Merge branch 'main' into merge-main

2025-08-11 21:27:42 +00:00 · 2023-04-28 17:07:48 +02:00
parent 6bce14edad 39bdef35e7
commit 0a88b27bd0
208 changed files with 8047 additions and 970 deletions
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -233,6 +233,8 @@ OIDC:
      Path: /oidc/v1/end_session
    Keys:
      Path: /oauth/v2/keys
+    DeviceAuth:
+      Path: /oauth/v2/device_authorization

 SAML:
  ProviderConfig:
@@ -319,6 +321,8 @@ SystemDefaults:
    ApplicationKeySize: 2048
  Multifactors:
    OTP:
+      # If this is empty, the issuer is the requested domain
+      # This is helpful in scenarios with multiple ZITADEL environments or virtual instances
      Issuer: "ZITADEL"
  DomainVerification:
    VerificationGenerator:
@@ -394,6 +398,7 @@ Quotas:

 Eventstore:
  PushTimeout: 15s
+  AllowOrderByCreationDate: false

 DefaultInstance:
  InstanceName:
--- a/cmd/setup/03.go
+++ b/cmd/setup/03.go
@@ -76,6 +76,7 @@ func (mig *FirstInstance) Execute(ctx context.Context) error {
 		nil,
 		nil,
 		nil,
+		nil,
 	)

 	if err != nil {
--- a/cmd/setup/10.go
+++ b/cmd/setup/10.go
@@ -13,8 +13,12 @@ import (
 )

 var (
-	//go:embed 10.sql
-	correctCreationDate10 string
+	//go:embed 10_create_temp_table.sql
+	correctCreationDate10CreateTable string
+	//go:embed 10_fill_table.sql
+	correctCreationDate10FillTable string
+	//go:embed 10_update.sql
+	correctCreationDate10Update string
 )

 type CorrectCreationDate struct {
@@ -34,7 +38,17 @@ func (mig *CorrectCreationDate) Execute(ctx context.Context) (err error) {
 					return err
 				}
 			}
-			res, err := tx.ExecContext(ctx, correctCreationDate10)
+			_, err := tx.ExecContext(ctx, correctCreationDate10CreateTable)
+			if err != nil {
+				return err
+			}
+
+			_, err = tx.ExecContext(ctx, correctCreationDate10FillTable)
+			if err != nil {
+				return err
+			}
+
+			res, err := tx.ExecContext(ctx, correctCreationDate10Update)
 			if err != nil {
 				return err
 			}
--- a/cmd/setup/10_create_temp_table.sql
+++ b/cmd/setup/10_create_temp_table.sql
@@ -0,0 +1,6 @@
+CREATE temporary TABLE IF NOT EXISTS wrong_events (
+    instance_id TEXT
+    , event_sequence BIGINT
+    , current_cd TIMESTAMPTZ
+    , next_cd TIMESTAMPTZ
+);
--- a/cmd/setup/10_fill_table.sql
+++ b/cmd/setup/10_fill_table.sql
@@ -1,9 +1,4 @@
-CREATE temporary TABLE IF NOT EXISTS wrong_events (
-    instance_id TEXT
-    , event_sequence BIGINT
-    , current_cd TIMESTAMPTZ
-    , next_cd TIMESTAMPTZ
-);
+TRUNCATE wrong_events;

 INSERT INTO wrong_events (
    SELECT * FROM (
@@ -21,6 +16,4 @@ INSERT INTO wrong_events (
        current_cd < next_cd
    ORDER BY
        event_sequence DESC
-);
-
-UPDATE eventstore.events e SET creation_date = we.next_cd FROM wrong_events we WHERE e.event_sequence = we.event_sequence and e.instance_id = we.instance_id;
+);
--- a/cmd/setup/10_update.sql
+++ b/cmd/setup/10_update.sql
@@ -0,0 +1 @@
+UPDATE eventstore.events e SET creation_date = we.next_cd FROM wrong_events we WHERE e.event_sequence = we.event_sequence and e.instance_id = we.instance_id;
--- a/cmd/setup/cleanup.go
+++ b/cmd/setup/cleanup.go
@@ -0,0 +1,51 @@
+package setup
+
+import (
+	"context"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/migration"
+)
+
+func NewCleanup() *cobra.Command {
+	return &cobra.Command{
+		Use:   "cleanup",
+		Short: "cleans up migration if they got stuck",
+		Long:  `cleans up migration if they got stuck`,
+		Run: func(cmd *cobra.Command, args []string) {
+			config := MustNewConfig(viper.GetViper())
+			Cleanup(config)
+		},
+	}
+}
+
+func Cleanup(config *Config) {
+	ctx := context.Background()
+
+	logging.Info("cleanup started")
+
+	dbClient, err := database.Connect(config.Database, false)
+	logging.OnError(err).Fatal("unable to connect to database")
+
+	es, err := eventstore.Start(&eventstore.Config{Client: dbClient})
+	logging.OnError(err).Fatal("unable to start eventstore")
+	migration.RegisterMappers(es)
+
+	step, err := migration.LatestStep(ctx, es)
+	logging.OnError(err).Fatal("unable to query latest migration")
+
+	if step.BaseEvent.EventType != migration.StartedType {
+		logging.Info("there is no stuck migration please run `zitadel setup`")
+		return
+	}
+
+	logging.WithFields("name", step.Name).Info("cleanup migration")
+
+	err = migration.CancelStep(ctx, es, step)
+	logging.OnError(err).Fatal("cleanup migration failed please retry")
+}
--- a/cmd/setup/config_change.go
+++ b/cmd/setup/config_change.go
@@ -33,7 +33,8 @@ func (mig *externalConfigChange) Check() bool {
 }

 func (mig *externalConfigChange) Execute(ctx context.Context) error {
-	cmd, err := command.StartCommands(mig.es,
+	cmd, err := command.StartCommands(
+		mig.es,
 		systemdefaults.SystemDefaults{},
 		nil,
 		nil,
@@ -50,6 +51,7 @@ func (mig *externalConfigChange) Execute(ctx context.Context) error {
 		nil,
 		nil,
 		nil,
+		nil,
 	)

 	if err != nil {
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -45,6 +45,8 @@ Requirements:
 		},
 	}

+	cmd.AddCommand(NewCleanup())
+
 	Flags(cmd)

 	return cmd
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -12,14 +12,13 @@ import (
 	"syscall"
 	"time"

-	"github.com/zitadel/saml/pkg/provider"
-
 	clockpkg "github.com/benbjohnson/clock"
 	"github.com/gorilla/mux"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v2/pkg/op"
+	"github.com/zitadel/saml/pkg/provider"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"

@@ -116,7 +115,7 @@ func startZitadel(config *Config, masterKey string) error {
 		return fmt.Errorf("cannot start queries: %w", err)
 	}

-	authZRepo, err := authz.Start(queries, dbClient, keys.OIDC, config.ExternalSecure)
+	authZRepo, err := authz.Start(queries, dbClient, keys.OIDC, config.ExternalSecure, config.Eventstore.AllowOrderByCreationDate)
 	if err != nil {
 		return fmt.Errorf("error starting authz repo: %w", err)
 	}
@@ -147,6 +146,7 @@ func startZitadel(config *Config, masterKey string) error {
 		keys.OIDC,
 		keys.SAML,
 		&http.Client{},
+		authZRepo,
 	)
 	if err != nil {
 		return fmt.Errorf("cannot start commands: %w", err)
@@ -229,11 +229,11 @@ func startAPIs(
 	if err != nil {
 		return fmt.Errorf("error creating api %w", err)
 	}
-	authRepo, err := auth_es.Start(ctx, config.Auth, config.SystemDefaults, commands, queries, dbClient, eventstore, keys.OIDC, keys.User)
+	authRepo, err := auth_es.Start(ctx, config.Auth, config.SystemDefaults, commands, queries, dbClient, eventstore, keys.OIDC, keys.User, config.Eventstore.AllowOrderByCreationDate)
 	if err != nil {
 		return fmt.Errorf("error starting auth repo: %w", err)
 	}
-	adminRepo, err := admin_es.Start(ctx, config.Admin, store, dbClient, eventstore)
+	adminRepo, err := admin_es.Start(ctx, config.Admin, store, dbClient, eventstore, config.Eventstore.AllowOrderByCreationDate)
 	if err != nil {
 		return fmt.Errorf("error starting admin repo: %w", err)
 	}
@@ -249,7 +249,7 @@ func startAPIs(
 	if err := apis.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil {
 		return err
 	}
-	if err := apis.RegisterService(ctx, user.CreateServer(commands, queries)); err != nil {
+	if err := apis.RegisterService(ctx, user.CreateServer(commands, queries, keys.User)); err != nil {
 		return err
 	}
 	if err := apis.RegisterService(ctx, session.CreateServer(commands, queries)); err != nil {
@@ -294,6 +294,7 @@ func startAPIs(
 		return fmt.Errorf("unable to start login: %w", err)
 	}
 	apis.RegisterHandlerOnPrefix(login.HandlerPrefix, l.Handler())
+	apis.HandleFunc(login.EndpointDeviceAuth, login.RedirectDeviceAuthToPrefix)

 	// handle grpc at last to be able to handle the root, because grpc and gateway require a lot of different prefixes
 	apis.RouteGRPC()
				`@@ -0,0 +1 @@`
				`UPDATE eventstore.events e SET creation_date = we.next_cd FROM wrong_events we WHERE e.event_sequence = we.event_sequence and e.instance_id = we.instance_id;`