TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict smtp sender address (#3637)

Browse Source 
* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2022-05-16 16:08:47 +02:00
committed by GitHub
parent 40de8d5b3b
commit 5c0f527a49
39 changed files with 510 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/command/instance.go
View File

@@ -59,8 +59,9 @@ type InstanceSetup struct {
MaxAgeDays uint64
}
DomainPolicy struct {
UserLoginMustBeDomain bool
ValidateOrgDomains bool
UserLoginMustBeDomain bool
ValidateOrgDomains bool
SMTPSenderAddressMatchesInstanceDomain bool
}
LoginPolicy struct {
AllowUsernamePassword bool
@@ -199,6 +200,7 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
instanceAgg,
setup.DomainPolicy.UserLoginMustBeDomain,
setup.DomainPolicy.ValidateOrgDomains,
setup.DomainPolicy.SMTPSenderAddressMatchesInstanceDomain,
),
AddDefaultLoginPolicy(
instanceAgg,

7
internal/command/instance_converter.go
View File

@@ -69,9 +69,10 @@ func writeModelToMailTemplate(wm *MailTemplateWriteModel) *domain.MailTemplate {
func writeModelToDomainPolicy(wm *InstanceDomainPolicyWriteModel) *domain.DomainPolicy {
return &domain.DomainPolicy{
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains,
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: wm.SMTPSenderAddressMatchesInstanceDomain,
}
}

4
internal/command/instance_domain_policy.go
View File

@@ -11,7 +11,8 @@ import (
func AddDefaultDomainPolicy(
a *instance.Aggregate,
userLoginMustBeDomain,
validateOrgDomains bool,
validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool,
) preparation.Validation {
return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
@@ -20,6 +21,7 @@ func AddDefaultDomainPolicy(
instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate,
userLoginMustBeDomain,
validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain,
),
}, nil
}, nil

4
internal/command/instance_policy_domain.go
View File

@@ -37,7 +37,7 @@ func (c *Commands) addDefaultDomainPolicy(ctx context.Context, instanceAgg *even
if addedPolicy.State == domain.PolicyStateActive {
return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.IAM.DomainPolicy.AlreadyExists")
}
return iam_repo.NewDomainPolicyAddedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains), nil
return iam_repo.NewDomainPolicyAddedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain), nil
}
func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) {
@@ -50,7 +50,7 @@ func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain
}
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged")
}

6
internal/command/instance_policy_domain_model.go
View File

@@ -56,7 +56,8 @@ func (wm *InstanceDomainPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userLoginMustBeDomain,
validateOrgDomain bool) (*instance.DomainPolicyChangedEvent, bool) {
validateOrgDomain,
smtpSenderAddresssMatchesInstanceDomain bool) (*instance.DomainPolicyChangedEvent, bool) {
changes := make([]policy.DomainPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@@ -64,6 +65,9 @@ func (wm *InstanceDomainPolicyWriteModel) NewChangedEvent(
if wm.ValidateOrgDomains != validateOrgDomain {
changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomain))
}
if wm.SMTPSenderAddressMatchesInstanceDomain != smtpSenderAddresssMatchesInstanceDomain {
changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddresssMatchesInstanceDomain))
}
if len(changes) == 0 {
return nil, false
}

44
internal/command/instance_policy_domain_test.go
View File

@@ -44,6 +44,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
),
@@ -52,8 +53,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
args: args{
ctx: context.Background(),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -74,6 +76,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
},
@@ -83,8 +86,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -94,8 +98,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
},
@@ -148,8 +153,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{
ctx: context.Background(),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -167,6 +173,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
),
@@ -175,8 +182,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{
ctx: context.Background(),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -194,13 +202,14 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
newDefaultDomainPolicyChangedEvent(context.Background(), false, false),
newDefaultDomainPolicyChangedEvent(context.Background(), false, false, false),
),
},
),
@@ -209,8 +218,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{
ctx: context.Background(),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
},
},
res: res{
@@ -219,8 +229,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
},
},
},
@@ -244,12 +255,13 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
}
}
func newDefaultDomainPolicyChangedEvent(ctx context.Context, userLoginMustBeDomain, validateOrgDomains bool) *instance.DomainPolicyChangedEvent {
func newDefaultDomainPolicyChangedEvent(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) *instance.DomainPolicyChangedEvent {
event, _ := instance.NewDomainPolicyChangedEvent(ctx,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.DomainPolicyChanges{
policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain),
policy.ChangeValidateOrgDomains(validateOrgDomains),
policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain),
},
)
return event

43
internal/command/instance_smtp_config_model.go
View File

@@ -19,14 +19,39 @@ type InstanceSMTPConfigWriteModel struct {
User string
Password *crypto.CryptoValue
State domain.SMTPConfigState
domain string
domainState domain.InstanceDomainState
smtpSenderAddressMatchesInstanceDomain bool
}
func NewInstanceSMTPConfigWriteModel(instanceID string) *InstanceSMTPConfigWriteModel {
func NewInstanceSMTPConfigWriteModel(instanceID, domain string) *InstanceSMTPConfigWriteModel {
return &InstanceSMTPConfigWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: instanceID,
ResourceOwner: instanceID,
},
domain: domain,
}
}
func (wm *InstanceSMTPConfigWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *instance.DomainAddedEvent:
if e.Domain != wm.domain {
continue
}
wm.WriteModel.AppendEvents(e)
case *instance.DomainRemovedEvent:
if e.Domain != wm.domain {
continue
}
wm.WriteModel.AppendEvents(e)
default:
wm.WriteModel.AppendEvents(e)
}
}
}
@@ -57,6 +82,16 @@ func (wm *InstanceSMTPConfigWriteModel) Reduce() error {
if e.User != nil {
wm.User = *e.User
}
case *instance.DomainAddedEvent:
wm.domainState = domain.InstanceDomainStateActive
case *instance.DomainRemovedEvent:
wm.domainState = domain.InstanceDomainStateRemoved
case *instance.DomainPolicyAddedEvent:
wm.smtpSenderAddressMatchesInstanceDomain = e.SMTPSenderAddressMatchesInstanceDomain
case *instance.DomainPolicyChangedEvent:
if e.SMTPSenderAddressMatchesInstanceDomain != nil {
wm.smtpSenderAddressMatchesInstanceDomain = *e.SMTPSenderAddressMatchesInstanceDomain
}
}
}
return wm.WriteModel.Reduce()
@@ -71,7 +106,11 @@ func (wm *InstanceSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
EventTypes(
instance.SMTPConfigAddedEventType,
instance.SMTPConfigChangedEventType,
instance.SMTPConfigPasswordChangedEventType).
instance.SMTPConfigPasswordChangedEventType,
instance.InstanceDomainAddedEventType,
instance.InstanceDomainRemovedEventType,
instance.DomainPolicyAddedEventType,
instance.DomainPolicyChangedEventType).
Builder()
}

7
internal/command/org_converter.go
View File

@@ -15,9 +15,10 @@ func orgWriteModelToOrg(wm *OrgWriteModel) *domain.Org {
func orgWriteModelToDomainPolicy(wm *OrgDomainPolicyWriteModel) *domain.DomainPolicy {
return &domain.DomainPolicy{
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains,
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: wm.SMTPSenderAddressMatchesInstanceDomain,
}
}

6
internal/command/org_domain_test.go
View File

@@ -54,7 +54,7 @@ func TestAddDomain(t *testing.T) {
domain: "domain",
filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return []eventstore.Event{
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, true),
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, true, true),
}, nil
},
},
@@ -71,7 +71,7 @@ func TestAddDomain(t *testing.T) {
domain: "domain",
filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return []eventstore.Event{
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, false),
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, false, false),
}, nil
},
},
@@ -1043,7 +1043,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) {
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),
&org.NewAggregate("org2").Aggregate,
false, false))),
false, false, false))),
expectPush(
[]*repository.Event{
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),

4
internal/command/org_policy_domain.go
View File

@@ -39,7 +39,7 @@ func (c *Commands) addOrgDomainPolicy(ctx context.Context, orgAgg *eventstore.Ag
if addedPolicy.State == domain.PolicyStateActive {
return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.DomainPolicy.AlreadyExists")
}
return org.NewDomainPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains), nil
return org.NewDomainPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain), nil
}
func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner string, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) {
@@ -55,7 +55,7 @@ func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner stri
}
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged")
}

6
internal/command/org_policy_domain_model.go
View File

@@ -57,7 +57,8 @@ func (wm *OrgDomainPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userLoginMustBeDomain,
validateOrgDomains bool) (*org.DomainPolicyChangedEvent, bool) {
validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool) (*org.DomainPolicyChangedEvent, bool) {
changes := make([]policy.DomainPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@@ -65,6 +66,9 @@ func (wm *OrgDomainPolicyWriteModel) NewChangedEvent(
if wm.ValidateOrgDomains != validateOrgDomains {
changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomains))
}
if wm.SMTPSenderAddressMatchesInstanceDomain != smtpSenderAddressMatchesInstanceDomain {
changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain))
}
if len(changes) == 0 {
return nil, false
}

40
internal/command/org_policy_domain_test.go
View File

@@ -63,6 +63,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -72,8 +73,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
ctx: context.Background(),
orgID: "org1",
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -93,6 +95,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
},
@@ -103,8 +106,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
ctx: context.Background(),
orgID: "org1",
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -113,8 +117,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
AggregateID: "org1",
ResourceOwner: "org1",
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
},
@@ -206,6 +211,7 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -215,8 +221,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
ctx: context.Background(),
orgID: "org1",
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
},
},
res: res{
@@ -234,13 +241,14 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
newDomainPolicyChangedEvent(context.Background(), "org1", false, false),
newDomainPolicyChangedEvent(context.Background(), "org1", false, false, false),
),
},
),
@@ -250,8 +258,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
ctx: context.Background(),
orgID: "org1",
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
},
},
res: res{
@@ -260,8 +269,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
AggregateID: "org1",
ResourceOwner: "org1",
},
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
UserLoginMustBeDomain: false,
ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
},
},
},
@@ -344,6 +354,7 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -384,12 +395,13 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) {
}
}
func newDomainPolicyChangedEvent(ctx context.Context, orgID string, userLoginMustBeDomain, validateOrgDomains bool) *org.DomainPolicyChangedEvent {
func newDomainPolicyChangedEvent(ctx context.Context, orgID string, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) *org.DomainPolicyChangedEvent {
event, _ := org.NewDomainPolicyChangedEvent(ctx,
&org.NewAggregate(orgID).Aggregate,
[]policy.DomainPolicyChanges{
policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain),
policy.ChangeValidateOrgDomains(validateOrgDomains),
policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain),
},
)
return event

11
internal/command/policy_org_model.go
View File

@@ -9,9 +9,10 @@ import (
type PolicyDomainWriteModel struct {
eventstore.WriteModel
UserLoginMustBeDomain bool
ValidateOrgDomains bool
State domain.PolicyState
UserLoginMustBeDomain bool
ValidateOrgDomains bool
SMTPSenderAddressMatchesInstanceDomain bool
State domain.PolicyState
}
func (wm *PolicyDomainWriteModel) Reduce() error {
@@ -20,6 +21,7 @@ func (wm *PolicyDomainWriteModel) Reduce() error {
case *policy.DomainPolicyAddedEvent:
wm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
wm.ValidateOrgDomains = e.ValidateOrgDomains
wm.SMTPSenderAddressMatchesInstanceDomain = e.SMTPSenderAddressMatchesInstanceDomain
wm.State = domain.PolicyStateActive
case *policy.DomainPolicyChangedEvent:
if e.UserLoginMustBeDomain != nil {
@@ -28,6 +30,9 @@ func (wm *PolicyDomainWriteModel) Reduce() error {
if e.ValidateOrgDomains != nil {
wm.ValidateOrgDomains = *e.ValidateOrgDomains
}
if e.SMTPSenderAddressMatchesInstanceDomain != nil {
wm.SMTPSenderAddressMatchesInstanceDomain = *e.SMTPSenderAddressMatchesInstanceDomain
}
}
}
return wm.WriteModel.Reduce()

33
internal/command/smtp.go
View File

@@ -53,7 +53,7 @@ func (c *Commands) ChangeSMTPConfig(ctx context.Context, config *smtp.EmailConfi
func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter)
smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter, "")
if err != nil {
return nil, err
}
@@ -90,13 +90,19 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, host,
return nil, errors.ThrowInvalidArgument(nil, "INST-SF3g1", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter)
fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil {
return nil, err
}
if writeModel.State == domain.SMTPConfigStateActive {
return nil, errors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists")
}
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
var smtpPassword *crypto.CryptoValue
if password != nil {
smtpPassword, err = crypto.Encrypt(password, c.smtpEncryption)
@@ -128,14 +134,21 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
if host = strings.TrimSpace(host); host == "" {
return nil, errors.ThrowInvalidArgument(nil, "INST-VDwvq", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter)
fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil {
return nil, err
}
if writeModel.State != domain.SMTPConfigStateActive {
return nil, errors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound")
}
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
changedEvent, hasChanged, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
@@ -155,8 +168,18 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
}
}
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (_ *InstanceSMTPConfigWriteModel, err error) {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID())
func checkSenderAddress(writeModel *InstanceSMTPConfigWriteModel) error {
if !writeModel.smtpSenderAddressMatchesInstanceDomain {
return nil
}
if !writeModel.domainState.Exists() {
return errors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain")
}
return nil
}
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, domain string) (_ *InstanceSMTPConfigWriteModel, err error) {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID(), domain)
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err

161
internal/command/smtp_test.go
View File

@@ -36,17 +36,64 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
args args
res res
}{
{
name: "smtp config, custom domain not existing",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
User: "user",
Password: "password",
},
},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "smtp config, error already exists",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, false,
),
),
eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from",
"from@domain.ch",
"name",
"host",
"user",
@@ -60,7 +107,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from",
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
@@ -78,7 +125,21 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, false,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusherWithInstanceID(
@@ -87,7 +148,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from",
"from@domain.ch",
"name",
"host",
"user",
@@ -108,7 +169,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from",
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
@@ -189,7 +250,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from",
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
@@ -202,17 +263,30 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
},
},
{
name: "no changes, precondition error",
name: "smtp domain not matched",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from",
"from@domain.ch",
"name",
"host",
"user",
@@ -226,7 +300,57 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from",
From: "from@wrongdomain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
User: "user",
},
},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "no changes, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from@domain.ch",
"name",
"host",
"user",
&crypto.CryptoValue{},
),
),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
@@ -244,12 +368,25 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from",
"from@domain.ch",
"name",
"host",
"user",
@@ -264,7 +401,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
newSMTPConfigChangedEvent(
context.Background(),
false,
"from2",
"from2@domain.ch",
"name2",
"host2",
"user2",
@@ -278,7 +415,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: false,
From: "from2",
From: "from2@domain.ch",
FromName: "name2",
SMTP: smtp.SMTP{
Host: "host2",

32
internal/command/user_domain_policy_test.go
View File

@@ -54,6 +54,7 @@ func Test_customDomainPolicy(t *testing.T) {
&org.NewAggregate("id").Aggregate,
true,
true,
true,
),
}, nil
},
@@ -64,9 +65,10 @@ func Test_customDomainPolicy(t *testing.T) {
ResourceOwner: "id",
Events: []eventstore.Event{},
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
State: domain.PolicyStateActive,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
},
wantErr: false,
},
@@ -125,6 +127,7 @@ func Test_defaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
}, nil
},
@@ -135,9 +138,10 @@ func Test_defaultDomainPolicy(t *testing.T) {
ResourceOwner: "INSTANCE",
Events: []eventstore.Event{},
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
State: domain.PolicyStateActive,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
},
wantErr: false,
},
@@ -186,6 +190,7 @@ func Test_DomainPolicy(t *testing.T) {
&org.NewAggregate("id").Aggregate,
true,
true,
true,
),
}, nil
},
@@ -196,9 +201,10 @@ func Test_DomainPolicy(t *testing.T) {
ResourceOwner: "id",
Events: []eventstore.Event{},
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
State: domain.PolicyStateActive,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
},
wantErr: false,
},
@@ -231,6 +237,7 @@ func Test_DomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
}, nil
}).
@@ -242,9 +249,10 @@ func Test_DomainPolicy(t *testing.T) {
ResourceOwner: "INSTANCE",
Events: []eventstore.Event{},
},
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
State: domain.PolicyStateActive,
UserLoginMustBeDomain: true,
ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
},
wantErr: false,
},

1
internal/command/user_human_otp_test.go
View File

@@ -180,6 +180,7 @@ func TestCommandSide_AddHumanOTP(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),

26
internal/command/user_human_test.go
View File

@@ -112,6 +112,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate,
true,
true,
true,
),
),
),
@@ -169,6 +170,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate,
true,
true,
true,
),
),
),
@@ -285,6 +287,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -402,6 +405,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate,
true,
true,
true,
),
),
),
@@ -499,6 +503,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate,
true,
true,
true,
),
),
),
@@ -583,6 +588,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate,
true,
true,
true,
),
),
),
@@ -800,6 +806,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -836,6 +843,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -878,6 +886,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -968,6 +977,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1052,6 +1062,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1158,6 +1169,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1268,6 +1280,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1374,6 +1387,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1577,6 +1591,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1616,6 +1631,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1663,6 +1679,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1728,6 +1745,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1793,6 +1811,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
false,
true,
true,
),
),
),
@@ -1875,6 +1894,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
false,
true,
true,
),
),
),
@@ -2015,6 +2035,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -2123,6 +2144,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&user.NewAggregate("org1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -2225,6 +2247,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -2349,6 +2372,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
@@ -2923,6 +2947,7 @@ func TestAddHumanCommand(t *testing.T) {
&org.NewAggregate("id").Aggregate,
true,
true,
true,
),
}, nil
}).
@@ -2967,6 +2992,7 @@ func TestAddHumanCommand(t *testing.T) {
&org.NewAggregate("id").Aggregate,
true,
true,
true,
),
}, nil
}).

2
internal/command/user_machine_test.go
View File

@@ -87,6 +87,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
false,
true,
true,
),
),
),
@@ -115,6 +116,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),

5
internal/command/user_test.go
View File

@@ -209,6 +209,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -252,6 +253,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1036,6 +1038,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1101,6 +1104,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),
@@ -1159,6 +1163,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate,
true,
true,
true,
),
),
),