TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 13:19:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

update main

Browse Source
This commit is contained in:
Elio Bischof
2025-08-05 18:25:29 +02:00
parent 41ca21491c
commit 579f921374
12 changed files with 61 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.devcontainer/base/docker-compose.yaml
View File

@@ -3,7 +3,7 @@ services:
devcontainer:
container_name: devcontainer
build:
context: ../base
context: .
volumes:
- ../../:/workspaces:cached
command: sleep infinity

1
.devcontainer/login-acceptance/docker-compose.yaml
View File

@@ -178,4 +178,3 @@ services:
# depends_on:
# configure-login:
# condition: "service_completed_successfully"

17
.github/workflows/login-container.yml vendored
View File

@@ -13,7 +13,7 @@ on:
outputs:
login_build_image:
description: 'The full image tag of the standalone login image'
value: ${{ jobs.login-container.outputs.login_build_image }}
value: ${{ inputs.login_build_image_name }}:${{ github.sha }}
permissions:
packages: write
@@ -34,19 +34,6 @@ jobs:
login_build_image: ${{ steps.short-sha.outputs.login_build_image }}
steps:
- uses: actions/checkout@v4
- name: Get short SHA
id: short-sha
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
# For PRs: Use the HEAD SHA (not the merge commit)
SHORT_SHA=$(echo "${{ github.event.pull_request.head.sha }}" | cut -c1-7)
else
# For pushes: Use the current commit
SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
fi
echo "short_sha=$SHORT_SHA" >> $GITHUB_OUTPUT
echo "login_build_image=${{ inputs.login_build_image_name }}:$SHORT_SHA" >> $GITHUB_OUTPUT
echo "Short SHA: $SHORT_SHA"
- name: Login meta
id: login-meta
uses: docker/metadata-action@v5
@@ -56,7 +43,7 @@ jobs:
annotations: |
manifest:org.opencontainers.image.licenses=MIT
tags: |
type=raw,value=${{ steps.short-sha.outputs.short_sha }}
type=sha,prefix=,format=long
- name: Login to Docker registry
uses: docker/login-action@v3
with:

2
.github/workflows/login-integration-test.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
run: docker compose --file .devcontainer/login-integration/docker-compose.yaml ps
- name: Print Config
if: failure()
run: COMPOSE_BAKE=1 docker compose --file .devcontainer/base/docker-compose.yaml --file .devcontainer/login-integration/docker-compose.yaml config login-integration
run: COMPOSE_BAKE=1 docker compose --file .devcontainer/login-integration/docker-compose.yaml config login-integration
env:
LOGIN_TAG: ${{ inputs.login_build_image }}
- name: Show Container Logs

2
cmd/defaults.yaml
View File

@@ -524,7 +524,7 @@ OIDC:
PollInterval: 5s # ZITADEL_OIDC_DEVICEAUTH_POLLINTERVAL
UserCode:
CharSet: "BCDFGHJKLMNPQRSTVWXZ" # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARSET
CharAmount: 8 # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARARMOUNT
CharAmount: 8 # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARAMOUNT
DashInterval: 4 # ZITADEL_OIDC_DEVICEAUTH_USERCODE_DASHINTERVAL
DefaultLoginURLV2: "/ui/v2/login/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
DefaultLogoutURLV2: "/ui/v2/login/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2

1
console/src/app/pages/projects/apps/app-detail/app-detail.component.ts
View File

@@ -423,6 +423,7 @@ export class AppDetailComponent implements OnInit, OnDestroy {
if (allowed) {
this.oidcForm.enable();
this.oidcForm.controls['clientId'].disable();
this.oidcTokenForm.enable();
this.apiForm.enable();
this.samlForm.enable();

25
docs/src/components/authrequest.jsx
View File

@@ -1,4 +1,4 @@
import React, { Fragment, useContext, useEffect, useState } from "react";
import { Fragment, useContext, useEffect, useState } from "react";
import { AuthRequestContext } from "../utils/authrequest";
import { Listbox } from "@headlessui/react";
import { Transition } from "@headlessui/react";
@@ -115,6 +115,14 @@ export function SetAuthRequest() {
}`,
];
const scopeExplanations = new Map([
['urn:zitadel:iam:org:project:id:zitadel:aud', 'Requested projectid will be added to the audience of the access token.'],
['urn:zitadel:iam:user:metadata', 'Metadata of the user will be included in the token. The values are base64 encoded.'],
[`urn:zitadel:iam:org:id:${
organizationId ? organizationId : "[organizationId]"
}`, 'Enforce that the user is a member of the selected organization.']
]);
const [scopeState, setScopeState] = useState(
[true, true, true, false, false, false, false, false]
// new Array(allScopes.length).fill(false)
@@ -161,8 +169,13 @@ export function SetAuthRequest() {
return input;
};
useEffect(async () => {
setCodeChallenge(await encodeCodeChallenge(codeVerifier));
useEffect(() => {
const updateCodeChallange = async () => {
const newCodeChallange = await encodeCodeChallenge(codeVerifier)
setCodeChallenge(newCodeChallange);
}
updateCodeChallange();
}, [codeVerifier]);
useEffect(() => {
@@ -559,6 +572,7 @@ export function SetAuthRequest() {
name="scopes"
value={`${scope}`}
checked={scopeState[scopeIndex]}
disabled={scope === 'openid'}
onChange={() => {
toggleScope(scopeIndex);
}}
@@ -571,6 +585,11 @@ export function SetAuthRequest() {
</strong>
) : null}
</label>
{scopeExplanations.has(scope) && (
<span className={clsx(hintClasses, 'ml-1')}>
{scopeExplanations.get(scope)}
</span>
)}
</div>
);
})}

1
docs/src/pages/index.js
View File

@@ -4,7 +4,6 @@ import useDocusaurusContext from "@docusaurus/useDocusaurusContext";
import Layout from "@theme/Layout";
import ThemedImage from "@theme/ThemedImage";
import clsx from "clsx";
import React from "react";
import Column from "../components/column";
import {

4
docs/src/utils/authrequest.js
View File

@@ -1,4 +1,4 @@
import React, { useState, useEffect } from "react";
import React, { useEffect, useState } from "react";
export const AuthRequestContext = React.createContext(null);
@@ -34,7 +34,7 @@ export default ({ children }) => {
const id_token_hint = params.get("id_token_hint");
const organization_id = params.get("organization_id");
setInstance(instance_param ?? "https://mydomain-xyza.zitadel.cloud/");
setInstance(instance_param ?? "http://localhost:8080/");
setClientId(client_id ?? "170086824411201793@yourapp");
setRedirectUri(
redirect_uri ?? "http://localhost:8080/api/auth/callback/zitadel"

11
internal/notification/handlers/user_notifier.go
View File

@@ -7,6 +7,7 @@ import (
http_util "github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/api/ui/console"
"github.com/zitadel/zitadel/internal/api/ui/login"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
@@ -417,12 +418,14 @@ func (u *userNotifier) reduceSessionOTPSMSChallenged(event eventstore.Event) (*h
if alreadyHandled {
return nil
}
s, err := u.queries.SessionByID(ctx, true, e.Aggregate().ID, "", nil)
ctx, err = u.queries.Origin(ctx, e)
if err != nil {
return err
}
ctx, err = u.queries.Origin(ctx, e)
sessionWriteModel := command.NewSessionWriteModel(e.Aggregate().ID, e.Aggregate().InstanceID)
err = u.queries.es.FilterToQueryReducer(ctx, sessionWriteModel)
if err != nil {
return err
}
@@ -432,8 +435,8 @@ func (u *userNotifier) reduceSessionOTPSMSChallenged(event eventstore.Event) (*h
return u.queue.Insert(ctx,
&notification.Request{
Aggregate: e.Aggregate(),
UserID: s.UserFactor.UserID,
UserResourceOwner: s.UserFactor.ResourceOwner,
UserID: sessionWriteModel.UserID,
UserResourceOwner: sessionWriteModel.UserResourceOwner,
TriggeredAtOrigin: http_util.DomainContext(ctx).Origin(),
EventType: e.EventType,
NotificationType: domain.NotificationTypeSms,

56
internal/notification/handlers/user_notifier_test.go
View File

@@ -1349,19 +1349,12 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, queue *mock.MockQueue) (f fields, a args, w want) {
testCode := "testcode"
_, code := cryptoValue(t, ctrl, testCode)
queries.EXPECT().SessionByID(gomock.Any(), gomock.Any(), sessionID, gomock.Any(), nil).Return(&query.Session{
ID: sessionID,
ResourceOwner: instanceID,
UserFactor: query.SessionUserFactor{
UserID: userID,
ResourceOwner: orgID,
},
}, nil)
queue.EXPECT().Insert(
gomock.Any(),
&notification.Request{
UserID: userID,
UserResourceOwner: orgID,
UserID: "", // Empty since no session events are provided
UserResourceOwner: "", // Empty since no session events are provided
TriggeredAtOrigin: eventOrigin,
URLTemplate: "",
Code: code,
@@ -1387,11 +1380,15 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
gomock.Any(),
gomock.Any(),
).Return(nil)
mockQuerier := es_repo_mock.NewMockQuerier(ctrl)
mockQuerier.EXPECT().FilterToReducer(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return fields{
queries: queries,
queue: queue,
es: eventstore.NewEventstore(&eventstore.Config{
Querier: es_repo_mock.NewRepo(t).ExpectFilterEvents().MockQuerier,
Querier: mockQuerier,
}),
}, args{
event: &session.OTPSMSChallengedEvent{
@@ -1421,19 +1418,12 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
IsPrimary: true,
}},
}, nil)
queries.EXPECT().SessionByID(gomock.Any(), gomock.Any(), sessionID, gomock.Any(), nil).Return(&query.Session{
ID: sessionID,
ResourceOwner: instanceID,
UserFactor: query.SessionUserFactor{
UserID: userID,
ResourceOwner: orgID,
},
}, nil)
queue.EXPECT().Insert(
gomock.Any(),
&notification.Request{
UserID: userID,
UserResourceOwner: orgID,
UserID: "", // Empty since no session events are provided
UserResourceOwner: "", // Empty since no session events are provided
TriggeredAtOrigin: fmt.Sprintf("%s://%s:%d", externalProtocol, instancePrimaryDomain, externalPort),
URLTemplate: "",
Code: code,
@@ -1459,11 +1449,15 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
gomock.Any(),
gomock.Any(),
).Return(nil)
mockQuerier := es_repo_mock.NewMockQuerier(ctrl)
mockQuerier.EXPECT().FilterToReducer(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return fields{
queries: queries,
queue: queue,
es: eventstore.NewEventstore(&eventstore.Config{
Querier: es_repo_mock.NewRepo(t).ExpectFilterEvents().MockQuerier,
Querier: mockQuerier,
}),
}, args{
event: &session.OTPSMSChallengedEvent{
@@ -1484,19 +1478,11 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
{
name: "external code",
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, queue *mock.MockQueue) (f fields, a args, w want) {
queries.EXPECT().SessionByID(gomock.Any(), gomock.Any(), sessionID, gomock.Any(), nil).Return(&query.Session{
ID: sessionID,
ResourceOwner: instanceID,
UserFactor: query.SessionUserFactor{
UserID: userID,
ResourceOwner: orgID,
},
}, nil)
queue.EXPECT().Insert(
gomock.Any(),
&notification.Request{
UserID: userID,
UserResourceOwner: orgID,
UserID: "", // Empty since no session events are provided
UserResourceOwner: "", // Empty since no session events are provided
TriggeredAtOrigin: eventOrigin,
URLTemplate: "",
Code: nil,
@@ -1522,11 +1508,15 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
gomock.Any(),
gomock.Any(),
).Return(nil)
mockQuerier := es_repo_mock.NewMockQuerier(ctrl)
mockQuerier.EXPECT().FilterToReducer(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return fields{
queries: queries,
queue: queue,
es: eventstore.NewEventstore(&eventstore.Config{
Querier: es_repo_mock.NewRepo(t).ExpectFilterEvents().MockQuerier,
Querier: mockQuerier,
}),
}, args{
event: &session.OTPSMSChallengedEvent{