zitadel/internal/setup/step9.go

package setup

import (
	"context"

	"github.com/caos/logging"

	"github.com/caos/zitadel/internal/eventstore/models"
	es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
	iam_model "github.com/caos/zitadel/internal/iam/model"
	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)

type Step9 struct {
	Passwordless bool

	setup *Setup
}

func (step *Step9) isNil() bool {
	return step == nil
}

func (step *Step9) step() iam_model.Step {
	return iam_model.Step9
}

func (step *Step9) init(setup *Setup) {
	step.setup = setup
}

func (step *Step9) execute(ctx context.Context) (*iam_model.IAM, error) {
	if !step.Passwordless {
		return step.setup.IamEvents.IAMByID(ctx, step.setup.iamID)
	}
	iam, agg, err := step.setPasswordlessAllowedInPolicy(ctx)
	if err != nil {
		logging.Log("SETUP-Gdbjq").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")
		return nil, err
	}
	iam, agg2, err := step.addMFAToPolicy(ctx)
	if err != nil {
		logging.Log("SETUP-Gdbjq").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")
		return nil, err
	}
	agg.Events = append(agg.Events, agg2.Events...)
	iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())
	if err != nil {
		logging.Log("SETUP-Cnf21").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")
		return nil, err
	}
	err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)
	if err != nil {
		logging.Log("SETUP-NFq21").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
		return nil, err
	}
	return iam_es_model.IAMToModel(iam), nil
}

func (step *Step9) setPasswordlessAllowedInPolicy(ctx context.Context) (*iam_es_model.IAM, *models.Aggregate, error) {
	logging.Log("SETUP-DAd1h").Info("enabling passwordless in loginPolicy")
	iam, err := step.setup.IamEvents.IAMByID(ctx, step.setup.iamID)
	if err != nil {
		return nil, nil, err
	}
	iam.DefaultLoginPolicy.AggregateID = step.setup.iamID
	iam.DefaultLoginPolicy.PasswordlessType = iam_model.PasswordlessTypeAllowed
	return step.setup.IamEvents.PrepareChangeLoginPolicy(ctx, iam.DefaultLoginPolicy)
}

func (step *Step9) addMFAToPolicy(ctx context.Context) (*iam_es_model.IAM, *models.Aggregate, error) {
	logging.Log("SETUP-DAd1h").Info("adding MFA to loginPolicy")
	return step.setup.IamEvents.PrepareAddMultiFactorToLoginPolicy(ctx, step.setup.iamID, iam_model.MultiFactorTypeU2FWithPIN)
}
fix: passwordless (#1116) * fix passwordless session handling * only check passwordless when enabled in policy * set preferred user name in webauthn * fix tests * add passwordless in setup * fix(console): exclude credentials for passwordless (#1115) * fix: exclude creds * fix i18n type loginpolicy * fix enter on dialog input * remove arg Co-authored-by: Max Peintner <max@caos.ch> 2020-12-17 16:22:27 +01:00			`package setup`

			`import (`
			`"context"`

			`"github.com/caos/logging"`

			`"github.com/caos/zitadel/internal/eventstore/models"`
			`es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"`
			`iam_model "github.com/caos/zitadel/internal/iam/model"`
			`iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"`
			`)`

			`type Step9 struct {`
			`Passwordless bool`

			`setup *Setup`
			`}`

			`func (step *Step9) isNil() bool {`
			`return step == nil`
			`}`

			`func (step *Step9) step() iam_model.Step {`
			`return iam_model.Step9`
			`}`

			`func (step Step9) init(setup Setup) {`
			`step.setup = setup`
			`}`

			`func (step Step9) execute(ctx context.Context) (iam_model.IAM, error) {`
			`if !step.Passwordless {`
			`return step.setup.IamEvents.IAMByID(ctx, step.setup.iamID)`
			`}`
			`iam, agg, err := step.setPasswordlessAllowedInPolicy(ctx)`
			`if err != nil {`
			`logging.Log("SETUP-Gdbjq").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")`
			`return nil, err`
			`}`
			`iam, agg2, err := step.addMFAToPolicy(ctx)`
			`if err != nil {`
			`logging.Log("SETUP-Gdbjq").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")`
			`return nil, err`
			`}`
			`agg.Events = append(agg.Events, agg2.Events...)`
			`iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())`
			`if err != nil {`
			`logging.Log("SETUP-Cnf21").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")`
			`return nil, err`
			`}`
			`err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)`
			`if err != nil {`
			`logging.Log("SETUP-NFq21").WithField("step", step.step()).WithError(err).Error("unable to finish setup")`
			`return nil, err`
			`}`
			`return iam_es_model.IAMToModel(iam), nil`
			`}`

			`func (step Step9) setPasswordlessAllowedInPolicy(ctx context.Context) (iam_es_model.IAM, *models.Aggregate, error) {`
			`logging.Log("SETUP-DAd1h").Info("enabling passwordless in loginPolicy")`
			`iam, err := step.setup.IamEvents.IAMByID(ctx, step.setup.iamID)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`iam.DefaultLoginPolicy.AggregateID = step.setup.iamID`
			`iam.DefaultLoginPolicy.PasswordlessType = iam_model.PasswordlessTypeAllowed`
			`return step.setup.IamEvents.PrepareChangeLoginPolicy(ctx, iam.DefaultLoginPolicy)`
			`}`

			`func (step Step9) addMFAToPolicy(ctx context.Context) (iam_es_model.IAM, *models.Aggregate, error) {`
			`logging.Log("SETUP-DAd1h").Info("adding MFA to loginPolicy")`
			`return step.setup.IamEvents.PrepareAddMultiFactorToLoginPolicy(ctx, step.setup.iamID, iam_model.MultiFactorTypeU2FWithPIN)`
			`}`