mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 18:33:28 +00:00
fix(queries): login policy projection (#2401)
* job queue * wg improvements * start handler * statement * statements * imporve handler * improve statement * statement in seperate file * move handlers * move query/old to query * handler * read models * bulk works * cleanup * contrib * rename readmodel to projection * rename read_models schema to projections * rename read_models schema to projections * search query as func, bulk iterates as long as new events * add event sequence less query * update checks for events between current sequence and sequence of first statement if it has previous sequence 0 * cleanup crdb projection * refactor projection handler * start with testing * tests for handler * remove todo * refactor statement: remove table name, add tests * improve projection handler shutdown, no savepoint if noop stmt, tests for stmt handler * tests * start failed events * seperate branch for contrib * move statement constructors to crdb pkg * correct import * Subscribe for eventtypes (#1800) * fix: is default (#1737) * fix: use email as username on global org (#1738) * fix: use email as username on global org * Update user_human.go * Update register_handler.go * chore(deps): update docusaurus (#1739) * chore: remove PAT and use GH Token (#1716) * chore: remove PAT and use GH Token * fix env * fix env * fix env * md lint * trigger ci * change user * fix GH bug * replace login part * chore: add GH Token to sem rel (#1746) * chore: add GH Token to sem rel * try branch * add GH Token * remove test branch again * docs: changes acme to acme-caos (#1744) * changes acme to acme-caos * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * feat: add additional origins on applications (#1691) * feat: add additional origins on applications * app additional redirects * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/google-protobuf in /console (#1681) Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666) Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7. - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * lock * chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * package lock * downgrade grpc * downgrade protobuf types * revert npm packs 🥸 Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> * docs: update run and start section texts (#1745) * update run and start section texts * adds showcase Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> * fix: additional origin list (#1753) * fix: handle api configs in authz handler (#1755) * fix(console): add model for api keys, fix toast, binding (#1757) * fix: add model for api keys, fix toast, binding * show api clientid * fix: missing patchvalue (#1758) * feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: correct json name of clientId in key.json (#1760) * fix: migration version (#1767) * start subscription * eventtypes * fix(login): links (#1778) * fix(login): href for help * fix(login): correct link to tos * fix: access tokens for service users and refresh token infos (#1779) * fix: access token for service user * handle info from refresh request * uniqueness * postpone access token uniqueness change * chore(coc): recommend code of conduct (#1782) * subscribe for events * feat(console): refresh toggle out of granttype context (#1785) * refresh toggle * disable if not code flow, lint * lint * fix: change oidc config order * accept refresh option within flow Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: refresh token activation (#1795) * fix: oidc grant type check * docs: add offline_access scope * docs: update refresh token status in supported grant types * fix: update oidc pkg * fix: check refresh token grant type (#1796) * configuration structs * org admins * failed events * fixes Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * remove comment * aggregate reducer * remove eventtypes * add protoc-get-validate to mod * fix transaltion * upsert * add gender on org admins, allow to retry failed stmts after configurable time * remove if * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * current sequences * make org and org_admins work again * add aggregate type to current sequence * fix(contibute): listing * add validate module * fix: search queries * feat(eventstore): previous aggregate root sequence (#1810) * feat(eventstore): previous aggregate root sequence * fix tests * fix: eventstore v1 test * add col to all mocked rows * next try * fix mig * rename aggregate root to aggregate type * update comment Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> * small refactorings * allow update multiple current sequences * unique log id * fix migrations * rename org admin to org owner * improve error handling and logging * fix(migration): optimize prev agg root seq * fix: projection handler test * fix: sub queries * small fixes * additional event types * correct org owner projection * fix primary key * feat(eventstore): jobs for projections (#2026) * fix: template names in login (#1974) * fix: template names in login * fix: error.html * fix: check for features on mgmt only (#1976) * fix: add sentry in ui, http and projection handlers (#1977) * fix: add sentry in ui, http and projection handlers * fix test * fix(eventstore): sub queries (#1805) * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * fix(contibute): listing * add validate module * fix: search queries * remove unused event type in query * ignore query if error in marshal * go mod tidy * update privacy policy query * update queries Co-authored-by: Livio Amstutz <livio.a@gmail.com> * feat: Extend oidc idp with oauth endpoints (#1980) * feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests * docs: update to beta 3 (#1984) * fix: role assertion (#1986) * fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer * docs: eventstore (#1982) * docs: eventstore * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch> * fix(sentry): trigger sentry release (#1989) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix: set version for sentry release (#1990) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix(corrected var name): corrected var name Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: log error reason on terminate session (#1973) * fix: return default language file, if requested lang does not exist for default login texts (#1988) * fix: return default language file, if requested lang doesnt exists * feat: read default translation file * feat: docs * fix: race condition in auth request unmarshalling (#1993) * feat: handle ui_locales in login (#1994) * fix: handle ui_locales in login * move supportedlanguage func into i18n package * update oidc pkg * fix: handle closed channels on unsubscribe (#1995) * fix: give restore more time (#1997) * fix: translation file read (#2009) * feat: translation file read * feat: readme * fix: enable idp add button for iam users (#2010) * fix: filter event_data (#2011) * feat: Custom message files (#1992) * feat: add get custom message text to admin api * feat: read custom message texts from files * feat: get languages in apis * feat: get languages in apis * feat: get languages in apis * feat: pr feedback * feat: docs * feat: merge main * fix: sms notification (#2013) * fix: phone verifications * feat: fix password reset as sms * fix: phone verification * fix: grpc status in sentry and validation interceptors (#2012) * fix: remove oauth endpoints from oidc config proto (#2014) * try with view * fix(console): disable sw (#2021) * fix: disable sw * angular.json disable sw * project projections * fix typos * customize projections * customizable projections, add change date to projects Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> * env file * typo * correct users * correct migration * fix: merge fail * fix test * fix(tests): unordered matcher * improve currentSequenceMatcher * correct certs * correct certs * add zitadel database on database list * refctor switch in match * enable all handlers * Delete io.env * cleanup * add handlers * rename view to projection * rename view to projection * fix type typo * remove unnecessary logs * refactor stmts * simplify interval calculation * fix tests * fix unlock test * fix migration * migs * fix(operator): update cockroach and flyway versions (#2138) * chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3 Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * start update dependencies * update mods and otlp * fix(build): update to go 1.16 * old version for k8s mods * update k8s versions * update orbos * fix(operator): update cockroach and flyway version * Update images.go Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stefan Benz <stefan@caos.ch> * fix import * fix typo * fix(migration): add org projection * fix(projection): correct table for org events in org owners * better insert stmt * fix typo * fix typo * set max connection lifetime * set max conns and conn lifetime in eventstore v1 * configure sql connection settings * add mig for agg type index * fix replace tab in yaml * handler interfaces * subscription * first try * handler * move sql client initialization * first part implemented * removed all occurencies of org by id and search orgs * fix merge issues * cleanup code * fix: queries implements orgviewprovider * cleanup * refactor text comparison * remove unused file * remove unused code * log * remove unused code * remove unused field * remove unused file * refactor * tests for search query * remove try * simplify state change mappers * projection tests * query functions * move reusable objects to separate files * rename domain column to primar_domain * fix tests * add current sequence * remove log prints * fix tests * fix: verifier * fix test * rename domain col migrations * simplify search response * move org domain to query * cleanup code * add org id as condition to projection * begin projection * add custom column constructors * start query * import * initial implementation of login policy * remove unused field * tests * factors * simplify reducers * fix: org projection table const * fix: full column name * feat: text query extension * fix: tests for query * number query * add deprection message * column in a single place (#2416) * column in a single place * use projection for columns * query column with aliases * rename methods * remove unused code * column * column * column for current sequences * latest sequence * global counter column * fix is org unique * remove col * fix naming * correct errors * deprecate duplicated is_default in api's, error messages, migrations * Update internal/query/policy_login.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update login_policy.go * fix tests Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
This commit is contained in:
Silvan
@@ -1,6 +1,7 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
)
|
||||
|
||||
@@ -14,8 +15,8 @@ type LoginPolicy struct {
|
||||
AllowExternalIdp bool
|
||||
IDPProviders []*IDPProvider
|
||||
ForceMFA bool
|
||||
SecondFactors []SecondFactorType
|
||||
MultiFactors []MultiFactorType
|
||||
SecondFactors []domain.SecondFactorType
|
||||
MultiFactors []domain.MultiFactorType
|
||||
PasswordlessType PasswordlessType
|
||||
}
|
||||
|
||||
@@ -39,14 +40,6 @@ const (
|
||||
IDPProviderTypeOrg
|
||||
)
|
||||
|
||||
type SecondFactorType int32
|
||||
|
||||
const (
|
||||
SecondFactorTypeUnspecified SecondFactorType = iota
|
||||
SecondFactorTypeOTP
|
||||
SecondFactorTypeU2F
|
||||
)
|
||||
|
||||
type MultiFactorType int32
|
||||
|
||||
const (
|
||||
@@ -78,7 +71,7 @@ func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
|
||||
return -1, nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) GetSecondFactor(mfaType SecondFactorType) (int, SecondFactorType) {
|
||||
func (p *LoginPolicy) GetSecondFactor(mfaType domain.SecondFactorType) (int, domain.SecondFactorType) {
|
||||
for i, m := range p.SecondFactors {
|
||||
if m == mfaType {
|
||||
return i, m
|
||||
@@ -87,7 +80,7 @@ func (p *LoginPolicy) GetSecondFactor(mfaType SecondFactorType) (int, SecondFact
|
||||
return -1, 0
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) GetMultiFactor(mfaType MultiFactorType) (int, MultiFactorType) {
|
||||
func (p *LoginPolicy) GetMultiFactor(mfaType domain.MultiFactorType) (int, domain.MultiFactorType) {
|
||||
for i, m := range p.MultiFactors {
|
||||
if m == mfaType {
|
||||
return i, m
|
||||
|
||||
@@ -15,8 +15,8 @@ type LoginPolicyView struct {
|
||||
ForceMFA bool
|
||||
HidePasswordReset bool
|
||||
PasswordlessType PasswordlessType
|
||||
SecondFactors []SecondFactorType
|
||||
MultiFactors []MultiFactorType
|
||||
SecondFactors []domain.SecondFactorType
|
||||
MultiFactors []domain.MultiFactorType
|
||||
Default bool
|
||||
|
||||
CreationDate time.Time
|
||||
@@ -100,24 +100,24 @@ func passwordLessTypeToDomain(passwordless PasswordlessType) domain.Passwordless
|
||||
}
|
||||
}
|
||||
|
||||
func secondFactorsToDomain(types []SecondFactorType) []domain.SecondFactorType {
|
||||
func secondFactorsToDomain(types []domain.SecondFactorType) []domain.SecondFactorType {
|
||||
secondfactors := make([]domain.SecondFactorType, len(types))
|
||||
for i, secondfactorType := range types {
|
||||
switch secondfactorType {
|
||||
case SecondFactorTypeU2F:
|
||||
case domain.SecondFactorTypeU2F:
|
||||
secondfactors[i] = domain.SecondFactorTypeU2F
|
||||
case SecondFactorTypeOTP:
|
||||
case domain.SecondFactorTypeOTP:
|
||||
secondfactors[i] = domain.SecondFactorTypeOTP
|
||||
}
|
||||
}
|
||||
return secondfactors
|
||||
}
|
||||
|
||||
func multiFactorsToDomain(types []MultiFactorType) []domain.MultiFactorType {
|
||||
func multiFactorsToDomain(types []domain.MultiFactorType) []domain.MultiFactorType {
|
||||
multifactors := make([]domain.MultiFactorType, len(types))
|
||||
for i, multifactorType := range types {
|
||||
switch multifactorType {
|
||||
case MultiFactorTypeU2FWithPIN:
|
||||
case domain.MultiFactorTypeU2FWithPIN:
|
||||
multifactors[i] = domain.MultiFactorTypeU2FWithPIN
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,12 +30,12 @@ const (
|
||||
|
||||
type SecondFactorsSearchResponse struct {
|
||||
TotalResult uint64
|
||||
Result []SecondFactorType
|
||||
Result []domain.SecondFactorType
|
||||
}
|
||||
|
||||
type MultiFactorsSearchResponse struct {
|
||||
TotalResult uint64
|
||||
Result []MultiFactorType
|
||||
Result []domain.MultiFactorType
|
||||
}
|
||||
|
||||
func (r *SecondFactorsSearchRequest) AppendAggregateIDQuery(aggregateID string) {
|
||||
|
||||
@@ -3,6 +3,7 @@ package model
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
@@ -70,24 +71,6 @@ func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyFromModel(policy *iam_model.LoginPolicy) *LoginPolicy {
|
||||
idps := IDOProvidersFromModel(policy.IDPProviders)
|
||||
secondFactors := SecondFactorsFromModel(policy.SecondFactors)
|
||||
multiFactors := MultiFactorsFromModel(policy.MultiFactors)
|
||||
return &LoginPolicy{
|
||||
ObjectRoot: policy.ObjectRoot,
|
||||
State: int32(policy.State),
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
IDPProviders: idps,
|
||||
ForceMFA: policy.ForceMFA,
|
||||
SecondFactors: secondFactors,
|
||||
MultiFactors: multiFactors,
|
||||
PasswordlessType: int32(policy.PasswordlessType),
|
||||
}
|
||||
}
|
||||
|
||||
func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
|
||||
convertedProviders := make([]*iam_model.IDPProvider, len(members))
|
||||
for i, m := range members {
|
||||
@@ -120,7 +103,7 @@ func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
|
||||
}
|
||||
}
|
||||
|
||||
func SecondFactorsFromModel(mfas []iam_model.SecondFactorType) []int32 {
|
||||
func SecondFactorsFromModel(mfas []domain.SecondFactorType) []int32 {
|
||||
convertedMFAs := make([]int32, len(mfas))
|
||||
for i, mfa := range mfas {
|
||||
convertedMFAs[i] = int32(mfa)
|
||||
@@ -128,14 +111,14 @@ func SecondFactorsFromModel(mfas []iam_model.SecondFactorType) []int32 {
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func SecondFactorFromModel(mfa iam_model.SecondFactorType) *MFA {
|
||||
func SecondFactorFromModel(mfa domain.SecondFactorType) *MFA {
|
||||
return &MFA{MFAType: int32(mfa)}
|
||||
}
|
||||
|
||||
func SecondFactorsToModel(mfas []int32) []iam_model.SecondFactorType {
|
||||
convertedMFAs := make([]iam_model.SecondFactorType, len(mfas))
|
||||
func SecondFactorsToModel(mfas []int32) []domain.SecondFactorType {
|
||||
convertedMFAs := make([]domain.SecondFactorType, len(mfas))
|
||||
for i, mfa := range mfas {
|
||||
convertedMFAs[i] = iam_model.SecondFactorType(mfa)
|
||||
convertedMFAs[i] = domain.SecondFactorType(mfa)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
@@ -152,10 +135,10 @@ func MultiFactorFromModel(mfa iam_model.MultiFactorType) *MFA {
|
||||
return &MFA{MFAType: int32(mfa)}
|
||||
}
|
||||
|
||||
func MultiFactorsToModel(mfas []int32) []iam_model.MultiFactorType {
|
||||
convertedMFAs := make([]iam_model.MultiFactorType, len(mfas))
|
||||
func MultiFactorsToModel(mfas []int32) []domain.MultiFactorType {
|
||||
convertedMFAs := make([]domain.MultiFactorType, len(mfas))
|
||||
for i, mfa := range mfas {
|
||||
convertedMFAs[i] = iam_model.MultiFactorType(mfa)
|
||||
convertedMFAs[i] = domain.MultiFactorType(mfa)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
@@ -2,9 +2,11 @@ package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"testing"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestLoginPolicyChanges(t *testing.T) {
|
||||
@@ -275,12 +277,12 @@ func TestAppendAddSecondFactorToPolicyEvent(t *testing.T) {
|
||||
name: "append add second factor to login policy event",
|
||||
args: args{
|
||||
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
|
||||
mfa: &MFA{MFAType: int32(model.SecondFactorTypeOTP)},
|
||||
mfa: &MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
SecondFactors: []int32{
|
||||
int32(model.SecondFactorTypeOTP),
|
||||
int32(domain.SecondFactorTypeOTP),
|
||||
}}},
|
||||
},
|
||||
}
|
||||
@@ -318,9 +320,9 @@ func TestRemoveSecondFactorToPolicyEvent(t *testing.T) {
|
||||
iam: &IAM{
|
||||
DefaultLoginPolicy: &LoginPolicy{
|
||||
SecondFactors: []int32{
|
||||
int32(model.SecondFactorTypeOTP),
|
||||
int32(domain.SecondFactorTypeOTP),
|
||||
}}},
|
||||
mfa: &MFA{MFAType: int32(model.SecondFactorTypeOTP)},
|
||||
mfa: &MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
|
||||
@@ -1,54 +0,0 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
func GetDefaultLoginPolicies(db *gorm.DB, table string) ([]*model.LoginPolicyView, error) {
|
||||
loginPolicies := make([]*model.LoginPolicyView, 0)
|
||||
queries := []*iam_model.LoginPolicySearchQuery{
|
||||
{Key: iam_model.LoginPolicySearchKeyDefault, Value: true, Method: domain.SearchMethodEquals},
|
||||
}
|
||||
query := repository.PrepareSearchQuery(table, model.LoginPolicySearchRequest{Queries: queries})
|
||||
_, err := query(db, &loginPolicies)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicies, nil
|
||||
}
|
||||
|
||||
func GetLoginPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.LoginPolicyView, error) {
|
||||
policy := new(model.LoginPolicyView)
|
||||
aggregateIDQuery := &model.LoginPolicySearchQuery{Key: iam_model.LoginPolicySearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals}
|
||||
query := repository.PrepareGetByQuery(table, aggregateIDQuery)
|
||||
err := query(db, policy)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.LoginPolicy.NotExisting")
|
||||
}
|
||||
return policy, err
|
||||
}
|
||||
|
||||
func PutLoginPolicy(db *gorm.DB, table string, policy *model.LoginPolicyView) error {
|
||||
save := repository.PrepareSave(table)
|
||||
return save(db, policy)
|
||||
}
|
||||
|
||||
func PutLoginPolicies(db *gorm.DB, table string, policies ...*model.LoginPolicyView) error {
|
||||
save := repository.PrepareBulkSave(table)
|
||||
u := make([]interface{}, len(policies))
|
||||
for i, user := range policies {
|
||||
u[i] = user
|
||||
}
|
||||
return save(db, u...)
|
||||
}
|
||||
|
||||
func DeleteLoginPolicy(db *gorm.DB, table, aggregateID string) error {
|
||||
delete := repository.PrepareDeleteByKey(table, model.LoginPolicySearchKey(iam_model.LoginPolicySearchKeyAggregateID), aggregateID)
|
||||
|
||||
return delete(db)
|
||||
}
|
||||
@@ -1,208 +0,0 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
|
||||
"github.com/lib/pq"
|
||||
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
|
||||
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
const (
|
||||
LoginPolicyKeyAggregateID = "aggregate_id"
|
||||
LoginPolicyKeyDefault = "default_policy"
|
||||
)
|
||||
|
||||
type LoginPolicyView struct {
|
||||
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
|
||||
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
State int32 `json:"-" gorm:"column:login_policy_state"`
|
||||
|
||||
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
|
||||
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
|
||||
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
|
||||
ForceMFA bool `json:"forceMFA" gorm:"column:force_mfa"`
|
||||
HidePasswordReset bool `json:"hidePasswordReset" gorm:"column:hide_password_reset"`
|
||||
PasswordlessType int32 `json:"passwordlessType" gorm:"column:passwordless_type"`
|
||||
SecondFactors pq.Int64Array `json:"-" gorm:"column:second_factors"`
|
||||
MultiFactors pq.Int64Array `json:"-" gorm:"column:multi_factors"`
|
||||
Default bool `json:"-" gorm:"column:default_policy"`
|
||||
|
||||
Sequence uint64 `json:"-" gorm:"column:sequence"`
|
||||
}
|
||||
|
||||
func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
|
||||
return &LoginPolicyView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
ForceMFA: policy.ForceMFA,
|
||||
HidePasswordReset: policy.HidePasswordReset,
|
||||
PasswordlessType: int32(policy.PasswordlessType),
|
||||
SecondFactors: secondFactorsFromModel(policy.SecondFactors),
|
||||
MultiFactors: multiFactorsFromModel(policy.MultiFactors),
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func secondFactorsFromModel(mfas []model.SecondFactorType) []int64 {
|
||||
convertedMFAs := make([]int64, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = int64(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func multiFactorsFromModel(mfas []model.MultiFactorType) []int64 {
|
||||
convertedMFAs := make([]int64, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = int64(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
|
||||
return &model.LoginPolicyView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
ForceMFA: policy.ForceMFA,
|
||||
HidePasswordReset: policy.HidePasswordReset,
|
||||
PasswordlessType: model.PasswordlessType(policy.PasswordlessType),
|
||||
SecondFactors: secondFactorsToModel(policy.SecondFactors),
|
||||
MultiFactors: multiFactorsToToModel(policy.MultiFactors),
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func secondFactorsToModel(mfas []int64) []model.SecondFactorType {
|
||||
convertedMFAs := make([]model.SecondFactorType, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = model.SecondFactorType(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func multiFactorsToToModel(mfas []int64) []model.MultiFactorType {
|
||||
convertedMFAs := make([]model.MultiFactorType, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = model.MultiFactorType(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
|
||||
p.Sequence = event.Sequence
|
||||
p.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.LoginPolicyAdded:
|
||||
p.setRootData(event)
|
||||
p.CreationDate = event.CreationDate
|
||||
p.Default = true
|
||||
err = p.SetData(event)
|
||||
case org_es_model.LoginPolicyAdded:
|
||||
p.setRootData(event)
|
||||
p.CreationDate = event.CreationDate
|
||||
err = p.SetData(event)
|
||||
p.Default = false
|
||||
case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
|
||||
err = p.SetData(event)
|
||||
case es_model.LoginPolicySecondFactorAdded, org_es_model.LoginPolicySecondFactorAdded:
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !existsMFA(p.SecondFactors, int64(mfa.MFAType)) {
|
||||
p.SecondFactors = append(p.SecondFactors, int64(mfa.MFAType))
|
||||
}
|
||||
|
||||
case es_model.LoginPolicySecondFactorRemoved, org_es_model.LoginPolicySecondFactorRemoved:
|
||||
err = p.removeSecondFactor(event)
|
||||
case es_model.LoginPolicyMultiFactorAdded, org_es_model.LoginPolicyMultiFactorAdded:
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !existsMFA(p.MultiFactors, int64(mfa.MFAType)) {
|
||||
p.MultiFactors = append(p.MultiFactors, int64(mfa.MFAType))
|
||||
}
|
||||
case es_model.LoginPolicyMultiFactorRemoved, org_es_model.LoginPolicyMultiFactorRemoved:
|
||||
err = p.removeMultiFactor(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *LoginPolicyView) setRootData(event *models.Event) {
|
||||
r.AggregateID = event.AggregateID
|
||||
}
|
||||
|
||||
func (r *LoginPolicyView) SetData(event *models.Event) error {
|
||||
if err := json.Unmarshal(event.Data, r); err != nil {
|
||||
logging.Log("EVEN-Kn7ds").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) removeSecondFactor(event *models.Event) error {
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := len(p.SecondFactors) - 1; i >= 0; i-- {
|
||||
if p.SecondFactors[i] == int64(mfa.MFAType) {
|
||||
copy(p.SecondFactors[i:], p.SecondFactors[i+1:])
|
||||
p.SecondFactors[len(p.SecondFactors)-1] = 0
|
||||
p.SecondFactors = p.SecondFactors[:len(p.SecondFactors)-1]
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) removeMultiFactor(event *models.Event) error {
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := len(p.MultiFactors) - 1; i >= 0; i-- {
|
||||
if p.MultiFactors[i] == int64(mfa.MFAType) {
|
||||
copy(p.MultiFactors[i:], p.MultiFactors[i+1:])
|
||||
p.MultiFactors[len(p.MultiFactors)-1] = 0
|
||||
p.MultiFactors = p.MultiFactors[:len(p.MultiFactors)-1]
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func existsMFA(mfas []int64, mfaType int64) bool {
|
||||
for _, m := range mfas {
|
||||
if m == mfaType {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
@@ -1,61 +0,0 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
type LoginPolicySearchRequest iam_model.LoginPolicySearchRequest
|
||||
type LoginPolicySearchQuery iam_model.LoginPolicySearchQuery
|
||||
type LoginPolicySearchKey iam_model.LoginPolicySearchKey
|
||||
|
||||
func (req LoginPolicySearchRequest) GetLimit() uint64 {
|
||||
return req.Limit
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetOffset() uint64 {
|
||||
return req.Offset
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.LoginPolicySearchKeyUnspecified {
|
||||
return nil
|
||||
}
|
||||
return LoginPolicySearchKey(req.SortingColumn)
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetAsc() bool {
|
||||
return req.Asc
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetQueries() []repository.SearchQuery {
|
||||
result := make([]repository.SearchQuery, len(req.Queries))
|
||||
for i, q := range req.Queries {
|
||||
result[i] = LoginPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetKey() repository.ColumnKey {
|
||||
return LoginPolicySearchKey(req.Key)
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetMethod() domain.SearchMethod {
|
||||
return req.Method
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetValue() interface{} {
|
||||
return req.Value
|
||||
}
|
||||
|
||||
func (key LoginPolicySearchKey) ToColumnName() string {
|
||||
switch iam_model.LoginPolicySearchKey(key) {
|
||||
case iam_model.LoginPolicySearchKeyAggregateID:
|
||||
return LoginPolicyKeyAggregateID
|
||||
case iam_model.LoginPolicySearchKeyDefault:
|
||||
return LoginPolicyKeyDefault
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user