mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 08:27:32 +00:00
Merge branch 'master' into new-eventstore
# Conflicts: # go.sum
This commit is contained in:
Fabiennne
@@ -2,10 +2,9 @@ package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/internal/auth_request/model"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/auth_request/model"
|
||||
)
|
||||
|
||||
type AuthRequestRepository interface {
|
||||
@@ -15,14 +14,22 @@ type AuthRequestRepository interface {
|
||||
AuthRequestByCode(ctx context.Context, code string) (*model.AuthRequest, error)
|
||||
SaveAuthCode(ctx context.Context, id, code, userAgentID string) error
|
||||
DeleteAuthRequest(ctx context.Context, id string) error
|
||||
|
||||
CheckLoginName(ctx context.Context, id, loginName, userAgentID string) error
|
||||
CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *model.ExternalUser, info *model.BrowserInfo) error
|
||||
SelectUser(ctx context.Context, id, userID, userAgentID string) error
|
||||
SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID string) error
|
||||
VerifyPassword(ctx context.Context, id, userID, password, userAgentID string, info *model.BrowserInfo) error
|
||||
VerifyMfaOTP(ctx context.Context, agentID, authRequestID, code, userAgentID string, info *model.BrowserInfo) error
|
||||
|
||||
VerifyMFAOTP(ctx context.Context, agentID, authRequestID, code, userAgentID string, info *model.BrowserInfo) error
|
||||
BeginMFAU2FLogin(ctx context.Context, userID, authRequestID, userAgentID string) (*user_model.WebAuthNLogin, error)
|
||||
VerifyMFAU2F(ctx context.Context, userID, authRequestID, userAgentID string, credentialData []byte, info *model.BrowserInfo) error
|
||||
BeginPasswordlessLogin(ctx context.Context, userID, authRequestID, userAgentID string) (*user_model.WebAuthNLogin, error)
|
||||
VerifyPasswordless(ctx context.Context, userID, authRequestID, userAgentID string, credentialData []byte, info *model.BrowserInfo) error
|
||||
|
||||
LinkExternalUsers(ctx context.Context, authReqID, userAgentID string, info *model.BrowserInfo) error
|
||||
AutoRegisterExternalUser(ctx context.Context, user *user_model.User, externalIDP *user_model.ExternalIDP, member *org_model.OrgMember, authReqID, userAgentID, resourceOwner string, info *model.BrowserInfo) error
|
||||
ResetLinkingUsers(ctx context.Context, authReqID, userAgentID string) error
|
||||
|
||||
GetOrgByPrimaryDomain(primaryDomain string) (*org_model.OrgView, error)
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/project/model"
|
||||
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
|
||||
proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
)
|
||||
|
||||
type ApplicationRepo struct {
|
||||
@@ -22,7 +23,10 @@ func (a *ApplicationRepo) ApplicationByClientID(ctx context.Context, clientID st
|
||||
return proj_view_model.ApplicationViewToModel(app), nil
|
||||
}
|
||||
|
||||
func (a *ApplicationRepo) AuthorizeOIDCApplication(ctx context.Context, clientID, secret string) error {
|
||||
func (a *ApplicationRepo) AuthorizeOIDCApplication(ctx context.Context, clientID, secret string) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
|
||||
app, err := a.View.ApplicationByClientID(ctx, clientID)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -21,7 +21,7 @@ import (
|
||||
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
org_view_model "github.com/caos/zitadel/internal/org/repository/view/model"
|
||||
project_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/tracing"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
||||
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
@@ -47,7 +47,7 @@ type AuthRequestRepo struct {
|
||||
|
||||
PasswordCheckLifeTime time.Duration
|
||||
ExternalLoginCheckLifeTime time.Duration
|
||||
MfaInitSkippedLifeTime time.Duration
|
||||
MFAInitSkippedLifeTime time.Duration
|
||||
SecondFactorCheckLifeTime time.Duration
|
||||
MultiFactorCheckLifeTime time.Duration
|
||||
|
||||
@@ -245,27 +245,62 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAge
|
||||
func (repo *AuthRequestRepo) VerifyPassword(ctx context.Context, id, userID, password, userAgentID string, info *model.BrowserInfo) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
request, err := repo.getAuthRequest(ctx, id, userAgentID)
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, id, userAgentID, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if request.UserID != userID {
|
||||
return errors.ThrowPreconditionFailed(nil, "EVENT-ds35D", "Errors.User.NotMatchingUserID")
|
||||
}
|
||||
return repo.UserEvents.CheckPassword(ctx, userID, password, request.WithCurrentInfo(info))
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) VerifyMfaOTP(ctx context.Context, authRequestID, userID, code, userAgentID string, info *model.BrowserInfo) (err error) {
|
||||
func (repo *AuthRequestRepo) VerifyMFAOTP(ctx context.Context, authRequestID, userID, code, userAgentID string, info *model.BrowserInfo) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
request, err := repo.getAuthRequest(ctx, authRequestID, userAgentID)
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if request.UserID != userID {
|
||||
return errors.ThrowPreconditionFailed(nil, "EVENT-ADJ26", "Errors.User.NotMatchingUserID")
|
||||
return repo.UserEvents.CheckMFAOTP(ctx, userID, code, request.WithCurrentInfo(info))
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) BeginMFAU2FLogin(ctx context.Context, userID, authRequestID, userAgentID string) (login *user_model.WebAuthNLogin, err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return repo.UserEvents.CheckMfaOTP(ctx, userID, code, request.WithCurrentInfo(info))
|
||||
return repo.UserEvents.BeginU2FLogin(ctx, userID, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) VerifyMFAU2F(ctx context.Context, userID, authRequestID, userAgentID string, credentialData []byte, info *model.BrowserInfo) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return repo.UserEvents.VerifyMFAU2F(ctx, userID, credentialData, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) BeginPasswordlessLogin(ctx context.Context, userID, authRequestID, userAgentID string) (login *user_model.WebAuthNLogin, err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return repo.UserEvents.BeginPasswordlessLogin(ctx, userID, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) VerifyPasswordless(ctx context.Context, userID, authRequestID, userAgentID string, credentialData []byte, info *model.BrowserInfo) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return repo.UserEvents.VerifyPasswordless(ctx, userID, credentialData, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) LinkExternalUsers(ctx context.Context, authReqID, userAgentID string, info *model.BrowserInfo) (err error) {
|
||||
@@ -365,6 +400,17 @@ func (repo *AuthRequestRepo) getAuthRequestNextSteps(ctx context.Context, id, us
|
||||
return request, nil
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getAuthRequestEnsureUser(ctx context.Context, authRequestID, userAgentID, userID string) (*model.AuthRequest, error) {
|
||||
request, err := repo.getAuthRequest(ctx, authRequestID, userAgentID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if request.UserID != userID {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-GBH32", "Errors.User.NotMatchingUserID")
|
||||
}
|
||||
return request, nil
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID string) (*model.AuthRequest, error) {
|
||||
request, err := repo.AuthRequests.GetAuthRequestByID(ctx, id)
|
||||
if err != nil {
|
||||
@@ -545,27 +591,19 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthR
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if (request.SelectedIDPConfigID != "" || userSession.SelectedIDPConfigID != "") && (request.LinkingUsers == nil || len(request.LinkingUsers) == 0) {
|
||||
if !checkVerificationTime(userSession.ExternalLoginVerification, repo.ExternalLoginCheckLifeTime) {
|
||||
selectedIDPConfigID := request.SelectedIDPConfigID
|
||||
if selectedIDPConfigID == "" {
|
||||
selectedIDPConfigID = userSession.SelectedIDPConfigID
|
||||
}
|
||||
return append(steps, &model.ExternalLoginStep{SelectedIDPConfigID: selectedIDPConfigID}), nil
|
||||
isInternalLogin := request.SelectedIDPConfigID == "" && userSession.SelectedIDPConfigID == ""
|
||||
if !isInternalLogin && len(request.LinkingUsers) == 0 && !checkVerificationTime(userSession.ExternalLoginVerification, repo.ExternalLoginCheckLifeTime) {
|
||||
selectedIDPConfigID := request.SelectedIDPConfigID
|
||||
if selectedIDPConfigID == "" {
|
||||
selectedIDPConfigID = userSession.SelectedIDPConfigID
|
||||
}
|
||||
} else if (request.SelectedIDPConfigID == "" && userSession.SelectedIDPConfigID == "") || (request.SelectedIDPConfigID != "" && request.LinkingUsers != nil && len(request.LinkingUsers) > 0) {
|
||||
if user.InitRequired {
|
||||
return append(steps, &model.InitUserStep{PasswordSet: user.PasswordSet}), nil
|
||||
return append(steps, &model.ExternalLoginStep{SelectedIDPConfigID: selectedIDPConfigID}), nil
|
||||
}
|
||||
if isInternalLogin || (!isInternalLogin && len(request.LinkingUsers) > 0) {
|
||||
step := repo.firstFactorChecked(request, user, userSession)
|
||||
if step != nil {
|
||||
return append(steps, step), nil
|
||||
}
|
||||
if !user.PasswordSet {
|
||||
return append(steps, &model.InitPasswordStep{}), nil
|
||||
}
|
||||
|
||||
if !checkVerificationTime(userSession.PasswordVerification, repo.PasswordCheckLifeTime) {
|
||||
return append(steps, &model.PasswordStep{}), nil
|
||||
}
|
||||
request.PasswordVerified = true
|
||||
request.AuthTime = userSession.PasswordVerification
|
||||
}
|
||||
|
||||
step, ok, err := repo.mfaChecked(userSession, request, user)
|
||||
@@ -624,21 +662,46 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *model.AuthRequest) (
|
||||
return users, nil
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) firstFactorChecked(request *model.AuthRequest, user *user_model.UserView, userSession *user_model.UserSessionView) model.NextStep {
|
||||
if user.InitRequired {
|
||||
return &model.InitUserStep{PasswordSet: user.PasswordSet}
|
||||
}
|
||||
|
||||
if user.IsPasswordlessReady() {
|
||||
if !checkVerificationTime(userSession.PasswordlessVerification, repo.MultiFactorCheckLifeTime) {
|
||||
return &model.PasswordlessStep{}
|
||||
}
|
||||
request.AuthTime = userSession.PasswordlessVerification
|
||||
return nil
|
||||
}
|
||||
|
||||
if !user.PasswordSet {
|
||||
return &model.InitPasswordStep{}
|
||||
}
|
||||
|
||||
if !checkVerificationTime(userSession.PasswordVerification, repo.PasswordCheckLifeTime) {
|
||||
return &model.PasswordStep{}
|
||||
}
|
||||
request.PasswordVerified = true
|
||||
request.AuthTime = userSession.PasswordVerification
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *model.AuthRequest, user *user_model.UserView) (model.NextStep, bool, error) {
|
||||
mfaLevel := request.MfaLevel()
|
||||
allowedProviders, required := user.MfaTypesAllowed(mfaLevel, request.LoginPolicy)
|
||||
promptRequired := (user.MfaMaxSetUp < mfaLevel) || (len(allowedProviders) == 0 && required)
|
||||
mfaLevel := request.MFALevel()
|
||||
allowedProviders, required := user.MFATypesAllowed(mfaLevel, request.LoginPolicy)
|
||||
promptRequired := (user.MFAMaxSetUp < mfaLevel) || (len(allowedProviders) == 0 && required)
|
||||
if promptRequired || !repo.mfaSkippedOrSetUp(user) {
|
||||
types := user.MfaTypesSetupPossible(mfaLevel, request.LoginPolicy)
|
||||
types := user.MFATypesSetupPossible(mfaLevel, request.LoginPolicy)
|
||||
if promptRequired && len(types) == 0 {
|
||||
return nil, false, errors.ThrowPreconditionFailed(nil, "LOGIN-5Hm8s", "Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured")
|
||||
}
|
||||
if len(types) == 0 {
|
||||
return nil, true, nil
|
||||
}
|
||||
return &model.MfaPromptStep{
|
||||
return &model.MFAPromptStep{
|
||||
Required: promptRequired,
|
||||
MfaProviders: types,
|
||||
MFAProviders: types,
|
||||
}, false, nil
|
||||
}
|
||||
switch mfaLevel {
|
||||
@@ -651,28 +714,28 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
|
||||
fallthrough
|
||||
case model.MFALevelSecondFactor:
|
||||
if checkVerificationTime(userSession.SecondFactorVerification, repo.SecondFactorCheckLifeTime) {
|
||||
request.MfasVerified = append(request.MfasVerified, userSession.SecondFactorVerificationType)
|
||||
request.MFAsVerified = append(request.MFAsVerified, userSession.SecondFactorVerificationType)
|
||||
request.AuthTime = userSession.SecondFactorVerification
|
||||
return nil, true, nil
|
||||
}
|
||||
fallthrough
|
||||
case model.MFALevelMultiFactor:
|
||||
if checkVerificationTime(userSession.MultiFactorVerification, repo.MultiFactorCheckLifeTime) {
|
||||
request.MfasVerified = append(request.MfasVerified, userSession.MultiFactorVerificationType)
|
||||
request.MFAsVerified = append(request.MFAsVerified, userSession.MultiFactorVerificationType)
|
||||
request.AuthTime = userSession.MultiFactorVerification
|
||||
return nil, true, nil
|
||||
}
|
||||
}
|
||||
return &model.MfaVerificationStep{
|
||||
MfaProviders: allowedProviders,
|
||||
return &model.MFAVerificationStep{
|
||||
MFAProviders: allowedProviders,
|
||||
}, false, nil
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView) bool {
|
||||
if user.MfaMaxSetUp > model.MFALevelNotSetUp {
|
||||
if user.MFAMaxSetUp > model.MFALevelNotSetUp {
|
||||
return true
|
||||
}
|
||||
return checkVerificationTime(user.MfaInitSkipped, repo.MfaInitSkippedLifeTime)
|
||||
return checkVerificationTime(user.MFAInitSkipped, repo.MFAInitSkippedLifeTime)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginPolicy(ctx context.Context, orgID string) (*iam_model.LoginPolicyView, error) {
|
||||
@@ -745,7 +808,11 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
|
||||
es_model.HumanExternalLoginCheckSucceeded,
|
||||
es_model.HumanMFAOTPCheckSucceeded,
|
||||
es_model.HumanMFAOTPCheckFailed,
|
||||
es_model.HumanSignedOut:
|
||||
es_model.HumanSignedOut,
|
||||
es_model.HumanPasswordlessTokenCheckSucceeded,
|
||||
es_model.HumanPasswordlessTokenCheckFailed,
|
||||
es_model.HumanMFAU2FTokenCheckSucceeded,
|
||||
es_model.HumanMFAU2FTokenCheckFailed:
|
||||
eventData, err := user_view_model.UserSessionFromEvent(event)
|
||||
if err != nil {
|
||||
logging.Log("EVENT-sdgT3").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error getting event data")
|
||||
|
||||
@@ -48,8 +48,10 @@ func (m *mockViewErrUserSession) UserSessionsByAgentID(string) ([]*user_view_mod
|
||||
|
||||
type mockViewUserSession struct {
|
||||
ExternalLoginVerification time.Time
|
||||
PasswordlessVerification time.Time
|
||||
PasswordVerification time.Time
|
||||
SecondFactorVerification time.Time
|
||||
MultiFactorVerification time.Time
|
||||
Users []mockUser
|
||||
}
|
||||
|
||||
@@ -61,8 +63,10 @@ type mockUser struct {
|
||||
func (m *mockViewUserSession) UserSessionByIDs(string, string) (*user_view_model.UserSessionView, error) {
|
||||
return &user_view_model.UserSessionView{
|
||||
ExternalLoginVerification: m.ExternalLoginVerification,
|
||||
PasswordlessVerification: m.PasswordlessVerification,
|
||||
PasswordVerification: m.PasswordVerification,
|
||||
SecondFactorVerification: m.SecondFactorVerification,
|
||||
MultiFactorVerification: m.MultiFactorVerification,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -115,8 +119,9 @@ type mockViewUser struct {
|
||||
PasswordChangeRequired bool
|
||||
IsEmailVerified bool
|
||||
OTPState int32
|
||||
MfaMaxSetUp int32
|
||||
MfaInitSkipped time.Time
|
||||
MFAMaxSetUp int32
|
||||
MFAInitSkipped time.Time
|
||||
PasswordlessTokens user_view_model.WebAuthNTokens
|
||||
}
|
||||
|
||||
type mockLoginPolicy struct {
|
||||
@@ -138,8 +143,9 @@ func (m *mockViewUser) UserByID(string) (*user_view_model.UserView, error) {
|
||||
PasswordChangeRequired: m.PasswordChangeRequired,
|
||||
IsEmailVerified: m.IsEmailVerified,
|
||||
OTPState: m.OTPState,
|
||||
MfaMaxSetUp: m.MfaMaxSetUp,
|
||||
MfaInitSkipped: m.MfaInitSkipped,
|
||||
MFAMaxSetUp: m.MFAMaxSetUp,
|
||||
MFAInitSkipped: m.MFAInitSkipped,
|
||||
PasswordlessTokens: m.PasswordlessTokens,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
@@ -200,7 +206,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
loginPolicyProvider loginPolicyViewProvider
|
||||
PasswordCheckLifeTime time.Duration
|
||||
ExternalLoginCheckLifeTime time.Duration
|
||||
MfaInitSkippedLifeTime time.Duration
|
||||
MFAInitSkippedLifeTime time.Duration
|
||||
SecondFactorCheckLifeTime time.Duration
|
||||
MultiFactorCheckLifeTime time.Duration
|
||||
}
|
||||
@@ -413,6 +419,49 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
}},
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"passwordless not verified, passwordless check step",
|
||||
fields{
|
||||
userSessionViewProvider: &mockViewUserSession{},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
MultiFactorCheckLifeTime: 10 * time.Hour,
|
||||
},
|
||||
args{&model.AuthRequest{UserID: "UserID"}, false},
|
||||
[]model.NextStep{&model.PasswordlessStep{}},
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"passwordless verified, email not verified, email verification step",
|
||||
fields{
|
||||
userSessionViewProvider: &mockViewUserSession{
|
||||
PasswordlessVerification: time.Now().Add(-5 * time.Minute),
|
||||
MultiFactorVerification: time.Now().Add(-5 * time.Minute),
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
|
||||
PasswordChangeRequired: false,
|
||||
IsEmailVerified: false,
|
||||
MFAMaxSetUp: int32(model.MFALevelMultiFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
MultiFactorCheckLifeTime: 10 * time.Hour,
|
||||
},
|
||||
args{&model.AuthRequest{
|
||||
UserID: "UserID",
|
||||
LoginPolicy: &iam_model.LoginPolicyView{
|
||||
MultiFactors: []iam_model.MultiFactorType{iam_model.MultiFactorTypeU2FWithPIN},
|
||||
},
|
||||
}, false},
|
||||
[]model.NextStep{&model.VerifyEMailStep{}},
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"password not set, init password step",
|
||||
fields{
|
||||
@@ -433,7 +482,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -452,7 +501,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -499,7 +548,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -525,8 +574,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
OTPState: int32(user_model.MfaStateReady),
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
OTPState: int32(user_model.MFAStateReady),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -540,8 +589,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
|
||||
},
|
||||
}, false},
|
||||
[]model.NextStep{&model.MfaVerificationStep{
|
||||
MfaProviders: []model.MFAType{model.MFATypeOTP},
|
||||
[]model.NextStep{&model.MFAVerificationStep{
|
||||
MFAProviders: []model.MFAType{model.MFATypeOTP},
|
||||
}},
|
||||
nil,
|
||||
},
|
||||
@@ -554,8 +603,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
OTPState: int32(user_model.MfaStateReady),
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
OTPState: int32(user_model.MFAStateReady),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -571,8 +620,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
|
||||
},
|
||||
}, false},
|
||||
[]model.NextStep{&model.MfaVerificationStep{
|
||||
MfaProviders: []model.MFAType{model.MFATypeOTP},
|
||||
[]model.NextStep{&model.MFAVerificationStep{
|
||||
MFAProviders: []model.MFAType{model.MFATypeOTP},
|
||||
}},
|
||||
nil,
|
||||
},
|
||||
@@ -587,7 +636,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
PasswordSet: true,
|
||||
PasswordChangeRequired: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -613,7 +662,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -639,7 +688,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
PasswordChangeRequired: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -665,7 +714,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -693,7 +742,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -722,7 +771,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -754,7 +803,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -785,7 +834,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -810,7 +859,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
IsEmailVerified: true,
|
||||
MfaMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
|
||||
@@ -844,7 +893,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
LoginPolicyViewProvider: tt.fields.loginPolicyProvider,
|
||||
PasswordCheckLifeTime: tt.fields.PasswordCheckLifeTime,
|
||||
ExternalLoginCheckLifeTime: tt.fields.ExternalLoginCheckLifeTime,
|
||||
MfaInitSkippedLifeTime: tt.fields.MfaInitSkippedLifeTime,
|
||||
MFAInitSkippedLifeTime: tt.fields.MFAInitSkippedLifeTime,
|
||||
SecondFactorCheckLifeTime: tt.fields.SecondFactorCheckLifeTime,
|
||||
MultiFactorCheckLifeTime: tt.fields.MultiFactorCheckLifeTime,
|
||||
}
|
||||
@@ -860,7 +909,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
|
||||
func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
type fields struct {
|
||||
MfaInitSkippedLifeTime time.Duration
|
||||
MFAInitSkippedLifeTime time.Duration
|
||||
SecondFactorCheckLifeTime time.Duration
|
||||
MultiFactorCheckLifeTime time.Duration
|
||||
}
|
||||
@@ -884,7 +933,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
// args{
|
||||
// request: &model.AuthRequest{PossibleLOAs: []model.LevelOfAssurance{}},
|
||||
// user: &user_model.UserView{
|
||||
// OTPState: user_model.MfaStateReady,
|
||||
// OTPState: user_model.MFAStateReady,
|
||||
// },
|
||||
// },
|
||||
// false,
|
||||
@@ -892,7 +941,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
{
|
||||
"not set up, forced by policy, no mfas configured, error",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
request: &model.AuthRequest{
|
||||
@@ -902,7 +951,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelNotSetUp,
|
||||
MFAMaxSetUp: model.MFALevelNotSetUp,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -913,7 +962,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
{
|
||||
"not set up, no mfas configured, no prompt and true",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
request: &model.AuthRequest{
|
||||
@@ -921,7 +970,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelNotSetUp,
|
||||
MFAMaxSetUp: model.MFALevelNotSetUp,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -932,7 +981,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
{
|
||||
"not set up, prompt and false",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
request: &model.AuthRequest{
|
||||
@@ -942,12 +991,12 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelNotSetUp,
|
||||
MFAMaxSetUp: model.MFALevelNotSetUp,
|
||||
},
|
||||
},
|
||||
},
|
||||
&model.MfaPromptStep{
|
||||
MfaProviders: []model.MFAType{
|
||||
&model.MFAPromptStep{
|
||||
MFAProviders: []model.MFAType{
|
||||
model.MFATypeOTP,
|
||||
},
|
||||
},
|
||||
@@ -957,7 +1006,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
{
|
||||
"not set up, forced by org, true",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
request: &model.AuthRequest{
|
||||
@@ -968,13 +1017,13 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelNotSetUp,
|
||||
MFAMaxSetUp: model.MFALevelNotSetUp,
|
||||
},
|
||||
},
|
||||
},
|
||||
&model.MfaPromptStep{
|
||||
&model.MFAPromptStep{
|
||||
Required: true,
|
||||
MfaProviders: []model.MFAType{
|
||||
MFAProviders: []model.MFAType{
|
||||
model.MFATypeOTP,
|
||||
},
|
||||
},
|
||||
@@ -984,7 +1033,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
{
|
||||
"not set up and skipped, true",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
request: &model.AuthRequest{
|
||||
@@ -992,8 +1041,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelNotSetUp,
|
||||
MfaInitSkipped: time.Now().UTC(),
|
||||
MFAMaxSetUp: model.MFALevelNotSetUp,
|
||||
MFAInitSkipped: time.Now().UTC(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1014,8 +1063,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelSecondFactor,
|
||||
OTPState: user_model.MfaStateReady,
|
||||
MFAMaxSetUp: model.MFALevelSecondFactor,
|
||||
OTPState: user_model.MFAStateReady,
|
||||
},
|
||||
},
|
||||
userSession: &user_model.UserSessionView{SecondFactorVerification: time.Now().UTC().Add(-5 * time.Hour)},
|
||||
@@ -1037,15 +1086,15 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
},
|
||||
user: &user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelSecondFactor,
|
||||
OTPState: user_model.MfaStateReady,
|
||||
MFAMaxSetUp: model.MFALevelSecondFactor,
|
||||
OTPState: user_model.MFAStateReady,
|
||||
},
|
||||
},
|
||||
userSession: &user_model.UserSessionView{},
|
||||
},
|
||||
|
||||
&model.MfaVerificationStep{
|
||||
MfaProviders: []model.MFAType{model.MFATypeOTP},
|
||||
&model.MFAVerificationStep{
|
||||
MFAProviders: []model.MFAType{model.MFATypeOTP},
|
||||
},
|
||||
false,
|
||||
nil,
|
||||
@@ -1054,7 +1103,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
repo := &AuthRequestRepo{
|
||||
MfaInitSkippedLifeTime: tt.fields.MfaInitSkippedLifeTime,
|
||||
MFAInitSkippedLifeTime: tt.fields.MFAInitSkippedLifeTime,
|
||||
SecondFactorCheckLifeTime: tt.fields.SecondFactorCheckLifeTime,
|
||||
MultiFactorCheckLifeTime: tt.fields.MultiFactorCheckLifeTime,
|
||||
}
|
||||
@@ -1073,7 +1122,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
|
||||
|
||||
func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
|
||||
type fields struct {
|
||||
MfaInitSkippedLifeTime time.Duration
|
||||
MFAInitSkippedLifeTime time.Duration
|
||||
}
|
||||
type args struct {
|
||||
user *user_model.UserView
|
||||
@@ -1090,7 +1139,7 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
|
||||
args{
|
||||
&user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: model.MFALevelSecondFactor,
|
||||
MFAMaxSetUp: model.MFALevelSecondFactor,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1099,13 +1148,13 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
|
||||
{
|
||||
"mfa skipped active, true",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
&user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: -1,
|
||||
MfaInitSkipped: time.Now().UTC().Add(-10 * time.Hour),
|
||||
MFAMaxSetUp: -1,
|
||||
MFAInitSkipped: time.Now().UTC().Add(-10 * time.Hour),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1114,13 +1163,13 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
|
||||
{
|
||||
"mfa skipped inactive, false",
|
||||
fields{
|
||||
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
|
||||
},
|
||||
args{
|
||||
&user_model.UserView{
|
||||
HumanView: &user_model.HumanView{
|
||||
MfaMaxSetUp: -1,
|
||||
MfaInitSkipped: time.Now().UTC().Add(-40 * 24 * time.Hour),
|
||||
MFAMaxSetUp: -1,
|
||||
MFAInitSkipped: time.Now().UTC().Add(-40 * 24 * time.Hour),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1130,7 +1179,7 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
repo := &AuthRequestRepo{
|
||||
MfaInitSkippedLifeTime: tt.fields.MfaInitSkippedLifeTime,
|
||||
MFAInitSkippedLifeTime: tt.fields.MFAInitSkippedLifeTime,
|
||||
}
|
||||
if got := repo.mfaSkippedOrSetUp(tt.args.user); got != tt.want {
|
||||
t.Errorf("mfaSkippedOrSetUp() = %v, want %v", got, tt.want)
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/tracing"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
|
||||
auth_model "github.com/caos/zitadel/internal/auth/model"
|
||||
auth_view "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
|
||||
@@ -50,7 +50,7 @@ func (repo *OrgRepository) SearchOrgs(ctx context.Context, request *org_model.Or
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
@@ -3,17 +3,18 @@ package eventstore
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
|
||||
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/tracing"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
usr_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
|
||||
)
|
||||
|
||||
type TokenRepo struct {
|
||||
|
||||
@@ -16,7 +16,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/tracing"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
"github.com/caos/zitadel/internal/user/model"
|
||||
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
||||
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
@@ -124,7 +124,7 @@ func (repo *UserRepo) SearchMyExternalIDPs(ctx context.Context, request *model.E
|
||||
}
|
||||
if seqErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
@@ -253,18 +253,22 @@ func (repo *UserRepo) ChangePassword(ctx context.Context, userID, old, new strin
|
||||
return err
|
||||
}
|
||||
|
||||
func (repo *UserRepo) MyUserMfas(ctx context.Context) ([]*model.MultiFactor, error) {
|
||||
func (repo *UserRepo) MyUserMFAs(ctx context.Context) ([]*model.MultiFactor, error) {
|
||||
user, err := repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if user.OTPState == model.MfaStateUnspecified {
|
||||
return []*model.MultiFactor{}, nil
|
||||
mfas := make([]*model.MultiFactor, 0)
|
||||
if user.OTPState != model.MFAStateUnspecified {
|
||||
mfas = append(mfas, &model.MultiFactor{Type: model.MFATypeOTP, State: user.OTPState})
|
||||
}
|
||||
return []*model.MultiFactor{{Type: model.MfaTypeOTP, State: user.OTPState}}, nil
|
||||
for _, u2f := range user.U2FTokens {
|
||||
mfas = append(mfas, &model.MultiFactor{Type: model.MFATypeU2F, State: u2f.State, Attribute: u2f.Name})
|
||||
}
|
||||
return mfas, nil
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddMfaOTP(ctx context.Context, userID string) (*model.OTP, error) {
|
||||
func (repo *UserRepo) AddMFAOTP(ctx context.Context, userID string) (*model.OTP, error) {
|
||||
accountName := ""
|
||||
user, err := repo.UserByID(ctx, userID)
|
||||
if err != nil {
|
||||
@@ -275,7 +279,7 @@ func (repo *UserRepo) AddMfaOTP(ctx context.Context, userID string) (*model.OTP,
|
||||
return repo.UserEvents.AddOTP(ctx, userID, accountName)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddMyMfaOTP(ctx context.Context) (*model.OTP, error) {
|
||||
func (repo *UserRepo) AddMyMFAOTP(ctx context.Context) (*model.OTP, error) {
|
||||
accountName := ""
|
||||
user, err := repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
@@ -286,18 +290,66 @@ func (repo *UserRepo) AddMyMfaOTP(ctx context.Context) (*model.OTP, error) {
|
||||
return repo.UserEvents.AddOTP(ctx, authz.GetCtxData(ctx).UserID, accountName)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyMfaOTPSetup(ctx context.Context, userID, code string) error {
|
||||
return repo.UserEvents.CheckMfaOTPSetup(ctx, userID, code)
|
||||
func (repo *UserRepo) VerifyMFAOTPSetup(ctx context.Context, userID, code string) error {
|
||||
return repo.UserEvents.CheckMFAOTPSetup(ctx, userID, code)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyMyMfaOTPSetup(ctx context.Context, code string) error {
|
||||
return repo.UserEvents.CheckMfaOTPSetup(ctx, authz.GetCtxData(ctx).UserID, code)
|
||||
func (repo *UserRepo) VerifyMyMFAOTPSetup(ctx context.Context, code string) error {
|
||||
return repo.UserEvents.CheckMFAOTPSetup(ctx, authz.GetCtxData(ctx).UserID, code)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RemoveMyMfaOTP(ctx context.Context) error {
|
||||
func (repo *UserRepo) RemoveMyMFAOTP(ctx context.Context) error {
|
||||
return repo.UserEvents.RemoveOTP(ctx, authz.GetCtxData(ctx).UserID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddMFAU2F(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
|
||||
return repo.UserEvents.AddU2F(ctx, userID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddMyMFAU2F(ctx context.Context) (*model.WebAuthNToken, error) {
|
||||
return repo.UserEvents.AddU2F(ctx, authz.GetCtxData(ctx).UserID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyMFAU2FSetup(ctx context.Context, userID, tokenName string, credentialData []byte) error {
|
||||
return repo.UserEvents.VerifyU2FSetup(ctx, userID, tokenName, credentialData)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyMyMFAU2FSetup(ctx context.Context, tokenName string, credentialData []byte) error {
|
||||
return repo.UserEvents.VerifyU2FSetup(ctx, authz.GetCtxData(ctx).UserID, tokenName, credentialData)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RemoveMFAU2F(ctx context.Context, userID, webAuthNTokenID string) error {
|
||||
return repo.UserEvents.RemoveU2FToken(ctx, userID, webAuthNTokenID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RemoveMyMFAU2F(ctx context.Context, webAuthNTokenID string) error {
|
||||
return repo.UserEvents.RemoveU2FToken(ctx, authz.GetCtxData(ctx).UserID, webAuthNTokenID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddPasswordless(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
|
||||
return repo.UserEvents.AddPasswordless(ctx, userID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) AddMyPasswordless(ctx context.Context) (*model.WebAuthNToken, error) {
|
||||
return repo.UserEvents.AddPasswordless(ctx, authz.GetCtxData(ctx).UserID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyPasswordlessSetup(ctx context.Context, userID, tokenName string, credentialData []byte) error {
|
||||
return repo.UserEvents.VerifyPasswordlessSetup(ctx, userID, tokenName, credentialData)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) VerifyMyPasswordlessSetup(ctx context.Context, tokenName string, credentialData []byte) error {
|
||||
return repo.UserEvents.VerifyPasswordlessSetup(ctx, authz.GetCtxData(ctx).UserID, tokenName, credentialData)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RemovePasswordless(ctx context.Context, userID, webAuthNTokenID string) error {
|
||||
return repo.UserEvents.RemovePasswordlessToken(ctx, userID, webAuthNTokenID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RemoveMyPasswordless(ctx context.Context, webAuthNTokenID string) error {
|
||||
return repo.UserEvents.RemovePasswordlessToken(ctx, authz.GetCtxData(ctx).UserID, webAuthNTokenID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) ChangeMyUsername(ctx context.Context, username string) error {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(ctxData.OrgID)
|
||||
@@ -327,8 +379,8 @@ func (repo *UserRepo) VerifyInitCode(ctx context.Context, userID, code, password
|
||||
return repo.UserEvents.VerifyInitCode(ctx, pwPolicyView, userID, code, password)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) SkipMfaInit(ctx context.Context, userID string) error {
|
||||
return repo.UserEvents.SkipMfaInit(ctx, userID)
|
||||
func (repo *UserRepo) SkipMFAInit(ctx context.Context, userID string) error {
|
||||
return repo.UserEvents.SkipMFAInit(ctx, userID)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RequestPasswordReset(ctx context.Context, loginname string) error {
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
org_view_model "github.com/caos/zitadel/internal/org/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/tracing"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
@@ -44,7 +44,7 @@ func (repo *UserGrantRepo) SearchMyUserGrants(ctx context.Context, request *gran
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
@@ -20,3 +20,8 @@ func (repo *UserSessionRepo) GetMyUserSessions(ctx context.Context) ([]*usr_mode
|
||||
}
|
||||
return model.UserSessionsToModel(userSessions), nil
|
||||
}
|
||||
|
||||
func (repo *UserSessionRepo) ActiveUserSessionCount() int64 {
|
||||
userSessions, _ := repo.View.ActiveUserSessions()
|
||||
return int64(len(userSessions))
|
||||
}
|
||||
|
||||
@@ -22,12 +22,12 @@ const (
|
||||
applicationTable = "auth.applications"
|
||||
)
|
||||
|
||||
func (p *Application) ViewModel() string {
|
||||
func (a *Application) ViewModel() string {
|
||||
return applicationTable
|
||||
}
|
||||
|
||||
func (p *Application) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := p.view.GetLatestApplicationSequence()
|
||||
func (a *Application) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := a.view.GetLatestApplicationSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -65,33 +65,37 @@ func (a *Application) Reduce(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return a.view.DeleteApplication(app.ID, event.Sequence)
|
||||
return a.view.DeleteApplication(app.ID, event.Sequence, event.CreationDate)
|
||||
case es_model.ProjectChanged:
|
||||
apps, err := a.view.ApplicationsByProjectID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(apps) == 0 {
|
||||
return a.view.ProcessedApplicationSequence(event.Sequence)
|
||||
return a.view.ProcessedApplicationSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
for _, app := range apps {
|
||||
if err := app.AppendEvent(event); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return a.view.PutApplications(apps, event.Sequence)
|
||||
return a.view.PutApplications(apps, event.Sequence, event.CreationDate)
|
||||
case es_model.ProjectRemoved:
|
||||
return a.view.DeleteApplicationsByProjectID(event.AggregateID)
|
||||
default:
|
||||
return a.view.ProcessedApplicationSequence(event.Sequence)
|
||||
return a.view.ProcessedApplicationSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return a.view.PutApplication(app)
|
||||
return a.view.PutApplication(app, event.CreationDate)
|
||||
}
|
||||
|
||||
func (p *Application) OnError(event *models.Event, spoolerError error) error {
|
||||
func (a *Application) OnError(event *models.Event, spoolerError error) error {
|
||||
logging.LogWithFields("SPOOL-ls9ew", "id", event.AggregateID).WithError(spoolerError).Warn("something went wrong in project app handler")
|
||||
return spooler.HandleError(event, spoolerError, p.view.GetLatestApplicationFailedEvent, p.view.ProcessedApplicationFailedEvent, p.view.ProcessedApplicationSequence, p.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, spoolerError, a.view.GetLatestApplicationFailedEvent, a.view.ProcessedApplicationFailedEvent, a.view.ProcessedApplicationSequence, a.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (a *Application) OnSuccess() error {
|
||||
return spooler.HandleSuccess(a.view.UpdateApplicationSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -19,12 +19,12 @@ const (
|
||||
idpConfigTable = "auth.idp_configs"
|
||||
)
|
||||
|
||||
func (m *IDPConfig) ViewModel() string {
|
||||
func (i *IDPConfig) ViewModel() string {
|
||||
return idpConfigTable
|
||||
}
|
||||
|
||||
func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPConfigSequence()
|
||||
func (i *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := i.view.GetLatestIDPConfigSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -33,17 +33,17 @@ func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPConfig) Reduce(event *models.Event) (err error) {
|
||||
func (i *IDPConfig) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate:
|
||||
err = m.processIdpConfig(iam_model.IDPProviderTypeOrg, event)
|
||||
err = i.processIdpConfig(iam_model.IDPProviderTypeOrg, event)
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = m.processIdpConfig(iam_model.IDPProviderTypeSystem, event)
|
||||
err = i.processIdpConfig(iam_model.IDPProviderTypeSystem, event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *models.Event) (err error) {
|
||||
func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *models.Event) (err error) {
|
||||
idp := new(iam_view_model.IDPConfigView)
|
||||
switch event.Type {
|
||||
case model.IDPConfigAdded,
|
||||
@@ -56,7 +56,7 @@ func (m *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
idp, err = m.view.IDPConfigByID(idp.IDPConfigID)
|
||||
idp, err = i.view.IDPConfigByID(idp.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -66,17 +66,21 @@ func (m *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence)
|
||||
return i.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedIDPConfigSequence(event.Sequence)
|
||||
return i.view.ProcessedIDPConfigSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPConfig(idp, idp.Sequence)
|
||||
return i.view.PutIDPConfig(idp, idp.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *IDPConfig) OnError(event *models.Event, err error) error {
|
||||
func (i *IDPConfig) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Ejf8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPConfigFailedEvent, m.view.ProcessedIDPConfigFailedEvent, m.view.ProcessedIDPConfigSequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, i.view.GetLatestIDPConfigFailedEvent, i.view.ProcessedIDPConfigFailedEvent, i.view.ProcessedIDPConfigSequence, i.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (i *IDPConfig) OnSuccess() error {
|
||||
return spooler.HandleSuccess(i.view.UpdateIDPConfigSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -27,12 +27,12 @@ const (
|
||||
idpProviderTable = "auth.idp_providers"
|
||||
)
|
||||
|
||||
func (m *IDPProvider) ViewModel() string {
|
||||
func (i *IDPProvider) ViewModel() string {
|
||||
return idpProviderTable
|
||||
}
|
||||
|
||||
func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPProviderSequence()
|
||||
func (i *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := i.view.GetLatestIDPProviderSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -41,15 +41,15 @@ func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) Reduce(event *models.Event) (err error) {
|
||||
func (i *IDPProvider) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate, org_es_model.OrgAggregate:
|
||||
err = m.processIdpProvider(event)
|
||||
err = i.processIdpProvider(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
provider := new(iam_view_model.IDPProviderView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
|
||||
@@ -57,71 +57,75 @@ func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = m.fillData(provider)
|
||||
err = i.fillData(provider)
|
||||
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
|
||||
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
|
||||
err = provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence)
|
||||
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence, event.CreationDate)
|
||||
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
esConfig := new(iam_view_model.IDPConfigView)
|
||||
providerType := iam_model.IDPProviderTypeSystem
|
||||
if event.AggregateID != m.systemDefaults.IamID {
|
||||
if event.AggregateID != i.systemDefaults.IamID {
|
||||
providerType = iam_model.IDPProviderTypeOrg
|
||||
}
|
||||
esConfig.AppendEvent(providerType, event)
|
||||
providers, err := m.view.IDPProvidersByIDPConfigID(esConfig.IDPConfigID)
|
||||
providers, err := i.view.IDPProvidersByIDPConfigID(esConfig.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config := new(iam_model.IDPConfig)
|
||||
if event.AggregateID == m.systemDefaults.IamID {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), event.AggregateID, esConfig.IDPConfigID)
|
||||
if event.AggregateID == i.systemDefaults.IamID {
|
||||
config, err = i.iamEvents.GetIDPConfig(context.Background(), event.AggregateID, esConfig.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), event.AggregateID, esConfig.IDPConfigID)
|
||||
config, err = i.orgEvents.GetIDPConfig(context.Background(), event.AggregateID, esConfig.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, provider := range providers {
|
||||
m.fillConfigData(provider, config)
|
||||
i.fillConfigData(provider, config)
|
||||
}
|
||||
return m.view.PutIDPProviders(event.Sequence, providers...)
|
||||
return i.view.PutIDPProviders(event.Sequence, event.CreationDate, providers...)
|
||||
case org_es_model.LoginPolicyRemoved:
|
||||
return m.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event.Sequence)
|
||||
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedIDPProviderSequence(event.Sequence)
|
||||
return i.view.ProcessedIDPProviderSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPProvider(provider, provider.Sequence)
|
||||
return i.view.PutIDPProvider(provider, provider.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
|
||||
func (i *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
|
||||
var config *iam_model.IDPConfig
|
||||
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, provider.IDPConfigID)
|
||||
config, err = i.iamEvents.GetIDPConfig(context.Background(), i.systemDefaults.IamID, provider.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
config, err = i.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
m.fillConfigData(provider, config)
|
||||
i.fillConfigData(provider, config)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
|
||||
func (i *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
|
||||
provider.Name = config.Name
|
||||
provider.StylingType = int32(config.StylingType)
|
||||
provider.IDPConfigType = int32(config.Type)
|
||||
provider.IDPState = int32(config.State)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) OnError(event *models.Event, err error) error {
|
||||
func (i *IDPProvider) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Fjd89", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPProviderFailedEvent, m.view.ProcessedIDPProviderFailedEvent, m.view.ProcessedIDPProviderSequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, i.view.GetLatestIDPProviderFailedEvent, i.view.ProcessedIDPProviderFailedEvent, i.view.ProcessedIDPProviderSequence, i.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (i *IDPProvider) OnSuccess() error {
|
||||
return spooler.HandleSuccess(i.view.UpdateIDPProviderSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -41,11 +41,11 @@ func (k *Key) Reduce(event *models.Event) error {
|
||||
return err
|
||||
}
|
||||
if privateKey.Expiry.Before(time.Now()) && publicKey.Expiry.Before(time.Now()) {
|
||||
return k.view.ProcessedKeySequence(event.Sequence)
|
||||
return k.view.ProcessedKeySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
return k.view.PutKeys(privateKey, publicKey, event.Sequence)
|
||||
return k.view.PutKeys(privateKey, publicKey, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return k.view.ProcessedKeySequence(event.Sequence)
|
||||
return k.view.ProcessedKeySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,3 +53,9 @@ func (k *Key) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-GHa3a", "id", event.AggregateID).WithError(err).Warn("something went wrong in key handler")
|
||||
return spooler.HandleError(event, err, k.view.GetLatestKeyFailedEvent, k.view.ProcessedKeyFailedEvent, k.view.ProcessedKeySequence, k.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (k *Key) OnSuccess() error {
|
||||
err := spooler.HandleSuccess(k.view.UpdateKeySpoolerRunTimestamp)
|
||||
logging.LogWithFields("SPOOL-vM9sd", "table", keyTable).OnError(err).Warn("could not process on success func")
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -19,12 +19,12 @@ const (
|
||||
loginPolicyTable = "auth.login_policies"
|
||||
)
|
||||
|
||||
func (m *LoginPolicy) ViewModel() string {
|
||||
func (p *LoginPolicy) ViewModel() string {
|
||||
return loginPolicyTable
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestLoginPolicySequence()
|
||||
func (p *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := p.view.GetLatestLoginPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -33,15 +33,15 @@ func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) Reduce(event *models.Event) (err error) {
|
||||
func (p *LoginPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate, iam_es_model.IAMAggregate:
|
||||
err = m.processLoginPolicy(event)
|
||||
err = p.processLoginPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
func (p *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.LoginPolicyView)
|
||||
switch event.Type {
|
||||
case iam_es_model.LoginPolicyAdded, model.LoginPolicyAdded:
|
||||
@@ -51,23 +51,27 @@ func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
iam_es_model.LoginPolicySecondFactorRemoved, model.LoginPolicySecondFactorRemoved,
|
||||
iam_es_model.LoginPolicyMultiFactorAdded, model.LoginPolicyMultiFactorAdded,
|
||||
iam_es_model.LoginPolicyMultiFactorRemoved, model.LoginPolicyMultiFactorRemoved:
|
||||
policy, err = m.view.LoginPolicyByAggregateID(event.AggregateID)
|
||||
policy, err = p.view.LoginPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
case model.LoginPolicyRemoved:
|
||||
return m.view.DeleteLoginPolicy(event.AggregateID, event.Sequence)
|
||||
return p.view.DeleteLoginPolicy(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedLoginPolicySequence(event.Sequence)
|
||||
return p.view.ProcessedLoginPolicySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutLoginPolicy(policy, policy.Sequence)
|
||||
return p.view.PutLoginPolicy(policy, policy.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) OnError(event *models.Event, err error) error {
|
||||
func (p *LoginPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-5id9s", "id", event.AggregateID).WithError(err).Warn("something went wrong in login policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestLoginPolicyFailedEvent, m.view.ProcessedLoginPolicyFailedEvent, m.view.ProcessedLoginPolicySequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, p.view.GetLatestLoginPolicyFailedEvent, p.view.ProcessedLoginPolicyFailedEvent, p.view.ProcessedLoginPolicySequence, p.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) OnSuccess() error {
|
||||
return spooler.HandleSuccess(p.view.UpdateLoginPolicySpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -48,26 +48,30 @@ func (d *MachineKeys) processMachineKeys(event *models.Event) (err error) {
|
||||
case model.MachineKeyAdded:
|
||||
err = key.AppendEvent(event)
|
||||
if key.ExpirationDate.Before(time.Now()) {
|
||||
return d.view.ProcessedMachineKeySequence(event.Sequence)
|
||||
return d.view.ProcessedMachineKeySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
case model.MachineKeyRemoved:
|
||||
err = key.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return d.view.DeleteMachineKey(key.ID, event.Sequence)
|
||||
return d.view.DeleteMachineKey(key.ID, event.Sequence, event.CreationDate)
|
||||
case model.UserRemoved:
|
||||
return d.view.DeleteMachineKeysByUserID(event.AggregateID, event.Sequence)
|
||||
return d.view.DeleteMachineKeysByUserID(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return d.view.ProcessedMachineKeySequence(event.Sequence)
|
||||
return d.view.ProcessedMachineKeySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return d.view.PutMachineKey(key, key.Sequence)
|
||||
return d.view.PutMachineKey(key, key.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (d *MachineKeys) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-S9fe", "id", event.AggregateID).WithError(err).Warn("something went wrong in machine key handler")
|
||||
return spooler.HandleError(event, err, d.view.GetLatestMachineKeyFailedEvent, d.view.ProcessedMachineKeyFailedEvent, d.view.ProcessedMachineKeySequence, d.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (d *MachineKeys) OnSuccess() error {
|
||||
return spooler.HandleSuccess(d.view.UpdateMachineKeySpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -58,16 +58,20 @@ func (o *Org) Reduce(event *es_models.Event) (err error) {
|
||||
}
|
||||
org.Domain = domain.Domain
|
||||
default:
|
||||
return o.view.ProcessedOrgSequence(event.Sequence)
|
||||
return o.view.ProcessedOrgSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return o.view.PutOrg(org)
|
||||
return o.view.PutOrg(org, event.CreationDate)
|
||||
}
|
||||
|
||||
func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {
|
||||
logging.LogWithFields("SPOOL-8siWS", "id", event.AggregateID).WithError(spoolerErr).Warn("something went wrong in org handler")
|
||||
return spooler.HandleError(event, spoolerErr, o.view.GetLatestOrgFailedEvent, o.view.ProcessedOrgFailedEvent, o.view.ProcessedOrgSequence, o.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (o *Org) OnSuccess() error {
|
||||
return spooler.HandleSuccess(o.view.UpdateOrgSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -19,12 +19,12 @@ const (
|
||||
orgIAMPolicyTable = "auth.org_iam_policies"
|
||||
)
|
||||
|
||||
func (m *OrgIAMPolicy) ViewModel() string {
|
||||
func (p *OrgIAMPolicy) ViewModel() string {
|
||||
return orgIAMPolicyTable
|
||||
}
|
||||
|
||||
func (m *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestOrgIAMPolicySequence()
|
||||
func (p *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := p.view.GetLatestOrgIAMPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -33,37 +33,41 @@ func (m *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
|
||||
func (p *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate, iam_es_model.IAMAggregate:
|
||||
err = m.processOrgIAMPolicy(event)
|
||||
err = p.processOrgIAMPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
|
||||
func (p *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.OrgIAMPolicyView)
|
||||
switch event.Type {
|
||||
case iam_es_model.OrgIAMPolicyAdded, model.OrgIAMPolicyAdded:
|
||||
err = policy.AppendEvent(event)
|
||||
case iam_es_model.OrgIAMPolicyChanged, model.OrgIAMPolicyChanged:
|
||||
policy, err = m.view.OrgIAMPolicyByAggregateID(event.AggregateID)
|
||||
policy, err = p.view.OrgIAMPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
case model.OrgIAMPolicyRemoved:
|
||||
return m.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence)
|
||||
return p.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedOrgIAMPolicySequence(event.Sequence)
|
||||
return p.view.ProcessedOrgIAMPolicySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutOrgIAMPolicy(policy, policy.Sequence)
|
||||
return p.view.PutOrgIAMPolicy(policy, policy.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *OrgIAMPolicy) OnError(event *models.Event, err error) error {
|
||||
func (p *OrgIAMPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-3Gj8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgIAM policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicySequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, p.view.GetLatestOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicySequence, p.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (p *OrgIAMPolicy) OnSuccess() error {
|
||||
return spooler.HandleSuccess(p.view.UpdateOrgIAMPolicySpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -19,12 +19,12 @@ const (
|
||||
passwordComplexityPolicyTable = "auth.password_complexity_policies"
|
||||
)
|
||||
|
||||
func (m *PasswordComplexityPolicy) ViewModel() string {
|
||||
func (p *PasswordComplexityPolicy) ViewModel() string {
|
||||
return passwordComplexityPolicyTable
|
||||
}
|
||||
|
||||
func (m *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestPasswordComplexityPolicySequence()
|
||||
func (p *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -33,37 +33,41 @@ func (m *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *PasswordComplexityPolicy) Reduce(event *models.Event) (err error) {
|
||||
func (p *PasswordComplexityPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate, iam_es_model.IAMAggregate:
|
||||
err = m.processPasswordComplexityPolicy(event)
|
||||
err = p.processPasswordComplexityPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models.Event) (err error) {
|
||||
func (p *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.PasswordComplexityPolicyView)
|
||||
switch event.Type {
|
||||
case iam_es_model.PasswordComplexityPolicyAdded, model.PasswordComplexityPolicyAdded:
|
||||
err = policy.AppendEvent(event)
|
||||
case iam_es_model.PasswordComplexityPolicyChanged, model.PasswordComplexityPolicyChanged:
|
||||
policy, err = m.view.PasswordComplexityPolicyByAggregateID(event.AggregateID)
|
||||
policy, err = p.view.PasswordComplexityPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
case model.PasswordComplexityPolicyRemoved:
|
||||
return m.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence)
|
||||
return p.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedPasswordComplexityPolicySequence(event.Sequence)
|
||||
return p.view.ProcessedPasswordComplexityPolicySequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutPasswordComplexityPolicy(policy, policy.Sequence)
|
||||
return p.view.PutPasswordComplexityPolicy(policy, policy.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {
|
||||
func (p *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-4Djo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordComplexity policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicySequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, p.view.GetLatestPasswordComplexityPolicyFailedEvent, p.view.ProcessedPasswordComplexityPolicyFailedEvent, p.view.ProcessedPasswordComplexityPolicySequence, p.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (p *PasswordComplexityPolicy) OnSuccess() error {
|
||||
return spooler.HandleSuccess(p.view.UpdatePasswordComplexityPolicySpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -52,19 +52,23 @@ func (p *ProjectRole) Reduce(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event.Sequence)
|
||||
return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event.Sequence, event.CreationDate)
|
||||
case es_model.ProjectRemoved:
|
||||
return p.view.DeleteProjectRolesByProjectID(event.AggregateID)
|
||||
default:
|
||||
return p.view.ProcessedProjectRoleSequence(event.Sequence)
|
||||
return p.view.ProcessedProjectRoleSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return p.view.PutProjectRole(role)
|
||||
return p.view.PutProjectRole(role, event.CreationDate)
|
||||
}
|
||||
|
||||
func (p *ProjectRole) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler")
|
||||
return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (p *ProjectRole) OnSuccess() error {
|
||||
return spooler.HandleSuccess(p.view.UpdateProjectRoleSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ func (t *Token) Reduce(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return t.view.PutToken(token)
|
||||
return t.view.PutToken(token, event.CreationDate)
|
||||
case user_es_model.UserProfileChanged,
|
||||
user_es_model.HumanProfileChanged:
|
||||
user := new(view_model.UserView)
|
||||
@@ -61,25 +61,25 @@ func (t *Token) Reduce(event *models.Event) (err error) {
|
||||
for _, token := range tokens {
|
||||
token.PreferredLanguage = user.PreferredLanguage
|
||||
}
|
||||
return t.view.PutTokens(tokens, event.Sequence)
|
||||
return t.view.PutTokens(tokens, event.Sequence, event.CreationDate)
|
||||
case user_es_model.SignedOut,
|
||||
user_es_model.HumanSignedOut:
|
||||
id, err := agentIDFromSession(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return t.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
|
||||
return t.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence, event.CreationDate)
|
||||
case user_es_model.UserLocked,
|
||||
user_es_model.UserDeactivated,
|
||||
user_es_model.UserRemoved:
|
||||
return t.view.DeleteUserTokens(event.AggregateID, event.Sequence)
|
||||
return t.view.DeleteUserTokens(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
case project_es_model.ApplicationDeactivated,
|
||||
project_es_model.ApplicationRemoved:
|
||||
application, err := applicationFromSession(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return t.view.DeleteApplicationTokens(event.Sequence, application.AppID)
|
||||
return t.view.DeleteApplicationTokens(event.Sequence, event.CreationDate, application.AppID)
|
||||
case project_es_model.ProjectDeactivated,
|
||||
project_es_model.ProjectRemoved:
|
||||
project, err := t.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
|
||||
@@ -90,9 +90,9 @@ func (t *Token) Reduce(event *models.Event) (err error) {
|
||||
for _, app := range project.Applications {
|
||||
applicationsIDs = append(applicationsIDs, app.AppID)
|
||||
}
|
||||
return t.view.DeleteApplicationTokens(event.Sequence, applicationsIDs...)
|
||||
return t.view.DeleteApplicationTokens(event.Sequence, event.CreationDate, applicationsIDs...)
|
||||
default:
|
||||
return t.view.ProcessedTokenSequence(event.Sequence)
|
||||
return t.view.ProcessedTokenSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -118,3 +118,7 @@ func applicationFromSession(event *models.Event) (*project_es_model.Application,
|
||||
}
|
||||
return application, nil
|
||||
}
|
||||
|
||||
func (t *Token) OnSuccess() error {
|
||||
return spooler.HandleSuccess(t.view.UpdateTokenSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -67,7 +67,7 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.fillLoginNames(user)
|
||||
err = u.fillLoginNames(user)
|
||||
case es_model.UserProfileChanged,
|
||||
es_model.UserEmailChanged,
|
||||
es_model.UserEmailVerified,
|
||||
@@ -94,6 +94,12 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
|
||||
es_model.HumanMFAOTPAdded,
|
||||
es_model.HumanMFAOTPVerified,
|
||||
es_model.HumanMFAOTPRemoved,
|
||||
es_model.HumanMFAU2FTokenAdded,
|
||||
es_model.HumanMFAU2FTokenVerified,
|
||||
es_model.HumanMFAU2FTokenRemoved,
|
||||
es_model.HumanPasswordlessTokenAdded,
|
||||
es_model.HumanPasswordlessTokenVerified,
|
||||
es_model.HumanPasswordlessTokenRemoved,
|
||||
es_model.HumanMFAInitSkipped,
|
||||
es_model.MachineChanged,
|
||||
es_model.HumanPasswordChanged:
|
||||
@@ -114,14 +120,14 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
|
||||
}
|
||||
err = u.fillLoginNames(user)
|
||||
case es_model.UserRemoved:
|
||||
return u.view.DeleteUser(event.AggregateID, event.Sequence)
|
||||
return u.view.DeleteUser(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserSequence(event.Sequence)
|
||||
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.PutUser(user, user.Sequence)
|
||||
return u.view.PutUser(user, user.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
@@ -152,7 +158,7 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
default:
|
||||
return u.view.ProcessedUserSequence(event.Sequence)
|
||||
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -175,7 +181,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
for _, user := range users {
|
||||
user.SetLoginNames(policy, org.Domains)
|
||||
}
|
||||
return u.view.PutUsers(users, event.Sequence)
|
||||
return u.view.PutUsers(users, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
@@ -200,10 +206,14 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
for _, user := range users {
|
||||
user.PreferredLoginName = user.GenerateLoginName(org.GetPrimaryDomain().Domain, policy.UserLoginMustBeDomain)
|
||||
}
|
||||
return u.view.PutUsers(users, 0)
|
||||
return u.view.PutUsers(users, 0, event.CreationDate)
|
||||
}
|
||||
|
||||
func (u *User) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-is8aAWima", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
|
||||
return spooler.HandleError(event, err, u.view.GetLatestUserFailedEvent, u.view.ProcessedUserFailedEvent, u.view.ProcessedUserSequence, u.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (u *User) OnSuccess() error {
|
||||
return spooler.HandleSuccess(u.view.UpdateUserSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -29,12 +29,12 @@ const (
|
||||
externalIDPTable = "auth.user_external_idps"
|
||||
)
|
||||
|
||||
func (m *ExternalIDP) ViewModel() string {
|
||||
func (i *ExternalIDP) ViewModel() string {
|
||||
return externalIDPTable
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestExternalIDPSequence()
|
||||
func (i *ExternalIDP) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := i.view.GetLatestExternalIDPSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -43,17 +43,17 @@ func (m *ExternalIDP) EventQuery() (*models.SearchQuery, error) {
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) Reduce(event *models.Event) (err error) {
|
||||
func (i *ExternalIDP) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.UserAggregate:
|
||||
err = m.processUser(event)
|
||||
err = i.processUser(event)
|
||||
case iam_es_model.IAMAggregate, org_es_model.OrgAggregate:
|
||||
err = m.processIdpConfig(event)
|
||||
err = i.processIdpConfig(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) processUser(event *models.Event) (err error) {
|
||||
func (i *ExternalIDP) processUser(event *models.Event) (err error) {
|
||||
externalIDP := new(usr_view_model.ExternalIDPView)
|
||||
switch event.Type {
|
||||
case model.HumanExternalIDPAdded:
|
||||
@@ -61,25 +61,25 @@ func (m *ExternalIDP) processUser(event *models.Event) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = m.fillData(externalIDP)
|
||||
err = i.fillData(externalIDP)
|
||||
case model.HumanExternalIDPRemoved, model.HumanExternalIDPCascadeRemoved:
|
||||
err = externalIDP.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event.Sequence)
|
||||
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event.Sequence, event.CreationDate)
|
||||
case model.UserRemoved:
|
||||
return m.view.DeleteExternalIDPsByUserID(event.AggregateID, event.Sequence)
|
||||
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedExternalIDPSequence(event.Sequence)
|
||||
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutExternalIDP(externalIDP, externalIDP.Sequence)
|
||||
return i.view.PutExternalIDP(externalIDP, externalIDP.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
|
||||
func (i *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case iam_es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
configView := new(iam_view_model.IDPConfigView)
|
||||
@@ -89,45 +89,49 @@ func (m *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
|
||||
} else {
|
||||
configView.AppendEvent(iam_model.IDPProviderTypeOrg, event)
|
||||
}
|
||||
exterinalIDPs, err := m.view.ExternalIDPsByIDPConfigID(configView.IDPConfigID)
|
||||
exterinalIDPs, err := i.view.ExternalIDPsByIDPConfigID(configView.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if event.AggregateType == iam_es_model.IAMAggregate {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), event.AggregateID, configView.IDPConfigID)
|
||||
config, err = i.iamEvents.GetIDPConfig(context.Background(), event.AggregateID, configView.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), event.AggregateID, configView.IDPConfigID)
|
||||
config, err = i.orgEvents.GetIDPConfig(context.Background(), event.AggregateID, configView.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, provider := range exterinalIDPs {
|
||||
m.fillConfigData(provider, config)
|
||||
i.fillConfigData(provider, config)
|
||||
}
|
||||
return m.view.PutExternalIDPs(event.Sequence, exterinalIDPs...)
|
||||
return i.view.PutExternalIDPs(event.Sequence, event.CreationDate, exterinalIDPs...)
|
||||
default:
|
||||
return m.view.ProcessedExternalIDPSequence(event.Sequence)
|
||||
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) fillData(externalIDP *usr_view_model.ExternalIDPView) error {
|
||||
config, err := m.orgEvents.GetIDPConfig(context.Background(), externalIDP.ResourceOwner, externalIDP.IDPConfigID)
|
||||
func (i *ExternalIDP) fillData(externalIDP *usr_view_model.ExternalIDPView) error {
|
||||
config, err := i.orgEvents.GetIDPConfig(context.Background(), externalIDP.ResourceOwner, externalIDP.IDPConfigID)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, externalIDP.IDPConfigID)
|
||||
config, err = i.iamEvents.GetIDPConfig(context.Background(), i.systemDefaults.IamID, externalIDP.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
m.fillConfigData(externalIDP, config)
|
||||
i.fillConfigData(externalIDP, config)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) fillConfigData(externalIDP *usr_view_model.ExternalIDPView, config *iam_model.IDPConfig) {
|
||||
func (i *ExternalIDP) fillConfigData(externalIDP *usr_view_model.ExternalIDPView, config *iam_model.IDPConfig) {
|
||||
externalIDP.IDPName = config.Name
|
||||
}
|
||||
|
||||
func (m *ExternalIDP) OnError(event *models.Event, err error) error {
|
||||
func (i *ExternalIDP) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-4Rsu8", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestExternalIDPFailedEvent, m.view.ProcessedExternalIDPFailedEvent, m.view.ProcessedExternalIDPSequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, i.view.GetLatestExternalIDPFailedEvent, i.view.ProcessedExternalIDPFailedEvent, i.view.ProcessedExternalIDPSequence, i.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (i *ExternalIDP) OnSuccess() error {
|
||||
return spooler.HandleSuccess(i.view.UpdateExternalIDPSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -97,14 +97,14 @@ func (u *UserGrant) processUserGrant(event *models.Event) (err error) {
|
||||
}
|
||||
err = grant.AppendEvent(event)
|
||||
case grant_es_model.UserGrantRemoved, grant_es_model.UserGrantCascadeRemoved:
|
||||
return u.view.DeleteUserGrant(event.AggregateID, event.Sequence)
|
||||
return u.view.DeleteUserGrant(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.PutUserGrant(grant, grant.Sequence)
|
||||
return u.view.PutUserGrant(grant, grant.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (u *UserGrant) processUser(event *models.Event) (err error) {
|
||||
@@ -119,7 +119,7 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
|
||||
return err
|
||||
}
|
||||
if len(grants) == 0 {
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
user, err := u.userEvents.UserByID(context.Background(), event.AggregateID)
|
||||
if err != nil {
|
||||
@@ -128,9 +128,9 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
|
||||
for _, grant := range grants {
|
||||
u.fillUserData(grant, user)
|
||||
}
|
||||
return u.view.PutUserGrants(grants, event.Sequence)
|
||||
return u.view.PutUserGrants(grants, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -148,7 +148,7 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
|
||||
for _, grant := range grants {
|
||||
u.fillProjectData(grant, project)
|
||||
}
|
||||
return u.view.PutUserGrants(grants, event.Sequence)
|
||||
return u.view.PutUserGrants(grants, event.Sequence, event.CreationDate)
|
||||
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectMemberRemoved:
|
||||
member := new(proj_es_model.ProjectMember)
|
||||
member.SetData(event)
|
||||
@@ -158,7 +158,7 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
|
||||
member.SetData(event)
|
||||
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -169,7 +169,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
||||
member.SetData(event)
|
||||
return u.processMember(event, "ORG", "", member.UserID, member.Roles)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -207,16 +207,16 @@ func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suf
|
||||
}
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, grant.Sequence)
|
||||
return u.view.PutUserGrant(grant, grant.Sequence, event.CreationDate)
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
member.SetData(event)
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.DeleteUserGrant(grant.ID, event.Sequence)
|
||||
return u.view.DeleteUserGrant(grant.ID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -252,7 +252,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
|
||||
}
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, event.Sequence)
|
||||
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
|
||||
case org_es_model.OrgMemberRemoved,
|
||||
proj_es_model.ProjectMemberRemoved,
|
||||
proj_es_model.ProjectGrantMemberRemoved:
|
||||
@@ -262,18 +262,18 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
|
||||
return err
|
||||
}
|
||||
if errors.IsNotFound(err) {
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if roleSuffix != "" {
|
||||
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
||||
}
|
||||
if grant.RoleKeys == nil {
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
|
||||
return u.view.PutUserGrant(grant, event.Sequence)
|
||||
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -367,3 +367,7 @@ func (u *UserGrant) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-UZmc7", "id", event.AggregateID).WithError(err).Warn("something went wrong in user grant handler")
|
||||
return spooler.HandleError(event, err, u.view.GetLatestUserGrantFailedEvent, u.view.ProcessedUserGrantFailedEvent, u.view.ProcessedUserGrantSequence, u.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (u *UserGrant) OnSuccess() error {
|
||||
return spooler.HandleSuccess(u.view.UpdateUserGrantSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -74,14 +74,14 @@ func (m *UserMembership) processIam(event *models.Event) (err error) {
|
||||
}
|
||||
err = member.AppendEvent(event)
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event.Sequence)
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence)
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutUserMembership(member, event.Sequence)
|
||||
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *UserMembership) fillIamDisplayName(member *usr_es_model.UserMembershipView) {
|
||||
@@ -105,16 +105,16 @@ func (m *UserMembership) processOrg(event *models.Event) (err error) {
|
||||
}
|
||||
err = member.AppendEvent(event)
|
||||
case org_es_model.OrgMemberRemoved:
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event.Sequence)
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event.Sequence, event.CreationDate)
|
||||
case org_es_model.OrgChanged:
|
||||
return m.updateOrgName(event)
|
||||
default:
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence)
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutUserMembership(member, event.Sequence)
|
||||
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *UserMembership) fillOrgName(member *usr_es_model.UserMembershipView) (err error) {
|
||||
@@ -145,7 +145,7 @@ func (m *UserMembership) updateOrgName(event *models.Event) error {
|
||||
membership.DisplayName = org.Name
|
||||
}
|
||||
}
|
||||
return m.view.BulkPutUserMemberships(memberships, event.Sequence)
|
||||
return m.view.BulkPutUserMemberships(memberships, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *UserMembership) processProject(event *models.Event) (err error) {
|
||||
@@ -168,7 +168,7 @@ func (m *UserMembership) processProject(event *models.Event) (err error) {
|
||||
}
|
||||
err = member.AppendEvent(event)
|
||||
case proj_es_model.ProjectMemberRemoved:
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event.Sequence)
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event.Sequence, event.CreationDate)
|
||||
case proj_es_model.ProjectGrantMemberChanged:
|
||||
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant)
|
||||
if err != nil {
|
||||
@@ -176,20 +176,20 @@ func (m *UserMembership) processProject(event *models.Event) (err error) {
|
||||
}
|
||||
err = member.AppendEvent(event)
|
||||
case proj_es_model.ProjectGrantMemberRemoved:
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event.Sequence)
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event.Sequence, event.CreationDate)
|
||||
case proj_es_model.ProjectChanged:
|
||||
return m.updateProjectDisplayName(event)
|
||||
case proj_es_model.ProjectRemoved:
|
||||
return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event.Sequence)
|
||||
return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
case proj_es_model.ProjectGrantRemoved:
|
||||
return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event.Sequence)
|
||||
return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence)
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutUserMembership(member, event.Sequence)
|
||||
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *UserMembership) fillProjectDisplayName(member *usr_es_model.UserMembershipView) (err error) {
|
||||
@@ -214,15 +214,15 @@ func (m *UserMembership) updateProjectDisplayName(event *models.Event) error {
|
||||
for _, membership := range memberships {
|
||||
membership.DisplayName = project.Name
|
||||
}
|
||||
return m.view.BulkPutUserMemberships(memberships, event.Sequence)
|
||||
return m.view.BulkPutUserMemberships(memberships, event.Sequence, event.CreationDate)
|
||||
}
|
||||
|
||||
func (m *UserMembership) processUser(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case model.UserRemoved:
|
||||
return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event.Sequence)
|
||||
return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence)
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -230,3 +230,7 @@ func (m *UserMembership) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Ms3fj", "id", event.AggregateID).WithError(err).Warn("something went wrong in user membership handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestUserMembershipFailedEvent, m.view.ProcessedUserMembershipFailedEvent, m.view.ProcessedUserMembershipSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (m *UserMembership) OnSuccess() error {
|
||||
return spooler.HandleSuccess(m.view.UpdateUserMembershipSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
@@ -48,6 +48,10 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
|
||||
es_model.HumanExternalLoginCheckSucceeded,
|
||||
es_model.HumanMFAOTPCheckSucceeded,
|
||||
es_model.HumanMFAOTPCheckFailed,
|
||||
es_model.HumanMFAU2FTokenCheckSucceeded,
|
||||
es_model.HumanMFAU2FTokenCheckFailed,
|
||||
es_model.HumanPasswordlessTokenCheckSucceeded,
|
||||
es_model.HumanPasswordlessTokenCheckFailed,
|
||||
es_model.HumanSignedOut:
|
||||
eventData, err := view_model.UserSessionFromEvent(event)
|
||||
if err != nil {
|
||||
@@ -78,13 +82,15 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
|
||||
es_model.DomainClaimed,
|
||||
es_model.UserUserNameChanged,
|
||||
es_model.HumanExternalIDPRemoved,
|
||||
es_model.HumanExternalIDPCascadeRemoved:
|
||||
es_model.HumanExternalIDPCascadeRemoved,
|
||||
es_model.HumanPasswordlessTokenRemoved,
|
||||
es_model.HumanMFAU2FTokenRemoved:
|
||||
sessions, err := u.view.UserSessionsByUserID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(sessions) == 0 {
|
||||
return u.view.ProcessedUserSessionSequence(event.Sequence)
|
||||
return u.view.ProcessedUserSessionSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
for _, session := range sessions {
|
||||
session.AppendEvent(event)
|
||||
@@ -92,11 +98,11 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return u.view.PutUserSessions(sessions, event.Sequence)
|
||||
return u.view.PutUserSessions(sessions, event.Sequence, event.CreationDate)
|
||||
case es_model.UserRemoved:
|
||||
return u.view.DeleteUserSessions(event.AggregateID, event.Sequence)
|
||||
return u.view.DeleteUserSessions(event.AggregateID, event.Sequence, event.CreationDate)
|
||||
default:
|
||||
return u.view.ProcessedUserSessionSequence(event.Sequence)
|
||||
return u.view.ProcessedUserSessionSequence(event.Sequence, event.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -105,12 +111,16 @@ func (u *UserSession) OnError(event *models.Event, err error) error {
|
||||
return spooler.HandleError(event, err, u.view.GetLatestUserSessionFailedEvent, u.view.ProcessedUserSessionFailedEvent, u.view.ProcessedUserSessionSequence, u.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (u *UserSession) OnSuccess() error {
|
||||
return spooler.HandleSuccess(u.view.UpdateUserSessionSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
func (u *UserSession) updateSession(session *view_model.UserSessionView, event *models.Event) error {
|
||||
session.AppendEvent(event)
|
||||
if err := u.fillUserInfo(session, event.AggregateID); err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.PutUserSession(session)
|
||||
return u.view.PutUserSession(session, event.CreationDate)
|
||||
}
|
||||
|
||||
func (u *UserSession) fillUserInfo(session *view_model.UserSessionView, id string) error {
|
||||
|
||||
@@ -2,7 +2,6 @@ package eventsourcing
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/eventstore"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/handler"
|
||||
@@ -146,7 +145,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
|
||||
IdGenerator: idGenerator,
|
||||
PasswordCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
||||
ExternalLoginCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
||||
MfaInitSkippedLifeTime: systemDefaults.VerificationLifetimes.MfaInitSkip.Duration,
|
||||
MFAInitSkippedLifeTime: systemDefaults.VerificationLifetimes.MFAInitSkip.Duration,
|
||||
SecondFactorCheckLifeTime: systemDefaults.VerificationLifetimes.SecondFactorCheck.Duration,
|
||||
MultiFactorCheckLifeTime: systemDefaults.VerificationLifetimes.MultiFactorCheck.Duration,
|
||||
IAMID: systemDefaults.IamID,
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/project/repository/view"
|
||||
"github.com/caos/zitadel/internal/project/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -26,28 +27,28 @@ func (v *View) SearchApplications(request *proj_model.ApplicationSearchRequest)
|
||||
return view.SearchApplications(v.Db, applicationTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutApplication(app *model.ApplicationView) error {
|
||||
func (v *View) PutApplication(app *model.ApplicationView, eventTimestamp time.Time) error {
|
||||
err := view.PutApplication(v.Db, applicationTable, app)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedApplicationSequence(app.Sequence)
|
||||
return v.ProcessedApplicationSequence(app.Sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutApplications(apps []*model.ApplicationView, sequence uint64) error {
|
||||
func (v *View) PutApplications(apps []*model.ApplicationView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutApplications(v.Db, applicationTable, apps...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedApplicationSequence(sequence)
|
||||
return v.ProcessedApplicationSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteApplication(appID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteApplication(appID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteApplication(v.Db, applicationTable, appID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedApplicationSequence(eventSequence)
|
||||
return v.ProcessedApplicationSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteApplicationsByProjectID(projectID string) error {
|
||||
@@ -58,8 +59,12 @@ func (v *View) GetLatestApplicationSequence() (*repository.CurrentSequence, erro
|
||||
return v.latestSequence(applicationTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedApplicationSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(applicationTable, eventSequence)
|
||||
func (v *View) ProcessedApplicationSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(applicationTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateApplicationSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(applicationTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestApplicationFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -32,44 +33,48 @@ func (v *View) SearchExternalIDPs(request *usr_model.ExternalIDPSearchRequest) (
|
||||
return view.SearchExternalIDPs(v.Db, externalIDPTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, sequence uint64) error {
|
||||
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutExternalIDP(v.Db, externalIDPTable, externalIDP)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedExternalIDPSequence(sequence)
|
||||
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutExternalIDPs(sequence uint64, externalIDPs ...*model.ExternalIDPView) error {
|
||||
func (v *View) PutExternalIDPs(sequence uint64, eventTimestamp time.Time, externalIDPs ...*model.ExternalIDPView) error {
|
||||
err := view.PutExternalIDPs(v.Db, externalIDPTable, externalIDPs...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedExternalIDPSequence(sequence)
|
||||
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteExternalIDP(v.Db, externalIDPTable, externalUserID, idpConfigID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedExternalIDPSequence(eventSequence)
|
||||
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteExternalIDPsByUserID(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteExternalIDPsByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteExternalIDPsByUserID(v.Db, externalIDPTable, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedExternalIDPSequence(eventSequence)
|
||||
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestExternalIDPSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(externalIDPTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedExternalIDPSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(externalIDPTable, eventSequence)
|
||||
func (v *View) ProcessedExternalIDPSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(externalIDPTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateExternalIDPSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(externalIDPTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestExternalIDPFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -24,28 +25,32 @@ func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*i
|
||||
return view.SearchIDPs(v.Db, idpConfigTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPConfig(idp *iam_es_model.IDPConfigView, sequence uint64) error {
|
||||
func (v *View) PutIDPConfig(idp *iam_es_model.IDPConfigView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutIDP(v.Db, idpConfigTable, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(sequence)
|
||||
return v.ProcessedIDPConfigSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(eventSequence)
|
||||
return v.ProcessedIDPConfigSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpConfigTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpConfigTable, eventSequence)
|
||||
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(idpConfigTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateIDPConfigSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(idpConfigTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -28,44 +29,48 @@ func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) (
|
||||
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64) error {
|
||||
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProviders(sequence uint64, providers ...*model.IDPProviderView) error {
|
||||
func (v *View) PutIDPProviders(sequence uint64, eventTimestamp time.Time, providers ...*model.IDPProviderView) error {
|
||||
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(eventSequence)
|
||||
return v.ProcessedIDPProviderSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPProvidersByAggregateID(aggregateID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteIDPProvidersByAggregateID(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteIDPProvidersByAggregateID(v.Db, idpProviderTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(eventSequence)
|
||||
return v.ProcessedIDPProviderSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpProviderTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpProviderTable, eventSequence)
|
||||
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(idpProviderTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateIDPProviderSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(idpProviderTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/key/repository/view"
|
||||
"github.com/caos/zitadel/internal/key/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -31,36 +32,40 @@ func (v *View) GetActiveKeySet() ([]*key_model.PublicKey, error) {
|
||||
return key_model.PublicKeysFromKeyView(model.KeyViewsToModel(keys), v.keyAlgorithm)
|
||||
}
|
||||
|
||||
func (v *View) PutKeys(privateKey, publicKey *model.KeyView, eventSequence uint64) error {
|
||||
func (v *View) PutKeys(privateKey, publicKey *model.KeyView, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutKeys(v.Db, keyTable, privateKey, publicKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedKeySequence(eventSequence)
|
||||
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteKey(keyID string, private bool, eventSequence uint64) error {
|
||||
func (v *View) DeleteKey(keyID string, private bool, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteKey(v.Db, keyTable, keyID, private)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedKeySequence(eventSequence)
|
||||
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteKeyPair(keyID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteKeyPair(keyID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteKeyPair(v.Db, keyTable, keyID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedKeySequence(eventSequence)
|
||||
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestKeySequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(keyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedKeySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(keyTable, eventSequence)
|
||||
func (v *View) ProcessedKeySequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(keyTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateKeySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(keyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestKeyFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -15,28 +16,32 @@ func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyV
|
||||
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64) error {
|
||||
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(sequence)
|
||||
return v.ProcessedLoginPolicySequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(eventSequence)
|
||||
return v.ProcessedLoginPolicySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(loginPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(loginPolicyTable, eventSequence)
|
||||
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(loginPolicyTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateLoginPolicySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(loginPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -27,39 +28,43 @@ func (v *View) SearchMachineKeys(request *usr_model.MachineKeySearchRequest) ([]
|
||||
return view.SearchMachineKeys(v.Db, machineKeyTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutMachineKey(key *model.MachineKeyView, sequence uint64) error {
|
||||
func (v *View) PutMachineKey(key *model.MachineKeyView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutMachineKey(v.Db, machineKeyTable, key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if sequence != 0 {
|
||||
return v.ProcessedMachineKeySequence(sequence)
|
||||
return v.ProcessedMachineKeySequence(sequence, eventTimestamp)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (v *View) DeleteMachineKey(keyID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteMachineKey(keyID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteMachineKey(v.Db, machineKeyTable, keyID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedMachineKeySequence(eventSequence)
|
||||
return v.ProcessedMachineKeySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteMachineKeysByUserID(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteMachineKeysByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteMachineKey(v.Db, machineKeyTable, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedMachineKeySequence(eventSequence)
|
||||
return v.ProcessedMachineKeySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestMachineKeySequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(machineKeyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedMachineKeySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(machineKeyTable, eventSequence)
|
||||
func (v *View) ProcessedMachineKeySequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(machineKeyTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateMachineKeySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(machineKeyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestMachineKeyFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
org_view "github.com/caos/zitadel/internal/org/repository/view"
|
||||
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -23,12 +24,12 @@ func (v *View) SearchOrgs(req *model.OrgSearchRequest) ([]*org_model.OrgView, ui
|
||||
return org_view.SearchOrgs(v.Db, orgTable, req)
|
||||
}
|
||||
|
||||
func (v *View) PutOrg(org *org_model.OrgView) error {
|
||||
func (v *View) PutOrg(org *org_model.OrgView, eventTimestamp time.Time) error {
|
||||
err := org_view.PutOrg(v.Db, orgTable, org)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedOrgSequence(org.Sequence)
|
||||
return v.ProcessedOrgSequence(org.Sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
@@ -39,10 +40,14 @@ func (v *View) ProcessedOrgFailedEvent(failedEvent *repository.FailedEvent) erro
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(orgTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(orgTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedOrgSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(orgTable, eventSequence)
|
||||
func (v *View) ProcessedOrgSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(orgTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -15,28 +16,32 @@ func (v *View) OrgIAMPolicyByAggregateID(aggregateID string) (*model.OrgIAMPolic
|
||||
return view.GetOrgIAMPolicyByAggregateID(v.Db, orgIAMPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, sequence uint64) error {
|
||||
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutOrgIAMPolicy(v.Db, orgIAMPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedOrgIAMPolicySequence(sequence)
|
||||
return v.ProcessedOrgIAMPolicySequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgIAMPolicy(aggregateID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteOrgIAMPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteOrgIAMPolicy(v.Db, orgIAMPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedOrgIAMPolicySequence(eventSequence)
|
||||
return v.ProcessedOrgIAMPolicySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgIAMPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(orgIAMPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedOrgIAMPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(orgIAMPolicyTable, eventSequence)
|
||||
func (v *View) ProcessedOrgIAMPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(orgIAMPolicyTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgIAMPolicySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(orgIAMPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgIAMPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -15,28 +16,32 @@ func (v *View) PasswordComplexityPolicyByAggregateID(aggregateID string) (*model
|
||||
return view.GetPasswordComplexityPolicyByAggregateID(v.Db, passwordComplexityPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, sequence uint64) error {
|
||||
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutPasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedPasswordComplexityPolicySequence(sequence)
|
||||
return v.ProcessedPasswordComplexityPolicySequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, eventSequence uint64) error {
|
||||
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeletePasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedPasswordComplexityPolicySequence(eventSequence)
|
||||
return v.ProcessedPasswordComplexityPolicySequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestPasswordComplexityPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(passwordComplexityPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedPasswordComplexityPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(passwordComplexityPolicyTable, eventSequence)
|
||||
func (v *View) ProcessedPasswordComplexityPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(passwordComplexityPolicyTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdatePasswordComplexityPolicySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(passwordComplexityPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestPasswordComplexityPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/project/repository/view"
|
||||
"github.com/caos/zitadel/internal/project/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -31,20 +32,20 @@ func (v *View) SearchProjectRoles(request *proj_model.ProjectRoleSearchRequest)
|
||||
return view.SearchProjectRoles(v.Db, projectRoleTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutProjectRole(project *model.ProjectRoleView) error {
|
||||
func (v *View) PutProjectRole(project *model.ProjectRoleView, eventTimestamp time.Time) error {
|
||||
err := view.PutProjectRole(v.Db, projectRoleTable, project)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedProjectRoleSequence(project.Sequence)
|
||||
return v.ProcessedProjectRoleSequence(project.Sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteProjectRole(projectID, orgID, key string, eventSequence uint64) error {
|
||||
func (v *View) DeleteProjectRole(projectID, orgID, key string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteProjectRole(v.Db, projectRoleTable, projectID, orgID, key)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedProjectRoleSequence(eventSequence)
|
||||
return v.ProcessedProjectRoleSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteProjectRolesByProjectID(projectID string) error {
|
||||
@@ -55,8 +56,12 @@ func (v *View) GetLatestProjectRoleSequence() (*repository.CurrentSequence, erro
|
||||
return v.latestSequence(projectRoleTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedProjectRoleSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(projectRoleTable, eventSequence)
|
||||
func (v *View) ProcessedProjectRoleSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(projectRoleTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateProjectRoleSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(projectRoleTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestProjectRoleFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -2,16 +2,29 @@ package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
sequencesTable = "auth.current_sequences"
|
||||
)
|
||||
|
||||
func (v *View) saveCurrentSequence(viewName string, sequence uint64) error {
|
||||
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, sequence)
|
||||
func (v *View) saveCurrentSequence(viewName string, sequence uint64, eventTimestamp time.Time) error {
|
||||
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) latestSequence(viewName string) (*repository.CurrentSequence, error) {
|
||||
return repository.LatestSequence(v.Db, sequencesTable, viewName)
|
||||
}
|
||||
|
||||
func (v *View) updateSpoolerRunSequence(viewName string) error {
|
||||
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if currentSequence.ViewName == "" {
|
||||
currentSequence.ViewName = viewName
|
||||
}
|
||||
currentSequence.LastSuccessfulSpoolerRun = time.Now()
|
||||
return repository.UpdateCurrentSequence(v.Db, sequencesTable, currentSequence)
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
usr_view "github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -18,60 +19,64 @@ func (v *View) TokensByUserID(userID string) ([]*model.TokenView, error) {
|
||||
return usr_view.TokensByUserID(v.Db, tokenTable, userID)
|
||||
}
|
||||
|
||||
func (v *View) PutToken(token *model.TokenView) error {
|
||||
func (v *View) PutToken(token *model.TokenView, eventTimestamp time.Time) error {
|
||||
err := usr_view.PutToken(v.Db, tokenTable, token)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedTokenSequence(token.Sequence)
|
||||
return v.ProcessedTokenSequence(token.Sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutTokens(token []*model.TokenView, sequence uint64) error {
|
||||
func (v *View) PutTokens(token []*model.TokenView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := usr_view.PutTokens(v.Db, tokenTable, token...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedTokenSequence(sequence)
|
||||
return v.ProcessedTokenSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteToken(tokenID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteToken(tokenID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := usr_view.DeleteToken(v.Db, tokenTable, tokenID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedTokenSequence(eventSequence)
|
||||
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedTokenSequence(eventSequence)
|
||||
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserTokens(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserTokens(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := usr_view.DeleteUserTokens(v.Db, tokenTable, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedTokenSequence(eventSequence)
|
||||
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteApplicationTokens(eventSequence uint64, ids ...string) error {
|
||||
func (v *View) DeleteApplicationTokens(eventSequence uint64, eventTimestamp time.Time, ids ...string) error {
|
||||
err := usr_view.DeleteApplicationTokens(v.Db, tokenTable, ids)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedTokenSequence(eventSequence)
|
||||
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestTokenSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(tokenTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedTokenSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(tokenTable, eventSequence)
|
||||
func (v *View) ProcessedTokenSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(tokenTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateTokenSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(tokenTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestTokenFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -47,40 +48,44 @@ func (v *View) IsUserUnique(userName, email string) (bool, error) {
|
||||
return view.IsUserUnique(v.Db, userTable, userName, email)
|
||||
}
|
||||
|
||||
func (v *View) UserMfas(userID string) ([]*usr_model.MultiFactor, error) {
|
||||
return view.UserMfas(v.Db, userTable, userID)
|
||||
func (v *View) UserMFAs(userID string) ([]*usr_model.MultiFactor, error) {
|
||||
return view.UserMFAs(v.Db, userTable, userID)
|
||||
}
|
||||
|
||||
func (v *View) PutUser(user *model.UserView, sequence uint64) error {
|
||||
func (v *View) PutUser(user *model.UserView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUser(v.Db, userTable, user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSequence(sequence)
|
||||
return v.ProcessedUserSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutUsers(users []*model.UserView, sequence uint64) error {
|
||||
func (v *View) PutUsers(users []*model.UserView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUsers(v.Db, userTable, users...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSequence(sequence)
|
||||
return v.ProcessedUserSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUser(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUser(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUser(v.Db, userTable, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserSequence(eventSequence)
|
||||
return v.ProcessedUserSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(userTable, eventSequence)
|
||||
func (v *View) ProcessedUserSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(userTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateUserSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(userTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/usergrant/repository/view"
|
||||
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -35,36 +36,40 @@ func (v *View) SearchUserGrants(request *grant_model.UserGrantSearchRequest) ([]
|
||||
return view.SearchUserGrants(v.Db, userGrantTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutUserGrant(grant *model.UserGrantView, sequence uint64) error {
|
||||
func (v *View) PutUserGrant(grant *model.UserGrantView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUserGrant(v.Db, userGrantTable, grant)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(sequence)
|
||||
return v.ProcessedUserGrantSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutUserGrants(grants []*model.UserGrantView, sequence uint64) error {
|
||||
func (v *View) PutUserGrants(grants []*model.UserGrantView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUserGrants(v.Db, userGrantTable, grants...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(sequence)
|
||||
return v.ProcessedUserGrantSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserGrant(grantID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserGrant(grantID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserGrant(v.Db, userGrantTable, grantID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(eventSequence)
|
||||
return v.ProcessedUserGrantSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserGrantSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userGrantTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserGrantSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(userGrantTable, eventSequence)
|
||||
func (v *View) ProcessedUserGrantSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(userGrantTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateUserGrantSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(userGrantTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserGrantFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -27,60 +28,64 @@ func (v *View) SearchUserMemberships(request *usr_model.UserMembershipSearchRequ
|
||||
return view.SearchUserMemberships(v.Db, userMembershipTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutUserMembership(membership *model.UserMembershipView, sequence uint64) error {
|
||||
func (v *View) PutUserMembership(membership *model.UserMembershipView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUserMembership(v.Db, userMembershipTable, membership)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(sequence)
|
||||
return v.ProcessedUserMembershipSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) BulkPutUserMemberships(memberships []*model.UserMembershipView, sequence uint64) error {
|
||||
func (v *View) BulkPutUserMemberships(memberships []*model.UserMembershipView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUserMemberships(v.Db, userMembershipTable, memberships...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(sequence)
|
||||
return v.ProcessedUserMembershipSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserMembership(userID, aggregateID, objectID string, memberType usr_model.MemberType, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserMembership(userID, aggregateID, objectID string, memberType usr_model.MemberType, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserMembership(v.Db, userMembershipTable, userID, aggregateID, objectID, memberType)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(eventSequence)
|
||||
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserMembershipsByUserID(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserMembershipsByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserMembershipsByUserID(v.Db, userMembershipTable, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(eventSequence)
|
||||
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserMembershipsByAggregateID(aggregateID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserMembershipsByAggregateID(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserMembershipsByAggregateID(v.Db, userMembershipTable, aggregateID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(eventSequence)
|
||||
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserMembershipsByAggregateIDAndObjectID(aggregateID, objectID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserMembershipsByAggregateIDAndObjectID(aggregateID, objectID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserMembershipsByAggregateIDAndObjectID(v.Db, userMembershipTable, aggregateID, objectID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserMembershipSequence(eventSequence)
|
||||
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserMembershipSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userMembershipTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserMembershipSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(userMembershipTable, eventSequence)
|
||||
func (v *View) ProcessedUserMembershipSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(userMembershipTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateUserMembershipSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(userMembershipTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserMembershipFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -22,36 +23,44 @@ func (v *View) UserSessionsByAgentID(agentID string) ([]*model.UserSessionView,
|
||||
return view.UserSessionsByAgentID(v.Db, userSessionTable, agentID)
|
||||
}
|
||||
|
||||
func (v *View) PutUserSession(userSession *model.UserSessionView) error {
|
||||
func (v *View) ActiveUserSessions() ([]*model.UserSessionView, error) {
|
||||
return view.ActiveUserSessions(v.Db, userSessionTable)
|
||||
}
|
||||
|
||||
func (v *View) PutUserSession(userSession *model.UserSessionView, eventTimestamp time.Time) error {
|
||||
err := view.PutUserSession(v.Db, userSessionTable, userSession)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSessionSequence(userSession.Sequence)
|
||||
return v.ProcessedUserSessionSequence(userSession.Sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) PutUserSessions(userSession []*model.UserSessionView, sequence uint64) error {
|
||||
func (v *View) PutUserSessions(userSession []*model.UserSessionView, sequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.PutUserSessions(v.Db, userSessionTable, userSession...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSessionSequence(sequence)
|
||||
return v.ProcessedUserSessionSequence(sequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserSessions(userID string, eventSequence uint64) error {
|
||||
func (v *View) DeleteUserSessions(userID string, eventSequence uint64, eventTimestamp time.Time) error {
|
||||
err := view.DeleteUserSessions(v.Db, userSessionTable, userID)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return v.ProcessedUserSessionSequence(eventSequence)
|
||||
return v.ProcessedUserSessionSequence(eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserSessionSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userSessionTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserSessionSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(userSessionTable, eventSequence)
|
||||
func (v *View) ProcessedUserSessionSequence(eventSequence uint64, eventTimestamp time.Time) error {
|
||||
return v.saveCurrentSequence(userSessionTable, eventSequence, eventTimestamp)
|
||||
}
|
||||
|
||||
func (v *View) UpdateUserSessionSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(userSessionTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserSessionFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
|
||||
@@ -13,7 +13,7 @@ type UserRepository interface {
|
||||
RegisterExternalUser(ctx context.Context, user *model.User, externalIDP *model.ExternalIDP, member *org_model.OrgMember, resourceOwner string) (*model.User, error)
|
||||
|
||||
myUserRepo
|
||||
SkipMfaInit(ctx context.Context, userID string) error
|
||||
SkipMFAInit(ctx context.Context, userID string) error
|
||||
|
||||
RequestPasswordReset(ctx context.Context, username string) error
|
||||
SetPassword(ctx context.Context, userID, code, password string) error
|
||||
@@ -25,8 +25,16 @@ type UserRepository interface {
|
||||
VerifyInitCode(ctx context.Context, userID, code, password string) error
|
||||
ResendInitVerificationMail(ctx context.Context, userID string) error
|
||||
|
||||
AddMfaOTP(ctx context.Context, userID string) (*model.OTP, error)
|
||||
VerifyMfaOTPSetup(ctx context.Context, userID, code string) error
|
||||
AddMFAOTP(ctx context.Context, userID string) (*model.OTP, error)
|
||||
VerifyMFAOTPSetup(ctx context.Context, userID, code string) error
|
||||
|
||||
AddMFAU2F(ctx context.Context, id string) (*model.WebAuthNToken, error)
|
||||
VerifyMFAU2FSetup(ctx context.Context, userID, tokenName string, credentialData []byte) error
|
||||
RemoveMFAU2F(ctx context.Context, userID, webAuthNTokenID string) error
|
||||
|
||||
AddPasswordless(ctx context.Context, id string) (*model.WebAuthNToken, error)
|
||||
VerifyPasswordlessSetup(ctx context.Context, userID, tokenName string, credentialData []byte) error
|
||||
RemovePasswordless(ctx context.Context, userID, webAuthNTokenID string) error
|
||||
|
||||
ChangeUsername(ctx context.Context, userID, username string) error
|
||||
|
||||
@@ -63,10 +71,18 @@ type myUserRepo interface {
|
||||
AddMyExternalIDP(ctx context.Context, externalIDP *model.ExternalIDP) (*model.ExternalIDP, error)
|
||||
RemoveMyExternalIDP(ctx context.Context, externalIDP *model.ExternalIDP) error
|
||||
|
||||
MyUserMfas(ctx context.Context) ([]*model.MultiFactor, error)
|
||||
AddMyMfaOTP(ctx context.Context) (*model.OTP, error)
|
||||
VerifyMyMfaOTPSetup(ctx context.Context, code string) error
|
||||
RemoveMyMfaOTP(ctx context.Context) error
|
||||
MyUserMFAs(ctx context.Context) ([]*model.MultiFactor, error)
|
||||
AddMyMFAOTP(ctx context.Context) (*model.OTP, error)
|
||||
VerifyMyMFAOTPSetup(ctx context.Context, code string) error
|
||||
RemoveMyMFAOTP(ctx context.Context) error
|
||||
|
||||
AddMyMFAU2F(ctx context.Context) (*model.WebAuthNToken, error)
|
||||
VerifyMyMFAU2FSetup(ctx context.Context, tokenName string, data []byte) error
|
||||
RemoveMyMFAU2F(ctx context.Context, webAuthNTokenID string) error
|
||||
|
||||
AddMyPasswordless(ctx context.Context) (*model.WebAuthNToken, error)
|
||||
VerifyMyPasswordlessSetup(ctx context.Context, tokenName string, data []byte) error
|
||||
RemoveMyPasswordless(ctx context.Context, webAuthNTokenID string) error
|
||||
|
||||
ChangeMyUsername(ctx context.Context, username string) error
|
||||
|
||||
|
||||
@@ -7,4 +7,5 @@ import (
|
||||
|
||||
type UserSessionRepository interface {
|
||||
GetMyUserSessions(ctx context.Context) ([]*model.UserSessionView, error)
|
||||
ActiveUserSessionCount() int64
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user