_redirect_uri` from the end_session request.
# Additional Changes
None
# Additional Context
- This PR merges the https://github.com/zitadel/zitadel/pull/9841 and
https://github.com/zitadel/zitadel/pull/9854 to main, additionally
updating the docs on Entra ID SAML.
- closes #9228
- backport to 3.x
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
(cherry picked from commit 2cf3ef4de4ef993367daec6ff3974bdbdf70d2f3)
2025-05-23 13:52:25 +02:00
|
|
|
writeModel.FederatedLogoutEnabled,
|
2023-09-29 11:26:14 +02:00
|
|
|
writeModel.Options,
|
|
|
|
|
)
|
|
|
|
|
if err != nil || event == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []eventstore.Command{event}, nil
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-15 09:14:59 +01:00
|
|
|
func (c *Commands) prepareDeleteInstanceProvider(a *instance.Aggregate, id string) preparation.Validation {
|
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
|
writeModel := NewInstanceIDPRemoveWriteModel(a.InstanceID, id)
|
|
|
|
|
events, err := filter(ctx, writeModel.Query())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
writeModel.AppendEvents(events...)
|
|
|
|
|
if err = writeModel.Reduce(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !writeModel.State.Exists() {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowNotFound(nil, "INST-Se3tg", "Errors.IDPConfig.NotExisting")
|
2023-02-15 09:14:59 +01:00
|
|
|
}
|
2023-02-27 16:32:18 +01:00
|
|
|
return []eventstore.Command{instance.NewIDPRemovedEvent(ctx, &a.Aggregate, id)}, nil
|
2023-02-15 09:14:59 +01:00
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|