feat: app handling compliance (#527)

* feat: check oidc compliance * fix: add tests * fix: add oidc config tests * fix: add oidc config tests user agent * fix: test oidc config compliance * fix: test oidc config compliance * fix: useragent implicit authmethod none * fix: merge master * feat: translate compliance problems * feat: check native app for custom url * fix: better compliance handling * fix: better compliance handling * feat: add odidc dev mode * fix: remove deprecated request fro management api * fix: oidc package version * fix: migration * fix: tests * fix: remove unused functions * fix: generate proto files * fix: native implicit and code none compliant * fix: create project * Update internal/project/model/oidc_config_test.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: tests * Update internal/project/model/oidc_config.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/project/model/oidc_config.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: tests Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 04:07:31 +00:00 · 2020-08-10 09:34:56 +02:00
parent 64f0b191b5
commit 5699fe80d5
27 changed files with 15925 additions and 16502 deletions
--- a/internal/project/repository/view/model/application.go
+++ b/internal/project/repository/view/model/application.go
@@ -28,6 +28,7 @@ type ApplicationView struct {
 	State        int32     `json:"-" gorm:"column:app_state"`

 	IsOIDC                     bool           `json:"-" gorm:"column:is_oidc"`
+	OIDCVersion                int32          `json:"oidcVersion" gorm:"column:oidc_version"`
 	OIDCClientID               string         `json:"clientId" gorm:"column:oidc_client_id"`
 	OIDCRedirectUris           pq.StringArray `json:"redirectUris" gorm:"column:oidc_redirect_uris"`
 	OIDCResponseTypes          pq.Int64Array  `json:"responseTypes" gorm:"column:oidc_response_types"`
@@ -35,6 +36,9 @@ type ApplicationView struct {
 	OIDCApplicationType        int32          `json:"applicationType" gorm:"column:oidc_application_type"`
 	OIDCAuthMethodType         int32          `json:"authMethodType" gorm:"column:oidc_auth_method_type"`
 	OIDCPostLogoutRedirectUris pq.StringArray `json:"postLogoutRedirectUris" gorm:"column:oidc_post_logout_redirect_uris"`
+	NoneCompliant              bool           `json:"-" gorm:"column:none_compliant"`
+	ComplianceProblems         pq.StringArray `json:"-" gorm:"column:compliance_problems"`
+	DevMode                    bool           `json:"devMode" gorm:"column:dev_mode"`

 	Sequence uint64 `json:"-" gorm:"sequence"`
 }
@@ -57,6 +61,7 @@ func ApplicationViewFromModel(app *model.ApplicationView) *ApplicationView {
 		OIDCApplicationType:        int32(app.OIDCApplicationType),
 		OIDCAuthMethodType:         int32(app.OIDCAuthMethodType),
 		OIDCPostLogoutRedirectUris: app.OIDCPostLogoutRedirectUris,
+		DevMode:                    app.DevMode,
 	}
 }

@@ -87,6 +92,7 @@ func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView {
 		ChangeDate:   app.ChangeDate,

 		IsOIDC:                     app.IsOIDC,
+		OIDCVersion:                model.OIDCVersion(app.OIDCVersion),
 		OIDCClientID:               app.OIDCClientID,
 		OIDCRedirectUris:           app.OIDCRedirectUris,
 		OIDCResponseTypes:          OIDCResponseTypesToModel(app.OIDCResponseTypes),
@@ -94,6 +100,9 @@ func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView {
 		OIDCApplicationType:        model.OIDCApplicationType(app.OIDCApplicationType),
 		OIDCAuthMethodType:         model.OIDCAuthMethodType(app.OIDCAuthMethodType),
 		OIDCPostLogoutRedirectUris: app.OIDCPostLogoutRedirectUris,
+		NoneCompliant:              app.NoneCompliant,
+		ComplianceProblems:         app.ComplianceProblems,
+		DevMode:                    app.DevMode,
 	}
 }

@@ -132,9 +141,17 @@ func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
 	case es_model.OIDCConfigAdded:
 		a.IsOIDC = true
 		err = a.SetData(event)
+		if err != nil {
+			return err
+		}
+		a.setCompliance()
 	case es_model.OIDCConfigChanged,
 		es_model.ApplicationChanged:
 		err = a.SetData(event)
+		if err != nil {
+			return err
+		}
+		a.setCompliance()
 	case es_model.ApplicationDeactivated:
 		a.State = int32(model.AppStateInactive)
 	case es_model.ApplicationReactivated:
@@ -154,3 +171,9 @@ func (a *ApplicationView) SetData(event *models.Event) error {
 	}
 	return nil
 }
+
+func (a *ApplicationView) setCompliance() {
+	compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCPostLogoutRedirectUris)
+	a.NoneCompliant = compliance.NoneCompliant
+	a.ComplianceProblems = compliance.Problems
+}