fix: improvements for login and oidc (#227)

* add csrf

* caching

* caching

* caching

* caching

* security headers

* csp and security headers

* error handler csp

* select user with display name

* csp

* user selection styling

* username to loginname

* regenerate grpc

* regenerate

* change to login name

internal/auth/repository/eventsourcing/eventstore/auth_request.go

@@ -106,16 +106,16 @@ func (repo *AuthRequestRepo) DeleteAuthRequest(ctx context.Context, id string) e
 	return repo.AuthRequests.DeleteAuthRequest(ctx, id)
 }
 
-func (repo *AuthRequestRepo) CheckUsername(ctx context.Context, id, username string) error {
+func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName string) error {
 	request, err := repo.AuthRequests.GetAuthRequestByID(ctx, id)
 	if err != nil {
 		return err
 	}
-	user, err := repo.View.UserByLoginName(username)
+	user, err := repo.View.UserByLoginName(loginName)
 	if err != nil {
 		return err
 	}
-	request.SetUserInfo(user.ID, user.UserName, user.ResourceOwner)
+	request.SetUserInfo(user.ID, loginName, user.ResourceOwner)
 	return repo.AuthRequests.UpdateAuthRequest(ctx, request)
 }
 
@@ -128,7 +128,7 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID string)
 	if err != nil {
 		return err
 	}
-	request.SetUserInfo(user.ID, user.UserName, user.ResourceOwner)
+	request.SetUserInfo(user.ID, user.PreferredLoginName, user.ResourceOwner)
 	return repo.AuthRequests.UpdateAuthRequest(ctx, request)
 }
 
@@ -236,7 +236,8 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *model.AuthRequest) (
 	for i, session := range userSessions {
 		users[i] = model.UserSelection{
 			UserID:           session.UserID,
-			UserName:         session.UserName,
+			DisplayName:      session.DisplayName,
+			LoginName:        session.LoginName,
 			UserSessionState: session.State,
 		}
 	}

internal/auth/repository/eventsourcing/eventstore/auth_request_test.go

@@ -46,8 +46,8 @@ type mockViewUserSession struct {
 }
 
 type mockUser struct {
-	UserID   string
-	UserName string
+	UserID    string
+	LoginName string
 }
 
 func (m *mockViewUserSession) UserSessionByIDs(string, string) (*view_model.UserSessionView, error) {
@@ -61,8 +61,8 @@ func (m *mockViewUserSession) UserSessionsByAgentID(string) ([]*view_model.UserS
 	sessions := make([]*view_model.UserSessionView, len(m.Users))
 	for i, user := range m.Users {
 		sessions[i] = &view_model.UserSessionView{
-			UserID:   user.UserID,
-			UserName: user.UserName,
+			UserID:    user.UserID,
+			LoginName: user.LoginName,
 		}
 	}
 	return sessions, nil
@@ -175,11 +175,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 					Users: []mockUser{
 						{
 							"id1",
-							"username1",
+							"loginname1",
 						},
 						{
 							"id2",
-							"username2",
+							"loginname2",
 						},
 					},
 				},
@@ -191,12 +191,12 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				&model.SelectUserStep{
 					Users: []model.UserSelection{
 						{
-							UserID:   "id1",
-							UserName: "username1",
+							UserID:    "id1",
+							LoginName: "loginname1",
 						},
 						{
-							UserID:   "id2",
-							UserName: "username2",
+							UserID:    "id2",
+							LoginName: "loginname2",
 						},
 					},
 				}},

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -203,8 +203,8 @@ func (repo *UserRepo) SkipMfaInit(ctx context.Context, userID string) error {
 	return repo.UserEvents.SkipMfaInit(ctx, userID)
 }
 
-func (repo *UserRepo) RequestPasswordReset(ctx context.Context, username string) error {
-	user, err := repo.View.UserByUsername(username)
+func (repo *UserRepo) RequestPasswordReset(ctx context.Context, loginname string) error {
+	user, err := repo.View.UserByLoginName(loginname)
 	if err != nil {
 		return err
 	}