feat: New event user (#1156)

* feat: change user command side

* feat: change user command side

* feat: use states on write model

* feat: command and query side in auth api

* feat: auth commands

* feat: check external idp id

* feat: user state check

* fix: error messages

* fix: is active state

internal/v2/domain/factors.go

@@ -14,3 +14,17 @@ const (
 	MultiFactorTypeUnspecified MultiFactorType = iota
 	MultiFactorTypeU2FWithPIN
 )
+
+type FactorState int32
+
+const (
+	FactorStateUnspecified FactorState = iota
+	FactorStateActive
+	FactorStateRemoved
+
+	factorStateCount
+)
+
+func (f FactorState) Valid() bool {
+	return f >= 0 && f < factorStateCount
+}

internal/v2/domain/human.go

@@ -71,7 +71,8 @@ func (u *Human) SetNamesAsDisplayname() {
 
 func (u *Human) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
 	if u.Password != nil {
-		return u.Password.HashPasswordIfExisting(policy, passwordAlg, onetime)
+		u.Password.ChangeRequired = onetime
+		return u.Password.HashPasswordIfExisting(policy, passwordAlg)
 	}
 	return nil
 }

internal/v2/domain/human_address.go

@@ -11,3 +11,17 @@ type Address struct {
 	Region        string
 	StreetAddress string
 }
+
+type AddressState int32
+
+const (
+	AddressStateUnspecified AddressState = iota
+	AddressStateActive
+	AddressStateRemoved
+
+	addressStateCount
+)
+
+func (s AddressState) Valid() bool {
+	return s >= 0 && s < addressStateCount
+}

internal/v2/domain/human_email.go

@@ -23,3 +23,14 @@ type EmailCode struct {
 func (e *Email) IsValid() bool {
 	return e.EmailAddress != ""
 }
+
+func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, error) {
+	emailCodeCrypto, _, err := crypto.NewCode(emailGenerator)
+	if err != nil {
+		return nil, err
+	}
+	return &EmailCode{
+		Code:   emailCodeCrypto,
+		Expiry: emailGenerator.Expiry(),
+	}, nil
+}

internal/v2/domain/human_external_idp.go

@@ -5,7 +5,25 @@ import es_models "github.com/caos/zitadel/internal/eventstore/models"
 type ExternalIDP struct {
 	es_models.ObjectRoot
 
-	IDPConfigID string
-	UserID      string
-	DisplayName string
+	IDPConfigID    string
+	ExternalUserID string
+	DisplayName    string
+}
+
+func (idp *ExternalIDP) IsValid() bool {
+	return idp.AggregateID != "" && idp.IDPConfigID != "" && idp.ExternalUserID != ""
+}
+
+type ExternalIDPState int32
+
+const (
+	ExternalIDPStateUnspecified ExternalIDPState = iota
+	ExternalIDPStateActive
+	ExternalIDPStateRemoved
+
+	externalIDPStateCount
+)
+
+func (s ExternalIDPState) Valid() bool {
+	return s >= 0 && s < externalIDPStateCount
 }

internal/v2/domain/human_otp.go

@@ -13,3 +13,17 @@ type OTP struct {
 	Url          string
 	State        MFAState
 }
+
+type OTPState int32
+
+const (
+	OTPStateUnspecified OTPState = iota
+	OTPStateActive
+	OTPStateRemoved
+
+	otpStateCount
+)
+
+func (s OTPState) Valid() bool {
+	return s >= 0 && s < otpStateCount
+}

internal/v2/domain/human_password.go

@@ -23,7 +23,7 @@ type PasswordCode struct {
 	NotificationType NotificationType
 }
 
-func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
+func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm) error {
 	if p.SecretString == "" {
 		return nil
 	}
@@ -38,6 +38,16 @@ func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, pass
 		return err
 	}
 	p.SecretCrypto = secret
-	p.ChangeRequired = onetime
 	return nil
 }
+
+func NewPasswordCode(passwordGenerator crypto.Generator) (*PasswordCode, error) {
+	passwordCodeCrypto, _, err := crypto.NewCode(passwordGenerator)
+	if err != nil {
+		return nil, err
+	}
+	return &PasswordCode{
+		Code:   passwordCodeCrypto,
+		Expiry: passwordGenerator.Expiry(),
+	}, nil
+}

internal/v2/domain/human_phone.go

@@ -50,3 +50,17 @@ func NewPhoneCode(phoneGenerator crypto.Generator) (*PhoneCode, error) {
 		Expiry: phoneGenerator.Expiry(),
 	}, nil
 }
+
+type PhoneState int32
+
+const (
+	PhoneStateUnspecified PhoneState = iota
+	PhoneStateActive
+	PhoneStateRemoved
+
+	phoneStateCount
+)
+
+func (s PhoneState) Valid() bool {
+	return s >= 0 && s < phoneStateCount
+}

internal/v2/domain/human_web_auth_n.go

@@ -38,3 +38,17 @@ const (
 	UserVerificationRequirementPreferred
 	UserVerificationRequirementDiscouraged
 )
+
+type WebAuthNState int32
+
+const (
+	WebAuthNStateUnspecified WebAuthNState = iota
+	WebAuthNStateActive
+	WebAuthNStateRemoved
+
+	webAuthNStateCount
+)
+
+func (s WebAuthNState) Valid() bool {
+	return s >= 0 && s < webAuthNStateCount
+}

internal/v2/domain/iam_member.go

@@ -14,3 +14,17 @@ type IAMMember struct {
 func (i *IAMMember) IsValid() bool {
 	return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0
 }
+
+type MemberState int32
+
+const (
+	MemberStateUnspecified MemberState = iota
+	MemberStateActive
+	MemberStateRemoved
+
+	memberStateCount
+)
+
+func (f MemberState) Valid() bool {
+	return f >= 0 && f < memberStateCount
+}

internal/v2/domain/policy.go

@@ -0,0 +1,15 @@
+package domain
+
+type PolicyState int32
+
+const (
+	PolicyStateUnspecified PolicyState = iota
+	PolicyStateActive
+	PolicyStateRemoved
+
+	policyStateCount
+)
+
+func (f PolicyState) Valid() bool {
+	return f >= 0 && f < policyStateCount
+}

internal/v2/domain/provider.go

@@ -12,3 +12,17 @@ const (
 func (f IdentityProviderType) Valid() bool {
 	return f >= 0 && f < identityProviderCount
 }
+
+type IdentityProviderState int32
+
+const (
+	IdentityProviderStateUnspecified IdentityProviderState = iota
+	IdentityProviderStateActive
+	IdentityProviderStateRemoved
+
+	idpProviderState
+)
+
+func (s IdentityProviderState) Valid() bool {
+	return s >= 0 && s < idpProviderState
+}