mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 07:47:32 +00:00
feat: mfa policy (#913)
* feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy on org * feat: add mfa to login policy on org * feat: append events on policy views * feat: iam login policy mfa definition * feat: login policies on orgs * feat: configured mfas in login process * feat: configured mfas in login process * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: rename software and hardware mfas * fix: pr requests * fix user mfa * fix: test * fix: oidc version * fix: oidc version * fix: proto gen Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Fabi
@@ -3,6 +3,7 @@ package model
|
||||
import (
|
||||
"encoding/json"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
"github.com/lib/pq"
|
||||
"time"
|
||||
|
||||
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
@@ -23,10 +24,13 @@ type LoginPolicyView struct {
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
State int32 `json:"-" gorm:"column:login_policy_state"`
|
||||
|
||||
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
|
||||
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
|
||||
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
|
||||
Default bool `json:"-" gorm:"-"`
|
||||
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
|
||||
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
|
||||
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
|
||||
ForceMFA bool `json:"forceMFA" gorm:"column:force_mfa"`
|
||||
SecondFactors pq.Int64Array `json:"-" gorm:"column:second_factors"`
|
||||
MultiFactors pq.Int64Array `json:"-" gorm:"column:multi_factors"`
|
||||
Default bool `json:"-" gorm:"-"`
|
||||
|
||||
Sequence uint64 `json:"-" gorm:"column:sequence"`
|
||||
}
|
||||
@@ -40,10 +44,29 @@ func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
ForceMFA: policy.ForceMFA,
|
||||
SecondFactors: secondFactorsFromModel(policy.SecondFactors),
|
||||
MultiFactors: multiFactorsFromModel(policy.MultiFactors),
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func secondFactorsFromModel(mfas []model.SecondFactorType) []int64 {
|
||||
convertedMFAs := make([]int64, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = int64(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func multiFactorsFromModel(mfas []model.MultiFactorType) []int64 {
|
||||
convertedMFAs := make([]int64, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = int64(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
|
||||
return &model.LoginPolicyView{
|
||||
AggregateID: policy.AggregateID,
|
||||
@@ -53,20 +76,57 @@ func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
ForceMFA: policy.ForceMFA,
|
||||
SecondFactors: secondFactorsToModel(policy.SecondFactors),
|
||||
MultiFactors: multiFactorsToToModel(policy.MultiFactors),
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func (i *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
|
||||
i.Sequence = event.Sequence
|
||||
i.ChangeDate = event.CreationDate
|
||||
func secondFactorsToModel(mfas []int64) []model.SecondFactorType {
|
||||
convertedMFAs := make([]model.SecondFactorType, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = model.SecondFactorType(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func multiFactorsToToModel(mfas []int64) []model.MultiFactorType {
|
||||
convertedMFAs := make([]model.MultiFactorType, len(mfas))
|
||||
for i, m := range mfas {
|
||||
convertedMFAs[i] = model.MultiFactorType(m)
|
||||
}
|
||||
return convertedMFAs
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
|
||||
p.Sequence = event.Sequence
|
||||
p.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.LoginPolicyAdded, org_es_model.LoginPolicyAdded:
|
||||
i.setRootData(event)
|
||||
i.CreationDate = event.CreationDate
|
||||
err = i.SetData(event)
|
||||
p.setRootData(event)
|
||||
p.CreationDate = event.CreationDate
|
||||
err = p.SetData(event)
|
||||
case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
|
||||
err = i.SetData(event)
|
||||
err = p.SetData(event)
|
||||
case es_model.LoginPolicySecondFactorAdded, org_es_model.LoginPolicySecondFactorAdded:
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.SecondFactors = append(p.SecondFactors, int64(mfa.MfaType))
|
||||
case es_model.LoginPolicySecondFactorRemoved, org_es_model.LoginPolicySecondFactorRemoved:
|
||||
err = p.removeSecondFactor(event)
|
||||
case es_model.LoginPolicyMultiFactorAdded, org_es_model.LoginPolicyMultiFactorAdded:
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.MultiFactors = append(p.MultiFactors, int64(mfa.MfaType))
|
||||
case es_model.LoginPolicyMultiFactorRemoved, org_es_model.LoginPolicyMultiFactorRemoved:
|
||||
err = p.removeMultiFactor(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
@@ -82,3 +142,37 @@ func (r *LoginPolicyView) SetData(event *models.Event) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) removeSecondFactor(event *models.Event) error {
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := len(p.SecondFactors) - 1; i >= 0; i-- {
|
||||
if p.SecondFactors[i] == int64(mfa.MfaType) {
|
||||
copy(p.SecondFactors[i:], p.SecondFactors[i+1:])
|
||||
p.SecondFactors[len(p.SecondFactors)-1] = 0
|
||||
p.SecondFactors = p.SecondFactors[:len(p.SecondFactors)-1]
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicyView) removeMultiFactor(event *models.Event) error {
|
||||
mfa := new(es_model.MFA)
|
||||
err := mfa.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := len(p.MultiFactors) - 1; i >= 0; i-- {
|
||||
if p.MultiFactors[i] == int64(mfa.MfaType) {
|
||||
copy(p.MultiFactors[i:], p.MultiFactors[i+1:])
|
||||
p.MultiFactors[len(p.MultiFactors)-1] = 0
|
||||
p.MultiFactors = p.MultiFactors[:len(p.MultiFactors)-1]
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user