2021-01-04 14:52:13 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2021-08-25 11:12:24 +02:00
|
|
|
"strings"
|
2021-08-18 17:04:56 +02:00
|
|
|
|
2021-02-23 15:13:04 +01:00
|
|
|
"github.com/caos/zitadel/internal/eventstore"
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2021-02-23 15:13:04 +01:00
|
|
|
"github.com/caos/zitadel/internal/domain"
|
2021-01-04 14:52:13 +01:00
|
|
|
caos_errs "github.com/caos/zitadel/internal/errors"
|
2021-02-23 15:13:04 +01:00
|
|
|
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
|
|
|
"github.com/caos/zitadel/internal/repository/user"
|
2021-01-04 14:52:13 +01:00
|
|
|
)
|
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
func (c *Commands) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) {
|
|
|
|
human, err := c.getHumanWriteModelByID(ctx, userID, resourceowner)
|
2021-01-15 09:32:59 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
if !isUserStateExists(human.UserState) {
|
2021-01-15 09:32:59 +01:00
|
|
|
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound")
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
return writeModelToHuman(human), nil
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
func (c *Commands) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) {
|
2021-03-19 18:46:26 +01:00
|
|
|
if orgID == "" {
|
feat: label policy (#1708)
* feat: label policy proto extension
* feat: label policy and activate event
* feat: label policy asset events
* feat: label policy asset commands
* feat: add storage key
* feat: storage key validation
* feat: label policy asset tests
* feat: label policy query side
* feat: avatar
* feat: avatar event
* feat: human avatar
* feat: avatar read side
* feat: font on iam label policy
* feat: label policy font
* feat: possiblity to create bucket on put file
* uplaoder
* login policy logo
* set bucket prefix
* feat: avatar upload
* feat: avatar upload
* feat: use assets on command side
* feat: fix human avatar removed event
* feat: remove human avatar
* feat: mock asset storage
* feat: remove human avatar
* fix(operator): add configuration of asset storage to zitadel operator
* feat(console): private labeling policy (#1697)
* private labeling component, routing, preview
* font, colors, upload, i18n
* show logo
* fix: uniqueness (#1710)
* fix: uniqueconstraint to lower
* feat: change org
* feat: org change test
* feat: change org
* fix: tests
* fix: handle domain claims correctly
* feat: update org
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: handle domain claimed event correctly for service users (#1711)
* fix: handle domain claimed event correctly on user view
* fix: ignore domain claimed events for email notifications
* fix: change org
* handle org changed in read models correctly
* fix: change org in user grant handler
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: correct value (#1695)
* docs(api): correct link (#1712)
* upload service
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* feat: fix tests,
* feat: remove assets from label policy
* fix npm, set environment
* lint ts
* remove stylelinting
* fix(operator): add mapping for console with changed unit tests
* fix(operator): add secrets as env variables to pod
* feat: remove human avatar
* fix(operator): add secrets as env variables to pod
* feat: map label policy
* feat: labelpolicy, admin, mgmt, adv settings (#1715)
* fetch label policy, mgmt, admin service
* feat: advanced beh, links, add, update
* lint ts
* feat: watermark
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: custom css
* css
* css
* css
* css
* css
* getobject
* feat: dynamic handler
* feat: varibale css
* content info
* css overwrite
* feat: variablen css
* feat: generate css file
* feat: dark mode
* feat: dark mode
* fix logo css
* feat: upload logos
* dark mode with cookie
* feat: handle images in login
* avatar css and begin font
* feat: avatar
* feat: user avatar
* caching of static assets in login
* add avatar.js to main.html
* feat: header dont show logo if no url
* feat: label policy colors
* feat: mock asset storage
* feat: mock asset storage
* feat: fix tests
* feat: user avatar
* feat: header logo
* avatar
* avatar
* make it compatible with go 1.15
* feat: remove unused logos
* fix handler
* fix: styling error handling
* fonts
* fix: download func
* switch to mux
* fix: change upload api to assets
* fix build
* fix: download avatar
* fix: download logos
* fix: my avatar
* font
* fix: remove error msg popup possibility
* fix: docs
* fix: svalidate colors
* rem msg popup from frontend
* fix: email with private labeling
* fix: tests
* fix: email templates
* fix: change migration version
* fix: fix duplicate imports
* fix(console): assets, service url, upload, policy current and preview (#1781)
* upload endpoint, layout
* fetch current, preview, fix upload
* cleanup private labeling
* fix linting
* begin generated asset handler
* generate asset api in dockerfile
* features for label policy
* features for label policy
* features
* flag for asset generator
* change asset generator flag
* fix label policy view in grpc
* fix: layout, activate policy (#1786)
* theme switcher up on top
* change layout
* activate policy
* feat(console): label policy back color, layout (#1788)
* theme switcher up on top
* change layout
* activate policy
* fix overwrite value fc
* reset policy, reset service
* autosave policy, preview desc, layout impv
* layout, i18n
* background colors, inject material styles
* load images
* clean, lint
* fix layout
* set custom hex
* fix content size conversion
* remove font format in generated css
* fix features for assets
* fix(console): label policy colors, image downloads, preview (#1804)
* load images
* colors, images binding
* lint
* refresh emitter
* lint
* propagate font colors
* upload error handling
* label policy feature check
* add blob in csp for console
* log
* fix: feature edits for label policy, refresh state on upload (#1807)
* show error on load image, stop spinner
* fix merge
* fix migration versions
* fix assets
* fix csp
* fix background color
* scss
* fix build
* lint scss
* fix statik for console
* fix features check for label policy
* cleanup
* lint
* public links
* fix notifications
* public links
* feat: merge main
* feat: fix translation files
* fix migration
* set api domain
* fix logo in email
* font face in email
* font face in email
* validate assets on upload
* cleanup
* add missing translations
* add missing translations
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
2021-06-04 14:53:51 +02:00
|
|
|
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-XYFk9", "Errors.ResourceOwnerMissing")
|
2021-03-19 18:46:26 +01:00
|
|
|
}
|
|
|
|
orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-33M9f", "Errors.Org.OrgIAMPolicy.NotFound")
|
|
|
|
}
|
|
|
|
pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-M5Fsd", "Errors.Org.PasswordComplexity.NotFound")
|
|
|
|
}
|
|
|
|
events, addedHuman, err := c.addHuman(ctx, orgID, human, orgIAMPolicy, pwPolicy)
|
2021-02-18 14:48:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-01-03 09:19:07 +01:00
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
2021-01-08 11:33:45 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
|
|
|
|
err = AppendAndReduce(addedHuman, pushedEvents...)
|
2021-01-08 11:33:45 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return writeModelToHuman(addedHuman), nil
|
|
|
|
}
|
|
|
|
|
2021-08-02 15:24:58 +02:00
|
|
|
func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) {
|
2021-03-25 14:41:07 +01:00
|
|
|
if orgID == "" {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5N8fs", "Errors.ResourceOwnerMissing")
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-2N9fs", "Errors.Org.OrgIAMPolicy.NotFound")
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-4N8gs", "Errors.Org.PasswordComplexity.NotFound")
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
2021-08-02 15:24:58 +02:00
|
|
|
events, addedHuman, addedCode, code, err := c.importHuman(ctx, orgID, human, passwordless, orgIAMPolicy, pwPolicy)
|
2021-03-25 14:41:07 +01:00
|
|
|
if err != nil {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, err
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
2022-01-03 09:19:07 +01:00
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
2021-03-25 14:41:07 +01:00
|
|
|
if err != nil {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, err
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
err = AppendAndReduce(addedHuman, pushedEvents...)
|
|
|
|
if err != nil {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
if addedCode != nil {
|
|
|
|
err = AppendAndReduce(addedCode, pushedEvents...)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
passwordlessCode = writeModelToPasswordlessInitCode(addedCode, code)
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
|
2021-08-02 15:24:58 +02:00
|
|
|
return writeModelToHuman(addedHuman), passwordlessCode, nil
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
func (c *Commands) addHuman(ctx context.Context, orgID string, human *domain.Human, orgIAMPolicy *domain.OrgIAMPolicy, pwPolicy *domain.PasswordComplexityPolicy) ([]eventstore.Command, *HumanWriteModel, error) {
|
2021-03-25 14:41:07 +01:00
|
|
|
if orgID == "" || !human.IsValid() {
|
feat: label policy (#1708)
* feat: label policy proto extension
* feat: label policy and activate event
* feat: label policy asset events
* feat: label policy asset commands
* feat: add storage key
* feat: storage key validation
* feat: label policy asset tests
* feat: label policy query side
* feat: avatar
* feat: avatar event
* feat: human avatar
* feat: avatar read side
* feat: font on iam label policy
* feat: label policy font
* feat: possiblity to create bucket on put file
* uplaoder
* login policy logo
* set bucket prefix
* feat: avatar upload
* feat: avatar upload
* feat: use assets on command side
* feat: fix human avatar removed event
* feat: remove human avatar
* feat: mock asset storage
* feat: remove human avatar
* fix(operator): add configuration of asset storage to zitadel operator
* feat(console): private labeling policy (#1697)
* private labeling component, routing, preview
* font, colors, upload, i18n
* show logo
* fix: uniqueness (#1710)
* fix: uniqueconstraint to lower
* feat: change org
* feat: org change test
* feat: change org
* fix: tests
* fix: handle domain claims correctly
* feat: update org
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: handle domain claimed event correctly for service users (#1711)
* fix: handle domain claimed event correctly on user view
* fix: ignore domain claimed events for email notifications
* fix: change org
* handle org changed in read models correctly
* fix: change org in user grant handler
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: correct value (#1695)
* docs(api): correct link (#1712)
* upload service
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* feat: fix tests,
* feat: remove assets from label policy
* fix npm, set environment
* lint ts
* remove stylelinting
* fix(operator): add mapping for console with changed unit tests
* fix(operator): add secrets as env variables to pod
* feat: remove human avatar
* fix(operator): add secrets as env variables to pod
* feat: map label policy
* feat: labelpolicy, admin, mgmt, adv settings (#1715)
* fetch label policy, mgmt, admin service
* feat: advanced beh, links, add, update
* lint ts
* feat: watermark
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: custom css
* css
* css
* css
* css
* css
* getobject
* feat: dynamic handler
* feat: varibale css
* content info
* css overwrite
* feat: variablen css
* feat: generate css file
* feat: dark mode
* feat: dark mode
* fix logo css
* feat: upload logos
* dark mode with cookie
* feat: handle images in login
* avatar css and begin font
* feat: avatar
* feat: user avatar
* caching of static assets in login
* add avatar.js to main.html
* feat: header dont show logo if no url
* feat: label policy colors
* feat: mock asset storage
* feat: mock asset storage
* feat: fix tests
* feat: user avatar
* feat: header logo
* avatar
* avatar
* make it compatible with go 1.15
* feat: remove unused logos
* fix handler
* fix: styling error handling
* fonts
* fix: download func
* switch to mux
* fix: change upload api to assets
* fix build
* fix: download avatar
* fix: download logos
* fix: my avatar
* font
* fix: remove error msg popup possibility
* fix: docs
* fix: svalidate colors
* rem msg popup from frontend
* fix: email with private labeling
* fix: tests
* fix: email templates
* fix: change migration version
* fix: fix duplicate imports
* fix(console): assets, service url, upload, policy current and preview (#1781)
* upload endpoint, layout
* fetch current, preview, fix upload
* cleanup private labeling
* fix linting
* begin generated asset handler
* generate asset api in dockerfile
* features for label policy
* features for label policy
* features
* flag for asset generator
* change asset generator flag
* fix label policy view in grpc
* fix: layout, activate policy (#1786)
* theme switcher up on top
* change layout
* activate policy
* feat(console): label policy back color, layout (#1788)
* theme switcher up on top
* change layout
* activate policy
* fix overwrite value fc
* reset policy, reset service
* autosave policy, preview desc, layout impv
* layout, i18n
* background colors, inject material styles
* load images
* clean, lint
* fix layout
* set custom hex
* fix content size conversion
* remove font format in generated css
* fix features for assets
* fix(console): label policy colors, image downloads, preview (#1804)
* load images
* colors, images binding
* lint
* refresh emitter
* lint
* propagate font colors
* upload error handling
* label policy feature check
* add blob in csp for console
* log
* fix: feature edits for label policy, refresh state on upload (#1807)
* show error on load image, stop spinner
* fix merge
* fix migration versions
* fix assets
* fix csp
* fix background color
* scss
* fix build
* lint scss
* fix statik for console
* fix features check for label policy
* cleanup
* lint
* public links
* fix notifications
* public links
* feat: merge main
* feat: fix translation files
* fix migration
* set api domain
* fix logo in email
* font face in email
* font face in email
* validate assets on upload
* cleanup
* add missing translations
* add missing translations
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
2021-06-04 14:53:51 +02:00
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-67Ms8", "Errors.User.Invalid")
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
if human.Password != nil && human.SecretString != "" {
|
|
|
|
human.ChangeRequired = true
|
|
|
|
}
|
2021-08-02 15:24:58 +02:00
|
|
|
return c.createHuman(ctx, orgID, human, nil, false, false, orgIAMPolicy, pwPolicy)
|
2021-03-25 14:41:07 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
func (c *Commands) importHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, orgIAMPolicy *domain.OrgIAMPolicy, pwPolicy *domain.PasswordComplexityPolicy) (events []eventstore.Command, humanWriteModel *HumanWriteModel, passwordlessCodeWriteModel *HumanPasswordlessInitCodeWriteModel, code string, err error) {
|
2021-03-19 11:12:56 +01:00
|
|
|
if orgID == "" || !human.IsValid() {
|
2021-08-02 15:24:58 +02:00
|
|
|
return nil, nil, nil, "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.User.Invalid")
|
|
|
|
}
|
|
|
|
events, humanWriteModel, err = c.createHuman(ctx, orgID, human, nil, false, passwordless, orgIAMPolicy, pwPolicy)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, nil, "", err
|
|
|
|
}
|
|
|
|
if passwordless {
|
2022-01-03 09:19:07 +01:00
|
|
|
var codeEvent eventstore.Command
|
2021-08-02 15:24:58 +02:00
|
|
|
codeEvent, passwordlessCodeWriteModel, code, err = c.humanAddPasswordlessInitCode(ctx, human.AggregateID, orgID, true)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, nil, "", err
|
|
|
|
}
|
|
|
|
events = append(events, codeEvent)
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-08-02 15:24:58 +02:00
|
|
|
return events, humanWriteModel, passwordlessCodeWriteModel, code, nil
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
|
|
|
|
2021-11-02 10:08:47 +01:00
|
|
|
func (c *Commands) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, link *domain.UserIDPLink, orgMemberRoles []string) (*domain.Human, error) {
|
2021-08-25 11:12:24 +02:00
|
|
|
if orgID == "" {
|
|
|
|
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-GEdf2", "Errors.ResourceOwnerMissing")
|
2021-08-18 17:04:56 +02:00
|
|
|
}
|
|
|
|
orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-33M9f", "Errors.Org.OrgIAMPolicy.NotFound")
|
|
|
|
}
|
|
|
|
pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-M5Fsd", "Errors.Org.PasswordComplexity.NotFound")
|
|
|
|
}
|
2021-11-08 08:42:07 +01:00
|
|
|
loginPolicy, err := c.getOrgLoginPolicy(ctx, orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-Dfg3g", "Errors.Org.LoginPolicy.NotFound")
|
|
|
|
}
|
|
|
|
if !loginPolicy.AllowRegister {
|
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-SAbr3", "Errors.Org.LoginPolicy.RegistrationNotAllowed")
|
|
|
|
}
|
2021-11-02 10:08:47 +01:00
|
|
|
userEvents, registeredHuman, err := c.registerHuman(ctx, orgID, human, link, orgIAMPolicy, pwPolicy)
|
2021-01-15 09:32:59 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-08 11:30:30 +01:00
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
orgMemberWriteModel := NewOrgMemberWriteModel(orgID, registeredHuman.AggregateID)
|
2021-02-08 11:30:30 +01:00
|
|
|
orgAgg := OrgAggregateFromWriteModel(&orgMemberWriteModel.WriteModel)
|
2021-02-18 14:48:27 +01:00
|
|
|
if len(orgMemberRoles) > 0 {
|
2021-02-08 11:30:30 +01:00
|
|
|
orgMember := &domain.Member{
|
|
|
|
ObjectRoot: models.ObjectRoot{
|
|
|
|
AggregateID: orgID,
|
|
|
|
},
|
2021-02-18 14:48:27 +01:00
|
|
|
UserID: human.AggregateID,
|
2021-02-08 11:30:30 +01:00
|
|
|
Roles: orgMemberRoles,
|
2021-01-21 10:49:38 +01:00
|
|
|
}
|
2021-02-24 11:17:39 +01:00
|
|
|
memberEvent, err := c.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember)
|
2021-02-18 14:48:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
userEvents = append(userEvents, memberEvent)
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, userEvents...)
|
2021-02-18 14:48:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-08 11:30:30 +01:00
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
err = AppendAndReduce(registeredHuman, pushedEvents...)
|
2021-02-08 11:30:30 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
return writeModelToHuman(registeredHuman), nil
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
func (c *Commands) registerHuman(ctx context.Context, orgID string, human *domain.Human, link *domain.UserIDPLink, orgIAMPolicy *domain.OrgIAMPolicy, pwPolicy *domain.PasswordComplexityPolicy) ([]eventstore.Command, *HumanWriteModel, error) {
|
2021-05-17 13:39:51 +02:00
|
|
|
if human != nil && human.Username == "" {
|
|
|
|
human.Username = human.EmailAddress
|
|
|
|
}
|
2021-11-02 10:08:47 +01:00
|
|
|
if orgID == "" || !human.IsValid() || link == nil && (human.Password == nil || human.SecretString == "") {
|
2021-03-19 11:12:56 +01:00
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-9dk45", "Errors.User.Invalid")
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
2021-03-25 14:41:07 +01:00
|
|
|
if human.Password != nil && human.SecretString != "" {
|
|
|
|
human.ChangeRequired = false
|
|
|
|
}
|
2021-11-02 10:08:47 +01:00
|
|
|
return c.createHuman(ctx, orgID, human, link, true, false, orgIAMPolicy, pwPolicy)
|
2021-03-19 18:46:26 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.Human, link *domain.UserIDPLink, selfregister, passwordless bool, orgIAMPolicy *domain.OrgIAMPolicy, pwPolicy *domain.PasswordComplexityPolicy) ([]eventstore.Command, *HumanWriteModel, error) {
|
2021-03-19 11:12:56 +01:00
|
|
|
if err := human.CheckOrgIAMPolicy(orgIAMPolicy); err != nil {
|
2021-01-08 11:33:45 +01:00
|
|
|
return nil, nil, err
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-08-25 11:12:24 +02:00
|
|
|
if !orgIAMPolicy.UserLoginMustBeDomain {
|
|
|
|
usernameSplit := strings.Split(human.Username, "@")
|
|
|
|
if len(usernameSplit) != 2 {
|
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dfd21", "Errors.User.Invalid")
|
|
|
|
}
|
|
|
|
domainCheck := NewOrgDomainVerifiedWriteModel(usernameSplit[1])
|
|
|
|
if err := c.eventstore.FilterToQueryReducer(ctx, domainCheck); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
if domainCheck.Verified && domainCheck.ResourceOwner != orgID {
|
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername")
|
|
|
|
}
|
|
|
|
}
|
2021-03-19 18:46:26 +01:00
|
|
|
userID, err := c.idGenerator.Next()
|
2021-01-05 09:33:45 +01:00
|
|
|
if err != nil {
|
2021-03-19 18:46:26 +01:00
|
|
|
return nil, nil, err
|
2021-01-07 16:06:45 +01:00
|
|
|
}
|
2021-03-19 18:46:26 +01:00
|
|
|
human.AggregateID = userID
|
2021-01-04 14:52:13 +01:00
|
|
|
human.SetNamesAsDisplayname()
|
2021-03-25 14:41:07 +01:00
|
|
|
if human.Password != nil {
|
|
|
|
if err := human.HashPasswordIfExisting(pwPolicy, c.userPasswordAlg, human.ChangeRequired); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2021-01-07 16:06:45 +01:00
|
|
|
}
|
2021-03-25 14:41:07 +01:00
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
addedHuman := NewHumanWriteModel(human.AggregateID, orgID)
|
|
|
|
//TODO: adlerhurst maybe we could simplify the code below
|
2021-01-04 14:52:13 +01:00
|
|
|
userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel)
|
2022-01-03 09:19:07 +01:00
|
|
|
var events []eventstore.Command
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2021-01-15 09:32:59 +01:00
|
|
|
if selfregister {
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, createRegisterHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
|
2021-01-15 09:32:59 +01:00
|
|
|
} else {
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, createAddHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
|
|
|
|
2021-11-02 10:08:47 +01:00
|
|
|
if link != nil {
|
|
|
|
event, err := c.addUserIDPLink(ctx, userAgg, link)
|
2021-02-08 11:30:30 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, event)
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2021-11-02 10:08:47 +01:00
|
|
|
if human.IsInitialState(passwordless, link != nil) {
|
2021-02-24 11:17:39 +01:00
|
|
|
initCode, err := domain.NewInitUserCode(c.initializeUserCode)
|
2021-01-06 11:12:56 +01:00
|
|
|
if err != nil {
|
2021-01-08 11:33:45 +01:00
|
|
|
return nil, nil, err
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry))
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2021-01-04 14:52:13 +01:00
|
|
|
if human.Email != nil && human.EmailAddress != "" && human.IsEmailVerified {
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, user.NewHumanEmailVerifiedEvent(ctx, userAgg))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2021-01-06 11:12:56 +01:00
|
|
|
if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified {
|
2021-02-24 11:17:39 +01:00
|
|
|
phoneCode, err := domain.NewPhoneCode(c.phoneVerificationCode)
|
2021-01-06 11:12:56 +01:00
|
|
|
if err != nil {
|
2021-01-08 11:33:45 +01:00
|
|
|
return nil, nil, err
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry))
|
2021-01-06 11:12:56 +01:00
|
|
|
} else if human.Phone != nil && human.PhoneNumber != "" && human.IsPhoneVerified {
|
2021-02-18 14:48:27 +01:00
|
|
|
events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
return events, addedHuman, nil
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-06 11:12:56 +01:00
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
func (c *Commands) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) {
|
2021-01-15 09:32:59 +01:00
|
|
|
if userID == "" {
|
2021-03-19 11:12:56 +01:00
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing")
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
existingHuman, err := c.getHumanWriteModelByID(ctx, userID, resourceowner)
|
2021-01-06 11:12:56 +01:00
|
|
|
if err != nil {
|
2021-01-15 09:32:59 +01:00
|
|
|
return err
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
if !isUserStateExists(existingHuman.UserState) {
|
2021-02-08 11:30:30 +01:00
|
|
|
return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound")
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
|
2022-01-03 09:19:07 +01:00
|
|
|
_, err = c.eventstore.Push(ctx,
|
2021-02-18 14:48:27 +01:00
|
|
|
user.NewHumanMFAInitSkippedEvent(ctx, UserAggregateFromWriteModel(&existingHuman.WriteModel)))
|
|
|
|
return err
|
2021-01-15 09:32:59 +01:00
|
|
|
}
|
2021-01-06 11:12:56 +01:00
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
///TODO: adlerhurst maybe we can simplify createAddHumanEvent and createRegisterHumanEvent
|
|
|
|
func createAddHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanAddedEvent {
|
2021-01-15 09:32:59 +01:00
|
|
|
addEvent := user.NewHumanAddedEvent(
|
2021-01-06 11:12:56 +01:00
|
|
|
ctx,
|
2021-02-18 14:48:27 +01:00
|
|
|
aggregate,
|
2021-01-21 10:49:38 +01:00
|
|
|
human.Username,
|
2021-01-06 11:12:56 +01:00
|
|
|
human.FirstName,
|
|
|
|
human.LastName,
|
|
|
|
human.NickName,
|
|
|
|
human.DisplayName,
|
|
|
|
human.PreferredLanguage,
|
|
|
|
human.Gender,
|
|
|
|
human.EmailAddress,
|
2021-01-21 10:49:38 +01:00
|
|
|
userLoginMustBeDomain,
|
2021-01-06 11:12:56 +01:00
|
|
|
)
|
|
|
|
if human.Phone != nil {
|
|
|
|
addEvent.AddPhoneData(human.PhoneNumber)
|
|
|
|
}
|
|
|
|
if human.Address != nil {
|
|
|
|
addEvent.AddAddressData(
|
|
|
|
human.Country,
|
|
|
|
human.Locality,
|
|
|
|
human.PostalCode,
|
|
|
|
human.Region,
|
|
|
|
human.StreetAddress)
|
|
|
|
}
|
|
|
|
if human.Password != nil {
|
|
|
|
addEvent.AddPasswordData(human.SecretCrypto, human.ChangeRequired)
|
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
return addEvent
|
|
|
|
}
|
2021-01-06 11:12:56 +01:00
|
|
|
|
2021-02-18 14:48:27 +01:00
|
|
|
func createRegisterHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanRegisteredEvent {
|
2021-01-15 09:32:59 +01:00
|
|
|
addEvent := user.NewHumanRegisteredEvent(
|
|
|
|
ctx,
|
2021-02-18 14:48:27 +01:00
|
|
|
aggregate,
|
2021-01-21 10:49:38 +01:00
|
|
|
human.Username,
|
2021-01-15 09:32:59 +01:00
|
|
|
human.FirstName,
|
|
|
|
human.LastName,
|
|
|
|
human.NickName,
|
|
|
|
human.DisplayName,
|
|
|
|
human.PreferredLanguage,
|
|
|
|
human.Gender,
|
|
|
|
human.EmailAddress,
|
2021-01-21 10:49:38 +01:00
|
|
|
userLoginMustBeDomain,
|
2021-01-15 09:32:59 +01:00
|
|
|
)
|
|
|
|
if human.Phone != nil {
|
|
|
|
addEvent.AddPhoneData(human.PhoneNumber)
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
if human.Address != nil {
|
|
|
|
addEvent.AddAddressData(
|
|
|
|
human.Country,
|
|
|
|
human.Locality,
|
|
|
|
human.PostalCode,
|
|
|
|
human.Region,
|
|
|
|
human.StreetAddress)
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
if human.Password != nil {
|
|
|
|
addEvent.AddPasswordData(human.SecretCrypto, human.ChangeRequired)
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
return addEvent
|
2021-01-06 11:12:56 +01:00
|
|
|
}
|
2021-01-07 16:06:45 +01:00
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
func (c *Commands) HumansSignOut(ctx context.Context, agentID string, userIDs []string) error {
|
2021-02-08 11:30:30 +01:00
|
|
|
if agentID == "" {
|
2021-03-19 11:12:56 +01:00
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
|
|
|
|
}
|
|
|
|
if len(userIDs) == 0 {
|
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-M0od3", "Errors.User.UserIDMissing")
|
2021-02-08 11:30:30 +01:00
|
|
|
}
|
2022-01-03 09:19:07 +01:00
|
|
|
events := make([]eventstore.Command, 0)
|
2021-03-19 11:12:56 +01:00
|
|
|
for _, userID := range userIDs {
|
2021-02-24 11:17:39 +01:00
|
|
|
existingUser, err := c.getHumanWriteModelByID(ctx, userID, "")
|
2021-02-08 11:30:30 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
if !isUserStateExists(existingUser.UserState) {
|
2021-02-08 11:30:30 +01:00
|
|
|
continue
|
|
|
|
}
|
2021-03-19 11:12:56 +01:00
|
|
|
events = append(events, user.NewHumanSignedOutEvent(
|
2021-02-18 14:48:27 +01:00
|
|
|
ctx,
|
|
|
|
UserAggregateFromWriteModel(&existingUser.WriteModel),
|
2021-03-19 11:12:56 +01:00
|
|
|
agentID))
|
|
|
|
}
|
|
|
|
if len(events) == 0 {
|
|
|
|
return nil
|
2021-02-08 11:30:30 +01:00
|
|
|
}
|
2022-01-03 09:19:07 +01:00
|
|
|
_, err := c.eventstore.Push(ctx, events...)
|
2021-02-08 11:30:30 +01:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-02-24 11:17:39 +01:00
|
|
|
func (c *Commands) getHumanWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanWriteModel, error) {
|
2021-01-15 09:32:59 +01:00
|
|
|
humanWriteModel := NewHumanWriteModel(userID, resourceowner)
|
2021-02-24 11:17:39 +01:00
|
|
|
err := c.eventstore.FilterToQueryReducer(ctx, humanWriteModel)
|
2021-01-07 16:06:45 +01:00
|
|
|
if err != nil {
|
2021-01-15 09:32:59 +01:00
|
|
|
return nil, err
|
2021-01-07 16:06:45 +01:00
|
|
|
}
|
2021-01-15 09:32:59 +01:00
|
|
|
return humanWriteModel, nil
|
2021-01-07 16:06:45 +01:00
|
|
|
}
|