mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 07:57:32 +00:00
fix: handle default org id (#3769)
This commit is contained in:
Livio Amstutz
@@ -18,6 +18,7 @@ type Instance interface {
|
||||
RequestedDomain() string
|
||||
RequestedHost() string
|
||||
DefaultLanguage() language.Tag
|
||||
DefaultOrganisationID() string
|
||||
}
|
||||
|
||||
type InstanceVerifier interface {
|
||||
@@ -25,15 +26,16 @@ type InstanceVerifier interface {
|
||||
}
|
||||
|
||||
type instance struct {
|
||||
ID string
|
||||
Domain string
|
||||
id string
|
||||
domain string
|
||||
projectID string
|
||||
appID string
|
||||
clientID string
|
||||
orgID string
|
||||
}
|
||||
|
||||
func (i *instance) InstanceID() string {
|
||||
return i.ID
|
||||
return i.id
|
||||
}
|
||||
|
||||
func (i *instance) ProjectID() string {
|
||||
@@ -49,17 +51,21 @@ func (i *instance) ConsoleApplicationID() string {
|
||||
}
|
||||
|
||||
func (i *instance) RequestedDomain() string {
|
||||
return i.Domain
|
||||
return i.domain
|
||||
}
|
||||
|
||||
func (i *instance) RequestedHost() string {
|
||||
return i.Domain
|
||||
return i.domain
|
||||
}
|
||||
|
||||
func (i *instance) DefaultLanguage() language.Tag {
|
||||
return language.Und
|
||||
}
|
||||
|
||||
func (i *instance) DefaultOrganisationID() string {
|
||||
return i.orgID
|
||||
}
|
||||
|
||||
func GetInstance(ctx context.Context) Instance {
|
||||
instance, ok := ctx.Value(instanceKey).(Instance)
|
||||
if !ok {
|
||||
@@ -73,7 +79,7 @@ func WithInstance(ctx context.Context, instance Instance) context.Context {
|
||||
}
|
||||
|
||||
func WithInstanceID(ctx context.Context, id string) context.Context {
|
||||
return context.WithValue(ctx, instanceKey, &instance{ID: id})
|
||||
return context.WithValue(ctx, instanceKey, &instance{id: id})
|
||||
}
|
||||
|
||||
func WithRequestedDomain(ctx context.Context, domain string) context.Context {
|
||||
@@ -82,7 +88,7 @@ func WithRequestedDomain(ctx context.Context, domain string) context.Context {
|
||||
i = new(instance)
|
||||
}
|
||||
|
||||
i.Domain = domain
|
||||
i.domain = domain
|
||||
return context.WithValue(ctx, instanceKey, i)
|
||||
}
|
||||
|
||||
|
||||
@@ -88,6 +88,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
|
||||
return language.English
|
||||
}
|
||||
|
||||
func (m *mockInstance) DefaultOrganisationID() string {
|
||||
return "orgID"
|
||||
}
|
||||
|
||||
func (m *mockInstance) RequestedDomain() string {
|
||||
return "zitadel.cloud"
|
||||
}
|
||||
|
||||
@@ -17,6 +17,21 @@ func (s *Server) IsOrgUnique(ctx context.Context, req *admin_pb.IsOrgUniqueReque
|
||||
return &admin_pb.IsOrgUniqueResponse{IsUnique: isUnique}, err
|
||||
}
|
||||
|
||||
func (s *Server) SetDefaultOrg(ctx context.Context, req *admin_pb.SetDefaultOrgRequest) (*admin_pb.SetDefaultOrgResponse, error) {
|
||||
details, err := s.command.SetDefaultOrg(ctx, req.OrgId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &admin_pb.SetDefaultOrgResponse{
|
||||
Details: object.DomainToChangeDetailsPb(details),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetDefaultOrg(ctx context.Context, _ *admin_pb.GetDefaultOrgRequest) (*admin_pb.GetDefaultOrgResponse, error) {
|
||||
org, err := s.query.OrgByID(ctx, authz.GetInstance(ctx).DefaultOrganisationID())
|
||||
return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, err
|
||||
}
|
||||
|
||||
func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) {
|
||||
org, err := s.query.OrgByID(ctx, req.Id)
|
||||
if err != nil {
|
||||
|
||||
@@ -12,7 +12,8 @@ func (s *Server) GetIAM(ctx context.Context, _ *mgmt_pb.GetIAMRequest) (*mgmt_pb
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.GetIAMResponse{
|
||||
GlobalOrgId: iam.GlobalOrgID,
|
||||
GlobalOrgId: iam.DefaultOrgID,
|
||||
DefaultOrgId: iam.DefaultOrgID,
|
||||
IamProjectId: iam.IAMProjectID,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -213,7 +213,7 @@ func (s *Server) ListOrgMemberRoles(ctx context.Context, _ *mgmt_pb.ListOrgMembe
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
|
||||
roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.DefaultOrgID)
|
||||
return &mgmt_pb.ListOrgMemberRolesResponse{
|
||||
Result: roles,
|
||||
}, nil
|
||||
|
||||
@@ -182,6 +182,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
|
||||
return language.English
|
||||
}
|
||||
|
||||
func (m *mockInstance) DefaultOrganisationID() string {
|
||||
return "orgID"
|
||||
}
|
||||
|
||||
func (m *mockInstance) RequestedDomain() string {
|
||||
return "localhost"
|
||||
}
|
||||
|
||||
@@ -266,6 +266,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
|
||||
return language.English
|
||||
}
|
||||
|
||||
func (m *mockInstance) DefaultOrganisationID() string {
|
||||
return "orgID"
|
||||
}
|
||||
|
||||
func (m *mockInstance) RequestedDomain() string {
|
||||
return "zitadel.cloud"
|
||||
}
|
||||
|
||||
@@ -16,12 +16,9 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte
|
||||
if resourceOwner == "" {
|
||||
resourceOwner = config.AggregateID
|
||||
}
|
||||
if resourceOwner == authz.GetInstance(ctx).InstanceID() {
|
||||
iam, err := l.query.Instance(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resourceOwner = iam.GlobalOrgID
|
||||
instance := authz.GetInstance(ctx)
|
||||
if resourceOwner == instance.InstanceID() {
|
||||
resourceOwner = instance.DefaultOrganisationID()
|
||||
}
|
||||
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostAuthentication, resourceOwner)
|
||||
if err != nil {
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/zitadel/oidc/v2/pkg/oidc"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
@@ -204,32 +205,26 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
|
||||
if errors.IsNotFound(err) {
|
||||
err = nil
|
||||
}
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
|
||||
resourceOwner = authReq.RequestedOrgID
|
||||
}
|
||||
|
||||
orgIAMPolicy, err := l.getOrgDomainPolicy(r, resourceOwner)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
|
||||
human, idpLinking, _ := l.mapExternalUserToLoginUser(orgIAMPolicy, externalUser, idpConfig)
|
||||
if !idpConfig.AutoRegister {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, orgIAMPolicy, human, idpLinking, err)
|
||||
return
|
||||
}
|
||||
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, orgIAMPolicy, human, idpLinking, err)
|
||||
return
|
||||
}
|
||||
l.handleAutoRegister(w, r, authReq)
|
||||
@@ -249,20 +244,15 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
|
||||
l.renderNextStep(w, r, authReq)
|
||||
}
|
||||
|
||||
func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, iam *query.Instance, orgIAMPolicy *query.DomainPolicy, human *domain.Human, externalIDP *domain.UserIDPLink, err error) {
|
||||
func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgIAMPolicy *query.DomainPolicy, human *domain.Human, externalIDP *domain.UserIDPLink, err error) {
|
||||
var errID, errMessage string
|
||||
if err != nil {
|
||||
errID, errMessage = l.getErrorMessage(r, err)
|
||||
}
|
||||
if orgIAMPolicy == nil {
|
||||
iam, err = l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderError(w, r, authReq, err)
|
||||
return
|
||||
}
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
|
||||
resourceOwner = authReq.RequestedOrgID
|
||||
}
|
||||
|
||||
@@ -317,7 +307,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
|
||||
data := new(externalNotFoundOptionFormData)
|
||||
authReq, err := l.getAuthRequestAndParseData(r, data)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
if data.Link {
|
||||
@@ -327,7 +317,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
|
||||
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
|
||||
err = l.authRepo.ResetLinkingUsers(r.Context(), authReq.ID, userAgentID)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
}
|
||||
l.handleLogin(w, r)
|
||||
return
|
||||
@@ -336,29 +326,23 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
|
||||
}
|
||||
|
||||
func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
memberRoles := []string{domain.RoleSelfManagementGlobal}
|
||||
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
|
||||
memberRoles = nil
|
||||
resourceOwner = authReq.RequestedOrgID
|
||||
}
|
||||
|
||||
orgIamPolicy, err := l.getOrgDomainPolicy(r, resourceOwner)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
|
||||
idpConfig, err := l.authRepo.GetIDPConfigByID(r.Context(), authReq.SelectedIDPConfigID)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, nil, nil, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -371,12 +355,12 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR
|
||||
user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, linkingUser, idpConfig)
|
||||
user, metadata, err = l.customExternalUserToLoginUserMapping(user, nil, authReq, idpConfig, metadata, resourceOwner)
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, nil, nil, err)
|
||||
return
|
||||
}
|
||||
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, memberRoles, authReq.ID, userAgentID, resourceOwner, metadata, domain.BrowserInfoFromRequest(r))
|
||||
if err != nil {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, user, externalIDP, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, user, externalIDP, err)
|
||||
return
|
||||
}
|
||||
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"github.com/zitadel/oidc/v2/pkg/oidc"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
iam_model "github.com/zitadel/zitadel/internal/iam/model"
|
||||
@@ -111,12 +112,7 @@ func (l *Login) handleExternalRegisterCallback(w http.ResponseWriter, r *http.Re
|
||||
}
|
||||
|
||||
func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, idpConfig *iam_model.IDPConfigView, userAgentID string, tokens *oidc.Tokens) {
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderRegisterOption(w, r, authReq, err)
|
||||
return
|
||||
}
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
if authReq.RequestedOrgID != "" {
|
||||
resourceOwner = authReq.RequestedOrgID
|
||||
}
|
||||
@@ -134,11 +130,11 @@ func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Reques
|
||||
l.renderExternalRegisterOverview(w, r, authReq, orgIamPolicy, user, externalIDP, nil)
|
||||
return
|
||||
}
|
||||
l.registerExternalUser(w, r, authReq, iam, user, externalIDP)
|
||||
l.registerExternalUser(w, r, authReq, user, externalIDP)
|
||||
}
|
||||
|
||||
func (l *Login) registerExternalUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, iam *query.Instance, user *domain.Human, externalIDP *domain.UserIDPLink) {
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
func (l *Login) registerExternalUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, user *domain.Human, externalIDP *domain.UserIDPLink) {
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
memberRoles := []string{domain.RoleSelfManagementGlobal}
|
||||
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
|
||||
@@ -204,15 +200,10 @@ func (l *Login) handleExternalRegisterCheck(w http.ResponseWriter, r *http.Reque
|
||||
return
|
||||
}
|
||||
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderRegisterOption(w, r, authReq, err)
|
||||
return
|
||||
}
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
memberRoles := []string{domain.RoleSelfManagementGlobal}
|
||||
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
|
||||
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
|
||||
memberRoles = nil
|
||||
resourceOwner = authReq.RequestedOrgID
|
||||
}
|
||||
|
||||
@@ -112,7 +112,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
|
||||
err = nil
|
||||
}
|
||||
if !idpConfig.AutoRegister {
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
return
|
||||
}
|
||||
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
|
||||
|
||||
@@ -98,10 +98,13 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
|
||||
data := l.getUserData(r, authReq, "Login", errID, errMessage)
|
||||
funcs := map[string]interface{}{
|
||||
"hasUsernamePasswordLogin": func() bool {
|
||||
return authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword
|
||||
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword
|
||||
},
|
||||
"hasExternalLogin": func() bool {
|
||||
return authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowExternalIDP && authReq.AllowedExternalIDPs != nil && len(authReq.AllowedExternalIDPs) > 0
|
||||
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowExternalIDP && authReq.AllowedExternalIDPs != nil && len(authReq.AllowedExternalIDPs) > 0
|
||||
},
|
||||
"hasRegistration": func() bool {
|
||||
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowRegister
|
||||
},
|
||||
}
|
||||
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLogin], data, funcs)
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
caos_errs "github.com/zitadel/zitadel/internal/errors"
|
||||
@@ -61,16 +62,11 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) {
|
||||
l.renderRegister(w, r, authRequest, data, err)
|
||||
return
|
||||
}
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderRegister(w, r, authRequest, data, err)
|
||||
return
|
||||
}
|
||||
|
||||
resourceOwner := iam.GlobalOrgID
|
||||
resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
memberRoles := []string{domain.RoleSelfManagementGlobal}
|
||||
|
||||
if authRequest != nil && authRequest.RequestedOrgID != "" && authRequest.RequestedOrgID != iam.GlobalOrgID {
|
||||
if authRequest != nil && authRequest.RequestedOrgID != "" && authRequest.RequestedOrgID != resourceOwner {
|
||||
memberRoles = nil
|
||||
resourceOwner = authRequest.RequestedOrgID
|
||||
}
|
||||
@@ -114,10 +110,6 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
|
||||
if formData.Language == "" {
|
||||
formData.Language = l.renderer.ReqLang(translator, r).String()
|
||||
}
|
||||
data := registerData{
|
||||
baseData: l.getBaseData(r, authRequest, "Register", errID, errMessage),
|
||||
registerFormData: *formData,
|
||||
}
|
||||
|
||||
var resourceOwner string
|
||||
if authRequest != nil {
|
||||
@@ -125,12 +117,12 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
|
||||
}
|
||||
|
||||
if resourceOwner == "" {
|
||||
iam, err := l.query.Instance(r.Context())
|
||||
if err != nil {
|
||||
l.renderRegister(w, r, authRequest, formData, err)
|
||||
return
|
||||
}
|
||||
resourceOwner = iam.GlobalOrgID
|
||||
resourceOwner = authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
}
|
||||
|
||||
data := registerData{
|
||||
baseData: l.getBaseData(r, authRequest, "Register", errID, errMessage),
|
||||
registerFormData: *formData,
|
||||
}
|
||||
|
||||
pwPolicy, description, _ := l.getPasswordComplexityPolicy(r, authRequest, resourceOwner)
|
||||
|
||||
@@ -211,6 +211,9 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage
|
||||
"hasExternalLogin": func() bool {
|
||||
return false
|
||||
},
|
||||
"hasRegistration": func() bool {
|
||||
return true
|
||||
},
|
||||
"idpProviderClass": func(stylingType domain.IDPConfigStylingType) string {
|
||||
return stylingType.GetCSSClass()
|
||||
},
|
||||
@@ -299,7 +302,7 @@ func (l *Login) chooseNextStep(w http.ResponseWriter, r *http.Request, authReq *
|
||||
case *domain.LinkUsersStep:
|
||||
l.linkUsers(w, r, authReq, err)
|
||||
case *domain.ExternalNotFoundOptionStep:
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
|
||||
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
|
||||
case *domain.ExternalLoginStep:
|
||||
l.handleExternalLoginStep(w, r, authReq, step.SelectedIDPConfigID)
|
||||
case *domain.GrantRequiredStep:
|
||||
@@ -346,7 +349,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
|
||||
PrivateLabelingOrgID: l.getPrivateLabelingID(r, authReq),
|
||||
OrgID: l.getOrgID(r, authReq),
|
||||
OrgName: l.getOrgName(authReq),
|
||||
PrimaryDomain: l.getOrgPrimaryDomain(authReq),
|
||||
PrimaryDomain: l.getOrgPrimaryDomain(r, authReq),
|
||||
DisplayLoginNameSuffix: l.isDisplayLoginNameSuffix(authReq),
|
||||
AuthReqID: getRequestID(authReq, r),
|
||||
CSRF: csrf.TemplateField(r),
|
||||
@@ -490,11 +493,17 @@ func (l *Login) getOrgName(authReq *domain.AuthRequest) string {
|
||||
return authReq.RequestedOrgName
|
||||
}
|
||||
|
||||
func (l *Login) getOrgPrimaryDomain(authReq *domain.AuthRequest) string {
|
||||
if authReq == nil {
|
||||
func (l *Login) getOrgPrimaryDomain(r *http.Request, authReq *domain.AuthRequest) string {
|
||||
orgID := authz.GetInstance(r.Context()).DefaultOrganisationID()
|
||||
if authReq != nil && authReq.RequestedPrimaryDomain != "" {
|
||||
return authReq.RequestedPrimaryDomain
|
||||
}
|
||||
org, err := l.query.OrgByID(r.Context(), orgID)
|
||||
if err != nil {
|
||||
logging.New().WithError(err).Error("cannot get default org")
|
||||
return ""
|
||||
}
|
||||
return authReq.RequestedPrimaryDomain
|
||||
return org.Domain
|
||||
}
|
||||
|
||||
func (l *Login) isDisplayLoginNameSuffix(authReq *domain.AuthRequest) bool {
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
<div class="lgn-suffix-wrapper">
|
||||
<input class="lgn-input lgn-suffix-input" type="text" id="username" name="username"
|
||||
value="{{ .Username }}" required>
|
||||
{{if .DisplayLoginNameSuffix}}
|
||||
{{if .ShowUsername}}
|
||||
<span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
|
||||
{{end}}
|
||||
</div>
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
<div class="lgn-suffix-wrapper">
|
||||
<input class="lgn-input lgn-suffix-input" type="text" id="username" name="username"
|
||||
value="{{ .Username }}" required>
|
||||
{{if .DisplayLoginNameSuffix}}
|
||||
{{if .ShowUsername}}
|
||||
<span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
|
||||
{{end}}
|
||||
</div>
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
<div class="lgn-actions lgn-reverse-order">
|
||||
<button class="lgn-raised-button lgn-primary lgn-initial-focus" id="submit-button" type="submit">{{t "Login.NextButtonText"}}</button>
|
||||
<span class="fill-space"></span>
|
||||
{{if .LoginPolicy.AllowRegister}}
|
||||
{{if hasRegistration}}
|
||||
<button class="lgn-stroked-button" name="register" value="true" formnovalidate>{{t "Login.RegisterButtonText"}}</button>
|
||||
{{end}}
|
||||
</div>
|
||||
@@ -60,4 +60,4 @@
|
||||
<script src="{{ resourceUrl "scripts/default_form_validation.js" }}"></script>
|
||||
<script src="{{ resourceUrl "scripts/input_suffix_offset.js" }}"></script>
|
||||
|
||||
{{template "main-bottom" .}}
|
||||
{{template "main-bottom" .}}
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
<label class="lgn-label" for="username">{{t "RegistrationUser.UsernameLabel"}}</label>
|
||||
<div class="lgn-suffix-wrapper">
|
||||
<input class="lgn-input lgn-suffix-input" type="text" id="username" name="username" autocomplete="email" value="{{ .Email }}" required>
|
||||
{{if .DisplayLoginNameSuffix}}
|
||||
{{if .ShowUsername}}
|
||||
<span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
|
||||
{{end}}
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user