2021-01-28 05:35:26 +00:00
|
|
|
package domain
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
http_util "github.com/zitadel/zitadel/internal/api/http"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
2021-01-28 05:35:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2021-05-03 07:07:54 +00:00
|
|
|
http = "http://"
|
|
|
|
|
httpLocalhostWithPort = "http://localhost:"
|
|
|
|
|
httpLocalhostWithoutPort = "http://localhost/"
|
|
|
|
|
httpLoopbackV4WithPort = "http://127.0.0.1:"
|
|
|
|
|
httpLoopbackV4WithoutPort = "http://127.0.0.1/"
|
|
|
|
|
httpLoopbackV6WithPort = "http://[::1]:"
|
|
|
|
|
httpLoopbackV6WithoutPort = "http://[::1]/"
|
|
|
|
|
httpLoopbackV6LongWithPort = "http://[0:0:0:0:0:0:0:1]:"
|
|
|
|
|
httpLoopbackV6LongWithoutPort = "http://[0:0:0:0:0:0:0:1]/"
|
|
|
|
|
https = "https://"
|
2021-01-28 05:35:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OIDCApp struct {
|
|
|
|
|
models.ObjectRoot
|
|
|
|
|
|
|
|
|
|
AppID string
|
|
|
|
|
AppName string
|
|
|
|
|
ClientID string
|
|
|
|
|
ClientSecret *crypto.CryptoValue
|
|
|
|
|
ClientSecretString string
|
|
|
|
|
RedirectUris []string
|
|
|
|
|
ResponseTypes []OIDCResponseType
|
|
|
|
|
GrantTypes []OIDCGrantType
|
|
|
|
|
ApplicationType OIDCApplicationType
|
|
|
|
|
AuthMethodType OIDCAuthMethodType
|
|
|
|
|
PostLogoutRedirectUris []string
|
|
|
|
|
OIDCVersion OIDCVersion
|
|
|
|
|
Compliance *Compliance
|
|
|
|
|
DevMode bool
|
|
|
|
|
AccessTokenType OIDCTokenType
|
|
|
|
|
AccessTokenRoleAssertion bool
|
|
|
|
|
IDTokenRoleAssertion bool
|
|
|
|
|
IDTokenUserinfoAssertion bool
|
|
|
|
|
ClockSkew time.Duration
|
2021-05-19 07:17:38 +00:00
|
|
|
AdditionalOrigins []string
|
2023-04-11 15:07:32 +00:00
|
|
|
SkipNativeAppSuccessPage bool
|
2021-01-28 05:35:26 +00:00
|
|
|
|
|
|
|
|
State AppState
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) GetApplicationName() string {
|
|
|
|
|
return a.AppName
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) GetState() AppState {
|
|
|
|
|
return a.State
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) setClientID(clientID string) {
|
|
|
|
|
a.ClientID = clientID
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) setClientSecret(clientSecret *crypto.CryptoValue) {
|
|
|
|
|
a.ClientSecret = clientSecret
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) requiresClientSecret() bool {
|
|
|
|
|
return a.AuthMethodType == OIDCAuthMethodTypeBasic || a.AuthMethodType == OIDCAuthMethodTypePost
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
|
|
2021-01-28 05:35:26 +00:00
|
|
|
type OIDCVersion int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCVersionV1 OIDCVersion = iota
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OIDCResponseType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCResponseTypeCode OIDCResponseType = iota
|
|
|
|
|
OIDCResponseTypeIDToken
|
|
|
|
|
OIDCResponseTypeIDTokenToken
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OIDCGrantType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCGrantTypeAuthorizationCode OIDCGrantType = iota
|
|
|
|
|
OIDCGrantTypeImplicit
|
|
|
|
|
OIDCGrantTypeRefreshToken
|
2023-04-19 08:46:02 +00:00
|
|
|
OIDCGrantTypeDeviceCode
|
2021-01-28 05:35:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OIDCApplicationType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCApplicationTypeWeb OIDCApplicationType = iota
|
|
|
|
|
OIDCApplicationTypeUserAgent
|
|
|
|
|
OIDCApplicationTypeNative
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OIDCAuthMethodType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCAuthMethodTypeBasic OIDCAuthMethodType = iota
|
|
|
|
|
OIDCAuthMethodTypePost
|
|
|
|
|
OIDCAuthMethodTypeNone
|
fix: merge master (#1306)
* chore(site): dependabot deps (#1148)
* chore(deps): bump highlight.js from 10.4.1 to 10.5.0 in /site (#1143)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.1 to 10.5.0.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.1...10.5.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @babel/plugin-transform-runtime in /site (#1144)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.12.1 to 7.12.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.10/packages/babel-plugin-transform-runtime)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sirv from 1.0.7 to 1.0.10 in /site (#1145)
Bumps [sirv](https://github.com/lukeed/sirv) from 1.0.7 to 1.0.10.
- [Release notes](https://github.com/lukeed/sirv/releases)
- [Commits](https://github.com/lukeed/sirv/compare/v1.0.7...v1.0.10)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump rollup from 2.34.0 to 2.35.1 in /site (#1142)
Bumps [rollup](https://github.com/rollup/rollup) from 2.34.0 to 2.35.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.34.0...v2.35.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @rollup/plugin-node-resolve in /site (#1141)
Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins) from 10.0.0 to 11.0.1.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Commits](https://github.com/rollup/plugins/compare/node-resolve-v10.0.0...commonjs-v11.0.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump marked from 1.2.5 to 1.2.7 in /site (#1140)
Bumps [marked](https://github.com/markedjs/marked) from 1.2.5 to 1.2.7.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js)
- [Commits](https://github.com/markedjs/marked/compare/v1.2.5...v1.2.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @babel/core from 7.12.9 to 7.12.10 in /site (#1139)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.9 to 7.12.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.10/packages/babel-core)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump rollup-plugin-svelte from 6.1.1 to 7.0.0 in /site (#1138)
Bumps [rollup-plugin-svelte](https://github.com/sveltejs/rollup-plugin-svelte) from 6.1.1 to 7.0.0.
- [Release notes](https://github.com/sveltejs/rollup-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/rollup-plugin-svelte/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/rollup-plugin-svelte/compare/v6.1.1...v7.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @babel/preset-env from 7.12.1 to 7.12.11 in /site (#1137)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.11.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.11/packages/babel-preset-env)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* downgrade svelte plugin
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(console): dependabot deps (#1147)
* chore(deps-dev): bump @types/node from 14.14.13 to 14.14.19 in /console (#1146)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.13 to 14.14.19.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump ts-protoc-gen from 0.13.0 to 0.14.0 in /console (#1129)
Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases)
- [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.13.0...0.14.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/language-service in /console (#1128)
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.4 to 11.0.5.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.0.5/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/cli from 11.0.4 to 11.0.5 in /console (#1127)
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.4 to 11.0.5.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.0.4...v11.0.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular-devkit/build-angular in /console (#1126)
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.4 to 0.1100.5.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
* audit
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: e-mail templates (#1158)
* View definition added
* Get templates and texts from the database.
* Fill in texts in templates
* Fill in texts in templates
* Client API added
* Weekly backup
* Weekly backup
* Daily backup
* Weekly backup
* Tests added
* Corrections from merge branch
* Fixes from pull request review
* chore(console): dependencies (#1189)
* chore(deps-dev): bump @angular/language-service in /console (#1187)
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.5 to 11.0.9.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.0.9/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump google-proto-files from 2.3.0 to 2.4.0 in /console (#1186)
Bumps [google-proto-files](https://github.com/googleapis/nodejs-proto-files) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/googleapis/nodejs-proto-files/releases)
- [Changelog](https://github.com/googleapis/nodejs-proto-files/blob/master/CHANGELOG.md)
- [Commits](https://github.com/googleapis/nodejs-proto-files/compare/v2.3.0...v2.4.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/node from 14.14.19 to 14.14.21 in /console (#1185)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.19 to 14.14.21.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/cli from 11.0.5 to 11.0.7 in /console (#1184)
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.5 to 11.0.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.0.5...v11.0.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump karma from 5.2.3 to 6.0.0 in /console (#1183)
Bumps [karma](https://github.com/karma-runner/karma) from 5.2.3 to 6.0.0.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v5.2.3...v6.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular-devkit/build-angular in /console (#1182)
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.5 to 0.1100.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(console): trigger unauthenticated dialog only once (#1170)
* fix: trigger dialog once
* remove log
* typed trigger
* chore(console): dependencies (#1205)
* chore(deps-dev): bump stylelint from 13.8.0 to 13.9.0 in /console (#1204)
Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.8.0 to 13.9.0.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/13.8.0...13.9.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/language-service in /console (#1203)
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.9 to 11.1.0.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.1.0/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump karma from 6.0.0 to 6.0.1 in /console (#1202)
Bumps [karma](https://github.com/karma-runner/karma) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v6.0.0...v6.0.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/cli from 11.0.7 to 11.1.1 in /console (#1201)
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.7 to 11.1.1.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.0.7...v11.1.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jasmine from 3.6.2 to 3.6.3 in /console (#1200)
Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.2 to 3.6.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
* chore(deps-dev): bump @types/node from 14.14.21 to 14.14.22 in /console (#1199)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.21 to 14.14.22.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular-devkit/build-angular in /console (#1198)
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.7 to 0.1101.1.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
* chore(deps): bump angularx-qrcode from 10.0.11 to 11.0.0 in /console (#1197)
Bumps [angularx-qrcode](https://github.com/cordobo/angularx-qrcode) from 10.0.11 to 11.0.0.
- [Release notes](https://github.com/cordobo/angularx-qrcode/releases)
- [Commits](https://github.com/cordobo/angularx-qrcode/compare/10.0.11...11.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix pack lock
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: handle sequence correctly in subscription (#1209)
* fix: correct master after merges again (#1230)
* chore(docs): correct `iss` claim of jwt profile (#1229)
* core(docs): correct `iss` claim of jwt profile
* fix: correct master after merges again (#1230)
* feat(login): new palette based styles (#1149)
* chore(deps-dev): bump rollup from 2.33.2 to 2.34.0 in /site (#1040)
Bumps [rollup](https://github.com/rollup/rollup) from 2.33.2 to 2.34.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.33.2...v2.34.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump svelte-i18n from 3.2.5 to 3.3.0 in /site (#1039)
Bumps [svelte-i18n](https://github.com/kaisermann/svelte-i18n) from 3.2.5 to 3.3.0.
- [Release notes](https://github.com/kaisermann/svelte-i18n/releases)
- [Changelog](https://github.com/kaisermann/svelte-i18n/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kaisermann/svelte-i18n/compare/v3.2.5...v3.3.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @rollup/plugin-url from 5.0.1 to 6.0.0 in /site (#1038)
Bumps [@rollup/plugin-url](https://github.com/rollup/plugins) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Commits](https://github.com/rollup/plugins/compare/url-v5.0.1...url-v6.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump svelte from 3.29.7 to 3.30.1 in /site (#1037)
Bumps [svelte](https://github.com/sveltejs/svelte) from 3.29.7 to 3.30.1.
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/compare/v3.29.7...v3.30.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump marked from 1.2.4 to 1.2.5 in /site (#1036)
Bumps [marked](https://github.com/markedjs/marked) from 1.2.4 to 1.2.5.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js)
- [Commits](https://github.com/markedjs/marked/compare/v1.2.4...v1.2.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @babel/core from 7.12.3 to 7.12.9 in /site (#1035)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.3 to 7.12.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.9/packages/babel-core)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump rollup-plugin-svelte from 6.1.1 to 7.0.0 in /site (#1034)
Bumps [rollup-plugin-svelte](https://github.com/sveltejs/rollup-plugin-svelte) from 6.1.1 to 7.0.0.
- [Release notes](https://github.com/sveltejs/rollup-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/rollup-plugin-svelte/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/rollup-plugin-svelte/compare/v6.1.1...v7.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @rollup/plugin-commonjs in /site (#1033)
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins) from 15.1.0 to 17.0.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Commits](https://github.com/rollup/plugins/compare/commonjs-v15.1.0...commonjs-v17.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @rollup/plugin-node-resolve in /site (#1032)
Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins) from 10.0.0 to 11.0.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Commits](https://github.com/rollup/plugins/compare/node-resolve-v10.0.0...commonjs-v11.0.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @babel/preset-env from 7.12.1 to 7.12.7 in /site (#1031)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-preset-env)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* go
* bundle files, lgn-color, legacy theme
* remove old references
* light dark context, button styles, zitadel brand
* button theme, edit templates
* typography theme mixins
* input styles, container, extend light dark palette
* footer, palette, container
* container, label, assets, header
* action container, input, typography label, adapt button theme
* a and footer styles, adapt palette
* user log profile, resourcetempurl
* postinstall againnn
* wrochage
* rm local grpc
* button elevation, helper for components
* radio
* radio button mixins, bundle
* qr code styles, secret clipboard, icon pack
* stroked buttons, icon buttons, header action, typography
* fix password policy styles
* account selection
* account selection, lgn avatar
* mocks
* template fixes, animations scss
* checkbox, register temp
* checkbox appr
* fix checkbox, remove input interference
* select theme
* avatar script, user selection, password policy validation fix
* fix formfield state for register and change pwd
* footer, main style, qr code fix, mfa type fix, account sel, checkbox
* fotter tos, user select
* reverse buttons for intial submit action
* theme script, themed error messages, header img source
* content wrapper, i18n, mobile
* emptyline
* idp mixins, fix unstyled html
* register container
* register layout, list themes, policy theme, register org
* massive asset cleanup
* fix source path, add missing icon, fix complexity refs, prefix
* remove material icons, unused assets, fix icon font
* move icon pack
* avatar, contrast theme, error fix
* zitadel css map
* revert go mod
* fix mfa verify actions
* add idp styles
* fix google colors, idp styles
* fix: bugs
* fix register options, google
* fix script, mobile layout
* precompile font selection
* go mod tidy
* assets and cleanup
* input suffix, fix alignment, actions, add progress bar themes
* progress bar mixins, layout fixes
* remove test from loginname
* cleanup comments, scripts
* clear comments
* fix external back button
* fix mfa alignment
* fix actions layout, on dom change listener for suffix
* free tier change, success label
* fix: button font line-height
* remove tabindex
* remove comment
* remove comment
* Update internal/ui/login/handler/password_handler.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Maximilian Peintner <csaq7175@uibk.ac.at>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* chore(console): dependencies (#1233)
* chore(deps-dev): bump @angular-devkit/build-angular in /console (#1214)
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1101.1 to 0.1101.2.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump karma from 6.0.1 to 6.0.3 in /console (#1215)
Bumps [karma](https://github.com/karma-runner/karma) from 6.0.1 to 6.0.3.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v6.0.1...v6.0.3)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/language-service in /console (#1216)
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.1.1/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/cli from 11.1.1 to 11.1.2 in /console (#1217)
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.1.1 to 11.1.2.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.1.1...v11.1.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
* lock
* site deps
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: get email texts with default language (#1238)
* fix(login): mail verification (#1237)
* fix: mail verification
* not block, stroked
* fix: issues of new login ui (#1241)
* fix: i18n of register
* fix: autofocus
* feat(operator): zitadel and database operator (#1208)
* feat(operator): add base for zitadel operator
* fix(operator): changed pipeline to release operator
* fix(operator): fmt with only one parameter
* fix(operator): corrected workflow job name
* fix(zitadelctl): added restore and backuplist command
* fix(zitadelctl): scale for restore
* chore(container): use scratch for deploy container
* fix(zitadelctl): limit image to scratch
* fix(migration): added migration scripts for newer version
* fix(operator): changed handling of kubeconfig in operator logic
* fix(operator): changed handling of secrets in operator logic
* fix(operator): use new version of zitadel
* fix(operator): added path for migrations
* fix(operator): delete doublets of migration scripts
* fix(operator): delete subpaths and integrate logic into init container
* fix(operator): corrected path in dockerfile for local migrations
* fix(operator): added migrations for cockroachdb-secure
* fix(operator): delete logic for ambassador module
* fix(operator): added read and write secret commands
* fix(operator): correct and align operator pipeline with zitadel pipeline
* fix(operator): correct yaml error in operator pipeline
* fix(operator): correct action name in operator pipeline
* fix(operator): correct case-sensitive filename in operator pipeline
* fix(operator): upload artifacts from buildx output
* fix(operator): corrected attribute spelling error
* fix(operator): combined jobs for operator binary and image
* fix(operator): added missing comma in operator pipeline
* fix(operator): added codecov for operator image
* fix(operator): added codecov for operator image
* fix(testing): code changes for testing and several unit-tests (#1009)
* fix(operator): usage of interface of kubernetes client for testing and several unit-tests
* fix(operator): several unit-tests
* fix(operator): several unit-tests
* fix(operator): changed order for the operator logic
* fix(operator): added version of zitadelctl from semantic release
* fix(operator): corrected function call with version of zitadelctl
* fix(operator): corrected function call with version of zitadelctl
* fix(operator): add check output to operator release pipeline
* fix(operator): set --short length everywhere to 12
* fix(operator): zitadel setup in job instead of exec with several unit tests
* fix(operator): fixes to combine newest zitadel and testing branch
* fix(operator): corrected path in Dockerfile
* fix(operator): fixed unit-test that was ignored during changes
* fix(operator): fixed unit-test that was ignored during changes
* fix(operator): corrected Dockerfile to correctly use env variable
* fix(operator): quickfix takeoff deployment
* fix(operator): corrected the clusterrolename in the applied artifacts
* fix: update secure migrations
* fix(operator): migrations (#1057)
* fix(operator): copied migrations from orbos repository
* fix(operator): newest migrations
* chore: use cockroach-secure
* fix: rename migration
* fix: remove insecure cockroach migrations
Co-authored-by: Stefan Benz <stefan@caos.ch>
* fix: finalize labels
* fix(operator): cli logging concurrent and fixe deployment of operator during restore
* fix: finalize labels and cli commands
* fix: restore
* chore: cockroachdb is always secure
* chore: use orbos consistent-labels latest commit
* test: make tests compatible with new labels
* fix: default to sa token for start command
* fix: use cockroachdb v12.02
* fix: don't delete flyway user
* test: fix migration test
* fix: use correct table qualifiers
* fix: don't alter sequence ownership
* fix: upgrade flyway
* fix: change ownership of all dbs and tables to admin user
* fix: change defaultdb user
* fix: treat clientid status codes >= 400 as errors
* fix: reconcile specified ZITADEL version, not binary version
* fix: add ca-certs
* fix: use latest orbos code
* fix: use orbos with fixed race condition
* fix: use latest ORBOS code
* fix: use latest ORBOS code
* fix: make migration and scaling around restoring work
* fix(operator): move zitadel operator
* chore(migrations): include owner change migration
* feat(db): add code base for database operator
* fix(db): change used image registry for database operator
* fix(db): generated mock
* fix(db): add accidentally ignored file
* fix(db): add cockroachdb backup image to pipeline
* fix(db): correct pipeline and image versions
* fix(db): correct version of used orbos
* fix(db): correct database import
* fix(db): go mod tidy
* fix(db): use new version for orbos
* fix(migrations): include migrations into zitadelctl binary (#1211)
* fix(db): use statik to integrate migrations into binary
* fix(migrations): corrections unit tests and pipeline for integrated migrations into zitadelctl binary
* fix(migrations): correction in dockerfile for pipeline build
* fix(migrations): correction in dockerfile for pipeline build
* fix(migrations): dockerfile changes for cache optimization
* fix(database): correct used part-of label in database operator
* fix(database): correct used selectable label in zitadel operator
* fix(operator): correct lables for user secrets in zitadel operator
* fix(operator): correct lables for service test in zitadel operator
* fix: don't enable database features for user operations (#1227)
* fix: don't enable database features for user operations
* fix: omit database feature for connection info adapter
* fix: use latest orbos version
* fix: update ORBOS (#1240)
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* fix: usermemberships in authz (#1288)
* fix: usermemberships in authz
* fix: tests
* fix: migration
* fix: handler
* fix: my usermemberships (#1290)
* fix: my usermemberships
* frontend
Co-authored-by: Max Peintner <max@caos.ch>
* fix: my usermemberships (#1291)
* fix: my usermemberships
* fix: migration
* fix: migration (#1293)
* fix(login): chrome prefill, org register suffix offset, loginname overflow (#1292)
* fix: calculate offset, fix prefill
* fix loginname, displayname overflow
* feat: docs rehaul, fix missing context in console, quickstarts (#1212)
* onboarding components, routing, steps
* onboarding component, toc
* fix onboarding mixin
* header
* refactor docs
* fix layout
* cleanup routing
* docs routing
* fix conventions
* de en routing
* docs, guide contents, nav
* rem i18n support
* fix routing from docs
* rollup onwarn changes, preload
* update svelte plugin, update rollup config
* move docs
* revert img style, remove code table
* rem de completely
* rollup optim, template
* angular quickstart, quickstart overview page, update deps
* fix link
* pack, slug
* prefetch binding, hidden links
* export log
* guards route ch
* fix homepage
* angular docs
* docs
* resolve fsh
* overview
* docs
* docs
* packages fix race condition
* nav, home link
* add vue, aspnet
* doc optimizations
* embed status pal
* angular guide
* angular guide
* dotnet, angular guide
* viewbox
* typo
* block onboarding route for non iam writers
* set links from component data
* fix: fetch org context in guard, more main cnt (#1192)
* change get started guide, fix code blockquotes, typos
* flutter guide
* h2 spacing
* highlight strong
* plus
* rm start sublinks
* add proxy quickstart
* regex
* prevent outside click, fix project grant write
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix(console): auth guard, i18n (#1296)
* fix: auth guard, i18n
* Update console/src/app/guards/auth.guard.ts
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* feat(console): OIDC setup (#1272)
* feat: delete app
* radio button mods, i18n
* radio style, recommended flag
* fix form, emitter, module, styles
* app oidc
* form value change
* cleanup
* app grid, new app detail, redirect, i18n
* new uri format
* seperate uris
* cleanup export, create redirect
* fix custom two way binding, switch
* chore(deps): bump grpc from 1.24.3 to 1.24.5 in /console (#1287)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps): bump grpc from 1.24.3 to 1.24.5 in /console
Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.3 to 1.24.5.
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.3...grpc@1.24.5)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/node from 14.14.22 to 14.14.28 in /console (#1286)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump @types/node from 14.14.22 to 14.14.28 in /console
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.22 to 14.14.28.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular-devkit/build-angular from 0.1101.2 to 0.1102.0 in /console (#1285)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump @angular-devkit/build-angular in /console
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1101.2 to 0.1102.0.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump typescript from 4.0.5 to 4.0.7 in /console (#1284)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump typescript from 4.0.5 to 4.0.7 in /console
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.0.5 to 4.0.7.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.0.5...v4.0.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump karma from 6.0.3 to 6.1.1 in /console (#1283)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump karma from 6.0.3 to 6.1.1 in /console
Bumps [karma](https://github.com/karma-runner/karma) from 6.0.3 to 6.1.1.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v6.0.3...v6.1.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/language-service from 11.1.1 to 11.2.0 in /console (#1282)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump @angular/language-service in /console
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.1.1 to 11.2.0.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.2.0/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump stylelint from 13.9.0 to 13.10.0 in /console (#1281)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump stylelint from 13.9.0 to 13.10.0 in /console
Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.9.0 to 13.10.0.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/13.9.0...13.10.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/cli from 11.1.2 to 11.2.0 in /console (#1280)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump @angular/cli from 11.1.2 to 11.2.0 in /console
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.1.2 to 11.2.0.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.1.2...v11.2.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump stylelint-scss from 3.18.0 to 3.19.0 in /console (#1279)
* chore: add local migrate_local.go again (#1261)
* chore: pass params in migrate_local.go (#1264)
* fix: login policy bug (#1268)
* fix: permissions on login policy multifactors and secondfactors
* fix idp restriction
Co-authored-by: Max Peintner <max@caos.ch>
* fix: redirect after idp create (#1269)
* fix(pipeline): corrected and combined operator and zitadel release into combined workflow (#1273)
* fix(pipeline): combined operator and zitadel workflow to only release once
* fix(pipeline): add dev releases for zitadelctl
* fix(pipeline): delete unused name attribute
* fix(pipeline): corrected use of github token env-variable
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected download of artifacts to globally defined folder
* fix(pipeline): corrected ref to get branch name for release
* fix(pipeline): last corrections and use of different github action (#1270)
* fix(pipeline): corrected loop for dev release
* fix(pipeline): exclude tags from starting build workflow
* fix(pipeline): use different release create action for already existing release
* fix(pipeline): use correct name for release
* fix(pipeline): push image with branch name tag and replace slashes with underscores
* fix(pipeline): corrected indenting for yaml syntax
* fix(pipeline): corrected handling of branch name
* fix(pipeline): list artifacts after download
* fix(pipeline): use github env for artifacts folder
* fix(pipeline): replace slash with underscore in all jobs
* fix(pipeline): pre-calculate refs for all jobs
* fix(pipeline): corrected yaml indenting
* fix(pipeline): deleted missed step
* fix(pipeline): deleted unexpected input for dev-release
* fix(pipeline): corrected echo for version in refs job
* fix(pipeline): remove empty if in job
* chore(pipeline): use correct path to zitadelctl binaries (#1277)
* fix(pipeline): use correct version for zitadelctl build (#1278)
* chore(deps-dev): bump stylelint-scss from 3.18.0 to 3.19.0 in /console
Bumps [stylelint-scss](https://github.com/kristerkari/stylelint-scss) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/kristerkari/stylelint-scss/releases)
- [Changelog](https://github.com/kristerkari/stylelint-scss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kristerkari/stylelint-scss/compare/3.18.0...3.19.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix custom change, highlight current config, links
* info app-detail
* app card component
* applications list, fix project-grant-owner
* fix member write
* colorize warn in app
* redirect warnings
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/en.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* remove comments
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix: primary button color (#1297)
* fix: remove status, admin line width (#1298)
* feat: token introspection, api clients and auth method private_key_jwt (#1276)
* introspect
* testingapplication key
* date
* client keys
* fix client keys
* fix client keys
* access tokens only for users
* AuthMethodPrivateKeyJWT
* client keys
* set introspection info correctly
* managae apis
* update oidc pkg
* cleanup
* merge msater
* set current sequence in migration
* set current sequence in migration
* set current sequence in migration
* Apply suggestions from code review
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* DeleteAuthNKeysByObjectID
* ensure authn keys uptodate
* update oidc version
* merge master
* merge master
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* merge master
* fix: version of migration for auth keys
* merge master
* merge master
* fix step 11
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Waeger <49439088+michaelulrichwaeger@users.noreply.github.com>
Co-authored-by: Maximilian Peintner <csaq7175@uibk.ac.at>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
2021-02-18 12:41:55 +00:00
|
|
|
OIDCAuthMethodTypePrivateKeyJWT
|
2021-01-28 05:35:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Compliance struct {
|
|
|
|
|
NoneCompliant bool
|
|
|
|
|
Problems []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type OIDCTokenType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OIDCTokenTypeBearer OIDCTokenType = iota
|
|
|
|
|
OIDCTokenTypeJWT
|
|
|
|
|
)
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) IsValid() bool {
|
2021-05-19 07:17:38 +00:00
|
|
|
if a.ClockSkew > time.Second*5 || a.ClockSkew < time.Second*0 || !a.OriginsValid() {
|
2021-03-15 11:51:15 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2021-03-10 13:32:56 +00:00
|
|
|
grantTypes := a.getRequiredGrantTypes()
|
2021-03-19 17:46:26 +00:00
|
|
|
if len(grantTypes) == 0 {
|
|
|
|
|
return false
|
|
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
for _, grantType := range grantTypes {
|
2021-03-10 13:32:56 +00:00
|
|
|
ok := containsOIDCGrantType(a.GrantTypes, grantType)
|
2021-01-28 05:35:26 +00:00
|
|
|
if !ok {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-19 07:17:38 +00:00
|
|
|
func (a *OIDCApp) OriginsValid() bool {
|
|
|
|
|
for _, origin := range a.AdditionalOrigins {
|
2024-02-12 08:56:55 +00:00
|
|
|
if !http_util.IsOrigin(strings.TrimSpace(origin)) {
|
2021-05-19 07:17:38 +00:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 14:20:17 +00:00
|
|
|
func ContainsRequiredGrantTypes(responseTypes []OIDCResponseType, grantTypes []OIDCGrantType) bool {
|
2024-02-29 15:28:06 +00:00
|
|
|
required := RequiredOIDCGrantTypes(responseTypes, grantTypes)
|
2022-04-12 14:20:17 +00:00
|
|
|
return ContainsOIDCGrantTypes(required, grantTypes)
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-29 15:28:06 +00:00
|
|
|
func RequiredOIDCGrantTypes(responseTypes []OIDCResponseType, grantTypesSet []OIDCGrantType) (grantTypes []OIDCGrantType) {
|
2022-04-12 14:20:17 +00:00
|
|
|
var implicit bool
|
|
|
|
|
|
|
|
|
|
for _, r := range responseTypes {
|
2021-01-28 05:35:26 +00:00
|
|
|
switch r {
|
|
|
|
|
case OIDCResponseTypeCode:
|
2024-02-29 15:28:06 +00:00
|
|
|
// #5684 when "Device Code" is selected, "Authorization Code" is no longer a hard requirement
|
|
|
|
|
if !containsOIDCGrantType(grantTypesSet, OIDCGrantTypeDeviceCode) {
|
|
|
|
|
grantTypes = append(grantTypes, OIDCGrantTypeAuthorizationCode)
|
|
|
|
|
} else {
|
|
|
|
|
grantTypes = append(grantTypes, OIDCGrantTypeDeviceCode)
|
|
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
case OIDCResponseTypeIDToken, OIDCResponseTypeIDTokenToken:
|
|
|
|
|
if !implicit {
|
|
|
|
|
implicit = true
|
|
|
|
|
grantTypes = append(grantTypes, OIDCGrantTypeImplicit)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-04-12 14:20:17 +00:00
|
|
|
|
2021-01-28 05:35:26 +00:00
|
|
|
return grantTypes
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-12 14:20:17 +00:00
|
|
|
func (a *OIDCApp) getRequiredGrantTypes() []OIDCGrantType {
|
2024-02-29 15:28:06 +00:00
|
|
|
return RequiredOIDCGrantTypes(a.ResponseTypes, a.GrantTypes)
|
2022-04-12 14:20:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func ContainsOIDCGrantTypes(shouldContain, list []OIDCGrantType) bool {
|
|
|
|
|
for _, should := range shouldContain {
|
|
|
|
|
if !containsOIDCGrantType(list, should) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-28 05:35:26 +00:00
|
|
|
func containsOIDCGrantType(grantTypes []OIDCGrantType, grantType OIDCGrantType) bool {
|
|
|
|
|
for _, gt := range grantTypes {
|
|
|
|
|
if gt == grantType {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:32:56 +00:00
|
|
|
func (a *OIDCApp) FillCompliance() {
|
|
|
|
|
a.Compliance = GetOIDCCompliance(a.OIDCVersion, a.ApplicationType, a.GrantTypes, a.ResponseTypes, a.AuthMethodType, a.RedirectUris)
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
|
|
|
|
|
switch version {
|
|
|
|
|
case OIDCVersionV1:
|
|
|
|
|
return GetOIDCV1Compliance(appType, grantTypes, authMethod, redirectUris)
|
|
|
|
|
}
|
2021-11-26 06:57:05 +00:00
|
|
|
return &Compliance{
|
|
|
|
|
NoneCompliant: true,
|
|
|
|
|
Problems: []string{"Application.OIDC.UnsupportedVersion"},
|
|
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
|
|
|
|
|
compliance := &Compliance{NoneCompliant: false}
|
2021-11-26 06:57:05 +00:00
|
|
|
|
|
|
|
|
checkGrantTypesCombination(compliance, grantTypes)
|
|
|
|
|
checkRedirectURIs(compliance, grantTypes, appType, redirectUris)
|
2023-06-19 11:07:56 +00:00
|
|
|
checkApplicationType(compliance, appType, authMethod)
|
2021-11-26 06:57:05 +00:00
|
|
|
|
|
|
|
|
if compliance.NoneCompliant {
|
|
|
|
|
compliance.Problems = append([]string{"Application.OIDC.V1.NotCompliant"}, compliance.Problems...)
|
|
|
|
|
}
|
|
|
|
|
return compliance
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func checkGrantTypesCombination(compliance *Compliance, grantTypes []OIDCGrantType) {
|
2024-02-29 15:28:06 +00:00
|
|
|
if !containsOIDCGrantType(grantTypes, OIDCGrantTypeDeviceCode) && containsOIDCGrantType(grantTypes, OIDCGrantTypeRefreshToken) && !containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
|
2021-11-26 06:57:05 +00:00
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.GrantType.Refresh.NoAuthCode")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func checkRedirectURIs(compliance *Compliance, grantTypes []OIDCGrantType, appType OIDCApplicationType, redirectUris []string) {
|
2024-02-29 15:28:06 +00:00
|
|
|
// See #5684 for OIDCGrantTypeDeviceCode and redirectUris further explanation
|
|
|
|
|
if len(redirectUris) == 0 && (!containsOIDCGrantType(grantTypes, OIDCGrantTypeDeviceCode) || (containsOIDCGrantType(grantTypes, OIDCGrantTypeDeviceCode) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode))) {
|
2021-01-28 05:35:26 +00:00
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append([]string{"Application.OIDC.V1.NoRedirectUris"}, compliance.Problems...)
|
|
|
|
|
}
|
2021-11-26 06:57:05 +00:00
|
|
|
|
2021-01-28 05:35:26 +00:00
|
|
|
if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
|
|
|
|
|
CheckRedirectUrisImplicitAndCode(compliance, appType, redirectUris)
|
|
|
|
|
} else {
|
|
|
|
|
if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) {
|
|
|
|
|
CheckRedirectUrisImplicit(compliance, appType, redirectUris)
|
|
|
|
|
}
|
|
|
|
|
if containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
|
|
|
|
|
CheckRedirectUrisCode(compliance, appType, redirectUris)
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-11-26 06:57:05 +00:00
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
|
2023-06-19 11:07:56 +00:00
|
|
|
func checkApplicationType(compliance *Compliance, appType OIDCApplicationType, authMethod OIDCAuthMethodType) {
|
2021-01-28 05:35:26 +00:00
|
|
|
switch appType {
|
|
|
|
|
case OIDCApplicationTypeNative:
|
|
|
|
|
GetOIDCV1NativeApplicationCompliance(compliance, authMethod)
|
|
|
|
|
case OIDCApplicationTypeUserAgent:
|
|
|
|
|
GetOIDCV1UserAgentApplicationCompliance(compliance, authMethod)
|
|
|
|
|
}
|
|
|
|
|
if compliance.NoneCompliant {
|
|
|
|
|
compliance.Problems = append([]string{"Application.OIDC.V1.NotCompliant"}, compliance.Problems...)
|
|
|
|
|
}
|
2021-05-31 09:06:01 +00:00
|
|
|
}
|
|
|
|
|
|
2021-01-28 05:35:26 +00:00
|
|
|
func GetOIDCV1NativeApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
|
|
|
|
|
if authMethod != OIDCAuthMethodTypeNone {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.AuthMethodType.NotNone")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetOIDCV1UserAgentApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
|
|
|
|
|
if authMethod != OIDCAuthMethodTypeNone {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.UserAgent.AuthMethodType.NotNone")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func CheckRedirectUrisCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
|
|
|
|
|
if urlsAreHttps(redirectUris) {
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-05-03 07:07:54 +00:00
|
|
|
if urlContainsPrefix(redirectUris, http) {
|
|
|
|
|
if appType == OIDCApplicationTypeUserAgent {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
|
|
|
|
|
}
|
|
|
|
|
if appType == OIDCApplicationTypeNative && !onlyLocalhostIsHttp(redirectUris) {
|
|
|
|
|
compliance.NoneCompliant = true
|
2021-05-31 09:06:01 +00:00
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
|
2021-05-03 07:07:54 +00:00
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.CustomOnlyForNative")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func CheckRedirectUrisImplicit(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
|
|
|
|
|
if urlsAreHttps(redirectUris) {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if containsCustom(redirectUris) {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
|
|
|
|
|
}
|
|
|
|
|
if urlContainsPrefix(redirectUris, http) {
|
|
|
|
|
if appType == OIDCApplicationTypeNative {
|
|
|
|
|
if !onlyLocalhostIsHttp(redirectUris) {
|
|
|
|
|
compliance.NoneCompliant = true
|
2021-05-31 09:06:01 +00:00
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.HttpNotAllowed")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func CheckRedirectUrisImplicitAndCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
|
|
|
|
|
if urlsAreHttps(redirectUris) {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
|
|
|
|
|
}
|
2021-05-03 07:07:54 +00:00
|
|
|
if urlContainsPrefix(redirectUris, http) {
|
|
|
|
|
if appType == OIDCApplicationTypeUserAgent {
|
|
|
|
|
compliance.NoneCompliant = true
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
|
|
|
|
|
}
|
|
|
|
|
if !onlyLocalhostIsHttp(redirectUris) && appType == OIDCApplicationTypeNative {
|
|
|
|
|
compliance.NoneCompliant = true
|
2021-05-31 09:06:01 +00:00
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
|
2021-05-03 07:07:54 +00:00
|
|
|
}
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
if !compliance.NoneCompliant {
|
|
|
|
|
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.NotAllCombinationsAreAllowed")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func urlsAreHttps(uris []string) bool {
|
|
|
|
|
for _, uri := range uris {
|
|
|
|
|
if !strings.HasPrefix(uri, https) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func urlContainsPrefix(uris []string, prefix string) bool {
|
|
|
|
|
for _, uri := range uris {
|
|
|
|
|
if strings.HasPrefix(uri, prefix) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func containsCustom(uris []string) bool {
|
|
|
|
|
for _, uri := range uris {
|
|
|
|
|
if !strings.HasPrefix(uri, http) && !strings.HasPrefix(uri, https) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func onlyLocalhostIsHttp(uris []string) bool {
|
|
|
|
|
for _, uri := range uris {
|
2021-05-03 07:07:54 +00:00
|
|
|
if strings.HasPrefix(uri, http) && !isHTTPLoopbackLocalhost(uri) {
|
|
|
|
|
return false
|
2021-01-28 05:35:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
2021-05-03 07:07:54 +00:00
|
|
|
|
|
|
|
|
func isHTTPLoopbackLocalhost(uri string) bool {
|
|
|
|
|
return strings.HasPrefix(uri, httpLocalhostWithoutPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLocalhostWithPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV4WithoutPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV4WithPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV6WithoutPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV6WithPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV6LongWithoutPort) ||
|
|
|
|
|
strings.HasPrefix(uri, httpLoopbackV6LongWithPort)
|
|
|
|
|
}
|
2021-11-26 06:57:05 +00:00
|
|
|
|
|
|
|
|
func OIDCOriginAllowList(redirectURIs, additionalOrigins []string) ([]string, error) {
|
|
|
|
|
allowList := make([]string, 0)
|
|
|
|
|
for _, redirect := range redirectURIs {
|
|
|
|
|
origin, err := http_util.GetOriginFromURLString(redirect)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if !http_util.IsOriginAllowed(allowList, origin) {
|
|
|
|
|
allowList = append(allowList, origin)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for _, origin := range additionalOrigins {
|
|
|
|
|
if !http_util.IsOriginAllowed(allowList, origin) {
|
|
|
|
|
allowList = append(allowList, origin)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return allowList, nil
|
|
|
|
|
}
|