feat: Identity brokering (#730)

* feat: add/ remove external idps * feat: external idp add /remove * fix: auth proto * fix: handle login * feat: loginpolicy on authrequest * feat: idp providers on login * feat: link external idp * fix: check login policy on check username * feat: add mapping fields for idp config * feat: use user org id if existing * feat: use user org id if existing * feat: register external user * feat: register external user * feat: user linking * feat: user linking * feat: design external login * feat: design external login * fix: tests * fix: regenerate login design * feat: next step test linking process * feat: next step test linking process * feat: cascade remove external idps on user * fix: tests * fix: tests * feat: external idp requsts on users * fix: generate protos * feat: login styles * feat: login styles * fix: link user * fix: register user on specifig org * fix: user linking * fix: register external, linking auto * fix: remove unnecessary request from proto * fix: tests * fix: new oidc package * fix: migration version * fix: policy permissions * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * Update internal/ui/login/handler/link_users_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * fix: pr requests * fix: pr requests * fix: login name size * fix: profile image light * fix: colors * fix: pr requests * fix: remove redirect uri validator * fix: remove redirect uri validator Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 00:57:33 +00:00 · 2020-09-18 13:26:28 +02:00
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -122,6 +122,19 @@ func (s *Server) ChangeMyPassword(ctx context.Context, request *auth.PasswordCha
 	return &empty.Empty{}, err
 }

+func (s *Server) SearchMyExternalIDPs(ctx context.Context, request *auth.ExternalIDPSearchRequest) (*auth.ExternalIDPSearchResponse, error) {
+	externalIDP, err := s.repo.SearchMyExternalIDPs(ctx, externalIDPSearchRequestToModel(request))
+	if err != nil {
+		return nil, err
+	}
+	return externalIDPSearchResponseFromModel(externalIDP), nil
+}
+
+func (s *Server) RemoveMyExternalIDP(ctx context.Context, request *auth.ExternalIDPRemoveRequest) (*empty.Empty, error) {
+	err := s.repo.RemoveMyExternalIDP(ctx, externalIDPRemoveToModel(ctx, request))
+	return &empty.Empty{}, err
+}
+
 func (s *Server) GetMyPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*auth.PasswordComplexityPolicy, error) {
 	policy, err := s.repo.GetMyPasswordComplexityPolicy(ctx)
 	if err != nil {
--- a/internal/api/grpc/auth/user_converter.go
+++ b/internal/api/grpc/auth/user_converter.go
@@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"encoding/json"
-
 	"github.com/caos/logging"
 	"github.com/golang/protobuf/ptypes"
 	"golang.org/x/text/language"
@@ -242,6 +241,69 @@ func updateAddressToModel(ctx context.Context, address *auth.UpdateUserAddressRe
 	}
 }

+func externalIDPSearchRequestToModel(request *auth.ExternalIDPSearchRequest) *usr_model.ExternalIDPSearchRequest {
+	return &usr_model.ExternalIDPSearchRequest{
+		Limit:  request.Limit,
+		Offset: request.Offset,
+	}
+}
+
+func externalIDPRemoveToModel(ctx context.Context, idp *auth.ExternalIDPRemoveRequest) *usr_model.ExternalIDP {
+	return &usr_model.ExternalIDP{
+		ObjectRoot:  models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
+		IDPConfigID: idp.IdpConfigId,
+		UserID:      idp.ExternalUserId,
+	}
+}
+
+func externalIDPResponseFromModel(idp *usr_model.ExternalIDP) *auth.ExternalIDPResponse {
+	return &auth.ExternalIDPResponse{
+		IdpConfigId: idp.IDPConfigID,
+		UserId:      idp.UserID,
+		DisplayName: idp.DisplayName,
+	}
+}
+
+func externalIDPSearchResponseFromModel(response *usr_model.ExternalIDPSearchResponse) *auth.ExternalIDPSearchResponse {
+	viewTimestamp, err := ptypes.TimestampProto(response.Timestamp)
+	logging.Log("GRPC-3h8is").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.ExternalIDPSearchResponse{
+		Offset:            response.Offset,
+		Limit:             response.Limit,
+		TotalResult:       response.TotalResult,
+		ProcessedSequence: response.Sequence,
+		ViewTimestamp:     viewTimestamp,
+		Result:            externalIDPViewsFromModel(response.Result),
+	}
+}
+
+func externalIDPViewsFromModel(externalIDPs []*usr_model.ExternalIDPView) []*auth.ExternalIDPView {
+	converted := make([]*auth.ExternalIDPView, len(externalIDPs))
+	for i, externalIDP := range externalIDPs {
+		converted[i] = externalIDPViewFromModel(externalIDP)
+	}
+	return converted
+}
+
+func externalIDPViewFromModel(externalIDP *usr_model.ExternalIDPView) *auth.ExternalIDPView {
+	creationDate, err := ptypes.TimestampProto(externalIDP.CreationDate)
+	logging.Log("GRPC-Sj8dw").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(externalIDP.ChangeDate)
+	logging.Log("GRPC-Nf8ue").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.ExternalIDPView{
+		UserId:                  externalIDP.UserID,
+		IdpConfigId:             externalIDP.IDPConfigID,
+		ExternalUserId:          externalIDP.ExternalUserID,
+		ExternalUserDisplayName: externalIDP.UserDisplayName,
+		IdpName:                 externalIDP.IDPName,
+		CreationDate:            creationDate,
+		ChangeDate:              changeDate,
+	}
+}
+
 func otpFromModel(otp *usr_model.OTP) *auth.MfaOtpResponse {
 	return &auth.MfaOtpResponse{
 		UserId: otp.AggregateID,