feat: Identity brokering (#730)

* feat: add/ remove external idps * feat: external idp add /remove * fix: auth proto * fix: handle login * feat: loginpolicy on authrequest * feat: idp providers on login * feat: link external idp * fix: check login policy on check username * feat: add mapping fields for idp config * feat: use user org id if existing * feat: use user org id if existing * feat: register external user * feat: register external user * feat: user linking * feat: user linking * feat: design external login * feat: design external login * fix: tests * fix: regenerate login design * feat: next step test linking process * feat: next step test linking process * feat: cascade remove external idps on user * fix: tests * fix: tests * feat: external idp requsts on users * fix: generate protos * feat: login styles * feat: login styles * fix: link user * fix: register user on specifig org * fix: user linking * fix: register external, linking auto * fix: remove unnecessary request from proto * fix: tests * fix: new oidc package * fix: migration version * fix: policy permissions * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * Update internal/ui/login/handler/link_users_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * fix: pr requests * fix: pr requests * fix: login name size * fix: profile image light * fix: colors * fix: pr requests * fix: remove redirect uri validator * fix: remove redirect uri validator Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 08:07:32 +00:00 · 2020-09-18 13:26:28 +02:00
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
--- a/internal/iam/repository/view/idp_provider_view.go
+++ b/internal/iam/repository/view/idp_provider_view.go
@@ -22,7 +22,7 @@ func GetIDPProviderByAggregateIDAndConfigID(db *gorm.DB, table, aggregateID, idp
 }

 func IDPProvidersByIdpConfigID(db *gorm.DB, table string, idpConfigID string) ([]*model.IDPProviderView, error) {
-	members := make([]*model.IDPProviderView, 0)
+	providers := make([]*model.IDPProviderView, 0)
 	queries := []*iam_model.IDPProviderSearchQuery{
 		{
 			Key:    iam_model.IDPProviderSearchKeyIdpConfigID,
@@ -31,11 +31,28 @@ func IDPProvidersByIdpConfigID(db *gorm.DB, table string, idpConfigID string) ([
 		},
 	}
 	query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries})
-	_, err := query(db, &members)
+	_, err := query(db, &providers)
 	if err != nil {
 		return nil, err
 	}
-	return members, nil
+	return providers, nil
+}
+
+func IDPProvidersByAggregateID(db *gorm.DB, table string, aggregateID string) ([]*model.IDPProviderView, error) {
+	providers := make([]*model.IDPProviderView, 0)
+	queries := []*iam_model.IDPProviderSearchQuery{
+		{
+			Key:    iam_model.IDPProviderSearchKeyAggregateID,
+			Value:  aggregateID,
+			Method: global_model.SearchMethodEquals,
+		},
+	}
+	query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries})
+	_, err := query(db, &providers)
+	if err != nil {
+		return nil, err
+	}
+	return providers, nil
 }

 func SearchIDPProviders(db *gorm.DB, table string, req *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
--- a/internal/iam/repository/view/idp_view.go
+++ b/internal/iam/repository/view/idp_view.go
@@ -20,6 +20,23 @@ func IDPByID(db *gorm.DB, table, idpID string) (*model.IDPConfigView, error) {
 	return idp, err
 }

+func GetIDPConfigsByAggregateID(db *gorm.DB, table string, aggregateID string) ([]*model.IDPConfigView, error) {
+	idps := make([]*model.IDPConfigView, 0)
+	queries := []*iam_model.IDPConfigSearchQuery{
+		{
+			Key:    iam_model.IDPConfigSearchKeyAggregateID,
+			Value:  aggregateID,
+			Method: global_model.SearchMethodEquals,
+		},
+	}
+	query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Queries: queries})
+	_, err := query(db, &idps)
+	if err != nil {
+		return nil, err
+	}
+	return idps, nil
+}
+
 func SearchIDPs(db *gorm.DB, table string, req *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
 	idps := make([]*model.IDPConfigView, 0)
 	query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
--- a/internal/iam/repository/view/model/idp_config.go
+++ b/internal/iam/repository/view/model/idp_config.go
@@ -32,55 +32,61 @@ type IDPConfigView struct {
 	IDPState        int32     `json:"-" gorm:"column:idp_state"`
 	IDPProviderType int32     `json:"-" gorm:"column:idp_provider_type"`

-	IsOIDC           bool                `json:"-" gorm:"column:is_oidc"`
-	OIDCClientID     string              `json:"clientId" gorm:"column:oidc_client_id"`
-	OIDCClientSecret *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"`
-	OIDCIssuer       string              `json:"issuer" gorm:"column:oidc_issuer"`
-	OIDCScopes       pq.StringArray      `json:"scopes" gorm:"column:oidc_scopes"`
+	IsOIDC                    bool                `json:"-" gorm:"column:is_oidc"`
+	OIDCClientID              string              `json:"clientId" gorm:"column:oidc_client_id"`
+	OIDCClientSecret          *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"`
+	OIDCIssuer                string              `json:"issuer" gorm:"column:oidc_issuer"`
+	OIDCScopes                pq.StringArray      `json:"scopes" gorm:"column:oidc_scopes"`
+	OIDCIDPDisplayNameMapping int32               `json:"idpDisplayNameMapping" gorm:"column:oidc_idp_display_name_mapping"`
+	OIDCUsernameMapping       int32               `json:"usernameMapping" gorm:"column:oidc_idp_username_mapping"`

 	Sequence uint64 `json:"-" gorm:"column:sequence"`
 }

 func IDPConfigViewFromModel(idp *model.IDPConfigView) *IDPConfigView {
 	return &IDPConfigView{
-		IDPConfigID:      idp.IDPConfigID,
-		AggregateID:      idp.AggregateID,
-		Name:             idp.Name,
-		LogoSrc:          idp.LogoSrc,
-		Sequence:         idp.Sequence,
-		CreationDate:     idp.CreationDate,
-		ChangeDate:       idp.ChangeDate,
-		IDPProviderType:  int32(idp.IDPProviderType),
-		IsOIDC:           idp.IsOIDC,
-		OIDCClientID:     idp.OIDCClientID,
-		OIDCClientSecret: idp.OIDCClientSecret,
-		OIDCIssuer:       idp.OIDCIssuer,
-		OIDCScopes:       idp.OIDCScopes,
+		IDPConfigID:               idp.IDPConfigID,
+		AggregateID:               idp.AggregateID,
+		Name:                      idp.Name,
+		LogoSrc:                   idp.LogoSrc,
+		Sequence:                  idp.Sequence,
+		CreationDate:              idp.CreationDate,
+		ChangeDate:                idp.ChangeDate,
+		IDPProviderType:           int32(idp.IDPProviderType),
+		IsOIDC:                    idp.IsOIDC,
+		OIDCClientID:              idp.OIDCClientID,
+		OIDCClientSecret:          idp.OIDCClientSecret,
+		OIDCIssuer:                idp.OIDCIssuer,
+		OIDCScopes:                idp.OIDCScopes,
+		OIDCIDPDisplayNameMapping: int32(idp.OIDCIDPDisplayNameMapping),
+		OIDCUsernameMapping:       int32(idp.OIDCUsernameMapping),
 	}
 }

-func IdpConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
+func IDPConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
 	return &model.IDPConfigView{
-		IDPConfigID:      idp.IDPConfigID,
-		AggregateID:      idp.AggregateID,
-		Name:             idp.Name,
-		LogoSrc:          idp.LogoSrc,
-		Sequence:         idp.Sequence,
-		CreationDate:     idp.CreationDate,
-		ChangeDate:       idp.ChangeDate,
-		IDPProviderType:  model.IDPProviderType(idp.IDPProviderType),
-		IsOIDC:           idp.IsOIDC,
-		OIDCClientID:     idp.OIDCClientID,
-		OIDCClientSecret: idp.OIDCClientSecret,
-		OIDCIssuer:       idp.OIDCIssuer,
-		OIDCScopes:       idp.OIDCScopes,
+		IDPConfigID:               idp.IDPConfigID,
+		AggregateID:               idp.AggregateID,
+		Name:                      idp.Name,
+		LogoSrc:                   idp.LogoSrc,
+		Sequence:                  idp.Sequence,
+		CreationDate:              idp.CreationDate,
+		ChangeDate:                idp.ChangeDate,
+		IDPProviderType:           model.IDPProviderType(idp.IDPProviderType),
+		IsOIDC:                    idp.IsOIDC,
+		OIDCClientID:              idp.OIDCClientID,
+		OIDCClientSecret:          idp.OIDCClientSecret,
+		OIDCIssuer:                idp.OIDCIssuer,
+		OIDCScopes:                idp.OIDCScopes,
+		OIDCIDPDisplayNameMapping: model.OIDCMappingField(idp.OIDCIDPDisplayNameMapping),
+		OIDCUsernameMapping:       model.OIDCMappingField(idp.OIDCUsernameMapping),
 	}
 }

 func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
 	result := make([]*model.IDPConfigView, len(idps))
 	for i, idp := range idps {
-		result[i] = IdpConfigViewToModel(idp)
+		result[i] = IDPConfigViewToModel(idp)
 	}
 	return result
 }
--- a/internal/iam/repository/view/model/idp_provider.go
+++ b/internal/iam/repository/view/model/idp_provider.go
@@ -39,6 +39,7 @@ func IDPProviderViewFromModel(policy *model.IDPProviderView) *IDPProviderView {
 		CreationDate:    policy.CreationDate,
 		ChangeDate:      policy.ChangeDate,
 		Name:            policy.Name,
+		IDPConfigID:     policy.IDPConfigID,
 		IDPConfigType:   int32(policy.IDPConfigType),
 		IDPProviderType: int32(policy.IDPProviderType),
 	}
@@ -51,6 +52,7 @@ func IDPProviderViewToModel(policy *IDPProviderView) *model.IDPProviderView {
 		CreationDate:    policy.CreationDate,
 		ChangeDate:      policy.ChangeDate,
 		Name:            policy.Name,
+		IDPConfigID:     policy.IDPConfigID,
 		IDPConfigType:   model.IdpConfigType(policy.IDPConfigType),
 		IDPProviderType: model.IDPProviderType(policy.IDPProviderType),
 	}