2022-01-20 13:21:59 +01:00
package query
import (
"context"
"database/sql"
2024-05-28 10:59:49 +02:00
"errors"
2024-08-23 08:44:18 +02:00
"slices"
2022-01-20 13:21:59 +01:00
"time"
sq "github.com/Masterminds/squirrel"
2023-06-20 18:23:28 +02:00
"github.com/zitadel/logging"
2022-03-23 09:02:39 +01:00
2022-04-27 01:01:45 +02:00
"github.com/zitadel/zitadel/internal/api/authz"
2023-02-27 22:36:43 +01:00
"github.com/zitadel/zitadel/internal/api/call"
2022-04-27 01:01:45 +02:00
"github.com/zitadel/zitadel/internal/domain"
2022-06-14 07:51:00 +02:00
"github.com/zitadel/zitadel/internal/query/projection"
2022-12-01 09:18:53 +01:00
"github.com/zitadel/zitadel/internal/telemetry/tracing"
2023-12-08 16:30:55 +02:00
"github.com/zitadel/zitadel/internal/zerrors"
2022-01-20 13:21:59 +01:00
)
var (
userAuthMethodTable = table {
2022-10-27 08:08:36 +02:00
name : projection . UserAuthMethodTable ,
instanceIDCol : projection . UserAuthMethodInstanceIDCol ,
2022-01-20 13:21:59 +01:00
}
UserAuthMethodColumnTokenID = Column {
name : projection . UserAuthMethodTokenIDCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnCreationDate = Column {
name : projection . UserAuthMethodCreationDateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnChangeDate = Column {
name : projection . UserAuthMethodChangeDateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnResourceOwner = Column {
name : projection . UserAuthMethodResourceOwnerCol ,
table : userAuthMethodTable ,
}
2022-03-23 09:02:39 +01:00
UserAuthMethodColumnInstanceID = Column {
name : projection . UserAuthMethodInstanceIDCol ,
table : userAuthMethodTable ,
}
2022-01-20 13:21:59 +01:00
UserAuthMethodColumnUserID = Column {
name : projection . UserAuthMethodUserIDCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnSequence = Column {
name : projection . UserAuthMethodSequenceCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnName = Column {
name : projection . UserAuthMethodNameCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnState = Column {
name : projection . UserAuthMethodStateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnMethodType = Column {
name : projection . UserAuthMethodTypeCol ,
table : userAuthMethodTable ,
}
2024-10-10 18:50:53 +02:00
UserAuthMethodColumnDomain = Column {
name : projection . UserAuthMethodDomainCol ,
2022-11-30 17:01:17 +01:00
table : userAuthMethodTable ,
}
2023-06-20 18:23:28 +02:00
authMethodTypeTable = userAuthMethodTable . setAlias ( "auth_method_types" )
authMethodTypeUserID = UserAuthMethodColumnUserID . setTable ( authMethodTypeTable )
authMethodTypeInstanceID = UserAuthMethodColumnInstanceID . setTable ( authMethodTypeTable )
2024-05-28 10:59:49 +02:00
authMethodTypeType = UserAuthMethodColumnMethodType . setTable ( authMethodTypeTable )
2024-10-10 18:50:53 +02:00
authMethodTypeState = UserAuthMethodColumnState . setTable ( authMethodTypeTable )
authMethodTypeDomain = UserAuthMethodColumnDomain . setTable ( authMethodTypeTable )
2023-06-20 18:23:28 +02:00
userIDPsCountTable = idpUserLinkTable . setAlias ( "user_idps_count" )
userIDPsCountUserID = IDPUserLinkUserIDCol . setTable ( userIDPsCountTable )
userIDPsCountInstanceID = IDPUserLinkInstanceIDCol . setTable ( userIDPsCountTable )
userIDPsCountCount = Column {
name : "count" ,
table : userIDPsCountTable ,
}
2023-07-14 13:16:16 +02:00
2023-07-20 06:06:16 +02:00
forceMFATable = loginPolicyTable . setAlias ( "auth_methods_force_mfa" )
forceMFAInstanceID = LoginPolicyColumnInstanceID . setTable ( forceMFATable )
forceMFAOrgID = LoginPolicyColumnOrgID . setTable ( forceMFATable )
forceMFAIsDefault = LoginPolicyColumnIsDefault . setTable ( forceMFATable )
forceMFAForce = LoginPolicyColumnForceMFA . setTable ( forceMFATable )
forceMFAForceLocalOnly = LoginPolicyColumnForceMFALocalOnly . setTable ( forceMFATable )
2022-01-20 13:21:59 +01:00
)
type AuthMethods struct {
SearchResponse
AuthMethods [ ] * AuthMethod
}
2023-06-20 18:23:28 +02:00
2024-08-23 08:44:18 +02:00
func authMethodsCheckPermission ( ctx context . Context , methods * AuthMethods , permissionCheck domain . PermissionCheck ) {
methods . AuthMethods = slices . DeleteFunc ( methods . AuthMethods ,
func ( method * AuthMethod ) bool {
return userCheckPermission ( ctx , method . ResourceOwner , method . UserID , permissionCheck ) != nil
} ,
)
2024-07-26 22:39:55 +02:00
}
2022-01-20 13:21:59 +01:00
type AuthMethod struct {
UserID string
CreationDate time . Time
ChangeDate time . Time
ResourceOwner string
State domain . MFAState
Sequence uint64
TokenID string
Name string
Type domain . UserAuthMethodType
}
2023-06-20 18:23:28 +02:00
type AuthMethodTypes struct {
SearchResponse
AuthMethodTypes [ ] domain . UserAuthMethodType
}
2022-01-20 13:21:59 +01:00
type UserAuthMethodSearchQueries struct {
SearchRequest
Queries [ ] SearchQuery
}
2024-08-23 08:44:18 +02:00
func ( q * UserAuthMethodSearchQueries ) hasUserID ( ) bool {
for _ , query := range q . Queries {
if query . Col ( ) == UserAuthMethodColumnUserID {
return true
}
}
return false
}
func ( q * Queries ) SearchUserAuthMethods ( ctx context . Context , queries * UserAuthMethodSearchQueries , permissionCheck domain . PermissionCheck ) ( userAuthMethods * AuthMethods , err error ) {
2024-10-10 18:50:53 +02:00
methods , err := q . searchUserAuthMethods ( ctx , queries )
2024-08-23 08:44:18 +02:00
if err != nil {
return nil , err
}
if permissionCheck != nil && len ( methods . AuthMethods ) > 0 {
// when userID for query is provided, only one check has to be done
if queries . hasUserID ( ) {
if err := userCheckPermission ( ctx , methods . AuthMethods [ 0 ] . ResourceOwner , methods . AuthMethods [ 0 ] . UserID , permissionCheck ) ; err != nil {
return nil , err
}
} else {
authMethodsCheckPermission ( ctx , methods , permissionCheck )
}
}
return methods , nil
}
2024-10-10 18:50:53 +02:00
func ( q * Queries ) searchUserAuthMethods ( ctx context . Context , queries * UserAuthMethodSearchQueries ) ( userAuthMethods * AuthMethods , err error ) {
2022-12-01 09:18:53 +01:00
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
2023-02-27 22:36:43 +01:00
query , scan := prepareUserAuthMethodsQuery ( ctx , q . client )
2024-10-10 18:50:53 +02:00
stmt , args , err := queries . toQuery ( query ) . Where ( sq . Eq { UserAuthMethodColumnInstanceID . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) } ) . ToSql ( )
2022-01-20 13:21:59 +01:00
if err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-j9NJd" , "Errors.Query.InvalidRequest" )
2022-01-20 13:21:59 +01:00
}
2023-08-22 14:49:02 +02:00
err = q . client . QueryContext ( ctx , func ( rows * sql . Rows ) error {
userAuthMethods , err = scan ( rows )
return err
} , stmt , args ... )
2022-01-20 13:21:59 +01:00
if err != nil {
return nil , err
}
2023-10-19 12:19:10 +02:00
userAuthMethods . State , err = q . latestState ( ctx , userAuthMethodTable )
2022-01-20 13:21:59 +01:00
return userAuthMethods , err
}
2024-10-10 18:50:53 +02:00
func ( q * Queries ) ListUserAuthMethodTypes ( ctx context . Context , userID string , activeOnly bool , includeWithoutDomain bool , queryDomain string ) ( userAuthMethodTypes * AuthMethodTypes , err error ) {
2023-06-20 18:23:28 +02:00
ctxData := authz . GetCtxData ( ctx )
if ctxData . UserID != userID {
if err := q . checkPermission ( ctx , domain . PermissionUserRead , ctxData . OrgID , userID ) ; err != nil {
return nil , err
}
}
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
2024-10-10 18:50:53 +02:00
query , scan := prepareUserAuthMethodTypesQuery ( ctx , q . client , activeOnly , includeWithoutDomain , queryDomain )
2023-06-20 18:23:28 +02:00
eq := sq . Eq {
UserIDCol . identifier ( ) : userID ,
UserInstanceIDCol . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) ,
}
stmt , args , err := query . Where ( eq ) . ToSql ( )
if err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-Sfdrg" , "Errors.Query.InvalidRequest" )
2023-06-20 18:23:28 +02:00
}
2023-08-22 14:49:02 +02:00
err = q . client . QueryContext ( ctx , func ( rows * sql . Rows ) error {
userAuthMethodTypes , err = scan ( rows )
return err
} , stmt , args ... )
2023-06-20 18:23:28 +02:00
if err != nil {
return nil , err
}
2023-10-19 12:19:10 +02:00
userAuthMethodTypes . State , err = q . latestState ( ctx , userTable , notifyTable , userAuthMethodTable , idpUserLinkTable )
2023-06-20 18:23:28 +02:00
return userAuthMethodTypes , err
}
2024-05-23 07:35:10 +02:00
type UserAuthMethodRequirements struct {
UserType domain . UserType
ForceMFA bool
ForceMFALocalOnly bool
}
func ( q * Queries ) ListUserAuthMethodTypesRequired ( ctx context . Context , userID string ) ( requirements * UserAuthMethodRequirements , err error ) {
2023-07-14 13:16:16 +02:00
ctxData := authz . GetCtxData ( ctx )
if ctxData . UserID != userID {
if err := q . checkPermission ( ctx , domain . PermissionUserRead , ctxData . OrgID , userID ) ; err != nil {
2024-05-23 07:35:10 +02:00
return nil , err
2023-07-14 13:16:16 +02:00
}
}
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
query , scan := prepareUserAuthMethodTypesRequiredQuery ( ctx , q . client )
eq := sq . Eq {
UserIDCol . identifier ( ) : userID ,
UserInstanceIDCol . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) ,
}
stmt , args , err := query . Where ( eq ) . ToSql ( )
if err != nil {
2024-05-23 07:35:10 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-E5ut4" , "Errors.Query.InvalidRequest" )
2023-07-14 13:16:16 +02:00
}
2024-05-28 10:59:49 +02:00
err = q . client . QueryRowContext ( ctx , func ( row * sql . Row ) error {
requirements , err = scan ( row )
2023-08-22 14:49:02 +02:00
return err
} , stmt , args ... )
if err != nil {
2024-05-23 07:35:10 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-Dun75" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
2024-05-23 07:35:10 +02:00
return requirements , nil
2023-07-14 13:16:16 +02:00
}
2022-01-20 13:21:59 +01:00
func NewUserAuthMethodUserIDSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnUserID , value , TextEquals )
}
func NewUserAuthMethodTokenIDSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnTokenID , value , TextEquals )
}
func NewUserAuthMethodResourceOwnerSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnResourceOwner , value , TextEquals )
}
func NewUserAuthMethodTypeSearchQuery ( value domain . UserAuthMethodType ) ( SearchQuery , error ) {
return NewNumberQuery ( UserAuthMethodColumnMethodType , value , NumberEquals )
}
2022-01-21 09:27:57 +01:00
func NewUserAuthMethodStateSearchQuery ( value domain . MFAState ) ( SearchQuery , error ) {
return NewNumberQuery ( UserAuthMethodColumnState , value , NumberEquals )
}
2022-01-20 13:21:59 +01:00
func NewUserAuthMethodTypesSearchQuery ( values ... domain . UserAuthMethodType ) ( SearchQuery , error ) {
list := make ( [ ] interface { } , len ( values ) )
for i , value := range values {
list [ i ] = value
}
return NewListQuery ( UserAuthMethodColumnMethodType , list , ListIn )
}
2025-01-02 14:14:49 +01:00
func NewUserAuthMethodStatesSearchQuery ( values ... domain . MFAState ) ( SearchQuery , error ) {
list := make ( [ ] interface { } , len ( values ) )
for i , value := range values {
list [ i ] = value
}
return NewListQuery ( UserAuthMethodColumnState , list , ListIn )
}
2022-01-20 13:21:59 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendResourceOwnerQuery ( orgID string ) error {
query , err := NewUserAuthMethodResourceOwnerSearchQuery ( orgID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendUserIDQuery ( userID string ) error {
query , err := NewUserAuthMethodUserIDSearchQuery ( userID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendTokenIDQuery ( tokenID string ) error {
query , err := NewUserAuthMethodTokenIDSearchQuery ( tokenID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
2022-01-21 09:27:57 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendStateQuery ( state domain . MFAState ) error {
query , err := NewUserAuthMethodStateSearchQuery ( state )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
2025-01-02 14:14:49 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendStatesQuery ( state ... domain . MFAState ) error {
query , err := NewUserAuthMethodStatesSearchQuery ( state ... )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
2022-01-20 13:21:59 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendAuthMethodQuery ( authMethod domain . UserAuthMethodType ) error {
query , err := NewUserAuthMethodTypeSearchQuery ( authMethod )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendAuthMethodsQuery ( authMethod ... domain . UserAuthMethodType ) error {
query , err := NewUserAuthMethodTypesSearchQuery ( authMethod ... )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( q * UserAuthMethodSearchQueries ) toQuery ( query sq . SelectBuilder ) sq . SelectBuilder {
query = q . SearchRequest . toQuery ( query )
for _ , q := range q . Queries {
query = q . toQuery ( query )
}
return query
}
2023-02-27 22:36:43 +01:00
func prepareUserAuthMethodsQuery ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Rows ) ( * AuthMethods , error ) ) {
2022-01-20 13:21:59 +01:00
return sq . Select (
UserAuthMethodColumnTokenID . identifier ( ) ,
UserAuthMethodColumnCreationDate . identifier ( ) ,
UserAuthMethodColumnChangeDate . identifier ( ) ,
UserAuthMethodColumnResourceOwner . identifier ( ) ,
UserAuthMethodColumnUserID . identifier ( ) ,
UserAuthMethodColumnSequence . identifier ( ) ,
UserAuthMethodColumnName . identifier ( ) ,
UserAuthMethodColumnState . identifier ( ) ,
UserAuthMethodColumnMethodType . identifier ( ) ,
countColumn . identifier ( ) ) .
2023-02-27 22:36:43 +01:00
From ( userAuthMethodTable . identifier ( ) + db . Timetravel ( call . Took ( ctx ) ) ) .
PlaceholderFormat ( sq . Dollar ) ,
2022-01-20 13:21:59 +01:00
func ( rows * sql . Rows ) ( * AuthMethods , error ) {
userAuthMethods := make ( [ ] * AuthMethod , 0 )
var count uint64
for rows . Next ( ) {
authMethod := new ( AuthMethod )
err := rows . Scan (
& authMethod . TokenID ,
& authMethod . CreationDate ,
& authMethod . ChangeDate ,
& authMethod . ResourceOwner ,
& authMethod . UserID ,
& authMethod . Sequence ,
& authMethod . Name ,
& authMethod . State ,
& authMethod . Type ,
& count ,
)
if err != nil {
return nil , err
}
userAuthMethods = append ( userAuthMethods , authMethod )
}
if err := rows . Close ( ) ; err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-3n9fl" , "Errors.Query.CloseRows" )
2022-01-20 13:21:59 +01:00
}
return & AuthMethods {
AuthMethods : userAuthMethods ,
SearchResponse : SearchResponse {
Count : count ,
} ,
} , nil
}
}
2023-06-20 18:23:28 +02:00
2024-10-10 18:50:53 +02:00
func prepareUserAuthMethodTypesQuery ( ctx context . Context , db prepareDatabase , activeOnly bool , includeWithoutDomain bool , queryDomain string ) ( sq . SelectBuilder , func ( * sql . Rows ) ( * AuthMethodTypes , error ) ) {
authMethodsQuery , authMethodsArgs , err := prepareAuthMethodQuery ( activeOnly , includeWithoutDomain , queryDomain )
2023-06-20 18:23:28 +02:00
if err != nil {
return sq . SelectBuilder { } , nil
}
2023-07-14 13:16:16 +02:00
idpsQuery , err := prepareAuthMethodsIDPsQuery ( )
2023-06-20 18:23:28 +02:00
if err != nil {
return sq . SelectBuilder { } , nil
}
return sq . Select (
NotifyPasswordSetCol . identifier ( ) ,
2024-05-28 10:59:49 +02:00
authMethodTypeType . identifier ( ) ,
2023-06-20 18:23:28 +02:00
userIDPsCountCount . identifier ( ) ) .
From ( userTable . identifier ( ) ) .
LeftJoin ( join ( NotifyUserIDCol , UserIDCol ) ) .
LeftJoin ( "(" + authMethodsQuery + ") AS " + authMethodTypeTable . alias + " ON " +
authMethodTypeUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
authMethodTypeInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ,
authMethodsArgs ... ) .
LeftJoin ( "(" + idpsQuery + ") AS " + userIDPsCountTable . alias + " ON " +
userIDPsCountUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
userIDPsCountInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) + db . Timetravel ( call . Took ( ctx ) ) ) .
PlaceholderFormat ( sq . Dollar ) ,
func ( rows * sql . Rows ) ( * AuthMethodTypes , error ) {
userAuthMethodTypes := make ( [ ] domain . UserAuthMethodType , 0 )
var passwordSet sql . NullBool
var idp sql . NullInt64
for rows . Next ( ) {
var authMethodType sql . NullInt16
err := rows . Scan (
& passwordSet ,
& authMethodType ,
& idp ,
)
if err != nil {
return nil , err
}
if authMethodType . Valid {
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodType ( authMethodType . Int16 ) )
}
}
if passwordSet . Valid && passwordSet . Bool {
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodTypePassword )
}
if idp . Valid && idp . Int64 > 0 {
logging . Error ( "IDP" , idp . Int64 )
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodTypeIDP )
}
if err := rows . Close ( ) ; err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-3n9fl" , "Errors.Query.CloseRows" )
2023-06-20 18:23:28 +02:00
}
return & AuthMethodTypes {
AuthMethodTypes : userAuthMethodTypes ,
SearchResponse : SearchResponse {
Count : uint64 ( len ( userAuthMethodTypes ) ) ,
} ,
} , nil
}
}
2023-07-14 13:16:16 +02:00
2024-05-28 10:59:49 +02:00
func prepareUserAuthMethodTypesRequiredQuery ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * UserAuthMethodRequirements , error ) ) {
2023-07-14 13:16:16 +02:00
loginPolicyQuery , err := prepareAuthMethodsForceMFAQuery ( )
if err != nil {
return sq . SelectBuilder { } , nil
}
return sq . Select (
2024-05-23 07:35:10 +02:00
UserTypeCol . identifier ( ) ,
2023-07-20 06:06:16 +02:00
forceMFAForce . identifier ( ) ,
forceMFAForceLocalOnly . identifier ( ) ) .
2023-07-14 13:16:16 +02:00
From ( userTable . identifier ( ) ) .
LeftJoin ( "(" + loginPolicyQuery + ") AS " + forceMFATable . alias + " ON " +
"(" + forceMFAOrgID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) + " OR " + forceMFAOrgID . identifier ( ) + " = " + UserResourceOwnerCol . identifier ( ) + ") AND " +
2024-05-28 10:59:49 +02:00
forceMFAInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ) .
OrderBy ( forceMFAIsDefault . identifier ( ) ) .
Limit ( 1 ) .
2023-07-14 13:16:16 +02:00
PlaceholderFormat ( sq . Dollar ) ,
2024-05-28 10:59:49 +02:00
func ( row * sql . Row ) ( * UserAuthMethodRequirements , error ) {
2024-05-23 07:35:10 +02:00
var userType sql . NullInt32
2023-07-14 13:16:16 +02:00
var forceMFA sql . NullBool
2023-07-20 06:06:16 +02:00
var forceMFALocalOnly sql . NullBool
2024-05-28 10:59:49 +02:00
err := row . Scan (
& userType ,
& forceMFA ,
& forceMFALocalOnly ,
)
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
return nil , zerrors . ThrowNotFound ( err , "QUERY-SF3h2" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
2024-05-28 10:59:49 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-Sf3rt" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
2024-05-23 07:35:10 +02:00
return & UserAuthMethodRequirements {
UserType : domain . UserType ( userType . Int32 ) ,
ForceMFA : forceMFA . Bool ,
ForceMFALocalOnly : forceMFALocalOnly . Bool ,
} , nil
2023-07-14 13:16:16 +02:00
}
}
func prepareAuthMethodsIDPsQuery ( ) ( string , error ) {
idpsQuery , _ , err := sq . Select (
userIDPsCountUserID . identifier ( ) ,
userIDPsCountInstanceID . identifier ( ) ,
"COUNT(" + userIDPsCountUserID . identifier ( ) + ") AS " + userIDPsCountCount . name ) .
From ( userIDPsCountTable . identifier ( ) ) .
GroupBy (
userIDPsCountUserID . identifier ( ) ,
userIDPsCountInstanceID . identifier ( ) ,
) .
ToSql ( )
return idpsQuery , err
}
2024-10-10 18:50:53 +02:00
func prepareAuthMethodQuery ( activeOnly bool , includeWithoutDomain bool , queryDomain string ) ( string , [ ] interface { } , error ) {
2024-07-22 14:46:27 +02:00
q := sq . Select (
2024-05-28 10:59:49 +02:00
"DISTINCT(" + authMethodTypeType . identifier ( ) + ")" ,
authMethodTypeUserID . identifier ( ) ,
authMethodTypeInstanceID . identifier ( ) ) .
2024-07-22 14:46:27 +02:00
From ( authMethodTypeTable . identifier ( ) )
if activeOnly {
q = q . Where ( sq . Eq { authMethodTypeState . identifier ( ) : domain . MFAStateReady } )
}
2024-10-10 18:50:53 +02:00
if queryDomain != "" {
conditions := sq . Or {
sq . Eq { authMethodTypeDomain . identifier ( ) : nil } ,
sq . Eq { authMethodTypeDomain . identifier ( ) : queryDomain } ,
}
if includeWithoutDomain {
conditions = append ( conditions , sq . Eq { authMethodTypeDomain . identifier ( ) : "" } )
}
q = q . Where ( conditions )
}
2024-07-22 14:46:27 +02:00
return q . ToSql ( )
2024-05-28 10:59:49 +02:00
}
2023-07-14 13:16:16 +02:00
func prepareAuthMethodsForceMFAQuery ( ) ( string , error ) {
loginPolicyQuery , _ , err := sq . Select (
forceMFAForce . identifier ( ) ,
2023-07-20 06:06:16 +02:00
forceMFAForceLocalOnly . identifier ( ) ,
2023-07-14 13:16:16 +02:00
forceMFAInstanceID . identifier ( ) ,
forceMFAOrgID . identifier ( ) ,
2024-05-28 10:59:49 +02:00
forceMFAIsDefault . identifier ( ) ,
2023-07-14 13:16:16 +02:00
) .
From ( forceMFATable . identifier ( ) ) .
ToSql ( )
return loginPolicyQuery , err
}