2023-05-11 11:23:40 +02:00
|
|
|
package settings
|
|
|
|
|
|
|
|
import (
|
2024-03-27 14:48:22 +01:00
|
|
|
"time"
|
|
|
|
|
2023-05-11 11:23:40 +02:00
|
|
|
"google.golang.org/protobuf/types/known/durationpb"
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/command"
|
2023-05-11 11:23:40 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
"github.com/zitadel/zitadel/internal/query"
|
2024-07-26 22:39:55 +02:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
|
2023-05-11 11:23:40 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func loginSettingsToPb(current *query.LoginPolicy) *settings.LoginSettings {
|
|
|
|
multi := make([]settings.MultiFactorType, len(current.MultiFactors))
|
|
|
|
for i, typ := range current.MultiFactors {
|
|
|
|
multi[i] = multiFactorTypeToPb(typ)
|
|
|
|
}
|
|
|
|
second := make([]settings.SecondFactorType, len(current.SecondFactors))
|
|
|
|
for i, typ := range current.SecondFactors {
|
|
|
|
second[i] = secondFactorTypeToPb(typ)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &settings.LoginSettings{
|
|
|
|
AllowUsernamePassword: current.AllowUsernamePassword,
|
|
|
|
AllowRegister: current.AllowRegister,
|
|
|
|
AllowExternalIdp: current.AllowExternalIDPs,
|
|
|
|
ForceMfa: current.ForceMFA,
|
2023-07-20 06:06:16 +02:00
|
|
|
ForceMfaLocalOnly: current.ForceMFALocalOnly,
|
2023-05-11 11:23:40 +02:00
|
|
|
PasskeysType: passkeysTypeToPb(current.PasswordlessType),
|
|
|
|
HidePasswordReset: current.HidePasswordReset,
|
|
|
|
IgnoreUnknownUsernames: current.IgnoreUnknownUsernames,
|
|
|
|
AllowDomainDiscovery: current.AllowDomainDiscovery,
|
|
|
|
DisableLoginWithEmail: current.DisableLoginWithEmail,
|
|
|
|
DisableLoginWithPhone: current.DisableLoginWithPhone,
|
|
|
|
DefaultRedirectUri: current.DefaultRedirectURI,
|
2024-03-27 14:48:22 +01:00
|
|
|
PasswordCheckLifetime: durationpb.New(time.Duration(current.PasswordCheckLifetime)),
|
|
|
|
ExternalLoginCheckLifetime: durationpb.New(time.Duration(current.ExternalLoginCheckLifetime)),
|
|
|
|
MfaInitSkipLifetime: durationpb.New(time.Duration(current.MFAInitSkipLifetime)),
|
|
|
|
SecondFactorCheckLifetime: durationpb.New(time.Duration(current.SecondFactorCheckLifetime)),
|
|
|
|
MultiFactorCheckLifetime: durationpb.New(time.Duration(current.MultiFactorCheckLifetime)),
|
2023-05-11 11:23:40 +02:00
|
|
|
SecondFactors: second,
|
|
|
|
MultiFactors: multi,
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func isDefaultToResourceOwnerTypePb(isDefault bool) settings.ResourceOwnerType {
|
|
|
|
if isDefault {
|
|
|
|
return settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE
|
|
|
|
}
|
|
|
|
return settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_ORG
|
|
|
|
}
|
|
|
|
|
|
|
|
func passkeysTypeToPb(passwordlessType domain.PasswordlessType) settings.PasskeysType {
|
|
|
|
switch passwordlessType {
|
|
|
|
case domain.PasswordlessTypeAllowed:
|
|
|
|
return settings.PasskeysType_PASSKEYS_TYPE_ALLOWED
|
|
|
|
case domain.PasswordlessTypeNotAllowed:
|
|
|
|
return settings.PasskeysType_PASSKEYS_TYPE_NOT_ALLOWED
|
|
|
|
default:
|
|
|
|
return settings.PasskeysType_PASSKEYS_TYPE_NOT_ALLOWED
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func secondFactorTypeToPb(secondFactorType domain.SecondFactorType) settings.SecondFactorType {
|
|
|
|
switch secondFactorType {
|
2023-07-28 07:39:30 +02:00
|
|
|
case domain.SecondFactorTypeTOTP:
|
2023-05-11 11:23:40 +02:00
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP
|
|
|
|
case domain.SecondFactorTypeU2F:
|
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_U2F
|
2023-07-28 07:39:30 +02:00
|
|
|
case domain.SecondFactorTypeOTPEmail:
|
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL
|
|
|
|
case domain.SecondFactorTypeOTPSMS:
|
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS
|
2023-05-11 11:23:40 +02:00
|
|
|
case domain.SecondFactorTypeUnspecified:
|
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED
|
|
|
|
default:
|
|
|
|
return settings.SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func multiFactorTypeToPb(typ domain.MultiFactorType) settings.MultiFactorType {
|
|
|
|
switch typ {
|
|
|
|
case domain.MultiFactorTypeU2FWithPIN:
|
|
|
|
return settings.MultiFactorType_MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION
|
|
|
|
case domain.MultiFactorTypeUnspecified:
|
|
|
|
return settings.MultiFactorType_MULTI_FACTOR_TYPE_UNSPECIFIED
|
|
|
|
default:
|
|
|
|
return settings.MultiFactorType_MULTI_FACTOR_TYPE_UNSPECIFIED
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-06-18 13:27:44 +02:00
|
|
|
func passwordComplexitySettingsToPb(current *query.PasswordComplexityPolicy) *settings.PasswordComplexitySettings {
|
2023-05-11 11:23:40 +02:00
|
|
|
return &settings.PasswordComplexitySettings{
|
|
|
|
MinLength: current.MinLength,
|
|
|
|
RequiresUppercase: current.HasUppercase,
|
|
|
|
RequiresLowercase: current.HasLowercase,
|
|
|
|
RequiresNumber: current.HasNumber,
|
|
|
|
RequiresSymbol: current.HasSymbol,
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-06-18 13:27:44 +02:00
|
|
|
func passwordExpirySettingsToPb(current *query.PasswordAgePolicy) *settings.PasswordExpirySettings {
|
|
|
|
return &settings.PasswordExpirySettings{
|
|
|
|
MaxAgeDays: current.MaxAgeDays,
|
|
|
|
ExpireWarnDays: current.ExpireWarnDays,
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-05-11 11:23:40 +02:00
|
|
|
func brandingSettingsToPb(current *query.LabelPolicy, assetPrefix string) *settings.BrandingSettings {
|
|
|
|
return &settings.BrandingSettings{
|
|
|
|
LightTheme: themeToPb(current.Light, assetPrefix, current.ResourceOwner),
|
|
|
|
DarkTheme: themeToPb(current.Dark, assetPrefix, current.ResourceOwner),
|
|
|
|
FontUrl: domain.AssetURL(assetPrefix, current.ResourceOwner, current.FontURL),
|
|
|
|
DisableWatermark: current.WatermarkDisabled,
|
|
|
|
HideLoginNameSuffix: current.HideLoginNameSuffix,
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
2023-10-26 07:54:09 +02:00
|
|
|
ThemeMode: themeModeToPb(current.ThemeMode),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func themeModeToPb(themeMode domain.LabelPolicyThemeMode) settings.ThemeMode {
|
|
|
|
switch themeMode {
|
|
|
|
case domain.LabelPolicyThemeAuto:
|
|
|
|
return settings.ThemeMode_THEME_MODE_AUTO
|
|
|
|
case domain.LabelPolicyThemeLight:
|
|
|
|
return settings.ThemeMode_THEME_MODE_LIGHT
|
|
|
|
case domain.LabelPolicyThemeDark:
|
|
|
|
return settings.ThemeMode_THEME_MODE_DARK
|
|
|
|
default:
|
|
|
|
return settings.ThemeMode_THEME_MODE_AUTO
|
2023-05-11 11:23:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func themeToPb(theme query.Theme, assetPrefix, resourceOwner string) *settings.Theme {
|
|
|
|
return &settings.Theme{
|
|
|
|
PrimaryColor: theme.PrimaryColor,
|
|
|
|
BackgroundColor: theme.BackgroundColor,
|
|
|
|
FontColor: theme.FontColor,
|
|
|
|
WarnColor: theme.WarnColor,
|
|
|
|
LogoUrl: domain.AssetURL(assetPrefix, resourceOwner, theme.LogoURL),
|
|
|
|
IconUrl: domain.AssetURL(assetPrefix, resourceOwner, theme.IconURL),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func domainSettingsToPb(current *query.DomainPolicy) *settings.DomainSettings {
|
|
|
|
return &settings.DomainSettings{
|
|
|
|
LoginNameIncludesDomain: current.UserLoginMustBeDomain,
|
|
|
|
RequireOrgDomainVerification: current.ValidateOrgDomains,
|
|
|
|
SmtpSenderAddressMatchesInstanceDomain: current.SMTPSenderAddressMatchesInstanceDomain,
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func legalAndSupportSettingsToPb(current *query.PrivacyPolicy) *settings.LegalAndSupportSettings {
|
|
|
|
return &settings.LegalAndSupportSettings{
|
|
|
|
TosLink: current.TOSLink,
|
|
|
|
PrivacyPolicyLink: current.PrivacyLink,
|
|
|
|
HelpLink: current.HelpLink,
|
|
|
|
SupportEmail: string(current.SupportEmail),
|
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
2024-05-13 16:01:50 +02:00
|
|
|
DocsLink: current.DocsLink,
|
|
|
|
CustomLink: current.CustomLink,
|
|
|
|
CustomLinkText: current.CustomLinkText,
|
2023-05-11 11:23:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func lockoutSettingsToPb(current *query.LockoutPolicy) *settings.LockoutSettings {
|
|
|
|
return &settings.LockoutSettings{
|
|
|
|
MaxPasswordAttempts: current.MaxPasswordAttempts,
|
2024-04-10 11:14:55 +02:00
|
|
|
MaxOtpAttempts: current.MaxOTPAttempts,
|
2023-05-11 11:23:40 +02:00
|
|
|
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func identityProvidersToPb(idps []*query.IDPLoginPolicyLink) []*settings.IdentityProvider {
|
|
|
|
providers := make([]*settings.IdentityProvider, len(idps))
|
|
|
|
for i, idp := range idps {
|
|
|
|
providers[i] = identityProviderToPb(idp)
|
|
|
|
}
|
|
|
|
return providers
|
|
|
|
}
|
|
|
|
|
|
|
|
func identityProviderToPb(idp *query.IDPLoginPolicyLink) *settings.IdentityProvider {
|
|
|
|
return &settings.IdentityProvider{
|
|
|
|
Id: idp.IDPID,
|
|
|
|
Name: domain.IDPName(idp.IDPName, idp.IDPType),
|
|
|
|
Type: idpTypeToPb(idp.IDPType),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func idpTypeToPb(idpType domain.IDPType) settings.IdentityProviderType {
|
|
|
|
switch idpType {
|
|
|
|
case domain.IDPTypeUnspecified:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_UNSPECIFIED
|
|
|
|
case domain.IDPTypeOIDC:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OIDC
|
|
|
|
case domain.IDPTypeJWT:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_JWT
|
|
|
|
case domain.IDPTypeOAuth:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH
|
|
|
|
case domain.IDPTypeLDAP:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_LDAP
|
|
|
|
case domain.IDPTypeAzureAD:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_AZURE_AD
|
|
|
|
case domain.IDPTypeGitHub:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_GITHUB
|
|
|
|
case domain.IDPTypeGitHubEnterprise:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_GITHUB_ES
|
|
|
|
case domain.IDPTypeGitLab:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_GITLAB
|
|
|
|
case domain.IDPTypeGitLabSelfHosted:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_GITLAB_SELF_HOSTED
|
|
|
|
case domain.IDPTypeGoogle:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_GOOGLE
|
2024-09-11 16:26:28 +02:00
|
|
|
case domain.IDPTypeApple:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_APPLE
|
2024-06-28 17:00:56 +02:00
|
|
|
case domain.IDPTypeSAML:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_SAML
|
2023-05-11 11:23:40 +02:00
|
|
|
default:
|
|
|
|
return settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_UNSPECIFIED
|
|
|
|
}
|
|
|
|
}
|
2024-02-28 12:21:11 +02:00
|
|
|
|
|
|
|
func securityPolicyToSettingsPb(policy *query.SecurityPolicy) *settings.SecuritySettings {
|
|
|
|
return &settings.SecuritySettings{
|
|
|
|
EmbeddedIframe: &settings.EmbeddedIframeSettings{
|
|
|
|
Enabled: policy.EnableIframeEmbedding,
|
|
|
|
AllowedOrigins: policy.AllowedOrigins,
|
|
|
|
},
|
|
|
|
EnableImpersonation: policy.EnableImpersonation,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func securitySettingsToCommand(req *settings.SetSecuritySettingsRequest) *command.SecurityPolicy {
|
|
|
|
return &command.SecurityPolicy{
|
|
|
|
EnableIframeEmbedding: req.GetEmbeddedIframe().GetEnabled(),
|
|
|
|
AllowedOrigins: req.GetEmbeddedIframe().GetAllowedOrigins(),
|
|
|
|
EnableImpersonation: req.GetEnableImpersonation(),
|
|
|
|
}
|
|
|
|
}
|