zitadel/internal/command/idp.go

package command

import (
	"context"
	"time"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command/preparation"
	"github.com/zitadel/zitadel/internal/repository/idp"
)

type GenericOAuthProvider struct {
	Name                  string
	ClientID              string
	ClientSecret          string
	AuthorizationEndpoint string
	TokenEndpoint         string
	UserEndpoint          string
	Scopes                []string
	IDAttribute           string
	IDPOptions            idp.Options
}

type GenericOIDCProvider struct {
	Name             string
	Issuer           string
	ClientID         string
	ClientSecret     string
	Scopes           []string
	IsIDTokenMapping bool
	IDPOptions       idp.Options
}

type JWTProvider struct {
	Name        string
	Issuer      string
	JWTEndpoint string
	KeyEndpoint string
	HeaderName  string
	IDPOptions  idp.Options
}

type AzureADProvider struct {
	Name          string
	ClientID      string
	ClientSecret  string
	Scopes        []string
	Tenant        string
	EmailVerified bool
	IDPOptions    idp.Options
}

type GitHubProvider struct {
	Name         string
	ClientID     string
	ClientSecret string
	Scopes       []string
	IDPOptions   idp.Options
}

type GitHubEnterpriseProvider struct {
	Name                  string
	ClientID              string
	ClientSecret          string
	AuthorizationEndpoint string
	TokenEndpoint         string
	UserEndpoint          string
	Scopes                []string
	IDPOptions            idp.Options
}

type GitLabProvider struct {
	Name         string
	ClientID     string
	ClientSecret string
	Scopes       []string
	IDPOptions   idp.Options
}

type GitLabSelfHostedProvider struct {
	Name         string
	Issuer       string
	ClientID     string
	ClientSecret string
	Scopes       []string
	IDPOptions   idp.Options
}

type GoogleProvider struct {
	Name         string
	ClientID     string
	ClientSecret string
	Scopes       []string
	IDPOptions   idp.Options
}

type LDAPProvider struct {
	Name              string
	Servers           []string
	StartTLS          bool
	BaseDN            string
	BindDN            string
	BindPassword      string
	UserBase          string
	UserObjectClasses []string
	UserFilters       []string
	Timeout           time.Duration
	LDAPAttributes    idp.LDAPAttributes
	IDPOptions        idp.Options
}

func ExistsIDP(ctx context.Context, filter preparation.FilterToQueryReducer, id, orgID string) (exists bool, err error) {
	writeModel := NewOrgIDPRemoveWriteModel(orgID, id)
	events, err := filter(ctx, writeModel.Query())
	if err != nil {
		return false, err
	}

	if len(events) > 0 {
		writeModel.AppendEvents(events...)
		if err := writeModel.Reduce(); err != nil {
			return false, err
		}
		return writeModel.State.Exists(), nil
	}

	instanceWriteModel := NewInstanceIDPRemoveWriteModel(authz.GetInstance(ctx).InstanceID(), id)
	events, err = filter(ctx, instanceWriteModel.Query())
	if err != nil {
		return false, err
	}

	if len(events) == 0 {
		return false, nil
	}
	instanceWriteModel.AppendEvents(events...)
	if err := instanceWriteModel.Reduce(); err != nil {
		return false, err
	}
	return instanceWriteModel.State.Exists(), nil
}
feat: add management for ldap idp template (#5220) Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-02-15 08:14:59 +00:00			`package command`

feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`import (`
			`"context"`
feat: ldap provider login (#5448) Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI. 2023-03-24 15:18:56 +00:00			`"time"`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00
			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/command/preparation"`
			`"github.com/zitadel/zitadel/internal/repository/idp"`
			`)`
feat: add management for ldap idp template (#5220) Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-02-15 08:14:59 +00:00
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`type GenericOAuthProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`AuthorizationEndpoint string`
			`TokenEndpoint string`
			`UserEndpoint string`
			`Scopes []string`
fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			`IDAttribute string`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`IDPOptions idp.Options`
			`}`

feat(api): add oidc and jwt provider template (#5290) Adds possibility to manage OIDC and JWT template based providers 2023-02-27 15:32:18 +00:00			`type GenericOIDCProvider struct {`
fix: use idToken for mapping when using old configs (#5458) * fix: use idToken for mapping when using old configs * fix events and add tests 2023-03-16 15:47:22 +00:00			`Name string`
			`Issuer string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`IsIDTokenMapping bool`
			`IDPOptions idp.Options`
feat(api): add oidc and jwt provider template (#5290) Adds possibility to manage OIDC and JWT template based providers 2023-02-27 15:32:18 +00:00			`}`

			`type JWTProvider struct {`
			`Name string`
			`Issuer string`
			`JWTEndpoint string`
			`KeyEndpoint string`
			`HeaderName string`
			`IDPOptions idp.Options`
			`}`

feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 06:48:37 +00:00			`type AzureADProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`Tenant string`
			`EmailVerified bool`
			`IDPOptions idp.Options`
			`}`

feat: add github provider template (#5334) Adds possibility to manage and use GitHub (incl. Enterprise Server) template based providers 2023-03-08 10:17:28 +00:00			`type GitHubProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`IDPOptions idp.Options`
			`}`

			`type GitHubEnterpriseProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`AuthorizationEndpoint string`
			`TokenEndpoint string`
			`UserEndpoint string`
			`Scopes []string`
			`IDPOptions idp.Options`
			`}`

feat: add gitlab provider templates (#5405) * feat(api): add google provider template * refactor reduce functions * handle removed event * linting * fix projection * feat(api): add generic oauth provider template * feat(api): add github provider templates * feat(api): add github provider templates * fixes * proto comment * fix filtering * requested changes * feat(api): add generic oauth provider template * remove wrongly committed message * increase budget for angular build * fix linting * fixes * fix merge * fix merge * fix projection * fix merge * updates from previous PRs * enable github providers in login * fix merge * fix test and add github styling in login * cleanup * feat(api): add gitlab provider templates * fix: merge * fix display of providers in login * implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it * fix merge * fix merge and add tests for command side * requested changes * requested changes * Update internal/query/idp_template.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix merge * requested changes --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-13 16:34:29 +00:00			`type GitLabProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`IDPOptions idp.Options`
			`}`

			`type GitLabSelfHostedProvider struct {`
			`Name string`
			`Issuer string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`IDPOptions idp.Options`
			`}`

feat(api): add google provider template (#5247) add functionality to manage templates based Google IDP 2023-02-21 17:18:28 +00:00			`type GoogleProvider struct {`
			`Name string`
			`ClientID string`
			`ClientSecret string`
			`Scopes []string`
			`IDPOptions idp.Options`
			`}`

feat: add management for ldap idp template (#5220) Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-02-15 08:14:59 +00:00			`type LDAPProvider struct {`
feat: ldap provider login (#5448) Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI. 2023-03-24 15:18:56 +00:00			`Name string`
			`Servers []string`
			`StartTLS bool`
			`BaseDN string`
			`BindDN string`
			`BindPassword string`
			`UserBase string`
			`UserObjectClasses []string`
			`UserFilters []string`
			`Timeout time.Duration`
			`LDAPAttributes idp.LDAPAttributes`
			`IDPOptions idp.Options`
feat: add management for ldap idp template (#5220) Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-02-15 08:14:59 +00:00			`}`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00
			`func ExistsIDP(ctx context.Context, filter preparation.FilterToQueryReducer, id, orgID string) (exists bool, err error) {`
			`writeModel := NewOrgIDPRemoveWriteModel(orgID, id)`
			`events, err := filter(ctx, writeModel.Query())`
			`if err != nil {`
			`return false, err`
			`}`

			`if len(events) > 0 {`
			`writeModel.AppendEvents(events...)`
			`if err := writeModel.Reduce(); err != nil {`
			`return false, err`
			`}`
			`return writeModel.State.Exists(), nil`
			`}`

			`instanceWriteModel := NewInstanceIDPRemoveWriteModel(authz.GetInstance(ctx).InstanceID(), id)`
			`events, err = filter(ctx, instanceWriteModel.Query())`
			`if err != nil {`
			`return false, err`
			`}`

			`if len(events) == 0 {`
			`return false, nil`
			`}`
			`instanceWriteModel.AppendEvents(events...)`
			`if err := instanceWriteModel.Reduce(); err != nil {`
			`return false, err`
			`}`
			`return instanceWriteModel.State.Exists(), nil`
			`}`