feat: add domain verification notification (#649)

* fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * feat: send email to users after domain claim * username * check origin on userinfo * update oidc pkg * fix: add migration 1.6 * change username * change username * remove unique email aggregate * change username in mgmt * search global user by login name * fix test * change user search in angular * fix tests * merge * userview in angular * fix merge * Update pkg/grpc/management/proto/management.proto Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/notification/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 03:57:32 +00:00 · 2020-08-27 17:18:23 +02:00
parent 3f714679d1
commit 34ec2508d3
73 changed files with 19105 additions and 17845 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -239,8 +239,11 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthR
 	if !user.IsEmailVerified {
 		steps = append(steps, &model.VerifyEMailStep{})
 	}
+	if user.UsernameChangeRequired {
+		steps = append(steps, &model.ChangeUsernameStep{})
+	}

-	if user.PasswordChangeRequired || !user.IsEmailVerified {
+	if user.PasswordChangeRequired || !user.IsEmailVerified || user.UsernameChangeRequired {
 		return steps, nil
 	}

--- a/internal/auth/repository/eventsourcing/eventstore/user.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user.go
@@ -220,6 +220,14 @@ func (repo *UserRepo) RemoveMyMfaOTP(ctx context.Context) error {
 	return repo.UserEvents.RemoveOTP(ctx, authz.GetCtxData(ctx).UserID)
 }

+func (repo *UserRepo) ChangeMyUsername(ctx context.Context, username string) error {
+	ctxData := authz.GetCtxData(ctx)
+	orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, ctxData.OrgID)
+	if err != nil {
+		return err
+	}
+	return repo.UserEvents.ChangeUsername(ctx, ctxData.UserID, username, orgPolicy)
+}
 func (repo *UserRepo) ResendInitVerificationMail(ctx context.Context, userID string) error {
 	_, err := repo.UserEvents.CreateInitializeUserCodeByID(ctx, userID)
 	return err
@@ -299,6 +307,15 @@ func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, li
 	return changes, nil
 }

+func (repo *UserRepo) ChangeUsername(ctx context.Context, userID, username string) error {
+	policyResourceOwner := authz.GetCtxData(ctx).OrgID
+	orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
+	if err != nil {
+		return err
+	}
+	return repo.UserEvents.ChangeUsername(ctx, userID, username, orgPolicy)
+}
+
 func checkIDs(ctx context.Context, obj es_models.ObjectRoot) error {
 	if obj.AggregateID != authz.GetCtxData(ctx).UserID {
 		return errors.ThrowPermissionDenied(nil, "EVENT-kFi9w", "object does not belong to user")
--- a/internal/auth/repository/eventsourcing/handler/user.go
+++ b/internal/auth/repository/eventsourcing/handler/user.go
@@ -83,7 +83,8 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 			return err
 		}
 		err = user.AppendEvent(event)
-	case es_model.DomainClaimed:
+	case es_model.DomainClaimed,
+		es_model.UserUserNameChanged:
 		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
--- a/internal/auth/repository/eventsourcing/handler/user_session.go
+++ b/internal/auth/repository/eventsourcing/handler/user_session.go
@@ -65,7 +65,9 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
 		es_model.MfaOtpRemoved,
 		es_model.UserProfileChanged,
 		es_model.UserLocked,
-		es_model.UserDeactivated:
+		es_model.UserDeactivated,
+		es_model.DomainClaimed,
+		es_model.UserUserNameChanged:
 		sessions, err := u.view.UserSessionsByUserID(event.AggregateID)
 		if err != nil {
 			return err
--- a/internal/auth/repository/eventsourcing/view/user.go
+++ b/internal/auth/repository/eventsourcing/view/user.go
@@ -35,8 +35,8 @@ func (v *View) SearchUsers(request *usr_model.UserSearchRequest) ([]*model.UserV
 	return view.SearchUsers(v.Db, userTable, request)
 }

-func (v *View) GetGlobalUserByEmail(email string) (*model.UserView, error) {
-	return view.GetGlobalUserByEmail(v.Db, userTable, email)
+func (v *View) GetGlobalUserByLoginName(email string) (*model.UserView, error) {
+	return view.GetGlobalUserByLoginName(v.Db, userTable, email)
 }

 func (v *View) IsUserUnique(userName, email string) (bool, error) {
--- a/internal/auth/repository/repository.go
+++ b/internal/auth/repository/repository.go
@@ -15,4 +15,5 @@ type Repository interface {
 	UserGrantRepository
 	PolicyRepository
 	OrgRepository
+	IAMRepository
 }
--- a/internal/auth/repository/user.go
+++ b/internal/auth/repository/user.go
@@ -21,9 +21,14 @@ type UserRepository interface {
 	VerifyEmail(ctx context.Context, userID, code string) error
 	ResendEmailVerificationMail(ctx context.Context, userID string) error

+	VerifyInitCode(ctx context.Context, userID, code, password string) error
+	ResendInitVerificationMail(ctx context.Context, userID string) error
+
 	AddMfaOTP(ctx context.Context, userID string) (*model.OTP, error)
 	VerifyMfaOTPSetup(ctx context.Context, userID, code string) error

+	ChangeUsername(ctx context.Context, userID, username string) error
+
 	SignOut(ctx context.Context, agentID string) error

 	UserByID(ctx context.Context, userID string) (*model.UserView, error)
@@ -56,5 +61,7 @@ type myUserRepo interface {
 	VerifyMyMfaOTPSetup(ctx context.Context, code string) error
 	RemoveMyMfaOTP(ctx context.Context) error

+	ChangeMyUsername(ctx context.Context, username string) error
+
 	MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool) (*model.UserChanges, error)
 }