mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 17:57:33 +00:00
feat: user v2alpha email API (#5708)
* chore(proto): update versions
* change protoc plugin
* some cleanups
* define api for setting emails in new api
* implement user.SetEmail
* move SetEmail buisiness logic into command
* resuse newCryptoCode
* command: add ChangeEmail unit tests
Not complete, was not able to mock the generator.
* Revert "resuse newCryptoCode"
This reverts commit c89e90ae35.
* undo change to crypto code generators
* command: use a generator so we can test properly
* command: reorganise ChangeEmail
improve test coverage
* implement VerifyEmail
including unit tests
* add URL template tests
* proto: change context to object
* remove old auth option
* remove old auth option
* fix linting errors
run gci on modified files
* add permission checks and fix some errors
* comments
* comments
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This commit is contained in:
Silvan
16
internal/protoc/protoc-gen-auth/auth_method_mapping.go.tmpl
Normal file
16
internal/protoc/protoc-gen-auth/auth_method_mapping.go.tmpl
Normal file
@@ -0,0 +1,16 @@
|
||||
// Code generated by protoc-gen-auth. DO NOT EDIT.
|
||||
|
||||
package {{.GoPackageName}}
|
||||
|
||||
import (
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
)
|
||||
|
||||
var {{.ServiceName}}_AuthMethods = authz.MethodMapping {
|
||||
{{ range $m := .AuthOptions}}
|
||||
{{$.ServiceName}}_{{$m.Name}}_FullMethodName: authz.Option{
|
||||
Permission: "{{$m.Permission}}",
|
||||
CheckParam: "{{$m.CheckFieldName}}",
|
||||
},
|
||||
{{ end}}
|
||||
}
|
||||
97
internal/protoc/protoc-gen-auth/main.go
Normal file
97
internal/protoc/protoc-gen-auth/main.go
Normal file
@@ -0,0 +1,97 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"text/template"
|
||||
|
||||
"google.golang.org/protobuf/compiler/protogen"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"google.golang.org/protobuf/types/descriptorpb"
|
||||
"google.golang.org/protobuf/types/pluginpb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/protoc/protoc-gen-authoption/authoption"
|
||||
)
|
||||
|
||||
var (
|
||||
//go:embed auth_method_mapping.go.tmpl
|
||||
authTemplate []byte
|
||||
)
|
||||
|
||||
type authMethods struct {
|
||||
GoPackageName string
|
||||
ProtoPackageName string
|
||||
ServiceName string
|
||||
AuthOptions []authOption
|
||||
}
|
||||
|
||||
type authOption struct {
|
||||
Name string
|
||||
Permission string
|
||||
CheckFieldName string
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
||||
input, _ := io.ReadAll(os.Stdin)
|
||||
var req pluginpb.CodeGeneratorRequest
|
||||
err := proto.Unmarshal(input, &req)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
opts := protogen.Options{}
|
||||
plugin, err := opts.New(&req)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
plugin.SupportedFeatures = uint64(pluginpb.CodeGeneratorResponse_FEATURE_PROTO3_OPTIONAL)
|
||||
|
||||
authTemp := loadTemplate(authTemplate)
|
||||
|
||||
for _, file := range plugin.Files {
|
||||
|
||||
var buf bytes.Buffer
|
||||
|
||||
var methods authMethods
|
||||
for _, service := range file.Services {
|
||||
methods.ServiceName = service.GoName
|
||||
methods.GoPackageName = string(file.GoPackageName)
|
||||
methods.ProtoPackageName = *file.Proto.Package
|
||||
for _, method := range service.Methods {
|
||||
if options := method.Desc.Options().(*descriptorpb.MethodOptions); options != nil {
|
||||
ext := proto.GetExtension(options, authoption.E_AuthOption).(*authoption.AuthOption)
|
||||
if ext != nil {
|
||||
methods.AuthOptions = append(methods.AuthOptions, authOption{Name: string(method.Desc.Name()), Permission: ext.Permission, CheckFieldName: ext.CheckFieldName})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(methods.AuthOptions) > 0 {
|
||||
authTemp.Execute(&buf, &methods)
|
||||
|
||||
filename := file.GeneratedFilenamePrefix + ".pb.authoptions.go"
|
||||
file := plugin.NewGeneratedFile(filename, ".")
|
||||
|
||||
file.Write(buf.Bytes())
|
||||
}
|
||||
}
|
||||
|
||||
// Generate a response from our plugin and marshall as protobuf
|
||||
stdout := plugin.Response()
|
||||
out, err := proto.Marshal(stdout)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Write the response to stdout, to be picked up by protoc
|
||||
fmt.Fprintf(os.Stdout, string(out))
|
||||
}
|
||||
|
||||
func loadTemplate(templateData []byte) *template.Template {
|
||||
return template.Must(template.New("").
|
||||
Parse(string(templateData)))
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
# protoc-gen-authoption
|
||||
|
||||
Proto options to annotate auth methods in protos
|
||||
|
||||
## Generate protos/templates
|
||||
protos: `go generate authoption/generate.go`
|
||||
templates/install: `go generate generate.go`
|
||||
|
||||
## Usage
|
||||
```
|
||||
// proto file
|
||||
import "authoption/options.proto";
|
||||
|
||||
service MyService {
|
||||
|
||||
rpc Hello(Hello) returns (google.protobuf.Empty) {
|
||||
option (google.api.http) = {
|
||||
get: "/hello"
|
||||
};
|
||||
|
||||
option (caos.zitadel.utils.v1.auth_option) = {
|
||||
zitadel_permission: "hello.read"
|
||||
zitadel_check_param: "id"
|
||||
};
|
||||
}
|
||||
|
||||
message Hello {
|
||||
string id = 1;
|
||||
}
|
||||
}
|
||||
```
|
||||
Caos Auth Option is used for granting groups
|
||||
On each zitadel role is specified which auth methods are allowed to call
|
||||
|
||||
Get protoc-get-authoption: ``go get github.com/zitadel/zitadel/internal/protoc/protoc-gen-authoption``
|
||||
|
||||
Protc-Flag: ``--authoption_out=.``
|
||||
@@ -1,4 +0,0 @@
|
||||
package main
|
||||
|
||||
//go:generate go-bindata -pkg main -o templates.gen.go templates
|
||||
//go:generate go install
|
||||
@@ -1,15 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
base "github.com/zitadel/zitadel/internal/protoc/protoc-base"
|
||||
"github.com/zitadel/zitadel/internal/protoc/protoc-gen-authoption/authoption"
|
||||
)
|
||||
|
||||
const (
|
||||
fileName = "%v.pb.authoptions.go"
|
||||
)
|
||||
|
||||
func main() {
|
||||
base.RegisterExtension(authoption.E_AuthOption)
|
||||
base.RunWithBaseTemplate(fileName, base.LoadTemplate(templatesAuth_method_mappingGoTmplBytes()))
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
// Code generated by protoc-gen-authmethod. DO NOT EDIT.
|
||||
|
||||
package {{.File.GoPkg.Name}}
|
||||
|
||||
|
||||
import (
|
||||
"google.golang.org/grpc"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
|
||||
)
|
||||
|
||||
{{ range $s := .File.Services }}
|
||||
|
||||
/**
|
||||
* {{$s.Name}}
|
||||
*/
|
||||
|
||||
const {{$s.Name}}_MethodPrefix = "{{$.File.Package}}.{{$s.Name}}"
|
||||
|
||||
var {{$s.Name}}_AuthMethods = authz.MethodMapping {
|
||||
{{ range $m := $s.Method}}
|
||||
{{ $mAuthOpt := option $m.Options "zitadel.v1.auth_option" }}
|
||||
{{ if and $mAuthOpt $mAuthOpt.Permission }}
|
||||
"/{{$.File.Package}}.{{$s.Name}}/{{.Name}}": authz.Option{
|
||||
Permission: "{{$mAuthOpt.Permission}}",
|
||||
CheckParam: "{{$mAuthOpt.CheckFieldName}}",
|
||||
},
|
||||
{{end}}
|
||||
{{ end}}
|
||||
}
|
||||
|
||||
{{ end }}
|
||||
Reference in New Issue
Block a user