zitadel/internal/command/user_idp_link.go

package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/eventstore"

	"github.com/zitadel/zitadel/internal/domain"
	caos_errs "github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/repository/user"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
)

func (c *Commands) AddUserIDPLink(ctx context.Context, userID, resourceOwner string, link *domain.UserIDPLink) (err error) {
	if userID == "" {
		return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")
	}
	if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {
		return err
	}

	linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)
	userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)

	event, err := c.addUserIDPLink(ctx, userAgg, link)
	if err != nil {
		return err
	}

	_, err = c.eventstore.Push(ctx, event)
	return err
}

func (c *Commands) BulkAddedUserIDPLinks(ctx context.Context, userID, resourceOwner string, links []*domain.UserIDPLink) (err error) {
	if userID == "" {
		return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")
	}
	if len(links) == 0 {
		return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded")
	}

	if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {
		return err
	}

	events := make([]eventstore.Command, len(links))
	for i, link := range links {
		linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)
		userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)

		events[i], err = c.addUserIDPLink(ctx, userAgg, link)
		if err != nil {
			return err
		}
	}

	_, err = c.eventstore.Push(ctx, events...)
	return err
}

func (c *Commands) addUserIDPLink(ctx context.Context, human *eventstore.Aggregate, link *domain.UserIDPLink) (eventstore.Command, error) {
	if link.AggregateID != "" && human.ID != link.AggregateID {
		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing")
	}
	if !link.IsValid() {
		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid")
	}

	_, err := c.getOrgIDPConfigByID(ctx, link.IDPConfigID, human.ResourceOwner)
	if caos_errs.IsNotFound(err) {
		_, err = c.getInstanceIDPConfigByID(ctx, link.IDPConfigID)
	}
	if err != nil {
		return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-39nfs", "Errors.IDPConfig.NotExisting")
	}
	return user.NewUserIDPLinkAddedEvent(ctx, human, link.IDPConfigID, link.DisplayName, link.ExternalUserID), nil
}

func (c *Commands) RemoveUserIDPLink(ctx context.Context, link *domain.UserIDPLink) (*domain.ObjectDetails, error) {
	event, linkWriteModel, err := c.removeUserIDPLink(ctx, link, false)
	if err != nil {
		return nil, err
	}
	pushedEvents, err := c.eventstore.Push(ctx, event)
	if err != nil {
		return nil, err
	}
	err = AppendAndReduce(linkWriteModel, pushedEvents...)
	if err != nil {
		return nil, err
	}
	return writeModelToObjectDetails(&linkWriteModel.WriteModel), nil
}

func (c *Commands) removeUserIDPLink(ctx context.Context, link *domain.UserIDPLink, cascade bool) (eventstore.Command, *UserIDPLinkWriteModel, error) {
	if !link.IsValid() || link.AggregateID == "" {
		return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9ds", "Errors.IDMissing")
	}

	existingLink, err := c.userIDPLinkWriteModelByID(ctx, link.AggregateID, link.IDPConfigID, link.ExternalUserID, link.ResourceOwner)
	if err != nil {
		return nil, nil, err
	}
	if existingLink.State == domain.UserIDPLinkStateUnspecified || existingLink.State == domain.UserIDPLinkStateRemoved {
		return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1M9xR", "Errors.User.ExternalIDP.NotFound")
	}
	userAgg := UserAggregateFromWriteModel(&existingLink.WriteModel)
	if cascade {
		return user.NewUserIDPLinkCascadeRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil
	}
	return user.NewUserIDPLinkRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil
}

func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string, authRequest *domain.AuthRequest) (err error) {
	if userID == "" {
		return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5n8sM", "Errors.IDMissing")
	}

	existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID)
	if err != nil {
		return err
	}
	if existingHuman.UserState == domain.UserStateUnspecified || existingHuman.UserState == domain.UserStateDeleted {
		return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dn88J", "Errors.User.NotFound")
	}

	userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)
	_, err = c.eventstore.Push(ctx, user.NewUserIDPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
	return err
}

func (c *Commands) userIDPLinkWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *UserIDPLinkWriteModel, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()

	writeModel = NewUserIDPLinkWriteModel(userID, idpConfigID, externalUserID, resourceOwner)
	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
	if err != nil {
		return nil, err
	}
	return writeModel, nil
}
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`package command`

			`import (`
			`"context"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/eventstore"`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
			`caos_errs "github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/repository/user"`
			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`)`

feat: V2 alpha import and export of organizations (#3798) * feat(import): add functionality to import data into an instance * feat(import): move import to admin api and additional checks for nil pointer * fix(export): export implementation with filtered members and grants * fix: export and import implementation * fix: add possibility to export hashed passwords with the user * fix(import): import with structure of v1 and v2 * docs: add v1 proto * fix(import): check im imported user is already existing * fix(import): add otp import function * fix(import): add external idps, domains, custom text and messages * fix(import): correct usage of default values from login policy * fix(export): fix renaming of add project function * fix(import): move checks for unit tests * expect filter * fix(import): move checks for unit tests * fix(import): move checks for unit tests * fix(import): produce prerelease from branch * fix(import): correctly use provided user id for machine user imports * fix(import): corrected otp import and added guide for export and import * fix: import verified and primary domains * fix(import): add reading from gcs, s3 and localfile with tracing * fix(import): gcs and s3, file size correction and error logging * Delete docker-compose.yml * fix(import): progress logging and count of resources * fix(import): progress logging and count of resources * log subscription * fix(import): incorporate review * fix(import): incorporate review * docs: add suggestion for import Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix(import): add verification otp event and handling of deleted but existing users Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-28 13:42:35 +00:00			`func (c Commands) AddUserIDPLink(ctx context.Context, userID, resourceOwner string, link domain.UserIDPLink) (err error) {`
			`if userID == "" {`
			`return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")`
			`}`
fix(user): move check if user is existing from user idp link (#4363) * fix(user): move check if user is existing from user idp link * fix(user): correct unit tests for user link bulk * fix(user): correct placement of existing user check for user link Co-authored-by: Silvan <silvan.reusser@gmail.com> 2022-09-14 12:21:23 +00:00			`if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {`
			`return err`
			`}`
feat: V2 alpha import and export of organizations (#3798) * feat(import): add functionality to import data into an instance * feat(import): move import to admin api and additional checks for nil pointer * fix(export): export implementation with filtered members and grants * fix: export and import implementation * fix: add possibility to export hashed passwords with the user * fix(import): import with structure of v1 and v2 * docs: add v1 proto * fix(import): check im imported user is already existing * fix(import): add otp import function * fix(import): add external idps, domains, custom text and messages * fix(import): correct usage of default values from login policy * fix(export): fix renaming of add project function * fix(import): move checks for unit tests * expect filter * fix(import): move checks for unit tests * fix(import): move checks for unit tests * fix(import): produce prerelease from branch * fix(import): correctly use provided user id for machine user imports * fix(import): corrected otp import and added guide for export and import * fix: import verified and primary domains * fix(import): add reading from gcs, s3 and localfile with tracing * fix(import): gcs and s3, file size correction and error logging * Delete docker-compose.yml * fix(import): progress logging and count of resources * fix(import): progress logging and count of resources * log subscription * fix(import): incorporate review * fix(import): incorporate review * docs: add suggestion for import Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix(import): add verification otp event and handling of deleted but existing users Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-28 13:42:35 +00:00
			`linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)`
			`userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)`

			`event, err := c.addUserIDPLink(ctx, userAgg, link)`
			`if err != nil {`
			`return err`
			`}`

			`_, err = c.eventstore.Push(ctx, event)`
			`return err`
			`}`

fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`func (c Commands) BulkAddedUserIDPLinks(ctx context.Context, userID, resourceOwner string, links []domain.UserIDPLink) (err error) {`
			`if userID == "" {`
			`return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")`
			`}`
			`if len(links) == 0 {`
			`return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded")`
			`}`

fix(user): move check if user is existing from user idp link (#4363) * fix(user): move check if user is existing from user idp link * fix(user): correct unit tests for user link bulk * fix(user): correct placement of existing user check for user link Co-authored-by: Silvan <silvan.reusser@gmail.com> 2022-09-14 12:21:23 +00:00			`if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {`
			`return err`
			`}`

refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`events := make([]eventstore.Command, len(links))`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`for i, link := range links {`
			`linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)`
			`userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)`

			`events[i], err = c.addUserIDPLink(ctx, userAgg, link)`
			`if err != nil {`
			`return err`
			`}`
			`}`

refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`_, err = c.eventstore.Push(ctx, events...)`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`return err`
			`}`

refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`func (c Commands) addUserIDPLink(ctx context.Context, human eventstore.Aggregate, link *domain.UserIDPLink) (eventstore.Command, error) {`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`if link.AggregateID != "" && human.ID != link.AggregateID {`
			`return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing")`
			`}`
			`if !link.IsValid() {`
			`return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid")`
			`}`
fix(import): check exists (#4268) * fix(import): check if org exists and user * refactor: imports * fix(user): ignore malformed events * refactor: method naming * fix: test * refactor: correct errors.Is call 2022-08-29 15:09:07 +00:00
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`_, err := c.getOrgIDPConfigByID(ctx, link.IDPConfigID, human.ResourceOwner)`
			`if caos_errs.IsNotFound(err) {`
fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`_, err = c.getInstanceIDPConfigByID(ctx, link.IDPConfigID)`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`}`
			`if err != nil {`
			`return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-39nfs", "Errors.IDPConfig.NotExisting")`
			`}`
			`return user.NewUserIDPLinkAddedEvent(ctx, human, link.IDPConfigID, link.DisplayName, link.ExternalUserID), nil`
			`}`

			`func (c Commands) RemoveUserIDPLink(ctx context.Context, link domain.UserIDPLink) (*domain.ObjectDetails, error) {`
			`event, linkWriteModel, err := c.removeUserIDPLink(ctx, link, false)`
			`if err != nil {`
			`return nil, err`
			`}`
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`pushedEvents, err := c.eventstore.Push(ctx, event)`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`err = AppendAndReduce(linkWriteModel, pushedEvents...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return writeModelToObjectDetails(&linkWriteModel.WriteModel), nil`
			`}`

refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`func (c Commands) removeUserIDPLink(ctx context.Context, link domain.UserIDPLink, cascade bool) (eventstore.Command, *UserIDPLinkWriteModel, error) {`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`if !link.IsValid() \|\| link.AggregateID == "" {`
			`return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9ds", "Errors.IDMissing")`
			`}`

			`existingLink, err := c.userIDPLinkWriteModelByID(ctx, link.AggregateID, link.IDPConfigID, link.ExternalUserID, link.ResourceOwner)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`if existingLink.State == domain.UserIDPLinkStateUnspecified \|\| existingLink.State == domain.UserIDPLinkStateRemoved {`
			`return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1M9xR", "Errors.User.ExternalIDP.NotFound")`
			`}`
			`userAgg := UserAggregateFromWriteModel(&existingLink.WriteModel)`
			`if cascade {`
			`return user.NewUserIDPLinkCascadeRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil`
			`}`
			`return user.NewUserIDPLinkRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil`
			`}`

			`func (c Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string, authRequest domain.AuthRequest) (err error) {`
			`if userID == "" {`
			`return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5n8sM", "Errors.IDMissing")`
			`}`

			`existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID)`
			`if err != nil {`
			`return err`
			`}`
			`if existingHuman.UserState == domain.UserStateUnspecified \|\| existingHuman.UserState == domain.UserStateDeleted {`
			`return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dn88J", "Errors.User.NotFound")`
			`}`

			`userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)`
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`_, err = c.eventstore.Push(ctx, user.NewUserIDPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))`
fix(projections): user idp link projection (#2583) * fix(projections): add app * fix(migration): add index for project_id * test: app projection * fix(projections): add idp_user_link * test: idp user link * fix: migration versions * refactor: rename externalIDP to UserIDPLink * fix: interface methods 2021-11-02 09:08:47 +00:00			`return err`
			`}`

			`func (c Commands) userIDPLinkWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel UserIDPLinkWriteModel, err error) {`
			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`

			`writeModel = NewUserIDPLinkWriteModel(userID, idpConfigID, externalUserID, resourceOwner)`
			`err = c.eventstore.FilterToQueryReducer(ctx, writeModel)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return writeModel, nil`
			`}`