TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-03 17:05:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into next-rc

Browse Source
This commit is contained in:
Livio Spring 2024-05-08 10:03:29 +02:00
commit 39df94d2cc
No known key found for this signature in database
GPG Key ID: 26BB1C2FA5952CF0
6 changed files with 52 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
cmd/defaults.yaml
View File

@ -438,32 +438,25 @@ SystemDefaults:
# Passwords previously hashed with a different algorithm
# or cost are automatically re-hashed using this config,
# upon password validation or update.
# Configure the Hasher config by environment variable using JSON notation:
# ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER='{"Algorithm":"pbkdf2","Rounds":290000,"Hash":"sha256"}'
Hasher:
Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
# Depending on the algorithm, different configuration options take effect.
Algorithm: bcrypt
# Cost takes effect for the algorithms bcrypt and scrypt
Cost: 14 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
# Other supported Hasher configs:
# Hasher:
# Algorithm: "argon2i" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
# Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
# Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
# Hasher:
# Algorithm: "argon2id" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Time: 1 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
# Memory: 65536 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
# Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
# Hasher:
# Algorithm: "scrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Cost: 15 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
# Hasher:
# Algorithm: "pbkdf2" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
# Hash: "sha256" # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
# Time takes effect for the algorithms argon2i and argon2id
Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
# Memory takes effect for the algorithms argon2i and argon2id
Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
# Threads takes effect for the algorithms argon2i and argon2id
Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
# Rounds takes effect for the algorithm pbkdf2
Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
# Hash takes effect for the algorithm pbkdf2
# Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
# Verifiers enable the possibility of verifying
# passwords that are previously hashed using another
@ -478,7 +471,7 @@ SystemDefaults:
# https://passlib.readthedocs.io/en/stable/modular_crypt_format.html
#
# Supported verifiers: (uncomment to enable)
Verifiers:
Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
# - "argon2" # verifier for both argon2i and argon2id.
# - "bcrypt"
# - "md5"
@ -486,11 +479,24 @@ SystemDefaults:
# - "pbkdf2" # verifier for all pbkdf2 hash modes.
SecretHasher:
# Set hasher configuration for machine users, API and OIDC client secrets.
# See PasswordHasher for all possible options
Hasher:
Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ALGORITHM
# Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
# Depending on the algorithm, different configuration options take effect.
Algorithm: bcrypt
# Cost takes effect for the algorithms bcrypt and scrypt
Cost: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST
Verifiers:
# Time takes effect for the algorithms argon2i and argon2id
Time: 3 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_TIME
# Memory takes effect for the algorithms argon2i and argon2id
Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_MEMORY
# Threads takes effect for the algorithms argon2i and argon2id
Threads: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_THREADS
# Rounds takes effect for the algorithm pbkdf2
Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ROUNDS
# Hash takes effect for the algorithm pbkdf2
# Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_HASH
Verifiers: # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_VERIFIERS
Multifactors:
OTP:
# If this is empty, the issuer is the requested domain

2
docs/docs/guides/manage/console/default-settings.mdx
View File

@ -207,7 +207,7 @@ The following properties can be set:
- Has Uppercase
- Has Lowercase
- Has Number
- Has Symbol
- Has Symbol (Everything that is not a number or letter)
<img
src="/docs/img/guides/console/complexity.png"

5
go.mod
View File

@ -1,9 +1,6 @@
module github.com/zitadel/zitadel
go 1.22
// https://go.dev/doc/toolchain
toolchain go1.22.2
go 1.22.2
require (
cloud.google.com/go/storage v1.40.0

2
internal/command/instance.go
View File

@ -389,7 +389,7 @@ func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation
return
}
*validations = append(*validations,
commands.prepareAddSMTPConfig(
commands.prepareAddAndActivateSMTPConfig(
instanceAgg,
smtpConfig.Description,
smtpConfig.From,

7
internal/command/smtp.go
View File

@ -306,7 +306,7 @@ func (c *Commands) getSMTPConfig(ctx context.Context, instanceID, id, domain str
}
// TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed
func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
func (c *Commands) prepareAddAndActivateSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if from = strings.TrimSpace(from); from == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument")
@ -358,6 +358,11 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from
user,
smtpPassword,
),
instance.NewSMTPConfigActivatedEvent(
ctx,
&a.Aggregate,
id,
),
}, nil
}, nil
}

20
internal/repository/instance/smtp_config.go
View File

@ -4,7 +4,6 @@ import (
"context"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/zerrors"
)
@ -22,16 +21,15 @@ const (
type SMTPConfigAddedEvent struct {
eventstore.BaseEvent `json:"-"`
ID string `json:"id,omitempty"`
Description string `json:"description,omitempty"`
SenderAddress string `json:"senderAddress,omitempty"`
SenderName string `json:"senderName,omitempty"`
ReplyToAddress string `json:"replyToAddress,omitempty"`
TLS bool `json:"tls,omitempty"`
Host string `json:"host,omitempty"`
User string `json:"user,omitempty"`
Password *crypto.CryptoValue `json:"password,omitempty"`
State domain.SMTPConfigState `json:"state,omitempty"`
ID string `json:"id,omitempty"`
Description string `json:"description,omitempty"`
SenderAddress string `json:"senderAddress,omitempty"`
SenderName string `json:"senderName,omitempty"`
ReplyToAddress string `json:"replyToAddress,omitempty"`
TLS bool `json:"tls,omitempty"`
Host string `json:"host,omitempty"`
User string `json:"user,omitempty"`
Password *crypto.CryptoValue `json:"password,omitempty"`
}
func NewSMTPConfigAddedEvent(