From 08bfec66524ac84475b3b2544f77c7999c3059c3 Mon Sep 17 00:00:00 2001 From: Fabi <38692350+fgerschwiler@users.noreply.github.com> Date: Tue, 6 Apr 2021 16:03:07 +0200 Subject: [PATCH] fix: new es fix (#1532) * fix: handle ListMyProjectOrgsRequestToModel queries * fix: sort orgs for admin org list by org name * fix: features converters * fix: remove last role from user grant * fix: ensure limit * fix: ensure limit Co-authored-by: Livio Amstutz --- .../eventsourcing/eventstore/iam.go | 20 ++++++++-- .../eventsourcing/eventstore/org.go | 5 ++- internal/api/grpc/admin/features.go | 4 ++ internal/api/grpc/auth/user.go | 22 ++++++---- internal/api/grpc/features/features.go | 2 + internal/api/grpc/org/converter.go | 30 ++++++++++++++ .../eventsourcing/eventstore/org.go | 5 ++- .../eventsourcing/eventstore/user.go | 5 ++- .../eventsourcing/eventstore/user_grant.go | 21 +++++++--- internal/iam/model/iam_member_view.go | 10 ++++- internal/iam/model/idp_config_view.go | 10 ++++- internal/iam/model/idp_provider_view.go | 10 ++++- internal/key/model/authn_key.go | 10 ++++- internal/key/model/key_view.go | 8 +++- .../eventsourcing/eventstore/org.go | 20 ++++++++-- .../eventsourcing/eventstore/project.go | 40 +++++++++++++++---- .../eventsourcing/eventstore/user.go | 20 ++++++++-- .../eventsourcing/eventstore/user_grant.go | 5 ++- internal/org/model/domain_view.go | 10 ++++- internal/org/model/org_member_view.go | 9 ++++- internal/org/model/org_view.go | 10 ++++- internal/org/repository/view/org_view.go | 2 +- internal/project/model/application_view.go | 10 ++++- .../model/project_grant_member_view.go | 10 ++++- internal/project/model/project_grant_view.go | 10 ++++- internal/project/model/project_member_view.go | 10 ++++- internal/project/model/project_role_view.go | 10 ++++- internal/project/model/project_view.go | 10 ++++- internal/repository/features/features.go | 2 +- internal/repository/usergrant/user_grant.go | 2 +- internal/static/i18n/de.yaml | 2 + internal/static/i18n/en.yaml | 2 + internal/user/model/external_idp_view.go | 10 ++++- internal/user/model/token_view.go | 10 ++++- internal/user/model/user_membership_view.go | 10 ++++- internal/user/model/user_session_view.go | 10 ++++- internal/user/model/user_view.go | 8 +++- internal/usergrant/model/user_grant_view.go | 10 ++++- 38 files changed, 325 insertions(+), 79 deletions(-) diff --git a/internal/admin/repository/eventsourcing/eventstore/iam.go b/internal/admin/repository/eventsourcing/eventstore/iam.go index ce16efc228..dbee879fc0 100644 --- a/internal/admin/repository/eventsourcing/eventstore/iam.go +++ b/internal/admin/repository/eventsourcing/eventstore/iam.go @@ -37,7 +37,10 @@ func (repo *IAMRepository) IAMMemberByID(ctx context.Context, iamID, userID stri } func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestIAMMemberSequence() logging.Log("EVENT-Slkci").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence") members, count, err := repo.View.SearchIAMMembers(request) @@ -101,7 +104,10 @@ func (repo *IAMRepository) ExternalIDPsByIDPConfigIDFromDefaultPolicy(ctx contex } func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestIDPConfigSequence() logging.Log("EVENT-Dk8si").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest idp config sequence") idps, count, err := repo.View.SearchIDPConfigs(request) @@ -147,7 +153,10 @@ func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_mode } func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } request.AppendAggregateIDQuery(repo.SystemDefaults.IamID) sequence, err := repo.View.GetLatestIDPProviderSequence() logging.Log("EVENT-Tuiks").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence") @@ -307,7 +316,10 @@ func (repo *IAMRepository) GetDefaultMailTemplate(ctx context.Context) (*iam_mod } func (repo *IAMRepository) SearchIAMMembersx(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestIAMMemberSequence() logging.Log("EVENT-Slkci").OnError(err).Warn("could not read latest iam sequence") members, count, err := repo.View.SearchIAMMembers(request) diff --git a/internal/admin/repository/eventsourcing/eventstore/org.go b/internal/admin/repository/eventsourcing/eventstore/org.go index 300e043ea9..9bd22d7db0 100644 --- a/internal/admin/repository/eventsourcing/eventstore/org.go +++ b/internal/admin/repository/eventsourcing/eventstore/org.go @@ -54,7 +54,10 @@ func (repo *OrgRepo) OrgByID(ctx context.Context, id string) (*org_model.OrgView } func (repo *OrgRepo) SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) { - query.EnsureLimit(repo.SearchLimit) + err := query.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestOrgSequence() logging.Log("EVENT-LXo9w").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence") orgs, count, err := repo.View.SearchOrgs(query) diff --git a/internal/api/grpc/admin/features.go b/internal/api/grpc/admin/features.go index 159a2b4119..f8fe138e27 100644 --- a/internal/api/grpc/admin/features.go +++ b/internal/api/grpc/admin/features.go @@ -69,6 +69,8 @@ func setDefaultFeaturesRequestToDomain(req *admin_pb.SetDefaultFeaturesRequest) LoginPolicyPasswordless: req.LoginPolicyPasswordless, LoginPolicyRegistration: req.LoginPolicyRegistration, LoginPolicyUsernameLogin: req.LoginPolicyUsernameLogin, + PasswordComplexityPolicy: req.PasswordComplexityPolicy, + LabelPolicy: req.LabelPolicy, } } @@ -84,5 +86,7 @@ func setOrgFeaturesRequestToDomain(req *admin_pb.SetOrgFeaturesRequest) *domain. LoginPolicyPasswordless: req.LoginPolicyPasswordless, LoginPolicyRegistration: req.LoginPolicyRegistration, LoginPolicyUsernameLogin: req.LoginPolicyUsernameLogin, + PasswordComplexityPolicy: req.PasswordComplexityPolicy, + LabelPolicy: req.LabelPolicy, } } diff --git a/internal/api/grpc/auth/user.go b/internal/api/grpc/auth/user.go index 9531b25693..c3a6c0d18d 100644 --- a/internal/api/grpc/auth/user.go +++ b/internal/api/grpc/auth/user.go @@ -82,7 +82,11 @@ func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGr } func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProjectOrgsRequest) (*auth_pb.ListMyProjectOrgsResponse, error) { - res, err := s.repo.SearchMyProjectOrgs(ctx, ListMyProjectOrgsRequestToModel(req)) + r, err := ListMyProjectOrgsRequestToModel(req) + if err != nil { + return nil, err + } + res, err := s.repo.SearchMyProjectOrgs(ctx, r) if err != nil { return nil, err } @@ -93,12 +97,16 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje }, nil } -func ListMyProjectOrgsRequestToModel(req *auth_pb.ListMyProjectOrgsRequest) *grant_model.UserGrantSearchRequest { +func ListMyProjectOrgsRequestToModel(req *auth_pb.ListMyProjectOrgsRequest) (*grant_model.UserGrantSearchRequest, error) { offset, limit, asc := object.ListQueryToModel(req.Query) - return &grant_model.UserGrantSearchRequest{ - Offset: offset, - Limit: limit, - Asc: asc, - // Queries: queries,//TODO:user grant queries missing in proto + queries, err := org.OrgQueriesToUserGrantModel(req.Queries) + if err != nil { + return nil, err } + return &grant_model.UserGrantSearchRequest{ + Offset: offset, + Limit: limit, + Asc: asc, + Queries: queries, + }, nil } diff --git a/internal/api/grpc/features/features.go b/internal/api/grpc/features/features.go index c60f4e5ed6..e0fe88c9f3 100644 --- a/internal/api/grpc/features/features.go +++ b/internal/api/grpc/features/features.go @@ -21,6 +21,8 @@ func FeaturesFromModel(features *features_model.FeaturesView) *features_pb.Featu LoginPolicyPasswordless: features.LoginPolicyPasswordless, LoginPolicyRegistration: features.LoginPolicyRegistration, LoginPolicyUsernameLogin: features.LoginPolicyUsernameLogin, + PasswordComplexityPolicy: features.PasswordComplexityPolicy, + LabelPolicy: features.LabelPolicy, } } diff --git a/internal/api/grpc/org/converter.go b/internal/api/grpc/org/converter.go index 79c4f0c6d2..3beb22eef8 100644 --- a/internal/api/grpc/org/converter.go +++ b/internal/api/grpc/org/converter.go @@ -39,6 +39,36 @@ func OrgQueryToModel(query *org_pb.OrgQuery) (*org_model.OrgSearchQuery, error) } } +func OrgQueriesToUserGrantModel(queries []*org_pb.OrgQuery) (_ []*grant_model.UserGrantSearchQuery, err error) { + q := make([]*grant_model.UserGrantSearchQuery, len(queries)) + for i, query := range queries { + q[i], err = OrgQueryToUserGrantQueryModel(query) + if err != nil { + return nil, err + } + } + return q, nil +} + +func OrgQueryToUserGrantQueryModel(query *org_pb.OrgQuery) (*grant_model.UserGrantSearchQuery, error) { + switch q := query.Query.(type) { + case *org_pb.OrgQuery_DomainQuery: + return &grant_model.UserGrantSearchQuery{ + Key: grant_model.UserGrantSearchKeyOrgDomain, + Method: object.TextMethodToModel(q.DomainQuery.Method), + Value: q.DomainQuery.Domain, + }, nil + case *org_pb.OrgQuery_NameQuery: + return &grant_model.UserGrantSearchQuery{ + Key: grant_model.UserGrantSearchKeyOrgName, + Method: object.TextMethodToModel(q.NameQuery.Method), + Value: q.NameQuery.Name, + }, nil + default: + return nil, errors.ThrowInvalidArgument(nil, "ADMIN-ADvsd", "List.Query.Invalid") + } +} + func OrgViewsToPb(orgs []*org_model.OrgView) []*org_pb.Org { o := make([]*org_pb.Org, len(orgs)) for i, org := range orgs { diff --git a/internal/auth/repository/eventsourcing/eventstore/org.go b/internal/auth/repository/eventsourcing/eventstore/org.go index ebe59e21b8..a36c417b69 100644 --- a/internal/auth/repository/eventsourcing/eventstore/org.go +++ b/internal/auth/repository/eventsourcing/eventstore/org.go @@ -29,7 +29,10 @@ type OrgRepository struct { } func (repo *OrgRepository) SearchOrgs(ctx context.Context, request *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestOrgSequence() logging.Log("EVENT-7Udhz").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest org sequence") members, count, err := repo.View.SearchOrgs(request) diff --git a/internal/auth/repository/eventsourcing/eventstore/user.go b/internal/auth/repository/eventsourcing/eventstore/user.go index 6018cbda12..1c855bb5ed 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user.go +++ b/internal/auth/repository/eventsourcing/eventstore/user.go @@ -50,7 +50,10 @@ func (repo *UserRepo) MyProfile(ctx context.Context) (*model.Profile, error) { } func (repo *UserRepo) SearchMyExternalIDPs(ctx context.Context, request *model.ExternalIDPSearchRequest) (*model.ExternalIDPSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, seqErr := repo.View.GetLatestExternalIDPSequence() logging.Log("EVENT-5Jsi8").OnError(seqErr).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest user sequence") request.AppendUserQuery(authz.GetCtxData(ctx).UserID) diff --git a/internal/auth/repository/eventsourcing/eventstore/user_grant.go b/internal/auth/repository/eventsourcing/eventstore/user_grant.go index 27e19a75cc..f283514a80 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go +++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go @@ -27,7 +27,10 @@ type UserGrantRepo struct { } func (repo *UserGrantRepo) SearchMyUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, err := repo.View.GetLatestUserGrantSequence() logging.Log("EVENT-Hd7s3").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest user grant sequence") request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyUserID, Method: domain.SearchMethodEquals, Value: authz.GetCtxData(ctx).UserID}) @@ -49,12 +52,15 @@ func (repo *UserGrantRepo) SearchMyUserGrants(ctx context.Context, request *gran } func (repo *UserGrantRepo) SearchMyProjectOrgs(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } ctxData := authz.GetCtxData(ctx) if ctxData.ProjectID == "" { return nil, caos_errs.ThrowPreconditionFailed(nil, "APP-7lqva", "Could not get ProjectID") } - err := repo.AuthZRepo.FillIamProjectID(ctx) + err = repo.AuthZRepo.FillIamProjectID(ctx) if err != nil { return nil, err } @@ -94,7 +100,10 @@ func membershipsToOrgResp(memberships []*user_view_model.UserMembershipView, cou } func (repo *UserGrantRepo) SearchMyUserMemberships(ctx context.Context, request *user_model.UserMembershipSearchRequest) (*user_model.UserMembershipSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence() logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence") @@ -185,7 +194,9 @@ func (repo *UserGrantRepo) SearchMyProjectPermissions(ctx context.Context) ([]st } func (repo *UserGrantRepo) SearchAdminOrgs(request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) { - searchRequest := &org_model.OrgSearchRequest{} + searchRequest := &org_model.OrgSearchRequest{ + SortingColumn: org_model.OrgSearchKeyOrgName, + } if len(request.Queries) > 0 { for _, q := range request.Queries { if q.Key == grant_model.UserGrantSearchKeyOrgName { diff --git a/internal/iam/model/iam_member_view.go b/internal/iam/model/iam_member_view.go index 3eb7a177c1..593184a72d 100644 --- a/internal/iam/model/iam_member_view.go +++ b/internal/iam/model/iam_member_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -55,8 +57,12 @@ type IAMMemberSearchResponse struct { Timestamp time.Time } -func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-vn8ds", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/iam/model/idp_config_view.go b/internal/iam/model/idp_config_view.go index 8ef4875f75..948a8726fc 100644 --- a/internal/iam/model/idp_config_view.go +++ b/internal/iam/model/idp_config_view.go @@ -3,6 +3,8 @@ package model import ( "github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -59,10 +61,14 @@ type IDPConfigSearchResponse struct { Timestamp time.Time } -func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-Mv9sd", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *IDPConfigSearchRequest) AppendMyOrgQuery(orgID, iamID string) { diff --git a/internal/iam/model/idp_provider_view.go b/internal/iam/model/idp_provider_view.go index 62ae100784..4b2be75eb1 100644 --- a/internal/iam/model/idp_provider_view.go +++ b/internal/iam/model/idp_provider_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -51,10 +53,14 @@ type IDPProviderSearchResponse struct { Timestamp time.Time } -func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-3n8fs", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *IDPProviderSearchRequest) AppendAggregateIDQuery(aggregateID string) { diff --git a/internal/key/model/authn_key.go b/internal/key/model/authn_key.go index 1d279fc877..d7cd7de6a2 100644 --- a/internal/key/model/authn_key.go +++ b/internal/key/model/authn_key.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" "github.com/caos/zitadel/internal/eventstore/v1/models" @@ -90,10 +92,14 @@ type AuthNKeySearchResponse struct { Timestamp time.Time } -func (r *AuthNKeySearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *AuthNKeySearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-f9ids", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func DefaultExpiration() (time.Time, error) { diff --git a/internal/key/model/key_view.go b/internal/key/model/key_view.go index 9da325a68f..7ae0f23fd7 100644 --- a/internal/key/model/key_view.go +++ b/internal/key/model/key_view.go @@ -65,10 +65,14 @@ type KeySearchResponse struct { Result []*KeyView } -func (r *KeySearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *KeySearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return errors.ThrowInvalidArgument(nil, "SEARCH-Mf9sd", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func SigningKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*SigningKey, error) { diff --git a/internal/management/repository/eventsourcing/eventstore/org.go b/internal/management/repository/eventsourcing/eventstore/org.go index e0193594ca..dac7740ba0 100644 --- a/internal/management/repository/eventsourcing/eventstore/org.go +++ b/internal/management/repository/eventsourcing/eventstore/org.go @@ -73,7 +73,10 @@ func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*iam_model.Or } func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_model.OrgDomainSearchRequest) (*org_model.OrgDomainSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } request.Queries = append(request.Queries, &org_model.OrgDomainSearchQuery{Key: org_model.OrgDomainSearchKeyOrgID, Method: domain.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}) sequence, sequenceErr := repo.View.GetLatestOrgDomainSequence() logging.Log("EVENT-SLowp").OnError(sequenceErr).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest org domain sequence") @@ -123,7 +126,10 @@ func (repo *OrgRepository) OrgMemberByID(ctx context.Context, orgID, userID stri } func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_model.OrgMemberSearchRequest) (*org_model.OrgMemberSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } request.Queries = append(request.Queries, &org_model.OrgMemberSearchQuery{Key: org_model.OrgMemberSearchKeyOrgID, Method: domain.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}) sequence, sequenceErr := repo.View.GetLatestOrgMemberSequence() logging.Log("EVENT-Smu3d").OnError(sequenceErr).Warn("could not read latest org member sequence") @@ -163,7 +169,10 @@ func (repo *OrgRepository) IDPConfigByID(ctx context.Context, idpConfigID string } func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID) sequence, sequenceErr := repo.View.GetLatestIDPConfigSequence() @@ -295,7 +304,10 @@ func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_ } else { request.AppendAggregateIDQuery(authz.GetCtxData(ctx).OrgID) } - request.EnsureLimit(repo.SearchLimit) + err = request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestIDPProviderSequence() logging.Log("EVENT-Tuiks").OnError(sequenceErr).Warn("could not read latest iam sequence") providers, count, err := repo.View.SearchIDPProviders(request) diff --git a/internal/management/repository/eventsourcing/eventstore/project.go b/internal/management/repository/eventsourcing/eventstore/project.go index 73da85b87f..b624cf84f8 100644 --- a/internal/management/repository/eventsourcing/eventstore/project.go +++ b/internal/management/repository/eventsourcing/eventstore/project.go @@ -71,7 +71,10 @@ func (repo *ProjectRepo) ProjectByID(ctx context.Context, id string) (*proj_mode } func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model.ProjectViewSearchRequest) (*proj_model.ProjectViewSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestProjectSequence() logging.Log("EVENT-Edc56").OnError(sequenceErr).Warn("could not read latest project sequence") @@ -138,7 +141,10 @@ func (repo *ProjectRepo) ProjectMemberByID(ctx context.Context, projectID, userI } func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj_model.ProjectMemberSearchRequest) (*proj_model.ProjectMemberSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestProjectMemberSequence() logging.Log("EVENT-3dgt6").OnError(sequenceErr).Warn("could not read latest project member sequence") members, count, err := repo.View.SearchProjectMembers(request) @@ -159,7 +165,10 @@ func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj } func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID string, request *proj_model.ProjectRoleSearchRequest) (*proj_model.ProjectRoleSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } request.AppendProjectQuery(projectID) sequence, sequenceErr := repo.View.GetLatestProjectRoleSequence() logging.Log("LSp0d-47suf").OnError(sequenceErr).Warn("could not read latest project role sequence") @@ -235,7 +244,10 @@ func (repo *ProjectRepo) ApplicationByID(ctx context.Context, projectID, appID s } func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_model.ApplicationSearchRequest) (*proj_model.ApplicationSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestApplicationSequence() logging.Log("EVENT-SKe8s").OnError(sequenceErr).Warn("could not read latest application sequence") apps, count, err := repo.View.SearchApplications(request) @@ -276,7 +288,10 @@ func (repo *ProjectRepo) ApplicationChanges(ctx context.Context, projectID strin } func (repo *ProjectRepo) SearchClientKeys(ctx context.Context, request *key_model.AuthNKeySearchRequest) (*key_model.AuthNKeySearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestAuthNKeySequence() logging.Log("EVENT-ADwgw").OnError(sequenceErr).Warn("could not read latest authn key sequence") keys, count, err := repo.View.SearchAuthNKeys(request) @@ -342,7 +357,10 @@ func (repo *ProjectRepo) ProjectGrantsByProjectIDAndRoleKey(ctx context.Context, } func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence() logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence") projects, count, err := repo.View.SearchProjectGrants(request) @@ -363,7 +381,10 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_ } func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence() logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence") @@ -422,7 +443,10 @@ func (repo *ProjectRepo) ProjectGrantMemberByID(ctx context.Context, projectID, } func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request *proj_model.ProjectGrantMemberSearchRequest) (*proj_model.ProjectGrantMemberSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestProjectGrantMemberSequence() logging.Log("EVENT-Du8sk").OnError(sequenceErr).Warn("could not read latest project grant sequence") members, count, err := repo.View.SearchProjectGrantMembers(request) diff --git a/internal/management/repository/eventsourcing/eventstore/user.go b/internal/management/repository/eventsourcing/eventstore/user.go index 07b6cdffeb..945e230ad3 100644 --- a/internal/management/repository/eventsourcing/eventstore/user.go +++ b/internal/management/repository/eventsourcing/eventstore/user.go @@ -60,7 +60,10 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (*usr_model.UserV } func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest) (*usr_model.UserSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestUserSequence() logging.Log("EVENT-Lcn7d").OnError(sequenceErr).Warn("could not read latest user sequence") users, count, err := repo.View.SearchUsers(request) @@ -157,7 +160,10 @@ func (repo *UserRepo) ProfileByID(ctx context.Context, userID string) (*usr_mode } func (repo *UserRepo) SearchExternalIDPs(ctx context.Context, request *usr_model.ExternalIDPSearchRequest) (*usr_model.ExternalIDPSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, seqErr := repo.View.GetLatestExternalIDPSequence() logging.Log("EVENT-Qs7uf").OnError(seqErr).Warn("could not read latest external idp sequence") externalIDPS, count, err := repo.View.SearchExternalIDPs(request) @@ -202,7 +208,10 @@ func (repo *UserRepo) GetMachineKey(ctx context.Context, userID, keyID string) ( } func (repo *UserRepo) SearchMachineKeys(ctx context.Context, request *key_model.AuthNKeySearchRequest) (*key_model.AuthNKeySearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, seqErr := repo.View.GetLatestAuthNKeySequence() logging.Log("EVENT-Sk8fs").OnError(seqErr).Warn("could not read latest authn key sequence") keys, count, err := repo.View.SearchAuthNKeys(request) @@ -256,7 +265,10 @@ func (repo *UserRepo) AddressByID(ctx context.Context, userID string) (*usr_mode } func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_model.UserMembershipSearchRequest) (*usr_model.UserMembershipSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence() logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence") diff --git a/internal/management/repository/eventsourcing/eventstore/user_grant.go b/internal/management/repository/eventsourcing/eventstore/user_grant.go index 6c2ab8fcf0..9f4bc8daf9 100644 --- a/internal/management/repository/eventsourcing/eventstore/user_grant.go +++ b/internal/management/repository/eventsourcing/eventstore/user_grant.go @@ -58,7 +58,10 @@ func (repo *UserGrantRepo) UserGrantsByUserID(ctx context.Context, userID string } func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) { - request.EnsureLimit(repo.SearchLimit) + err := request.EnsureLimit(repo.SearchLimit) + if err != nil { + return nil, err + } sequence, sequenceErr := repo.View.GetLatestUserGrantSequence() logging.Log("EVENT-5Viwf").OnError(sequenceErr).Warn("could not read latest user grant sequence") diff --git a/internal/org/model/domain_view.go b/internal/org/model/domain_view.go index 1cb604e3ed..8aa2e0a928 100644 --- a/internal/org/model/domain_view.go +++ b/internal/org/model/domain_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -48,8 +50,12 @@ type OrgDomainSearchResponse struct { Timestamp time.Time } -func (r *OrgDomainSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *OrgDomainSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-38fhs", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/org/model/org_member_view.go b/internal/org/model/org_member_view.go index 27378e5314..3206cebae2 100644 --- a/internal/org/model/org_member_view.go +++ b/internal/org/model/org_member_view.go @@ -4,6 +4,7 @@ import ( "time" "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" ) type OrgMemberView struct { @@ -56,8 +57,12 @@ type OrgMemberSearchResponse struct { Timestamp time.Time } -func (r *OrgMemberSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *OrgMemberSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-77fu3", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/org/model/org_view.go b/internal/org/model/org_view.go index 4ba6b5fb89..3bc63f36a3 100644 --- a/internal/org/model/org_view.go +++ b/internal/org/model/org_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" "github.com/caos/zitadel/internal/eventstore/v1/models" @@ -52,10 +54,14 @@ type OrgSearchResult struct { Timestamp time.Time } -func (r *OrgSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *OrgSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-200ds", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func OrgViewToOrg(o *OrgView) *Org { diff --git a/internal/org/repository/view/org_view.go b/internal/org/repository/view/org_view.go index 178e6a5038..705abbf9c6 100644 --- a/internal/org/repository/view/org_view.go +++ b/internal/org/repository/view/org_view.go @@ -31,7 +31,7 @@ func OrgByPrimaryDomain(db *gorm.DB, table, primaryDomain string) (*model.OrgVie func SearchOrgs(db *gorm.DB, table string, req *org_model.OrgSearchRequest) ([]*model.OrgView, uint64, error) { orgs := make([]*model.OrgView, 0) - query := repository.PrepareSearchQuery(table, model.OrgSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries}) + query := repository.PrepareSearchQuery(table, model.OrgSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries, SortingColumn: req.SortingColumn}) count, err := query(db, &orgs) if err != nil { return nil, 0, err diff --git a/internal/project/model/application_view.go b/internal/project/model/application_view.go index 994cae2fc1..37db1ebc2e 100644 --- a/internal/project/model/application_view.go +++ b/internal/project/model/application_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -70,8 +72,12 @@ type ApplicationSearchResponse struct { Timestamp time.Time } -func (r *ApplicationSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ApplicationSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-3Mf8s", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/project/model/project_grant_member_view.go b/internal/project/model/project_grant_member_view.go index b51c5720c0..7aa41af0b9 100644 --- a/internal/project/model/project_grant_member_view.go +++ b/internal/project/model/project_grant_member_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -57,8 +59,12 @@ type ProjectGrantMemberSearchResponse struct { Timestamp time.Time } -func (r *ProjectGrantMemberSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ProjectGrantMemberSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-ZT8df", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/project/model/project_grant_view.go b/internal/project/model/project_grant_view.go index 3fd2f8883b..665f73d0b2 100644 --- a/internal/project/model/project_grant_view.go +++ b/internal/project/model/project_grant_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -77,8 +79,12 @@ func (r *ProjectGrantViewSearchRequest) AppendMyResourceOwnerQuery(orgID string) r.Queries = append(r.Queries, &ProjectGrantViewSearchQuery{Key: GrantedProjectSearchKeyResourceOwner, Method: domain.SearchMethodEquals, Value: orgID}) } -func (r *ProjectGrantViewSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ProjectGrantViewSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-2n8fS", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/project/model/project_member_view.go b/internal/project/model/project_member_view.go index bade990c68..959e6785a6 100644 --- a/internal/project/model/project_member_view.go +++ b/internal/project/model/project_member_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -55,10 +57,14 @@ type ProjectMemberSearchResponse struct { Timestamp time.Time } -func (r *ProjectMemberSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ProjectMemberSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-389Nd", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *ProjectMemberSearchRequest) AppendProjectQuery(projectID string) { r.Queries = append(r.Queries, &ProjectMemberSearchQuery{Key: ProjectMemberSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: projectID}) diff --git a/internal/project/model/project_role_view.go b/internal/project/model/project_role_view.go index 4289405606..1294785c17 100644 --- a/internal/project/model/project_role_view.go +++ b/internal/project/model/project_role_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -58,8 +60,12 @@ func (r *ProjectRoleSearchRequest) AppendProjectQuery(projectID string) { r.Queries = append(r.Queries, &ProjectRoleSearchQuery{Key: ProjectRoleSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: projectID}) } -func (r *ProjectRoleSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ProjectRoleSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-92hNf", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/project/model/project_view.go b/internal/project/model/project_view.go index d2c707c526..87273bb56b 100644 --- a/internal/project/model/project_view.go +++ b/internal/project/model/project_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -62,8 +64,12 @@ func (r *ProjectViewSearchRequest) AppendMyResourceOwnerQuery(orgID string) { r.Queries = append(r.Queries, &ProjectViewSearchQuery{Key: ProjectViewSearchKeyResourceOwner, Method: domain.SearchMethodEquals, Value: orgID}) } -func (r *ProjectViewSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ProjectViewSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-2M0ds", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/repository/features/features.go b/internal/repository/features/features.go index 915749f28d..00de8302f4 100644 --- a/internal/repository/features/features.go +++ b/internal/repository/features/features.go @@ -28,7 +28,7 @@ type FeaturesSetEvent struct { LoginPolicyIDP *bool `json:"loginPolicyIDP,omitempty"` LoginPolicyPasswordless *bool `json:"loginPolicyPasswordless,omitempty"` LoginPolicyRegistration *bool `json:"loginPolicyRegistration,omitempty"` - LoginPolicyUsernameLogin *bool `json:"loginPolicyUsername_login,omitempty"` + LoginPolicyUsernameLogin *bool `json:"loginPolicyUsernameLogin,omitempty"` PasswordComplexityPolicy *bool `json:"passwordComplexityPolicy,omitempty"` LabelPolicy *bool `json:"labelPolicy,omitempty"` } diff --git a/internal/repository/usergrant/user_grant.go b/internal/repository/usergrant/user_grant.go index d54dd2c7a6..ed3deaf8f2 100644 --- a/internal/repository/usergrant/user_grant.go +++ b/internal/repository/usergrant/user_grant.go @@ -87,7 +87,7 @@ func UserGrantAddedEventMapper(event *repository.Event) (eventstore.EventReader, type UserGrantChangedEvent struct { eventstore.BaseEvent `json:"-"` - RoleKeys []string `json:"roleKeys,omitempty"` + RoleKeys []string `json:"roleKeys"` } func (e *UserGrantChangedEvent) Data() interface{} { diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml index 106d8ecd57..3796f10e5b 100644 --- a/internal/static/i18n/de.yaml +++ b/internal/static/i18n/de.yaml @@ -4,6 +4,8 @@ Errors: OriginNotAllowed: Dieser "Origin" ist nicht freigeschaltet IDMissing: ID fehlt ResourceOwnerMissing: Organisation fehlt + Limit: + ExceedsDefault: Limit überschreitet default Limit User: NotFound: Benutzer konnte nicht gefunden werden AlreadyExists: Benutzer existierts bereits diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index eb207855f6..5eefed8f9f 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -4,6 +4,8 @@ Errors: OriginNotAllowed: This "Origin" is not allowed IDMissing: ID missing ResourceOwnerMissing: Resource Owner Organisation missing + Limit: + ExceedsDefault: Limit exceeds default limit User: NotFound: User could not be found AlreadyExists: User already exists diff --git a/internal/user/model/external_idp_view.go b/internal/user/model/external_idp_view.go index 7f4d9f078a..68d0b5038f 100644 --- a/internal/user/model/external_idp_view.go +++ b/internal/user/model/external_idp_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -50,10 +52,14 @@ type ExternalIDPSearchResponse struct { Timestamp time.Time } -func (r *ExternalIDPSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *ExternalIDPSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-3n8fM", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *ExternalIDPSearchRequest) AppendUserQuery(userID string) { diff --git a/internal/user/model/token_view.go b/internal/user/model/token_view.go index 7b76d0670d..2f797fbc73 100644 --- a/internal/user/model/token_view.go +++ b/internal/user/model/token_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -53,8 +55,12 @@ type TokenSearchResponse struct { Result []*Token } -func (r *TokenSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *TokenSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-M0fse", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/user/model/user_membership_view.go b/internal/user/model/user_membership_view.go index dd3d0f2787..ed4ce1c523 100644 --- a/internal/user/model/user_membership_view.go +++ b/internal/user/model/user_membership_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -65,10 +67,14 @@ type UserMembershipSearchResponse struct { Timestamp time.Time } -func (r *UserMembershipSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *UserMembershipSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-288fJ", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *UserMembershipSearchRequest) GetSearchQuery(key UserMembershipSearchKey) (int, *UserMembershipSearchQuery) { diff --git a/internal/user/model/user_session_view.go b/internal/user/model/user_session_view.go index b36d32e9c6..7e3d1b9193 100644 --- a/internal/user/model/user_session_view.go +++ b/internal/user/model/user_session_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" req_model "github.com/caos/zitadel/internal/auth_request/model" @@ -59,8 +61,12 @@ type UserSessionSearchResponse struct { Result []*UserSessionView } -func (r *UserSessionSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *UserSessionSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-27ifs", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go index 3bcd687949..1220cdf7f6 100644 --- a/internal/user/model/user_view.go +++ b/internal/user/model/user_view.go @@ -128,10 +128,14 @@ const ( GenderDiverse ) -func (r *UserSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *UserSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return errors.ThrowInvalidArgument(nil, "SEARCH-zz62F", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *UserSearchRequest) AppendMyOrgQuery(orgID string) { diff --git a/internal/usergrant/model/user_grant_view.go b/internal/usergrant/model/user_grant_view.go index 9d53e5db7a..b873c78e4e 100644 --- a/internal/usergrant/model/user_grant_view.go +++ b/internal/usergrant/model/user_grant_view.go @@ -2,6 +2,8 @@ package model import ( "github.com/caos/zitadel/internal/domain" + caos_errors "github.com/caos/zitadel/internal/errors" + "time" ) @@ -81,10 +83,14 @@ type UserGrantSearchResponse struct { Timestamp time.Time } -func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) { - if r.Limit == 0 || r.Limit > limit { +func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) error { + if r.Limit > limit { + return caos_errors.ThrowInvalidArgument(nil, "SEARCH-1N9ds", "Errors.Limit.ExceedsDefault") + } + if r.Limit == 0 { r.Limit = limit } + return nil } func (r *UserGrantSearchRequest) GetSearchQuery(key UserGrantSearchKey) (int, *UserGrantSearchQuery) {