TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: only remove idp links from users of own organisation (#5156)

Browse Source 
ensure linked users of the (instance) idp are only affected if they are part of the organisation where the idp is removed from the login policy
This commit is contained in:
Livio Spring
2023-02-03 08:56:19 +01:00
committed by GitHub
parent 1fa50c8074
commit 44a995c660
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/api/grpc/management/policy_login.go
View File

@@ -93,17 +93,22 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *mgmt_pb.AddIDPToL
} }
func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveIDPFromLoginPolicyRequest) (*mgmt_pb.RemoveIDPFromLoginPolicyResponse, error) { func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveIDPFromLoginPolicyRequest) (*mgmt_pb.RemoveIDPFromLoginPolicyResponse, error) {
orgID := authz.GetCtxData(ctx).OrgID
idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId) idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId)
if err != nil { if err != nil {
return nil, err return nil, err
} }
resourceOwnerQuery, err := query.NewIDPUserLinksResourceOwnerSearchQuery(orgID)
if err != nil {
return nil, err
}
userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{ userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery}, Queries: []query.SearchQuery{idpQuery, resourceOwnerQuery},
}, false) }, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }
objectDetails, err := s.command.RemoveIDPFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(userLinks.Links)...) objectDetails, err := s.command.RemoveIDPFromLoginPolicy(ctx, orgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(userLinks.Links)...)
if err != nil { if err != nil {
return nil, err return nil, err
} }