mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 03:57:32 +00:00
feat: user query (#3075)
* user queries * user query * user query * user tests * remove old code * user metadata * cleanup * fix merge * cleanup * cleanup * fixes
This commit is contained in:
Livio Amstutz
@@ -8,7 +8,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
usr_model "github.com/caos/zitadel/internal/user/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
|
||||
obj_pb "github.com/caos/zitadel/pkg/grpc/object"
|
||||
)
|
||||
@@ -63,20 +63,19 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
|
||||
}
|
||||
|
||||
func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain string) ([]string, error) {
|
||||
users, err := s.users.SearchUsers(ctx, &usr_model.UserSearchRequest{
|
||||
Queries: []*usr_model.UserSearchQuery{
|
||||
{
|
||||
Key: usr_model.UserSearchKeyPreferredLoginName,
|
||||
Method: domain.SearchMethodEndsWithIgnoreCase,
|
||||
Value: "@" + orgDomain,
|
||||
},
|
||||
},
|
||||
})
|
||||
loginName, err := query.NewUserPreferredLoginNameSearchQuery("@"+orgDomain, query.TextEndsWithIgnoreCase)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userIDs := make([]string, len(users.Result))
|
||||
for i, user := range users.Result {
|
||||
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userIDs := make([]string, len(users.Users))
|
||||
for i, user := range users.Users {
|
||||
userIDs[i] = user.ID
|
||||
}
|
||||
return userIDs, nil
|
||||
|
||||
@@ -24,8 +24,6 @@ type Server struct {
|
||||
query *query.Queries
|
||||
iam repository.IAMRepository
|
||||
administrator repository.AdministratorRepository
|
||||
repo repository.Repository
|
||||
users repository.UserRepository
|
||||
iamDomain string
|
||||
assetsAPIDomain string
|
||||
}
|
||||
@@ -40,8 +38,6 @@ func CreateServer(command *command.Commands, query *query.Queries, repo reposito
|
||||
query: query,
|
||||
iam: repo,
|
||||
administrator: repo,
|
||||
repo: repo,
|
||||
users: repo,
|
||||
iamDomain: iamDomain,
|
||||
assetsAPIDomain: assetsAPIDomain,
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetMyEmail(ctx context.Context, _ *auth_pb.GetMyEmailRequest) (*auth_pb.GetMyEmailResponse, error) {
|
||||
email, err := s.repo.MyEmail(ctx)
|
||||
email, err := s.query.GetHumanEmail(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/metadata"
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
|
||||
@@ -18,12 +19,18 @@ func BulkSetMetadataToDomain(req *auth.BulkSetMyMetadataRequest) []*domain.Metad
|
||||
return metadata
|
||||
}
|
||||
|
||||
func ListUserMetadataToDomain(req *auth.ListMyMetadataRequest) *domain.MetadataSearchRequest {
|
||||
func ListUserMetadataToQuery(req *auth.ListMyMetadataRequest) (*query.UserMetadataSearchQueries, error) {
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
return &domain.MetadataSearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
Queries: metadata.MetadataQueriesToModel(req.Queries),
|
||||
queries, err := metadata.MetadataQueriesToQuery(req.Queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.UserMetadataSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetMyPhone(ctx context.Context, _ *auth_pb.GetMyPhoneRequest) (*auth_pb.GetMyPhoneResponse, error) {
|
||||
phone, err := s.repo.MyPhone(ctx)
|
||||
phone, err := s.query.GetHumanPhone(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -3,18 +3,19 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
|
||||
func (s *Server) GetMyProfile(ctx context.Context, req *auth_pb.GetMyProfileRequest) (*auth_pb.GetMyProfileResponse, error) {
|
||||
profile, err := s.repo.MyProfile(ctx)
|
||||
profile, err := s.query.GetHumanProfile(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.GetMyProfileResponse{
|
||||
Profile: user_grpc.ProfileToPb(profile),
|
||||
Profile: user_grpc.ProfileToPb(profile, s.assetsAPIDomain),
|
||||
Details: object_grpc.ToViewDetailsPb(
|
||||
profile.Sequence,
|
||||
profile.CreationDate,
|
||||
|
||||
@@ -21,22 +21,24 @@ const (
|
||||
|
||||
type Server struct {
|
||||
auth.UnimplementedAuthServiceServer
|
||||
command *command.Commands
|
||||
query *query.Queries
|
||||
repo repository.Repository
|
||||
defaults systemdefaults.SystemDefaults
|
||||
command *command.Commands
|
||||
query *query.Queries
|
||||
repo repository.Repository
|
||||
defaults systemdefaults.SystemDefaults
|
||||
assetsAPIDomain string
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
Repository eventsourcing.Config
|
||||
}
|
||||
|
||||
func CreateServer(command *command.Commands, query *query.Queries, authRepo repository.Repository, defaults systemdefaults.SystemDefaults) *Server {
|
||||
func CreateServer(command *command.Commands, query *query.Queries, authRepo repository.Repository, defaults systemdefaults.SystemDefaults, assetsAPIDomain string) *Server {
|
||||
return &Server{
|
||||
command: command,
|
||||
query: query,
|
||||
repo: authRepo,
|
||||
defaults: defaults,
|
||||
command: command,
|
||||
query: query,
|
||||
repo: authRepo,
|
||||
defaults: defaults,
|
||||
assetsAPIDomain: assetsAPIDomain,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -17,11 +17,11 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*auth_pb.GetMyUserResponse, error) {
|
||||
user, err := s.repo.MyUser(ctx)
|
||||
user, err := s.query.GetUserByID(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.GetMyUserResponse{User: user_grpc.UserToPb(user)}, nil
|
||||
return &auth_pb.GetMyUserResponse{User: user_grpc.UserToPb(user, s.assetsAPIDomain)}, nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserRequest) (*auth_pb.RemoveMyUserResponse, error) {
|
||||
@@ -66,14 +66,18 @@ func (s *Server) ListMyUserChanges(ctx context.Context, req *auth_pb.ListMyUserC
|
||||
}
|
||||
|
||||
func (s *Server) ListMyMetadata(ctx context.Context, req *auth_pb.ListMyMetadataRequest) (*auth_pb.ListMyMetadataResponse, error) {
|
||||
res, err := s.repo.SearchMyMetadata(ctx, ListUserMetadataToDomain(req))
|
||||
queries, err := ListUserMetadataToQuery(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.query.SearchUserMetadata(ctx, authz.GetCtxData(ctx).UserID, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyMetadataResponse{
|
||||
Result: metadata.MetadataListToPb(res.Result),
|
||||
Result: metadata.MetadataListToPb(res.Metadata),
|
||||
Details: obj_grpc.ToListDetails(
|
||||
res.TotalResult,
|
||||
res.Count,
|
||||
res.Sequence,
|
||||
res.Timestamp,
|
||||
),
|
||||
@@ -81,7 +85,7 @@ func (s *Server) ListMyMetadata(ctx context.Context, req *auth_pb.ListMyMetadata
|
||||
}
|
||||
|
||||
func (s *Server) GetMyMetadata(ctx context.Context, req *auth_pb.GetMyMetadataRequest) (*auth_pb.GetMyMetadataResponse, error) {
|
||||
data, err := s.repo.GetMyMetadataByKey(ctx, req.Key)
|
||||
data, err := s.query.GetUserMetadataByKey(ctx, authz.GetCtxData(ctx).UserID, req.Key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
usr_model "github.com/caos/zitadel/internal/user/model"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
@@ -276,29 +275,25 @@ func (s *Server) RemoveOrgMember(ctx context.Context, req *mgmt_pb.RemoveOrgMemb
|
||||
}
|
||||
|
||||
func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, orgID string) ([]string, error) {
|
||||
queries := []*usr_model.UserSearchQuery{
|
||||
{
|
||||
Key: usr_model.UserSearchKeyPreferredLoginName,
|
||||
Method: domain.SearchMethodEndsWithIgnoreCase,
|
||||
Value: "@" + orgDomain,
|
||||
},
|
||||
}
|
||||
if orgID != "" {
|
||||
queries = append(queries,
|
||||
&usr_model.UserSearchQuery{
|
||||
Key: usr_model.UserSearchKeyResourceOwner,
|
||||
Method: domain.SearchMethodNotEquals,
|
||||
Value: orgID,
|
||||
})
|
||||
}
|
||||
users, err := s.user.SearchUsers(ctx, &usr_model.UserSearchRequest{
|
||||
Queries: queries,
|
||||
}, false)
|
||||
queries := make([]query.SearchQuery, 0, 2)
|
||||
loginName, err := query.NewUserPreferredLoginNameSearchQuery("@"+orgDomain, query.TextEndsWithIgnoreCase)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userIDs := make([]string, len(users.Result))
|
||||
for i, user := range users.Result {
|
||||
queries = append(queries, loginName)
|
||||
if orgID != "" {
|
||||
owner, err := query.NewUserResourceOwnerSearchQuery(orgID, query.TextNotEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries = append(queries, owner)
|
||||
}
|
||||
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userIDs := make([]string, len(users.Users))
|
||||
for i, user := range users.Users {
|
||||
userIDs[i] = user.ID
|
||||
}
|
||||
return userIDs, nil
|
||||
|
||||
@@ -27,7 +27,6 @@ type Server struct {
|
||||
org repository.OrgRepository
|
||||
user repository.UserRepository
|
||||
iam repository.IamRepository
|
||||
authZ authz.Config
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
assetAPIPrefix string
|
||||
}
|
||||
|
||||
@@ -18,35 +18,51 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetUserByID(ctx context.Context, req *mgmt_pb.GetUserByIDRequest) (*mgmt_pb.GetUserByIDResponse, error) {
|
||||
user, err := s.user.UserByIDAndResourceOwner(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
|
||||
owner, err := query.NewUserResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID, query.TextEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
user, err := s.query.GetUserByID(ctx, req.Id, owner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.GetUserByIDResponse{
|
||||
User: user_grpc.UserToPb(user),
|
||||
User: user_grpc.UserToPb(user, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetUserByLoginNameGlobalRequest) (*mgmt_pb.GetUserByLoginNameGlobalResponse, error) {
|
||||
user, err := s.user.GetUserByLoginNameGlobal(ctx, req.LoginName)
|
||||
loginName, err := query.NewUserPreferredLoginNameSearchQuery(req.LoginName, query.TextEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
user, err := s.query.GetUser(ctx, loginName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.GetUserByLoginNameGlobalResponse{
|
||||
User: user_grpc.UserToPb(user),
|
||||
User: user_grpc.UserToPb(user, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (*mgmt_pb.ListUsersResponse, error) {
|
||||
r := ListUsersRequestToModel(ctx, req)
|
||||
res, err := s.user.SearchUsers(ctx, r, true)
|
||||
queries, err := ListUsersRequestToModel(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.query.SearchUsers(ctx, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListUsersResponse{
|
||||
Result: user_grpc.UsersToPb(res.Result),
|
||||
Result: user_grpc.UsersToPb(res.Users, s.assetAPIPrefix),
|
||||
Details: obj_grpc.ToListDetails(
|
||||
res.TotalResult,
|
||||
res.Count,
|
||||
res.Sequence,
|
||||
res.Timestamp,
|
||||
),
|
||||
@@ -77,7 +93,7 @@ func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequ
|
||||
if !policy.UserLoginMustBeDomain {
|
||||
orgID = ""
|
||||
}
|
||||
unique, err := s.user.IsUserUnique(ctx, req.UserName, req.Email, orgID)
|
||||
unique, err := s.query.IsUserUnique(ctx, req.UserName, req.Email, orgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -87,14 +103,22 @@ func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequ
|
||||
}
|
||||
|
||||
func (s *Server) ListUserMetadata(ctx context.Context, req *mgmt_pb.ListUserMetadataRequest) (*mgmt_pb.ListUserMetadataResponse, error) {
|
||||
res, err := s.user.SearchMetadata(ctx, req.Id, authz.GetCtxData(ctx).OrgID, ListUserMetadataToDomain(req))
|
||||
metadataQueries, err := ListUserMetadataToDomain(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = metadataQueries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.query.SearchUserMetadata(ctx, req.Id, metadataQueries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListUserMetadataResponse{
|
||||
Result: metadata.MetadataListToPb(res.Result),
|
||||
Result: metadata.MetadataListToPb(res.Metadata),
|
||||
Details: obj_grpc.ToListDetails(
|
||||
res.TotalResult,
|
||||
res.Count,
|
||||
res.Sequence,
|
||||
res.Timestamp,
|
||||
),
|
||||
@@ -102,7 +126,11 @@ func (s *Server) ListUserMetadata(ctx context.Context, req *mgmt_pb.ListUserMeta
|
||||
}
|
||||
|
||||
func (s *Server) GetUserMetadata(ctx context.Context, req *mgmt_pb.GetUserMetadataRequest) (*mgmt_pb.GetUserMetadataResponse, error) {
|
||||
data, err := s.user.GetMetadataByKey(ctx, req.Id, authz.GetCtxData(ctx).OrgID, req.Key)
|
||||
owner, err := query.NewUserMetadataResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
data, err := s.query.GetUserMetadataByKey(ctx, req.Id, req.Key, owner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -302,12 +330,16 @@ func (s *Server) UpdateUserName(ctx context.Context, req *mgmt_pb.UpdateUserName
|
||||
}
|
||||
|
||||
func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfileRequest) (*mgmt_pb.GetHumanProfileResponse, error) {
|
||||
profile, err := s.user.ProfileByID(ctx, req.UserId)
|
||||
owner, err := query.NewUserResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID, query.TextEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
profile, err := s.query.GetHumanProfile(ctx, req.UserId, owner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.GetHumanProfileResponse{
|
||||
Profile: user_grpc.ProfileToPb(profile),
|
||||
Profile: user_grpc.ProfileToPb(profile, s.assetAPIPrefix),
|
||||
Details: obj_grpc.ToViewDetailsPb(
|
||||
profile.Sequence,
|
||||
profile.CreationDate,
|
||||
@@ -332,7 +364,11 @@ func (s *Server) UpdateHumanProfile(ctx context.Context, req *mgmt_pb.UpdateHuma
|
||||
}
|
||||
|
||||
func (s *Server) GetHumanEmail(ctx context.Context, req *mgmt_pb.GetHumanEmailRequest) (*mgmt_pb.GetHumanEmailResponse, error) {
|
||||
email, err := s.user.EmailByID(ctx, req.UserId)
|
||||
owner, err := query.NewUserResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID, query.TextEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
email, err := s.query.GetHumanEmail(ctx, req.UserId, owner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -382,7 +418,11 @@ func (s *Server) ResendHumanEmailVerification(ctx context.Context, req *mgmt_pb.
|
||||
}
|
||||
|
||||
func (s *Server) GetHumanPhone(ctx context.Context, req *mgmt_pb.GetHumanPhoneRequest) (*mgmt_pb.GetHumanPhoneResponse, error) {
|
||||
phone, err := s.user.PhoneByID(ctx, req.UserId)
|
||||
owner, err := query.NewUserResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID, query.TextEquals)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
phone, err := s.query.GetHumanPhone(ctx, req.UserId, owner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -514,7 +554,7 @@ func (s *Server) RemoveHumanAuthFactorU2F(ctx context.Context, req *mgmt_pb.Remo
|
||||
func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHumanPasswordlessRequest) (*mgmt_pb.ListHumanPasswordlessResponse, error) {
|
||||
query := new(query.UserAuthMethodSearchQueries)
|
||||
err := query.AppendUserIDQuery(req.UserId)
|
||||
if err != nil {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = query.AppendAuthMethodQuery(domain.UserAuthMethodTypePasswordless)
|
||||
|
||||
@@ -17,25 +17,22 @@ import (
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
user_pb "github.com/caos/zitadel/pkg/grpc/user"
|
||||
)
|
||||
|
||||
func ListUsersRequestToModel(ctx context.Context, req *mgmt_pb.ListUsersRequest) *user_model.UserSearchRequest {
|
||||
func ListUsersRequestToModel(req *mgmt_pb.ListUsersRequest) (*query.UserSearchQueries, error) {
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
req.Queries = append(req.Queries, &user_pb.SearchQuery{
|
||||
Query: &user_pb.SearchQuery_ResourceOwner{
|
||||
ResourceOwner: &user_pb.ResourceOwnerQuery{
|
||||
OrgID: authz.GetCtxData(ctx).OrgID,
|
||||
},
|
||||
},
|
||||
})
|
||||
|
||||
return &user_model.UserSearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
Queries: user_grpc.UserQueriesToModel(req.Queries),
|
||||
queries, err := user_grpc.UserQueriesToQuery(req.Queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.UserSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func BulkSetMetadataToDomain(req *mgmt_pb.BulkSetUserMetadataRequest) []*domain.Metadata {
|
||||
@@ -49,14 +46,20 @@ func BulkSetMetadataToDomain(req *mgmt_pb.BulkSetUserMetadataRequest) []*domain.
|
||||
return metadata
|
||||
}
|
||||
|
||||
func ListUserMetadataToDomain(req *mgmt_pb.ListUserMetadataRequest) *domain.MetadataSearchRequest {
|
||||
func ListUserMetadataToDomain(req *mgmt_pb.ListUserMetadataRequest) (*query.UserMetadataSearchQueries, error) {
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
return &domain.MetadataSearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
Queries: metadata.MetadataQueriesToModel(req.Queries),
|
||||
queries, err := metadata.MetadataQueriesToQuery(req.Queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.UserMetadataSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func AddHumanUserRequestToDomain(req *mgmt_pb.AddHumanUserRequest) *domain.Human {
|
||||
|
||||
@@ -2,11 +2,12 @@ package metadata
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
meta_pb "github.com/caos/zitadel/pkg/grpc/metadata"
|
||||
)
|
||||
|
||||
func MetadataListToPb(dataList []*domain.Metadata) []*meta_pb.Metadata {
|
||||
func MetadataListToPb(dataList []*query.UserMetadata) []*meta_pb.Metadata {
|
||||
mds := make([]*meta_pb.Metadata, len(dataList))
|
||||
for i, data := range dataList {
|
||||
mds[i] = DomainMetadataToPb(data)
|
||||
@@ -14,7 +15,7 @@ func MetadataListToPb(dataList []*domain.Metadata) []*meta_pb.Metadata {
|
||||
return mds
|
||||
}
|
||||
|
||||
func DomainMetadataToPb(data *domain.Metadata) *meta_pb.Metadata {
|
||||
func DomainMetadataToPb(data *query.UserMetadata) *meta_pb.Metadata {
|
||||
return &meta_pb.Metadata{
|
||||
Key: data.Key,
|
||||
Value: data.Value,
|
||||
@@ -27,27 +28,26 @@ func DomainMetadataToPb(data *domain.Metadata) *meta_pb.Metadata {
|
||||
}
|
||||
}
|
||||
|
||||
func MetadataQueriesToModel(queries []*meta_pb.MetadataQuery) []*domain.MetadataSearchQuery {
|
||||
q := make([]*domain.MetadataSearchQuery, len(queries))
|
||||
func MetadataQueriesToQuery(queries []*meta_pb.MetadataQuery) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
q[i] = MetadataQueryToModel(query)
|
||||
q[i], err = MetadataQueryToQuery(query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return q
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func MetadataQueryToModel(query *meta_pb.MetadataQuery) *domain.MetadataSearchQuery {
|
||||
func MetadataQueryToQuery(query *meta_pb.MetadataQuery) (query.SearchQuery, error) {
|
||||
switch q := query.Query.(type) {
|
||||
case *meta_pb.MetadataQuery_KeyQuery:
|
||||
return MetadataKeyQueryToModel(q.KeyQuery)
|
||||
return MetadataKeyQueryToQuery(q.KeyQuery)
|
||||
default:
|
||||
return nil
|
||||
return nil, errors.ThrowInvalidArgument(nil, "METAD-fdg23", "List.Query.Invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func MetadataKeyQueryToModel(q *meta_pb.MetadataKeyQuery) *domain.MetadataSearchQuery {
|
||||
return &domain.MetadataSearchQuery{
|
||||
Key: domain.MetadataSearchKeyKey,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.Key,
|
||||
}
|
||||
func MetadataKeyQueryToQuery(q *meta_pb.MetadataKeyQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserMetadataKeySearchQuery(q.Key, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
@@ -5,26 +5,25 @@ import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/internal/user/model"
|
||||
usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
user_pb "github.com/caos/zitadel/pkg/grpc/user"
|
||||
)
|
||||
|
||||
func UsersToPb(users []*model.UserView) []*user_pb.User {
|
||||
func UsersToPb(users []*query.User, assetPrefix string) []*user_pb.User {
|
||||
u := make([]*user_pb.User, len(users))
|
||||
for i, user := range users {
|
||||
u[i] = UserToPb(user)
|
||||
u[i] = UserToPb(user, assetPrefix)
|
||||
}
|
||||
return u
|
||||
}
|
||||
func UserToPb(user *model.UserView) *user_pb.User {
|
||||
func UserToPb(user *query.User, assetPrefix string) *user_pb.User {
|
||||
return &user_pb.User{
|
||||
Id: user.ID,
|
||||
State: ModelUserStateToPb(user.State),
|
||||
UserName: user.UserName,
|
||||
State: UserStateToPb(user.State),
|
||||
UserName: user.Username,
|
||||
LoginNames: user.LoginNames,
|
||||
PreferredLoginName: user.PreferredLoginName,
|
||||
Type: UserTypeToPb(user),
|
||||
Type: UserTypeToPb(user, assetPrefix),
|
||||
Details: object.ToViewDetailsPb(
|
||||
user.Sequence,
|
||||
user.CreationDate,
|
||||
@@ -34,30 +33,30 @@ func UserToPb(user *model.UserView) *user_pb.User {
|
||||
}
|
||||
}
|
||||
|
||||
func UserTypeToPb(user *model.UserView) user_pb.UserType {
|
||||
if user.HumanView != nil {
|
||||
func UserTypeToPb(user *query.User, assetPrefix string) user_pb.UserType {
|
||||
if user.Human != nil {
|
||||
return &user_pb.User_Human{
|
||||
Human: HumanToPb(user.HumanView),
|
||||
Human: HumanToPb(user.Human, assetPrefix, user.ResourceOwner),
|
||||
}
|
||||
}
|
||||
if user.MachineView != nil {
|
||||
if user.Machine != nil {
|
||||
return &user_pb.User_Machine{
|
||||
Machine: MachineToPb(user.MachineView),
|
||||
Machine: MachineToPb(user.Machine),
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func HumanToPb(view *model.HumanView) *user_pb.Human {
|
||||
func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
|
||||
return &user_pb.Human{
|
||||
Profile: &user_pb.Profile{
|
||||
FirstName: view.FirstName,
|
||||
LastName: view.LastName,
|
||||
NickName: view.NickName,
|
||||
DisplayName: view.DisplayName,
|
||||
PreferredLanguage: view.PreferredLanguage,
|
||||
PreferredLanguage: view.PreferredLanguage.String(),
|
||||
Gender: GenderToPb(view.Gender),
|
||||
AvatarUrl: view.AvatarURL,
|
||||
AvatarUrl: domain.AvatarURL(assetPrefix, owner, view.AvatarKey),
|
||||
},
|
||||
Email: &user_pb.Email{
|
||||
Email: view.Email,
|
||||
@@ -70,14 +69,14 @@ func HumanToPb(view *model.HumanView) *user_pb.Human {
|
||||
}
|
||||
}
|
||||
|
||||
func MachineToPb(view *model.MachineView) *user_pb.Machine {
|
||||
func MachineToPb(view *query.Machine) *user_pb.Machine {
|
||||
return &user_pb.Machine{
|
||||
Name: view.Name,
|
||||
Description: view.Description,
|
||||
}
|
||||
}
|
||||
|
||||
func ProfileToPb(profile *model.Profile) *user_pb.Profile {
|
||||
func ProfileToPb(profile *query.Profile, assetPrefix string) *user_pb.Profile {
|
||||
return &user_pb.Profile{
|
||||
FirstName: profile.FirstName,
|
||||
LastName: profile.LastName,
|
||||
@@ -85,35 +84,35 @@ func ProfileToPb(profile *model.Profile) *user_pb.Profile {
|
||||
DisplayName: profile.DisplayName,
|
||||
PreferredLanguage: profile.PreferredLanguage.String(),
|
||||
Gender: GenderToPb(profile.Gender),
|
||||
AvatarUrl: profile.AvatarURL,
|
||||
AvatarUrl: domain.AvatarURL(assetPrefix, profile.ResourceOwner, profile.AvatarKey),
|
||||
}
|
||||
}
|
||||
|
||||
func EmailToPb(email *model.Email) *user_pb.Email {
|
||||
func EmailToPb(email *query.Email) *user_pb.Email {
|
||||
return &user_pb.Email{
|
||||
Email: email.EmailAddress,
|
||||
IsEmailVerified: email.IsEmailVerified,
|
||||
Email: email.Email,
|
||||
IsEmailVerified: email.IsVerified,
|
||||
}
|
||||
}
|
||||
|
||||
func PhoneToPb(phone *model.Phone) *user_pb.Phone {
|
||||
func PhoneToPb(phone *query.Phone) *user_pb.Phone {
|
||||
return &user_pb.Phone{
|
||||
Phone: phone.PhoneNumber,
|
||||
IsPhoneVerified: phone.IsPhoneVerified,
|
||||
Phone: phone.Phone,
|
||||
IsPhoneVerified: phone.IsVerified,
|
||||
}
|
||||
}
|
||||
|
||||
func ModelEmailToPb(email *model.Email) *user_pb.Email {
|
||||
func ModelEmailToPb(email *query.Email) *user_pb.Email {
|
||||
return &user_pb.Email{
|
||||
Email: email.EmailAddress,
|
||||
IsEmailVerified: email.IsEmailVerified,
|
||||
Email: email.Email,
|
||||
IsEmailVerified: email.IsVerified,
|
||||
}
|
||||
}
|
||||
|
||||
func ModelPhoneToPb(phone *model.Phone) *user_pb.Phone {
|
||||
func ModelPhoneToPb(phone *query.Phone) *user_pb.Phone {
|
||||
return &user_pb.Phone{
|
||||
Phone: phone.PhoneNumber,
|
||||
IsPhoneVerified: phone.IsPhoneVerified,
|
||||
Phone: phone.Phone,
|
||||
IsPhoneVerified: phone.IsVerified,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -130,19 +129,19 @@ func GenderToDomain(gender user_pb.Gender) domain.Gender {
|
||||
}
|
||||
}
|
||||
|
||||
func ModelUserStateToPb(state model.UserState) user_pb.UserState {
|
||||
func UserStateToPb(state domain.UserState) user_pb.UserState {
|
||||
switch state {
|
||||
case model.UserStateActive:
|
||||
case domain.UserStateActive:
|
||||
return user_pb.UserState_USER_STATE_ACTIVE
|
||||
case model.UserStateInactive:
|
||||
case domain.UserStateInactive:
|
||||
return user_pb.UserState_USER_STATE_INACTIVE
|
||||
case model.UserStateDeleted:
|
||||
case domain.UserStateDeleted:
|
||||
return user_pb.UserState_USER_STATE_DELETED
|
||||
case model.UserStateInitial:
|
||||
case domain.UserStateInitial:
|
||||
return user_pb.UserState_USER_STATE_INITIAL
|
||||
case model.UserStateLocked:
|
||||
case domain.UserStateLocked:
|
||||
return user_pb.UserState_USER_STATE_LOCKED
|
||||
case model.UserStateSuspend:
|
||||
case domain.UserStateSuspend:
|
||||
return user_pb.UserState_USER_STATE_SUSPEND
|
||||
default:
|
||||
return user_pb.UserState_USER_STATE_UNSPECIFIED
|
||||
@@ -160,13 +159,13 @@ func ModelUserGrantStateToPb(state usr_grant_model.UserGrantState) user_pb.UserG
|
||||
}
|
||||
}
|
||||
|
||||
func GenderToPb(gender model.Gender) user_pb.Gender {
|
||||
func GenderToPb(gender domain.Gender) user_pb.Gender {
|
||||
switch gender {
|
||||
case model.GenderDiverse:
|
||||
case domain.GenderDiverse:
|
||||
return user_pb.Gender_GENDER_DIVERSE
|
||||
case model.GenderFemale:
|
||||
case domain.GenderFemale:
|
||||
return user_pb.Gender_GENDER_FEMALE
|
||||
case model.GenderMale:
|
||||
case domain.GenderMale:
|
||||
return user_pb.Gender_GENDER_MALE
|
||||
default:
|
||||
return user_pb.Gender_GENDER_UNSPECIFIED
|
||||
|
||||
@@ -2,123 +2,79 @@ package user
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
user_pb "github.com/caos/zitadel/pkg/grpc/user"
|
||||
)
|
||||
|
||||
func UserQueriesToModel(queries []*user_pb.SearchQuery) []*user_model.UserSearchQuery {
|
||||
q := make([]*user_model.UserSearchQuery, len(queries))
|
||||
func UserQueriesToQuery(queries []*user_pb.SearchQuery) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
q[i] = UserQueryToModel(query)
|
||||
q[i], err = UserQueryToQuery(query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return q
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func UserQueryToModel(query *user_pb.SearchQuery) *user_model.UserSearchQuery {
|
||||
func UserQueryToQuery(query *user_pb.SearchQuery) (query.SearchQuery, error) {
|
||||
switch q := query.Query.(type) {
|
||||
case *user_pb.SearchQuery_UserNameQuery:
|
||||
return UserNameQueryToModel(q.UserNameQuery)
|
||||
return UserNameQueryToQuery(q.UserNameQuery)
|
||||
case *user_pb.SearchQuery_FirstNameQuery:
|
||||
return FirstNameQueryToModel(q.FirstNameQuery)
|
||||
return FirstNameQueryToQuery(q.FirstNameQuery)
|
||||
case *user_pb.SearchQuery_LastNameQuery:
|
||||
return LastNameQueryToModel(q.LastNameQuery)
|
||||
return LastNameQueryToQuery(q.LastNameQuery)
|
||||
case *user_pb.SearchQuery_NickNameQuery:
|
||||
return NickNameQueryToModel(q.NickNameQuery)
|
||||
return NickNameQueryToQuery(q.NickNameQuery)
|
||||
case *user_pb.SearchQuery_DisplayNameQuery:
|
||||
return DisplayNameQueryToModel(q.DisplayNameQuery)
|
||||
return DisplayNameQueryToQuery(q.DisplayNameQuery)
|
||||
case *user_pb.SearchQuery_EmailQuery:
|
||||
return EmailQueryToModel(q.EmailQuery)
|
||||
return EmailQueryToQuery(q.EmailQuery)
|
||||
case *user_pb.SearchQuery_StateQuery:
|
||||
return StateQueryToModel(q.StateQuery)
|
||||
return StateQueryToQuery(q.StateQuery)
|
||||
case *user_pb.SearchQuery_TypeQuery:
|
||||
return TypeQueryToModel(q.TypeQuery)
|
||||
return TypeQueryToQuery(q.TypeQuery)
|
||||
case *user_pb.SearchQuery_ResourceOwner:
|
||||
return ResourceOwnerQueryToModel(q.ResourceOwner)
|
||||
return ResourceOwnerQueryToQuery(q.ResourceOwner)
|
||||
default:
|
||||
return nil
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-vR9nC", "List.Query.Invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func UserNameQueryToModel(q *user_pb.UserNameQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyUserName,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.UserName,
|
||||
}
|
||||
func UserNameQueryToQuery(q *user_pb.UserNameQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserUsernameSearchQuery(q.UserName, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func FirstNameQueryToModel(q *user_pb.FirstNameQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyFirstName,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.FirstName,
|
||||
}
|
||||
func FirstNameQueryToQuery(q *user_pb.FirstNameQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserFirstNameSearchQuery(q.FirstName, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func LastNameQueryToModel(q *user_pb.LastNameQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyLastName,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.LastName,
|
||||
}
|
||||
func LastNameQueryToQuery(q *user_pb.LastNameQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserLastNameSearchQuery(q.LastName, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func NickNameQueryToModel(q *user_pb.NickNameQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyNickName,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.NickName,
|
||||
}
|
||||
func NickNameQueryToQuery(q *user_pb.NickNameQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserNickNameSearchQuery(q.NickName, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func DisplayNameQueryToModel(q *user_pb.DisplayNameQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyDisplayName,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.DisplayName,
|
||||
}
|
||||
func DisplayNameQueryToQuery(q *user_pb.DisplayNameQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserDisplayNameSearchQuery(q.DisplayName, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func EmailQueryToModel(q *user_pb.EmailQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyEmail,
|
||||
Method: object.TextMethodToModel(q.Method),
|
||||
Value: q.EmailAddress,
|
||||
}
|
||||
func EmailQueryToQuery(q *user_pb.EmailQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserEmailSearchQuery(q.EmailAddress, object.TextMethodToQuery(q.Method))
|
||||
}
|
||||
|
||||
func StateQueryToModel(q *user_pb.StateQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyState,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: q.State,
|
||||
}
|
||||
func StateQueryToQuery(q *user_pb.StateQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserStateSearchQuery(int32(q.State))
|
||||
}
|
||||
|
||||
func TypeQueryToModel(q *user_pb.TypeQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyType,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: UserTypeToModel(q.Type),
|
||||
}
|
||||
func TypeQueryToQuery(q *user_pb.TypeQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserTypeSearchQuery(int32(q.Type))
|
||||
}
|
||||
|
||||
func UserTypeToModel(t user_pb.Type) string {
|
||||
switch t {
|
||||
case user_pb.Type_TYPE_HUMAN:
|
||||
return "human"
|
||||
case user_pb.Type_TYPE_MACHINE:
|
||||
return "machine"
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
||||
|
||||
func ResourceOwnerQueryToModel(q *user_pb.ResourceOwnerQuery) *user_model.UserSearchQuery {
|
||||
return &user_model.UserSearchQuery{
|
||||
Key: user_model.UserSearchKeyResourceOwner,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: q.OrgID,
|
||||
}
|
||||
func ResourceOwnerQueryToQuery(q *user_pb.ResourceOwnerQuery) (query.SearchQuery, error) {
|
||||
return query.NewUserResourceOwnerSearchQuery(q.OrgID, query.TextEquals)
|
||||
}
|
||||
|
||||
@@ -7,7 +7,6 @@ import (
|
||||
|
||||
"github.com/caos/oidc/pkg/oidc"
|
||||
"github.com/caos/oidc/pkg/op"
|
||||
"golang.org/x/text/language"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
@@ -81,7 +80,7 @@ func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer strin
|
||||
}
|
||||
|
||||
func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string, scopes []string) ([]string, error) {
|
||||
user, err := o.repo.UserByID(ctx, subject)
|
||||
user, err := o.query.GetUserByID(ctx, subject)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -176,7 +175,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
|
||||
func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSetter, userID, applicationID string, scopes []string) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
user, err := o.repo.UserByID(ctx, userID)
|
||||
user, err := o.query.GetUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -186,38 +185,31 @@ func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSette
|
||||
case oidc.ScopeOpenID:
|
||||
userInfo.SetSubject(user.ID)
|
||||
case oidc.ScopeEmail:
|
||||
if user.HumanView == nil {
|
||||
if user.Human == nil {
|
||||
continue
|
||||
}
|
||||
userInfo.SetEmail(user.Email, user.IsEmailVerified)
|
||||
userInfo.SetEmail(user.Human.Email, user.Human.IsEmailVerified)
|
||||
case oidc.ScopeProfile:
|
||||
userInfo.SetPreferredUsername(user.PreferredLoginName)
|
||||
userInfo.SetUpdatedAt(user.ChangeDate)
|
||||
if user.HumanView != nil {
|
||||
userInfo.SetName(user.DisplayName)
|
||||
userInfo.SetFamilyName(user.LastName)
|
||||
userInfo.SetGivenName(user.FirstName)
|
||||
userInfo.SetNickname(user.NickName)
|
||||
userInfo.SetGender(oidc.Gender(getGender(user.Gender)))
|
||||
locale, _ := language.Parse(user.PreferredLanguage)
|
||||
userInfo.SetLocale(locale)
|
||||
userInfo.SetPicture(user.AvatarURL)
|
||||
if user.Human != nil {
|
||||
userInfo.SetName(user.Human.DisplayName)
|
||||
userInfo.SetFamilyName(user.Human.LastName)
|
||||
userInfo.SetGivenName(user.Human.FirstName)
|
||||
userInfo.SetNickname(user.Human.NickName)
|
||||
userInfo.SetGender(oidc.Gender(user.Human.Gender))
|
||||
userInfo.SetLocale(user.Human.PreferredLanguage)
|
||||
userInfo.SetPicture(domain.AvatarURL(o.assetAPIPrefix, user.ResourceOwner, user.Human.AvatarKey))
|
||||
} else {
|
||||
userInfo.SetName(user.MachineView.Name)
|
||||
userInfo.SetName(user.Machine.Name)
|
||||
}
|
||||
case oidc.ScopePhone:
|
||||
if user.HumanView == nil {
|
||||
if user.Human == nil {
|
||||
continue
|
||||
}
|
||||
userInfo.SetPhone(user.Phone, user.IsPhoneVerified)
|
||||
userInfo.SetPhone(user.Human.Phone, user.Human.IsPhoneVerified)
|
||||
case oidc.ScopeAddress:
|
||||
if user.HumanView == nil {
|
||||
continue
|
||||
}
|
||||
if user.StreetAddress == "" && user.Locality == "" && user.Region == "" && user.PostalCode == "" && user.Country == "" {
|
||||
continue
|
||||
}
|
||||
userInfo.SetAddress(oidc.NewUserInfoAddress(user.StreetAddress, user.Locality, user.Region, user.PostalCode, user.Country, ""))
|
||||
//TODO: handle address for human users as soon as implemented
|
||||
case ScopeUserMetaData:
|
||||
userMetaData, err := o.assertUserMetaData(ctx, userID)
|
||||
if err != nil {
|
||||
@@ -316,20 +308,20 @@ func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID strin
|
||||
}
|
||||
|
||||
func (o *OPStorage) assertUserMetaData(ctx context.Context, userID string) (map[string]string, error) {
|
||||
metaData, err := o.repo.SearchUserMetadata(ctx, userID)
|
||||
metaData, err := o.query.SearchUserMetadata(ctx, userID, &query.UserMetadataSearchQueries{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
userMetaData := make(map[string]string)
|
||||
for _, md := range metaData.Result {
|
||||
for _, md := range metaData.Metadata {
|
||||
userMetaData[md.Key] = base64.RawURLEncoding.EncodeToString(md.Value)
|
||||
}
|
||||
return userMetaData, nil
|
||||
}
|
||||
|
||||
func (o *OPStorage) assertUserResourceOwner(ctx context.Context, userID string) (map[string]string, error) {
|
||||
user, err := o.repo.UserByID(ctx, userID)
|
||||
user, err := o.query.GetUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -74,9 +74,10 @@ type OPStorage struct {
|
||||
signingKeyRotationCheck time.Duration
|
||||
signingKeyGracefulPeriod time.Duration
|
||||
locker crdb.Locker
|
||||
assetAPIPrefix string
|
||||
}
|
||||
|
||||
func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.Commands, query *query.Queries, repo repository.Repository, keyConfig systemdefaults.KeyConfig, localDevMode bool, es *eventstore.Eventstore, projections types.SQL, keyChan <-chan interface{}) op.OpenIDProvider {
|
||||
func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.Commands, query *query.Queries, repo repository.Repository, keyConfig systemdefaults.KeyConfig, localDevMode bool, es *eventstore.Eventstore, projections types.SQL, keyChan <-chan interface{}, assetAPIPrefix string) op.OpenIDProvider {
|
||||
cookieHandler, err := middleware.NewUserAgentHandler(config.UserAgentCookieConfig, id.SonyFlakeGenerator, localDevMode)
|
||||
logging.Log("OIDC-sd4fd").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Panic("cannot user agent handler")
|
||||
tokenKey, err := crypto.LoadKey(keyConfig.EncryptionConfig, keyConfig.EncryptionConfig.EncryptionKeyID)
|
||||
@@ -94,7 +95,7 @@ func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.C
|
||||
logging.Log("OIDC-GBd3t").OnError(err).Panic("cannot get supported languages")
|
||||
config.OPConfig.SupportedUILocales = supportedLanguages
|
||||
metricTypes := []metrics.MetricType{metrics.MetricTypeRequestCount, metrics.MetricTypeStatusCode, metrics.MetricTypeTotalCount}
|
||||
storage, err := newStorage(config.StorageConfig, command, query, repo, keyConfig, es, projections, keyChan)
|
||||
storage, err := newStorage(config.StorageConfig, command, query, repo, keyConfig, es, projections, keyChan, assetAPIPrefix)
|
||||
logging.Log("OIDC-Jdg2k").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Panic("cannot create storage")
|
||||
provider, err := op.NewOpenIDProvider(
|
||||
ctx,
|
||||
@@ -119,7 +120,7 @@ func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.C
|
||||
return provider
|
||||
}
|
||||
|
||||
func newStorage(config StorageConfig, command *command.Commands, query *query.Queries, repo repository.Repository, keyConfig systemdefaults.KeyConfig, es *eventstore.Eventstore, projections types.SQL, keyChan <-chan interface{}) (*OPStorage, error) {
|
||||
func newStorage(config StorageConfig, command *command.Commands, query *query.Queries, repo repository.Repository, keyConfig systemdefaults.KeyConfig, es *eventstore.Eventstore, projections types.SQL, keyChan <-chan interface{}, assetAPIPrefix string) (*OPStorage, error) {
|
||||
encAlg, err := crypto.NewAESCrypto(keyConfig.EncryptionConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -144,6 +145,7 @@ func newStorage(config StorageConfig, command *command.Commands, query *query.Qu
|
||||
signingKeyRotationCheck: keyConfig.SigningKeyRotationCheck.Duration,
|
||||
locker: crdb.NewLocker(sqlClient, locksTable, signingKey),
|
||||
keyChan: keyChan,
|
||||
assetAPIPrefix: assetAPIPrefix,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user