fix: import user, hide login name suffix (#1474)

* fix: import user, and label policy command side * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc38) * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc38) * feat: Import user and hide loginname suffix (#1464) * fix: import user * fix: label policy * fix: label policy * fix: label policy * fix: migrations * fix: migrations * fix: migrations * fix: label policy * loginSuffix in login ui * suffix * fix cursor on disabled user selection Co-authored-by: Livio Amstutz <livio.a@gmail.com> (cherry picked from commit 03ddb8fc38) * fix: label policy events * loginname placeholder * fix: tests * fix: tests * Update internal/command/iam_policy_label_model.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 21:27:42 +00:00 · 2021-03-25 14:41:07 +01:00
parent d7255130a4
commit 4d10f3e715
58 changed files with 1444 additions and 309 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -244,7 +244,7 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAge
 	if request.RequestedOrgID != "" && request.RequestedOrgID != user.ResourceOwner {
 		return errors.ThrowPreconditionFailed(nil, "EVENT-fJe2a", "Errors.User.NotAllowedOrg")
 	}
-	request.SetUserInfo(user.ID, user.PreferredLoginName, user.DisplayName, user.ResourceOwner)
+	request.SetUserInfo(user.ID, user.UserName, user.PreferredLoginName, user.DisplayName, user.ResourceOwner)
 	return repo.AuthRequests.UpdateAuthRequest(ctx, request)
 }

@@ -425,21 +425,30 @@ func (repo *AuthRequestRepo) fillLoginPolicy(ctx context.Context, request *domai
 		orgID = repo.IAMID
 	}

-	policy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, orgID)
+	loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, orgID)
 	if err != nil {
 		return err
 	}
-	request.LoginPolicy = policy
+	request.LoginPolicy = loginPolicy
 	if idpProviders != nil {
 		request.AllowedExternalIDPs = idpProviders
 	}
+	labelPolicy, err := repo.getLabelPolicy(ctx, orgID)
+	if err != nil {
+		return err
+	}
+	request.LabelPolicy = labelPolicy
 	return nil
 }

 func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain.AuthRequest, loginName string) (err error) {
 	user := new(user_view_model.UserView)
 	if request.RequestedOrgID != "" {
-		user, err = repo.View.UserByLoginNameAndResourceOwner(loginName, request.RequestedOrgID)
+		preferredLoginName := loginName
+		if request.RequestedOrgID != "" {
+			preferredLoginName += "@" + request.RequestedPrimaryDomain
+		}
+		user, err = repo.View.UserByLoginNameAndResourceOwner(preferredLoginName, request.RequestedOrgID)
 	} else {
 		user, err = repo.View.UserByLoginName(loginName)
 		if err == nil {
@@ -453,7 +462,7 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
 		return err
 	}

-	request.SetUserInfo(user.ID, loginName, "", user.ResourceOwner)
+	request.SetUserInfo(user.ID, loginName, user.PreferredLoginName, "", user.ResourceOwner)
 	return nil
 }

@@ -496,7 +505,7 @@ func (repo *AuthRequestRepo) checkExternalUserLogin(request *domain.AuthRequest,
 	if err != nil {
 		return err
 	}
-	request.SetUserInfo(externalIDP.UserID, "", "", externalIDP.ResourceOwner)
+	request.SetUserInfo(externalIDP.UserID, "", "", "", externalIDP.ResourceOwner)
 	return nil
 }

@@ -599,6 +608,7 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest)
 		users[i] = domain.UserSelection{
 			UserID:            session.UserID,
 			DisplayName:       session.DisplayName,
+			UserName:          session.UserName,
 			LoginName:         session.LoginName,
 			UserSessionState:  auth_req_model.UserSessionStateToDomain(session.State),
 			SelectionPossible: request.RequestedOrgID == "" || request.RequestedOrgID == session.ResourceOwner,
@@ -695,6 +705,21 @@ func (repo *AuthRequestRepo) getLoginPolicy(ctx context.Context, orgID string) (
 	return iam_es_model.LoginPolicyViewToModel(policy), err
 }

+func (repo *AuthRequestRepo) getLabelPolicy(ctx context.Context, orgID string) (*domain.LabelPolicy, error) {
+	policy, err := repo.View.LabelPolicyByAggregateID(orgID)
+	if errors.IsNotFound(err) {
+		policy, err = repo.View.LabelPolicyByAggregateID(repo.IAMID)
+		if err != nil {
+			return nil, err
+		}
+		policy.Default = true
+	}
+	if err != nil {
+		return nil, err
+	}
+	return policy.ToDomain(), err
+}
+
 func setOrgID(orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
 	primaryDomain := request.GetScopeOrgPrimaryDomain()
 	if primaryDomain == "" {
@@ -707,6 +732,7 @@ func setOrgID(orgViewProvider orgViewProvider, request *domain.AuthRequest) erro
 	}
 	request.RequestedOrgID = org.ID
 	request.RequestedOrgName = org.Name
+	request.RequestedPrimaryDomain = primaryDomain
 	return nil
 }

--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -67,6 +67,7 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
 		newOrgIAMPolicy(
 			handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount, es}),
 		newProjectRole(handler{view, bulkLimit, configs.cycleDuration("ProjectRole"), errorCount, es}),
+		newLabelPolicy(handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount, es}),
 	}
 }

--- a/internal/auth/repository/eventsourcing/handler/label_policy.go
+++ b/internal/auth/repository/eventsourcing/handler/label_policy.go
@@ -0,0 +1,104 @@
+package handler
+
+import (
+	"github.com/caos/logging"
+	v1 "github.com/caos/zitadel/internal/eventstore/v1"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/eventstore/v1/query"
+	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
+	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
+	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
+)
+
+const (
+	labelPolicyTable = "auth.label_policies"
+)
+
+type LabelPolicy struct {
+	handler
+	subscription *v1.Subscription
+}
+
+func newLabelPolicy(handler handler) *LabelPolicy {
+	h := &LabelPolicy{
+		handler: handler,
+	}
+
+	h.subscribe()
+
+	return h
+}
+
+func (m *LabelPolicy) subscribe() {
+	m.subscription = m.es.Subscribe(m.AggregateTypes()...)
+	go func() {
+		for event := range m.subscription.Events {
+			query.ReduceEvent(m, event)
+		}
+	}()
+}
+
+func (m *LabelPolicy) ViewModel() string {
+	return labelPolicyTable
+}
+
+func (_ *LabelPolicy) AggregateTypes() []models.AggregateType {
+	return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
+}
+
+func (m *LabelPolicy) CurrentSequence() (uint64, error) {
+	sequence, err := m.view.GetLatestLabelPolicySequence()
+	if err != nil {
+		return 0, err
+	}
+	return sequence.CurrentSequence, nil
+}
+
+func (m *LabelPolicy) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := m.view.GetLatestLabelPolicySequence()
+	if err != nil {
+		return nil, err
+	}
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(m.AggregateTypes()...).
+		LatestSequenceFilter(sequence.CurrentSequence), nil
+}
+
+func (m *LabelPolicy) Reduce(event *models.Event) (err error) {
+	switch event.AggregateType {
+	case model.OrgAggregate, iam_es_model.IAMAggregate:
+		err = m.processLabelPolicy(event)
+	}
+	return err
+}
+
+func (m *LabelPolicy) processLabelPolicy(event *models.Event) (err error) {
+	policy := new(iam_model.LabelPolicyView)
+	switch event.Type {
+	case iam_es_model.LabelPolicyAdded, model.LabelPolicyAdded:
+		err = policy.AppendEvent(event)
+	case iam_es_model.LabelPolicyChanged, model.LabelPolicyChanged:
+		policy, err = m.view.LabelPolicyByAggregateID(event.AggregateID)
+		if err != nil {
+			return err
+		}
+		err = policy.AppendEvent(event)
+	default:
+		return m.view.ProcessedLabelPolicySequence(event)
+	}
+	if err != nil {
+		return err
+	}
+	return m.view.PutLabelPolicy(policy, event)
+}
+
+func (m *LabelPolicy) OnError(event *models.Event, err error) error {
+	logging.LogWithFields("SPOOL-4Djo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in label policy handler")
+	return spooler.HandleError(event, err, m.view.GetLatestLabelPolicyFailedEvent, m.view.ProcessedLabelPolicyFailedEvent, m.view.ProcessedLabelPolicySequence, m.errorCountUntilSkip)
+}
+
+func (m *LabelPolicy) OnSuccess() error {
+	return spooler.HandleSuccess(m.view.UpdateLabelPolicySpoolerRunTimestamp)
+}
--- a/internal/auth/repository/eventsourcing/view/label_policies.go
+++ b/internal/auth/repository/eventsourcing/view/label_policies.go
@@ -0,0 +1,53 @@
+package view
+
+import (
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/iam/repository/view"
+	"github.com/caos/zitadel/internal/iam/repository/view/model"
+	global_view "github.com/caos/zitadel/internal/view/repository"
+)
+
+const (
+	labelPolicyTable = "auth.label_policies"
+)
+
+func (v *View) LabelPolicyByAggregateID(aggregateID string) (*model.LabelPolicyView, error) {
+	return view.GetLabelPolicyByAggregateID(v.Db, labelPolicyTable, aggregateID)
+}
+
+func (v *View) PutLabelPolicy(policy *model.LabelPolicyView, event *models.Event) error {
+	err := view.PutLabelPolicy(v.Db, labelPolicyTable, policy)
+	if err != nil {
+		return err
+	}
+	return v.ProcessedLabelPolicySequence(event)
+}
+
+func (v *View) DeleteLabelPolicy(aggregateID string, event *models.Event) error {
+	err := view.DeleteLabelPolicy(v.Db, labelPolicyTable, aggregateID)
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+	return v.ProcessedLabelPolicySequence(event)
+}
+
+func (v *View) GetLatestLabelPolicySequence() (*global_view.CurrentSequence, error) {
+	return v.latestSequence(labelPolicyTable)
+}
+
+func (v *View) ProcessedLabelPolicySequence(event *models.Event) error {
+	return v.saveCurrentSequence(labelPolicyTable, event)
+}
+
+func (v *View) UpdateLabelPolicySpoolerRunTimestamp() error {
+	return v.updateSpoolerRunSequence(labelPolicyTable)
+}
+
+func (v *View) GetLatestLabelPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
+	return v.latestFailedEvent(labelPolicyTable, sequence)
+}
+
+func (v *View) ProcessedLabelPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
+	return v.saveFailedEvent(failedEvent)
+}