idp

internal/v2/repository/idp/oidc/added_event.go

@@ -1,15 +0,0 @@
-package oidc
-
-import "github.com/caos/zitadel/internal/crypto"
-
-type AddedEvent struct {
-	eventstore.BaseEvent
-
-	IDPConfigID           string              `json:"idpConfigId"`
-	ClientID              string              `json:"clientId"`
-	Secret                *crypto.CryptoValue `json:"clientSecret"`
-	Issuer                string              `json:"issuer"`
-	Scopes                []string            `json:"scpoes"`
-	IDPDisplayNameMapping int32               `json:"idpDisplayNameMapping,omitempty"`
-	UsernameMapping       int32               `json:"usernameMapping,omitempty"`
-}

internal/v2/repository/idp/oidc/changed_event.go

@@ -1,3 +0,0 @@
-package oidc
-
-type ChangedEvent struct{}

internal/v2/repository/idp/oidc/config.go

@@ -1,35 +0,0 @@
-package oidc
-
-import (
-	"github.com/caos/zitadel/internal/crypto"
-	"github.com/caos/zitadel/internal/eventstore/v2"
-)
-
-type ConfigReadModel struct {
-	eventstore.ReadModel
-
-	IDPConfigID           string
-	ClientID              string
-	ClientSecret          *crypto.CryptoValue
-	ClientSecretString    string
-	Issuer                string
-	Scopes                []string
-	IDPDisplayNameMapping MappingField
-	UsernameMapping       MappingField
-}
-
-func (rm *ConfigReadModel) AppendEvents(events ...eventstore.EventReader) {
-	rm.ReadModel.AppendEvents(events...)
-}
-
-func (rm *ConfigReadModel) Reduce() error {
-	return nil
-}
-
-type MappingField int32
-
-const (
-	OIDCMappingFieldUnspecified MappingField = iota
-	OIDCMappingFieldPreferredLoginName
-	OIDCMappingFieldEmail
-)

internal/v2/repository/idp/oidc/config_read_model.go

@@ -0,0 +1,51 @@
+package oidc
+
+import (
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+)
+
+type ConfigReadModel struct {
+	eventstore.ReadModel
+
+	IDPConfigID           string
+	ClientID              string
+	ClientSecret          *crypto.CryptoValue
+	Issuer                string
+	Scopes                []string
+	IDPDisplayNameMapping MappingField
+	UserNameMapping       MappingField
+}
+
+func (rm *ConfigReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *ConfigAddedEvent:
+			rm.IDPConfigID = e.IDPConfigID
+			rm.ClientID = e.ClientID
+			rm.ClientSecret = e.ClientSecret
+			rm.Issuer = e.Issuer
+			rm.Scopes = e.Scopes
+			rm.IDPDisplayNameMapping = e.IDPDisplayNameMapping
+			rm.UserNameMapping = e.UserNameMapping
+		case *ConfigChangedEvent:
+			if e.ClientID != "" {
+				rm.ClientID = e.ClientID
+			}
+			if e.Issuer != "" {
+				rm.Issuer = e.Issuer
+			}
+			if len(e.Scopes) > 0 {
+				rm.Scopes = e.Scopes
+			}
+			if e.IDPDisplayNameMapping.Valid() {
+				rm.IDPDisplayNameMapping = e.IDPDisplayNameMapping
+			}
+			if e.UserNameMapping.Valid() {
+				rm.UserNameMapping = e.UserNameMapping
+			}
+		}
+	}
+
+	return rm.ReadModel.Reduce()
+}

internal/v2/repository/idp/oidc/config_write_model.go

@@ -0,0 +1,52 @@
+package oidc
+
+import (
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+)
+
+type ConfigWriteModel struct {
+	eventstore.WriteModel
+
+	IDPConfigID  string
+	ClientID     string
+	ClientSecret *crypto.CryptoValue
+	Issuer       string
+	Scopes       []string
+
+	IDPDisplayNameMapping MappingField
+	UserNameMapping       MappingField
+}
+
+func (wm *ConfigWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *ConfigAddedEvent:
+			wm.IDPConfigID = e.IDPConfigID
+			wm.ClientID = e.ClientID
+			wm.ClientSecret = e.ClientSecret
+			wm.Issuer = e.Issuer
+			wm.Scopes = e.Scopes
+			wm.IDPDisplayNameMapping = e.IDPDisplayNameMapping
+			wm.UserNameMapping = e.UserNameMapping
+		case *ConfigChangedEvent:
+			if e.ClientID != "" {
+				wm.ClientID = e.ClientID
+			}
+			if e.Issuer != "" {
+				wm.Issuer = e.Issuer
+			}
+			if len(e.Scopes) > 0 {
+				wm.Scopes = e.Scopes
+			}
+			if e.IDPDisplayNameMapping.Valid() {
+				wm.IDPDisplayNameMapping = e.IDPDisplayNameMapping
+			}
+			if e.UserNameMapping.Valid() {
+				wm.UserNameMapping = e.UserNameMapping
+			}
+		}
+	}
+
+	return wm.WriteModel.Reduce()
+}

internal/v2/repository/idp/oidc/deactivated_event.go

@@ -1,3 +0,0 @@
-package oidc
-
-type DeactivatedEvent struct{}

internal/v2/repository/idp/oidc/event_added.go

@@ -0,0 +1,67 @@
+package oidc
+
+import (
+	"encoding/json"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+)
+
+type ConfigAddedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID  string              `json:"idpConfigId"`
+	ClientID     string              `json:"clientId"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
+	Issuer       string              `json:"issuer"`
+	Scopes       []string            `json:"scpoes"`
+
+	IDPDisplayNameMapping MappingField `json:"idpDisplayNameMapping"`
+	UserNameMapping       MappingField `json:"usernameMapping"`
+}
+
+func (e *ConfigAddedEvent) CheckPrevious() bool {
+	return true
+}
+
+func (e *ConfigAddedEvent) Data() interface{} {
+	return e
+}
+
+func NewConfigAddedEvent(
+	base *eventstore.BaseEvent,
+	clientID,
+	idpConfigID,
+	issuer string,
+	clientSecret *crypto.CryptoValue,
+	idpDisplayNameMapping,
+	userNameMapping MappingField,
+	scopes ...string,
+) *ConfigAddedEvent {
+
+	return &ConfigAddedEvent{
+		BaseEvent:             *base,
+		IDPConfigID:           idpConfigID,
+		ClientID:              clientID,
+		ClientSecret:          clientSecret,
+		Issuer:                issuer,
+		Scopes:                scopes,
+		IDPDisplayNameMapping: idpDisplayNameMapping,
+		UserNameMapping:       userNameMapping,
+	}
+}
+
+func ConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &ConfigAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event")
+	}
+
+	return e, nil
+}

internal/v2/repository/idp/oidc/event_changed.go

@@ -0,0 +1,105 @@
+package oidc
+
+import (
+	"encoding/json"
+	"reflect"
+	"sort"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+)
+
+type ConfigChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID string `json:"idpConfigId"`
+
+	ClientID     string              `json:"clientId"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
+	Issuer       string              `json:"issuer"`
+	Scopes       []string            `json:"scpoes"`
+
+	IDPDisplayNameMapping MappingField `json:"idpDisplayNameMapping"`
+	UserNameMapping       MappingField `json:"usernameMapping"`
+}
+
+func (e *ConfigChangedEvent) CheckPrevious() bool {
+	return true
+}
+
+func (e *ConfigChangedEvent) Data() interface{} {
+	return e
+}
+
+func NewConfigChangedEvent(
+	base *eventstore.BaseEvent,
+	current *ConfigWriteModel,
+	clientID,
+	issuer string,
+	clientSecret *crypto.CryptoValue,
+	idpDisplayNameMapping,
+	userNameMapping MappingField,
+	scopes ...string,
+) (*ConfigChangedEvent, error) {
+
+	event := &ConfigChangedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: current.IDPConfigID,
+	}
+	hasChanged := false
+
+	if clientID != "" && clientID != current.ClientID {
+		event.ClientID = clientID
+		hasChanged = true
+	}
+
+	if issuer != "" && issuer != current.Issuer {
+		event.Issuer = issuer
+		hasChanged = true
+	}
+
+	if clientSecret != nil && clientSecret != current.ClientSecret {
+		event.ClientSecret = clientSecret
+		hasChanged = true
+	}
+
+	if idpDisplayNameMapping.Valid() && idpDisplayNameMapping != current.IDPDisplayNameMapping {
+		event.IDPDisplayNameMapping = idpDisplayNameMapping
+		hasChanged = true
+	}
+
+	if userNameMapping.Valid() && userNameMapping != current.UserNameMapping {
+		event.UserNameMapping = userNameMapping
+		hasChanged = true
+	}
+
+	if len(scopes) > 0 {
+		sort.Strings(scopes)
+		sort.Strings(current.Scopes)
+		if !reflect.DeepEqual(scopes, current.Scopes) {
+			event.Scopes = scopes
+			hasChanged = true
+		}
+	}
+
+	if !hasChanged {
+		return nil, errors.ThrowPreconditionFailed(nil, "OIDC-zPDOL", "Errors.NoChanges")
+	}
+
+	return event, nil
+}
+
+func ConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &ConfigChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event")
+	}
+
+	return e, nil
+}

internal/v2/repository/idp/oidc/mapping_field.go

@@ -0,0 +1,14 @@
+package oidc
+
+type MappingField int32
+
+const (
+	MappingFieldPreferredLoginName MappingField = iota + 1
+	MappingFieldEmail
+	// count is for validation purposes
+	mappingFieldCount
+)
+
+func (f MappingField) Valid() bool {
+	return f > 0 && f < mappingFieldCount
+}

internal/v2/repository/idp/oidc/removed_event.go

@@ -1,3 +0,0 @@
-package oidc
-
-type RemovedEvent struct{}