TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-27 18:40:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into next-rc

Browse Source
This commit is contained in:
Livio Spring 2024-05-08 10:03:29 +02:00
commit 39df94d2cc
No known key found for this signature in database
GPG Key ID: 26BB1C2FA5952CF0
6 changed files with 52 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
cmd/defaults.yaml
View File

@ -438,32 +438,25 @@ SystemDefaults:
# Passwords previously hashed with a different algorithm # Passwords previously hashed with a different algorithm
# or cost are automatically re-hashed using this config, # or cost are automatically re-hashed using this config,
# upon password validation or update. # upon password validation or update.
# Configure the Hasher config by environment variable using JSON notation:
# ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER='{"Algorithm":"pbkdf2","Rounds":290000,"Hash":"sha256"}'
Hasher: Hasher:
Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
# Depending on the algorithm, different configuration options take effect.
Algorithm: bcrypt
# Cost takes effect for the algorithms bcrypt and scrypt
Cost: 14 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST Cost: 14 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
# Time takes effect for the algorithms argon2i and argon2id
# Other supported Hasher configs: Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
# Memory takes effect for the algorithms argon2i and argon2id
# Hasher: Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
# Algorithm: "argon2i" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM # Threads takes effect for the algorithms argon2i and argon2id
# Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
# Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY # Rounds takes effect for the algorithm pbkdf2
# Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
# Hash takes effect for the algorithm pbkdf2
# Hasher: # Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
# Algorithm: "argon2id" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
# Time: 1 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
# Memory: 65536 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
# Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
# Hasher:
# Algorithm: "scrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Cost: 15 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
# Hasher:
# Algorithm: "pbkdf2" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
# Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
# Hash: "sha256" # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
# Verifiers enable the possibility of verifying # Verifiers enable the possibility of verifying
# passwords that are previously hashed using another # passwords that are previously hashed using another
@ -478,7 +471,7 @@ SystemDefaults:
# https://passlib.readthedocs.io/en/stable/modular_crypt_format.html # https://passlib.readthedocs.io/en/stable/modular_crypt_format.html
# #
# Supported verifiers: (uncomment to enable) # Supported verifiers: (uncomment to enable)
Verifiers: Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
# - "argon2" # verifier for both argon2i and argon2id. # - "argon2" # verifier for both argon2i and argon2id.
# - "bcrypt" # - "bcrypt"
# - "md5" # - "md5"
@ -486,11 +479,24 @@ SystemDefaults:
# - "pbkdf2" # verifier for all pbkdf2 hash modes. # - "pbkdf2" # verifier for all pbkdf2 hash modes.
SecretHasher: SecretHasher:
# Set hasher configuration for machine users, API and OIDC client secrets. # Set hasher configuration for machine users, API and OIDC client secrets.
# See PasswordHasher for all possible options
Hasher: Hasher:
Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ALGORITHM # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
# Depending on the algorithm, different configuration options take effect.
Algorithm: bcrypt
# Cost takes effect for the algorithms bcrypt and scrypt
Cost: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST Cost: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST
Verifiers: # Time takes effect for the algorithms argon2i and argon2id
Time: 3 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_TIME
# Memory takes effect for the algorithms argon2i and argon2id
Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_MEMORY
# Threads takes effect for the algorithms argon2i and argon2id
Threads: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_THREADS
# Rounds takes effect for the algorithm pbkdf2
Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ROUNDS
# Hash takes effect for the algorithm pbkdf2
# Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_HASH
Verifiers: # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_VERIFIERS
Multifactors: Multifactors:
OTP: OTP:
# If this is empty, the issuer is the requested domain # If this is empty, the issuer is the requested domain

2
docs/docs/guides/manage/console/default-settings.mdx
View File

@ -207,7 +207,7 @@ The following properties can be set:
- Has Uppercase - Has Uppercase
- Has Lowercase - Has Lowercase
- Has Number - Has Number
- Has Symbol - Has Symbol (Everything that is not a number or letter)
<img <img
src="/docs/img/guides/console/complexity.png" src="/docs/img/guides/console/complexity.png"

5
go.mod
View File

@ -1,9 +1,6 @@
module github.com/zitadel/zitadel module github.com/zitadel/zitadel
go 1.22 go 1.22.2
// https://go.dev/doc/toolchain
toolchain go1.22.2
require ( require (
cloud.google.com/go/storage v1.40.0 cloud.google.com/go/storage v1.40.0

2
internal/command/instance.go
View File

@ -389,7 +389,7 @@ func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation
return return
} }
*validations = append(*validations, *validations = append(*validations,
commands.prepareAddSMTPConfig( commands.prepareAddAndActivateSMTPConfig(
instanceAgg, instanceAgg,
smtpConfig.Description, smtpConfig.Description,
smtpConfig.From, smtpConfig.From,

7
internal/command/smtp.go
View File

@ -306,7 +306,7 @@ func (c *Commands) getSMTPConfig(ctx context.Context, instanceID, id, domain str
} }
// TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed // TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed
func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation { func (c *Commands) prepareAddAndActivateSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
return func() (preparation.CreateCommands, error) { return func() (preparation.CreateCommands, error) {
if from = strings.TrimSpace(from); from == "" { if from = strings.TrimSpace(from); from == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument") return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument")
@ -358,6 +358,11 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from
user, user,
smtpPassword, smtpPassword,
), ),
instance.NewSMTPConfigActivatedEvent(
ctx,
&a.Aggregate,
id,
),
}, nil }, nil
}, nil }, nil
} }

20
internal/repository/instance/smtp_config.go
View File

@ -4,7 +4,6 @@ import (
"context" "context"
"github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/internal/zerrors"
) )
@ -22,16 +21,15 @@ const (
type SMTPConfigAddedEvent struct { type SMTPConfigAddedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
ID string `json:"id,omitempty"` ID string `json:"id,omitempty"`
Description string `json:"description,omitempty"` Description string `json:"description,omitempty"`
SenderAddress string `json:"senderAddress,omitempty"` SenderAddress string `json:"senderAddress,omitempty"`
SenderName string `json:"senderName,omitempty"` SenderName string `json:"senderName,omitempty"`
ReplyToAddress string `json:"replyToAddress,omitempty"` ReplyToAddress string `json:"replyToAddress,omitempty"`
TLS bool `json:"tls,omitempty"` TLS bool `json:"tls,omitempty"`
Host string `json:"host,omitempty"` Host string `json:"host,omitempty"`
User string `json:"user,omitempty"` User string `json:"user,omitempty"`
Password *crypto.CryptoValue `json:"password,omitempty"` Password *crypto.CryptoValue `json:"password,omitempty"`
State domain.SMTPConfigState `json:"state,omitempty"`
} }
func NewSMTPConfigAddedEvent( func NewSMTPConfigAddedEvent(