TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:47:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: specify login UI version on instance and apps (#9071)

Browse Source 
# Which Problems Are Solved

To be able to migrate or test the new login UI, admins might want to
(temporarily) switch individual apps.
At a later point admin might want to make sure all applications use the
new login UI.

# How the Problems Are Solved

- Added a feature flag `` on instance level to require all apps to use
the new login and provide an optional base url.
- if the flag is enabled, all (OIDC) applications will automatically use
the v2 login.
  - if disabled, applications can decide based on their configuration
- Added an option on OIDC apps to use the new login UI and an optional
base url.
- Removed the requirement to use `x-zitadel-login-client` to be
redirected to the login V2 and retrieve created authrequest and link
them to SSO sessions.
- Added a new "IAM_LOGIN_CLIENT" role to allow management of users,
sessions, grants and more without `x-zitadel-login-client`.

# Additional Changes

None

# Additional Context

closes https://github.com/zitadel/zitadel/issues/8702
This commit is contained in:
Livio Spring
2024-12-19 10:37:46 +01:00
committed by GitHub
parent b5e92a6144
commit 50d2b26a28
89 changed files with 1670 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
internal/query/app_test.go
View File

@@ -11,6 +11,7 @@ import (
"time"
sq "github.com/Masterminds/squirrel"
"github.com/muhlemmer/gu"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/domain"
@@ -49,6 +50,8 @@ var (
` projections.apps7_oidc_configs.additional_origins,` +
` projections.apps7_oidc_configs.skip_native_app_success_page,` +
` projections.apps7_oidc_configs.back_channel_logout_uri,` +
` projections.apps7_oidc_configs.login_version,` +
` projections.apps7_oidc_configs.login_base_uri,` +
//saml config
` projections.apps7_saml_configs.app_id,` +
` projections.apps7_saml_configs.entity_id,` +
@@ -93,6 +96,8 @@ var (
` projections.apps7_oidc_configs.additional_origins,` +
` projections.apps7_oidc_configs.skip_native_app_success_page,` +
` projections.apps7_oidc_configs.back_channel_logout_uri,` +
` projections.apps7_oidc_configs.login_version,` +
` projections.apps7_oidc_configs.login_base_uri,` +
//saml config
` projections.apps7_saml_configs.app_id,` +
` projections.apps7_saml_configs.entity_id,` +
@@ -166,6 +171,8 @@ var (
"additional_origins",
"skip_native_app_success_page",
"back_channel_logout_uri",
"login_version",
"login_base_uri",
//saml config
"app_id",
"entity_id",
@@ -238,6 +245,8 @@ func Test_AppsPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
nil,
nil,
@@ -305,6 +314,8 @@ func Test_AppsPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
nil,
nil,
@@ -375,6 +386,8 @@ func Test_AppsPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
"app-id",
"https://test.com/saml/metadata",
@@ -447,6 +460,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -490,6 +505,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -535,6 +552,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -578,6 +597,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -623,6 +644,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -666,6 +689,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -711,6 +736,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -754,6 +781,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -799,6 +828,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -842,6 +873,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -887,6 +920,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
true,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -930,6 +965,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: true,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -975,6 +1012,8 @@ func Test_AppsPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersion2,
"https://login.ch/",
// saml config
nil,
nil,
@@ -1013,6 +1052,8 @@ func Test_AppsPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
nil,
nil,
@@ -1051,6 +1092,8 @@ func Test_AppsPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
"saml-app-id",
"https://test.com/saml/metadata",
@@ -1094,6 +1137,8 @@ func Test_AppsPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersion2,
LoginBaseURI: gu.Ptr("https://login.ch/"),
},
},
{
@@ -1228,6 +1273,8 @@ func Test_AppPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
nil,
nil,
@@ -1289,6 +1336,8 @@ func Test_AppPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
nil,
nil,
@@ -1355,6 +1404,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1393,6 +1444,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -1438,6 +1491,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1476,6 +1531,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -1521,6 +1578,8 @@ func Test_AppPrepare(t *testing.T) {
nil,
nil,
nil,
nil,
nil,
// saml config
"app-id",
"https://test.com/saml/metadata",
@@ -1588,6 +1647,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1626,6 +1687,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -1671,6 +1734,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1709,6 +1774,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -1754,6 +1821,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1792,6 +1861,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},
@@ -1837,6 +1908,8 @@ func Test_AppPrepare(t *testing.T) {
database.TextArray[string]{"additional.origin"},
false,
"back.channel.logout.ch",
domain.LoginVersionUnspecified,
nil,
// saml config
nil,
nil,
@@ -1875,6 +1948,8 @@ func Test_AppPrepare(t *testing.T) {
AllowedOrigins: database.TextArray[string]{"https://redirect.to", "additional.origin"},
SkipNativeAppSuccessPage: false,
BackChannelLogoutURI: "back.channel.logout.ch",
LoginVersion: domain.LoginVersionUnspecified,
LoginBaseURI: nil,
},
},
},