mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 18:07:31 +00:00
feat: Hosted login translation API (#10011)
# Which Problems Are Solved This PR implements https://github.com/zitadel/zitadel/issues/9850 # How the Problems Are Solved - New protobuf definition - Implementation of retrieval of system translations - Implementation of retrieval and persistence of organization and instance level translations # Additional Context - Closes #9850 # TODO - [x] Integration tests for Get and Set hosted login translation endpoints - [x] DB migration test - [x] Command function tests - [x] Command util functions tests - [x] Query function test - [x] Query util functions tests
This commit is contained in:
Marco A.
@@ -1,10 +1,28 @@
|
||||
package authz
|
||||
|
||||
import "context"
|
||||
import (
|
||||
"context"
|
||||
|
||||
func NewMockContext(instanceID, orgID, userID string) context.Context {
|
||||
"golang.org/x/text/language"
|
||||
)
|
||||
|
||||
type MockContextInstanceOpts func(i *instance)
|
||||
|
||||
func WithMockDefaultLanguage(lang language.Tag) MockContextInstanceOpts {
|
||||
return func(i *instance) {
|
||||
i.defaultLanguage = lang
|
||||
}
|
||||
}
|
||||
|
||||
func NewMockContext(instanceID, orgID, userID string, opts ...MockContextInstanceOpts) context.Context {
|
||||
ctx := context.WithValue(context.Background(), dataKey, CtxData{UserID: userID, OrgID: orgID})
|
||||
return context.WithValue(ctx, instanceKey, &instance{id: instanceID})
|
||||
|
||||
i := &instance{id: instanceID}
|
||||
for _, o := range opts {
|
||||
o(i)
|
||||
}
|
||||
|
||||
return context.WithValue(ctx, instanceKey, i)
|
||||
}
|
||||
|
||||
func NewMockContextWithAgent(instanceID, orgID, userID, agentID string) context.Context {
|
||||
|
||||
432
internal/api/grpc/settings/v2/integration_test/query_test.go
Normal file
432
internal/api/grpc/settings/v2/integration_test/query_test.go
Normal file
@@ -0,0 +1,432 @@
|
||||
//go:build integration
|
||||
|
||||
package settings_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/idp"
|
||||
idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
|
||||
object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
|
||||
)
|
||||
|
||||
func TestServer_GetSecuritySettings(t *testing.T) {
|
||||
_, err := Client.SetSecuritySettings(AdminCTX, &settings.SetSecuritySettingsRequest{
|
||||
EmbeddedIframe: &settings.EmbeddedIframeSettings{
|
||||
Enabled: true,
|
||||
AllowedOrigins: []string{"foo", "bar"},
|
||||
},
|
||||
EnableImpersonation: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
want *settings.GetSecuritySettingsResponse
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "permission error",
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "success",
|
||||
ctx: AdminCTX,
|
||||
want: &settings.GetSecuritySettingsResponse{
|
||||
Settings: &settings.SecuritySettings{
|
||||
EmbeddedIframe: &settings.EmbeddedIframeSettings{
|
||||
Enabled: true,
|
||||
AllowedOrigins: []string{"foo", "bar"},
|
||||
},
|
||||
EnableImpersonation: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.ctx, time.Minute)
|
||||
assert.EventuallyWithT(t, func(ct *assert.CollectT) {
|
||||
resp, err := Client.GetSecuritySettings(tt.ctx, &settings.GetSecuritySettingsRequest{})
|
||||
if tt.wantErr {
|
||||
assert.Error(ct, err)
|
||||
return
|
||||
}
|
||||
if !assert.NoError(ct, err) {
|
||||
return
|
||||
}
|
||||
got, want := resp.GetSettings(), tt.want.GetSettings()
|
||||
assert.Equal(ct, want.GetEmbeddedIframe().GetEnabled(), got.GetEmbeddedIframe().GetEnabled(), "enable iframe embedding")
|
||||
assert.Equal(ct, want.GetEmbeddedIframe().GetAllowedOrigins(), got.GetEmbeddedIframe().GetAllowedOrigins(), "allowed origins")
|
||||
assert.Equal(ct, want.GetEnableImpersonation(), got.GetEnableImpersonation(), "enable impersonation")
|
||||
}, retryDuration, tick)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func idpResponse(id, name string, linking, creation, autoCreation, autoUpdate bool, autoLinking idp_pb.AutoLinkingOption) *settings.IdentityProvider {
|
||||
return &settings.IdentityProvider{
|
||||
Id: id,
|
||||
Name: name,
|
||||
Type: settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH,
|
||||
Options: &idp_pb.Options{
|
||||
IsLinkingAllowed: linking,
|
||||
IsCreationAllowed: creation,
|
||||
IsAutoCreation: autoCreation,
|
||||
IsAutoUpdate: autoUpdate,
|
||||
AutoLinking: autoLinking,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_GetActiveIdentityProviders(t *testing.T) {
|
||||
instance := integration.NewInstance(CTX)
|
||||
isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, gofakeit.AppName()) // inactive
|
||||
idpActiveName := gofakeit.AppName()
|
||||
idpActiveResp := instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, idpActiveName)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpActiveResp.GetId())
|
||||
idpActiveResponse := idpResponse(idpActiveResp.GetId(), idpActiveName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpLinkingDisallowedName := gofakeit.AppName()
|
||||
idpLinkingDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpLinkingDisallowedName, false, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpLinkingDisallowedResp.GetId())
|
||||
idpLinkingDisallowedResponse := idpResponse(idpLinkingDisallowedResp.GetId(), idpLinkingDisallowedName, false, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpCreationDisallowedName := gofakeit.AppName()
|
||||
idpCreationDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpCreationDisallowedName, true, false, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpCreationDisallowedResp.GetId())
|
||||
idpCreationDisallowedResponse := idpResponse(idpCreationDisallowedResp.GetId(), idpCreationDisallowedName, true, false, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpNoAutoCreationName := gofakeit.AppName()
|
||||
idpNoAutoCreationResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoCreationName, true, true, false, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoCreationResp.GetId())
|
||||
idpNoAutoCreationResponse := idpResponse(idpNoAutoCreationResp.GetId(), idpNoAutoCreationName, true, true, false, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpNoAutoLinkingName := gofakeit.AppName()
|
||||
idpNoAutoLinkingResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoLinkingName, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoLinkingResp.GetId())
|
||||
idpNoAutoLinkingResponse := idpResponse(idpNoAutoLinkingResp.GetId(), idpNoAutoLinkingName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *settings.GetActiveIdentityProvidersRequest
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want *settings.GetActiveIdentityProvidersResponse
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "permission error",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
req: &settings.GetActiveIdentityProvidersRequest{},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "success, all",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 5,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, exclude linking disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, only linking disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpLinkingDisallowedResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, exclude creation disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
CreationAllowed: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, only creation disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
CreationAllowed: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpCreationDisallowedResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, auto creation",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoCreation: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, no auto creation",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoCreation: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpNoAutoCreationResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, auto linking",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoLinking: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, no auto linking",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoLinking: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, exclude all",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(true),
|
||||
CreationAllowed: gu.Ptr(true),
|
||||
AutoCreation: gu.Ptr(true),
|
||||
AutoLinking: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
|
||||
assert.EventuallyWithT(t, func(ct *assert.CollectT) {
|
||||
got, err := instance.Client.SettingsV2.GetActiveIdentityProviders(tt.args.ctx, tt.args.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(ct, err)
|
||||
return
|
||||
}
|
||||
if !assert.NoError(ct, err) {
|
||||
return
|
||||
}
|
||||
for i, result := range tt.want.GetIdentityProviders() {
|
||||
assert.EqualExportedValues(ct, result, got.GetIdentityProviders()[i])
|
||||
}
|
||||
integration.AssertListDetails(ct, tt.want, got)
|
||||
}, retryDuration, tick)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_GetHostedLoginTranslation(t *testing.T) {
|
||||
// Given
|
||||
translations := map[string]any{"loginTitle": gofakeit.Slogan()}
|
||||
|
||||
protoTranslations, err := structpb.NewStruct(translations)
|
||||
require.NoError(t, err)
|
||||
|
||||
setupRequest := &settings.SetHostedLoginTranslationRequest{
|
||||
Level: &settings.SetHostedLoginTranslationRequest_OrganizationId{
|
||||
OrganizationId: Instance.DefaultOrg.GetId(),
|
||||
},
|
||||
Translations: protoTranslations,
|
||||
Locale: gofakeit.LanguageBCP(),
|
||||
}
|
||||
savedTranslation, err := Client.SetHostedLoginTranslation(AdminCTX, setupRequest)
|
||||
require.NoError(t, err)
|
||||
|
||||
tt := []struct {
|
||||
testName string
|
||||
inputCtx context.Context
|
||||
inputRequest *settings.GetHostedLoginTranslationRequest
|
||||
|
||||
expectedErrorCode codes.Code
|
||||
expectedErrorMsg string
|
||||
expectedResponse *settings.GetHostedLoginTranslationResponse
|
||||
}{
|
||||
{
|
||||
testName: "when unauthN context should return unauthN error",
|
||||
inputCtx: CTX,
|
||||
inputRequest: &settings.GetHostedLoginTranslationRequest{Locale: "en-US"},
|
||||
expectedErrorCode: codes.Unauthenticated,
|
||||
expectedErrorMsg: "auth header missing",
|
||||
},
|
||||
{
|
||||
testName: "when unauthZ context should return unauthZ error",
|
||||
inputCtx: OrgOwnerCtx,
|
||||
inputRequest: &settings.GetHostedLoginTranslationRequest{Locale: "en-US"},
|
||||
expectedErrorCode: codes.PermissionDenied,
|
||||
expectedErrorMsg: "No matching permissions found (AUTH-5mWD2)",
|
||||
},
|
||||
{
|
||||
testName: "when authZ request should save to db and return etag",
|
||||
inputCtx: AdminCTX,
|
||||
inputRequest: &settings.GetHostedLoginTranslationRequest{
|
||||
Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
|
||||
OrganizationId: Instance.DefaultOrg.GetId(),
|
||||
},
|
||||
Locale: setupRequest.GetLocale(),
|
||||
},
|
||||
expectedResponse: &settings.GetHostedLoginTranslationResponse{
|
||||
Etag: savedTranslation.GetEtag(),
|
||||
Translations: protoTranslations,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tt {
|
||||
t.Run(tc.testName, func(t *testing.T) {
|
||||
// When
|
||||
res, err := Client.GetHostedLoginTranslation(tc.inputCtx, tc.inputRequest)
|
||||
|
||||
// Then
|
||||
assert.Equal(t, tc.expectedErrorCode, status.Code(err))
|
||||
assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
|
||||
|
||||
if tc.expectedErrorMsg == "" {
|
||||
require.NoError(t, err)
|
||||
assert.NotEmpty(t, res.GetEtag())
|
||||
assert.NotEmpty(t, res.GetTranslations().GetFields())
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -13,9 +13,9 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
CTX, AdminCTX context.Context
|
||||
Instance *integration.Instance
|
||||
Client settings.SettingsServiceClient
|
||||
CTX, AdminCTX, UserTypeLoginCtx, OrgOwnerCtx context.Context
|
||||
Instance *integration.Instance
|
||||
Client settings.SettingsServiceClient
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
@@ -27,6 +27,9 @@ func TestMain(m *testing.M) {
|
||||
|
||||
CTX = ctx
|
||||
AdminCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
|
||||
UserTypeLoginCtx = Instance.WithAuthorization(ctx, integration.UserTypeLogin)
|
||||
OrgOwnerCtx = Instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
|
||||
|
||||
Client = Instance.Client.SettingsV2
|
||||
return m.Run()
|
||||
}())
|
||||
|
||||
@@ -4,78 +4,23 @@ package settings_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/idp"
|
||||
idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
|
||||
object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
|
||||
)
|
||||
|
||||
func TestServer_GetSecuritySettings(t *testing.T) {
|
||||
_, err := Client.SetSecuritySettings(AdminCTX, &settings.SetSecuritySettingsRequest{
|
||||
EmbeddedIframe: &settings.EmbeddedIframeSettings{
|
||||
Enabled: true,
|
||||
AllowedOrigins: []string{"foo", "bar"},
|
||||
},
|
||||
EnableImpersonation: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
want *settings.GetSecuritySettingsResponse
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "permission error",
|
||||
ctx: Instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "success",
|
||||
ctx: AdminCTX,
|
||||
want: &settings.GetSecuritySettingsResponse{
|
||||
Settings: &settings.SecuritySettings{
|
||||
EmbeddedIframe: &settings.EmbeddedIframeSettings{
|
||||
Enabled: true,
|
||||
AllowedOrigins: []string{"foo", "bar"},
|
||||
},
|
||||
EnableImpersonation: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.ctx, time.Minute)
|
||||
assert.EventuallyWithT(t, func(ct *assert.CollectT) {
|
||||
resp, err := Client.GetSecuritySettings(tt.ctx, &settings.GetSecuritySettingsRequest{})
|
||||
if tt.wantErr {
|
||||
assert.Error(ct, err)
|
||||
return
|
||||
}
|
||||
if !assert.NoError(ct, err) {
|
||||
return
|
||||
}
|
||||
got, want := resp.GetSettings(), tt.want.GetSettings()
|
||||
assert.Equal(ct, want.GetEmbeddedIframe().GetEnabled(), got.GetEmbeddedIframe().GetEnabled(), "enable iframe embedding")
|
||||
assert.Equal(ct, want.GetEmbeddedIframe().GetAllowedOrigins(), got.GetEmbeddedIframe().GetAllowedOrigins(), "allowed origins")
|
||||
assert.Equal(ct, want.GetEnableImpersonation(), got.GetEnableImpersonation(), "enable impersonation")
|
||||
}, retryDuration, tick)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_SetSecuritySettings(t *testing.T) {
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -183,280 +128,64 @@ func TestServer_SetSecuritySettings(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func idpResponse(id, name string, linking, creation, autoCreation, autoUpdate bool, autoLinking idp_pb.AutoLinkingOption) *settings.IdentityProvider {
|
||||
return &settings.IdentityProvider{
|
||||
Id: id,
|
||||
Name: name,
|
||||
Type: settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH,
|
||||
Options: &idp_pb.Options{
|
||||
IsLinkingAllowed: linking,
|
||||
IsCreationAllowed: creation,
|
||||
IsAutoCreation: autoCreation,
|
||||
IsAutoUpdate: autoUpdate,
|
||||
AutoLinking: autoLinking,
|
||||
},
|
||||
}
|
||||
}
|
||||
func TestSetHostedLoginTranslation(t *testing.T) {
|
||||
translations := map[string]any{"loginTitle": "Welcome to our service"}
|
||||
|
||||
func TestServer_GetActiveIdentityProviders(t *testing.T) {
|
||||
instance := integration.NewInstance(CTX)
|
||||
isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
protoTranslations, err := structpb.NewStruct(translations)
|
||||
require.Nil(t, err)
|
||||
|
||||
instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, gofakeit.AppName()) // inactive
|
||||
idpActiveName := gofakeit.AppName()
|
||||
idpActiveResp := instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, idpActiveName)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpActiveResp.GetId())
|
||||
idpActiveResponse := idpResponse(idpActiveResp.GetId(), idpActiveName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpLinkingDisallowedName := gofakeit.AppName()
|
||||
idpLinkingDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpLinkingDisallowedName, false, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpLinkingDisallowedResp.GetId())
|
||||
idpLinkingDisallowedResponse := idpResponse(idpLinkingDisallowedResp.GetId(), idpLinkingDisallowedName, false, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpCreationDisallowedName := gofakeit.AppName()
|
||||
idpCreationDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpCreationDisallowedName, true, false, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpCreationDisallowedResp.GetId())
|
||||
idpCreationDisallowedResponse := idpResponse(idpCreationDisallowedResp.GetId(), idpCreationDisallowedName, true, false, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpNoAutoCreationName := gofakeit.AppName()
|
||||
idpNoAutoCreationResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoCreationName, true, true, false, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoCreationResp.GetId())
|
||||
idpNoAutoCreationResponse := idpResponse(idpNoAutoCreationResp.GetId(), idpNoAutoCreationName, true, true, false, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
|
||||
idpNoAutoLinkingName := gofakeit.AppName()
|
||||
idpNoAutoLinkingResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoLinkingName, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
|
||||
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoLinkingResp.GetId())
|
||||
idpNoAutoLinkingResponse := idpResponse(idpNoAutoLinkingResp.GetId(), idpNoAutoLinkingName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
|
||||
hash := md5.Sum(fmt.Append(nil, translations))
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *settings.GetActiveIdentityProvidersRequest
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want *settings.GetActiveIdentityProvidersResponse
|
||||
wantErr bool
|
||||
tt := []struct {
|
||||
testName string
|
||||
inputCtx context.Context
|
||||
inputRequest *settings.SetHostedLoginTranslationRequest
|
||||
|
||||
expectedErrorCode codes.Code
|
||||
expectedErrorMsg string
|
||||
expectedResponse *settings.SetHostedLoginTranslationResponse
|
||||
}{
|
||||
{
|
||||
name: "permission error",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
req: &settings.GetActiveIdentityProvidersRequest{},
|
||||
},
|
||||
wantErr: true,
|
||||
testName: "when unauthN context should return unauthN error",
|
||||
inputCtx: CTX,
|
||||
expectedErrorCode: codes.Unauthenticated,
|
||||
expectedErrorMsg: "auth header missing",
|
||||
},
|
||||
{
|
||||
name: "success, all",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 5,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
testName: "when unauthZ context should return unauthZ error",
|
||||
inputCtx: UserTypeLoginCtx,
|
||||
expectedErrorCode: codes.PermissionDenied,
|
||||
expectedErrorMsg: "No matching permissions found (AUTH-5mWD2)",
|
||||
},
|
||||
{
|
||||
name: "success, exclude linking disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(true),
|
||||
testName: "when authZ request should save to db and return etag",
|
||||
inputCtx: AdminCTX,
|
||||
inputRequest: &settings.SetHostedLoginTranslationRequest{
|
||||
Level: &settings.SetHostedLoginTranslationRequest_OrganizationId{
|
||||
OrganizationId: Instance.DefaultOrg.GetId(),
|
||||
},
|
||||
Translations: protoTranslations,
|
||||
Locale: "en-US",
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, only linking disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpLinkingDisallowedResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, exclude creation disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
CreationAllowed: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, only creation disallowed",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
CreationAllowed: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpCreationDisallowedResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, auto creation",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoCreation: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, no auto creation",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoCreation: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpNoAutoCreationResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, auto linking",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoLinking: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 4,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
idpLinkingDisallowedResponse,
|
||||
idpCreationDisallowedResponse,
|
||||
idpNoAutoCreationResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, no auto linking",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
AutoLinking: gu.Ptr(false),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpNoAutoLinkingResponse,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success, exclude all",
|
||||
args: args{
|
||||
ctx: isolatedIAMOwnerCTX,
|
||||
req: &settings.GetActiveIdentityProvidersRequest{
|
||||
LinkingAllowed: gu.Ptr(true),
|
||||
CreationAllowed: gu.Ptr(true),
|
||||
AutoCreation: gu.Ptr(true),
|
||||
AutoLinking: gu.Ptr(true),
|
||||
},
|
||||
},
|
||||
want: &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: &object_pb.ListDetails{
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
IdentityProviders: []*settings.IdentityProvider{
|
||||
idpActiveResponse,
|
||||
},
|
||||
expectedResponse: &settings.SetHostedLoginTranslationResponse{
|
||||
Etag: hex.EncodeToString(hash[:]),
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
|
||||
assert.EventuallyWithT(t, func(ct *assert.CollectT) {
|
||||
got, err := instance.Client.SettingsV2.GetActiveIdentityProviders(tt.args.ctx, tt.args.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(ct, err)
|
||||
return
|
||||
}
|
||||
if !assert.NoError(ct, err) {
|
||||
return
|
||||
}
|
||||
for i, result := range tt.want.GetIdentityProviders() {
|
||||
assert.EqualExportedValues(ct, result, got.GetIdentityProviders()[i])
|
||||
}
|
||||
integration.AssertListDetails(ct, tt.want, got)
|
||||
}, retryDuration, tick)
|
||||
|
||||
for _, tc := range tt {
|
||||
t.Run(tc.testName, func(t *testing.T) {
|
||||
// When
|
||||
res, err := Client.SetHostedLoginTranslation(tc.inputCtx, tc.inputRequest)
|
||||
|
||||
// Then
|
||||
assert.Equal(t, tc.expectedErrorCode, status.Code(err))
|
||||
assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
|
||||
|
||||
if tc.expectedErrorMsg == "" {
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tc.expectedResponse.GetEtag(), res.GetEtag())
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
209
internal/api/grpc/settings/v2/query.go
Normal file
209
internal/api/grpc/settings/v2/query.go
Normal file
@@ -0,0 +1,209 @@
|
||||
package settings
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/i18n"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
|
||||
)
|
||||
|
||||
func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
|
||||
current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLoginSettingsResponse{
|
||||
Settings: loginSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.OrgID,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
|
||||
current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordComplexitySettingsResponse{
|
||||
Settings: passwordComplexitySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
|
||||
current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordExpirySettingsResponse{
|
||||
Settings: passwordExpirySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
|
||||
current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetBrandingSettingsResponse{
|
||||
Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
|
||||
current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetDomainSettingsResponse{
|
||||
Settings: domainSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
|
||||
current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLegalAndSupportSettingsResponse{
|
||||
Settings: legalAndSupportSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
|
||||
current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLockoutSettingsResponse{
|
||||
Settings: lockoutSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
|
||||
queries, err := activeIdentityProvidersToQuery(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: object.ToListDetails(links.SearchResponse),
|
||||
IdentityProviders: identityProvidersToPb(links.Links),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequest) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, 0, 4)
|
||||
if req.CreationAllowed != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsCreationAllowedSearchQuery(*req.CreationAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.LinkingAllowed != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsLinkingAllowedSearchQuery(*req.LinkingAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.AutoCreation != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsAutoCreationSearchQuery(*req.AutoCreation)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.AutoLinking != nil {
|
||||
compare := query.NumberEquals
|
||||
if *req.AutoLinking {
|
||||
compare = query.NumberNotEquals
|
||||
}
|
||||
creationQuery, err := query.NewIDPTemplateAutoLinkingSearchQuery(0, compare)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
|
||||
instance := authz.GetInstance(ctx)
|
||||
return &settings.GetGeneralSettingsResponse{
|
||||
SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
|
||||
DefaultOrgId: instance.DefaultOrganisationID(),
|
||||
DefaultLanguage: instance.DefaultLanguage().String(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
|
||||
policy, err := s.query.SecurityPolicy(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetSecuritySettingsResponse{
|
||||
Settings: securityPolicyToSettingsPb(policy),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetHostedLoginTranslation(ctx context.Context, req *settings.GetHostedLoginTranslationRequest) (*settings.GetHostedLoginTranslationResponse, error) {
|
||||
translation, err := s.query.GetHostedLoginTranslation(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return translation, nil
|
||||
}
|
||||
@@ -3,202 +3,10 @@ package settings
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/i18n"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
|
||||
)
|
||||
|
||||
func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
|
||||
current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLoginSettingsResponse{
|
||||
Settings: loginSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.OrgID,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
|
||||
current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordComplexitySettingsResponse{
|
||||
Settings: passwordComplexitySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
|
||||
current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordExpirySettingsResponse{
|
||||
Settings: passwordExpirySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
|
||||
current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetBrandingSettingsResponse{
|
||||
Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
|
||||
current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetDomainSettingsResponse{
|
||||
Settings: domainSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
|
||||
current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLegalAndSupportSettingsResponse{
|
||||
Settings: legalAndSupportSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
|
||||
current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetLockoutSettingsResponse{
|
||||
Settings: lockoutSettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
CreationDate: timestamppb.New(current.CreationDate),
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
|
||||
queries, err := activeIdentityProvidersToQuery(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &settings.GetActiveIdentityProvidersResponse{
|
||||
Details: object.ToListDetails(links.SearchResponse),
|
||||
IdentityProviders: identityProvidersToPb(links.Links),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequest) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, 0, 4)
|
||||
if req.CreationAllowed != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsCreationAllowedSearchQuery(*req.CreationAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.LinkingAllowed != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsLinkingAllowedSearchQuery(*req.LinkingAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.AutoCreation != nil {
|
||||
creationQuery, err := query.NewIDPTemplateIsAutoCreationSearchQuery(*req.AutoCreation)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
if req.AutoLinking != nil {
|
||||
compare := query.NumberEquals
|
||||
if *req.AutoLinking {
|
||||
compare = query.NumberNotEquals
|
||||
}
|
||||
creationQuery, err := query.NewIDPTemplateAutoLinkingSearchQuery(0, compare)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q = append(q, creationQuery)
|
||||
}
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
|
||||
instance := authz.GetInstance(ctx)
|
||||
return &settings.GetGeneralSettingsResponse{
|
||||
SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
|
||||
DefaultOrgId: instance.DefaultOrganisationID(),
|
||||
DefaultLanguage: instance.DefaultLanguage().String(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
|
||||
policy, err := s.query.SecurityPolicy(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetSecuritySettingsResponse{
|
||||
Settings: securityPolicyToSettingsPb(policy),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {
|
||||
details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))
|
||||
if err != nil {
|
||||
@@ -208,3 +16,12 @@ func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecur
|
||||
Details: object.DomainToDetailsPb(details),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) SetHostedLoginTranslation(ctx context.Context, req *settings.SetHostedLoginTranslationRequest) (*settings.SetHostedLoginTranslationResponse, error) {
|
||||
res, err := s.command.SetHostedLoginTranslation(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user