mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:27:31 +00:00
feat: complete dynamic domain handling (#3482)
* feat: dynamic issuer * feat: default language from context * remove zitadel docs from defaults * remove ConsoleOverwriteDir * remove notification endpoints from defaults * custom domains in emails * remove (external) domain * external domain completely removed, console handling fixed * fix test * fix defaults.yaml
This commit is contained in:
Livio Amstutz
@@ -24,11 +24,12 @@ import (
|
||||
)
|
||||
|
||||
type Commands struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
static static.Storage
|
||||
idGenerator id.Generator
|
||||
iamDomain string
|
||||
zitadelRoles []authz.RoleMapping
|
||||
eventstore *eventstore.Eventstore
|
||||
static static.Storage
|
||||
idGenerator id.Generator
|
||||
zitadelRoles []authz.RoleMapping
|
||||
externalSecure bool
|
||||
externalPort uint16
|
||||
|
||||
idpConfigEncryption crypto.EncryptionAlgorithm
|
||||
smtpEncryption crypto.EncryptionAlgorithm
|
||||
@@ -61,6 +62,8 @@ func StartCommands(es *eventstore.Eventstore,
|
||||
staticStore static.Storage,
|
||||
authZRepo authz_repo.Repository,
|
||||
webAuthN *webauthn_helper.Config,
|
||||
externalSecure bool,
|
||||
externalPort uint16,
|
||||
idpConfigEncryption,
|
||||
otpEncryption,
|
||||
smtpEncryption,
|
||||
@@ -73,8 +76,9 @@ func StartCommands(es *eventstore.Eventstore,
|
||||
eventstore: es,
|
||||
static: staticStore,
|
||||
idGenerator: id.SonyFlakeGenerator,
|
||||
iamDomain: defaults.Domain,
|
||||
zitadelRoles: zitadelRoles,
|
||||
externalSecure: externalSecure,
|
||||
externalPort: externalPort,
|
||||
keySize: defaults.KeyConfig.Size,
|
||||
privateKeyLifetime: defaults.KeyConfig.PrivateKeyLifetime,
|
||||
publicKeyLifetime: defaults.KeyConfig.PublicKeyLifetime,
|
||||
|
||||
@@ -157,7 +157,7 @@ func (s *InstanceSetup) generateIDs() (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, externalSecure bool, baseURL string) (string, *domain.ObjectDetails, error) {
|
||||
func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, externalSecure bool) (string, *domain.ObjectDetails, error) {
|
||||
instanceID, err := id.SonyFlakeGenerator.Next()
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
@@ -167,7 +167,6 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
ctx = authz.SetCtxData(authz.WithInstanceID(ctx, instanceID), authz.CtxData{OrgID: instanceID, ResourceOwner: instanceID})
|
||||
requestedDomain := authz.GetInstance(ctx).RequestedDomain()
|
||||
ctx = authz.SetCtxData(authz.WithRequestedDomain(authz.WithInstanceID(ctx, instanceID), requestedDomain), authz.CtxData{OrgID: instanceID, ResourceOwner: instanceID})
|
||||
|
||||
@@ -184,6 +183,7 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
if err = setup.generateIDs(); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
ctx = authz.WithConsole(ctx, setup.zitadel.projectID, setup.zitadel.consoleAppID)
|
||||
|
||||
setup.Org.Human.PasswordChangeRequired = true
|
||||
|
||||
@@ -194,7 +194,6 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
|
||||
validations := []preparation.Validation{
|
||||
addInstance(instanceAgg, setup.InstanceName),
|
||||
c.addGeneratedInstanceDomain(instanceAgg, setup.InstanceName),
|
||||
SetDefaultFeatures(
|
||||
instanceAgg,
|
||||
setup.Features.TierName,
|
||||
@@ -290,10 +289,6 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
validations = append(validations, SetInstanceCustomTexts(instanceAgg, msg))
|
||||
}
|
||||
|
||||
if setup.CustomDomain != "" {
|
||||
validations = append(validations, addInstanceDomain(instanceAgg, setup.CustomDomain, false))
|
||||
}
|
||||
|
||||
console := &addOIDCApp{
|
||||
AddApp: AddApp{
|
||||
Aggregate: *projectAgg,
|
||||
@@ -301,12 +296,12 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
Name: consoleAppName,
|
||||
},
|
||||
Version: domain.OIDCVersionV1,
|
||||
RedirectUris: []string{baseURL + consoleRedirectPath},
|
||||
RedirectUris: []string{},
|
||||
ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
|
||||
GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
|
||||
ApplicationType: domain.OIDCApplicationTypeUserAgent,
|
||||
AuthMethodType: domain.OIDCAuthMethodTypeNone,
|
||||
PostLogoutRedirectUris: []string{baseURL + consolePostLogoutPath},
|
||||
PostLogoutRedirectUris: []string{},
|
||||
DevMode: !externalSecure,
|
||||
AccessTokenType: domain.OIDCTokenTypeBearer,
|
||||
AccessTokenRoleAssertion: false,
|
||||
@@ -362,7 +357,11 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup, exte
|
||||
|
||||
AddOIDCAppCommand(console, nil),
|
||||
SetIAMConsoleID(instanceAgg, &console.ClientID, &setup.zitadel.consoleAppID),
|
||||
c.addGeneratedInstanceDomain(ctx, instanceAgg, setup.InstanceName),
|
||||
)
|
||||
if setup.CustomDomain != "" {
|
||||
validations = append(validations, c.addInstanceDomain(instanceAgg, setup.CustomDomain, false))
|
||||
}
|
||||
|
||||
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validations...)
|
||||
if err != nil {
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/api/http"
|
||||
"github.com/caos/zitadel/internal/command/preparation"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
@@ -15,7 +16,7 @@ import (
|
||||
|
||||
func (c *Commands) AddInstanceDomain(ctx context.Context, instanceDomain string) (*domain.ObjectDetails, error) {
|
||||
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
|
||||
validation := addInstanceDomain(instanceAgg, instanceDomain, false)
|
||||
validation := c.addInstanceDomain(instanceAgg, instanceDomain, false)
|
||||
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -67,12 +68,12 @@ func (c *Commands) RemoveInstanceDomain(ctx context.Context, instanceDomain stri
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (c *Commands) addGeneratedInstanceDomain(a *instance.Aggregate, instanceName string) preparation.Validation {
|
||||
domain := domain.NewGeneratedInstanceDomain(instanceName, c.iamDomain)
|
||||
return addInstanceDomain(a, domain, true)
|
||||
func (c *Commands) addGeneratedInstanceDomain(ctx context.Context, a *instance.Aggregate, instanceName string) preparation.Validation {
|
||||
domain := domain.NewGeneratedInstanceDomain(instanceName, authz.GetInstance(ctx).RequestedDomain())
|
||||
return c.addInstanceDomain(a, domain, true)
|
||||
}
|
||||
|
||||
func addInstanceDomain(a *instance.Aggregate, instanceDomain string, generated bool) preparation.Validation {
|
||||
func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain string, generated bool) preparation.Validation {
|
||||
return func() (preparation.CreateCommands, error) {
|
||||
if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument")
|
||||
@@ -93,8 +94,8 @@ func addInstanceDomain(a *instance.Aggregate, instanceDomain string, generated b
|
||||
return nil, err
|
||||
}
|
||||
if appWriteModel.State.Exists() {
|
||||
redirectUrls := append(appWriteModel.RedirectUris, instanceDomain+consoleRedirectPath)
|
||||
logoutUrls := append(appWriteModel.PostLogoutRedirectUris, instanceDomain+consolePostLogoutPath)
|
||||
redirectUrls := append(appWriteModel.RedirectUris, http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure)+consoleRedirectPath)
|
||||
logoutUrls := append(appWriteModel.PostLogoutRedirectUris, http.BuildOrigin(instanceDomain, c.externalSecure)+consolePostLogoutPath)
|
||||
consoleChangeEvent, err := project.NewOIDCConfigChangedEvent(
|
||||
ctx,
|
||||
ProjectAggregateFromWriteModel(&appWriteModel.WriteModel),
|
||||
|
||||
@@ -5,10 +5,11 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"github.com/caos/zitadel/internal/repository/project"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
@@ -19,7 +20,8 @@ import (
|
||||
|
||||
func TestCommandSide_AddInstanceDomain(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
eventstore *eventstore.Eventstore
|
||||
externalSecure bool
|
||||
}
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -134,6 +136,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) {
|
||||
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", instance.NewAddInstanceDomainUniqueConstraint("domain.ch")),
|
||||
),
|
||||
),
|
||||
externalSecure: true,
|
||||
},
|
||||
args: args{
|
||||
ctx: authz.WithInstance(context.Background(), new(mockInstance)),
|
||||
@@ -149,7 +152,8 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
r := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
eventstore: tt.fields.eventstore,
|
||||
externalSecure: tt.fields.externalSecure,
|
||||
}
|
||||
got, err := r.AddInstanceDomain(tt.args.ctx, tt.args.domain)
|
||||
if tt.res.err == nil {
|
||||
@@ -404,8 +408,8 @@ func TestCommandSide_RemoveInstanceDomain(t *testing.T) {
|
||||
|
||||
func newOIDCAppChangedEventInstanceDomain(ctx context.Context, appID, projectID, resourceOwner string) *project.OIDCConfigChangedEvent {
|
||||
changes := []project.OIDCConfigChanges{
|
||||
project.ChangeRedirectURIs([]string{"https://test.ch", "domain.ch/ui/console/auth/callback"}),
|
||||
project.ChangePostLogoutRedirectURIs([]string{"https://test.ch/logout", "domain.ch/ui/console/signedout"}),
|
||||
project.ChangeRedirectURIs([]string{"https://test.ch", "https://domain.ch/ui/console/auth/callback"}),
|
||||
project.ChangePostLogoutRedirectURIs([]string{"https://test.ch/logout", "https://domain.ch/ui/console/signedout"}),
|
||||
}
|
||||
event, _ := project.NewOIDCConfigChangedEvent(ctx,
|
||||
&project.NewAggregate(projectID, resourceOwner).Aggregate,
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
@@ -275,6 +276,14 @@ func (m *mockInstance) ConsoleApplicationID() string {
|
||||
return "consoleApplicationID"
|
||||
}
|
||||
|
||||
func (m *mockInstance) DefaultLanguage() language.Tag {
|
||||
return language.English
|
||||
}
|
||||
|
||||
func (m *mockInstance) RequestedDomain() string {
|
||||
return "zitadel.cloud"
|
||||
}
|
||||
|
||||
func (m *mockInstance) RequestedHost() string {
|
||||
return "zitadel.cloud:443"
|
||||
}
|
||||
|
||||
@@ -249,7 +249,7 @@ func (c *Commands) addOrg(ctx context.Context, organisation *domain.Org, claimed
|
||||
if err != nil {
|
||||
return nil, nil, nil, caos_errs.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal")
|
||||
}
|
||||
organisation.AddIAMDomain(c.iamDomain)
|
||||
organisation.AddIAMDomain(authz.GetInstance(ctx).RequestedDomain())
|
||||
addedOrg := NewOrgWriteModel(organisation.AggregateID)
|
||||
|
||||
orgAgg := OrgAggregateFromWriteModel(&addedOrg.WriteModel)
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
http_utils "github.com/caos/zitadel/internal/api/http"
|
||||
"github.com/caos/zitadel/internal/command/preparation"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
@@ -292,13 +293,14 @@ func (c *Commands) changeDefaultDomain(ctx context.Context, orgID, newName strin
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defaultDomain := domain.NewIAMDomainName(orgDomains.OrgName, c.iamDomain)
|
||||
iamDomain := authz.GetInstance(ctx).RequestedDomain()
|
||||
defaultDomain := domain.NewIAMDomainName(orgDomains.OrgName, iamDomain)
|
||||
isPrimary := defaultDomain == orgDomains.PrimaryDomain
|
||||
orgAgg := OrgAggregateFromWriteModel(&orgDomains.WriteModel)
|
||||
for _, orgDomain := range orgDomains.Domains {
|
||||
if orgDomain.State == domain.OrgDomainStateActive {
|
||||
if orgDomain.Domain == defaultDomain {
|
||||
newDefaultDomain := domain.NewIAMDomainName(newName, c.iamDomain)
|
||||
newDefaultDomain := domain.NewIAMDomainName(newName, iamDomain)
|
||||
events := []eventstore.Command{
|
||||
org.NewDomainAddedEvent(ctx, orgAgg, newDefaultDomain),
|
||||
org.NewDomainVerifiedEvent(ctx, orgAgg, newDefaultDomain),
|
||||
@@ -321,7 +323,7 @@ func (c *Commands) removeCustomDomains(ctx context.Context, orgID string) ([]eve
|
||||
return nil, err
|
||||
}
|
||||
hasDefault := false
|
||||
defaultDomain := domain.NewIAMDomainName(orgDomains.OrgName, c.iamDomain)
|
||||
defaultDomain := domain.NewIAMDomainName(orgDomains.OrgName, authz.GetInstance(ctx).RequestedDomain())
|
||||
isPrimary := defaultDomain == orgDomains.PrimaryDomain
|
||||
orgAgg := OrgAggregateFromWriteModel(&orgDomains.WriteModel)
|
||||
events := make([]eventstore.Command, 0, len(orgDomains.Domains))
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/api/http"
|
||||
"github.com/caos/zitadel/internal/command/preparation"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
@@ -1090,10 +1091,9 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) {
|
||||
domainVerificationGenerator: tt.fields.secretGenerator,
|
||||
domainVerificationAlg: tt.fields.alg,
|
||||
domainVerificationValidator: tt.fields.domainValidationFunc,
|
||||
iamDomain: "zitadel.ch",
|
||||
idGenerator: tt.fields.idGenerator,
|
||||
}
|
||||
got, err := r.ValidateOrgDomain(tt.args.ctx, tt.args.domain, tt.args.claimedUserIDs)
|
||||
got, err := r.ValidateOrgDomain(authz.WithRequestedDomain(tt.args.ctx, "zitadel.ch"), tt.args.domain, tt.args.claimedUserIDs)
|
||||
if tt.res.err == nil {
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
@@ -9,9 +9,7 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/caos/zitadel/internal/repository/user"
|
||||
"github.com/caos/zitadel/internal/static/mock"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
@@ -19,13 +17,14 @@ import (
|
||||
"github.com/caos/zitadel/internal/repository/features"
|
||||
"github.com/caos/zitadel/internal/repository/instance"
|
||||
"github.com/caos/zitadel/internal/repository/org"
|
||||
"github.com/caos/zitadel/internal/repository/user"
|
||||
"github.com/caos/zitadel/internal/static"
|
||||
"github.com/caos/zitadel/internal/static/mock"
|
||||
)
|
||||
|
||||
func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
iamDomain string
|
||||
static static.Storage
|
||||
}
|
||||
type args struct {
|
||||
@@ -291,10 +290,9 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
},
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -503,10 +501,9 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgDomainUniqueConstraint("test1")),
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -723,10 +720,9 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgDomainUniqueConstraint("test1")),
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -953,10 +949,9 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgDomainUniqueConstraint("test1")),
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -1268,11 +1263,10 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
},
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
static: mock.NewMockStorage(gomock.NewController(t)).ExpectRemoveObjectsNoError(),
|
||||
static: mock.NewMockStorage(gomock.NewController(t)).ExpectRemoveObjectsNoError(),
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -1462,10 +1456,9 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
},
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
features: &domain.Features{
|
||||
TierName: "Test",
|
||||
@@ -1500,7 +1493,6 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
r := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
iamDomain: tt.fields.iamDomain,
|
||||
static: tt.fields.static,
|
||||
}
|
||||
got, err := r.SetOrgFeatures(tt.args.ctx, tt.args.resourceOwner, tt.args.features)
|
||||
@@ -1520,7 +1512,6 @@ func TestCommandSide_SetOrgFeatures(t *testing.T) {
|
||||
func TestCommandSide_RemoveOrgFeatures(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
iamDomain string
|
||||
}
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -1715,10 +1706,9 @@ func TestCommandSide_RemoveOrgFeatures(t *testing.T) {
|
||||
},
|
||||
),
|
||||
),
|
||||
iamDomain: "iam-domain",
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
resourceOwner: "org1",
|
||||
},
|
||||
res: res{
|
||||
@@ -1732,7 +1722,6 @@ func TestCommandSide_RemoveOrgFeatures(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
r := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
iamDomain: tt.fields.iamDomain,
|
||||
}
|
||||
got, err := r.RemoveOrgFeatures(tt.args.ctx, tt.args.resourceOwner)
|
||||
if tt.res.err == nil {
|
||||
|
||||
@@ -71,7 +71,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
idGenerator id.Generator
|
||||
iamDomain string
|
||||
zitadelRoles []authz.RoleMapping
|
||||
}
|
||||
type args struct {
|
||||
@@ -203,7 +202,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
),
|
||||
),
|
||||
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
||||
iamDomain: "iam-domain",
|
||||
zitadelRoles: []authz.RoleMapping{
|
||||
{
|
||||
Role: "ORG_OWNER",
|
||||
@@ -211,7 +209,7 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
name: "Org",
|
||||
userID: "user1",
|
||||
resourceOwner: "org1",
|
||||
@@ -272,7 +270,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
),
|
||||
),
|
||||
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
||||
iamDomain: "iam-domain",
|
||||
zitadelRoles: []authz.RoleMapping{
|
||||
{
|
||||
Role: "ORG_OWNER",
|
||||
@@ -280,7 +277,7 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
name: "Org",
|
||||
userID: "user1",
|
||||
resourceOwner: "org1",
|
||||
@@ -341,7 +338,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
),
|
||||
),
|
||||
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
||||
iamDomain: "iam-domain",
|
||||
zitadelRoles: []authz.RoleMapping{
|
||||
{
|
||||
Role: "ORG_OWNER",
|
||||
@@ -349,7 +345,7 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
|
||||
name: "Org",
|
||||
userID: "user1",
|
||||
resourceOwner: "org1",
|
||||
@@ -372,7 +368,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
r := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
idGenerator: tt.fields.idGenerator,
|
||||
iamDomain: tt.fields.iamDomain,
|
||||
zitadelRoles: tt.fields.zitadelRoles,
|
||||
}
|
||||
got, err := r.AddOrg(tt.args.ctx, tt.args.name, tt.args.userID, tt.args.resourceOwner, tt.args.claimedUserIDs)
|
||||
@@ -392,7 +387,6 @@ func TestCommandSide_AddOrg(t *testing.T) {
|
||||
func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
iamDomain string
|
||||
}
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -444,7 +438,6 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
{
|
||||
name: "push failed, error",
|
||||
fields: fields{
|
||||
iamDomain: "zitadel.ch",
|
||||
eventstore: eventstoreExpect(
|
||||
t,
|
||||
expectFilter(
|
||||
@@ -467,7 +460,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
),
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "zitadel.ch"),
|
||||
orgID: "org1",
|
||||
name: "neworg",
|
||||
},
|
||||
@@ -478,7 +471,6 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
{
|
||||
name: "change org name verified, not primary",
|
||||
fields: fields{
|
||||
iamDomain: "zitadel.ch",
|
||||
eventstore: eventstoreExpect(
|
||||
t,
|
||||
expectFilter(
|
||||
@@ -524,7 +516,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
),
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "zitadel.ch"),
|
||||
orgID: "org1",
|
||||
name: "neworg",
|
||||
},
|
||||
@@ -533,7 +525,6 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
{
|
||||
name: "change org name verified, with primary",
|
||||
fields: fields{
|
||||
iamDomain: "zitadel.ch",
|
||||
eventstore: eventstoreExpect(
|
||||
t,
|
||||
expectFilter(
|
||||
@@ -586,7 +577,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
),
|
||||
},
|
||||
args: args{
|
||||
ctx: context.Background(),
|
||||
ctx: authz.WithRequestedDomain(context.Background(), "zitadel.ch"),
|
||||
orgID: "org1",
|
||||
name: "neworg",
|
||||
},
|
||||
@@ -597,7 +588,6 @@ func TestCommandSide_ChangeOrg(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
r := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
iamDomain: tt.fields.iamDomain,
|
||||
}
|
||||
_, err := r.ChangeOrg(tt.args.ctx, tt.args.orgID, tt.args.name)
|
||||
if tt.res.err == nil {
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/command/preparation"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
@@ -333,7 +334,7 @@ func (c *Commands) userDomainClaimed(ctx context.Context, userID string) (events
|
||||
user.NewDomainClaimedEvent(
|
||||
ctx,
|
||||
userAgg,
|
||||
fmt.Sprintf("%s@temporary.%s", id, c.iamDomain),
|
||||
fmt.Sprintf("%s@temporary.%s", id, authz.GetInstance(ctx).RequestedDomain()),
|
||||
existingUser.UserName,
|
||||
domainPolicy.UserLoginMustBeDomain),
|
||||
}, changedUserGrant, nil
|
||||
|
||||
@@ -25,7 +25,6 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) {
|
||||
type fields struct {
|
||||
eventstore *eventstore.Eventstore
|
||||
idGenerator id.Generator
|
||||
iamDomain string
|
||||
keyAlgorithm crypto.EncryptionAlgorithm
|
||||
}
|
||||
type args struct {
|
||||
@@ -285,7 +284,6 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) {
|
||||
c := &Commands{
|
||||
eventstore: tt.fields.eventstore,
|
||||
idGenerator: tt.fields.idGenerator,
|
||||
iamDomain: tt.fields.iamDomain,
|
||||
keyAlgorithm: tt.fields.keyAlgorithm,
|
||||
}
|
||||
got, gotRefresh, err := c.AddAccessAndRefreshToken(tt.args.ctx, tt.args.orgID, tt.args.agentID, tt.args.clientID, tt.args.userID, tt.args.refreshToken,
|
||||
|
||||
Reference in New Issue
Block a user