2022-01-20 13:21:59 +01:00
package query
import (
"context"
"database/sql"
2024-05-28 10:59:49 +02:00
"errors"
2022-01-20 13:21:59 +01:00
"time"
sq "github.com/Masterminds/squirrel"
2023-06-20 18:23:28 +02:00
"github.com/zitadel/logging"
2022-03-23 09:02:39 +01:00
2022-04-27 01:01:45 +02:00
"github.com/zitadel/zitadel/internal/api/authz"
2023-02-27 22:36:43 +01:00
"github.com/zitadel/zitadel/internal/api/call"
2024-05-28 10:59:49 +02:00
"github.com/zitadel/zitadel/internal/database"
2022-04-27 01:01:45 +02:00
"github.com/zitadel/zitadel/internal/domain"
2022-06-14 07:51:00 +02:00
"github.com/zitadel/zitadel/internal/query/projection"
2022-12-01 09:18:53 +01:00
"github.com/zitadel/zitadel/internal/telemetry/tracing"
2023-12-08 16:30:55 +02:00
"github.com/zitadel/zitadel/internal/zerrors"
2022-01-20 13:21:59 +01:00
)
var (
userAuthMethodTable = table {
2022-10-27 08:08:36 +02:00
name : projection . UserAuthMethodTable ,
instanceIDCol : projection . UserAuthMethodInstanceIDCol ,
2022-01-20 13:21:59 +01:00
}
UserAuthMethodColumnTokenID = Column {
name : projection . UserAuthMethodTokenIDCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnCreationDate = Column {
name : projection . UserAuthMethodCreationDateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnChangeDate = Column {
name : projection . UserAuthMethodChangeDateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnResourceOwner = Column {
name : projection . UserAuthMethodResourceOwnerCol ,
table : userAuthMethodTable ,
}
2022-03-23 09:02:39 +01:00
UserAuthMethodColumnInstanceID = Column {
name : projection . UserAuthMethodInstanceIDCol ,
table : userAuthMethodTable ,
}
2022-01-20 13:21:59 +01:00
UserAuthMethodColumnUserID = Column {
name : projection . UserAuthMethodUserIDCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnSequence = Column {
name : projection . UserAuthMethodSequenceCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnName = Column {
name : projection . UserAuthMethodNameCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnState = Column {
name : projection . UserAuthMethodStateCol ,
table : userAuthMethodTable ,
}
UserAuthMethodColumnMethodType = Column {
name : projection . UserAuthMethodTypeCol ,
table : userAuthMethodTable ,
}
2022-11-30 17:01:17 +01:00
UserAuthMethodColumnOwnerRemoved = Column {
name : projection . UserAuthMethodOwnerRemovedCol ,
table : userAuthMethodTable ,
}
2023-06-20 18:23:28 +02:00
authMethodTypeTable = userAuthMethodTable . setAlias ( "auth_method_types" )
authMethodTypeUserID = UserAuthMethodColumnUserID . setTable ( authMethodTypeTable )
authMethodTypeInstanceID = UserAuthMethodColumnInstanceID . setTable ( authMethodTypeTable )
2024-05-28 10:59:49 +02:00
authMethodTypeType = UserAuthMethodColumnMethodType . setTable ( authMethodTypeTable )
authMethodTypeTypes = Column {
name : "method_types" ,
table : authMethodTypeTable ,
}
authMethodTypeState = UserAuthMethodColumnState . setTable ( authMethodTypeTable )
2023-06-20 18:23:28 +02:00
userIDPsCountTable = idpUserLinkTable . setAlias ( "user_idps_count" )
userIDPsCountUserID = IDPUserLinkUserIDCol . setTable ( userIDPsCountTable )
userIDPsCountInstanceID = IDPUserLinkInstanceIDCol . setTable ( userIDPsCountTable )
userIDPsCountCount = Column {
name : "count" ,
table : userIDPsCountTable ,
}
2023-07-14 13:16:16 +02:00
2023-07-20 06:06:16 +02:00
forceMFATable = loginPolicyTable . setAlias ( "auth_methods_force_mfa" )
forceMFAInstanceID = LoginPolicyColumnInstanceID . setTable ( forceMFATable )
forceMFAOrgID = LoginPolicyColumnOrgID . setTable ( forceMFATable )
forceMFAIsDefault = LoginPolicyColumnIsDefault . setTable ( forceMFATable )
forceMFAForce = LoginPolicyColumnForceMFA . setTable ( forceMFATable )
forceMFAForceLocalOnly = LoginPolicyColumnForceMFALocalOnly . setTable ( forceMFATable )
2022-01-20 13:21:59 +01:00
)
type AuthMethods struct {
SearchResponse
AuthMethods [ ] * AuthMethod
}
2023-06-20 18:23:28 +02:00
2022-01-20 13:21:59 +01:00
type AuthMethod struct {
UserID string
CreationDate time . Time
ChangeDate time . Time
ResourceOwner string
State domain . MFAState
Sequence uint64
TokenID string
Name string
Type domain . UserAuthMethodType
}
2023-06-20 18:23:28 +02:00
type AuthMethodTypes struct {
SearchResponse
AuthMethodTypes [ ] domain . UserAuthMethodType
}
2022-01-20 13:21:59 +01:00
type UserAuthMethodSearchQueries struct {
SearchRequest
Queries [ ] SearchQuery
}
2022-11-30 17:01:17 +01:00
func ( q * Queries ) SearchUserAuthMethods ( ctx context . Context , queries * UserAuthMethodSearchQueries , withOwnerRemoved bool ) ( userAuthMethods * AuthMethods , err error ) {
2022-12-01 09:18:53 +01:00
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
2023-02-27 22:36:43 +01:00
query , scan := prepareUserAuthMethodsQuery ( ctx , q . client )
2022-11-30 17:01:17 +01:00
eq := sq . Eq { UserAuthMethodColumnInstanceID . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) }
if ! withOwnerRemoved {
eq [ UserAuthMethodColumnOwnerRemoved . identifier ( ) ] = false
}
stmt , args , err := queries . toQuery ( query ) . Where ( eq ) . ToSql ( )
2022-01-20 13:21:59 +01:00
if err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-j9NJd" , "Errors.Query.InvalidRequest" )
2022-01-20 13:21:59 +01:00
}
2023-08-22 14:49:02 +02:00
err = q . client . QueryContext ( ctx , func ( rows * sql . Rows ) error {
userAuthMethods , err = scan ( rows )
return err
} , stmt , args ... )
2022-01-20 13:21:59 +01:00
if err != nil {
return nil , err
}
2023-10-19 12:19:10 +02:00
userAuthMethods . State , err = q . latestState ( ctx , userAuthMethodTable )
2022-01-20 13:21:59 +01:00
return userAuthMethods , err
}
2023-11-21 14:11:38 +02:00
func ( q * Queries ) ListActiveUserAuthMethodTypes ( ctx context . Context , userID string ) ( userAuthMethodTypes * AuthMethodTypes , err error ) {
2023-06-20 18:23:28 +02:00
ctxData := authz . GetCtxData ( ctx )
if ctxData . UserID != userID {
if err := q . checkPermission ( ctx , domain . PermissionUserRead , ctxData . OrgID , userID ) ; err != nil {
return nil , err
}
}
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
query , scan := prepareActiveUserAuthMethodTypesQuery ( ctx , q . client )
eq := sq . Eq {
UserIDCol . identifier ( ) : userID ,
UserInstanceIDCol . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) ,
}
stmt , args , err := query . Where ( eq ) . ToSql ( )
if err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-Sfdrg" , "Errors.Query.InvalidRequest" )
2023-06-20 18:23:28 +02:00
}
2023-08-22 14:49:02 +02:00
err = q . client . QueryContext ( ctx , func ( rows * sql . Rows ) error {
userAuthMethodTypes , err = scan ( rows )
return err
} , stmt , args ... )
2023-06-20 18:23:28 +02:00
if err != nil {
return nil , err
}
2023-10-19 12:19:10 +02:00
userAuthMethodTypes . State , err = q . latestState ( ctx , userTable , notifyTable , userAuthMethodTable , idpUserLinkTable )
2023-06-20 18:23:28 +02:00
return userAuthMethodTypes , err
}
2024-05-23 07:35:10 +02:00
type UserAuthMethodRequirements struct {
UserType domain . UserType
AuthMethods [ ] domain . UserAuthMethodType
ForceMFA bool
ForceMFALocalOnly bool
}
func ( q * Queries ) ListUserAuthMethodTypesRequired ( ctx context . Context , userID string ) ( requirements * UserAuthMethodRequirements , err error ) {
2023-07-14 13:16:16 +02:00
ctxData := authz . GetCtxData ( ctx )
if ctxData . UserID != userID {
if err := q . checkPermission ( ctx , domain . PermissionUserRead , ctxData . OrgID , userID ) ; err != nil {
2024-05-23 07:35:10 +02:00
return nil , err
2023-07-14 13:16:16 +02:00
}
}
ctx , span := tracing . NewSpan ( ctx )
defer func ( ) { span . EndWithError ( err ) } ( )
query , scan := prepareUserAuthMethodTypesRequiredQuery ( ctx , q . client )
eq := sq . Eq {
UserIDCol . identifier ( ) : userID ,
UserInstanceIDCol . identifier ( ) : authz . GetInstance ( ctx ) . InstanceID ( ) ,
}
stmt , args , err := query . Where ( eq ) . ToSql ( )
if err != nil {
2024-05-23 07:35:10 +02:00
return nil , zerrors . ThrowInvalidArgument ( err , "QUERY-E5ut4" , "Errors.Query.InvalidRequest" )
2023-07-14 13:16:16 +02:00
}
2024-05-28 10:59:49 +02:00
err = q . client . QueryRowContext ( ctx , func ( row * sql . Row ) error {
requirements , err = scan ( row )
2023-08-22 14:49:02 +02:00
return err
} , stmt , args ... )
if err != nil {
2024-05-23 07:35:10 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-Dun75" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
2024-05-23 07:35:10 +02:00
return requirements , nil
2023-07-14 13:16:16 +02:00
}
2022-01-20 13:21:59 +01:00
func NewUserAuthMethodUserIDSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnUserID , value , TextEquals )
}
func NewUserAuthMethodTokenIDSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnTokenID , value , TextEquals )
}
func NewUserAuthMethodResourceOwnerSearchQuery ( value string ) ( SearchQuery , error ) {
return NewTextQuery ( UserAuthMethodColumnResourceOwner , value , TextEquals )
}
func NewUserAuthMethodTypeSearchQuery ( value domain . UserAuthMethodType ) ( SearchQuery , error ) {
return NewNumberQuery ( UserAuthMethodColumnMethodType , value , NumberEquals )
}
2022-01-21 09:27:57 +01:00
func NewUserAuthMethodStateSearchQuery ( value domain . MFAState ) ( SearchQuery , error ) {
return NewNumberQuery ( UserAuthMethodColumnState , value , NumberEquals )
}
2022-01-20 13:21:59 +01:00
func NewUserAuthMethodTypesSearchQuery ( values ... domain . UserAuthMethodType ) ( SearchQuery , error ) {
list := make ( [ ] interface { } , len ( values ) )
for i , value := range values {
list [ i ] = value
}
return NewListQuery ( UserAuthMethodColumnMethodType , list , ListIn )
}
func ( r * UserAuthMethodSearchQueries ) AppendResourceOwnerQuery ( orgID string ) error {
query , err := NewUserAuthMethodResourceOwnerSearchQuery ( orgID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendUserIDQuery ( userID string ) error {
query , err := NewUserAuthMethodUserIDSearchQuery ( userID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendTokenIDQuery ( tokenID string ) error {
query , err := NewUserAuthMethodTokenIDSearchQuery ( tokenID )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
2022-01-21 09:27:57 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendStateQuery ( state domain . MFAState ) error {
query , err := NewUserAuthMethodStateSearchQuery ( state )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
2022-01-20 13:21:59 +01:00
func ( r * UserAuthMethodSearchQueries ) AppendAuthMethodQuery ( authMethod domain . UserAuthMethodType ) error {
query , err := NewUserAuthMethodTypeSearchQuery ( authMethod )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( r * UserAuthMethodSearchQueries ) AppendAuthMethodsQuery ( authMethod ... domain . UserAuthMethodType ) error {
query , err := NewUserAuthMethodTypesSearchQuery ( authMethod ... )
if err != nil {
return err
}
r . Queries = append ( r . Queries , query )
return nil
}
func ( q * UserAuthMethodSearchQueries ) toQuery ( query sq . SelectBuilder ) sq . SelectBuilder {
query = q . SearchRequest . toQuery ( query )
for _ , q := range q . Queries {
query = q . toQuery ( query )
}
return query
}
2023-02-27 22:36:43 +01:00
func prepareUserAuthMethodsQuery ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Rows ) ( * AuthMethods , error ) ) {
2022-01-20 13:21:59 +01:00
return sq . Select (
UserAuthMethodColumnTokenID . identifier ( ) ,
UserAuthMethodColumnCreationDate . identifier ( ) ,
UserAuthMethodColumnChangeDate . identifier ( ) ,
UserAuthMethodColumnResourceOwner . identifier ( ) ,
UserAuthMethodColumnUserID . identifier ( ) ,
UserAuthMethodColumnSequence . identifier ( ) ,
UserAuthMethodColumnName . identifier ( ) ,
UserAuthMethodColumnState . identifier ( ) ,
UserAuthMethodColumnMethodType . identifier ( ) ,
countColumn . identifier ( ) ) .
2023-02-27 22:36:43 +01:00
From ( userAuthMethodTable . identifier ( ) + db . Timetravel ( call . Took ( ctx ) ) ) .
PlaceholderFormat ( sq . Dollar ) ,
2022-01-20 13:21:59 +01:00
func ( rows * sql . Rows ) ( * AuthMethods , error ) {
userAuthMethods := make ( [ ] * AuthMethod , 0 )
var count uint64
for rows . Next ( ) {
authMethod := new ( AuthMethod )
err := rows . Scan (
& authMethod . TokenID ,
& authMethod . CreationDate ,
& authMethod . ChangeDate ,
& authMethod . ResourceOwner ,
& authMethod . UserID ,
& authMethod . Sequence ,
& authMethod . Name ,
& authMethod . State ,
& authMethod . Type ,
& count ,
)
if err != nil {
return nil , err
}
userAuthMethods = append ( userAuthMethods , authMethod )
}
if err := rows . Close ( ) ; err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-3n9fl" , "Errors.Query.CloseRows" )
2022-01-20 13:21:59 +01:00
}
return & AuthMethods {
AuthMethods : userAuthMethods ,
SearchResponse : SearchResponse {
Count : count ,
} ,
} , nil
}
}
2023-06-20 18:23:28 +02:00
func prepareActiveUserAuthMethodTypesQuery ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Rows ) ( * AuthMethodTypes , error ) ) {
2023-07-14 13:16:16 +02:00
authMethodsQuery , authMethodsArgs , err := prepareAuthMethodQuery ( )
2023-06-20 18:23:28 +02:00
if err != nil {
return sq . SelectBuilder { } , nil
}
2023-07-14 13:16:16 +02:00
idpsQuery , err := prepareAuthMethodsIDPsQuery ( )
2023-06-20 18:23:28 +02:00
if err != nil {
return sq . SelectBuilder { } , nil
}
return sq . Select (
NotifyPasswordSetCol . identifier ( ) ,
2024-05-28 10:59:49 +02:00
authMethodTypeType . identifier ( ) ,
2023-06-20 18:23:28 +02:00
userIDPsCountCount . identifier ( ) ) .
From ( userTable . identifier ( ) ) .
LeftJoin ( join ( NotifyUserIDCol , UserIDCol ) ) .
LeftJoin ( "(" + authMethodsQuery + ") AS " + authMethodTypeTable . alias + " ON " +
authMethodTypeUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
authMethodTypeInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ,
authMethodsArgs ... ) .
LeftJoin ( "(" + idpsQuery + ") AS " + userIDPsCountTable . alias + " ON " +
userIDPsCountUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
userIDPsCountInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) + db . Timetravel ( call . Took ( ctx ) ) ) .
PlaceholderFormat ( sq . Dollar ) ,
func ( rows * sql . Rows ) ( * AuthMethodTypes , error ) {
userAuthMethodTypes := make ( [ ] domain . UserAuthMethodType , 0 )
var passwordSet sql . NullBool
var idp sql . NullInt64
for rows . Next ( ) {
var authMethodType sql . NullInt16
err := rows . Scan (
& passwordSet ,
& authMethodType ,
& idp ,
)
if err != nil {
return nil , err
}
if authMethodType . Valid {
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodType ( authMethodType . Int16 ) )
}
}
if passwordSet . Valid && passwordSet . Bool {
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodTypePassword )
}
if idp . Valid && idp . Int64 > 0 {
logging . Error ( "IDP" , idp . Int64 )
userAuthMethodTypes = append ( userAuthMethodTypes , domain . UserAuthMethodTypeIDP )
}
if err := rows . Close ( ) ; err != nil {
2023-12-08 16:30:55 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-3n9fl" , "Errors.Query.CloseRows" )
2023-06-20 18:23:28 +02:00
}
return & AuthMethodTypes {
AuthMethodTypes : userAuthMethodTypes ,
SearchResponse : SearchResponse {
Count : uint64 ( len ( userAuthMethodTypes ) ) ,
} ,
} , nil
}
}
2023-07-14 13:16:16 +02:00
2024-05-28 10:59:49 +02:00
func prepareUserAuthMethodTypesRequiredQuery ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * UserAuthMethodRequirements , error ) ) {
2023-07-14 13:16:16 +02:00
loginPolicyQuery , err := prepareAuthMethodsForceMFAQuery ( )
if err != nil {
return sq . SelectBuilder { } , nil
}
2024-05-28 10:59:49 +02:00
authMethodsQuery , authMethodsArgs , err := prepareAggAuthMethodsQuery ( )
2023-07-14 13:16:16 +02:00
if err != nil {
return sq . SelectBuilder { } , nil
}
idpsQuery , err := prepareAuthMethodsIDPsQuery ( )
if err != nil {
return sq . SelectBuilder { } , nil
}
return sq . Select (
NotifyPasswordSetCol . identifier ( ) ,
authMethodTypeTypes . identifier ( ) ,
userIDPsCountCount . identifier ( ) ,
2024-05-23 07:35:10 +02:00
UserTypeCol . identifier ( ) ,
2023-07-20 06:06:16 +02:00
forceMFAForce . identifier ( ) ,
forceMFAForceLocalOnly . identifier ( ) ) .
2023-07-14 13:16:16 +02:00
From ( userTable . identifier ( ) ) .
LeftJoin ( join ( NotifyUserIDCol , UserIDCol ) ) .
LeftJoin ( "(" + authMethodsQuery + ") AS " + authMethodTypeTable . alias + " ON " +
authMethodTypeUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
authMethodTypeInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ,
authMethodsArgs ... ) .
LeftJoin ( "(" + idpsQuery + ") AS " + userIDPsCountTable . alias + " ON " +
userIDPsCountUserID . identifier ( ) + " = " + UserIDCol . identifier ( ) + " AND " +
userIDPsCountInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ) .
LeftJoin ( "(" + loginPolicyQuery + ") AS " + forceMFATable . alias + " ON " +
"(" + forceMFAOrgID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) + " OR " + forceMFAOrgID . identifier ( ) + " = " + UserResourceOwnerCol . identifier ( ) + ") AND " +
2024-05-28 10:59:49 +02:00
forceMFAInstanceID . identifier ( ) + " = " + UserInstanceIDCol . identifier ( ) ) .
OrderBy ( forceMFAIsDefault . identifier ( ) ) .
Limit ( 1 ) .
2023-07-14 13:16:16 +02:00
PlaceholderFormat ( sq . Dollar ) ,
2024-05-28 10:59:49 +02:00
func ( row * sql . Row ) ( * UserAuthMethodRequirements , error ) {
2023-07-14 13:16:16 +02:00
var passwordSet sql . NullBool
2024-05-28 10:59:49 +02:00
var authMethodTypes database . NumberArray [ domain . UserAuthMethodType ]
2023-07-14 13:16:16 +02:00
var idp sql . NullInt64
2024-05-23 07:35:10 +02:00
var userType sql . NullInt32
2023-07-14 13:16:16 +02:00
var forceMFA sql . NullBool
2023-07-20 06:06:16 +02:00
var forceMFALocalOnly sql . NullBool
2024-05-28 10:59:49 +02:00
err := row . Scan (
& passwordSet ,
& authMethodTypes ,
& idp ,
& userType ,
& forceMFA ,
& forceMFALocalOnly ,
)
if err != nil {
if errors . Is ( err , sql . ErrNoRows ) {
return nil , zerrors . ThrowNotFound ( err , "QUERY-SF3h2" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
2024-05-28 10:59:49 +02:00
return nil , zerrors . ThrowInternal ( err , "QUERY-Sf3rt" , "Errors.Internal" )
2023-07-14 13:16:16 +02:00
}
if passwordSet . Valid && passwordSet . Bool {
2024-05-28 10:59:49 +02:00
authMethodTypes = append ( authMethodTypes , domain . UserAuthMethodTypePassword )
2023-07-14 13:16:16 +02:00
}
if idp . Valid && idp . Int64 > 0 {
2024-05-28 10:59:49 +02:00
authMethodTypes = append ( authMethodTypes , domain . UserAuthMethodTypeIDP )
2023-07-14 13:16:16 +02:00
}
2024-05-23 07:35:10 +02:00
return & UserAuthMethodRequirements {
UserType : domain . UserType ( userType . Int32 ) ,
2024-05-28 10:59:49 +02:00
AuthMethods : authMethodTypes ,
2024-05-23 07:35:10 +02:00
ForceMFA : forceMFA . Bool ,
ForceMFALocalOnly : forceMFALocalOnly . Bool ,
} , nil
2023-07-14 13:16:16 +02:00
}
}
func prepareAuthMethodsIDPsQuery ( ) ( string , error ) {
idpsQuery , _ , err := sq . Select (
userIDPsCountUserID . identifier ( ) ,
userIDPsCountInstanceID . identifier ( ) ,
"COUNT(" + userIDPsCountUserID . identifier ( ) + ") AS " + userIDPsCountCount . name ) .
From ( userIDPsCountTable . identifier ( ) ) .
GroupBy (
userIDPsCountUserID . identifier ( ) ,
userIDPsCountInstanceID . identifier ( ) ,
) .
ToSql ( )
return idpsQuery , err
}
func prepareAuthMethodQuery ( ) ( string , [ ] interface { } , error ) {
return sq . Select (
2024-05-28 10:59:49 +02:00
"DISTINCT(" + authMethodTypeType . identifier ( ) + ")" ,
authMethodTypeUserID . identifier ( ) ,
authMethodTypeInstanceID . identifier ( ) ) .
From ( authMethodTypeTable . identifier ( ) ) .
Where ( sq . Eq { authMethodTypeState . identifier ( ) : domain . MFAStateReady } ) .
ToSql ( )
}
func prepareAggAuthMethodsQuery ( ) ( string , [ ] interface { } , error ) {
return sq . Select (
"array_agg(DISTINCT(" + authMethodTypeType . identifier ( ) + ")) as method_types" ,
2023-07-14 13:16:16 +02:00
authMethodTypeUserID . identifier ( ) ,
authMethodTypeInstanceID . identifier ( ) ) .
From ( authMethodTypeTable . identifier ( ) ) .
Where ( sq . Eq { authMethodTypeState . identifier ( ) : domain . MFAStateReady } ) .
2024-05-28 10:59:49 +02:00
GroupBy ( authMethodTypeInstanceID . identifier ( ) , authMethodTypeUserID . identifier ( ) ) .
2023-07-14 13:16:16 +02:00
ToSql ( )
}
func prepareAuthMethodsForceMFAQuery ( ) ( string , error ) {
loginPolicyQuery , _ , err := sq . Select (
forceMFAForce . identifier ( ) ,
2023-07-20 06:06:16 +02:00
forceMFAForceLocalOnly . identifier ( ) ,
2023-07-14 13:16:16 +02:00
forceMFAInstanceID . identifier ( ) ,
forceMFAOrgID . identifier ( ) ,
2024-05-28 10:59:49 +02:00
forceMFAIsDefault . identifier ( ) ,
2023-07-14 13:16:16 +02:00
) .
From ( forceMFATable . identifier ( ) ) .
ToSql ( )
return loginPolicyQuery , err
}