feat(actions): add org metadata in complement token and saml response flows (#7263)

* feat(actions): add org metadata in complement token and saml response flows

* document actions

docs/docs/apis/actions/complement-token.md

@@ -18,6 +18,8 @@ This trigger is called before userinfo are set in the id_token or userinfo and i
     - `user`
       - `getMetadata()` [*metadataResult*](./objects#metadata-result)
       - `grants` [*UserGrantList*](./objects#user-grant-list)
+    - `org`
+      - `getMetadata()` [*metadataResult*](./objects#metadata-result)
 - `api`  
   The second parameter contains the following fields:
   - `v1`
@@ -46,6 +48,8 @@ This trigger is called before the claims are set in the access token and the tok
     - `user`
       - `getMetadata()` [*metadataResult*](./objects#metadata-result)
       - `grants` [*UserGrantList*](./objects#user-grant-list)
+    - `org`
+      - `getMetadata()` [*metadataResult*](./objects#metadata-result)
 - `api`  
   The second parameter contains the following fields:
   - `v1`

docs/docs/apis/actions/customize-samlresponse.md

@@ -17,6 +17,8 @@ This trigger is called before attributes are set in the SAMLResponse.
     - `user`
       - `getMetadata()` [*metadataResult*](./objects#metadata-result)
       - `grants` [*UserGrantList*](./objects#user-grant-list)
+    - `org`
+      - `getMetadata()` [*metadataResult*](./objects#metadata-result)
 - `api`  
   The second parameter contains the following fields:
   - `v1`

internal/actions/object/metadata.go

@@ -12,6 +12,28 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 )
 
+func OrgMetadataListFromQuery(c *actions.FieldConfig, orgMetadata *query.OrgMetadataList) goja.Value {
+	result := &metadataList{
+		Count:     orgMetadata.Count,
+		Sequence:  orgMetadata.Sequence,
+		Timestamp: orgMetadata.LastRun,
+		Metadata:  make([]*metadata, len(orgMetadata.Metadata)),
+	}
+
+	for i, md := range orgMetadata.Metadata {
+		result.Metadata[i] = &metadata{
+			CreationDate:  md.CreationDate,
+			ChangeDate:    md.ChangeDate,
+			ResourceOwner: md.ResourceOwner,
+			Sequence:      md.Sequence,
+			Key:           md.Key,
+			Value:         metadataByteArrayToValue(md.Value, c.Runtime),
+		}
+	}
+
+	return c.Runtime.ToValue(result)
+}
+
 func UserMetadataListFromQuery(c *actions.FieldConfig, metadata *query.UserMetadataList) goja.Value {
 	result := &userMetadataList{
 		Count:     metadata.Count,
@@ -73,6 +95,22 @@ func metadataByteArrayToValue(val []byte, runtime *goja.Runtime) goja.Value {
 	return runtime.ToValue(value)
 }
 
+type metadataList struct {
+	Count     uint64
+	Sequence  uint64
+	Timestamp time.Time
+	Metadata  []*metadata
+}
+
+type metadata struct {
+	CreationDate  time.Time
+	ChangeDate    time.Time
+	ResourceOwner string
+	Sequence      uint64
+	Key           string
+	Value         goja.Value
+}
+
 type userMetadataList struct {
 	Count     uint64
 	Sequence  uint64

internal/api/oidc/client.go

@@ -491,6 +491,24 @@ func (o *OPStorage) userinfoFlows(ctx context.Context, user *query.User, userGra
 					return object.UserGrantsFromQuery(c, userGrants)
 				}),
 			),
+			actions.SetFields("org",
+				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
+					return func(goja.FunctionCall) goja.Value {
+						metadata, err := o.query.SearchOrgMetadata(
+							ctx,
+							true,
+							user.ResourceOwner,
+							&query.OrgMetadataSearchQueries{},
+							false,
+						)
+						if err != nil {
+							logging.WithError(err).Info("unable to get org metadata in action")
+							panic(err)
+						}
+						return object.OrgMetadataListFromQuery(c, metadata)
+					}
+				}),
+			),
 		),
 	)
 
@@ -690,6 +708,24 @@ func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, userG
 					return object.UserGrantsFromQuery(c, userGrants)
 				}),
 			),
+			actions.SetFields("org",
+				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
+					return func(goja.FunctionCall) goja.Value {
+						metadata, err := o.query.SearchOrgMetadata(
+							ctx,
+							true,
+							user.ResourceOwner,
+							&query.OrgMetadataSearchQueries{},
+							false,
+						)
+						if err != nil {
+							logging.WithError(err).Info("unable to get org metadata in action")
+							panic(err)
+						}
+						return object.OrgMetadataListFromQuery(c, metadata)
+					}
+				}),
+			),
 		),
 	)
 

internal/api/oidc/userinfo.go

@@ -194,6 +194,24 @@ func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, user
 					return object.UserGrantsFromSlice(c, qu.UserGrants)
 				}),
 			),
+			actions.SetFields("org",
+				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
+					return func(goja.FunctionCall) goja.Value {
+						metadata, err := s.query.SearchOrgMetadata(
+							ctx,
+							true,
+							qu.User.ResourceOwner,
+							&query.OrgMetadataSearchQueries{},
+							false,
+						)
+						if err != nil {
+							logging.WithError(err).Info("unable to get org metadata in action")
+							panic(err)
+						}
+						return object.OrgMetadataListFromQuery(c, metadata)
+					}
+				}),
+			),
 		),
 	)
 

internal/api/saml/storage.go

@@ -249,6 +249,24 @@ func (p *Storage) getCustomAttributes(ctx context.Context, user *query.User, use
 					return object.UserGrantsFromQuery(c, userGrants)
 				}),
 			),
+			actions.SetFields("org",
+				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
+					return func(goja.FunctionCall) goja.Value {
+						metadata, err := p.query.SearchOrgMetadata(
+							ctx,
+							true,
+							user.ResourceOwner,
+							&query.OrgMetadataSearchQueries{},
+							false,
+						)
+						if err != nil {
+							logging.WithError(err).Info("unable to get org metadata in action")
+							panic(err)
+						}
+						return object.OrgMetadataListFromQuery(c, metadata)
+					}
+				}),
+			),
 		),
 	)