mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 07:48:56 +00:00 
			
		
		
		
	feat: add management for ldap idp template (#5220)
Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
		
							
								
								
									
										204
									
								
								internal/command/org_idp.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										204
									
								
								internal/command/org_idp.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,204 @@ | ||||
| package command | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"strings" | ||||
|  | ||||
| 	"github.com/zitadel/zitadel/internal/command/preparation" | ||||
| 	"github.com/zitadel/zitadel/internal/crypto" | ||||
| 	"github.com/zitadel/zitadel/internal/domain" | ||||
| 	caos_errs "github.com/zitadel/zitadel/internal/errors" | ||||
| 	"github.com/zitadel/zitadel/internal/eventstore" | ||||
| 	"github.com/zitadel/zitadel/internal/repository/org" | ||||
| ) | ||||
|  | ||||
| func (c *Commands) AddOrgLDAPProvider(ctx context.Context, resourceOwner string, provider LDAPProvider) (string, *domain.ObjectDetails, error) { | ||||
| 	orgAgg := org.NewAggregate(resourceOwner) | ||||
| 	id, err := c.idGenerator.Next() | ||||
| 	if err != nil { | ||||
| 		return "", nil, err | ||||
| 	} | ||||
| 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddOrgLDAPProvider(orgAgg, resourceOwner, id, provider)) | ||||
| 	if err != nil { | ||||
| 		return "", nil, err | ||||
| 	} | ||||
| 	pushedEvents, err := c.eventstore.Push(ctx, cmds...) | ||||
| 	if err != nil { | ||||
| 		return "", nil, err | ||||
| 	} | ||||
| 	return id, pushedEventsToObjectDetails(pushedEvents), nil | ||||
| } | ||||
|  | ||||
| func (c *Commands) UpdateOrgLDAPProvider(ctx context.Context, resourceOwner, id string, provider LDAPProvider) (*domain.ObjectDetails, error) { | ||||
| 	orgAgg := org.NewAggregate(resourceOwner) | ||||
| 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateOrgLDAPProvider(orgAgg, resourceOwner, id, provider)) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	if len(cmds) == 0 { | ||||
| 		// no change, so return directly | ||||
| 		return &domain.ObjectDetails{}, nil | ||||
| 	} | ||||
| 	pushedEvents, err := c.eventstore.Push(ctx, cmds...) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return pushedEventsToObjectDetails(pushedEvents), nil | ||||
| } | ||||
|  | ||||
| func (c *Commands) DeleteOrgProvider(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) { | ||||
| 	orgAgg := org.NewAggregate(resourceOwner) | ||||
| 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareDeleteOrgProvider(orgAgg, resourceOwner, id)) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	pushedEvents, err := c.eventstore.Push(ctx, cmds...) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return pushedEventsToObjectDetails(pushedEvents), nil | ||||
| } | ||||
|  | ||||
| func (c *Commands) prepareAddOrgLDAPProvider(a *org.Aggregate, resourceOwner, id string, provider LDAPProvider) preparation.Validation { | ||||
| 	return func() (preparation.CreateCommands, error) { | ||||
| 		if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAfdd", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Host = strings.TrimSpace(provider.Host); provider.Host == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SDVg2", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sv31s", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.UserObjectClass = strings.TrimSpace(provider.UserObjectClass); provider.UserObjectClass == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdgf4", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.UserUniqueAttribute = strings.TrimSpace(provider.UserUniqueAttribute); provider.UserUniqueAttribute == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-AEG2w", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Admin = strings.TrimSpace(provider.Admin); provider.Admin == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAD5n", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Password = strings.TrimSpace(provider.Password); provider.Password == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdf5h", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { | ||||
| 			writeModel := NewLDAPOrgIDPWriteModel(resourceOwner, id) | ||||
| 			events, err := filter(ctx, writeModel.Query()) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			writeModel.AppendEvents(events...) | ||||
| 			if err = writeModel.Reduce(); err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			secret, err := crypto.Encrypt([]byte(provider.Password), c.idpConfigEncryption) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			return []eventstore.Command{ | ||||
| 				org.NewLDAPIDPAddedEvent( | ||||
| 					ctx, | ||||
| 					&a.Aggregate, | ||||
| 					id, | ||||
| 					provider.Name, | ||||
| 					provider.Host, | ||||
| 					provider.Port, | ||||
| 					provider.TLS, | ||||
| 					provider.BaseDN, | ||||
| 					provider.UserObjectClass, | ||||
| 					provider.UserUniqueAttribute, | ||||
| 					provider.Admin, | ||||
| 					secret, | ||||
| 					provider.LDAPAttributes, | ||||
| 					provider.IDPOptions, | ||||
| 				), | ||||
| 			}, nil | ||||
| 		}, nil | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, resourceOwner, id string, provider LDAPProvider) preparation.Validation { | ||||
| 	return func() (preparation.CreateCommands, error) { | ||||
| 		if id = strings.TrimSpace(id); id == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dgdbs", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sffgd", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Host = strings.TrimSpace(provider.Host); provider.Host == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dz62d", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-vb3ss", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.UserObjectClass = strings.TrimSpace(provider.UserObjectClass); provider.UserObjectClass == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-hbere", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.UserUniqueAttribute = strings.TrimSpace(provider.UserUniqueAttribute); provider.UserUniqueAttribute == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-ASFt6", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		if provider.Admin = strings.TrimSpace(provider.Admin); provider.Admin == "" { | ||||
| 			return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-DG45z", "Errors.Invalid.Argument") | ||||
| 		} | ||||
| 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { | ||||
| 			writeModel := NewLDAPOrgIDPWriteModel(resourceOwner, id) | ||||
| 			events, err := filter(ctx, writeModel.Query()) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			writeModel.AppendEvents(events...) | ||||
| 			if err = writeModel.Reduce(); err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			if !writeModel.State.Exists() { | ||||
| 				return nil, caos_errs.ThrowNotFound(nil, "ORG-ASF3F", "Errors.Org.IDPConfig.NotExisting") | ||||
| 			} | ||||
| 			event, err := writeModel.NewChangedEvent( | ||||
| 				ctx, | ||||
| 				&a.Aggregate, | ||||
| 				id, | ||||
| 				writeModel.Name, | ||||
| 				provider.Name, | ||||
| 				provider.Host, | ||||
| 				provider.Port, | ||||
| 				provider.TLS, | ||||
| 				provider.BaseDN, | ||||
| 				provider.UserObjectClass, | ||||
| 				provider.UserUniqueAttribute, | ||||
| 				provider.Admin, | ||||
| 				provider.Password, | ||||
| 				c.idpConfigEncryption, | ||||
| 				provider.LDAPAttributes, | ||||
| 				provider.IDPOptions, | ||||
| 			) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			if event == nil { | ||||
| 				return nil, nil | ||||
| 			} | ||||
| 			return []eventstore.Command{event}, nil | ||||
| 		}, nil | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (c *Commands) prepareDeleteOrgProvider(a *org.Aggregate, resourceOwner, id string) preparation.Validation { | ||||
| 	return func() (preparation.CreateCommands, error) { | ||||
| 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { | ||||
| 			writeModel := NewOrgIDPRemoveWriteModel(resourceOwner, id) | ||||
| 			events, err := filter(ctx, writeModel.Query()) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			writeModel.AppendEvents(events...) | ||||
| 			if err = writeModel.Reduce(); err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			if !writeModel.State.Exists() { | ||||
| 				return nil, caos_errs.ThrowNotFound(nil, "ORG-Se3tg", "Errors.Org.IDPConfig.NotExisting") | ||||
| 			} | ||||
| 			return []eventstore.Command{org.NewIDPRemovedEvent(ctx, &a.Aggregate, id, writeModel.name)}, nil | ||||
| 		}, nil | ||||
| 	} | ||||
| } | ||||
		Reference in New Issue
	
	Block a user
	 Stefan Benz
					Stefan Benz