zitadel/internal/command/policy_password_complexity_model.go

package command

import (
	"regexp"

	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/policy"
)

var (
	hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString
	hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString
	hasNumber          = regexp.MustCompile(`[0-9]`).MatchString
	hasSymbol          = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString
)

type PasswordComplexityPolicyWriteModel struct {
	eventstore.WriteModel

	MinLength    uint64
	HasLowercase bool
	HasUppercase bool
	HasNumber    bool
	HasSymbol    bool
	State        domain.PolicyState
}

func (wm *PasswordComplexityPolicyWriteModel) Reduce() error {
	for _, event := range wm.Events {
		switch e := event.(type) {
		case *policy.PasswordComplexityPolicyAddedEvent:
			wm.MinLength = e.MinLength
			wm.HasLowercase = e.HasLowercase
			wm.HasUppercase = e.HasUppercase
			wm.HasNumber = e.HasNumber
			wm.HasSymbol = e.HasSymbol
			wm.State = domain.PolicyStateActive
		case *policy.PasswordComplexityPolicyChangedEvent:
			if e.MinLength != nil {
				wm.MinLength = *e.MinLength
			}
			if e.HasLowercase != nil {
				wm.HasLowercase = *e.HasLowercase
			}
			if e.HasUppercase != nil {
				wm.HasUppercase = *e.HasUppercase
			}
			if e.HasNumber != nil {
				wm.HasNumber = *e.HasNumber
			}
			if e.HasSymbol != nil {
				wm.HasSymbol = *e.HasSymbol
			}
		case *policy.PasswordComplexityPolicyRemovedEvent:
			wm.State = domain.PolicyStateRemoved
		}
	}
	return wm.WriteModel.Reduce()
}

func (wm *PasswordComplexityPolicyWriteModel) Validate(password string) error {
	if wm.MinLength != 0 && uint64(len(password)) < wm.MinLength {
		return errors.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength")
	}

	if wm.HasLowercase && !hasStringLowerCase(password) {
		return errors.ThrowInvalidArgument(nil, "COMMA-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower")
	}

	if wm.HasUppercase && !hasStringUpperCase(password) {
		return errors.ThrowInvalidArgument(nil, "COMMA-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")
	}

	if wm.HasNumber && !hasNumber(password) {
		return errors.ThrowInvalidArgument(nil, "COMMA-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber")
	}

	if wm.HasSymbol && !hasSymbol(password) {
		return errors.ThrowInvalidArgument(nil, "COMMA-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol")
	}
	return nil
}
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`package command`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00
			`import (`
feat(cli): setup (#3267) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * imports Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-28 08:05:09 +00:00			`"regexp"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/policy"`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`)`

feat(cli): setup (#3267) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * imports Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-28 08:05:09 +00:00			`var (`
			hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString
			hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString
			hasNumber = regexp.MustCompile(`[0-9]`).MatchString
			hasSymbol = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString
			`)`

new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`type PasswordComplexityPolicyWriteModel struct {`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`eventstore.WriteModel`

			`MinLength uint64`
			`HasLowercase bool`
feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`HasUppercase bool`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`HasNumber bool`
			`HasSymbol bool`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`State domain.PolicyState`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`}`

new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`func (wm *PasswordComplexityPolicyWriteModel) Reduce() error {`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`for _, event := range wm.Events {`
			`switch e := event.(type) {`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`case *policy.PasswordComplexityPolicyAddedEvent:`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`wm.MinLength = e.MinLength`
			`wm.HasLowercase = e.HasLowercase`
feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`wm.HasUppercase = e.HasUppercase`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`wm.HasNumber = e.HasNumber`
			`wm.HasSymbol = e.HasSymbol`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`wm.State = domain.PolicyStateActive`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`case *policy.PasswordComplexityPolicyChangedEvent:`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 10:12:56 +00:00			`if e.MinLength != nil {`
			`wm.MinLength = *e.MinLength`
			`}`
			`if e.HasLowercase != nil {`
			`wm.HasLowercase = *e.HasLowercase`
			`}`
feat: org and policies commands (#1167) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * fixes * changedEvent handling Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-18 10:24:15 +00:00			`if e.HasUppercase != nil {`
			`wm.HasUppercase = *e.HasUppercase`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 10:12:56 +00:00			`}`
			`if e.HasNumber != nil {`
			`wm.HasNumber = *e.HasNumber`
			`}`
			`if e.HasSymbol != nil {`
			`wm.HasSymbol = *e.HasSymbol`
			`}`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 13:52:13 +00:00			`case *policy.PasswordComplexityPolicyRemovedEvent:`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`wm.State = domain.PolicyStateRemoved`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 14:49:19 +00:00			`}`
			`}`
			`return wm.WriteModel.Reduce()`
			`}`
feat(cli): setup (#3267) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * imports Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-28 08:05:09 +00:00
			`func (wm *PasswordComplexityPolicyWriteModel) Validate(password string) error {`
			`if wm.MinLength != 0 && uint64(len(password)) < wm.MinLength {`
			`return errors.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength")`
			`}`

			`if wm.HasLowercase && !hasStringLowerCase(password) {`
			`return errors.ThrowInvalidArgument(nil, "COMMA-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower")`
			`}`

			`if wm.HasUppercase && !hasStringUpperCase(password) {`
			`return errors.ThrowInvalidArgument(nil, "COMMA-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")`
			`}`

			`if wm.HasNumber && !hasNumber(password) {`
			`return errors.ThrowInvalidArgument(nil, "COMMA-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber")`
			`}`

			`if wm.HasSymbol && !hasSymbol(password) {`
			`return errors.ThrowInvalidArgument(nil, "COMMA-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol")`
			`}`
			`return nil`
			`}`