TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: idp usage (#4571)

Browse Source 
* fix: send email verification instead of init code for idp users

* fix: select single idp of external only users

* fix: use single idp on login
This commit is contained in:
Livio Spring
2022-10-18 16:48:26 +02:00
committed by GitHub
parent e7bc887a47
commit 3270a94291
11 changed files with 172 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/api/ui/login/external_register_handler.go
View File

@@ -155,12 +155,17 @@ func (l *Login) registerExternalUser(w http.ResponseWriter, r *http.Request, aut
l.renderRegisterOption(w, r, authReq, err)
return
}
emailCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyEmailCode, l.userCodeAlg)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return
}
phoneCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyPhoneCode, l.userCodeAlg)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return
}
_, err = l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, user, externalIDP, nil, initCodeGenerator, phoneCodeGenerator)
_, err = l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, user, externalIDP, nil, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return
@@ -230,12 +235,17 @@ func (l *Login) handleExternalRegisterCheck(w http.ResponseWriter, r *http.Reque
l.renderRegisterOption(w, r, authReq, err)
return
}
emailCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyEmailCode, l.userCodeAlg)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return
}
phoneCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyPhoneCode, l.userCodeAlg)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return
}
_, err = l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, user, externalIDP, nil, initCodeGenerator, phoneCodeGenerator)
_, err = l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, user, externalIDP, nil, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator)
if err != nil {
l.renderRegisterOption(w, r, authReq, err)
return

8
internal/api/ui/login/login_handler.go
View File

@@ -95,6 +95,10 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
if singleIDPAllowed(authReq) {
l.handleIDP(w, r, authReq, authReq.AllowedExternalIDPs[0].IDPConfigID)
return
}
data := l.getUserData(r, authReq, "Login", errID, errMessage)
funcs := map[string]interface{}{
"hasUsernamePasswordLogin": func() bool {
@@ -109,3 +113,7 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
}
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLogin], data, funcs)
}
func singleIDPAllowed(authReq *domain.AuthRequest) bool {
return authReq != nil && authReq.LoginPolicy != nil && !authReq.LoginPolicy.AllowUsernamePassword && authReq.LoginPolicy.AllowExternalIDP && len(authReq.AllowedExternalIDPs) == 1
}

7
internal/api/ui/login/register_handler.go
View File

@@ -73,12 +73,17 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) {
l.renderRegister(w, r, authRequest, data, err)
return
}
emailCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyEmailCode, l.userCodeAlg)
if err != nil {
l.renderRegister(w, r, authRequest, data, err)
return
}
phoneCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyPhoneCode, l.userCodeAlg)
if err != nil {
l.renderRegister(w, r, authRequest, data, err)
return
}
user, err := l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, data.toHumanDomain(), nil, nil, initCodeGenerator, phoneCodeGenerator)
user, err := l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, data.toHumanDomain(), nil, nil, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator)
if err != nil {
l.renderRegister(w, r, authRequest, data, err)
return