TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 03:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

New eventstore policies (#1084)

Browse Source 
* feat: login policy

* feat: password complexity policy

* feat: org iam policy

* feat: label policy

* feat: add and change policies

* feat: second factors

* feat: second and multi factors

* feat: better naming

* feat: better naming
This commit is contained in:
Fabi 2020-12-11 15:49:19 +01:00 committed by GitHub
parent 31ea9d1acd
commit 5b433dcaa3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
85 changed files with 3477 additions and 1648 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
internal/admin/repository/eventsourcing/eventstore/iam.go
View File

@ -158,7 +158,7 @@ func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID stri
if p.AggregateID == repo.SystemDefaults.IamID {
continue
}
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IdpConfigID: p.IDPConfigID}
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IDPConfigID: p.IDPConfigID}
providerAgg := new(es_models.Aggregate)
_, providerAgg, err = repo.OrgEvents.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, true)
if err != nil {
@ -238,11 +238,17 @@ func (repo *IAMRepository) GetDefaultLabelPolicy(ctx context.Context) (*iam_mode
func (repo *IAMRepository) AddDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddLabelPolicy(ctx, policy)
}
return repo.IAMEventstore.AddLabelPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangeLabelPolicy(ctx, policy)
}
return repo.IAMEventstore.ChangeLabelPolicy(ctx, policy)
}
@ -273,11 +279,17 @@ func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_mode
func (repo *IAMRepository) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddLoginPolicy(ctx, policy)
}
return repo.IAMEventstore.AddLoginPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangeLoginPolicy(ctx, policy)
}
return repo.IAMEventstore.ChangeLoginPolicy(ctx, policy)
}
@ -320,7 +332,7 @@ func (repo *IAMRepository) RemoveIDPProviderFromLoginPolicy(ctx context.Context,
}
aggregates = append(aggregates, removeAgg)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IdpConfigID)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IDPConfigID)
if err != nil {
return err
}
@ -348,10 +360,16 @@ func (repo *IAMRepository) SearchDefaultSecondFactors(ctx context.Context) (*iam
}
func (repo *IAMRepository) AddSecondFactorToLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) {
if repo.IAMV2 != nil {
return repo.IAMV2.AddSecondFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
return repo.IAMEventstore.AddSecondFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
func (repo *IAMRepository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) error {
if repo.IAMV2 != nil {
return repo.IAMV2.RemoveSecondFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
return repo.IAMEventstore.RemoveSecondFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
@ -367,10 +385,16 @@ func (repo *IAMRepository) SearchDefaultMultiFactors(ctx context.Context) (*iam_
}
func (repo *IAMRepository) AddMultiFactorToLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) (iam_model.MultiFactorType, error) {
if repo.IAMV2 != nil {
return repo.IAMV2.AddMultiFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
return repo.IAMEventstore.AddMultiFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
func (repo *IAMRepository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) error {
if repo.IAMV2 != nil {
return repo.IAMV2.RemoveMultiFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
return repo.IAMEventstore.RemoveMultiFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa)
}
@ -401,11 +425,17 @@ func (repo *IAMRepository) GetDefaultPasswordComplexityPolicy(ctx context.Contex
func (repo *IAMRepository) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddPasswordComplexityPolicy(ctx, policy)
}
return repo.IAMEventstore.AddPasswordComplexityPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangePasswordComplexityPolicy(ctx, policy)
}
return repo.IAMEventstore.ChangePasswordComplexityPolicy(ctx, policy)
}
@ -436,11 +466,17 @@ func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*ia
func (repo *IAMRepository) AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddPasswordAgePolicy(ctx, policy)
}
return repo.IAMEventstore.AddPasswordAgePolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangePasswordAgePolicy(ctx, policy)
}
return repo.IAMEventstore.ChangePasswordAgePolicy(ctx, policy)
}
@ -471,11 +507,17 @@ func (repo *IAMRepository) GetDefaultPasswordLockoutPolicy(ctx context.Context)
func (repo *IAMRepository) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddPasswordLockoutPolicy(ctx, policy)
}
return repo.IAMEventstore.AddPasswordLockoutPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangePasswordLockoutPolicy(ctx, policy)
}
return repo.IAMEventstore.ChangePasswordLockoutPolicy(ctx, policy)
}
@ -506,10 +548,16 @@ func (repo *IAMRepository) GetOrgIAMPolicy(ctx context.Context) (*iam_model.OrgI
func (repo *IAMRepository) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.AddOrgIAMPolicy(ctx, policy)
}
return repo.IAMEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
if repo.IAMV2 != nil {
return repo.IAMV2.ChangeOrgIAMPolicy(ctx, policy)
}
return repo.IAMEventstore.ChangeOrgIAMPolicy(ctx, policy)
}

4
internal/api/grpc/admin/login_policy_converter.go
View File

@ -71,14 +71,14 @@ func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchRes
func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
IDPConfigID: provider.IdpConfigId,
Type: iam_model.IDPProviderTypeSystem,
}
}
func idpProviderFromModel(provider *iam_model.IDPProvider) *admin.IdpProviderID {
return &admin.IdpProviderID{
IdpConfigId: provider.IdpConfigID,
IdpConfigId: provider.IDPConfigID,
}
}

8
internal/api/grpc/management/login_policy_converter.go
View File

@ -72,27 +72,27 @@ func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchRes
func idpProviderToModel(provider *management.IdpProviderID) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
IDPConfigID: provider.IdpConfigId,
Type: iam_model.IDPProviderTypeSystem,
}
}
func idpProviderAddToModel(provider *management.IdpProviderAdd) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
IDPConfigID: provider.IdpConfigId,
Type: idpProviderTypeToModel(provider.IdpProviderType),
}
}
func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
return &management.IdpProviderID{
IdpConfigId: provider.IdpConfigID,
IdpConfigId: provider.IDPConfigID,
}
}
func idpProviderFromModel(provider *iam_model.IDPProvider) *management.IdpProvider {
return &management.IdpProvider{
IdpConfigId: provider.IdpConfigID,
IdpConfigId: provider.IDPConfigID,
IdpProvider_Type: idpProviderTypeFromModel(provider.Type),
}
}

6
internal/iam/model/login_policy.go
View File

@ -22,7 +22,7 @@ type LoginPolicy struct {
type IDPProvider struct {
models.ObjectRoot
Type IDPProviderType
IdpConfigID string
IDPConfigID string
}
type PolicyState int32
@ -66,12 +66,12 @@ func (p *LoginPolicy) IsValid() bool {
}
func (p *IDPProvider) IsValid() bool {
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
return p.ObjectRoot.AggregateID != "" && p.IDPConfigID != ""
}
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
for i, m := range p.IDPProviders {
if m.IdpConfigID == id {
if m.IDPConfigID == id {
return i, m
}
}

8
internal/iam/repository/eventsourcing/eventstore.go
View File

@ -554,7 +554,7 @@ func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
if err != nil {
return nil, err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IDPConfigID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
repoIam := model.IAMFromModel(iam)
@ -566,7 +566,7 @@ func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
return model.IDPProviderToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
@ -580,11 +580,11 @@ func (es *IAMEventstore) PrepareRemoveIDPProviderFromLoginPolicy(ctx context.Con
if err != nil {
return nil, nil, err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IDPConfigID); m == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
repoIam := model.IAMFromModel(iam)
removeAgg, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IdpConfigID})
removeAgg, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IDPConfigID})
if err != nil {
return nil, nil, err
}

18
internal/iam/repository/eventsourcing/eventstore_test.go
View File

@ -1494,12 +1494,12 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
result: &iam_model.IDPProvider{IdpConfigID: "IdpConfigID2"},
result: &iam_model.IDPProvider{IDPConfigID: "IdpConfigID2"},
},
},
{
@ -1509,7 +1509,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -1539,7 +1539,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
},
},
res: res{
@ -1558,8 +1558,8 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IdpConfigID != tt.res.result.IdpConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IdpConfigID, result.IdpConfigID)
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Type != tt.res.result.Type {
t.Errorf("got wrong result Type: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
@ -1591,7 +1591,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -1604,7 +1604,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -1634,7 +1634,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
},
},
res: res{

4
internal/iam/repository/eventsourcing/model/login_policy.go
View File

@ -108,7 +108,7 @@ func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: iam_model.IDPProviderType(provider.Type),
IdpConfigID: provider.IDPConfigID,
IDPConfigID: provider.IDPConfigID,
}
}
@ -116,7 +116,7 @@ func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
return &IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: int32(provider.Type),
IDPConfigID: provider.IdpConfigID,
IDPConfigID: provider.IDPConfigID,
}
}

2
internal/management/repository/eventsourcing/eventstore/org.go
View File

@ -446,7 +446,7 @@ func (repo *OrgRepository) RemoveIDPProviderFromIdpProvider(ctx context.Context,
return err
}
aggregates = append(aggregates, agg)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IdpConfigID)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IDPConfigID)
if err != nil {
return err
}

8
internal/org/repository/eventsourcing/eventstore.go
View File

@ -838,7 +838,7 @@ func (es *OrgEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
if org.LoginPolicy == nil {
return nil, errors.ThrowAlreadyExists(nil, "EVENT-sk9fW", "Errors.Org.LoginPolicy.NotExisting")
}
if _, m := org.LoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
if _, m := org.LoginPolicy.GetIdpProvider(provider.IDPConfigID); m != nil {
return nil, errors.ThrowAlreadyExists(nil, "EVENT-Lso9f", "Errors.Org.LoginPolicy.IdpProviderAlreadyExisting")
}
repoOrg := model.OrgFromModel(org)
@ -849,7 +849,7 @@ func (es *OrgEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
if err != nil {
return nil, err
}
if _, m := iam_es_model.GetIDPProvider(repoOrg.LoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
if _, m := iam_es_model.GetIDPProvider(repoOrg.LoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
return iam_es_model.IDPProviderToModel(m), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
@ -863,11 +863,11 @@ func (es *OrgEventstore) PrepareRemoveIDPProviderFromLoginPolicy(ctx context.Con
if err != nil {
return nil, nil, err
}
if _, m := org.LoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
if _, m := org.LoginPolicy.GetIdpProvider(provider.IDPConfigID); m == nil {
return nil, nil, errors.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
repoOrg := model.OrgFromModel(org)
providerID := &iam_es_model.IDPProviderID{provider.IdpConfigID}
providerID := &iam_es_model.IDPProviderID{provider.IDPConfigID}
providerAggregates, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoOrg, providerID, cascade)
if err != nil {
return nil, nil, err

20
internal/org/repository/eventsourcing/eventstore_test.go
View File

@ -1882,7 +1882,7 @@ func TestChangeIdpConfiguration(t *testing.T) {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IdpConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Name != tt.res.result.Name {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
@ -2569,12 +2569,12 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
result: &iam_model.IDPProvider{IdpConfigID: "IdpConfigID2"},
result: &iam_model.IDPProvider{IDPConfigID: "IdpConfigID2"},
},
},
{
@ -2584,7 +2584,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -2614,7 +2614,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
},
},
res: res{
@ -2633,8 +2633,8 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IdpConfigID != tt.res.result.IdpConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IdpConfigID, result.IdpConfigID)
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Type != tt.res.result.Type {
t.Errorf("got wrong result Type: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
@ -2666,7 +2666,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -2679,7 +2679,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
@ -2709,7 +2709,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
IDPConfigID: "IdpConfigID2",
},
},
res: res{

90
internal/v2/business/iam/converter.go
View File

@ -6,6 +6,13 @@ import (
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/repository/iam"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login/idpprovider"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
"github.com/caos/zitadel/internal/v2/repository/idp/oidc"
"github.com/caos/zitadel/internal/v2/repository/member"
)
@ -42,9 +49,9 @@ func readModelToMembers(readModel *iam_repo.MembersReadModel) []*model.IAMMember
return members
}
func readModelToLabelPolicy(readModel *iam.LabelPolicyReadModel) *model.LabelPolicy {
func readModelToLabelPolicy(readModel *label.ReadModel) *model.LabelPolicy {
return &model.LabelPolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
PrimaryColor: readModel.PrimaryColor,
SecondaryColor: readModel.SecondaryColor,
Default: true,
@ -52,9 +59,9 @@ func readModelToLabelPolicy(readModel *iam.LabelPolicyReadModel) *model.LabelPol
}
}
func readModelToLoginPolicy(readModel *iam.LoginPolicyReadModel) *model.LoginPolicy {
func readModelToLoginPolicy(readModel *login.ReadModel) *model.LoginPolicy {
return &model.LoginPolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
AllowExternalIdp: readModel.AllowExternalIDP,
AllowRegister: readModel.AllowRegister,
AllowUsernamePassword: readModel.AllowUserNamePassword,
@ -63,25 +70,25 @@ func readModelToLoginPolicy(readModel *iam.LoginPolicyReadModel) *model.LoginPol
//TODO: State: int32,
}
}
func readModelToOrgIAMPolicy(readModel *iam.OrgIAMPolicyReadModel) *model.OrgIAMPolicy {
func readModelToOrgIAMPolicy(readModel *org_iam.ReadModel) *model.OrgIAMPolicy {
return &model.OrgIAMPolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
UserLoginMustBeDomain: readModel.UserLoginMustBeDomain,
Default: true,
//TODO: State: int32,
}
}
func readModelToPasswordAgePolicy(readModel *iam.PasswordAgePolicyReadModel) *model.PasswordAgePolicy {
func readModelToPasswordAgePolicy(readModel *password_age.ReadModel) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
ExpireWarnDays: uint64(readModel.ExpireWarnDays),
MaxAgeDays: uint64(readModel.MaxAgeDays),
//TODO: State: int32,
}
}
func readModelToPasswordComplexityPolicy(readModel *iam.PasswordComplexityPolicyReadModel) *model.PasswordComplexityPolicy {
func readModelToPasswordComplexityPolicy(readModel *password_complexity.ReadModel) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
HasLowercase: readModel.HasLowercase,
HasNumber: readModel.HasNumber,
HasSymbol: readModel.HasSymbol,
@ -90,9 +97,9 @@ func readModelToPasswordComplexityPolicy(readModel *iam.PasswordComplexityPolicy
//TODO: State: int32,
}
}
func readModelToPasswordLockoutPolicy(readModel *iam.PasswordLockoutPolicyReadModel) *model.PasswordLockoutPolicy {
func readModelToPasswordLockoutPolicy(readModel *password_lockout.ReadModel) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
ObjectRoot: readModelToObjectRoot(readModel.ReadModel.ReadModel),
MaxAttempts: uint64(readModel.MaxAttempts),
ShowLockOutFailures: readModel.ShowLockOutFailures,
//TODO: State: int32,
@ -134,6 +141,59 @@ func writeModelToMember(writeModel *iam.MemberWriteModel) *model.IAMMember {
}
}
func writeModelToLoginPolicy(wm *login.WriteModel) *model.LoginPolicy {
return &model.LoginPolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
AllowUsernamePassword: wm.Policy.AllowUserNamePassword,
AllowRegister: wm.Policy.AllowRegister,
AllowExternalIdp: wm.Policy.AllowExternalIDP,
ForceMFA: wm.Policy.ForceMFA,
PasswordlessType: model.PasswordlessType(wm.Policy.PasswordlessType),
}
}
func writeModelToLabelPolicy(wm *label.WriteModel) *model.LabelPolicy {
return &model.LabelPolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
PrimaryColor: wm.Policy.PrimaryColor,
SecondaryColor: wm.Policy.SecondaryColor,
}
}
func writeModelToOrgIAMPolicy(wm *org_iam.WriteModel) *model.OrgIAMPolicy {
return &model.OrgIAMPolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
UserLoginMustBeDomain: wm.Policy.UserLoginMustBeDomain,
}
}
func writeModelToPasswordAgePolicy(wm *password_age.WriteModel) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
MaxAgeDays: wm.Policy.MaxAgeDays,
ExpireWarnDays: wm.Policy.ExpireWarnDays,
}
}
func writeModelToPasswordComplexityPolicy(wm *password_complexity.WriteModel) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
MinLength: wm.Policy.MinLength,
HasLowercase: wm.Policy.HasLowercase,
HasUppercase: wm.Policy.HasUpperCase,
HasNumber: wm.Policy.HasNumber,
HasSymbol: wm.Policy.HasSymbol,
}
}
func writeModelToPasswordLockoutPolicy(wm *password_lockout.WriteModel) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
MaxAttempts: wm.Policy.MaxAttempts,
ShowLockOutFailures: wm.Policy.ShowLockOutFailures,
}
}
func readModelToIDPConfigView(rm *iam.IDPConfigReadModel) *model.IDPConfigView {
return &model.IDPConfigView{
AggregateID: rm.AggregateID,
@ -211,10 +271,10 @@ func writeModelToIDPOIDCConfig(wm *oidc.ConfigWriteModel) *model.OIDCIDPConfig {
}
}
func writeModelToIDPProvider(wm *iam.LoginPolicyIDPProviderWriteModel) *model.IDPProvider {
func writeModelToIDPProvider(wm *idpprovider.WriteModel) *model.IDPProvider {
return &model.IDPProvider{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
IdpConfigID: wm.IDPConfigID,
Type: model.IDPProviderType(wm.IDPProviderType),
IDPConfigID: wm.Provider.IDPConfigID,
Type: model.IDPProviderType(wm.Provider.IDPProviderType),
}
}

60
internal/v2/business/iam/org_iam_policy.go Normal file
View File

@ -0,0 +1,60 @@
package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
)
func (r *Repository) AddOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
addedPolicy := org_iam.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.OrgIAMPolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushOrgIAMPolicyAddedEvent(ctx, policy.UserLoginMustBeDomain)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToOrgIAMPolicy(addedPolicy), nil
}
func (r *Repository) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
existingPolicy, err := r.orgIAMPolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushOrgIAMPolicyChangedFromExisting(ctx, existingPolicy, policy.UserLoginMustBeDomain)
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToOrgIAMPolicy(existingPolicy), nil
}
func (r *Repository) orgIAMPolicyWriteModelByID(ctx context.Context, iamID string) (policy *org_iam.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := org_iam.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

69
internal/v2/business/iam/policy_label.go Normal file
View File

@ -0,0 +1,69 @@
package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
func (r *Repository) AddLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mv0s", "Errors.IAM.LabelPolicyInvalid")
}
addedPolicy := label.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LabelPolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushLabelPolicyAddedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToLabelPolicy(addedPolicy), nil
}
func (r *Repository) ChangeLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-6M0od", "Errors.IAM.LabelPolicyInvalid")
}
existingPolicy, err := r.labelPolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushLabelPolicyChangedFromExisting(ctx, existingPolicy, policy.PrimaryColor, policy.SecondaryColor)
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToLabelPolicy(existingPolicy), nil
}
func (r *Repository) labelPolicyWriteModelByID(ctx context.Context, iamID string) (policy *label.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := label.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

138
internal/v2/business/iam/policy_login.go
View File

@ -2,21 +2,73 @@ package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
iam_login "github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
iam_factor "github.com/caos/zitadel/internal/v2/repository/iam/policy/login/factors"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login/idpprovider"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
"github.com/caos/zitadel/internal/v2/repository/policy/login/factors"
)
func (r *Repository) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mv0s", "Errors.IAM.LoginPolicyInvalid")
}
addedPolicy := iam_login.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, login.PasswordlessType(policy.PasswordlessType))
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToLoginPolicy(addedPolicy), nil
}
func (r *Repository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-6M0od", "Errors.IAM.LoginPolicyInvalid")
}
existingPolicy, err := r.loginPolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushLoginPolicyChangedFromExisting(ctx, existingPolicy, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, login.PasswordlessType(policy.PasswordlessType))
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToLoginPolicy(existingPolicy), nil
}
func (r *Repository) AddIDPProviderToLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
writeModel := iam.NewLoginPolicyIDPProviderWriteModel(idpProvider.AggregateID, idpProvider.IdpConfigID)
writeModel := idpprovider.NewWriteModel(idpProvider.AggregateID, idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
aggregate := iam.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IdpConfigID, provider.Type(idpProvider.Type))
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IDPConfigID, provider.Type(idpProvider.Type))
if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
return nil, err
@ -26,13 +78,83 @@ func (r *Repository) AddIDPProviderToLoginPolicy(ctx context.Context, idpProvide
}
func (r *Repository) RemoveIDPProviderFromLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) error {
writeModel := iam.NewLoginPolicyIDPProviderWriteModel(idpProvider.AggregateID, idpProvider.IdpConfigID)
writeModel := idpprovider.NewWriteModel(idpProvider.AggregateID, idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return err
}
aggregate := iam.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IdpConfigID, provider.Type(idpProvider.Type))
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IDPConfigID, provider.Type(idpProvider.Type))
return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
}
func (r *Repository) AddSecondFactorToLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.SecondFactorType) (iam_model.SecondFactorType, error) {
writeModel := iam_factor.NewSecondFactorWriteModel(iamID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return iam_model.SecondFactorTypeUnspecified, err
}
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicySecondFactorAdded(ctx, factors.SecondFactorType(secondFactor))
if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
return iam_model.SecondFactorTypeUnspecified, err
}
return iam_model.SecondFactorType(writeModel.SecondFactor.MFAType), nil
}
func (r *Repository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.SecondFactorType) error {
writeModel := iam_factor.NewSecondFactorWriteModel(iamID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return err
}
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicySecondFactorRemoved(ctx, factors.SecondFactorType(secondFactor))
return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
}
func (r *Repository) AddMultiFactorToLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.MultiFactorType) (iam_model.MultiFactorType, error) {
writeModel := iam_factor.NewMultiFactorWriteModel(iamID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return iam_model.MultiFactorTypeUnspecified, err
}
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyMultiFactorAdded(ctx, factors.MultiFactorType(secondFactor))
if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
return iam_model.MultiFactorTypeUnspecified, err
}
return iam_model.MultiFactorType(writeModel.MultiFactor.MFAType), nil
}
func (r *Repository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.MultiFactorType) error {
writeModel := iam_factor.NewMultiFactorWriteModel(iamID)
err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return err
}
aggregate := iam_repo.AggregateFromWriteModel(&writeModel.WriteModel).
PushLoginPolicyMultiFactorRemoved(ctx, factors.MultiFactorType(secondFactor))
return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
}
func (r *Repository) loginPolicyWriteModelByID(ctx context.Context, iamID string) (policy *iam_login.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := iam_login.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

60
internal/v2/business/iam/policy_password_age.go Normal file
View File

@ -0,0 +1,60 @@
package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
)
func (r *Repository) AddPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
addedPolicy := password_age.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-6L0pd", "Errors.IAM.PasswordAgePolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushPasswordAgePolicyAddedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordAgePolicy(addedPolicy), nil
}
func (r *Repository) ChangePasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
existingPolicy, err := r.passwordAgePolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushPasswordAgePolicyChangedFromExisting(ctx, existingPolicy, policy.ExpireWarnDays, policy.MaxAgeDays)
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordAgePolicy(existingPolicy), nil
}
func (r *Repository) passwordAgePolicyWriteModelByID(ctx context.Context, iamID string) (policy *password_age.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := password_age.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

68
internal/v2/business/iam/policy_password_complexity.go Normal file
View File

@ -0,0 +1,68 @@
package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
)
func (r *Repository) AddPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
if err := policy.IsValid(); err != nil {
return nil, err
}
addedPolicy := password_complexity.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushPasswordComplexityPolicyAddedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordComplexityPolicy(addedPolicy), nil
}
func (r *Repository) ChangePasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
if err := policy.IsValid(); err != nil {
return nil, err
}
existingPolicy, err := r.passwordComplexityPolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushPasswordComplexityPolicyChangedFromExisting(ctx, existingPolicy, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordComplexityPolicy(existingPolicy), nil
}
func (r *Repository) passwordComplexityPolicyWriteModelByID(ctx context.Context, iamID string) (policy *password_complexity.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := password_complexity.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

60
internal/v2/business/iam/policy_password_lockout.go Normal file
View File

@ -0,0 +1,60 @@
package iam
import (
"context"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
)
func (r *Repository) AddPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
addedPolicy := password_lockout.NewWriteModel(policy.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil {
return nil, err
}
if addedPolicy != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-0olDf", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists")
}
iamAgg := iam_repo.AggregateFromWriteModel(&addedPolicy.WriteModel).
PushPasswordLockoutPolicyAddedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordLockoutPolicy(addedPolicy), nil
}
func (r *Repository) ChangePasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
existingPolicy, err := r.passwordLockoutPolicyWriteModelByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
iamAgg := iam_repo.AggregateFromWriteModel(&existingPolicy.WriteModel).
PushPasswordLockoutPolicyChangedFromExisting(ctx, existingPolicy, policy.MaxAttempts, policy.ShowLockOutFailures)
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg)
if err != nil {
return nil, err
}
return writeModelToPasswordLockoutPolicy(existingPolicy), nil
}
func (r *Repository) passwordLockoutPolicyWriteModelByID(ctx context.Context, iamID string) (policy *password_lockout.WriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := password_lockout.NewWriteModel(iamID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

122
internal/v2/repository/iam/aggregate.go
View File

@ -2,16 +2,26 @@ package iam
import (
"context"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
iam_login "github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
factors2 "github.com/caos/zitadel/internal/v2/repository/iam/policy/login/factors"
iam_factors "github.com/caos/zitadel/internal/v2/repository/iam/policy/login/factors"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login/idpprovider"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
"github.com/caos/zitadel/internal/v2/repository/idp"
"github.com/caos/zitadel/internal/v2/repository/idp/oidc"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
"github.com/caos/zitadel/internal/v2/repository/policy/login/factors"
)
const (
iamEventTypePrefix = eventstore.EventType("iam.")
IamEventTypePrefix = eventstore.EventType("iam.")
)
const (
@ -87,6 +97,110 @@ func (a *Aggregate) PushStepDone(ctx context.Context, step Step) *Aggregate {
return a
}
func (a *Aggregate) PushOrgIAMPolicyAddedEvent(ctx context.Context, userLoginMustBeDomain bool) *Aggregate {
a.Aggregate = *a.PushEvents(org_iam.NewAddedEvent(ctx, userLoginMustBeDomain))
return a
}
func (a *Aggregate) PushOrgIAMPolicyChangedFromExisting(ctx context.Context, current *org_iam.WriteModel, userLoginMustBeDomain bool) *Aggregate {
e, err := org_iam.ChangedEventFromExisting(ctx, current, userLoginMustBeDomain)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushPasswordAgePolicyAddedEvent(ctx context.Context, expireWarnDays, maxAgeDays uint64) *Aggregate {
a.Aggregate = *a.PushEvents(password_age.NewAddedEvent(ctx, expireWarnDays, maxAgeDays))
return a
}
func (a *Aggregate) PushPasswordAgePolicyChangedFromExisting(ctx context.Context, current *password_age.WriteModel, expireWarnDays, maxAgeDays uint64) *Aggregate {
e, err := password_age.ChangedEventFromExisting(ctx, current, expireWarnDays, maxAgeDays)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushPasswordComplexityPolicyAddedEvent(ctx context.Context, minLength uint64, hasLowercase, hasUppercase, hasNumber, hasSymbol bool) *Aggregate {
a.Aggregate = *a.PushEvents(password_complexity.NewAddedEvent(ctx, minLength, hasLowercase, hasUppercase, hasNumber, hasSymbol))
return a
}
func (a *Aggregate) PushPasswordComplexityPolicyChangedFromExisting(ctx context.Context, current *password_complexity.WriteModel, minLength uint64, hasLowercase, hasUppercase, hasNumber, hasSymbol bool) *Aggregate {
e, err := password_complexity.ChangedEventFromExisting(ctx, current, minLength, hasLowercase, hasUppercase, hasNumber, hasSymbol)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushPasswordLockoutPolicyAddedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) *Aggregate {
a.Aggregate = *a.PushEvents(password_lockout.NewAddedEvent(ctx, maxAttempts, showLockoutFailure))
return a
}
func (a *Aggregate) PushPasswordLockoutPolicyChangedFromExisting(ctx context.Context, current *password_lockout.WriteModel, maxAttempts uint64, showLockoutFailure bool) *Aggregate {
e, err := password_lockout.ChangedEventFromExisting(ctx, current, maxAttempts, showLockoutFailure)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushLabelPolicyAddedEvent(ctx context.Context, primaryColor, secondaryColor string) *Aggregate {
a.Aggregate = *a.PushEvents(label.NewAddedEvent(ctx, primaryColor, secondaryColor))
return a
}
func (a *Aggregate) PushLabelPolicyChangedFromExisting(ctx context.Context, current *label.WriteModel, primaryColor, secondaryColor string) *Aggregate {
e, err := label.ChangedEventFromExisting(ctx, current, primaryColor, secondaryColor)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushLoginPolicyAddedEvent(ctx context.Context, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA bool, passwordlessType login.PasswordlessType) *Aggregate {
a.Aggregate = *a.PushEvents(iam_login.NewAddedEvent(ctx, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA, passwordlessType))
return a
}
func (a *Aggregate) PushLoginPolicyChangedFromExisting(ctx context.Context, current *iam_login.WriteModel, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA bool, passwordlessType login.PasswordlessType) *Aggregate {
e, err := iam_login.ChangedEventFromExisting(ctx, current, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA, passwordlessType)
if err != nil {
return a
}
a.Aggregate = *a.PushEvents(e)
return a
}
func (a *Aggregate) PushLoginPolicySecondFactorAdded(ctx context.Context, mfaType factors.SecondFactorType) *Aggregate {
a.Aggregate = *a.PushEvents(iam_factors.NewLoginPolicySecondFactorAddedEvent(ctx, mfaType))
return a
}
func (a *Aggregate) PushLoginPolicySecondFactorRemoved(ctx context.Context, mfaType factors.SecondFactorType) *Aggregate {
a.Aggregate = *a.PushEvents(iam_factors.NewLoginPolicySecondFactorRemovedEvent(ctx, mfaType))
return a
}
func (a *Aggregate) PushLoginPolicyMultiFactorAdded(ctx context.Context, mfaType factors.MultiFactorType) *Aggregate {
a.Aggregate = *a.PushEvents(factors2.NewLoginPolicyMultiFactorAddedEvent(ctx, mfaType))
return a
}
func (a *Aggregate) PushLoginPolicyMultiFactorRemoved(ctx context.Context, mfaType factors.MultiFactorType) *Aggregate {
a.Aggregate = *a.PushEvents(factors2.NewLoginPolicyMultiFactorRemovedEvent(ctx, mfaType))
return a
}
func (a *Aggregate) PushIDPConfigAdded(
ctx context.Context,
configID,
@ -172,7 +286,7 @@ func (a *Aggregate) PushLoginPolicyIDPProviderAddedEvent(
providerType provider.Type,
) *Aggregate {
a.Aggregate = *a.PushEvents(NewLoginPolicyIDPProviderAddedEvent(ctx, idpConfigID, providerType))
a.Aggregate = *a.PushEvents(idpprovider.NewAddedEvent(ctx, idpConfigID, providerType))
return a
}
@ -182,6 +296,6 @@ func (a *Aggregate) PushLoginPolicyIDPProviderRemovedEvent(
providerType provider.Type,
) *Aggregate {
a.Aggregate = *a.PushEvents(NewLoginPolicyIDPProviderRemovedEvent(ctx, idpConfigID))
a.Aggregate = *a.PushEvents(idpprovider.NewRemovedEvent(ctx, idpConfigID))
return a
}

28
internal/v2/repository/iam/eventstore.go
View File

@ -2,6 +2,12 @@ package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
)
func RegisterEventMappers(es *eventstore.Eventstore) {
@ -9,17 +15,17 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
RegisterFilterEventMapper(SetupDoneEventType, SetupStepMapper).
RegisterFilterEventMapper(GlobalOrgSetEventType, GlobalOrgSetMapper).
RegisterFilterEventMapper(ProjectSetEventType, ProjectSetMapper).
RegisterFilterEventMapper(LabelPolicyAddedEventType, LabelPolicyAddedEventMapper).
RegisterFilterEventMapper(LabelPolicyChangedEventType, LabelPolicyChangedEventMapper).
RegisterFilterEventMapper(LoginPolicyAddedEventType, LoginPolicyAddedEventMapper).
RegisterFilterEventMapper(LoginPolicyChangedEventType, LoginPolicyChangedEventMapper).
RegisterFilterEventMapper(OrgIAMPolicyAddedEventType, OrgIAMPolicyAddedEventMapper).
RegisterFilterEventMapper(PasswordAgePolicyAddedEventType, PasswordAgePolicyAddedEventMapper).
RegisterFilterEventMapper(PasswordAgePolicyChangedEventType, PasswordAgePolicyChangedEventMapper).
RegisterFilterEventMapper(PasswordComplexityPolicyAddedEventType, PasswordComplexityPolicyAddedEventMapper).
RegisterFilterEventMapper(PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper).
RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
RegisterFilterEventMapper(label.LabelPolicyAddedEventType, label.AddedEventMapper).
RegisterFilterEventMapper(label.LabelPolicyChangedEventType, label.ChangedEventMapper).
RegisterFilterEventMapper(login.LoginPolicyAddedEventType, login.AddedEventMapper).
RegisterFilterEventMapper(login.LoginPolicyChangedEventType, login.ChangedEventMapper).
RegisterFilterEventMapper(org_iam.OrgIAMPolicyAddedEventType, org_iam.AddedEventMapper).
RegisterFilterEventMapper(password_age.PasswordAgePolicyAddedEventType, password_age.AddedEventMapper).
RegisterFilterEventMapper(password_age.PasswordAgePolicyChangedEventType, password_age.ChangedEventMapper).
RegisterFilterEventMapper(password_complexity.PasswordComplexityPolicyAddedEventType, password_complexity.AddedEventMapper).
RegisterFilterEventMapper(password_complexity.PasswordComplexityPolicyChangedEventType, password_complexity.ChangedEventMapper).
RegisterFilterEventMapper(password_lockout.PasswordLockoutPolicyAddedEventType, password_lockout.AddedEventMapper).
RegisterFilterEventMapper(password_lockout.PasswordLockoutPolicyChangedEventType, password_lockout.ChangedEventMapper).
RegisterFilterEventMapper(MemberAddedEventType, MemberAddedEventMapper).
RegisterFilterEventMapper(MemberChangedEventType, MemberChangedEventMapper).
RegisterFilterEventMapper(MemberRemovedEventType, MemberRemovedEventMapper).

6
internal/v2/repository/iam/member.go
View File

@ -9,9 +9,9 @@ import (
)
var (
MemberAddedEventType = iamEventTypePrefix + member.AddedEventType
MemberChangedEventType = iamEventTypePrefix + member.ChangedEventType
MemberRemovedEventType = iamEventTypePrefix + member.RemovedEventType
MemberAddedEventType = IamEventTypePrefix + member.AddedEventType
MemberChangedEventType = IamEventTypePrefix + member.ChangedEventType
MemberRemovedEventType = IamEventTypePrefix + member.RemovedEventType
)
type MemberReadModel struct {

73
internal/v2/repository/iam/policy/label/events.go Normal file
View File

@ -0,0 +1,73 @@
package label
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/label"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
LabelPolicyAddedEventType = iamEventPrefix + label.LabelPolicyAddedEventType
LabelPolicyChangedEventType = iamEventPrefix + label.LabelPolicyChangedEventType
)
type AddedEvent struct {
label.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
primaryColor,
secondaryColor string,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *label.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, LabelPolicyAddedEventType),
primaryColor,
secondaryColor),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := label.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*label.AddedEvent)}, nil
}
type ChangedEvent struct {
label.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
primaryColor,
secondaryColor string,
) (*ChangedEvent, error) {
event := label.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
LabelPolicyChangedEventType,
),
&current.Policy,
primaryColor,
secondaryColor,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := label.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*label.ChangedEvent)}, nil
}

21
internal/v2/repository/iam/policy/label/read_model.go Normal file
View File

@ -0,0 +1,21 @@
package label
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/label"
)
type ReadModel struct{ label.ReadModel }
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *label.AddedEvent, *label.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/label/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package label
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/label"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy label.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

89
internal/v2/repository/iam/policy/login/events.go Normal file
View File

@ -0,0 +1,89 @@
package login
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
LoginPolicyAddedEventType = iamEventPrefix + login.LoginPolicyAddedEventType
LoginPolicyChangedEventType = iamEventPrefix + login.LoginPolicyChangedEventType
LoginPolicyIDPProviderAddedEventType = iamEventPrefix + login.LoginPolicyIDPProviderAddedEventType
LoginPolicyIDPProviderRemovedEventType = iamEventPrefix + login.LoginPolicyIDPProviderRemovedEventType
)
type AddedEvent struct {
login.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA bool,
passwordlessType login.PasswordlessType,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *login.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, login.LoginPolicyAddedEventType),
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA,
passwordlessType),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := login.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*login.AddedEvent)}, nil
}
type ChangedEvent struct {
login.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA bool,
passwordlessType login.PasswordlessType,
) (*ChangedEvent, error) {
event := login.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
LoginPolicyChangedEventType,
),
&current.Policy,
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA,
passwordlessType,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := login.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*login.ChangedEvent)}, nil
}

123
internal/v2/repository/iam/policy/login/factors/events.go Normal file
View File

@ -0,0 +1,123 @@
package factors
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/login/factors"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
LoginPolicySecondFactorAddedEventType = iamEventPrefix + factors.LoginPolicySecondFactorAddedEventType
LoginPolicySecondFactorRemovedEventType = iamEventPrefix + factors.LoginPolicySecondFactorRemovedEventType
LoginPolicyMultiFactorAddedEventType = iamEventPrefix + factors.LoginPolicyMultiFactorAddedEventType
LoginPolicyMultiFactorRemovedEventType = iamEventPrefix + factors.LoginPolicyMultiFactorRemovedEventType
)
type LoginPolicySecondFactorAddedEvent struct {
factors.SecondFactorAddedEvent
}
func NewLoginPolicySecondFactorAddedEvent(
ctx context.Context,
mfaType factors.SecondFactorType,
) *LoginPolicySecondFactorAddedEvent {
return &LoginPolicySecondFactorAddedEvent{
SecondFactorAddedEvent: *factors.NewSecondFactorAddedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicySecondFactorAddedEventType),
mfaType),
}
}
func SecondFactorAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := factors.SecondFactorAddedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicySecondFactorAddedEvent{
SecondFactorAddedEvent: *e.(*factors.SecondFactorAddedEvent),
}, nil
}
type LoginPolicySecondFactorRemovedEvent struct {
factors.SecondFactorRemovedEvent
}
func NewLoginPolicySecondFactorRemovedEvent(
ctx context.Context,
mfaType factors.SecondFactorType,
) *LoginPolicySecondFactorRemovedEvent {
return &LoginPolicySecondFactorRemovedEvent{
SecondFactorRemovedEvent: *factors.NewSecondFactorRemovedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicySecondFactorRemovedEventType),
mfaType),
}
}
func SecondFactorRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := factors.SecondFactorRemovedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicySecondFactorRemovedEvent{
SecondFactorRemovedEvent: *e.(*factors.SecondFactorRemovedEvent),
}, nil
}
type LoginPolicyMultiFactorAddedEvent struct {
factors.MultiFactorAddedEvent
}
func NewLoginPolicyMultiFactorAddedEvent(
ctx context.Context,
mfaType factors.MultiFactorType,
) *LoginPolicyMultiFactorAddedEvent {
return &LoginPolicyMultiFactorAddedEvent{
MultiFactorAddedEvent: *factors.NewMultiFactorAddedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicyMultiFactorAddedEventType),
mfaType),
}
}
func MultiFactorAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := factors.MultiFactorAddedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyMultiFactorAddedEvent{
MultiFactorAddedEvent: *e.(*factors.MultiFactorAddedEvent),
}, nil
}
type LoginPolicyMultiFactorRemovedEvent struct {
factors.MultiFactorRemovedEvent
}
func NewLoginPolicyMultiFactorRemovedEvent(
ctx context.Context,
mfaType factors.MultiFactorType,
) *LoginPolicyMultiFactorRemovedEvent {
return &LoginPolicyMultiFactorRemovedEvent{
MultiFactorRemovedEvent: *factors.NewMultiFactorRemovedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicyMultiFactorRemovedEventType),
mfaType),
}
}
func MultiFactorRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := factors.MultiFactorRemovedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyMultiFactorRemovedEvent{
MultiFactorRemovedEvent: *e.(*factors.MultiFactorRemovedEvent),
}, nil
}

80
internal/v2/repository/iam/policy/login/factors/write_model.go Normal file
View File

@ -0,0 +1,80 @@
package factors
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/login/factors"
)
const (
AggregateType = "iam"
)
type SecondFactorWriteModel struct {
eventstore.WriteModel
SecondFactor factors.SecondFactoryWriteModel
iamID string
}
func NewSecondFactorWriteModel(iamID string) *SecondFactorWriteModel {
return &SecondFactorWriteModel{
iamID: iamID,
}
}
func (wm *SecondFactorWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *LoginPolicySecondFactorAddedEvent:
wm.SecondFactor.AppendEvents(&e.SecondFactorAddedEvent)
}
}
}
func (wm *SecondFactorWriteModel) Reduce() error {
if err := wm.SecondFactor.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *SecondFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}
type MultiFactorWriteModel struct {
eventstore.WriteModel
MultiFactor factors.MultiFactoryWriteModel
iamID string
}
func NewMultiFactorWriteModel(iamID string) *MultiFactorWriteModel {
return &MultiFactorWriteModel{
iamID: iamID,
}
}
func (wm *MultiFactorWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *LoginPolicyMultiFactorAddedEvent:
wm.MultiFactor.AppendEvents(&e.MultiFactorAddedEvent)
}
}
}
func (wm *MultiFactorWriteModel) Reduce() error {
if err := wm.MultiFactor.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *MultiFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

66
internal/v2/repository/iam/policy/login/idpprovider/events.go Normal file
View File

@ -0,0 +1,66 @@
package idpprovider
import (
"context"
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
"github.com/caos/zitadel/internal/v2/repository/policy/login/idpprovider"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
)
type AddedEvent struct {
idpprovider.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
idpConfigID string,
idpProviderType provider.Type,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *idpprovider.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, login.LoginPolicyIDPProviderAddedEventType),
idpConfigID,
idpProviderType),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := idpprovider.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{
AddedEvent: *e.(*idpprovider.AddedEvent),
}, nil
}
type RemovedEvent struct {
idpprovider.RemovedEvent
}
func NewRemovedEvent(
ctx context.Context,
idpConfigID string,
) *RemovedEvent {
return &RemovedEvent{
RemovedEvent: *idpprovider.NewRemovedEvent(
eventstore.NewBaseEventForPush(ctx, login.LoginPolicyIDPProviderRemovedEventType),
idpConfigID),
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := idpprovider.RemovedEventMapper(event)
if err != nil {
return nil, err
}
return &RemovedEvent{
RemovedEvent: *e.(*idpprovider.RemovedEvent),
}, nil
}

66
internal/v2/repository/iam/policy/login/idpprovider/write_model.go Normal file
View File

@ -0,0 +1,66 @@
package idpprovider
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/login/idpprovider"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Provider idpprovider.WriteModel
idpConfigID string
iamID string
IsRemoved bool
}
func NewWriteModel(iamID, idpConfigID string) *WriteModel {
return &WriteModel{
iamID: iamID,
idpConfigID: idpConfigID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.Provider.AppendEvents(&e.AddedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.IsRemoved = false
case *RemovedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.IsRemoved = true
}
}
if err := wm.Provider.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

21
internal/v2/repository/iam/policy/login/read_model.go Normal file
View File

@ -0,0 +1,21 @@
package login
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
)
type ReadModel struct{ login.ReadModel }
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *login.AddedEvent, *login.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/login/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package login
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy login.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

70
internal/v2/repository/iam/policy/org_iam/events.go Normal file
View File

@ -0,0 +1,70 @@
package org_iam
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/org_iam"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
OrgIAMPolicyAddedEventType = iamEventPrefix + org_iam.OrgIAMPolicyAddedEventType
OrgIAMPolicyChangedEventType = iamEventPrefix + org_iam.OrgIAMPolicyChangedEventType
)
type AddedEvent struct {
org_iam.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
userLoginMustBeDomain bool,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *org_iam.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, OrgIAMPolicyAddedEventType),
userLoginMustBeDomain,
),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := org_iam.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*org_iam.AddedEvent)}, nil
}
type ChangedEvent struct {
org_iam.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
userLoginMustBeDomain bool,
) (*ChangedEvent, error) {
event := org_iam.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
OrgIAMPolicyChangedEventType,
),
&current.Policy,
userLoginMustBeDomain,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := org_iam.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*org_iam.ChangedEvent)}, nil
}

19
internal/v2/repository/iam/policy/org_iam/read_model.go Normal file
View File

@ -0,0 +1,19 @@
package org_iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/org_iam"
)
type ReadModel struct{ org_iam.ReadModel }
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *org_iam.AddedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/org_iam/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package org_iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/org_iam"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy org_iam.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

73
internal/v2/repository/iam/policy/password_age/events.go Normal file
View File

@ -0,0 +1,73 @@
package password_age
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/password_age"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
PasswordAgePolicyAddedEventType = iamEventPrefix + password_age.PasswordAgePolicyAddedEventType
PasswordAgePolicyChangedEventType = iamEventPrefix + password_age.PasswordAgePolicyChangedEventType
)
type AddedEvent struct {
password_age.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
expireWarnDays,
maxAgeDays uint64,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *password_age.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, PasswordAgePolicyAddedEventType),
expireWarnDays,
maxAgeDays),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_age.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*password_age.AddedEvent)}, nil
}
type ChangedEvent struct {
password_age.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
expireWarnDays,
maxAgeDays uint64,
) (*ChangedEvent, error) {
event := password_age.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
PasswordAgePolicyChangedEventType,
),
&current.Policy,
expireWarnDays,
maxAgeDays,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_age.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*password_age.ChangedEvent)}, nil
}

25
internal/v2/repository/iam/policy/password_age/read_model.go Normal file
View File

@ -0,0 +1,25 @@
package password_age
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_age"
)
type ReadModel struct {
password_age.ReadModel
}
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_age.AddedEvent,
*password_age.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/password_age/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package password_age
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_age"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy password_age.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

85
internal/v2/repository/iam/policy/password_complexity/events.go Normal file
View File

@ -0,0 +1,85 @@
package password_complexity
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/password_complexity"
)
const (
iamEventPrefix = eventstore.EventType("iam.")
PasswordComplexityPolicyAddedEventType = iamEventPrefix + password_complexity.PasswordComplexityPolicyAddedEventType
PasswordComplexityPolicyChangedEventType = iamEventPrefix + password_complexity.PasswordComplexityPolicyChangedEventType
)
type AddedEvent struct {
password_complexity.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
minLength uint64,
hasLowercase,
hasUppercase,
hasNumber,
hasSymbol bool,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *password_complexity.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, PasswordComplexityPolicyAddedEventType),
minLength,
hasLowercase,
hasUppercase,
hasNumber,
hasSymbol),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_complexity.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*password_complexity.AddedEvent)}, nil
}
type ChangedEvent struct {
password_complexity.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
minLength uint64,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol bool,
) (*ChangedEvent, error) {
event := password_complexity.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
PasswordComplexityPolicyChangedEventType,
),
&current.Policy,
minLength,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_complexity.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*password_complexity.ChangedEvent)}, nil
}

25
internal/v2/repository/iam/policy/password_complexity/read_model.go Normal file
View File

@ -0,0 +1,25 @@
package password_complexity
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_complexity"
)
type ReadModel struct {
password_complexity.ReadModel
}
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_complexity.AddedEvent,
*password_complexity.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/password_complexity/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package password_complexity
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_complexity"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy password_complexity.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

73
internal/v2/repository/iam/policy/password_lockout/events.go Normal file
View File

@ -0,0 +1,73 @@
package password_lockout
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy/password_lockout"
)
var (
iamEventPrefix = eventstore.EventType("iam.")
PasswordLockoutPolicyAddedEventType = iamEventPrefix + password_lockout.PasswordLockoutPolicyAddedEventType
PasswordLockoutPolicyChangedEventType = iamEventPrefix + password_lockout.PasswordLockoutPolicyChangedEventType
)
type AddedEvent struct {
password_lockout.AddedEvent
}
func NewAddedEvent(
ctx context.Context,
maxAttempts uint64,
showLockoutFailure bool,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *password_lockout.NewAddedEvent(
eventstore.NewBaseEventForPush(ctx, PasswordLockoutPolicyAddedEventType),
maxAttempts,
showLockoutFailure),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_lockout.AddedEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{AddedEvent: *e.(*password_lockout.AddedEvent)}, nil
}
type ChangedEvent struct {
password_lockout.ChangedEvent
}
func ChangedEventFromExisting(
ctx context.Context,
current *WriteModel,
maxAttempts uint64,
showLockoutFailure bool,
) (*ChangedEvent, error) {
event := password_lockout.NewChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
PasswordLockoutPolicyChangedEventType,
),
&current.Policy,
maxAttempts,
showLockoutFailure,
)
return &ChangedEvent{
*event,
}, nil
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := password_lockout.ChangedEventMapper(event)
if err != nil {
return nil, err
}
return &ChangedEvent{ChangedEvent: *e.(*password_lockout.ChangedEvent)}, nil
}

23
internal/v2/repository/iam/policy/password_lockout/read_model.go Normal file
View File

@ -0,0 +1,23 @@
package password_lockout
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_lockout"
)
type ReadModel struct {
password_lockout.ReadModel
}
func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_lockout.AddedEvent, *password_lockout.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}

47
internal/v2/repository/iam/policy/password_lockout/write_model.go Normal file
View File

@ -0,0 +1,47 @@
package password_lockout
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy/password_lockout"
)
const (
AggregateType = "iam"
)
type WriteModel struct {
eventstore.WriteModel
Policy password_lockout.WriteModel
iamID string
}
func NewWriteModel(iamID string) *WriteModel {
return &WriteModel{
iamID: iamID,
}
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.Policy.AppendEvents(&e.AddedEvent)
case *ChangedEvent:
wm.Policy.AppendEvents(&e.ChangedEvent)
}
}
}
func (wm *WriteModel) Reduce() error {
if err := wm.Policy.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *WriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}

83
internal/v2/repository/iam/policy_label.go
View File

@ -1,83 +0,0 @@
package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
LabelPolicyAddedEventType = iamEventTypePrefix + policy.LabelPolicyAddedEventType
LabelPolicyChangedEventType = iamEventTypePrefix + policy.LabelPolicyChangedEventType
)
type LabelPolicyReadModel struct{ policy.LabelPolicyReadModel }
func (rm *LabelPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *LabelPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.LabelPolicyAddedEvent)
case *LabelPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.LabelPolicyChangedEvent)
case *policy.LabelPolicyAddedEvent, *policy.LabelPolicyChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type LabelPolicyAddedEvent struct {
policy.LabelPolicyAddedEvent
}
func LabelPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.LabelPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &LabelPolicyAddedEvent{LabelPolicyAddedEvent: *e.(*policy.LabelPolicyAddedEvent)}, nil
}
type LabelPolicyChangedEvent struct {
policy.LabelPolicyChangedEvent
}
func LabelPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.LabelPolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &LabelPolicyChangedEvent{LabelPolicyChangedEvent: *e.(*policy.LabelPolicyChangedEvent)}, nil
}
// func NewLabelPolicyAddedEvent(
// ctx context.Context,
// primaryColor,
// secondaryColor string,
// ) *LabelPolicyAddedEvent {
// return &LabelPolicyAddedEvent{
// LabelPolicyAddedEvent: *policy.NewLabelPolicyAddedEvent(
// ctx,
// primaryColor,
// secondaryColor,
// ),
// }
// }
// func NewLabelPolicyChangedEvent(
// ctx context.Context,
// primaryColor,
// secondaryColor string,
// ) *MemberChangedEvent {
// return &LabelPolicyChangedEvent{
// LabelPolicyChangedEvent: *policy.NewLabelPolicyChangedEvent(
// ctx,
// primaryColor,
// secondaryColor,
// ),
// }
// }

171
internal/v2/repository/iam/policy_login.go
View File

@ -1,171 +0,0 @@
package iam
import (
"context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
LoginPolicyAddedEventType = iamEventTypePrefix + policy.LoginPolicyAddedEventType
LoginPolicyChangedEventType = iamEventTypePrefix + policy.LoginPolicyChangedEventType
LoginPolicyIDPProviderAddedEventType = iamEventTypePrefix + policy.LoginPolicyIDPProviderAddedEventType
LoginPolicyIDPProviderRemovedEventType = iamEventTypePrefix + policy.LoginPolicyIDPProviderRemovedEventType
)
type LoginPolicyReadModel struct{ policy.LoginPolicyReadModel }
func (rm *LoginPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *LoginPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.LoginPolicyAddedEvent)
case *LoginPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.LoginPolicyChangedEvent)
case *policy.LoginPolicyAddedEvent, *policy.LoginPolicyChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type LoginPolicyAddedEvent struct {
policy.LoginPolicyAddedEvent
}
func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.LoginPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyAddedEvent{LoginPolicyAddedEvent: *e.(*policy.LoginPolicyAddedEvent)}, nil
}
type LoginPolicyChangedEvent struct {
policy.LoginPolicyChangedEvent
}
func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.LoginPolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *e.(*policy.LoginPolicyChangedEvent)}, nil
}
type LoginPolicyIDPProviderWriteModel struct {
eventstore.WriteModel
policy.IDPProviderWriteModel
idpConfigID string
iamID string
IsRemoved bool
}
func NewLoginPolicyIDPProviderWriteModel(iamID, idpConfigID string) *LoginPolicyIDPProviderWriteModel {
return &LoginPolicyIDPProviderWriteModel{
iamID: iamID,
idpConfigID: idpConfigID,
}
}
func (wm *LoginPolicyIDPProviderWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *LoginPolicyIDPProviderAddedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.IDPProviderWriteModel.AppendEvents(&e.IDPProviderAddedEvent)
}
}
}
func (wm *LoginPolicyIDPProviderWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *LoginPolicyIDPProviderAddedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.IsRemoved = false
case *LoginPolicyIDPProviderRemovedEvent:
if e.IDPConfigID != wm.idpConfigID {
continue
}
wm.IsRemoved = true
}
}
if err := wm.IDPProviderWriteModel.Reduce(); err != nil {
return err
}
return wm.WriteModel.Reduce()
}
func (wm *LoginPolicyIDPProviderWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, AggregateType).
AggregateIDs(wm.iamID)
}
type LoginPolicyIDPProviderAddedEvent struct {
policy.IDPProviderAddedEvent
}
func NewLoginPolicyIDPProviderAddedEvent(
ctx context.Context,
idpConfigID string,
idpProviderType provider.Type,
) *LoginPolicyIDPProviderAddedEvent {
return &LoginPolicyIDPProviderAddedEvent{
IDPProviderAddedEvent: *policy.NewIDPProviderAddedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicyIDPProviderAddedEventType),
idpConfigID,
provider.TypeSystem),
}
}
func IDPProviderAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.IDPProviderAddedEventEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyIDPProviderAddedEvent{
IDPProviderAddedEvent: *e.(*policy.IDPProviderAddedEvent),
}, nil
}
type LoginPolicyIDPProviderRemovedEvent struct {
policy.IDPProviderRemovedEvent
}
func NewLoginPolicyIDPProviderRemovedEvent(
ctx context.Context,
idpConfigID string,
) *LoginPolicyIDPProviderRemovedEvent {
return &LoginPolicyIDPProviderRemovedEvent{
IDPProviderRemovedEvent: *policy.NewIDPProviderRemovedEvent(
eventstore.NewBaseEventForPush(ctx, LoginPolicyIDPProviderRemovedEventType),
idpConfigID),
}
}
func IDPProviderRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.IDPProviderRemovedEventEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyIDPProviderRemovedEvent{
IDPProviderRemovedEvent: *e.(*policy.IDPProviderRemovedEvent),
}, nil
}

37
internal/v2/repository/iam/policy_org_iam.go
View File

@ -1,37 +0,0 @@
package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
OrgIAMPolicyAddedEventType = iamEventTypePrefix + policy.OrgIAMPolicyAddedEventType
)
type OrgIAMPolicyReadModel struct{ policy.OrgIAMPolicyReadModel }
func (rm *OrgIAMPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *OrgIAMPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.OrgIAMPolicyAddedEvent)
case *policy.OrgIAMPolicyAddedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type OrgIAMPolicyAddedEvent struct {
policy.OrgIAMPolicyAddedEvent
}
func OrgIAMPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.OrgIAMPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &OrgIAMPolicyAddedEvent{OrgIAMPolicyAddedEvent: *e.(*policy.OrgIAMPolicyAddedEvent)}, nil
}

57
internal/v2/repository/iam/policy_password_age.go
View File

@ -1,57 +0,0 @@
package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
PasswordAgePolicyAddedEventType = iamEventTypePrefix + policy.PasswordAgePolicyAddedEventType
PasswordAgePolicyChangedEventType = iamEventTypePrefix + policy.PasswordAgePolicyChangedEventType
)
type PasswordAgePolicyReadModel struct {
policy.PasswordAgePolicyReadModel
}
func (rm *PasswordAgePolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordAgePolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordAgePolicyAddedEvent)
case *PasswordAgePolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordAgePolicyChangedEvent)
case *policy.PasswordAgePolicyAddedEvent,
*policy.PasswordAgePolicyChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordAgePolicyAddedEvent struct {
policy.PasswordAgePolicyAddedEvent
}
func PasswordAgePolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordAgePolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordAgePolicyAddedEvent{PasswordAgePolicyAddedEvent: *e.(*policy.PasswordAgePolicyAddedEvent)}, nil
}
type PasswordAgePolicyChangedEvent struct {
policy.PasswordAgePolicyChangedEvent
}
func PasswordAgePolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordAgePolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordAgePolicyChangedEvent{PasswordAgePolicyChangedEvent: *e.(*policy.PasswordAgePolicyChangedEvent)}, nil
}

57
internal/v2/repository/iam/policy_password_complexity.go
View File

@ -1,57 +0,0 @@
package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
PasswordComplexityPolicyAddedEventType = iamEventTypePrefix + policy.PasswordComplexityPolicyAddedEventType
PasswordComplexityPolicyChangedEventType = iamEventTypePrefix + policy.PasswordComplexityPolicyChangedEventType
)
type PasswordComplexityPolicyReadModel struct {
policy.PasswordComplexityPolicyReadModel
}
func (rm *PasswordComplexityPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordComplexityPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordComplexityPolicyAddedEvent)
case *PasswordComplexityPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordComplexityPolicyChangedEvent)
case *policy.PasswordComplexityPolicyAddedEvent,
*policy.PasswordComplexityPolicyChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordComplexityPolicyAddedEvent struct {
policy.PasswordComplexityPolicyAddedEvent
}
func PasswordComplexityPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordComplexityPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordComplexityPolicyAddedEvent{PasswordComplexityPolicyAddedEvent: *e.(*policy.PasswordComplexityPolicyAddedEvent)}, nil
}
type PasswordComplexityPolicyChangedEvent struct {
policy.PasswordComplexityPolicyChangedEvent
}
func PasswordComplexityPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordComplexityPolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordComplexityPolicyChangedEvent{PasswordComplexityPolicyChangedEvent: *e.(*policy.PasswordComplexityPolicyChangedEvent)}, nil
}

55
internal/v2/repository/iam/policy_password_lockout.go
View File

@ -1,55 +0,0 @@
package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/policy"
)
var (
PasswordLockoutPolicyAddedEventType = iamEventTypePrefix + policy.PasswordLockoutPolicyAddedEventType
PasswordLockoutPolicyChangedEventType = iamEventTypePrefix + policy.PasswordLockoutPolicyChangedEventType
)
type PasswordLockoutPolicyReadModel struct {
policy.PasswordLockoutPolicyReadModel
}
func (rm *PasswordLockoutPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordLockoutPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent)
case *PasswordLockoutPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent)
case *policy.PasswordLockoutPolicyAddedEvent, *policy.PasswordLockoutPolicyChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordLockoutPolicyAddedEvent struct {
policy.PasswordLockoutPolicyAddedEvent
}
func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordLockoutPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordLockoutPolicyAddedEvent{PasswordLockoutPolicyAddedEvent: *e.(*policy.PasswordLockoutPolicyAddedEvent)}, nil
}
type PasswordLockoutPolicyChangedEvent struct {
policy.PasswordLockoutPolicyChangedEvent
}
func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := policy.PasswordLockoutPolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *e.(*policy.PasswordLockoutPolicyChangedEvent)}, nil
}

47
internal/v2/repository/iam/read_model.go
View File

@ -2,8 +2,19 @@ package iam
import (
"github.com/caos/zitadel/internal/eventstore/v2"
iam_label "github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
iam_login "github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
iam_org_iam "github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
iam_password_age "github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
iam_password_complexity "github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
iam_password_lockout "github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
"github.com/caos/zitadel/internal/v2/repository/member"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/label"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
"github.com/caos/zitadel/internal/v2/repository/policy/org_iam"
"github.com/caos/zitadel/internal/v2/repository/policy/password_age"
"github.com/caos/zitadel/internal/v2/repository/policy/password_complexity"
"github.com/caos/zitadel/internal/v2/repository/policy/password_lockout"
)
type ReadModel struct {
@ -18,12 +29,12 @@ type ReadModel struct {
GlobalOrgID string
ProjectID string
DefaultLoginPolicy LoginPolicyReadModel
DefaultLabelPolicy LabelPolicyReadModel
DefaultOrgIAMPolicy OrgIAMPolicyReadModel
DefaultPasswordComplexityPolicy PasswordComplexityPolicyReadModel
DefaultPasswordAgePolicy PasswordAgePolicyReadModel
DefaultPasswordLockoutPolicy PasswordLockoutPolicyReadModel
DefaultLoginPolicy iam_login.ReadModel
DefaultLabelPolicy iam_label.ReadModel
DefaultOrgIAMPolicy iam_org_iam.ReadModel
DefaultPasswordComplexityPolicy iam_password_complexity.ReadModel
DefaultPasswordAgePolicy iam_password_age.ReadModel
DefaultPasswordLockoutPolicy iam_password_lockout.ReadModel
}
func NewReadModel(id string) *ReadModel {
@ -60,26 +71,26 @@ func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
*IDPOIDCConfigChangedEvent:
rm.IDPs.AppendEvents(event)
case *policy.LabelPolicyAddedEvent,
*policy.LabelPolicyChangedEvent:
case *label.AddedEvent,
*label.ChangedEvent:
rm.DefaultLabelPolicy.AppendEvents(event)
case *policy.LoginPolicyAddedEvent,
*policy.LoginPolicyChangedEvent:
case *login.AddedEvent,
*login.ChangedEvent:
rm.DefaultLoginPolicy.AppendEvents(event)
case *policy.OrgIAMPolicyAddedEvent:
case *org_iam.AddedEvent:
rm.DefaultOrgIAMPolicy.AppendEvents(event)
case *policy.PasswordComplexityPolicyAddedEvent,
*policy.PasswordComplexityPolicyChangedEvent:
case *password_complexity.AddedEvent,
*password_complexity.ChangedEvent:
rm.DefaultPasswordComplexityPolicy.AppendEvents(event)
case *policy.PasswordAgePolicyAddedEvent,
*policy.PasswordAgePolicyChangedEvent:
case *password_age.AddedEvent,
*password_age.ChangedEvent:
rm.DefaultPasswordAgePolicy.AppendEvents(event)
case *policy.PasswordLockoutPolicyAddedEvent,
*policy.PasswordLockoutPolicyChangedEvent:
case *password_lockout.AddedEvent,
*password_lockout.ChangedEvent:
rm.DefaultPasswordLockoutPolicy.AppendEvents(event)
}

32
internal/v2/repository/org/policy_label.go
View File

@ -2,45 +2,45 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/label"
)
var (
LabelPolicyAddedEventType = orgEventTypePrefix + policy.LabelPolicyAddedEventType
LabelPolicyChangedEventType = orgEventTypePrefix + policy.LabelPolicyChangedEventType
LabelPolicyAddedEventType = orgEventTypePrefix + label.LabelPolicyAddedEventType
LabelPolicyChangedEventType = orgEventTypePrefix + label.LabelPolicyChangedEventType
)
type LabelPolicyReadModel struct{ policy.LabelPolicyReadModel }
type LabelPolicyReadModel struct{ label.ReadModel }
func (rm *LabelPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *LabelPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.LabelPolicyAddedEvent)
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *LabelPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.LabelPolicyChangedEvent)
case *policy.LabelPolicyAddedEvent, *policy.LabelPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *label.AddedEvent, *label.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type LabelPolicyAddedEvent struct {
policy.LabelPolicyAddedEvent
label.AddedEvent
}
type LabelPolicyChangedEvent struct {
policy.LabelPolicyChangedEvent
label.ChangedEvent
}
// func NewLabelPolicyAddedEvent(
// func NewAddedEvent(
// ctx context.Context,
// primaryColor,
// secondaryColor string,
// ) *LabelPolicyAddedEvent {
// ) *AddedEvent {
// return &LabelPolicyAddedEvent{
// LabelPolicyAddedEvent: *policy.NewLabelPolicyAddedEvent(
// return &AddedEvent{
// AddedEvent: *policy.NewAddedEvent(
// ctx,
// primaryColor,
// secondaryColor,
@ -48,14 +48,14 @@ type LabelPolicyChangedEvent struct {
// }
// }
// func NewLabelPolicyChangedEvent(
// func NewChangedEvent(
// ctx context.Context,
// primaryColor,
// secondaryColor string,
// ) *MemberChangedEvent {
// return &LabelPolicyChangedEvent{
// LabelPolicyChangedEvent: *policy.NewLabelPolicyChangedEvent(
// return &ChangedEvent{
// ChangedEvent: *policy.NewChangedEvent(
// ctx,
// primaryColor,
// secondaryColor,

18
internal/v2/repository/org/policy_login.go
View File

@ -2,33 +2,33 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/login"
)
var (
LoginPolicyAddedEventType = orgEventTypePrefix + policy.LoginPolicyAddedEventType
LoginPolicyChangedEventType = orgEventTypePrefix + policy.LoginPolicyChangedEventType
LoginPolicyAddedEventType = orgEventTypePrefix + login.LoginPolicyAddedEventType
LoginPolicyChangedEventType = orgEventTypePrefix + login.LoginPolicyChangedEventType
)
type LoginPolicyReadModel struct{ policy.LoginPolicyReadModel }
type LoginPolicyReadModel struct{ login.ReadModel }
func (rm *LoginPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *LoginPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.LoginPolicyAddedEvent)
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *LoginPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.LoginPolicyChangedEvent)
case *policy.LoginPolicyAddedEvent, *policy.LoginPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *login.AddedEvent, *login.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type LoginPolicyAddedEvent struct {
policy.LoginPolicyAddedEvent
login.AddedEvent
}
type LoginPolicyChangedEvent struct {
policy.LoginPolicyChangedEvent
login.ChangedEvent
}

12
internal/v2/repository/org/policy_org_iam.go
View File

@ -2,26 +2,26 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/org_iam"
)
var (
OrgIAMPolicyAddedEventType = orgEventTypePrefix + policy.OrgIAMPolicyAddedEventType
OrgIAMPolicyAddedEventType = orgEventTypePrefix + org_iam.OrgIAMPolicyAddedEventType
)
type OrgIAMPolicyReadModel struct{ policy.OrgIAMPolicyReadModel }
type OrgIAMPolicyReadModel struct{ org_iam.ReadModel }
func (rm *OrgIAMPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *OrgIAMPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.OrgIAMPolicyAddedEvent)
case *policy.OrgIAMPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *org_iam.AddedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type OrgIAMPolicyAddedEvent struct {
policy.OrgIAMPolicyAddedEvent
org_iam.AddedEvent
}

18
internal/v2/repository/org/policy_password_age.go
View File

@ -2,35 +2,35 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/password_age"
)
var (
PasswordAgePolicyAddedEventType = orgEventTypePrefix + policy.PasswordAgePolicyAddedEventType
PasswordAgePolicyChangedEventType = orgEventTypePrefix + policy.PasswordAgePolicyChangedEventType
PasswordAgePolicyAddedEventType = orgEventTypePrefix + password_age.PasswordAgePolicyAddedEventType
PasswordAgePolicyChangedEventType = orgEventTypePrefix + password_age.PasswordAgePolicyChangedEventType
)
type PasswordAgePolicyReadModel struct {
policy.PasswordAgePolicyReadModel
password_age.ReadModel
}
func (rm *PasswordAgePolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordAgePolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordAgePolicyAddedEvent)
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *PasswordAgePolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordAgePolicyChangedEvent)
case *policy.PasswordAgePolicyAddedEvent, *policy.PasswordAgePolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_age.AddedEvent, *password_age.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordAgePolicyAddedEvent struct {
policy.PasswordAgePolicyAddedEvent
password_age.AddedEvent
}
type PasswordAgePolicyChangedEvent struct {
policy.PasswordAgePolicyChangedEvent
password_age.ChangedEvent
}

18
internal/v2/repository/org/policy_password_complexity.go
View File

@ -2,35 +2,35 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/password_complexity"
)
var (
PasswordComplexityPolicyAddedEventType = orgEventTypePrefix + policy.PasswordComplexityPolicyAddedEventType
PasswordComplexityPolicyChangedEventType = orgEventTypePrefix + policy.PasswordComplexityPolicyChangedEventType
PasswordComplexityPolicyAddedEventType = orgEventTypePrefix + password_complexity.PasswordComplexityPolicyAddedEventType
PasswordComplexityPolicyChangedEventType = orgEventTypePrefix + password_complexity.PasswordComplexityPolicyChangedEventType
)
type PasswordComplexityPolicyReadModel struct {
policy.PasswordComplexityPolicyReadModel
password_complexity.ReadModel
}
func (rm *PasswordComplexityPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordComplexityPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordComplexityPolicyAddedEvent)
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *PasswordComplexityPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordComplexityPolicyChangedEvent)
case *policy.PasswordComplexityPolicyAddedEvent, *policy.PasswordComplexityPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_complexity.AddedEvent, *password_complexity.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordComplexityPolicyAddedEvent struct {
policy.PasswordComplexityPolicyAddedEvent
password_complexity.AddedEvent
}
type PasswordComplexityPolicyChangedEvent struct {
policy.PasswordComplexityPolicyChangedEvent
password_complexity.ChangedEvent
}

18
internal/v2/repository/org/policy_password_lockout.go
View File

@ -2,35 +2,35 @@ package org
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/policy"
"github.com/caos/zitadel/internal/v2/repository/policy/password_lockout"
)
var (
PasswordLockoutPolicyAddedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyAddedEventType
PasswordLockoutPolicyChangedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyChangedEventType
PasswordLockoutPolicyAddedEventType = orgEventTypePrefix + password_lockout.PasswordLockoutPolicyAddedEventType
PasswordLockoutPolicyChangedEventType = orgEventTypePrefix + password_lockout.PasswordLockoutPolicyChangedEventType
)
type PasswordLockoutPolicyReadModel struct {
policy.PasswordLockoutPolicyReadModel
password_lockout.ReadModel
}
func (rm *PasswordLockoutPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *PasswordLockoutPolicyAddedEvent:
rm.ReadModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent)
rm.ReadModel.AppendEvents(&e.AddedEvent)
case *PasswordLockoutPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent)
case *policy.PasswordLockoutPolicyAddedEvent, *policy.PasswordLockoutPolicyChangedEvent:
rm.ReadModel.AppendEvents(&e.ChangedEvent)
case *password_lockout.AddedEvent, *password_lockout.ChangedEvent:
rm.ReadModel.AppendEvents(e)
}
}
}
type PasswordLockoutPolicyAddedEvent struct {
policy.PasswordLockoutPolicyAddedEvent
password_lockout.AddedEvent
}
type PasswordLockoutPolicyChangedEvent struct {
policy.PasswordLockoutPolicyChangedEvent
password_lockout.ChangedEvent
}

160
internal/v2/repository/policy/label.go
View File

@ -1,160 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
LabelPolicyAddedEventType = "policy.label.added"
LabelPolicyChangedEventType = "policy.label.changed"
LabelPolicyRemovedEventType = "policy.label.removed"
)
type LabelPolicyReadModel struct {
eventstore.ReadModel
PrimaryColor string
SecondaryColor string
}
func (rm *LabelPolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *LabelPolicyAddedEvent:
rm.PrimaryColor = e.PrimaryColor
rm.SecondaryColor = e.SecondaryColor
case *LabelPolicyChangedEvent:
rm.PrimaryColor = e.PrimaryColor
rm.SecondaryColor = e.SecondaryColor
}
}
return rm.ReadModel.Reduce()
}
type LabelPolicyWriteModel struct {
eventstore.WriteModel
PrimaryColor string
SecondaryColor string
}
func (wm *LabelPolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type LabelPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
PrimaryColor string `json:"primaryColor,omitempty"`
SecondaryColor string `json:"secondaryColor,omitempty"`
}
func (e *LabelPolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *LabelPolicyAddedEvent) Data() interface{} {
return e
}
func NewLabelPolicyAddedEvent(
base *eventstore.BaseEvent,
primaryColor,
secondaryColor string,
) *LabelPolicyAddedEvent {
return &LabelPolicyAddedEvent{
BaseEvent: *base,
PrimaryColor: primaryColor,
SecondaryColor: secondaryColor,
}
}
func LabelPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &LabelPolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy")
}
return e, nil
}
type LabelPolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"`
PrimaryColor string `json:"primaryColor,omitempty"`
SecondaryColor string `json:"secondaryColor,omitempty"`
}
func (e *LabelPolicyChangedEvent) CheckPrevious() bool {
return true
}
func (e *LabelPolicyChangedEvent) Data() interface{} {
return e
}
func NewLabelPolicyChangedEvent(
base *eventstore.BaseEvent,
current *LabelPolicyWriteModel,
primaryColor,
secondaryColor string,
) *LabelPolicyChangedEvent {
e := &LabelPolicyChangedEvent{
BaseEvent: *base,
}
if primaryColor != "" && current.PrimaryColor != primaryColor {
e.PrimaryColor = primaryColor
}
if secondaryColor != "" && current.SecondaryColor != secondaryColor {
e.SecondaryColor = secondaryColor
}
return e
}
func LabelPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &LabelPolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy")
}
return e, nil
}
type LabelPolicyRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *LabelPolicyRemovedEvent) CheckPrevious() bool {
return true
}
func (e *LabelPolicyRemovedEvent) Data() interface{} {
return nil
}
func NewLabelPolicyRemovedEvent(base *eventstore.BaseEvent) *LabelPolicyRemovedEvent {
return &LabelPolicyRemovedEvent{
BaseEvent: *base,
}
}
func LabelPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &LabelPolicyRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

127
internal/v2/repository/policy/label/events.go Normal file
View File

@ -0,0 +1,127 @@
package label
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
LabelPolicyAddedEventType = "policy.label.added"
LabelPolicyChangedEventType = "policy.label.changed"
LabelPolicyRemovedEventType = "policy.label.removed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
PrimaryColor string `json:"primaryColor,omitempty"`
SecondaryColor string `json:"secondaryColor,omitempty"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
primaryColor,
secondaryColor string,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
PrimaryColor: primaryColor,
SecondaryColor: secondaryColor,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
PrimaryColor string `json:"primaryColor,omitempty"`
SecondaryColor string `json:"secondaryColor,omitempty"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
primaryColor,
secondaryColor string,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if primaryColor != "" && current.PrimaryColor != primaryColor {
e.PrimaryColor = primaryColor
}
if secondaryColor != "" && current.SecondaryColor != secondaryColor {
e.SecondaryColor = secondaryColor
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy")
}
return e, nil
}
type RemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *RemovedEvent) CheckPrevious() bool {
return true
}
func (e *RemovedEvent) Data() interface{} {
return nil
}
func NewRemovedEvent(base *eventstore.BaseEvent) *RemovedEvent {
return &RemovedEvent{
BaseEvent: *base,
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &RemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

24
internal/v2/repository/policy/label/read_model.go Normal file
View File

@ -0,0 +1,24 @@
package label
import "github.com/caos/zitadel/internal/eventstore/v2"
type ReadModel struct {
eventstore.ReadModel
PrimaryColor string
SecondaryColor string
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.PrimaryColor = e.PrimaryColor
rm.SecondaryColor = e.SecondaryColor
case *ChangedEvent:
rm.PrimaryColor = e.PrimaryColor
rm.SecondaryColor = e.SecondaryColor
}
}
return rm.ReadModel.Reduce()
}

26
internal/v2/repository/policy/label/write_model.go Normal file
View File

@ -0,0 +1,26 @@
package label
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type WriteModel struct {
eventstore.WriteModel
PrimaryColor string
SecondaryColor string
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.PrimaryColor = e.PrimaryColor
wm.SecondaryColor = e.SecondaryColor
case *ChangedEvent:
wm.PrimaryColor = e.PrimaryColor
wm.SecondaryColor = e.SecondaryColor
}
}
return wm.WriteModel.Reduce()
}

243
internal/v2/repository/policy/login.go
View File

@ -1,243 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
)
const (
LoginPolicyAddedEventType = "policy.login.added"
LoginPolicyChangedEventType = "policy.login.changed"
LoginPolicyRemovedEventType = "policy.login.removed"
LoginPolicyIDPProviderAddedEventType = "policy.login." + provider.AddedEventType
LoginPolicyIDPProviderRemovedEventType = "policy.login." + provider.RemovedEventType
)
type LoginPolicyReadModel struct {
eventstore.ReadModel
AllowUserNamePassword bool
AllowRegister bool
AllowExternalIDP bool
}
func (rm *LoginPolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *LoginPolicyAddedEvent:
rm.AllowUserNamePassword = e.AllowUserNamePassword
rm.AllowExternalIDP = e.AllowExternalIDP
rm.AllowRegister = e.AllowRegister
case *LoginPolicyChangedEvent:
rm.AllowUserNamePassword = e.AllowUserNamePassword
rm.AllowExternalIDP = e.AllowExternalIDP
rm.AllowRegister = e.AllowRegister
}
}
return rm.ReadModel.Reduce()
}
type LoginPolicyWriteModel struct {
eventstore.WriteModel
AllowUserNamePassword bool
AllowRegister bool
AllowExternalIDP bool
}
func (wm *LoginPolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type LoginPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
AllowUserNamePassword bool `json:"allowUsernamePassword"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIDP bool `json:"allowExternalIdp"`
}
func (e *LoginPolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *LoginPolicyAddedEvent) Data() interface{} {
return e
}
func NewLoginPolicyAddedEvent(
base *eventstore.BaseEvent,
allowUserNamePassword,
allowRegister,
allowExternalIDP bool,
) *LoginPolicyAddedEvent {
return &LoginPolicyAddedEvent{
BaseEvent: *base,
AllowExternalIDP: allowExternalIDP,
AllowRegister: allowRegister,
AllowUserNamePassword: allowUserNamePassword,
}
}
func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &LoginPolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy")
}
return e, nil
}
type LoginPolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"`
AllowUserNamePassword bool `json:"allowUsernamePassword,omitempty"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIDP bool `json:"allowExternalIdp"`
}
func (e *LoginPolicyChangedEvent) CheckPrevious() bool {
return true
}
func (e *LoginPolicyChangedEvent) Data() interface{} {
return e
}
func NewLoginPolicyChangedEvent(
base *eventstore.BaseEvent,
current *LoginPolicyWriteModel,
allowUserNamePassword,
allowRegister,
allowExternalIDP bool,
) *LoginPolicyChangedEvent {
e := &LoginPolicyChangedEvent{
BaseEvent: *base,
}
if current.AllowUserNamePassword != allowUserNamePassword {
e.AllowUserNamePassword = allowUserNamePassword
}
if current.AllowRegister != allowRegister {
e.AllowRegister = allowRegister
}
if current.AllowExternalIDP != allowExternalIDP {
e.AllowExternalIDP = allowExternalIDP
}
return e
}
func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &LoginPolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy")
}
return e, nil
}
type LoginPolicyRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *LoginPolicyRemovedEvent) CheckPrevious() bool {
return true
}
func (e *LoginPolicyRemovedEvent) Data() interface{} {
return nil
}
func NewLoginPolicyRemovedEvent(base *eventstore.BaseEvent) *LoginPolicyRemovedEvent {
return &LoginPolicyRemovedEvent{
BaseEvent: *base,
}
}
func LoginPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &LoginPolicyRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}
type IDPProviderWriteModel struct {
provider.WriteModel
}
func (wm *IDPProviderWriteModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *IDPProviderAddedEvent:
wm.WriteModel.AppendEvents(&e.AddedEvent)
}
}
}
type IDPProviderAddedEvent struct {
provider.AddedEvent
}
func NewIDPProviderAddedEvent(
base *eventstore.BaseEvent,
idpConfigID string,
idpProviderType provider.Type,
) *IDPProviderAddedEvent {
return &IDPProviderAddedEvent{
AddedEvent: *provider.NewAddedEvent(
base,
idpConfigID,
idpProviderType),
}
}
func IDPProviderAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := provider.AddedEventEventMapper(event)
if err != nil {
return nil, err
}
return &IDPProviderAddedEvent{
AddedEvent: *e.(*provider.AddedEvent),
}, nil
}
type IDPProviderRemovedEvent struct {
provider.RemovedEvent
}
func NewIDPProviderRemovedEvent(
base *eventstore.BaseEvent,
idpConfigID string,
) *IDPProviderRemovedEvent {
return &IDPProviderRemovedEvent{
RemovedEvent: *provider.NewRemovedEvent(base, idpConfigID),
}
}
func IDPProviderRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := provider.RemovedEventEventMapper(event)
if err != nil {
return nil, err
}
return &IDPProviderRemovedEvent{
RemovedEvent: *e.(*provider.RemovedEvent),
}, nil
}

155
internal/v2/repository/policy/login/events.go Normal file
View File

@ -0,0 +1,155 @@
package login
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
)
const (
loginPolicyPrefix = "policy.login."
LoginPolicyAddedEventType = loginPolicyPrefix + "added"
LoginPolicyChangedEventType = loginPolicyPrefix + "changed"
LoginPolicyRemovedEventType = loginPolicyPrefix + "removed"
LoginPolicyIDPProviderAddedEventType = loginPolicyPrefix + provider.AddedEventType
LoginPolicyIDPProviderRemovedEventType = loginPolicyPrefix + provider.RemovedEventType
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
AllowUserNamePassword bool `json:"allowUsernamePassword"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIDP bool `json:"allowExternalIdp"`
ForceMFA bool `json:"forceMFA"`
PasswordlessType PasswordlessType `json:"passwordlessType"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
allowUserNamePassword,
allowRegister,
allowExternalIDP,
forceMFA bool,
passwordlessType PasswordlessType,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
AllowExternalIDP: allowExternalIDP,
AllowRegister: allowRegister,
AllowUserNamePassword: allowUserNamePassword,
ForceMFA: forceMFA,
PasswordlessType: passwordlessType,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
AllowUserNamePassword bool `json:"allowUsernamePassword,omitempty"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIDP bool `json:"allowExternalIdp"`
ForceMFA bool `json:"forceMFA"`
PasswordlessType PasswordlessType `json:"passwordlessType"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
allowUserNamePassword,
allowRegister,
allowExternalIDP,
forceMFA bool,
passwordlessType PasswordlessType,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if current.AllowUserNamePassword != allowUserNamePassword {
e.AllowUserNamePassword = allowUserNamePassword
}
if current.AllowRegister != allowRegister {
e.AllowRegister = allowRegister
}
if current.AllowExternalIDP != allowExternalIDP {
e.AllowExternalIDP = allowExternalIDP
}
if current.ForceMFA != forceMFA {
e.ForceMFA = forceMFA
}
if current.PasswordlessType != passwordlessType {
e.PasswordlessType = passwordlessType
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy")
}
return e, nil
}
type RemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *RemovedEvent) CheckPrevious() bool {
return true
}
func (e *RemovedEvent) Data() interface{} {
return nil
}
func NewRemovedEvent(base *eventstore.BaseEvent) *RemovedEvent {
return &RemovedEvent{
BaseEvent: *base,
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &RemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

164
internal/v2/repository/policy/login/factors/events.go Normal file
View File

@ -0,0 +1,164 @@
package factors
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
loginPolicySecondFactorPrefix = "policy.login.secondfactor."
LoginPolicySecondFactorAddedEventType = loginPolicySecondFactorPrefix + "added"
LoginPolicySecondFactorRemovedEventType = loginPolicySecondFactorPrefix + "removed"
loginPolicyMultiFactorPrefix = "policy.login.multifactor."
LoginPolicyMultiFactorAddedEventType = loginPolicyMultiFactorPrefix + "added"
LoginPolicyMultiFactorRemovedEventType = loginPolicyMultiFactorPrefix + "removed"
)
type SecondFactorAddedEvent struct {
eventstore.BaseEvent `json:"-"`
MFAType SecondFactorType `json:"mfaType"`
}
func NewSecondFactorAddedEvent(
base *eventstore.BaseEvent,
mfaType SecondFactorType,
) *SecondFactorAddedEvent {
return &SecondFactorAddedEvent{
BaseEvent: *base,
MFAType: mfaType,
}
}
func SecondFactorAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &SecondFactorAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-Lp0dE", "unable to unmarshal policy")
}
return e, nil
}
func (e *SecondFactorAddedEvent) CheckPrevious() bool {
return true
}
func (e *SecondFactorAddedEvent) Data() interface{} {
return e
}
type SecondFactorRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
MFAType SecondFactorType `json:"mfaType"`
}
func NewSecondFactorRemovedEvent(
base *eventstore.BaseEvent,
mfaType SecondFactorType,
) *SecondFactorRemovedEvent {
return &SecondFactorRemovedEvent{
BaseEvent: *base,
MFAType: mfaType,
}
}
func SecondFactorRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &SecondFactorRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-5M9gd", "unable to unmarshal policy")
}
return e, nil
}
func (e *SecondFactorRemovedEvent) CheckPrevious() bool {
return true
}
func (e *SecondFactorRemovedEvent) Data() interface{} {
return e
}
type MultiFactorAddedEvent struct {
eventstore.BaseEvent `json:"-"`
MFAType MultiFactorType `json:"mfaType"`
}
func NewMultiFactorAddedEvent(
base *eventstore.BaseEvent,
mfaType MultiFactorType,
) *MultiFactorAddedEvent {
return &MultiFactorAddedEvent{
BaseEvent: *base,
MFAType: mfaType,
}
}
func MultiFactorAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &MultiFactorAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-5Ms90", "unable to unmarshal policy")
}
return e, nil
}
func (e *MultiFactorAddedEvent) CheckPrevious() bool {
return true
}
func (e *MultiFactorAddedEvent) Data() interface{} {
return e
}
type MultiFactorRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
MFAType MultiFactorType `json:"mfaType"`
}
func NewMultiFactorRemovedEvent(
base *eventstore.BaseEvent,
mfaType MultiFactorType,
) *MultiFactorRemovedEvent {
return &MultiFactorRemovedEvent{
BaseEvent: *base,
MFAType: mfaType,
}
}
func MultiFactorRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &MultiFactorRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-1N8sd", "unable to unmarshal policy")
}
return e, nil
}
func (e *MultiFactorRemovedEvent) CheckPrevious() bool {
return true
}
func (e *MultiFactorRemovedEvent) Data() interface{} {
return e
}

16
internal/v2/repository/policy/login/factors/factors.go Normal file
View File

@ -0,0 +1,16 @@
package factors
type SecondFactorType int32
const (
SecondFactorTypeUnspecified SecondFactorType = iota
SecondFactorTypeOTP
SecondFactorTypeU2F
)
type MultiFactorType int32
const (
MultiFactorTypeUnspecified MultiFactorType = iota
MultiFactorTypeU2FWithPIN
)

37
internal/v2/repository/policy/login/factors/write_model.go Normal file
View File

@ -0,0 +1,37 @@
package factors
import "github.com/caos/zitadel/internal/eventstore/v2"
type SecondFactoryWriteModel struct {
eventstore.WriteModel
MFAType SecondFactorType
}
func (wm *SecondFactoryWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *SecondFactorAddedEvent:
wm.MFAType = e.MFAType
case *SecondFactorRemovedEvent:
wm.MFAType = e.MFAType
}
}
return wm.WriteModel.Reduce()
}
type MultiFactoryWriteModel struct {
eventstore.WriteModel
MFAType MultiFactorType
}
func (wm *MultiFactoryWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *MultiFactorAddedEvent:
wm.MFAType = e.MFAType
case *MultiFactorRemovedEvent:
wm.MFAType = e.MFAType
}
}
return wm.WriteModel.Reduce()
}

60
internal/v2/repository/policy/login/idpprovider/events.go Normal file
View File

@ -0,0 +1,60 @@
package idpprovider
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
)
type AddedEvent struct {
provider.AddedEvent
}
func NewAddedEvent(
base *eventstore.BaseEvent,
idpConfigID string,
idpProviderType provider.Type,
) *AddedEvent {
return &AddedEvent{
AddedEvent: *provider.NewAddedEvent(
base,
idpConfigID,
idpProviderType),
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := provider.AddedEventEventMapper(event)
if err != nil {
return nil, err
}
return &AddedEvent{
AddedEvent: *e.(*provider.AddedEvent),
}, nil
}
type RemovedEvent struct {
provider.RemovedEvent
}
func NewRemovedEvent(
base *eventstore.BaseEvent,
idpConfigID string,
) *RemovedEvent {
return &RemovedEvent{
RemovedEvent: *provider.NewRemovedEvent(base, idpConfigID),
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e, err := provider.RemovedEventEventMapper(event)
if err != nil {
return nil, err
}
return &RemovedEvent{
RemovedEvent: *e.(*provider.RemovedEvent),
}, nil
}

19
internal/v2/repository/policy/login/idpprovider/write_model.go Normal file
View File

@ -0,0 +1,19 @@
package idpprovider
import (
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
)
type WriteModel struct {
provider.WriteModel
}
func (wm *WriteModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events {
switch e := event.(type) {
case *AddedEvent:
wm.WriteModel.AppendEvents(&e.AddedEvent)
}
}
}

8
internal/v2/repository/policy/login/login.go Normal file
View File

@ -0,0 +1,8 @@
package login
type PasswordlessType int32
const (
PasswordlessTypeNotAllowed PasswordlessType = iota
PasswordlessTypeAllowed
)

35
internal/v2/repository/policy/login/read_model.go Normal file
View File

@ -0,0 +1,35 @@
package login
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type ReadModel struct {
eventstore.ReadModel
AllowUserNamePassword bool
AllowRegister bool
AllowExternalIDP bool
ForceMFA bool
PasswordlessType PasswordlessType
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.AllowUserNamePassword = e.AllowUserNamePassword
rm.AllowExternalIDP = e.AllowExternalIDP
rm.AllowRegister = e.AllowRegister
rm.ForceMFA = e.ForceMFA
rm.PasswordlessType = e.PasswordlessType
case *ChangedEvent:
rm.AllowUserNamePassword = e.AllowUserNamePassword
rm.AllowExternalIDP = e.AllowExternalIDP
rm.AllowRegister = e.AllowRegister
rm.ForceMFA = e.ForceMFA
rm.PasswordlessType = e.PasswordlessType
}
}
return rm.ReadModel.Reduce()
}

35
internal/v2/repository/policy/login/write_model.go Normal file
View File

@ -0,0 +1,35 @@
package login
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type WriteModel struct {
eventstore.WriteModel
AllowUserNamePassword bool
AllowRegister bool
AllowExternalIDP bool
ForceMFA bool
PasswordlessType PasswordlessType
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.AllowRegister = e.AllowRegister
wm.AllowUserNamePassword = e.AllowUserNamePassword
wm.AllowExternalIDP = e.AllowExternalIDP
wm.ForceMFA = e.ForceMFA
wm.PasswordlessType = e.PasswordlessType
case *ChangedEvent:
wm.AllowRegister = e.AllowRegister
wm.AllowUserNamePassword = e.AllowUserNamePassword
wm.AllowExternalIDP = e.AllowExternalIDP
wm.ForceMFA = e.ForceMFA
wm.PasswordlessType = e.PasswordlessType
}
}
return wm.WriteModel.Reduce()
}

81
internal/v2/repository/policy/org_iam.go
View File

@ -1,81 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
OrgIAMPolicyAddedEventType = "policy.org.iam.added"
)
type OrgIAMPolicyAggregate struct {
eventstore.Aggregate
}
type OrgIAMPolicyReadModel struct {
eventstore.ReadModel
UserLoginMustBeDomain bool
}
func (rm *OrgIAMPolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *OrgIAMPolicyAddedEvent:
rm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
}
}
return rm.ReadModel.Reduce()
}
type OrgIAMPolicyWriteModel struct {
eventstore.WriteModel
UserLoginMustBeDomain bool
}
func (wm *OrgIAMPolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type OrgIAMPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
UserLoginMustBeDomain bool `json:"allowUsernamePassword"`
}
func (e *OrgIAMPolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *OrgIAMPolicyAddedEvent) Data() interface{} {
return e
}
func NewOrgIAMPolicyAddedEvent(
base *eventstore.BaseEvent,
userLoginMustBeDomain bool,
) *OrgIAMPolicyAddedEvent {
return &OrgIAMPolicyAddedEvent{
BaseEvent: *base,
UserLoginMustBeDomain: userLoginMustBeDomain,
}
}
func OrgIAMPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &OrgIAMPolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy")
}
return e, nil
}

92
internal/v2/repository/policy/org_iam/events.go Normal file
View File

@ -0,0 +1,92 @@
package org_iam
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
OrgIAMPolicyAddedEventType = "policy.org.iam.added"
OrgIAMPolicyChangedEventType = "policy.org.iam.changed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
userLoginMustBeDomain bool,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
UserLoginMustBeDomain: userLoginMustBeDomain,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
userLoginMustBeDomain bool,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if current.UserLoginMustBeDomain != userLoginMustBeDomain {
e.UserLoginMustBeDomain = userLoginMustBeDomain
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-0Pl9d", "unable to unmarshal policy")
}
return e, nil
}

21
internal/v2/repository/policy/org_iam/read_model.go Normal file
View File

@ -0,0 +1,21 @@
package org_iam
import "github.com/caos/zitadel/internal/eventstore/v2"
type ReadModel struct {
eventstore.ReadModel
UserLoginMustBeDomain bool
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
case *ChangedEvent:
rm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
}
}
return rm.ReadModel.Reduce()
}

21
internal/v2/repository/policy/org_iam/write_model.go Normal file
View File

@ -0,0 +1,21 @@
package org_iam
import "github.com/caos/zitadel/internal/eventstore/v2"
type WriteModel struct {
eventstore.WriteModel
UserLoginMustBeDomain bool
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
case *ChangedEvent:
wm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
}
}
return wm.WriteModel.Reduce()
}

177
internal/v2/repository/policy/password_age.go
View File

@ -1,177 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordAgePolicyAddedEventType = "policy.password.age.added"
PasswordAgePolicyChangedEventType = "policy.password.age.changed"
PasswordAgePolicyRemovedEventType = "policy.password.age.removed"
)
type PasswordAgePolicyAggregate struct {
eventstore.Aggregate
}
type PasswordAgePolicyReadModel struct {
eventstore.ReadModel
ExpireWarnDays uint16
MaxAgeDays uint16
}
func (rm *PasswordAgePolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *PasswordAgePolicyAddedEvent:
rm.ExpireWarnDays = e.ExpireWarnDays
rm.MaxAgeDays = e.MaxAgeDays
case *PasswordAgePolicyChangedEvent:
rm.ExpireWarnDays = e.ExpireWarnDays
rm.MaxAgeDays = e.MaxAgeDays
}
}
return rm.ReadModel.Reduce()
}
type PasswordAgePolicyWriteModel struct {
eventstore.WriteModel
ExpireWarnDays uint16
MaxAgeDays uint16
}
func (wm *PasswordAgePolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type PasswordAgePolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
ExpireWarnDays uint16 `json:"expireWarnDays"`
MaxAgeDays uint16 `json:"maxAgeDays"`
}
func (e *PasswordAgePolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordAgePolicyAddedEvent) Data() interface{} {
return e
}
func NewPasswordAgePolicyAddedEvent(
base *eventstore.BaseEvent,
expireWarnDays,
maxAgeDays uint16,
) *PasswordAgePolicyAddedEvent {
return &PasswordAgePolicyAddedEvent{
BaseEvent: *base,
ExpireWarnDays: expireWarnDays,
MaxAgeDays: maxAgeDays,
}
}
func PasswordAgePolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordAgePolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy")
}
return e, nil
}
type PasswordAgePolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"`
ExpireWarnDays uint16 `json:"expireWarnDays,omitempty"`
MaxAgeDays uint16 `json:"maxAgeDays,omitempty"`
}
func (e *PasswordAgePolicyChangedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordAgePolicyChangedEvent) Data() interface{} {
return e
}
func NewPasswordAgePolicyChangedEvent(
base *eventstore.BaseEvent,
current *PasswordAgePolicyWriteModel,
expireWarnDays,
maxAgeDays uint16,
) *PasswordAgePolicyChangedEvent {
e := &PasswordAgePolicyChangedEvent{
BaseEvent: *base,
}
if current.ExpireWarnDays != expireWarnDays {
e.ExpireWarnDays = expireWarnDays
}
if current.MaxAgeDays != maxAgeDays {
e.MaxAgeDays = maxAgeDays
}
return e
}
func PasswordAgePolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordAgePolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy")
}
return e, nil
}
type PasswordAgePolicyRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *PasswordAgePolicyRemovedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordAgePolicyRemovedEvent) Data() interface{} {
return nil
}
func NewPasswordAgePolicyRemovedEvent(
base *eventstore.BaseEvent,
current,
changed *PasswordAgePolicyRemovedEvent,
) *PasswordAgePolicyChangedEvent {
return &PasswordAgePolicyChangedEvent{
BaseEvent: *base,
}
}
func PasswordAgePolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordAgePolicyRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-02878", "unable to unmarshal policy")
}
return e, nil
}

137
internal/v2/repository/policy/password_age/events.go Normal file
View File

@ -0,0 +1,137 @@
package password_age
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordAgePolicyAddedEventType = "policy.password.age.added"
PasswordAgePolicyChangedEventType = "policy.password.age.changed"
PasswordAgePolicyRemovedEventType = "policy.password.age.removed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
ExpireWarnDays uint64 `json:"expireWarnDays"`
MaxAgeDays uint64 `json:"maxAgeDays"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
expireWarnDays,
maxAgeDays uint64,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
ExpireWarnDays: expireWarnDays,
MaxAgeDays: maxAgeDays,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
ExpireWarnDays uint64 `json:"expireWarnDays,omitempty"`
MaxAgeDays uint64 `json:"maxAgeDays,omitempty"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
expireWarnDays,
maxAgeDays uint64,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if current.ExpireWarnDays != expireWarnDays {
e.ExpireWarnDays = expireWarnDays
}
if current.MaxAgeDays != maxAgeDays {
e.MaxAgeDays = maxAgeDays
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy")
}
return e, nil
}
type RemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *RemovedEvent) CheckPrevious() bool {
return true
}
func (e *RemovedEvent) Data() interface{} {
return nil
}
func NewRemovedEvent(
base *eventstore.BaseEvent,
) *RemovedEvent {
return &RemovedEvent{
BaseEvent: *base,
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &RemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-02878", "unable to unmarshal policy")
}
return e, nil
}

24
internal/v2/repository/policy/password_age/read_model.go Normal file
View File

@ -0,0 +1,24 @@
package password_age
import "github.com/caos/zitadel/internal/eventstore/v2"
type ReadModel struct {
eventstore.ReadModel
ExpireWarnDays uint64
MaxAgeDays uint64
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.ExpireWarnDays = e.ExpireWarnDays
rm.MaxAgeDays = e.MaxAgeDays
case *ChangedEvent:
rm.ExpireWarnDays = e.ExpireWarnDays
rm.MaxAgeDays = e.MaxAgeDays
}
}
return rm.ReadModel.Reduce()
}

26
internal/v2/repository/policy/password_age/write_model.go Normal file
View File

@ -0,0 +1,26 @@
package password_age
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type WriteModel struct {
eventstore.WriteModel
ExpireWarnDays uint64
MaxAgeDays uint64
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.ExpireWarnDays = e.ExpireWarnDays
wm.MaxAgeDays = e.MaxAgeDays
case *ChangedEvent:
wm.ExpireWarnDays = e.ExpireWarnDays
wm.MaxAgeDays = e.MaxAgeDays
}
}
return wm.WriteModel.Reduce()
}

201
internal/v2/repository/policy/password_complexity.go
View File

@ -1,201 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordComplexityPolicyAddedEventType = "policy.password.complexity.added"
PasswordComplexityPolicyChangedEventType = "policy.password.complexity.changed"
PasswordComplexityPolicyRemovedEventType = "policy.password.complexity.removed"
)
type PasswordComplexityPolicyAggregate struct {
eventstore.Aggregate
}
type PasswordComplexityPolicyReadModel struct {
eventstore.ReadModel
MinLength uint8
HasLowercase bool
HasUpperCase bool
HasNumber bool
HasSymbol bool
}
func (rm *PasswordComplexityPolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *PasswordComplexityPolicyAddedEvent:
rm.MinLength = e.MinLength
rm.HasLowercase = e.HasLowercase
rm.HasUpperCase = e.HasUpperCase
rm.HasNumber = e.HasNumber
rm.HasSymbol = e.HasSymbol
case *PasswordComplexityPolicyChangedEvent:
rm.MinLength = e.MinLength
rm.HasLowercase = e.HasLowercase
rm.HasUpperCase = e.HasUpperCase
rm.HasNumber = e.HasNumber
rm.HasSymbol = e.HasSymbol
}
}
return rm.ReadModel.Reduce()
}
type PasswordComplexityPolicyWriteModel struct {
eventstore.WriteModel
MinLength uint8
HasLowercase bool
HasUpperCase bool
HasNumber bool
HasSymbol bool
}
func (wm *PasswordComplexityPolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type PasswordComplexityPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
MinLength uint8 `json:"minLength,omitempty"`
HasLowercase bool `json:"hasLowercase"`
HasUpperCase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func (e *PasswordComplexityPolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordComplexityPolicyAddedEvent) Data() interface{} {
return e
}
func NewPasswordComplexityPolicyAddedEvent(
base *eventstore.BaseEvent,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol bool,
minLength uint8,
) *PasswordComplexityPolicyAddedEvent {
return &PasswordComplexityPolicyAddedEvent{
BaseEvent: *base,
HasLowercase: hasLowerCase,
HasNumber: hasNumber,
HasSymbol: hasSymbol,
HasUpperCase: hasUpperCase,
MinLength: minLength,
}
}
func PasswordComplexityPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordComplexityPolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy")
}
return e, nil
}
type PasswordComplexityPolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"`
MinLength uint8 `json:"minLength"`
HasLowercase bool `json:"hasLowercase"`
HasUpperCase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func (e *PasswordComplexityPolicyChangedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordComplexityPolicyChangedEvent) Data() interface{} {
return e
}
func NewPasswordComplexityPolicyChangedEvent(
base *eventstore.BaseEvent,
current *PasswordComplexityPolicyWriteModel,
minLength uint8,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol bool,
) *PasswordComplexityPolicyChangedEvent {
e := &PasswordComplexityPolicyChangedEvent{
BaseEvent: *base,
}
if current.MinLength != minLength {
e.MinLength = minLength
}
if current.HasLowercase != hasLowerCase {
e.HasLowercase = hasLowerCase
}
if current.HasUpperCase != hasUpperCase {
e.HasUpperCase = hasUpperCase
}
if current.HasNumber != hasNumber {
e.HasNumber = hasNumber
}
if current.HasSymbol != hasSymbol {
e.HasSymbol = hasSymbol
}
return e
}
func PasswordComplexityPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordComplexityPolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy")
}
return e, nil
}
type PasswordComplexityPolicyRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *PasswordComplexityPolicyRemovedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordComplexityPolicyRemovedEvent) Data() interface{} {
return nil
}
func NewPasswordComplexityPolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordComplexityPolicyRemovedEvent {
return &PasswordComplexityPolicyRemovedEvent{
BaseEvent: *base,
}
}
func PasswordComplexityPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &PasswordComplexityPolicyRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

151
internal/v2/repository/policy/password_complexity/events.go Normal file
View File

@ -0,0 +1,151 @@
package password_complexity
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordComplexityPolicyAddedEventType = "policy.password.complexity.added"
PasswordComplexityPolicyChangedEventType = "policy.password.complexity.changed"
PasswordComplexityPolicyRemovedEventType = "policy.password.complexity.removed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
MinLength uint64 `json:"minLength,omitempty"`
HasLowercase bool `json:"hasLowercase"`
HasUpperCase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
minLength uint64,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol bool,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
MinLength: minLength,
HasLowercase: hasLowerCase,
HasNumber: hasNumber,
HasSymbol: hasSymbol,
HasUpperCase: hasUpperCase,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
MinLength uint64 `json:"minLength"`
HasLowercase bool `json:"hasLowercase"`
HasUpperCase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
minLength uint64,
hasLowerCase,
hasUpperCase,
hasNumber,
hasSymbol bool,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if current.MinLength != minLength {
e.MinLength = minLength
}
if current.HasLowercase != hasLowerCase {
e.HasLowercase = hasLowerCase
}
if current.HasUpperCase != hasUpperCase {
e.HasUpperCase = hasUpperCase
}
if current.HasNumber != hasNumber {
e.HasNumber = hasNumber
}
if current.HasSymbol != hasSymbol {
e.HasSymbol = hasSymbol
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy")
}
return e, nil
}
type RemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *RemovedEvent) CheckPrevious() bool {
return true
}
func (e *RemovedEvent) Data() interface{} {
return nil
}
func NewRemovedEvent(base *eventstore.BaseEvent) *RemovedEvent {
return &RemovedEvent{
BaseEvent: *base,
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &RemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

33
internal/v2/repository/policy/password_complexity/read_model.go Normal file
View File

@ -0,0 +1,33 @@
package password_complexity
import "github.com/caos/zitadel/internal/eventstore/v2"
type ReadModel struct {
eventstore.ReadModel
MinLength uint64
HasLowercase bool
HasUpperCase bool
HasNumber bool
HasSymbol bool
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.MinLength = e.MinLength
rm.HasLowercase = e.HasLowercase
rm.HasUpperCase = e.HasUpperCase
rm.HasNumber = e.HasNumber
rm.HasSymbol = e.HasSymbol
case *ChangedEvent:
rm.MinLength = e.MinLength
rm.HasLowercase = e.HasLowercase
rm.HasUpperCase = e.HasUpperCase
rm.HasNumber = e.HasNumber
rm.HasSymbol = e.HasSymbol
}
}
return rm.ReadModel.Reduce()
}

35
internal/v2/repository/policy/password_complexity/write_model.go Normal file
View File

@ -0,0 +1,35 @@
package password_complexity
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type WriteModel struct {
eventstore.WriteModel
MinLength uint64
HasLowercase bool
HasUpperCase bool
HasNumber bool
HasSymbol bool
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.MinLength = e.MinLength
wm.HasLowercase = e.HasLowercase
wm.HasUpperCase = e.HasUpperCase
wm.HasNumber = e.HasNumber
wm.HasSymbol = e.HasSymbol
case *ChangedEvent:
wm.MinLength = e.MinLength
wm.HasLowercase = e.HasLowercase
wm.HasUpperCase = e.HasUpperCase
wm.HasNumber = e.HasNumber
wm.HasSymbol = e.HasSymbol
}
}
return wm.WriteModel.Reduce()
}

168
internal/v2/repository/policy/password_lockout.go
View File

@ -1,168 +0,0 @@
package policy
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordLockoutPolicyAddedEventType = "policy.password.lockout.added"
PasswordLockoutPolicyChangedEventType = "policy.password.lockout.changed"
PasswordLockoutPolicyRemovedEventType = "policy.password.lockout.removed"
)
type PasswordLockoutPolicyAggregate struct {
eventstore.Aggregate
}
type PasswordLockoutPolicyReadModel struct {
eventstore.ReadModel
MaxAttempts uint8
ShowLockOutFailures bool
}
func (rm *PasswordLockoutPolicyReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *PasswordLockoutPolicyAddedEvent:
rm.MaxAttempts = e.MaxAttempts
rm.ShowLockOutFailures = e.ShowLockOutFailures
case *PasswordLockoutPolicyChangedEvent:
rm.MaxAttempts = e.MaxAttempts
rm.ShowLockOutFailures = e.ShowLockOutFailures
}
}
return rm.ReadModel.Reduce()
}
type PasswordLockoutPolicyWriteModel struct {
eventstore.WriteModel
MaxAttempts uint8
ShowLockOutFailures bool
}
func (wm *PasswordLockoutPolicyWriteModel) Reduce() error {
return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
}
type PasswordLockoutPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"`
MaxAttempts uint8 `json:"maxAttempts,omitempty"`
ShowLockOutFailures bool `json:"showLockOutFailures"`
}
func (e *PasswordLockoutPolicyAddedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordLockoutPolicyAddedEvent) Data() interface{} {
return e
}
func NewPasswordLockoutPolicyAddedEvent(
base *eventstore.BaseEvent,
maxAttempts uint8,
showLockOutFailures bool,
) *PasswordLockoutPolicyAddedEvent {
return &PasswordLockoutPolicyAddedEvent{
BaseEvent: *base,
MaxAttempts: maxAttempts,
ShowLockOutFailures: showLockOutFailures,
}
}
func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordLockoutPolicyAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy")
}
return e, nil
}
type PasswordLockoutPolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"`
MaxAttempts uint8 `json:"maxAttempts,omitempty"`
ShowLockOutFailures bool `json:"showLockOutFailures,omitempty"`
}
func (e *PasswordLockoutPolicyChangedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordLockoutPolicyChangedEvent) Data() interface{} {
return e
}
func NewPasswordLockoutPolicyChangedEvent(
base *eventstore.BaseEvent,
current *PasswordLockoutPolicyWriteModel,
maxAttempts uint8,
showLockOutFailures bool,
) *PasswordLockoutPolicyChangedEvent {
e := &PasswordLockoutPolicyChangedEvent{
BaseEvent: *base,
}
if current.MaxAttempts != maxAttempts {
e.MaxAttempts = maxAttempts
}
if current.ShowLockOutFailures != showLockOutFailures {
e.ShowLockOutFailures = showLockOutFailures
}
return e
}
func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &PasswordLockoutPolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy")
}
return e, nil
}
type PasswordLockoutPolicyRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *PasswordLockoutPolicyRemovedEvent) CheckPrevious() bool {
return true
}
func (e *PasswordLockoutPolicyRemovedEvent) Data() interface{} {
return nil
}
func NewPasswordLockoutPolicyRemovedEvent(
base *eventstore.BaseEvent,
) *PasswordLockoutPolicyRemovedEvent {
return &PasswordLockoutPolicyRemovedEvent{
BaseEvent: *base,
}
}
func PasswordLockoutPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &PasswordLockoutPolicyRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

131
internal/v2/repository/policy/password_lockout/events.go Normal file
View File

@ -0,0 +1,131 @@
package password_lockout
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository"
)
const (
PasswordLockoutPolicyAddedEventType = "policy.password.lockout.added"
PasswordLockoutPolicyChangedEventType = "policy.password.lockout.changed"
PasswordLockoutPolicyRemovedEventType = "policy.password.lockout.removed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
MaxAttempts uint64 `json:"maxAttempts,omitempty"`
ShowLockOutFailures bool `json:"showLockOutFailures"`
}
func (e *AddedEvent) CheckPrevious() bool {
return true
}
func (e *AddedEvent) Data() interface{} {
return e
}
func NewAddedEvent(
base *eventstore.BaseEvent,
maxAttempts uint64,
showLockOutFailures bool,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *base,
MaxAttempts: maxAttempts,
ShowLockOutFailures: showLockOutFailures,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy")
}
return e, nil
}
type ChangedEvent struct {
eventstore.BaseEvent `json:"-"`
MaxAttempts uint64 `json:"maxAttempts,omitempty"`
ShowLockOutFailures bool `json:"showLockOutFailures,omitempty"`
}
func (e *ChangedEvent) CheckPrevious() bool {
return true
}
func (e *ChangedEvent) Data() interface{} {
return e
}
func NewChangedEvent(
base *eventstore.BaseEvent,
current *WriteModel,
maxAttempts uint64,
showLockOutFailures bool,
) *ChangedEvent {
e := &ChangedEvent{
BaseEvent: *base,
}
if current.MaxAttempts != maxAttempts {
e.MaxAttempts = maxAttempts
}
if current.ShowLockOutFailures != showLockOutFailures {
e.ShowLockOutFailures = showLockOutFailures
}
return e
}
func ChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, e)
if err != nil {
return nil, errors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy")
}
return e, nil
}
type RemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *RemovedEvent) CheckPrevious() bool {
return true
}
func (e *RemovedEvent) Data() interface{} {
return nil
}
func NewRemovedEvent(
base *eventstore.BaseEvent,
) *RemovedEvent {
return &RemovedEvent{
BaseEvent: *base,
}
}
func RemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
return &RemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}

24
internal/v2/repository/policy/password_lockout/read_model.go Normal file
View File

@ -0,0 +1,24 @@
package password_lockout
import "github.com/caos/zitadel/internal/eventstore/v2"
type ReadModel struct {
eventstore.ReadModel
MaxAttempts uint64
ShowLockOutFailures bool
}
func (rm *ReadModel) Reduce() error {
for _, event := range rm.Events {
switch e := event.(type) {
case *AddedEvent:
rm.MaxAttempts = e.MaxAttempts
rm.ShowLockOutFailures = e.ShowLockOutFailures
case *ChangedEvent:
rm.MaxAttempts = e.MaxAttempts
rm.ShowLockOutFailures = e.ShowLockOutFailures
}
}
return rm.ReadModel.Reduce()
}

26
internal/v2/repository/policy/password_lockout/write_model.go Normal file
View File

@ -0,0 +1,26 @@
package password_lockout
import (
"github.com/caos/zitadel/internal/eventstore/v2"
)
type WriteModel struct {
eventstore.WriteModel
MaxAttempts uint64
ShowLockOutFailures bool
}
func (wm *WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *AddedEvent:
wm.MaxAttempts = e.MaxAttempts
wm.ShowLockOutFailures = e.ShowLockOutFailures
case *ChangedEvent:
wm.MaxAttempts = e.MaxAttempts
wm.ShowLockOutFailures = e.ShowLockOutFailures
}
}
return wm.WriteModel.Reduce()
}