2021-01-04 14:52:13 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2022-02-21 16:05:02 +01:00
|
|
|
"time"
|
2021-07-06 13:55:57 +02:00
|
|
|
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2021-01-12 12:59:51 +01:00
|
|
|
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/repository/policy"
|
2021-01-04 14:52:13 +01:00
|
|
|
)
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
type InstanceLoginPolicyWriteModel struct {
|
2021-01-04 14:52:13 +01:00
|
|
|
LoginPolicyWriteModel
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-05 07:58:09 +02:00
|
|
|
func NewInstanceLoginPolicyWriteModel(ctx context.Context) *InstanceLoginPolicyWriteModel {
|
2022-03-24 17:21:34 +01:00
|
|
|
return &InstanceLoginPolicyWriteModel{
|
2021-01-04 14:52:13 +01:00
|
|
|
LoginPolicyWriteModel{
|
|
|
|
|
WriteModel: eventstore.WriteModel{
|
2022-04-05 07:58:09 +02:00
|
|
|
AggregateID: authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
|
2021-01-04 14:52:13 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
func (wm *InstanceLoginPolicyWriteModel) AppendEvents(events ...eventstore.Event) {
|
2021-01-04 14:52:13 +01:00
|
|
|
for _, event := range events {
|
|
|
|
|
switch e := event.(type) {
|
2022-03-24 17:21:34 +01:00
|
|
|
case *instance.LoginPolicyAddedEvent:
|
2021-01-04 14:52:13 +01:00
|
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyAddedEvent)
|
2022-03-24 17:21:34 +01:00
|
|
|
case *instance.LoginPolicyChangedEvent:
|
2021-01-04 14:52:13 +01:00
|
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyChangedEvent)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
func (wm *InstanceLoginPolicyWriteModel) IsValid() bool {
|
2021-01-04 14:52:13 +01:00
|
|
|
return wm.AggregateID != ""
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
func (wm *InstanceLoginPolicyWriteModel) Reduce() error {
|
2021-01-04 14:52:13 +01:00
|
|
|
return wm.LoginPolicyWriteModel.Reduce()
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
func (wm *InstanceLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
|
2021-07-06 13:55:57 +02:00
|
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
2021-02-18 14:48:27 +01:00
|
|
|
ResourceOwner(wm.ResourceOwner).
|
2021-07-06 13:55:57 +02:00
|
|
|
AddQuery().
|
2022-03-24 17:21:34 +01:00
|
|
|
AggregateTypes(instance.AggregateType).
|
2021-07-06 13:55:57 +02:00
|
|
|
AggregateIDs(wm.LoginPolicyWriteModel.AggregateID).
|
2021-02-18 14:48:27 +01:00
|
|
|
EventTypes(
|
2022-03-24 17:21:34 +01:00
|
|
|
instance.LoginPolicyAddedEventType,
|
|
|
|
|
instance.LoginPolicyChangedEventType).
|
2021-07-06 13:55:57 +02:00
|
|
|
Builder()
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
|
2022-03-24 17:21:34 +01:00
|
|
|
func (wm *InstanceLoginPolicyWriteModel) NewChangedEvent(
|
2021-01-04 14:52:13 +01:00
|
|
|
ctx context.Context,
|
2021-02-18 14:48:27 +01:00
|
|
|
aggregate *eventstore.Aggregate,
|
2021-01-04 14:52:13 +01:00
|
|
|
allowUsernamePassword,
|
|
|
|
|
allowRegister,
|
|
|
|
|
allowExternalIDP,
|
2021-06-03 11:53:30 +02:00
|
|
|
forceMFA,
|
2022-05-16 15:39:09 +02:00
|
|
|
hidePasswordReset,
|
2022-10-06 13:30:14 +02:00
|
|
|
ignoreUnknownUsernames,
|
|
|
|
|
allowDomainDiscovery bool,
|
2021-01-04 14:52:13 +01:00
|
|
|
passwordlessType domain.PasswordlessType,
|
2022-05-16 15:39:09 +02:00
|
|
|
defaultRedirectURI string,
|
2022-02-21 16:05:02 +01:00
|
|
|
passwordCheckLifetime,
|
|
|
|
|
externalLoginCheckLifetime,
|
|
|
|
|
mfaInitSkipLifetime,
|
|
|
|
|
secondFactorCheckLifetime,
|
|
|
|
|
multiFactorCheckLifetime time.Duration,
|
2022-03-24 17:21:34 +01:00
|
|
|
) (*instance.LoginPolicyChangedEvent, bool) {
|
2021-01-04 14:52:13 +01:00
|
|
|
|
2021-01-18 11:24:15 +01:00
|
|
|
changes := make([]policy.LoginPolicyChanges, 0)
|
|
|
|
|
if wm.AllowUserNamePassword != allowUsernamePassword {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowUserNamePassword(allowUsernamePassword))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if wm.AllowRegister != allowRegister {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowRegister(allowRegister))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if wm.AllowExternalIDP != allowExternalIDP {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowExternalIDP(allowExternalIDP))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
if wm.ForceMFA != forceMFA {
|
2021-01-18 11:24:15 +01:00
|
|
|
changes = append(changes, policy.ChangeForceMFA(forceMFA))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
if passwordlessType.Valid() && wm.PasswordlessType != passwordlessType {
|
2021-01-18 11:24:15 +01:00
|
|
|
changes = append(changes, policy.ChangePasswordlessType(passwordlessType))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-06-03 11:53:30 +02:00
|
|
|
if wm.HidePasswordReset != hidePasswordReset {
|
|
|
|
|
changes = append(changes, policy.ChangeHidePasswordReset(hidePasswordReset))
|
|
|
|
|
}
|
2022-05-16 15:39:09 +02:00
|
|
|
if wm.IgnoreUnknownUsernames != ignoreUnknownUsernames {
|
|
|
|
|
changes = append(changes, policy.ChangeIgnoreUnknownUsernames(ignoreUnknownUsernames))
|
|
|
|
|
}
|
2022-10-06 13:30:14 +02:00
|
|
|
if wm.AllowDomainDiscovery != allowDomainDiscovery {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowDomainDiscovery(allowDomainDiscovery))
|
|
|
|
|
}
|
2022-05-16 15:39:09 +02:00
|
|
|
if wm.DefaultRedirectURI != defaultRedirectURI {
|
|
|
|
|
changes = append(changes, policy.ChangeDefaultRedirectURI(defaultRedirectURI))
|
|
|
|
|
}
|
2022-02-21 16:05:02 +01:00
|
|
|
if wm.PasswordCheckLifetime != passwordCheckLifetime {
|
|
|
|
|
changes = append(changes, policy.ChangePasswordCheckLifetime(passwordCheckLifetime))
|
|
|
|
|
}
|
|
|
|
|
if wm.ExternalLoginCheckLifetime != externalLoginCheckLifetime {
|
|
|
|
|
changes = append(changes, policy.ChangeExternalLoginCheckLifetime(externalLoginCheckLifetime))
|
|
|
|
|
}
|
|
|
|
|
if wm.MFAInitSkipLifetime != mfaInitSkipLifetime {
|
|
|
|
|
changes = append(changes, policy.ChangeMFAInitSkipLifetime(mfaInitSkipLifetime))
|
|
|
|
|
}
|
|
|
|
|
if wm.SecondFactorCheckLifetime != secondFactorCheckLifetime {
|
|
|
|
|
changes = append(changes, policy.ChangeSecondFactorCheckLifetime(secondFactorCheckLifetime))
|
|
|
|
|
}
|
|
|
|
|
if wm.MultiFactorCheckLifetime != multiFactorCheckLifetime {
|
|
|
|
|
changes = append(changes, policy.ChangeMultiFactorCheckLifetime(multiFactorCheckLifetime))
|
|
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if len(changes) == 0 {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
2022-03-24 17:21:34 +01:00
|
|
|
changedEvent, err := instance.NewLoginPolicyChangedEvent(ctx, aggregate, changes)
|
2021-01-18 11:24:15 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
|
|
|
|
return changedEvent, true
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
