TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 23:37:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict smtp sender address (#3637)

Browse Source 
* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2022-05-16 16:08:47 +02:00 committed by GitHub
parent 40de8d5b3b
commit 5c0f527a49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 510 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/defaults.yaml
View File

@ -241,6 +241,7 @@ DefaultInstance:
DomainPolicy: DomainPolicy:
UserLoginMustBeDomain: true UserLoginMustBeDomain: true
ValidateOrgDomains: true ValidateOrgDomains: true
SMTPSenderAddressMatchesInstanceDomain: true
LoginPolicy: LoginPolicy:
AllowUsernamePassword: true AllowUsernamePassword: true
AllowRegister: true AllowRegister: true

3
docs/docs/apis/proto/admin.md
View File

@ -1431,6 +1431,7 @@ This is an empty request
| org_id | string | - | string.min_len: 1<br /> string.max_len: 200<br /> | | org_id | string | - | string.min_len: 1<br /> string.max_len: 200<br /> |
| user_login_must_be_domain | bool | the username has to end with the domain of it's organisation (uniqueness is organisation based) | | | user_login_must_be_domain | bool | the username has to end with the domain of it's organisation (uniqueness is organisation based) | |
| validate_org_domains | bool | - | | | validate_org_domains | bool | - | |
| smtp_sender_address_matches_instance_domain | bool | - | |
@ -3472,6 +3473,7 @@ This is an empty request
| org_id | string | - | string.min_len: 1<br /> string.max_len: 200<br /> | | org_id | string | - | string.min_len: 1<br /> string.max_len: 200<br /> |
| user_login_must_be_domain | bool | - | | | user_login_must_be_domain | bool | - | |
| validate_org_domains | bool | - | | | validate_org_domains | bool | - | |
| smtp_sender_address_matches_instance_domain | bool | - | |
@ -3518,6 +3520,7 @@ This is an empty request
| ----- | ---- | ----------- | ----------- | | ----- | ---- | ----------- | ----------- |
| user_login_must_be_domain | bool | - | | | user_login_must_be_domain | bool | - | |
| validate_org_domains | bool | - | | | validate_org_domains | bool | - | |
| smtp_sender_address_matches_instance_domain | bool | - | |

1
docs/docs/apis/proto/policy.md
View File

@ -19,6 +19,7 @@ title: zitadel/policy.proto
| user_login_must_be_domain | bool | - | | | user_login_must_be_domain | bool | - | |
| is_default | bool | - | | | is_default | bool | - | |
| validate_org_domains | bool | - | | | validate_org_domains | bool | - | |
| smtp_sender_address_matches_instance_domain | bool | - | |

31
internal/api/grpc/admin/domain_policy.go
View File

@ -27,7 +27,7 @@ func (s *Server) GetCustomDomainPolicy(ctx context.Context, req *admin_pb.GetCus
} }
func (s *Server) AddCustomDomainPolicy(ctx context.Context, req *admin_pb.AddCustomDomainPolicyRequest) (*admin_pb.AddCustomDomainPolicyResponse, error) { func (s *Server) AddCustomDomainPolicy(ctx context.Context, req *admin_pb.AddCustomDomainPolicyRequest) (*admin_pb.AddCustomDomainPolicyResponse, error) {
policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain, req.ValidateOrgDomains)) policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain, req.ValidateOrgDomains, req.SmtpSenderAddressMatchesInstanceDomain))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -76,10 +76,11 @@ func (s *Server) ResetCustomDomainPolicyTo(ctx context.Context, req *admin_pb.Re
return nil, nil //TOOD: return data return nil, nil //TOOD: return data
} }
func domainPolicyToDomain(userLoginMustBeDomain, validateOrgDomains bool) *domain.DomainPolicy { func domainPolicyToDomain(userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) *domain.DomainPolicy {
return &domain.DomainPolicy{ return &domain.DomainPolicy{
UserLoginMustBeDomain: userLoginMustBeDomain, UserLoginMustBeDomain: userLoginMustBeDomain,
ValidateOrgDomains: validateOrgDomains, ValidateOrgDomains: validateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: smtpSenderAddressMatchesInstanceDomain,
} }
} }
@ -88,8 +89,9 @@ func updateDomainPolicyToDomain(req *admin_pb.UpdateDomainPolicyRequest) *domain
// ObjectRoot: models.ObjectRoot{ // ObjectRoot: models.ObjectRoot{
// // AggreagateID: //TODO: there should only be ONE default // // AggreagateID: //TODO: there should only be ONE default
// }, // },
UserLoginMustBeDomain: req.UserLoginMustBeDomain, UserLoginMustBeDomain: req.UserLoginMustBeDomain,
ValidateOrgDomains: req.ValidateOrgDomains, ValidateOrgDomains: req.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: req.SmtpSenderAddressMatchesInstanceDomain,
} }
} }
@ -98,13 +100,14 @@ func updateCustomDomainPolicyToDomain(req *admin_pb.UpdateCustomDomainPolicyRequ
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: req.OrgId, AggregateID: req.OrgId,
}, },
UserLoginMustBeDomain: req.UserLoginMustBeDomain, UserLoginMustBeDomain: req.UserLoginMustBeDomain,
ValidateOrgDomains: req.ValidateOrgDomains, ValidateOrgDomains: req.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: req.SmtpSenderAddressMatchesInstanceDomain,
} }
} }
func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCustomOrgIAMPolicyRequest) (*admin_pb.AddCustomOrgIAMPolicyResponse, error) { func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCustomOrgIAMPolicyRequest) (*admin_pb.AddCustomOrgIAMPolicyResponse, error) {
policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain, true)) policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain, true, true))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -163,8 +166,9 @@ func (s *Server) GetCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.GetCus
func updateOrgIAMPolicyToDomain(req *admin_pb.UpdateOrgIAMPolicyRequest) *domain.DomainPolicy { func updateOrgIAMPolicyToDomain(req *admin_pb.UpdateOrgIAMPolicyRequest) *domain.DomainPolicy {
return &domain.DomainPolicy{ return &domain.DomainPolicy{
UserLoginMustBeDomain: req.UserLoginMustBeDomain, UserLoginMustBeDomain: req.UserLoginMustBeDomain,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
} }
} }
@ -173,7 +177,8 @@ func updateCustomOrgIAMPolicyToDomain(req *admin_pb.UpdateCustomOrgIAMPolicyRequ
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: req.OrgId, AggregateID: req.OrgId,
}, },
UserLoginMustBeDomain: req.UserLoginMustBeDomain, UserLoginMustBeDomain: req.UserLoginMustBeDomain,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
} }
} }

7
internal/api/grpc/policy/domain_policy.go
View File

@ -8,9 +8,10 @@ import (
func DomainPolicyToPb(policy *query.DomainPolicy) *policy_pb.DomainPolicy { func DomainPolicyToPb(policy *query.DomainPolicy) *policy_pb.DomainPolicy {
return &policy_pb.DomainPolicy{ return &policy_pb.DomainPolicy{
UserLoginMustBeDomain: policy.UserLoginMustBeDomain, UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
ValidateOrgDomains: policy.ValidateOrgDomains, ValidateOrgDomains: policy.ValidateOrgDomains,
IsDefault: policy.IsDefault, SmtpSenderAddressMatchesInstanceDomain: policy.SMTPSenderAddressMatchesInstanceDomain,
IsDefault: policy.IsDefault,
Details: object.ToViewDetailsPb( Details: object.ToViewDetailsPb(
policy.Sequence, policy.Sequence,
policy.CreationDate, policy.CreationDate,

6
internal/command/instance.go
View File

@ -59,8 +59,9 @@ type InstanceSetup struct {
MaxAgeDays uint64 MaxAgeDays uint64
} }
DomainPolicy struct { DomainPolicy struct {
UserLoginMustBeDomain bool UserLoginMustBeDomain bool
ValidateOrgDomains bool ValidateOrgDomains bool
SMTPSenderAddressMatchesInstanceDomain bool
} }
LoginPolicy struct { LoginPolicy struct {
AllowUsernamePassword bool AllowUsernamePassword bool
@ -199,6 +200,7 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
instanceAgg, instanceAgg,
setup.DomainPolicy.UserLoginMustBeDomain, setup.DomainPolicy.UserLoginMustBeDomain,
setup.DomainPolicy.ValidateOrgDomains, setup.DomainPolicy.ValidateOrgDomains,
setup.DomainPolicy.SMTPSenderAddressMatchesInstanceDomain,
), ),
AddDefaultLoginPolicy( AddDefaultLoginPolicy(
instanceAgg, instanceAgg,

7
internal/command/instance_converter.go
View File

@ -69,9 +69,10 @@ func writeModelToMailTemplate(wm *MailTemplateWriteModel) *domain.MailTemplate {
func writeModelToDomainPolicy(wm *InstanceDomainPolicyWriteModel) *domain.DomainPolicy { func writeModelToDomainPolicy(wm *InstanceDomainPolicyWriteModel) *domain.DomainPolicy {
return &domain.DomainPolicy{ return &domain.DomainPolicy{
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel), ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain, UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains, ValidateOrgDomains: wm.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: wm.SMTPSenderAddressMatchesInstanceDomain,
} }
} }

4
internal/command/instance_domain_policy.go
View File

@ -11,7 +11,8 @@ import (
func AddDefaultDomainPolicy( func AddDefaultDomainPolicy(
a *instance.Aggregate, a *instance.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains bool, validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool,
) preparation.Validation { ) preparation.Validation {
return func() (preparation.CreateCommands, error) { return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
@ -20,6 +21,7 @@ func AddDefaultDomainPolicy(
instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate, instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains, validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain,
), ),
}, nil }, nil
}, nil }, nil

4
internal/command/instance_policy_domain.go
View File

@ -37,7 +37,7 @@ func (c *Commands) addDefaultDomainPolicy(ctx context.Context, instanceAgg *even
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.IAM.DomainPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.IAM.DomainPolicy.AlreadyExists")
} }
return iam_repo.NewDomainPolicyAddedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains), nil return iam_repo.NewDomainPolicyAddedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain), nil
} }
func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) { func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) {
@ -50,7 +50,7 @@ func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain
} }
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel) instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged")
} }

6
internal/command/instance_policy_domain_model.go
View File

@ -56,7 +56,8 @@ func (wm *InstanceDomainPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate, aggregate *eventstore.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomain bool) (*instance.DomainPolicyChangedEvent, bool) { validateOrgDomain,
smtpSenderAddresssMatchesInstanceDomain bool) (*instance.DomainPolicyChangedEvent, bool) {
changes := make([]policy.DomainPolicyChanges, 0) changes := make([]policy.DomainPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain { if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain)) changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@ -64,6 +65,9 @@ func (wm *InstanceDomainPolicyWriteModel) NewChangedEvent(
if wm.ValidateOrgDomains != validateOrgDomain { if wm.ValidateOrgDomains != validateOrgDomain {
changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomain)) changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomain))
} }
if wm.SMTPSenderAddressMatchesInstanceDomain != smtpSenderAddresssMatchesInstanceDomain {
changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddresssMatchesInstanceDomain))
}
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }

44
internal/command/instance_policy_domain_test.go
View File

@ -44,6 +44,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -52,8 +53,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -74,6 +76,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
), ),
}, },
@ -83,8 +86,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
args: args{ args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -94,8 +98,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
AggregateID: "INSTANCE", AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE", ResourceOwner: "INSTANCE",
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
}, },
@ -148,8 +153,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -167,6 +173,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -175,8 +182,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -194,13 +202,14 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
newDefaultDomainPolicyChangedEvent(context.Background(), false, false), newDefaultDomainPolicyChangedEvent(context.Background(), false, false, false),
), ),
}, },
), ),
@ -209,8 +218,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: false, UserLoginMustBeDomain: false,
ValidateOrgDomains: false, ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
}, },
}, },
res: res{ res: res{
@ -219,8 +229,9 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
AggregateID: "INSTANCE", AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE", ResourceOwner: "INSTANCE",
}, },
UserLoginMustBeDomain: false, UserLoginMustBeDomain: false,
ValidateOrgDomains: false, ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
}, },
}, },
}, },
@ -244,12 +255,13 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
} }
} }
func newDefaultDomainPolicyChangedEvent(ctx context.Context, userLoginMustBeDomain, validateOrgDomains bool) *instance.DomainPolicyChangedEvent { func newDefaultDomainPolicyChangedEvent(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) *instance.DomainPolicyChangedEvent {
event, _ := instance.NewDomainPolicyChangedEvent(ctx, event, _ := instance.NewDomainPolicyChangedEvent(ctx,
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
[]policy.DomainPolicyChanges{ []policy.DomainPolicyChanges{
policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain), policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain),
policy.ChangeValidateOrgDomains(validateOrgDomains), policy.ChangeValidateOrgDomains(validateOrgDomains),
policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain),
}, },
) )
return event return event

43
internal/command/instance_smtp_config_model.go
View File

@ -19,14 +19,39 @@ type InstanceSMTPConfigWriteModel struct {
User string User string
Password *crypto.CryptoValue Password *crypto.CryptoValue
State domain.SMTPConfigState State domain.SMTPConfigState
domain string
domainState domain.InstanceDomainState
smtpSenderAddressMatchesInstanceDomain bool
} }
func NewInstanceSMTPConfigWriteModel(instanceID string) *InstanceSMTPConfigWriteModel { func NewInstanceSMTPConfigWriteModel(instanceID, domain string) *InstanceSMTPConfigWriteModel {
return &InstanceSMTPConfigWriteModel{ return &InstanceSMTPConfigWriteModel{
WriteModel: eventstore.WriteModel{ WriteModel: eventstore.WriteModel{
AggregateID: instanceID, AggregateID: instanceID,
ResourceOwner: instanceID, ResourceOwner: instanceID,
}, },
domain: domain,
}
}
func (wm *InstanceSMTPConfigWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *instance.DomainAddedEvent:
if e.Domain != wm.domain {
continue
}
wm.WriteModel.AppendEvents(e)
case *instance.DomainRemovedEvent:
if e.Domain != wm.domain {
continue
}
wm.WriteModel.AppendEvents(e)
default:
wm.WriteModel.AppendEvents(e)
}
} }
} }
@ -57,6 +82,16 @@ func (wm *InstanceSMTPConfigWriteModel) Reduce() error {
if e.User != nil { if e.User != nil {
wm.User = *e.User wm.User = *e.User
} }
case *instance.DomainAddedEvent:
wm.domainState = domain.InstanceDomainStateActive
case *instance.DomainRemovedEvent:
wm.domainState = domain.InstanceDomainStateRemoved
case *instance.DomainPolicyAddedEvent:
wm.smtpSenderAddressMatchesInstanceDomain = e.SMTPSenderAddressMatchesInstanceDomain
case *instance.DomainPolicyChangedEvent:
if e.SMTPSenderAddressMatchesInstanceDomain != nil {
wm.smtpSenderAddressMatchesInstanceDomain = *e.SMTPSenderAddressMatchesInstanceDomain
}
} }
} }
return wm.WriteModel.Reduce() return wm.WriteModel.Reduce()
@ -71,7 +106,11 @@ func (wm *InstanceSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
EventTypes( EventTypes(
instance.SMTPConfigAddedEventType, instance.SMTPConfigAddedEventType,
instance.SMTPConfigChangedEventType, instance.SMTPConfigChangedEventType,
instance.SMTPConfigPasswordChangedEventType). instance.SMTPConfigPasswordChangedEventType,
instance.InstanceDomainAddedEventType,
instance.InstanceDomainRemovedEventType,
instance.DomainPolicyAddedEventType,
instance.DomainPolicyChangedEventType).
Builder() Builder()
} }

7
internal/command/org_converter.go
View File

@ -15,9 +15,10 @@ func orgWriteModelToOrg(wm *OrgWriteModel) *domain.Org {
func orgWriteModelToDomainPolicy(wm *OrgDomainPolicyWriteModel) *domain.DomainPolicy { func orgWriteModelToDomainPolicy(wm *OrgDomainPolicyWriteModel) *domain.DomainPolicy {
return &domain.DomainPolicy{ return &domain.DomainPolicy{
ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel), ObjectRoot: writeModelToObjectRoot(wm.PolicyDomainWriteModel.WriteModel),
UserLoginMustBeDomain: wm.UserLoginMustBeDomain, UserLoginMustBeDomain: wm.UserLoginMustBeDomain,
ValidateOrgDomains: wm.ValidateOrgDomains, ValidateOrgDomains: wm.ValidateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: wm.SMTPSenderAddressMatchesInstanceDomain,
} }
} }

6
internal/command/org_domain_test.go
View File

@ -54,7 +54,7 @@ func TestAddDomain(t *testing.T) {
domain: "domain", domain: "domain",
filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return []eventstore.Event{ return []eventstore.Event{
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, true), org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, true, true),
}, nil }, nil
}, },
}, },
@ -71,7 +71,7 @@ func TestAddDomain(t *testing.T) {
domain: "domain", domain: "domain",
filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { filter: func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return []eventstore.Event{ return []eventstore.Event{
org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, false), org.NewDomainPolicyAddedEvent(ctx, &agg.Aggregate, true, false, false),
}, nil }, nil
}, },
}, },
@ -1043,7 +1043,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(), org.NewDomainPolicyAddedEvent(context.Background(),
&org.NewAggregate("org2").Aggregate, &org.NewAggregate("org2").Aggregate,
false, false))), false, false, false))),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(), eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),

4
internal/command/org_policy_domain.go
View File

@ -39,7 +39,7 @@ func (c *Commands) addOrgDomainPolicy(ctx context.Context, orgAgg *eventstore.Ag
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.DomainPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.DomainPolicy.AlreadyExists")
} }
return org.NewDomainPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains), nil return org.NewDomainPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain), nil
} }
func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner string, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) { func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner string, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) {
@ -55,7 +55,7 @@ func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner stri
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains, policy.SMTPSenderAddressMatchesInstanceDomain)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged")
} }

6
internal/command/org_policy_domain_model.go
View File

@ -57,7 +57,8 @@ func (wm *OrgDomainPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate, aggregate *eventstore.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains bool) (*org.DomainPolicyChangedEvent, bool) { validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool) (*org.DomainPolicyChangedEvent, bool) {
changes := make([]policy.DomainPolicyChanges, 0) changes := make([]policy.DomainPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain { if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain)) changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@ -65,6 +66,9 @@ func (wm *OrgDomainPolicyWriteModel) NewChangedEvent(
if wm.ValidateOrgDomains != validateOrgDomains { if wm.ValidateOrgDomains != validateOrgDomains {
changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomains)) changes = append(changes, policy.ChangeValidateOrgDomains(validateOrgDomains))
} }
if wm.SMTPSenderAddressMatchesInstanceDomain != smtpSenderAddressMatchesInstanceDomain {
changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain))
}
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }

40
internal/command/org_policy_domain_test.go
View File

@ -63,6 +63,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -72,8 +73,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
ctx: context.Background(), ctx: context.Background(),
orgID: "org1", orgID: "org1",
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -93,6 +95,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
}, },
@ -103,8 +106,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
ctx: context.Background(), ctx: context.Background(),
orgID: "org1", orgID: "org1",
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -113,8 +117,9 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) {
AggregateID: "org1", AggregateID: "org1",
ResourceOwner: "org1", ResourceOwner: "org1",
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
}, },
@ -206,6 +211,7 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -215,8 +221,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
ctx: context.Background(), ctx: context.Background(),
orgID: "org1", orgID: "org1",
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
SMTPSenderAddressMatchesInstanceDomain: true,
}, },
}, },
res: res{ res: res{
@ -234,13 +241,14 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
newDomainPolicyChangedEvent(context.Background(), "org1", false, false), newDomainPolicyChangedEvent(context.Background(), "org1", false, false, false),
), ),
}, },
), ),
@ -250,8 +258,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
ctx: context.Background(), ctx: context.Background(),
orgID: "org1", orgID: "org1",
policy: &domain.DomainPolicy{ policy: &domain.DomainPolicy{
UserLoginMustBeDomain: false, UserLoginMustBeDomain: false,
ValidateOrgDomains: false, ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
}, },
}, },
res: res{ res: res{
@ -260,8 +269,9 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) {
AggregateID: "org1", AggregateID: "org1",
ResourceOwner: "org1", ResourceOwner: "org1",
}, },
UserLoginMustBeDomain: false, UserLoginMustBeDomain: false,
ValidateOrgDomains: false, ValidateOrgDomains: false,
SMTPSenderAddressMatchesInstanceDomain: false,
}, },
}, },
}, },
@ -344,6 +354,7 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -384,12 +395,13 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) {
} }
} }
func newDomainPolicyChangedEvent(ctx context.Context, orgID string, userLoginMustBeDomain, validateOrgDomains bool) *org.DomainPolicyChangedEvent { func newDomainPolicyChangedEvent(ctx context.Context, orgID string, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) *org.DomainPolicyChangedEvent {
event, _ := org.NewDomainPolicyChangedEvent(ctx, event, _ := org.NewDomainPolicyChangedEvent(ctx,
&org.NewAggregate(orgID).Aggregate, &org.NewAggregate(orgID).Aggregate,
[]policy.DomainPolicyChanges{ []policy.DomainPolicyChanges{
policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain), policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain),
policy.ChangeValidateOrgDomains(validateOrgDomains), policy.ChangeValidateOrgDomains(validateOrgDomains),
policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain),
}, },
) )
return event return event

11
internal/command/policy_org_model.go
View File

@ -9,9 +9,10 @@ import (
type PolicyDomainWriteModel struct { type PolicyDomainWriteModel struct {
eventstore.WriteModel eventstore.WriteModel
UserLoginMustBeDomain bool UserLoginMustBeDomain bool
ValidateOrgDomains bool ValidateOrgDomains bool
State domain.PolicyState SMTPSenderAddressMatchesInstanceDomain bool
State domain.PolicyState
} }
func (wm *PolicyDomainWriteModel) Reduce() error { func (wm *PolicyDomainWriteModel) Reduce() error {
@ -20,6 +21,7 @@ func (wm *PolicyDomainWriteModel) Reduce() error {
case *policy.DomainPolicyAddedEvent: case *policy.DomainPolicyAddedEvent:
wm.UserLoginMustBeDomain = e.UserLoginMustBeDomain wm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
wm.ValidateOrgDomains = e.ValidateOrgDomains wm.ValidateOrgDomains = e.ValidateOrgDomains
wm.SMTPSenderAddressMatchesInstanceDomain = e.SMTPSenderAddressMatchesInstanceDomain
wm.State = domain.PolicyStateActive wm.State = domain.PolicyStateActive
case *policy.DomainPolicyChangedEvent: case *policy.DomainPolicyChangedEvent:
if e.UserLoginMustBeDomain != nil { if e.UserLoginMustBeDomain != nil {
@ -28,6 +30,9 @@ func (wm *PolicyDomainWriteModel) Reduce() error {
if e.ValidateOrgDomains != nil { if e.ValidateOrgDomains != nil {
wm.ValidateOrgDomains = *e.ValidateOrgDomains wm.ValidateOrgDomains = *e.ValidateOrgDomains
} }
if e.SMTPSenderAddressMatchesInstanceDomain != nil {
wm.SMTPSenderAddressMatchesInstanceDomain = *e.SMTPSenderAddressMatchesInstanceDomain
}
} }
} }
return wm.WriteModel.Reduce() return wm.WriteModel.Reduce()

33
internal/command/smtp.go
View File

@ -53,7 +53,7 @@ func (c *Commands) ChangeSMTPConfig(ctx context.Context, config *smtp.EmailConfi
func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string) (*domain.ObjectDetails, error) { func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID()) instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter) smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter, "")
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -90,13 +90,19 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, host,
return nil, errors.ThrowInvalidArgument(nil, "INST-SF3g1", "Errors.Invalid.Argument") return nil, errors.ThrowInvalidArgument(nil, "INST-SF3g1", "Errors.Invalid.Argument")
} }
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter) fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if writeModel.State == domain.SMTPConfigStateActive { if writeModel.State == domain.SMTPConfigStateActive {
return nil, errors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists") return nil, errors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists")
} }
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
var smtpPassword *crypto.CryptoValue var smtpPassword *crypto.CryptoValue
if password != nil { if password != nil {
smtpPassword, err = crypto.Encrypt(password, c.smtpEncryption) smtpPassword, err = crypto.Encrypt(password, c.smtpEncryption)
@ -128,14 +134,21 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
if host = strings.TrimSpace(host); host == "" { if host = strings.TrimSpace(host); host == "" {
return nil, errors.ThrowInvalidArgument(nil, "INST-VDwvq", "Errors.Invalid.Argument") return nil, errors.ThrowInvalidArgument(nil, "INST-VDwvq", "Errors.Invalid.Argument")
} }
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := getSMTPConfigWriteModel(ctx, filter) fromSplitted := strings.Split(from, "@")
senderDomain := fromSplitted[len(fromSplitted)-1]
writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if writeModel.State != domain.SMTPConfigStateActive { if writeModel.State != domain.SMTPConfigStateActive {
return nil, errors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound") return nil, errors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound")
} }
err = checkSenderAddress(writeModel)
if err != nil {
return nil, err
}
changedEvent, hasChanged, err := writeModel.NewChangedEvent( changedEvent, hasChanged, err := writeModel.NewChangedEvent(
ctx, ctx,
&a.Aggregate, &a.Aggregate,
@ -155,8 +168,18 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, ho
} }
} }
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (_ *InstanceSMTPConfigWriteModel, err error) { func checkSenderAddress(writeModel *InstanceSMTPConfigWriteModel) error {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID()) if !writeModel.smtpSenderAddressMatchesInstanceDomain {
return nil
}
if !writeModel.domainState.Exists() {
return errors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain")
}
return nil
}
func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, domain string) (_ *InstanceSMTPConfigWriteModel, err error) {
writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID(), domain)
events, err := filter(ctx, writeModel.Query()) events, err := filter(ctx, writeModel.Query())
if err != nil { if err != nil {
return nil, err return nil, err

161
internal/command/smtp_test.go
View File

@ -36,17 +36,64 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
args args args args
res res res res
}{ }{
{
name: "smtp config, custom domain not existing",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
),
),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from@domain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
User: "user",
Password: "password",
},
},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{ {
name: "smtp config, error already exists", name: "smtp config, error already exists",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter( expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, false,
),
),
eventFromEventPusher( eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(context.Background(), instance.NewSMTPConfigAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
"from", "from@domain.ch",
"name", "name",
"host", "host",
"user", "user",
@ -60,7 +107,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{ smtp: &smtp.EmailConfig{
Tls: true, Tls: true,
From: "from", From: "from@domain.ch",
FromName: "name", FromName: "name",
SMTP: smtp.SMTP{ SMTP: smtp.SMTP{
Host: "host", Host: "host",
@ -78,7 +125,21 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(), expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, false,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusherWithInstanceID( eventFromEventPusherWithInstanceID(
@ -87,7 +148,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
context.Background(), context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
"from", "from@domain.ch",
"name", "name",
"host", "host",
"user", "user",
@ -108,7 +169,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{ smtp: &smtp.EmailConfig{
Tls: true, Tls: true,
From: "from", From: "from@domain.ch",
FromName: "name", FromName: "name",
SMTP: smtp.SMTP{ SMTP: smtp.SMTP{
Host: "host", Host: "host",
@ -189,7 +250,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{ smtp: &smtp.EmailConfig{
Tls: true, Tls: true,
From: "from", From: "from@domain.ch",
FromName: "name", FromName: "name",
SMTP: smtp.SMTP{ SMTP: smtp.SMTP{
Host: "host", Host: "host",
@ -202,17 +263,30 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
}, },
}, },
{ {
name: "no changes, precondition error", name: "smtp domain not matched",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter( expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher( eventFromEventPusher(
instance.NewSMTPConfigAddedEvent( instance.NewSMTPConfigAddedEvent(
context.Background(), context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
"from", "from@domain.ch",
"name", "name",
"host", "host",
"user", "user",
@ -226,7 +300,57 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{ smtp: &smtp.EmailConfig{
Tls: true, Tls: true,
From: "from", From: "from@wrongdomain.ch",
FromName: "name",
SMTP: smtp.SMTP{
Host: "host",
User: "user",
},
},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "no changes, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher(
instance.NewSMTPConfigAddedEvent(
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true,
"from@domain.ch",
"name",
"host",
"user",
&crypto.CryptoValue{},
),
),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{
Tls: true,
From: "from@domain.ch",
FromName: "name", FromName: "name",
SMTP: smtp.SMTP{ SMTP: smtp.SMTP{
Host: "host", Host: "host",
@ -244,12 +368,25 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter( expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
true, true, true,
),
),
eventFromEventPusher( eventFromEventPusher(
instance.NewSMTPConfigAddedEvent( instance.NewSMTPConfigAddedEvent(
context.Background(), context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
"from", "from@domain.ch",
"name", "name",
"host", "host",
"user", "user",
@ -264,7 +401,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
newSMTPConfigChangedEvent( newSMTPConfigChangedEvent(
context.Background(), context.Background(),
false, false,
"from2", "from2@domain.ch",
"name2", "name2",
"host2", "host2",
"user2", "user2",
@ -278,7 +415,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
smtp: &smtp.EmailConfig{ smtp: &smtp.EmailConfig{
Tls: false, Tls: false,
From: "from2", From: "from2@domain.ch",
FromName: "name2", FromName: "name2",
SMTP: smtp.SMTP{ SMTP: smtp.SMTP{
Host: "host2", Host: "host2",

32
internal/command/user_domain_policy_test.go
View File

@ -54,6 +54,7 @@ func Test_customDomainPolicy(t *testing.T) {
&org.NewAggregate("id").Aggregate, &org.NewAggregate("id").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}, },
@ -64,9 +65,10 @@ func Test_customDomainPolicy(t *testing.T) {
ResourceOwner: "id", ResourceOwner: "id",
Events: []eventstore.Event{}, Events: []eventstore.Event{},
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
State: domain.PolicyStateActive, SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
}, },
wantErr: false, wantErr: false,
}, },
@ -125,6 +127,7 @@ func Test_defaultDomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}, },
@ -135,9 +138,10 @@ func Test_defaultDomainPolicy(t *testing.T) {
ResourceOwner: "INSTANCE", ResourceOwner: "INSTANCE",
Events: []eventstore.Event{}, Events: []eventstore.Event{},
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
State: domain.PolicyStateActive, SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
}, },
wantErr: false, wantErr: false,
}, },
@ -186,6 +190,7 @@ func Test_DomainPolicy(t *testing.T) {
&org.NewAggregate("id").Aggregate, &org.NewAggregate("id").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}, },
@ -196,9 +201,10 @@ func Test_DomainPolicy(t *testing.T) {
ResourceOwner: "id", ResourceOwner: "id",
Events: []eventstore.Event{}, Events: []eventstore.Event{},
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
State: domain.PolicyStateActive, SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
}, },
wantErr: false, wantErr: false,
}, },
@ -231,6 +237,7 @@ func Test_DomainPolicy(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, &instance.NewAggregate("INSTANCE").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}). }).
@ -242,9 +249,10 @@ func Test_DomainPolicy(t *testing.T) {
ResourceOwner: "INSTANCE", ResourceOwner: "INSTANCE",
Events: []eventstore.Event{}, Events: []eventstore.Event{},
}, },
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
State: domain.PolicyStateActive, SMTPSenderAddressMatchesInstanceDomain: true,
State: domain.PolicyStateActive,
}, },
wantErr: false, wantErr: false,
}, },

1
internal/command/user_human_otp_test.go
View File

@ -180,6 +180,7 @@ func TestCommandSide_AddHumanOTP(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),

26
internal/command/user_human_test.go
View File

@ -112,6 +112,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate, &userAgg.Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -169,6 +170,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate, &userAgg.Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -285,6 +287,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -402,6 +405,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate, &userAgg.Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -499,6 +503,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate, &userAgg.Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -583,6 +588,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
&userAgg.Aggregate, &userAgg.Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -800,6 +806,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -836,6 +843,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -878,6 +886,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -968,6 +977,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1052,6 +1062,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1158,6 +1169,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1268,6 +1280,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1374,6 +1387,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1577,6 +1591,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1616,6 +1631,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1663,6 +1679,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1728,6 +1745,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1793,6 +1811,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
false, false,
true, true,
true,
), ),
), ),
), ),
@ -1875,6 +1894,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
false, false,
true, true,
true,
), ),
), ),
), ),
@ -2015,6 +2035,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -2123,6 +2144,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&user.NewAggregate("org1", "org1").Aggregate, &user.NewAggregate("org1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -2225,6 +2247,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -2349,6 +2372,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
&org.NewAggregate("org1").Aggregate, &org.NewAggregate("org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -2923,6 +2947,7 @@ func TestAddHumanCommand(t *testing.T) {
&org.NewAggregate("id").Aggregate, &org.NewAggregate("id").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}). }).
@ -2967,6 +2992,7 @@ func TestAddHumanCommand(t *testing.T) {
&org.NewAggregate("id").Aggregate, &org.NewAggregate("id").Aggregate,
true, true,
true, true,
true,
), ),
}, nil }, nil
}). }).

2
internal/command/user_machine_test.go
View File

@ -87,6 +87,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
false, false,
true, true,
true,
), ),
), ),
), ),
@ -115,6 +116,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),

5
internal/command/user_test.go
View File

@ -209,6 +209,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -252,6 +253,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1036,6 +1038,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1101,6 +1104,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),
@ -1159,6 +1163,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
&user.NewAggregate("user1", "org1").Aggregate, &user.NewAggregate("user1", "org1").Aggregate,
true, true,
true, true,
true,
), ),
), ),
), ),

7
internal/domain/policy_domain.go
View File

@ -7,7 +7,8 @@ import (
type DomainPolicy struct { type DomainPolicy struct {
models.ObjectRoot models.ObjectRoot
UserLoginMustBeDomain bool UserLoginMustBeDomain bool
ValidateOrgDomains bool ValidateOrgDomains bool
Default bool SMTPSenderAddressMatchesInstanceDomain bool
Default bool
} }

11
internal/query/org_iam_policy.go
View File

@ -23,8 +23,9 @@ type DomainPolicy struct {
ResourceOwner string ResourceOwner string
State domain.PolicyState State domain.PolicyState
UserLoginMustBeDomain bool UserLoginMustBeDomain bool
ValidateOrgDomains bool ValidateOrgDomains bool
SMTPSenderAddressMatchesInstanceDomain bool
IsDefault bool IsDefault bool
} }
@ -65,6 +66,10 @@ var (
name: projection.DomainPolicyValidateOrgDomainsCol, name: projection.DomainPolicyValidateOrgDomainsCol,
table: domainPolicyTable, table: domainPolicyTable,
} }
DomainPolicyColSMTPSenderAddressMatchesInstanceDomain = Column{
name: projection.DomainPolicySMTPSenderAddressMatchesInstanceDomainCol,
table: domainPolicyTable,
}
DomainPolicyColIsDefault = Column{ DomainPolicyColIsDefault = Column{
name: projection.DomainPolicyIsDefaultCol, name: projection.DomainPolicyIsDefaultCol,
table: domainPolicyTable, table: domainPolicyTable,
@ -126,6 +131,7 @@ func prepareDomainPolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*DomainPolicy
DomainPolicyColResourceOwner.identifier(), DomainPolicyColResourceOwner.identifier(),
DomainPolicyColUserLoginMustBeDomain.identifier(), DomainPolicyColUserLoginMustBeDomain.identifier(),
DomainPolicyColValidateOrgDomains.identifier(), DomainPolicyColValidateOrgDomains.identifier(),
DomainPolicyColSMTPSenderAddressMatchesInstanceDomain.identifier(),
DomainPolicyColIsDefault.identifier(), DomainPolicyColIsDefault.identifier(),
DomainPolicyColState.identifier(), DomainPolicyColState.identifier(),
). ).
@ -140,6 +146,7 @@ func prepareDomainPolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*DomainPolicy
&policy.ResourceOwner, &policy.ResourceOwner,
&policy.UserLoginMustBeDomain, &policy.UserLoginMustBeDomain,
&policy.ValidateOrgDomains, &policy.ValidateOrgDomains,
&policy.SMTPSenderAddressMatchesInstanceDomain,
&policy.IsDefault, &policy.IsDefault,
&policy.State, &policy.State,
) )

24
internal/query/org_iam_policy_test.go
View File

@ -35,6 +35,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
` projections.domain_policies.resource_owner,`+ ` projections.domain_policies.resource_owner,`+
` projections.domain_policies.user_login_must_be_domain,`+ ` projections.domain_policies.user_login_must_be_domain,`+
` projections.domain_policies.validate_org_domains,`+ ` projections.domain_policies.validate_org_domains,`+
` projections.domain_policies.smtp_sender_address_matches_instance_domain,`+
` projections.domain_policies.is_default,`+ ` projections.domain_policies.is_default,`+
` projections.domain_policies.state`+ ` projections.domain_policies.state`+
` FROM projections.domain_policies`), ` FROM projections.domain_policies`),
@ -62,6 +63,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
` projections.domain_policies.resource_owner,`+ ` projections.domain_policies.resource_owner,`+
` projections.domain_policies.user_login_must_be_domain,`+ ` projections.domain_policies.user_login_must_be_domain,`+
` projections.domain_policies.validate_org_domains,`+ ` projections.domain_policies.validate_org_domains,`+
` projections.domain_policies.smtp_sender_address_matches_instance_domain,`+
` projections.domain_policies.is_default,`+ ` projections.domain_policies.is_default,`+
` projections.domain_policies.state`+ ` projections.domain_policies.state`+
` FROM projections.domain_policies`), ` FROM projections.domain_policies`),
@ -73,6 +75,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
"resource_owner", "resource_owner",
"user_login_must_be_domain", "user_login_must_be_domain",
"validate_org_domains", "validate_org_domains",
"smtp_sender_address_matches_instance_domain",
"is_default", "is_default",
"state", "state",
}, },
@ -85,20 +88,22 @@ func Test_DomainPolicyPrepares(t *testing.T) {
true, true,
true, true,
true, true,
true,
domain.PolicyStateActive, domain.PolicyStateActive,
}, },
), ),
}, },
object: &DomainPolicy{ object: &DomainPolicy{
ID: "pol-id", ID: "pol-id",
CreationDate: testNow, CreationDate: testNow,
ChangeDate: testNow, ChangeDate: testNow,
Sequence: 20211109, Sequence: 20211109,
ResourceOwner: "ro", ResourceOwner: "ro",
State: domain.PolicyStateActive, State: domain.PolicyStateActive,
UserLoginMustBeDomain: true, UserLoginMustBeDomain: true,
ValidateOrgDomains: true, ValidateOrgDomains: true,
IsDefault: true, SMTPSenderAddressMatchesInstanceDomain: true,
IsDefault: true,
}, },
}, },
{ {
@ -113,6 +118,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
` projections.domain_policies.resource_owner,`+ ` projections.domain_policies.resource_owner,`+
` projections.domain_policies.user_login_must_be_domain,`+ ` projections.domain_policies.user_login_must_be_domain,`+
` projections.domain_policies.validate_org_domains,`+ ` projections.domain_policies.validate_org_domains,`+
` projections.domain_policies.smtp_sender_address_matches_instance_domain,`+
` projections.domain_policies.is_default,`+ ` projections.domain_policies.is_default,`+
` projections.domain_policies.state`+ ` projections.domain_policies.state`+
` FROM projections.domain_policies`), ` FROM projections.domain_policies`),

26
internal/query/projection/domain_policy.go
View File

@ -16,16 +16,17 @@ import (
const ( const (
DomainPolicyTable = "projections.domain_policies" DomainPolicyTable = "projections.domain_policies"
DomainPolicyIDCol = "id" DomainPolicyIDCol = "id"
DomainPolicyCreationDateCol = "creation_date" DomainPolicyCreationDateCol = "creation_date"
DomainPolicyChangeDateCol = "change_date" DomainPolicyChangeDateCol = "change_date"
DomainPolicySequenceCol = "sequence" DomainPolicySequenceCol = "sequence"
DomainPolicyStateCol = "state" DomainPolicyStateCol = "state"
DomainPolicyUserLoginMustBeDomainCol = "user_login_must_be_domain" DomainPolicyUserLoginMustBeDomainCol = "user_login_must_be_domain"
DomainPolicyValidateOrgDomainsCol = "validate_org_domains" DomainPolicyValidateOrgDomainsCol = "validate_org_domains"
DomainPolicyIsDefaultCol = "is_default" DomainPolicySMTPSenderAddressMatchesInstanceDomainCol = "smtp_sender_address_matches_instance_domain"
DomainPolicyResourceOwnerCol = "resource_owner" DomainPolicyIsDefaultCol = "is_default"
DomainPolicyInstanceIDCol = "instance_id" DomainPolicyResourceOwnerCol = "resource_owner"
DomainPolicyInstanceIDCol = "instance_id"
) )
type DomainPolicyProjection struct { type DomainPolicyProjection struct {
@ -45,6 +46,7 @@ func NewDomainPolicyProjection(ctx context.Context, config crdb.StatementHandler
crdb.NewColumn(DomainPolicyStateCol, crdb.ColumnTypeEnum), crdb.NewColumn(DomainPolicyStateCol, crdb.ColumnTypeEnum),
crdb.NewColumn(DomainPolicyUserLoginMustBeDomainCol, crdb.ColumnTypeBool), crdb.NewColumn(DomainPolicyUserLoginMustBeDomainCol, crdb.ColumnTypeBool),
crdb.NewColumn(DomainPolicyValidateOrgDomainsCol, crdb.ColumnTypeBool), crdb.NewColumn(DomainPolicyValidateOrgDomainsCol, crdb.ColumnTypeBool),
crdb.NewColumn(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, crdb.ColumnTypeBool),
crdb.NewColumn(DomainPolicyIsDefaultCol, crdb.ColumnTypeBool, crdb.Default(false)), crdb.NewColumn(DomainPolicyIsDefaultCol, crdb.ColumnTypeBool, crdb.Default(false)),
crdb.NewColumn(DomainPolicyResourceOwnerCol, crdb.ColumnTypeText), crdb.NewColumn(DomainPolicyResourceOwnerCol, crdb.ColumnTypeText),
crdb.NewColumn(DomainPolicyInstanceIDCol, crdb.ColumnTypeText), crdb.NewColumn(DomainPolicyInstanceIDCol, crdb.ColumnTypeText),
@ -114,6 +116,7 @@ func (p *DomainPolicyProjection) reduceAdded(event eventstore.Event) (*handler.S
handler.NewCol(DomainPolicyStateCol, domain.PolicyStateActive), handler.NewCol(DomainPolicyStateCol, domain.PolicyStateActive),
handler.NewCol(DomainPolicyUserLoginMustBeDomainCol, policyEvent.UserLoginMustBeDomain), handler.NewCol(DomainPolicyUserLoginMustBeDomainCol, policyEvent.UserLoginMustBeDomain),
handler.NewCol(DomainPolicyValidateOrgDomainsCol, policyEvent.ValidateOrgDomains), handler.NewCol(DomainPolicyValidateOrgDomainsCol, policyEvent.ValidateOrgDomains),
handler.NewCol(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, policyEvent.SMTPSenderAddressMatchesInstanceDomain),
handler.NewCol(DomainPolicyIsDefaultCol, isDefault), handler.NewCol(DomainPolicyIsDefaultCol, isDefault),
handler.NewCol(DomainPolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner), handler.NewCol(DomainPolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner),
handler.NewCol(DomainPolicyInstanceIDCol, policyEvent.Aggregate().InstanceID), handler.NewCol(DomainPolicyInstanceIDCol, policyEvent.Aggregate().InstanceID),
@ -140,6 +143,9 @@ func (p *DomainPolicyProjection) reduceChanged(event eventstore.Event) (*handler
if policyEvent.ValidateOrgDomains != nil { if policyEvent.ValidateOrgDomains != nil {
cols = append(cols, handler.NewCol(DomainPolicyValidateOrgDomainsCol, *policyEvent.ValidateOrgDomains)) cols = append(cols, handler.NewCol(DomainPolicyValidateOrgDomainsCol, *policyEvent.ValidateOrgDomains))
} }
if policyEvent.SMTPSenderAddressMatchesInstanceDomain != nil {
cols = append(cols, handler.NewCol(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, *policyEvent.SMTPSenderAddressMatchesInstanceDomain))
}
return crdb.NewUpdateStatement( return crdb.NewUpdateStatement(
&policyEvent, &policyEvent,
cols, cols,

24
internal/query/projection/domain_policy_test.go
View File

@ -30,7 +30,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
org.AggregateType, org.AggregateType,
[]byte(`{ []byte(`{
"userLoginMustBeDomain": true, "userLoginMustBeDomain": true,
"validateOrgDomains": true "validateOrgDomains": true,
"smtpSenderAddressMatchesInstanceDomain": true
}`), }`),
), org.DomainPolicyAddedEventMapper), ), org.DomainPolicyAddedEventMapper),
}, },
@ -43,7 +44,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
executer: &testExecuter{ executer: &testExecuter{
executions: []execution{ executions: []execution{
{ {
expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
anyArg{}, anyArg{},
anyArg{}, anyArg{},
@ -52,6 +53,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
domain.PolicyStateActive, domain.PolicyStateActive,
true, true,
true, true,
true,
false, false,
"ro-id", "ro-id",
"instance-id", "instance-id",
@ -70,7 +72,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
org.AggregateType, org.AggregateType,
[]byte(`{ []byte(`{
"userLoginMustBeDomain": true, "userLoginMustBeDomain": true,
"validateOrgDomains": true "validateOrgDomains": true,
"smtpSenderAddressMatchesInstanceDomain": true
}`), }`),
), org.DomainPolicyChangedEventMapper), ), org.DomainPolicyChangedEventMapper),
}, },
@ -82,12 +85,13 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
executer: &testExecuter{ executer: &testExecuter{
executions: []execution{ executions: []execution{
{ {
expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)", expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain) = ($1, $2, $3, $4, $5) WHERE (id = $6)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
anyArg{}, anyArg{},
uint64(15), uint64(15),
true, true,
true, true,
true,
"agg-id", "agg-id",
}, },
}, },
@ -131,7 +135,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
instance.AggregateType, instance.AggregateType,
[]byte(`{ []byte(`{
"userLoginMustBeDomain": true, "userLoginMustBeDomain": true,
"validateOrgDomains": true "validateOrgDomains": true,
"smtpSenderAddressMatchesInstanceDomain": true
}`), }`),
), instance.DomainPolicyAddedEventMapper), ), instance.DomainPolicyAddedEventMapper),
}, },
@ -143,7 +148,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
executer: &testExecuter{ executer: &testExecuter{
executions: []execution{ executions: []execution{
{ {
expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
anyArg{}, anyArg{},
anyArg{}, anyArg{},
@ -153,6 +158,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
true, true,
true, true,
true, true,
true,
"ro-id", "ro-id",
"instance-id", "instance-id",
}, },
@ -170,7 +176,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
instance.AggregateType, instance.AggregateType,
[]byte(`{ []byte(`{
"userLoginMustBeDomain": true, "userLoginMustBeDomain": true,
"validateOrgDomains": true "validateOrgDomains": true,
"smtpSenderAddressMatchesInstanceDomain": true
}`), }`),
), instance.DomainPolicyChangedEventMapper), ), instance.DomainPolicyChangedEventMapper),
}, },
@ -182,12 +189,13 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
executer: &testExecuter{ executer: &testExecuter{
executions: []execution{ executions: []execution{
{ {
expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)", expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains, smtp_sender_address_matches_instance_domain) = ($1, $2, $3, $4, $5) WHERE (id = $6)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
anyArg{}, anyArg{},
uint64(15), uint64(15),
true, true,
true, true,
true,
"agg-id", "agg-id",
}, },
}, },

26
internal/repository/instance/domain.go
View File

@ -18,17 +18,17 @@ const (
InstanceDomainRemovedEventType = domainEventPrefix + "removed" InstanceDomainRemovedEventType = domainEventPrefix + "removed"
) )
func NewAddInstanceDomainUniqueConstraint(orgDomain string) *eventstore.EventUniqueConstraint { func NewAddInstanceDomainUniqueConstraint(domain string) *eventstore.EventUniqueConstraint {
return eventstore.NewAddGlobalEventUniqueConstraint( return eventstore.NewAddGlobalEventUniqueConstraint(
UniqueInstanceDomain, UniqueInstanceDomain,
orgDomain, domain,
"Errors.Instance.Domain.AlreadyExists") "Errors.Instance.Domain.AlreadyExists")
} }
func NewRemoveInstanceDomainUniqueConstraint(orgDomain string) *eventstore.EventUniqueConstraint { func NewRemoveInstanceDomainUniqueConstraint(domain string) *eventstore.EventUniqueConstraint {
return eventstore.NewRemoveGlobalEventUniqueConstraint( return eventstore.NewRemoveGlobalEventUniqueConstraint(
UniqueInstanceDomain, UniqueInstanceDomain,
orgDomain) domain)
} }
type DomainAddedEvent struct { type DomainAddedEvent struct {
@ -59,15 +59,15 @@ func NewDomainAddedEvent(ctx context.Context, aggregate *eventstore.Aggregate, d
} }
func DomainAddedEventMapper(event *repository.Event) (eventstore.Event, error) { func DomainAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
orgDomainAdded := &DomainAddedEvent{ domainAdded := &DomainAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event), BaseEvent: *eventstore.BaseEventFromRepo(event),
} }
err := json.Unmarshal(event.Data, orgDomainAdded) err := json.Unmarshal(event.Data, domainAdded)
if err != nil { if err != nil {
return nil, errors.ThrowInternal(err, "INSTANCE-3noij", "unable to unmarshal instance domain added") return nil, errors.ThrowInternal(err, "INSTANCE-3noij", "unable to unmarshal instance domain added")
} }
return orgDomainAdded, nil return domainAdded, nil
} }
type DomainPrimarySetEvent struct { type DomainPrimarySetEvent struct {
@ -96,15 +96,15 @@ func NewDomainPrimarySetEvent(ctx context.Context, aggregate *eventstore.Aggrega
} }
func DomainPrimarySetEventMapper(event *repository.Event) (eventstore.Event, error) { func DomainPrimarySetEventMapper(event *repository.Event) (eventstore.Event, error) {
orgDomainAdded := &DomainPrimarySetEvent{ domainAdded := &DomainPrimarySetEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event), BaseEvent: *eventstore.BaseEventFromRepo(event),
} }
err := json.Unmarshal(event.Data, orgDomainAdded) err := json.Unmarshal(event.Data, domainAdded)
if err != nil { if err != nil {
return nil, errors.ThrowInternal(err, "INSTANCE-29jöF", "unable to unmarshal instance domain added") return nil, errors.ThrowInternal(err, "INSTANCE-29jöF", "unable to unmarshal instance domain added")
} }
return orgDomainAdded, nil return domainAdded, nil
} }
type DomainRemovedEvent struct { type DomainRemovedEvent struct {
@ -133,13 +133,13 @@ func NewDomainRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate,
} }
func DomainRemovedEventMapper(event *repository.Event) (eventstore.Event, error) { func DomainRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
orgDomainRemoved := &DomainRemovedEvent{ domainRemoved := &DomainRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event), BaseEvent: *eventstore.BaseEventFromRepo(event),
} }
err := json.Unmarshal(event.Data, orgDomainRemoved) err := json.Unmarshal(event.Data, domainRemoved)
if err != nil { if err != nil {
return nil, errors.ThrowInternal(err, "INSTANCE-BngB2", "unable to unmarshal instance domain removed") return nil, errors.ThrowInternal(err, "INSTANCE-BngB2", "unable to unmarshal instance domain removed")
} }
return orgDomainRemoved, nil return domainRemoved, nil
} }

4
internal/repository/instance/policy_domain.go
View File

@ -22,7 +22,8 @@ func NewDomainPolicyAddedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate, aggregate *eventstore.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomain bool, validateOrgDomain,
smtpSenderAddressMatchesInstanceDomain bool,
) *DomainPolicyAddedEvent { ) *DomainPolicyAddedEvent {
return &DomainPolicyAddedEvent{ return &DomainPolicyAddedEvent{
DomainPolicyAddedEvent: *policy.NewDomainPolicyAddedEvent( DomainPolicyAddedEvent: *policy.NewDomainPolicyAddedEvent(
@ -32,6 +33,7 @@ func NewDomainPolicyAddedEvent(
DomainPolicyAddedEventType), DomainPolicyAddedEventType),
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomain, validateOrgDomain,
smtpSenderAddressMatchesInstanceDomain,
), ),
} }
} }

4
internal/repository/org/policy_domain.go
View File

@ -23,7 +23,8 @@ func NewDomainPolicyAddedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate, aggregate *eventstore.Aggregate,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains bool, validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool,
) *DomainPolicyAddedEvent { ) *DomainPolicyAddedEvent {
return &DomainPolicyAddedEvent{ return &DomainPolicyAddedEvent{
DomainPolicyAddedEvent: *policy.NewDomainPolicyAddedEvent( DomainPolicyAddedEvent: *policy.NewDomainPolicyAddedEvent(
@ -33,6 +34,7 @@ func NewDomainPolicyAddedEvent(
DomainPolicyAddedEventType), DomainPolicyAddedEventType),
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains, validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain,
), ),
} }
} }

26
internal/repository/policy/policy_domain.go
View File

@ -19,8 +19,9 @@ const (
type DomainPolicyAddedEvent struct { type DomainPolicyAddedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain,omitempty"` UserLoginMustBeDomain bool `json:"userLoginMustBeDomain,omitempty"`
ValidateOrgDomains bool `json:"validateOrgDomains,omitempty"` ValidateOrgDomains bool `json:"validateOrgDomains,omitempty"`
SMTPSenderAddressMatchesInstanceDomain bool `json:"smtpSenderAddressMatchesInstanceDomain,omitempty"`
} }
func (e *DomainPolicyAddedEvent) Data() interface{} { func (e *DomainPolicyAddedEvent) Data() interface{} {
@ -34,13 +35,15 @@ func (e *DomainPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueCo
func NewDomainPolicyAddedEvent( func NewDomainPolicyAddedEvent(
base *eventstore.BaseEvent, base *eventstore.BaseEvent,
userLoginMustBeDomain, userLoginMustBeDomain,
validateOrgDomains bool, validateOrgDomains,
smtpSenderAddressMatchesInstanceDomain bool,
) *DomainPolicyAddedEvent { ) *DomainPolicyAddedEvent {
return &DomainPolicyAddedEvent{ return &DomainPolicyAddedEvent{
BaseEvent: *base, BaseEvent: *base,
UserLoginMustBeDomain: userLoginMustBeDomain, UserLoginMustBeDomain: userLoginMustBeDomain,
ValidateOrgDomains: validateOrgDomains, ValidateOrgDomains: validateOrgDomains,
SMTPSenderAddressMatchesInstanceDomain: smtpSenderAddressMatchesInstanceDomain,
} }
} }
@ -60,8 +63,9 @@ func DomainPolicyAddedEventMapper(event *repository.Event) (eventstore.Event, er
type DomainPolicyChangedEvent struct { type DomainPolicyChangedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
UserLoginMustBeDomain *bool `json:"userLoginMustBeDomain,omitempty"` UserLoginMustBeDomain *bool `json:"userLoginMustBeDomain,omitempty"`
ValidateOrgDomains *bool `json:"validateOrgDomains,omitempty"` ValidateOrgDomains *bool `json:"validateOrgDomains,omitempty"`
SMTPSenderAddressMatchesInstanceDomain *bool `json:"smtpSenderAddressMatchesInstanceDomain,omitempty"`
} }
func (e *DomainPolicyChangedEvent) Data() interface{} { func (e *DomainPolicyChangedEvent) Data() interface{} {
@ -102,6 +106,12 @@ func ChangeValidateOrgDomains(validateOrgDomain bool) func(*DomainPolicyChangedE
} }
} }
func ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain bool) func(*DomainPolicyChangedEvent) {
return func(e *DomainPolicyChangedEvent) {
e.SMTPSenderAddressMatchesInstanceDomain = &smtpSenderAddressMatchesInstanceDomain
}
}
func DomainPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) { func DomainPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
e := &DomainPolicyChangedEvent{ e := &DomainPolicyChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event), BaseEvent: *eventstore.BaseEventFromRepo(event),

1
internal/static/i18n/de.yaml
View File

@ -44,6 +44,7 @@ Errors:
SMTPConfig: SMTPConfig:
NotFound: SMTP Konfiguration nicht gefunden NotFound: SMTP Konfiguration nicht gefunden
AlreadyExists: SMTP Konfiguration existiert bereits AlreadyExists: SMTP Konfiguration existiert bereits
SenderAdressNotCustomDomain: Die Sender Adresse muss als Custom Domain auf der Instanz registriert sein.
Notification: Notification:
NoDomain: Keine Domäne für Nachricht gefunden NoDomain: Keine Domäne für Nachricht gefunden
User: User:

1
internal/static/i18n/en.yaml
View File

@ -44,6 +44,7 @@ Errors:
SMTPConfig: SMTPConfig:
NotFound: SMTP configuration not found NotFound: SMTP configuration not found
AlreadyExists: SMTP configuration already exists AlreadyExists: SMTP configuration already exists
SenderAdressNotCustomDomain: The sender adress must be configured as custom domain on the instance.
Notification: Notification:
NoDomain: No Domain found for message NoDomain: No Domain found for message
User: User:

1
internal/static/i18n/it.yaml
View File

@ -44,6 +44,7 @@ Errors:
SMTPConfig: SMTPConfig:
NotFound: Configurazione SMTP non trovata NotFound: Configurazione SMTP non trovata
AlreadyExists: La configurazione SMTP esiste già AlreadyExists: La configurazione SMTP esiste già
SenderAdressNotCustomDomain: L'indirizzo del mittente deve essere configurato come dominio personalizzato sull'istanza.
Notification: Notification:
NoDomain: Nessun dominio trovato per il messaggio NoDomain: Nessun dominio trovato per il messaggio
User: User:

11
proto/zitadel/admin.proto
View File

@ -3444,6 +3444,7 @@ message GetDomainPolicyResponse {
message UpdateDomainPolicyRequest { message UpdateDomainPolicyRequest {
bool user_login_must_be_domain = 1; bool user_login_must_be_domain = 1;
bool validate_org_domains = 2; bool validate_org_domains = 2;
bool smtp_sender_address_matches_instance_domain = 3;
} }
message UpdateDomainPolicyResponse { message UpdateDomainPolicyResponse {
@ -3497,6 +3498,11 @@ message AddCustomDomainPolicyRequest {
description: "defines if organisation domains should be validated org count as validated automatically" description: "defines if organisation domains should be validated org count as validated automatically"
} }
]; ];
bool smtp_sender_address_matches_instance_domain = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the smtp sender address domain should match an existing domain on the instance"
}
];
} }
message AddCustomDomainPolicyResponse { message AddCustomDomainPolicyResponse {
@ -3528,6 +3534,11 @@ message UpdateCustomDomainPolicyRequest {
description: "defines if organisation domains should be validated org count as validated automatically" description: "defines if organisation domains should be validated org count as validated automatically"
} }
]; ];
bool smtp_sender_address_matches_instance_domain = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the smtp sender address domain should match an existing domain on the instance"
}
];
} }
message UpdateCustomDomainPolicyResponse { message UpdateCustomDomainPolicyResponse {

6
proto/zitadel/policy.proto
View File

@ -40,6 +40,12 @@ message DomainPolicy {
description: "defines if organisation domains should be validated org count as validated automatically" description: "defines if organisation domains should be validated org count as validated automatically"
} }
]; ];
bool smtp_sender_address_matches_instance_domain = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the smtp sender address domain should match an existing domain on the instance"
}
];
} }
message LabelPolicy { message LabelPolicy {