fix: claim verified domain from usernames (#603)

* fix: return orgDomain validationType * added missing translations for orgDomain activity * claim org domain * show message if domain token was requested * fix tests * fix tests Co-authored-by: Max Peintner <max@caos.ch>
2025-08-12 00:47:33 +00:00 · 2020-08-18 08:57:16 +02:00
parent 406924bed8
commit 1a00faf132
41 changed files with 15945 additions and 16717 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/org.go
+++ b/internal/auth/repository/eventsourcing/eventstore/org.go
@@ -2,9 +2,12 @@ package eventstore

 import (
 	"context"
+
 	"github.com/caos/logging"
+
 	auth_model "github.com/caos/zitadel/internal/auth/model"
 	auth_view "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/sdk"
 	org_model "github.com/caos/zitadel/internal/org/model"
 	org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
@@ -57,7 +60,14 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
 	if err != nil {
 		return nil, err
 	}
-	org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, register.Org)
+	users := func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
+		userIDs, err := repo.View.UserIDsByDomain(domain)
+		if err != nil {
+			return nil, err
+		}
+		return repo.UserEventstore.PrepareDomainClaimed(ctx, userIDs)
+	}
+	org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, register.Org, users)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/auth/repository/eventsourcing/handler/user.go
+++ b/internal/auth/repository/eventsourcing/handler/user.go
@@ -27,12 +27,12 @@ const (
 	userTable = "auth.users"
 )

-func (p *User) ViewModel() string {
+func (u *User) ViewModel() string {
 	return userTable
 }

-func (p *User) EventQuery() (*models.SearchQuery, error) {
-	sequence, err := p.view.GetLatestUserSequence()
+func (u *User) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := u.view.GetLatestUserSequence()
 	if err != nil {
 		return nil, err
 	}
@@ -52,7 +52,7 @@ func (u *User) Reduce(event *models.Event) (err error) {
 	}
 }

-func (p *User) ProcessUser(event *models.Event) (err error) {
+func (u *User) ProcessUser(event *models.Event) (err error) {
 	user := new(view_model.UserView)
 	switch event.Type {
 	case es_model.UserAdded,
@@ -61,7 +61,7 @@ func (p *User) ProcessUser(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		p.fillLoginNames(user)
+		u.fillLoginNames(user)
 	case es_model.UserProfileChanged,
 		es_model.UserEmailChanged,
 		es_model.UserEmailVerified,
@@ -78,20 +78,30 @@ func (p *User) ProcessUser(event *models.Event) (err error) {
 		es_model.MfaOtpRemoved,
 		es_model.MfaInitSkipped,
 		es_model.UserPasswordChanged:
-		user, err = p.view.UserByID(event.AggregateID)
+		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		err = user.AppendEvent(event)
+	case es_model.DomainClaimed:
+		user, err = u.view.UserByID(event.AggregateID)
+		if err != nil {
+			return err
+		}
+		err = user.AppendEvent(event)
+		if err != nil {
+			return err
+		}
+		err = u.fillLoginNames(user)
 	case es_model.UserRemoved:
-		err = p.view.DeleteUser(event.AggregateID, event.Sequence)
+		err = u.view.DeleteUser(event.AggregateID, event.Sequence)
 	default:
-		return p.view.ProcessedUserSequence(event.Sequence)
+		return u.view.ProcessedUserSequence(event.Sequence)
 	}
 	if err != nil {
 		return err
 	}
-	return p.view.PutUser(user, user.Sequence)
+	return u.view.PutUser(user, user.Sequence)
 }

 func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
@@ -172,7 +182,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
 	return nil
 }

-func (p *User) OnError(event *models.Event, err error) error {
+func (u *User) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-is8wa", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
-	return spooler.HandleError(event, err, p.view.GetLatestUserFailedEvent, p.view.ProcessedUserFailedEvent, p.view.ProcessedUserSequence, p.errorCountUntilSkip)
+	return spooler.HandleError(event, err, u.view.GetLatestUserFailedEvent, u.view.ProcessedUserFailedEvent, u.view.ProcessedUserSequence, u.errorCountUntilSkip)
 }
--- a/internal/auth/repository/eventsourcing/view/user.go
+++ b/internal/auth/repository/eventsourcing/view/user.go
@@ -26,6 +26,11 @@ func (v *View) UserByLoginName(loginName string) (*model.UserView, error) {
 func (v *View) UsersByOrgID(orgID string) ([]*model.UserView, error) {
 	return view.UsersByOrgID(v.Db, userTable, orgID)
 }
+
+func (v *View) UserIDsByDomain(domain string) ([]string, error) {
+	return view.UserIDsByDomain(v.Db, userTable, domain)
+}
+
 func (v *View) SearchUsers(request *usr_model.UserSearchRequest) ([]*model.UserView, uint64, error) {
 	return view.SearchUsers(v.Db, userTable, request)
 }