diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3362ac23bc..ce3ceccca9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -91,7 +91,7 @@ jobs: pull-requests: write needs: [version, core-unit-test, core-integration-test, lint, container, e2e] - if: ${{ needs.version.outputs.published == 'true' && github.event_name == 'workflow_dispatch' }} + if: ${{ github.event_name == 'workflow_dispatch' }} secrets: GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }} with: diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index abf5f44807..c5a9a4008f 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -47,4 +47,4 @@ jobs: name: output id: output run: - if [[ ! -z "${{ steps.semantic.outputs.new_release_version }}" ]]; then echo "VERSION=v${{ steps.semantic.outputs.new_release_version }}" >> "$GITHUB_OUTPUT"; else echo "VERSION=" >> "$GITHUB_OUTPUT";fi + if [[ ! -z "${{ steps.semantic.outputs.new_release_version }}" ]]; then echo "VERSION=v${{ steps.semantic.outputs.new_release_version }}" >> "$GITHUB_OUTPUT"; else echo "VERSION=${{ github.sha }}" >> "$GITHUB_OUTPUT";fi diff --git a/.gitignore b/.gitignore index b2f4277b2c..fe02b30b6c 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,7 @@ sandbox.go .idea .vscode .DS_STORE +.run # credential google-credentials @@ -75,6 +76,7 @@ migrations/cockroach/migrate_cloud.go !/.artifacts/zitadel /zitadel node_modules/ +.kreya go.work go.work.sum diff --git a/Makefile b/Makefile index 2a36edfe9f..e3936b8379 100644 --- a/Makefile +++ b/Makefile @@ -103,7 +103,7 @@ core_unit_test: core_integration_setup: go build -o zitadel main.go ./zitadel init --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml - ./zitadel setup --masterkeyFromEnv --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml + ./zitadel setup --masterkeyFromEnv --config internal/integration/config/zitadel.yaml --config internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml --steps internal/integration/config/zitadel.yaml --steps internal/integration/config/${INTEGRATION_DB_FLAVOR}.yaml $(RM) zitadel .PHONY: core_integration_test diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml index 55c9975d18..ab158f36a7 100644 --- a/cmd/defaults.yaml +++ b/cmd/defaults.yaml @@ -721,11 +721,11 @@ DefaultInstance: Host: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST User: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER Password: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD - TLS: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_SSL + TLS: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_TLS # If the host of the sender is different from ExternalDomain set DefaultInstance.DomainPolicy.SMTPSenderAddressMatchesInstanceDomain to false - From: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_FROM - FromName: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_FROMNAME - ReplyToAddress: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_REPLYTOADDRESS + From: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM + FromName: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME + ReplyToAddress: # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_REPLYTOADDRESS MessageTexts: - MessageTextType: InitCode Language: de @@ -834,6 +834,11 @@ DefaultInstance: # DisallowPublicOrgRegistration defines if ZITADEL should expose the endpoint /ui/login/register/org # If it is true, the endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests. DisallowPublicOrgRegistration: # ZITADEL_DEFAULTINSTANCE_RESTRICTIONS_DISALLOWPUBLICORGREGISTRATION + # AllowedLanguages restricts the languages that can be used. + # If the list is empty, all supported languages are allowed. + AllowedLanguages: # ZITADEL_DEFAULTINSTANCE_RESTRICTIONS_ALLOWEDLANGUAGES + # - en + # - de Quotas: # Items take a slice of quota configurations, whereas, for each unit type and instance, one or zero quotas may exist. # The following unit types are supported diff --git a/cmd/initialise/sql/cockroach/01_user.sql b/cmd/initialise/sql/cockroach/01_user.sql index e9473e46c2..4e621216ce 100644 --- a/cmd/initialise/sql/cockroach/01_user.sql +++ b/cmd/initialise/sql/cockroach/01_user.sql @@ -1,2 +1,2 @@ -- replace %[1]s with the name of the user -CREATE USER IF NOT EXISTS %[1]s \ No newline at end of file +CREATE USER IF NOT EXISTS "%[1]s" \ No newline at end of file diff --git a/cmd/initialise/sql/cockroach/02_database.sql b/cmd/initialise/sql/cockroach/02_database.sql index 8d0e37e565..a0e3c3350f 100644 --- a/cmd/initialise/sql/cockroach/02_database.sql +++ b/cmd/initialise/sql/cockroach/02_database.sql @@ -1,2 +1,2 @@ -- replace %[1]s with the name of the database -CREATE DATABASE IF NOT EXISTS %[1]s \ No newline at end of file +CREATE DATABASE IF NOT EXISTS "%[1]s" \ No newline at end of file diff --git a/cmd/initialise/sql/cockroach/03_grant_user.sql b/cmd/initialise/sql/cockroach/03_grant_user.sql index 161b2f5ba4..de0d2743eb 100644 --- a/cmd/initialise/sql/cockroach/03_grant_user.sql +++ b/cmd/initialise/sql/cockroach/03_grant_user.sql @@ -1,4 +1,4 @@ -- replace the first %[1]s with the database -- replace the second \%[2]s with the user -GRANT ALL ON DATABASE %[1]s TO %[2]s; -GRANT SYSTEM VIEWACTIVITY TO %[2]s; \ No newline at end of file +GRANT ALL ON DATABASE "%[1]s" TO "%[2]s"; +GRANT SYSTEM VIEWACTIVITY TO "%[2]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/cockroach/04_eventstore.sql b/cmd/initialise/sql/cockroach/04_eventstore.sql index fca432b3a9..3cb4fc0d3e 100644 --- a/cmd/initialise/sql/cockroach/04_eventstore.sql +++ b/cmd/initialise/sql/cockroach/04_eventstore.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS eventstore; -GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/cockroach/05_projections.sql b/cmd/initialise/sql/cockroach/05_projections.sql index eafbda805f..91ca6662ee 100644 --- a/cmd/initialise/sql/cockroach/05_projections.sql +++ b/cmd/initialise/sql/cockroach/05_projections.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS projections; -GRANT ALL ON ALL TABLES IN SCHEMA projections TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA projections TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/cockroach/06_system.sql b/cmd/initialise/sql/cockroach/06_system.sql index f66c9dbe96..6c9138918b 100644 --- a/cmd/initialise/sql/cockroach/06_system.sql +++ b/cmd/initialise/sql/cockroach/06_system.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS system; -GRANT ALL ON ALL TABLES IN SCHEMA system TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA system TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/01_user.sql b/cmd/initialise/sql/postgres/01_user.sql index 1afbce7ac7..cd60b9a2cf 100644 --- a/cmd/initialise/sql/postgres/01_user.sql +++ b/cmd/initialise/sql/postgres/01_user.sql @@ -1 +1 @@ -CREATE USER %[1]s \ No newline at end of file +CREATE USER "%[1]s" \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/02_database.sql b/cmd/initialise/sql/postgres/02_database.sql index 809d3b9099..895a1f29d5 100644 --- a/cmd/initialise/sql/postgres/02_database.sql +++ b/cmd/initialise/sql/postgres/02_database.sql @@ -1 +1 @@ -CREATE DATABASE %[1]s \ No newline at end of file +CREATE DATABASE "%[1]s" \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/03_grant_user.sql b/cmd/initialise/sql/postgres/03_grant_user.sql index f96cb22b6a..13ce4ac4bb 100644 --- a/cmd/initialise/sql/postgres/03_grant_user.sql +++ b/cmd/initialise/sql/postgres/03_grant_user.sql @@ -1,3 +1,3 @@ -- replace the first %[1]s with the database -- replace the second \%[2]s with the user -GRANT ALL ON DATABASE %[1]s TO %[2]s; \ No newline at end of file +GRANT ALL ON DATABASE "%[1]s" TO "%[2]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/04_eventstore.sql b/cmd/initialise/sql/postgres/04_eventstore.sql index fca432b3a9..3cb4fc0d3e 100644 --- a/cmd/initialise/sql/postgres/04_eventstore.sql +++ b/cmd/initialise/sql/postgres/04_eventstore.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS eventstore; -GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA eventstore TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/05_projections.sql b/cmd/initialise/sql/postgres/05_projections.sql index eafbda805f..91ca6662ee 100644 --- a/cmd/initialise/sql/postgres/05_projections.sql +++ b/cmd/initialise/sql/postgres/05_projections.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS projections; -GRANT ALL ON ALL TABLES IN SCHEMA projections TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA projections TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/sql/postgres/06_system.sql b/cmd/initialise/sql/postgres/06_system.sql index f66c9dbe96..6c9138918b 100644 --- a/cmd/initialise/sql/postgres/06_system.sql +++ b/cmd/initialise/sql/postgres/06_system.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS system; -GRANT ALL ON ALL TABLES IN SCHEMA system TO %[1]s; \ No newline at end of file +GRANT ALL ON ALL TABLES IN SCHEMA system TO "%[1]s"; \ No newline at end of file diff --git a/cmd/initialise/verify_database_test.go b/cmd/initialise/verify_database_test.go index 627a9192c8..ebdf0473b6 100644 --- a/cmd/initialise/verify_database_test.go +++ b/cmd/initialise/verify_database_test.go @@ -26,7 +26,7 @@ func Test_verifyDB(t *testing.T) { name: "doesn't exists, create fails", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", sql.ErrTxDone), + expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS \"zitadel\"", sql.ErrTxDone), ), database: "zitadel", }, @@ -36,7 +36,7 @@ func Test_verifyDB(t *testing.T) { name: "doesn't exists, create successful", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", nil), + expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS \"zitadel\"", nil), ), database: "zitadel", }, @@ -46,7 +46,7 @@ func Test_verifyDB(t *testing.T) { name: "already exists", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS zitadel", nil), + expectExec("-- replace zitadel with the name of the database\nCREATE DATABASE IF NOT EXISTS \"zitadel\"", nil), ), database: "zitadel", }, diff --git a/cmd/initialise/verify_grant_test.go b/cmd/initialise/verify_grant_test.go index 93196037d7..a6bfa818ad 100644 --- a/cmd/initialise/verify_grant_test.go +++ b/cmd/initialise/verify_grant_test.go @@ -21,7 +21,7 @@ func Test_verifyGrant(t *testing.T) { name: "doesn't exists, create fails", args: args{ db: prepareDB(t, - expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", sql.ErrTxDone), + expectExec("GRANT ALL ON DATABASE \"zitadel\" TO \"zitadel-user\"", sql.ErrTxDone), ), database: "zitadel", username: "zitadel-user", @@ -32,7 +32,7 @@ func Test_verifyGrant(t *testing.T) { name: "correct", args: args{ db: prepareDB(t, - expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", nil), + expectExec("GRANT ALL ON DATABASE \"zitadel\" TO \"zitadel-user\"", nil), ), database: "zitadel", username: "zitadel-user", @@ -43,7 +43,7 @@ func Test_verifyGrant(t *testing.T) { name: "already exists", args: args{ db: prepareDB(t, - expectExec("GRANT ALL ON DATABASE zitadel TO zitadel-user", nil), + expectExec("GRANT ALL ON DATABASE \"zitadel\" TO \"zitadel-user\"", nil), ), database: "zitadel", username: "zitadel-user", diff --git a/cmd/initialise/verify_user_test.go b/cmd/initialise/verify_user_test.go index 0104319acc..da7afc1765 100644 --- a/cmd/initialise/verify_user_test.go +++ b/cmd/initialise/verify_user_test.go @@ -27,7 +27,7 @@ func Test_verifyUser(t *testing.T) { name: "doesn't exists, create fails", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user", sql.ErrTxDone), + expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS \"zitadel-user\"", sql.ErrTxDone), ), username: "zitadel-user", password: "", @@ -38,7 +38,7 @@ func Test_verifyUser(t *testing.T) { name: "correct without password", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user", nil), + expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS \"zitadel-user\"", nil), ), username: "zitadel-user", password: "", @@ -49,7 +49,7 @@ func Test_verifyUser(t *testing.T) { name: "correct with password", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user WITH PASSWORD 'password'", nil), + expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS \"zitadel-user\" WITH PASSWORD 'password'", nil), ), username: "zitadel-user", password: "password", @@ -60,7 +60,7 @@ func Test_verifyUser(t *testing.T) { name: "already exists", args: args{ db: prepareDB(t, - expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS zitadel-user WITH PASSWORD 'password'", nil), + expectExec("-- replace zitadel-user with the name of the user\nCREATE USER IF NOT EXISTS \"zitadel-user\" WITH PASSWORD 'password'", nil), ), username: "zitadel-user", password: "", diff --git a/cmd/key/key.go b/cmd/key/key.go index c01da58ef2..b18bb867e8 100644 --- a/cmd/key/key.go +++ b/cmd/key/key.go @@ -13,7 +13,7 @@ import ( cryptoDB "github.com/zitadel/zitadel/internal/crypto/database" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/database/dialect" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -86,7 +86,7 @@ func keysFromArgs(args []string) ([]*crypto.Key, error) { for i, arg := range args { key := strings.Split(arg, "=") if len(key) != 2 { - return nil, caos_errs.ThrowInternal(nil, "KEY-JKd82", "argument is not in the valid format [keyID=key]") + return nil, zerrors.ThrowInternal(nil, "KEY-JKd82", "argument is not in the valid format [keyID=key]") } keys[i] = &crypto.Key{ ID: key[0], @@ -99,11 +99,11 @@ func keysFromArgs(args []string) ([]*crypto.Key, error) { func keysFromYAML(file io.Reader) ([]*crypto.Key, error) { data, err := io.ReadAll(file) if err != nil { - return nil, caos_errs.ThrowInternal(err, "KEY-ajGFr", "unable to extract keys from file") + return nil, zerrors.ThrowInternal(err, "KEY-ajGFr", "unable to extract keys from file") } keysYAML := make(map[string]string) if err = yaml.Unmarshal(data, &keysYAML); err != nil { - return nil, caos_errs.ThrowInternal(err, "KEY-sd34K", "unable to extract keys from file") + return nil, zerrors.ThrowInternal(err, "KEY-sd34K", "unable to extract keys from file") } keys := make([]*crypto.Key, 0, len(keysYAML)) for id, key := range keysYAML { @@ -118,7 +118,7 @@ func keysFromYAML(file io.Reader) ([]*crypto.Key, error) { func openFile(fileName string) (io.Reader, error) { file, err := os.Open(fileName) if err != nil { - return nil, caos_errs.ThrowInternalf(err, "KEY-asGr2", "failed to open file: %s", fileName) + return nil, zerrors.ThrowInternalf(err, "KEY-asGr2", "failed to open file: %s", fileName) } return file, nil } diff --git a/cmd/key/key_test.go b/cmd/key/key_test.go index c4e25e6833..ffd432a3f8 100644 --- a/cmd/key/key_test.go +++ b/cmd/key/key_test.go @@ -8,9 +8,8 @@ import ( "github.com/stretchr/testify/assert" - caos_errors "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_keysFromArgs(t *testing.T) { @@ -39,7 +38,7 @@ func Test_keysFromArgs(t *testing.T) { args: []string{"keyID", "value"}, }, res{ - err: caos_errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -110,7 +109,7 @@ func Test_keysFromYAML(t *testing.T) { file: bytes.NewReader([]byte("keyID=ds")), }, res{ - err: caos_errors.IsInternal, + err: zerrors.IsInternal, }, }, { diff --git a/cmd/setup/07/logstore.sql b/cmd/setup/07/logstore.sql index b2df7f686f..934ffa2036 100644 --- a/cmd/setup/07/logstore.sql +++ b/cmd/setup/07/logstore.sql @@ -1,3 +1,3 @@ CREATE SCHEMA IF NOT EXISTS logstore; -GRANT ALL ON ALL TABLES IN SCHEMA logstore TO %[1]s; +GRANT ALL ON ALL TABLES IN SCHEMA logstore TO "%[1]s"; diff --git a/cmd/setup/19.go b/cmd/setup/19.go new file mode 100644 index 0000000000..7919ef9ad9 --- /dev/null +++ b/cmd/setup/19.go @@ -0,0 +1,26 @@ +package setup + +import ( + "context" + _ "embed" + + "github.com/zitadel/zitadel/internal/database" +) + +var ( + //go:embed 19.sql + addCurrentSequencesIndex string +) + +type AddCurrentSequencesIndex struct { + dbClient *database.DB +} + +func (mig *AddCurrentSequencesIndex) Execute(ctx context.Context) error { + _, err := mig.dbClient.ExecContext(ctx, addCurrentSequencesIndex) + return err +} + +func (mig *AddCurrentSequencesIndex) String() string { + return "19_add_current_sequences_index" +} diff --git a/cmd/setup/19.sql b/cmd/setup/19.sql new file mode 100644 index 0000000000..0d690c9552 --- /dev/null +++ b/cmd/setup/19.sql @@ -0,0 +1 @@ +CREATE INDEX CONCURRENTLY IF NOT EXISTS events2_current_sequence ON eventstore.events2 ("sequence" DESC, aggregate_id, aggregate_type, instance_id); \ No newline at end of file diff --git a/cmd/setup/config.go b/cmd/setup/config.go index 92ca30c3b1..84e7903dcf 100644 --- a/cmd/setup/config.go +++ b/cmd/setup/config.go @@ -76,6 +76,7 @@ type Steps struct { s16UniqueConstraintsLower *UniqueConstraintToLower s17AddOffsetToUniqueConstraints *AddOffsetToCurrentStates s18AddLowerFieldsToLoginNames *AddLowerFieldsToLoginNames + s19AddCurrentStatesIndex *AddCurrentSequencesIndex } type encryptionKeyConfig struct { diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go index 2b604018bc..4fc3f64481 100644 --- a/cmd/setup/setup.go +++ b/cmd/setup/setup.go @@ -17,6 +17,7 @@ import ( "github.com/zitadel/zitadel/internal/eventstore" old_es "github.com/zitadel/zitadel/internal/eventstore/repository/sql" new_es "github.com/zitadel/zitadel/internal/eventstore/v3" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/migration" "github.com/zitadel/zitadel/internal/query/projection" ) @@ -65,6 +66,8 @@ func Setup(config *Config, steps *Steps, masterKey string) { ctx := context.Background() logging.Info("setup started") + i18n.MustLoadSupportedLanguagesFromDir() + queryDBClient, err := database.Connect(config.Database, false, dialect.DBPurposeQuery) logging.OnError(err).Fatal("unable to connect to database") esPusherDBClient, err := database.Connect(config.Database, false, dialect.DBPurposeEventPusher) @@ -106,6 +109,7 @@ func Setup(config *Config, steps *Steps, masterKey string) { steps.s16UniqueConstraintsLower = &UniqueConstraintToLower{dbClient: queryDBClient} steps.s17AddOffsetToUniqueConstraints = &AddOffsetToCurrentStates{dbClient: queryDBClient} steps.s18AddLowerFieldsToLoginNames = &AddLowerFieldsToLoginNames{dbClient: queryDBClient} + steps.s19AddCurrentStatesIndex = &AddCurrentSequencesIndex{dbClient: queryDBClient} err = projection.Create(ctx, projectionDBClient, eventstoreClient, config.Projections, nil, nil, nil) logging.OnError(err).Fatal("unable to start projections") @@ -150,6 +154,8 @@ func Setup(config *Config, steps *Steps, masterKey string) { logging.WithFields("name", steps.s16UniqueConstraintsLower.String()).OnError(err).Fatal("migration failed") err = migration.Migrate(ctx, eventstoreClient, steps.s17AddOffsetToUniqueConstraints) logging.WithFields("name", steps.s17AddOffsetToUniqueConstraints.String()).OnError(err).Fatal("migration failed") + err = migration.Migrate(ctx, eventstoreClient, steps.s19AddCurrentStatesIndex) + logging.WithFields("name", steps.s19AddCurrentStatesIndex.String()).OnError(err).Fatal("migration failed") for _, repeatableStep := range repeatableSteps { err = migration.Migrate(ctx, eventstoreClient, repeatableStep) diff --git a/cmd/start/encryption_keys.go b/cmd/start/encryption_keys.go index 91faf53af9..b5943bf40b 100644 --- a/cmd/start/encryption_keys.go +++ b/cmd/start/encryption_keys.go @@ -2,7 +2,7 @@ package start import ( "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -106,7 +106,7 @@ func verifyDefaultKeys(keyStorage crypto.KeyStorage) (err error) { return nil } if err := keyStorage.CreateKeys(keys...); err != nil { - return caos_errs.ThrowInternal(err, "START-aGBq2", "cannot create default keys") + return zerrors.ThrowInternal(err, "START-aGBq2", "cannot create default keys") } return nil } diff --git a/cmd/start/start.go b/cmd/start/start.go index 88ccf9fb75..f367d923fd 100644 --- a/cmd/start/start.go +++ b/cmd/start/start.go @@ -63,6 +63,7 @@ import ( "github.com/zitadel/zitadel/internal/eventstore" old_es "github.com/zitadel/zitadel/internal/eventstore/repository/sql" new_es "github.com/zitadel/zitadel/internal/eventstore/v3" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/logstore" "github.com/zitadel/zitadel/internal/logstore/emitters/access" @@ -94,7 +95,6 @@ Requirements: if err != nil { return err } - return startZitadel(config, masterKey, server) }, } @@ -124,6 +124,8 @@ func startZitadel(config *Config, masterKey string, server chan<- *Server) error ctx := context.Background() + i18n.MustLoadSupportedLanguagesFromDir() + queryDBClient, err := database.Connect(config.Database, false, dialect.DBPurposeQuery) if err != nil { return fmt.Errorf("cannot start DB client for queries: %w", err) @@ -221,6 +223,7 @@ func startZitadel(config *Config, masterKey string, server chan<- *Server) error if err != nil { return fmt.Errorf("cannot start commands: %w", err) } + defer commands.Close(ctx) // wait for background jobs clock := clockpkg.New() actionsExecutionStdoutEmitter, err := logstore.NewEmitter[*record.ExecutionLog](ctx, clock, &logstore.EmitterConfig{Enabled: config.LogStore.Execution.Stdout.Enabled}, stdout.NewStdoutEmitter[*record.ExecutionLog]()) diff --git a/console/src/app/app.module.ts b/console/src/app/app.module.ts index 8466833aa7..4796d7acb8 100644 --- a/console/src/app/app.module.ts +++ b/console/src/app/app.module.ts @@ -69,6 +69,7 @@ import { StatehandlerService, StatehandlerServiceImpl } from './services/stateha import { StorageService } from './services/storage.service'; import { ThemeService } from './services/theme.service'; import { ToastService } from './services/toast.service'; +import { LanguagesService } from './services/languages.service'; registerLocaleData(localeDe); i18nIsoCountries.registerLocale(require('i18n-iso-countries/langs/de.json')); @@ -228,6 +229,7 @@ const authConfig: AuthConfig = { AssetService, ToastService, NavigationService, + LanguagesService, { provide: 'windowObject', useValue: window }, ], bootstrap: [AppComponent], diff --git a/console/src/app/modules/domains/domain-verification/domain-verification.component.html b/console/src/app/modules/domains/domain-verification/domain-verification.component.html index 7eb53f6e4a..5faf56e3eb 100644 --- a/console/src/app/modules/domains/domain-verification/domain-verification.component.html +++ b/console/src/app/modules/domains/domain-verification/domain-verification.component.html @@ -1,64 +1,87 @@ -{{ 'ORG.PAGES.ORGDOMAIN.TITLE' | translate }} {{ domain?.domainName }} -
-

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION' | translate }}

+
+
+

{{ 'ORG.PAGES.ORGDOMAIN.TITLE' | translate: { value: domain?.domainName } }}

+ + info_outline + +
+
- {{ +
+
+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION' | translate }}

+

+ {{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_HTML' | translate }} +

+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_DNS' | translate }}

+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_SKIP' | translate }}

+
+ + {{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_VALIDATION_DESC' | translate }} -

- {{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_VALIDATION_ONGOING' | translate: domain }} - {{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_VALIDATION_ONGOING_TYPE' | translate }} - {{ 'ORG.PAGES.ORGDOMAIN.TYPES.' + domain?.validationType | translate }} +

+ {{ + 'ORG.PAGES.ORGDOMAIN.VERIFICATION_VALIDATION_ONGOING' + | translate: { value: domain?.validationType == 1 ? 'HTTP' : 'DNS' } + }}

-
- - - - -
- -

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_NEWTOKEN_TITLE' | translate }}

-

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_NEWTOKEN_DESC' | translate }}

- -
- - -
-
-

HTTP TOKEN

-

{{ http.url }}

- -
- - -
+ +

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_HTTP_FILE_LABEL' | translate }}

+
-

DNS TOKEN

-
-

{{ dns.token }}

+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_DNS_DESC' | translate: { value: domain?.domainName } }}

+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_DNS_HOST_LABEL' | translate }}

+
+
+

{{ dnsChallenge }}

+ +
+ .{{ domain?.domainName }} +
+

{{ 'ORG.PAGES.ORGDOMAIN.VERIFICATION_DNS_CHALLENGE_LABEL' | translate }}

+
+

{{ dns.token }}

- -
-

{{ dns.url }}

+ + + + + +
+ + +
+ diff --git a/console/src/app/modules/domains/domain-verification/domain-verification.component.scss b/console/src/app/modules/domains/domain-verification/domain-verification.component.scss index fff5b62c85..fe23fa61e5 100644 --- a/console/src/app/modules/domains/domain-verification/domain-verification.component.scss +++ b/console/src/app/modules/domains/domain-verification/domain-verification.component.scss @@ -1,28 +1,44 @@ -.btn-container { - display: flex; - margin: -0.5rem; - align-items: center; +@mixin domain-verification-theme($theme) { + $is-dark-theme: map-get($theme, is-dark); + $border-color: if($is-dark-theme, rgba(#8795a1, 0.2), rgba(#8795a1, 0.2)); - button { - margin: 1rem 0.5rem; + .desc { + font-size: 0.9rem; + } + + .entry { + margin: 0.5rem 0; + display: inline-block; + } + + .domain-entry { + display: flex; + align-items: center; + width: fit-content; + border: 1px solid $border-color; + + p { + padding-left: 1rem; + } + } + + .domain-line { + display: flex; + align-items: center; + + span { + padding-left: 0.2rem; + } + } + + .action { + display: flex !important; + justify-content: space-between !important; + } + + .dialog-title { + display: flex; + align-items: center; + margin-top: -3rem; } } - -.desc { - font-size: 0.9rem; -} - -.entry { - margin: 0.5rem 0; - display: inline-block; -} - -.domain-line { - display: flex; - align-items: center; -} - -.action { - display: flex; - justify-content: flex-start; -} diff --git a/console/src/app/modules/domains/domain-verification/domain-verification.component.ts b/console/src/app/modules/domains/domain-verification/domain-verification.component.ts index 94a79908da..4ff4dfa1f2 100644 --- a/console/src/app/modules/domains/domain-verification/domain-verification.component.ts +++ b/console/src/app/modules/domains/domain-verification/domain-verification.component.ts @@ -26,6 +26,7 @@ export class DomainVerificationComponent { public validating: boolean = false; public InfoSectionType: any = InfoSectionType; + public dnsChallenge = '_zitadel-challenge'; constructor( private toast: ToastService, diff --git a/console/src/app/modules/filter-events/filter-events.component.html b/console/src/app/modules/filter-events/filter-events.component.html index 5d835c32b5..ed1943b514 100644 --- a/console/src/app/modules/filter-events/filter-events.component.html +++ b/console/src/app/modules/filter-events/filter-events.component.html @@ -145,7 +145,6 @@
-
- - {{ 'IAM.EVENTS.FILTERS.SEQUENCE.SORT' | translate }} - - - {{ 'IAM.EVENTS.FILTERS.SEQUENCE.DESC' | translate }} - {{ 'IAM.EVENTS.FILTERS.SEQUENCE.ASC' | translate }} - - - {{ 'IAM.EVENTS.FILTERS.SEQUENCE.LABEL' | translate }}
-
-
- {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.CHECKBOX' | translate }} - -
-
- - {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.LABEL' | translate }} - - - - + + + {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.RADIO_FROM' | translate }} + + + {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.RADIO_RANGE' | translate }} + + +
+ + + + + + +
+ + {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.LABEL_SINCE' | translate }} + + + + + {{ 'IAM.EVENTS.FILTERS.CREATIONDATE.LABEL_UNTIL' | translate }} + + + +
+
+
+ + {{ 'IAM.EVENTS.FILTERS.SORT' | translate }} + + + {{ 'IAM.EVENTS.FILTERS.DESC' | translate }} + {{ 'IAM.EVENTS.FILTERS.ASC' | translate }} + + +
diff --git a/console/src/app/modules/filter-events/filter-events.component.scss b/console/src/app/modules/filter-events/filter-events.component.scss index 8e2e9558c2..3d76435018 100644 --- a/console/src/app/modules/filter-events/filter-events.component.scss +++ b/console/src/app/modules/filter-events/filter-events.component.scss @@ -19,7 +19,7 @@ display: flex; flex-direction: column; padding: 0.5rem 0; - min-width: 320px; + min-width: 360px; max-width: 360px; padding-bottom: 0.5rem; position: relative; @@ -55,11 +55,23 @@ align-items: center; } + .mdc-text-field--filled:not(.mdc-text-field--disabled) { + background-color: map-get($background, cards); + } + + .datetime-input { + width: 100%; + } + + .datetime-range { + display: inline-block; + } + .filter-events-sub { display: flex; flex-direction: row; align-items: center; - justify-content: space-between; + justify-content: space-around; padding: 0 0.5rem; background-color: if($is-dark-theme, #00000020, #00000008); margin: 0 -0.5rem; diff --git a/console/src/app/modules/filter-events/filter-events.component.ts b/console/src/app/modules/filter-events/filter-events.component.ts index 158a767ce3..15bffd10b5 100644 --- a/console/src/app/modules/filter-events/filter-events.component.ts +++ b/console/src/app/modules/filter-events/filter-events.component.ts @@ -15,13 +15,18 @@ export enum UserTarget { EXTERNAL = 'external', } +enum CreationDateFilterType { + FROM = 'from', + RANGE = 'range', +} + function dateToTs(date: Date): Timestamp { const ts = new Timestamp(); const milliseconds = date.getTime(); - const seconds = Math.abs(milliseconds / 1000); + const seconds = milliseconds / 1000; const nanos = (milliseconds - seconds * 1000) * 1000 * 1000; - ts.setSeconds(seconds); - ts.setNanos(nanos); + ts.setSeconds(Math.round(seconds)); + ts.setNanos(Math.round(nanos)); return ts; } @@ -31,6 +36,9 @@ function dateToTs(date: Date): Timestamp { styleUrls: ['./filter-events.component.scss'], }) export class FilterEventsComponent implements OnInit { + // Make enum available in template + public CreationDateFilterType = CreationDateFilterType; + public showFilter: boolean = false; public ActionKeysType: any = ActionKeysType; @@ -53,8 +61,11 @@ export class FilterEventsComponent implements OnInit { sequenceFilterSet: new FormControl(false), sequence: new FormControl(''), isAsc: new FormControl(false), - creationDateFilterSet: new FormControl(false), - creationDate: new FormControl(new Date()), + creationDateFilterType: new FormControl(CreationDateFilterType.FROM), + creationDateFrom: new FormControl(new Date()), + // creationDateSince is 15 minutes in the past by default + creationDateSince: new FormControl(new Date(new Date().getTime() - 15 * 60_000)), + creationDateUntil: new FormControl(new Date()), userFilterSet: new FormControl(false), editorUserId: new FormControl(''), aggregateFilterSet: new FormControl(false), @@ -64,6 +75,8 @@ export class FilterEventsComponent implements OnInit { eventTypesList: new FormControl([]), }); + private initialValues = this.form.getRawValue(); + constructor( private adminService: AdminService, private toast: ToastService, @@ -78,20 +91,35 @@ export class FilterEventsComponent implements OnInit { const { filter } = params; if (filter) { const stringifiedFilters = filter as string; - const filters = JSON.parse(stringifiedFilters); + const filters = JSON.parse(decodeURIComponent(stringifiedFilters)); if (filters.aggregateId) { this.request.setAggregateId(filters.aggregateId); this.aggregateId?.setValue(filters.aggregateId); this.aggregateFilterSet?.setValue(true); } - if (filters.creationDate) { - const milliseconds = filters.creationDate; - const date = new Date(milliseconds); - const ts = dateToTs(date); + if (filters.creationDateFrom) { + const millisecondsFrom = filters.creationDateFrom; + const dateFrom = new Date(millisecondsFrom); + const ts = dateToTs(dateFrom); + this.creationDateFrom?.setValue(dateFrom); + this.creationDateFilterType?.setValue(CreationDateFilterType.FROM); this.request.setCreationDate(ts); - this.creationDate?.setValue(date); - this.creationDateFilterSet?.setValue(true); + } + if (filters.creationDateSince || filters.creationDateUntil) { + const millisecondsFrom = filters.creationDateSince; + const dateSince = new Date(millisecondsFrom); + const tsSince = dateToTs(dateSince); + this.creationDateSince?.setValue(dateSince); + const millisecondsUntil = filters.creationDateUntil; + const dateUntil = new Date(millisecondsUntil); + const tsUntil = dateToTs(dateUntil); + this.creationDateUntil?.setValue(dateUntil); + const range = new ListEventsRequest.creation_date_range(); + range.setSince(tsSince); + range.setUntil(tsUntil); + this.request.setRange(range); + this.creationDateFilterType?.setValue(CreationDateFilterType.RANGE); } if (filters.aggregateTypesList && filters.aggregateTypesList.length) { const values = this.aggregateTypes.filter((agg) => filters.aggregateTypesList.includes(agg.type)); @@ -146,6 +174,7 @@ export class FilterEventsComponent implements OnInit { public reset(): void { this.form.reset(); + this.form.setValue(this.initialValues); this.emitChange(); } @@ -252,11 +281,28 @@ export class FilterEventsComponent implements OnInit { constructRequest.setAsc(formValues.isAsc); filterObject.isAsc = formValues.isAsc; } - if (formValues.creationDateFilterSet && formValues.creationDate) { - const date = new Date(formValues.creationDate); - const ts = dateToTs(date); - constructRequest.setCreationDate(ts); - filterObject.creationDate = date.getTime(); + if (formValues.creationDateFilterType === CreationDateFilterType.FROM) { + const dateFrom = new Date(formValues.creationDateFrom); + const tsFrom = dateToTs(dateFrom); + constructRequest.setFrom(tsFrom); + constructRequest.clearRange(); + filterObject.creationDateFrom = dateFrom.getTime(); + filterObject.creationDateSince = undefined; + filterObject.creationDateUntil = undefined; + } + if (formValues.creationDateFilterType === CreationDateFilterType.RANGE) { + const range = new ListEventsRequest.creation_date_range(); + const dateSince = new Date(formValues.creationDateSince); + const tsSince = dateToTs(dateSince); + range.setSince(tsSince); + filterObject.creationDateSince = dateSince.getTime(); + const dateUntil = new Date(formValues.creationDateUntil); + const tsUntil = dateToTs(dateUntil); + range.setUntil(tsUntil); + filterObject.creationDateUntil = dateUntil.getTime(); + constructRequest.setRange(range); + constructRequest.clearFrom(); + filterObject.creationDateFrom = undefined; } this.requestChanged.emit(constructRequest); @@ -265,7 +311,7 @@ export class FilterEventsComponent implements OnInit { this.router.navigate([], { relativeTo: this.route, queryParams: { - ['filter']: JSON.stringify(filterObject), + ['filter']: encodeURIComponent(JSON.stringify(filterObject)), }, replaceUrl: true, queryParamsHandling: 'merge', @@ -304,12 +350,32 @@ export class FilterEventsComponent implements OnInit { return this.form.get('sequenceFilterSet'); } - public get creationDate(): AbstractControl | null { - return this.form.get('creationDate'); + public get creationDateFilterType(): AbstractControl | null { + return this.form.get('creationDateFilterType'); } - public get creationDateFilterSet(): AbstractControl | null { - return this.form.get('creationDateFilterSet'); + public get creationDateFrom(): AbstractControl | null { + return this.form.get('creationDateFrom'); + } + + public set creationDateFrom(event: EventTarget | null) { + this.setDate(this.creationDateFrom!, event); + } + + public get creationDateSince(): AbstractControl | null { + return this.form.get('creationDateSince'); + } + + public set creationDateSince(event: EventTarget | null) { + this.setDate(this.creationDateSince!, event); + } + + public get creationDateUntil(): AbstractControl | null { + return this.form.get('creationDateUntil'); + } + + public set creationDateUntil(event: EventTarget | null) { + this.setDate(this.creationDateUntil!, event); } public get resourceOwnerFilterSet(): AbstractControl | null { @@ -341,9 +407,6 @@ export class FilterEventsComponent implements OnInit { if (this.userFilterSet?.value && this.editorUserId?.value) { ++count; } - if (this.creationDateFilterSet?.value && this.creationDate?.value) { - ++count; - } if (this.aggregateFilterSet?.value && this.aggregateId?.value) { ++count; } @@ -361,4 +424,11 @@ export class FilterEventsComponent implements OnInit { } return count; } + + private setDate(ctrl: AbstractControl, event: EventTarget | null): void { + if (!(event instanceof HTMLInputElement)) { + throw new Error('wrong target'); + } + ctrl.setValue(new Date(event.value || '')); + } } diff --git a/console/src/app/modules/filter-events/filter-events.module.ts b/console/src/app/modules/filter-events/filter-events.module.ts index 9aff53d7d6..d4dd102ae3 100644 --- a/console/src/app/modules/filter-events/filter-events.module.ts +++ b/console/src/app/modules/filter-events/filter-events.module.ts @@ -12,6 +12,8 @@ import { MatProgressSpinnerModule } from '@angular/material/progress-spinner'; import { ActionKeysModule } from '../action-keys/action-keys.module'; import { InputModule } from '../input/input.module'; import { FilterEventsComponent } from './filter-events.component'; +import { MatInputModule } from '@angular/material/input'; +import { MatRadioModule } from '@angular/material/radio'; @NgModule({ declarations: [FilterEventsComponent], @@ -28,6 +30,8 @@ import { FilterEventsComponent } from './filter-events.component'; MatCheckboxModule, MatSelectModule, ActionKeysModule, + MatInputModule, + MatRadioModule, ], exports: [FilterEventsComponent], }) diff --git a/console/src/app/modules/policies/general-settings/general-settings.component.html b/console/src/app/modules/policies/general-settings/general-settings.component.html deleted file mode 100644 index a465cf3466..0000000000 --- a/console/src/app/modules/policies/general-settings/general-settings.component.html +++ /dev/null @@ -1,27 +0,0 @@ -

{{ 'SETTING.DEFAULTLANGUAGE' | translate }}

- - - - - {{ 'SETTING.DEFAULTLANGUAGE' | translate }} - - - {{ lang }} - {{ 'SETTING.LANGUAGE.' + lang | translate }} - - - - -
- -
diff --git a/console/src/app/modules/policies/general-settings/general-settings.component.scss b/console/src/app/modules/policies/general-settings/general-settings.component.scss deleted file mode 100644 index 1e41e2908a..0000000000 --- a/console/src/app/modules/policies/general-settings/general-settings.component.scss +++ /dev/null @@ -1,18 +0,0 @@ -.spinner-wr { - margin: 0.5rem 0; -} - -.default-language { - max-width: 400px; - display: block; -} - -.general-btn-container { - display: flex; - justify-content: flex-start; - margin-top: 1rem; - - .save-button { - display: block; - } -} diff --git a/console/src/app/modules/policies/general-settings/general-settings.component.ts b/console/src/app/modules/policies/general-settings/general-settings.component.ts deleted file mode 100644 index d549b74fe4..0000000000 --- a/console/src/app/modules/policies/general-settings/general-settings.component.ts +++ /dev/null @@ -1,56 +0,0 @@ -import { Component, OnInit } from '@angular/core'; -import { SetDefaultLanguageResponse } from 'src/app/proto/generated/zitadel/admin_pb'; -import { AdminService } from 'src/app/services/admin.service'; -import { ToastService } from 'src/app/services/toast.service'; - -@Component({ - selector: 'cnsl-general-settings', - templateUrl: './general-settings.component.html', - styleUrls: ['./general-settings.component.scss'], -}) -export class GeneralSettingsComponent implements OnInit { - public defaultLanguage: string = ''; - public defaultLanguageOptions: string[] = []; - - public loading: boolean = false; - constructor( - private service: AdminService, - private toast: ToastService, - ) {} - - ngOnInit(): void { - this.fetchData(); - } - - private fetchData(): void { - this.service.getDefaultLanguage().then((langResp) => { - this.defaultLanguage = langResp.language; - }); - this.service.getSupportedLanguages().then((supportedResp) => { - this.defaultLanguageOptions = supportedResp.languagesList; - }); - } - - private updateData(): Promise { - return (this.service as AdminService).setDefaultLanguage(this.defaultLanguage); - } - - public savePolicy(): void { - const prom = this.updateData(); - this.loading = true; - if (prom) { - prom - .then(() => { - this.toast.showInfo('POLICY.LOGIN_POLICY.SAVED', true); - this.loading = false; - setTimeout(() => { - this.fetchData(); - }, 2000); - }) - .catch((error) => { - this.loading = false; - this.toast.showError(error); - }); - } - } -} diff --git a/console/src/app/modules/policies/general-settings/general-settings.module.ts b/console/src/app/modules/policies/general-settings/general-settings.module.ts deleted file mode 100644 index 98f0e4cb53..0000000000 --- a/console/src/app/modules/policies/general-settings/general-settings.module.ts +++ /dev/null @@ -1,29 +0,0 @@ -import { CommonModule } from '@angular/common'; -import { NgModule } from '@angular/core'; -import { FormsModule } from '@angular/forms'; -import { MatButtonModule } from '@angular/material/button'; -import { MatProgressSpinnerModule } from '@angular/material/progress-spinner'; -import { MatSelectModule } from '@angular/material/select'; -import { TranslateModule } from '@ngx-translate/core'; -import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.module'; - -import { CardModule } from '../../card/card.module'; -import { FormFieldModule } from '../../form-field/form-field.module'; -import { GeneralSettingsComponent } from './general-settings.component'; - -@NgModule({ - declarations: [GeneralSettingsComponent], - imports: [ - CommonModule, - CardModule, - FormsModule, - MatButtonModule, - FormFieldModule, - MatProgressSpinnerModule, - MatSelectModule, - HasRolePipeModule, - TranslateModule, - ], - exports: [GeneralSettingsComponent], -}) -export class GeneralSettingsModule {} diff --git a/console/src/app/modules/policies/language-settings/language-settings.component.html b/console/src/app/modules/policies/language-settings/language-settings.component.html new file mode 100644 index 0000000000..e03b005a53 --- /dev/null +++ b/console/src/app/modules/policies/language-settings/language-settings.component.html @@ -0,0 +1,135 @@ +

{{ 'SETTING.LANGUAGES.TITLE' | translate }}

+ + + +
+
+
+
+
+ {{ 'SETTING.LANGUAGES.ALLOWED' | translate }} + +
+
+
+ {{ i + 1 }} + {{ lang }} + {{ 'SETTING.LANGUAGES.OPTIONS.' + lang | translate }} + {{ + 'SETTING.LANGUAGES.DEFAULT' | translate + }} + + + + + + +
+
+
+
+
+
+
+ {{ 'SETTING.LANGUAGES.NOT_ALLOWED' | translate }} + +
+
+
+ {{ lang }} + {{ 'SETTING.LANGUAGES.OPTIONS.' + lang | translate }} +
+
+
+
+
+ + +
+
+
diff --git a/console/src/app/modules/policies/language-settings/language-settings.component.scss b/console/src/app/modules/policies/language-settings/language-settings.component.scss new file mode 100644 index 0000000000..90f0b42e91 --- /dev/null +++ b/console/src/app/modules/policies/language-settings/language-settings.component.scss @@ -0,0 +1,112 @@ +.languages-container-wrapper { + display: grid; + grid-template-columns: 1fr 1fr; + column-gap: 2rem; + + @media only screen and (max-width: 700px) { + grid-template-columns: 1fr; + } + + .languages-container { + display: inline-block; + max-width: 400px; + vertical-align: top; + width: 100%; + + .spinner-wr { + margin: 0.5rem 0; + } + + .default-language { + max-width: 400px; + display: block; + } + } + + .general-btn-container { + display: flex; + justify-content: flex-start; + margin-top: 1rem; + + .save-button { + display: block; + margin-left: 1rem; + } + } +} + +.languages-list { + overflow: hidden; + display: block; + height: 100%; + + .languages-top-row { + display: flex; + flex-direction: row; + align-items: center; + margin-bottom: 1rem; + margin-top: 1.5rem; + + .label { + margin-right: 1rem; + flex: 1; + white-space: nowrap; + } + + .list-button { + white-space: nowrap; + } + } +} + +.languages-box { + position: relative; + display: flex; + flex-direction: row; + align-items: center; + justify-content: space-between; + padding: 0.5rem 0.5rem 0.5rem 2rem; + height: 56px; + cursor: move; + margin: 2px 0; + + .index { + position: absolute; + top: 4px; + left: 4px; + opacity: 0.5; + font-size: 10px; + } + + .locale { + width: 35px; + margin-right: 1rem; + } + + .lang { + flex: 1; + } + + [hoveractions] { + display: none; + } + + .more-button { + height: 40px; + width: 40px; + display: flex; + align-items: center; + justify-content: center; + padding: 0; + } + + &:hover { + [hoveractions] { + display: flex; + } + } + + .defaultlanglabel { + margin-left: 0.5rem; + } +} diff --git a/console/src/app/modules/policies/general-settings/general-settings.component.spec.ts b/console/src/app/modules/policies/language-settings/language-settings.component.spec.ts similarity index 50% rename from console/src/app/modules/policies/general-settings/general-settings.component.spec.ts rename to console/src/app/modules/policies/language-settings/language-settings.component.spec.ts index 23eee2e9f4..8da2c7bb8e 100644 --- a/console/src/app/modules/policies/general-settings/general-settings.component.spec.ts +++ b/console/src/app/modules/policies/language-settings/language-settings.component.spec.ts @@ -1,19 +1,19 @@ import { ComponentFixture, TestBed } from '@angular/core/testing'; -import { GeneralSettingsComponent } from './general-settings.component'; +import { LanguageSettingsComponent } from './language-settings.component'; -describe('GeneralSettingsComponent', () => { - let component: GeneralSettingsComponent; - let fixture: ComponentFixture; +describe('LanguageSettingsComponent', () => { + let component: LanguageSettingsComponent; + let fixture: ComponentFixture; beforeEach(async () => { await TestBed.configureTestingModule({ - declarations: [GeneralSettingsComponent], + declarations: [LanguageSettingsComponent], }).compileComponents(); }); beforeEach(() => { - fixture = TestBed.createComponent(GeneralSettingsComponent); + fixture = TestBed.createComponent(LanguageSettingsComponent); component = fixture.componentInstance; fixture.detectChanges(); }); diff --git a/console/src/app/modules/policies/language-settings/language-settings.component.ts b/console/src/app/modules/policies/language-settings/language-settings.component.ts new file mode 100644 index 0000000000..f2af4641ff --- /dev/null +++ b/console/src/app/modules/policies/language-settings/language-settings.component.ts @@ -0,0 +1,116 @@ +import { ChangeDetectorRef, Component, OnInit } from '@angular/core'; +import { AdminService } from 'src/app/services/admin.service'; +import { ToastService } from 'src/app/services/toast.service'; +import { UntypedFormBuilder } from '@angular/forms'; +import { LanguagesService } from '../../../services/languages.service'; +import { BehaviorSubject, concat, forkJoin, from, Observable, of, Subject, switchMap, take, takeUntil } from 'rxjs'; +import { GrpcAuthService } from '../../../services/grpc-auth.service'; +import { CdkDrag, CdkDragDrop, moveItemInArray, transferArrayItem } from '@angular/cdk/drag-drop'; +import { catchError, map } from 'rxjs/operators'; + +interface State { + allowed: string[]; + notAllowed: string[]; +} + +@Component({ + selector: 'cnsl-language-settings', + templateUrl: './language-settings.component.html', + styleUrls: ['./language-settings.component.scss'], +}) +export class LanguageSettingsComponent { + public canWriteRestrictions$: Observable = this.authService.isAllowed(['iam.restrictions.write']); + public canWriteDefaultLanguage$: Observable = this.authService.isAllowed(['iam.write']); + + public localState$ = new BehaviorSubject({ allowed: [], notAllowed: [] }); + public remoteState$ = new BehaviorSubject({ allowed: [], notAllowed: [] }); + public defaultLang$ = new BehaviorSubject(''); + + public loading: boolean = false; + constructor( + private service: AdminService, + private toast: ToastService, + private langSvc: LanguagesService, + private authService: GrpcAuthService, + ) { + const sub = forkJoin([ + langSvc.allowed$.pipe(take(1)), + langSvc.notAllowed$.pipe(take(1)), + from(this.service.getDefaultLanguage()).pipe(take(1)), + ]).subscribe({ + next: ([allowed, notAllowed, { language: defaultLang }]) => { + this.defaultLang$.next(defaultLang); + this.remoteState$.next({ notAllowed: [...notAllowed], ...{ allowed: [...allowed] } }); + this.localState$.next({ notAllowed: [...notAllowed], ...{ allowed: [...allowed] } }); + }, + error: this.toast.showError, + complete: () => { + sub.unsubscribe(); + }, + }); + } + + drop(event: CdkDragDrop) { + if (event.previousContainer === event.container) { + moveItemInArray(event.container.data, event.previousIndex, event.currentIndex); + } else { + transferArrayItem(event.previousContainer.data, event.container.data, event.previousIndex, event.currentIndex); + } + } + + public defaultLangPredicate = (lang: CdkDrag) => { + return !!lang?.data && lang.data !== this.defaultLang$.value; + }; + + public isRemotelyAllowed$(lang: string): Observable { + return this.remoteState$.pipe(map(({ allowed }) => allowed.includes(lang))); + } + + public allowAll(): void { + this.localState$.next({ allowed: [...this.allLocalLangs()], notAllowed: [] }); + } + + public disallowAll(): void { + const disallowed = this.allLocalLangs().filter((lang) => lang !== this.defaultLang$.value); + this.localState$.next({ allowed: [this.defaultLang$.value], notAllowed: disallowed }); + } + + public submit(): void { + const { allowed, notAllowed } = this.localState$.value; + const sub = from(this.service.setRestrictions(undefined, allowed)).subscribe({ + next: () => { + this.remoteState$.next({ + allowed: [...allowed], + notAllowed: [...notAllowed], + }); + this.langSvc.newAllowed(allowed); + this.toast.showInfo('SETTING.LANGUAGES.ALLOWED_SAVED', true); + }, + error: this.toast.showError, + complete: () => { + sub.unsubscribe(); + }, + }); + } + + public discard(): void { + this.localState$.next(this.remoteState$.value); + } + + public setDefaultLang(lang: string): void { + const sub = from(this.service.setDefaultLanguage(lang)).subscribe({ + next: () => { + this.defaultLang$.next(lang); + this.toast.showInfo('SETTING.LANGUAGES.DEFAULT_SAVED', true); + }, + error: this.toast.showError, + complete: () => { + sub.unsubscribe(); + }, + }); + } + + private allLocalLangs(): string[] { + return [...this.localState$.value.allowed, ...this.localState$.value.notAllowed]; + } +} diff --git a/console/src/app/modules/policies/language-settings/language-settings.module.ts b/console/src/app/modules/policies/language-settings/language-settings.module.ts new file mode 100644 index 0000000000..f19a0d3d3e --- /dev/null +++ b/console/src/app/modules/policies/language-settings/language-settings.module.ts @@ -0,0 +1,46 @@ +import { CommonModule } from '@angular/common'; +import { NgModule } from '@angular/core'; +import { FormsModule, ReactiveFormsModule } from '@angular/forms'; +import { MatButtonModule } from '@angular/material/button'; +import { MatProgressSpinnerModule } from '@angular/material/progress-spinner'; +import { MatSelectModule } from '@angular/material/select'; +import { TranslateModule } from '@ngx-translate/core'; +import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.module'; + +import { CardModule } from '../../card/card.module'; +import { FormFieldModule } from '../../form-field/form-field.module'; +import { LanguageSettingsComponent } from './language-settings.component'; +import { MatListModule } from '@angular/material/list'; +import { MatFormFieldModule } from '@angular/material/form-field'; +import { DragDropModule } from '@angular/cdk/drag-drop'; +import { MatRadioModule } from '@angular/material/radio'; +import { MatTooltipModule } from '@angular/material/tooltip'; +import { TableActionsModule } from '../../table-actions/table-actions.module'; +import { MatMenuModule } from '@angular/material/menu'; +import { MatIconModule } from '@angular/material/icon'; + +@NgModule({ + declarations: [LanguageSettingsComponent], + imports: [ + CommonModule, + CardModule, + FormsModule, + ReactiveFormsModule, + MatFormFieldModule, + MatButtonModule, + MatSelectModule, + FormFieldModule, + MatProgressSpinnerModule, + MatSelectModule, + HasRolePipeModule, + TranslateModule, + MatListModule, + DragDropModule, + MatRadioModule, + MatTooltipModule, + MatMenuModule, + MatIconModule, + ], + exports: [LanguageSettingsComponent], +}) +export class LanguageSettingsModule {} diff --git a/console/src/app/modules/policies/login-policy/login-policy.component.html b/console/src/app/modules/policies/login-policy/login-policy.component.html index 7fd7e2627f..ece4d1c405 100644 --- a/console/src/app/modules/policies/login-policy/login-policy.component.html +++ b/console/src/app/modules/policies/login-policy/login-policy.component.html @@ -242,14 +242,20 @@ | async) === false " > - {{ 'POLICY.DATA.ALLOWREGISTER' | translate }} + {{ 'POLICY.DATA.ALLOWREGISTERUSERS' | translate }} + +
+
+ + {{ 'POLICY.DATA.ALLOWREGISTERORGS' | translate }} - -
{{ 'POLICY.LOGIN_TEXTS.DESCRIPTION' | translate }}

+ + {{ 'POLICY.LOGIN_TEXTS.ACTIVE_LANGUAGE_NOT_ALLOWED' | translate }}
-
+ {{ 'POLICY.LOGIN_TEXTS.KEYNAME' | translate }} @@ -35,18 +38,30 @@ - {{ 'POLICY.LOGIN_TEXTS.LOCALE' | translate }} - - + {{ 'POLICY.LOGIN_TEXTS.LANGUAGE' | translate }} + +
{{ loc }} + >{{ lang }} | {{ 'POLICY.LOGIN_TEXTS.LOCALES.' + loc | translate }}| {{ 'POLICY.LOGIN_TEXTS.LANGUAGES.' + lang | translate }}
+ + +
+ {{ lang }} + | {{ 'POLICY.LOGIN_TEXTS.LANGUAGES.' + lang | translate }} +
+ +
diff --git a/console/src/app/modules/policies/login-texts/login-texts.component.ts b/console/src/app/modules/policies/login-texts/login-texts.component.ts index 26a3b04a58..7d8df91f39 100644 --- a/console/src/app/modules/policies/login-texts/login-texts.component.ts +++ b/console/src/app/modules/policies/login-texts/login-texts.component.ts @@ -1,8 +1,8 @@ import { Component, Injector, Input, OnDestroy, OnInit, Type } from '@angular/core'; -import { UntypedFormControl, UntypedFormGroup } from '@angular/forms'; +import { FormControl, UntypedFormGroup } from '@angular/forms'; import { MatDialog } from '@angular/material/dialog'; import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb'; -import { BehaviorSubject, from, interval, Observable, of, Subject, Subscription } from 'rxjs'; +import { BehaviorSubject, from, interval, Observable, of, Subject, Subscription, switchMap, take, tap } from 'rxjs'; import { map, pairwise, startWith, takeUntil } from 'rxjs/operators'; import { GetCustomLoginTextsRequest as AdminGetCustomLoginTextsRequest, @@ -19,11 +19,11 @@ import { GrpcAuthService } from 'src/app/services/grpc-auth.service'; import { ManagementService } from 'src/app/services/mgmt.service'; import { ToastService } from 'src/app/services/toast.service'; -import { supportedLanguages } from 'src/app/utils/language'; import { InfoSectionType } from '../../info-section/info-section.component'; import { WarnDialogComponent } from '../../warn-dialog/warn-dialog.component'; import { PolicyComponentServiceType } from '../policy-component-types.enum'; import { mapRequestValues } from './helper'; +import { LanguagesService } from '../../../services/languages.service'; const MIN_INTERVAL_SECONDS = 10; // if the difference of a newer version to the current exceeds this time, a refresh button is shown. @@ -110,7 +110,6 @@ export class LoginTextsComponent implements OnInit, OnDestroy { @Input() public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT; public KeyNamesArray: string[] = KeyNamesArray; - public LOCALES: string[] = supportedLanguages; private sub: Subscription = new Subscription(); @@ -119,9 +118,15 @@ export class LoginTextsComponent implements OnInit, OnDestroy { public destroy$: Subject = new Subject(); public InfoSectionType: any = InfoSectionType; public form: UntypedFormGroup = new UntypedFormGroup({ - currentSubMap: new UntypedFormControl('emailVerificationDoneText'), - locale: new UntypedFormControl('en'), + currentSubMap: new FormControl('emailVerificationDoneText'), + language: new FormControl('en'), }); + public allowed$: Observable = this.langSvc.allowed$.pipe( + take(1), + tap(([firstAllowed]) => { + this.form.get('language')?.setValue(firstAllowed); + }), + ); public isDefault: boolean = false; @@ -137,9 +142,10 @@ export class LoginTextsComponent implements OnInit, OnDestroy { private injector: Injector, private dialog: MatDialog, private toast: ToastService, + public langSvc: LanguagesService, ) { this.form.valueChanges - .pipe(startWith({ currentSubMap: 'emailVerificationDoneText', locale: 'en' }), pairwise(), takeUntil(this.destroy$)) + .pipe(startWith({ currentSubMap: 'emailVerificationDoneText', language: 'en' }), pairwise(), takeUntil(this.destroy$)) .subscribe((pair) => { this.checkForUnsaved(pair[0].currentSubMap).then((wantsToSave) => { if (wantsToSave) { @@ -162,21 +168,9 @@ export class LoginTextsComponent implements OnInit, OnDestroy { switch (this.serviceType) { case PolicyComponentServiceType.MGMT: this.service = this.injector.get(ManagementService as Type); - - this.service.getSupportedLanguages().then((lang) => { - this.LOCALES = lang.languagesList; - }); - - this.loadData(); break; case PolicyComponentServiceType.ADMIN: this.service = this.injector.get(AdminService as Type); - - this.service.getSupportedLanguages().then((lang) => { - this.LOCALES = lang.languagesList; - }); - - this.loadData(); break; } @@ -215,10 +209,10 @@ export class LoginTextsComponent implements OnInit, OnDestroy { public async loadData(): Promise { this.loading = true; const reqDefaultInit = REQUESTMAP[this.serviceType].getDefault; - reqDefaultInit.setLanguage(this.locale); + reqDefaultInit.setLanguage(this.language); this.getDefaultInitMessageTextMap$ = from(this.getDefaultValues(reqDefaultInit)).pipe(map((m) => m[this.currentSubMap])); - const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.locale); + const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.language); return this.getCurrentValues(reqCustomInit) .then((policy) => { this.loading = false; @@ -236,14 +230,14 @@ export class LoginTextsComponent implements OnInit, OnDestroy { } private async patchSingleCurrentMap(): Promise { - const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.locale); + const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.language); this.getCurrentValues(reqCustomInit).then((policy) => { this.getCustomInitMessageTextMap$.next(policy[this.currentSubMap]); }); } public checkForChanges(): void { - const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.locale); + const reqCustomInit = REQUESTMAP[this.serviceType].get.setLanguage(this.language); (this.service as ManagementService).getCustomLoginTexts(reqCustomInit).then((policy) => { this.newerPolicyChangeDate = policy.customText?.details?.changeDate; @@ -282,7 +276,7 @@ export class LoginTextsComponent implements OnInit, OnDestroy { this.totalCustomPolicy[this.currentSubMap] = values; this.updateRequest = setFcn(this.totalCustomPolicy); - this.updateRequest.setLanguage(this.locale); + this.updateRequest.setLanguage(this.language); } } @@ -350,7 +344,7 @@ export class LoginTextsComponent implements OnInit, OnDestroy { if (resp) { if (this.serviceType === PolicyComponentServiceType.MGMT) { (this.service as ManagementService) - .resetCustomLoginTextToDefault(this.locale) + .resetCustomLoginTextToDefault(this.language) .then(() => { this.updateCurrentPolicyDate(); this.isDefault = true; @@ -363,7 +357,7 @@ export class LoginTextsComponent implements OnInit, OnDestroy { }); } else if (this.serviceType === PolicyComponentServiceType.ADMIN) { (this.service as AdminService) - .resetCustomLoginTextToDefault(this.locale) + .resetCustomLoginTextToDefault(this.language) .then(() => { this.updateCurrentPolicyDate(); setTimeout(() => { @@ -397,8 +391,12 @@ export class LoginTextsComponent implements OnInit, OnDestroy { } } - public get locale(): string { - return this.form.get('locale')?.value; + public get language(): string { + return this.form.get('language')?.value; + } + + public set language(lang: string) { + this.form.get('language')?.setValue(lang); } public get currentSubMap(): string { diff --git a/console/src/app/modules/policies/message-texts/message-texts.component.html b/console/src/app/modules/policies/message-texts/message-texts.component.html index 5644fe7663..2c857c3ac4 100644 --- a/console/src/app/modules/policies/message-texts/message-texts.component.html +++ b/console/src/app/modules/policies/message-texts/message-texts.component.html @@ -1,70 +1,86 @@

{{ 'POLICY.MESSAGE_TEXTS.TITLE' | translate }}

{{ 'POLICY.MESSAGE_TEXTS.DESCRIPTION' | translate }}

+ + {{ 'POLICY.LOGIN_TEXTS.ACTIVE_LANGUAGE_NOT_ALLOWED' | translate }} -
- - {{ 'POLICY.MESSAGE_TEXTS.TYPE' | translate }} - - - {{ 'POLICY.MESSAGE_TEXTS.TYPES.' + type.value | translate }} - - - +
+
+ + {{ 'POLICY.MESSAGE_TEXTS.TYPE' | translate }} + + + {{ 'POLICY.MESSAGE_TEXTS.TYPES.' + type.value | translate }} + + + + + {{ 'POLICY.LOGIN_TEXTS.LANGUAGE' | translate }} + + +
+ {{ lang }} + | {{ 'POLICY.LOGIN_TEXTS.LANGUAGES.' + lang | translate }} +
+ + + +
+ {{ lang }} + | {{ 'POLICY.LOGIN_TEXTS.LANGUAGES.' + lang | translate }} +
+ + + + +
- - {{ 'POLICY.LOGIN_TEXTS.LOCALE' | translate }} - - -
- {{ loc }} - | {{ 'POLICY.LOGIN_TEXTS.LOCALES.' + loc | translate }} -
- - - -
+
+ +
-
- -
- -
- - +
+ + +
diff --git a/console/src/app/modules/policies/message-texts/message-texts.component.ts b/console/src/app/modules/policies/message-texts/message-texts.component.ts index 6e576a64a2..a5b90ba067 100644 --- a/console/src/app/modules/policies/message-texts/message-texts.component.ts +++ b/console/src/app/modules/policies/message-texts/message-texts.component.ts @@ -1,7 +1,7 @@ import { Component, Injector, Input, OnDestroy, OnInit, Type } from '@angular/core'; import { MatDialog } from '@angular/material/dialog'; import { MatSelectChange } from '@angular/material/select'; -import { BehaviorSubject, from, Observable, of, Subscription } from 'rxjs'; +import { BehaviorSubject, from, Observable, of, Subscription, switchMap, take, tap } from 'rxjs'; import { GetDefaultDomainClaimedMessageTextRequest as AdminGetDefaultDomainClaimedMessageTextRequest, GetDefaultInitMessageTextRequest as AdminGetDefaultInitMessageTextRequest, @@ -57,10 +57,11 @@ import { GrpcAuthService } from 'src/app/services/grpc-auth.service'; import { ManagementService } from 'src/app/services/mgmt.service'; import { ToastService } from 'src/app/services/toast.service'; -import { supportedLanguages } from 'src/app/utils/language'; import { InfoSectionType } from '../../info-section/info-section.component'; import { WarnDialogComponent } from '../../warn-dialog/warn-dialog.component'; import { PolicyComponentServiceType } from '../policy-component-types.enum'; +import { map } from 'rxjs/operators'; +import { LanguagesService } from '../../../services/languages.service'; enum MESSAGETYPES { INIT = 'INIT', @@ -537,8 +538,15 @@ export class MessageTextsComponent implements OnInit, OnDestroy { ], }; - public locale: string = 'en'; - public LOCALES: string[] = supportedLanguages; + public language: string = 'en'; + public allowed$: Observable = this.langSvc.allowed$.pipe( + take(1), + tap(([firstAllowed]) => { + this.language = firstAllowed; + this.loadData(this.currentType); + }), + ); + private sub: Subscription = new Subscription(); public canWrite$: Observable = this.authService.isAllowed([ this.serviceType === PolicyComponentServiceType.ADMIN @@ -553,23 +561,16 @@ export class MessageTextsComponent implements OnInit, OnDestroy { private toast: ToastService, private injector: Injector, private dialog: MatDialog, + public langSvc: LanguagesService, ) {} ngOnInit(): void { switch (this.serviceType) { case PolicyComponentServiceType.MGMT: this.service = this.injector.get(ManagementService as Type); - this.service.getSupportedLanguages().then((lang) => { - this.LOCALES = lang.languagesList; - }); - this.loadData(this.currentType); break; case PolicyComponentServiceType.ADMIN: this.service = this.injector.get(AdminService as Type); - this.service.getSupportedLanguages().then((lang) => { - this.LOCALES = lang.languagesList; - }); - this.loadData(this.currentType); break; } } @@ -623,7 +624,7 @@ export class MessageTextsComponent implements OnInit, OnDestroy { } public changeLocale(selection: MatSelectChange): void { - this.locale = selection.value; + this.language = selection.value; this.loadData(this.currentType); } @@ -631,11 +632,11 @@ export class MessageTextsComponent implements OnInit, OnDestroy { if (this.serviceType === PolicyComponentServiceType.MGMT) { const reqDefaultInit = REQUESTMAP[this.serviceType][type].getDefault; - reqDefaultInit.setLanguage(this.locale); + reqDefaultInit.setLanguage(this.language); this.getDefaultMessageTextMap$ = from(this.getDefaultValues(type, reqDefaultInit)); } - const reqCustomInit = REQUESTMAP[this.serviceType][type].get.setLanguage(this.locale); + const reqCustomInit = REQUESTMAP[this.serviceType][type].get.setLanguage(this.language); this.loading = true; return this.getCurrentValues(type, reqCustomInit) ?.then((data) => { @@ -652,7 +653,7 @@ export class MessageTextsComponent implements OnInit, OnDestroy { const req = REQUESTMAP[this.serviceType][this.currentType].setFcn; const mappedValues = req(values); this.updateRequest = mappedValues; - this.updateRequest.setLanguage(this.locale); + this.updateRequest.setLanguage(this.language); } public saveCurrentMessage(): any { @@ -741,23 +742,23 @@ export class MessageTextsComponent implements OnInit, OnDestroy { switch (this.currentType) { case MESSAGETYPES.INIT: - return handler(this.service.resetCustomInitMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomInitMessageTextToDefault(this.language)); case MESSAGETYPES.VERIFYPHONE: - return handler(this.service.resetCustomVerifyPhoneMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomVerifyPhoneMessageTextToDefault(this.language)); case MESSAGETYPES.VERIFYSMSOTP: - return handler(this.service.resetCustomVerifySMSOTPMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomVerifySMSOTPMessageTextToDefault(this.language)); case MESSAGETYPES.VERIFYEMAILOTP: - return handler(this.service.resetCustomVerifyEmailOTPMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomVerifyEmailOTPMessageTextToDefault(this.language)); case MESSAGETYPES.VERIFYEMAIL: - return handler(this.service.resetCustomVerifyEmailMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomVerifyEmailMessageTextToDefault(this.language)); case MESSAGETYPES.PASSWORDRESET: - return handler(this.service.resetCustomPasswordResetMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomPasswordResetMessageTextToDefault(this.language)); case MESSAGETYPES.DOMAINCLAIMED: - return handler(this.service.resetCustomDomainClaimedMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomDomainClaimedMessageTextToDefault(this.language)); case MESSAGETYPES.PASSWORDLESS: - return handler(this.service.resetCustomPasswordlessRegistrationMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomPasswordlessRegistrationMessageTextToDefault(this.language)); case MESSAGETYPES.PASSWORDCHANGE: - return handler(this.service.resetCustomPasswordChangeMessageTextToDefault(this.locale)); + return handler(this.service.resetCustomPasswordChangeMessageTextToDefault(this.language)); default: return Promise.reject(); } diff --git a/console/src/app/modules/settings-list/settings-list.component.html b/console/src/app/modules/settings-list/settings-list.component.html index 44b3521fb7..96792c5f0b 100644 --- a/console/src/app/modules/settings-list/settings-list.component.html +++ b/console/src/app/modules/settings-list/settings-list.component.html @@ -6,9 +6,6 @@ [settingsList]="settingsList" queryParam="id" > - - - @@ -57,4 +54,7 @@ + + + diff --git a/console/src/app/modules/settings-list/settings-list.module.ts b/console/src/app/modules/settings-list/settings-list.module.ts index bfe64e07c6..007375166a 100644 --- a/console/src/app/modules/settings-list/settings-list.module.ts +++ b/console/src/app/modules/settings-list/settings-list.module.ts @@ -7,7 +7,7 @@ import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.mod import { CardModule } from '../card/card.module'; import DomainsModule from '../domains/domains.module'; import { DomainPolicyModule } from '../policies/domain-policy/domain-policy.module'; -import { GeneralSettingsModule } from '../policies/general-settings/general-settings.module'; +import { LanguageSettingsModule } from '../policies/language-settings/language-settings.module'; import { IdpSettingsModule } from '../policies/idp-settings/idp-settings.module'; import { LoginPolicyModule } from '../policies/login-policy/login-policy.module'; import { LoginTextsPolicyModule } from '../policies/login-texts/login-texts.module'; @@ -36,7 +36,7 @@ import { SettingsListComponent } from './settings-list.component'; PasswordComplexityPolicyModule, PasswordLockoutPolicyModule, PrivateLabelingPolicyModule, - GeneralSettingsModule, + LanguageSettingsModule, NotificationPolicyModule, IdpSettingsModule, PrivacyPolicyModule, diff --git a/console/src/app/modules/settings-list/settings.ts b/console/src/app/modules/settings-list/settings.ts index 69808e414b..d88c1b8833 100644 --- a/console/src/app/modules/settings-list/settings.ts +++ b/console/src/app/modules/settings-list/settings.ts @@ -1,9 +1,9 @@ import { PolicyComponentServiceType } from '../policies/policy-component-types.enum'; import { SidenavSetting } from '../sidenav/sidenav.component'; -export const GENERAL: SidenavSetting = { - id: 'general', - i18nKey: 'SETTINGS.LIST.GENERAL', +export const LANGUAGES: SidenavSetting = { + id: 'languages', + i18nKey: 'SETTINGS.LIST.LANGUAGES', requiredRoles: { [PolicyComponentServiceType.ADMIN]: ['iam.policy.read'], }, diff --git a/console/src/app/pages/actions/action-table/action-table.component.ts b/console/src/app/pages/actions/action-table/action-table.component.ts index 7e405de33b..3b617ce0a1 100644 --- a/console/src/app/pages/actions/action-table/action-table.component.ts +++ b/console/src/app/pages/actions/action-table/action-table.component.ts @@ -83,8 +83,8 @@ export class ActionTableComponent implements OnInit { this.mgmtService .deleteAction(action.id) .then(() => { + this.selection.clear(); this.toast.showInfo('FLOWS.DIALOG.DELETEACTION.DELETE_SUCCESS', true); - this.refreshPage(); }) .catch((error: any) => { diff --git a/console/src/app/pages/events/events.component.html b/console/src/app/pages/events/events.component.html index acc8c3677a..39c567b4d3 100644 --- a/console/src/app/pages/events/events.component.html +++ b/console/src/app/pages/events/events.component.html @@ -70,7 +70,7 @@ - + {{ 'IAM.EVENTS.SEQUENCE' | translate }} @@ -81,10 +81,12 @@ - {{ 'IAM.EVENTS.CREATIONDATE' | translate }} + + {{ 'IAM.EVENTS.CREATIONDATE' | translate }} + - {{ event?.creationDate | timestampToDate | localizedDate: 'EEE dd. MMM, HH:mm' }} + {{ event?.creationDate | timestampToDate | localizedDate: 'EEE dd. MMM, HH:mm:ss' }} diff --git a/console/src/app/pages/events/events.component.ts b/console/src/app/pages/events/events.component.ts index 41f520a7a4..c6dd22fc8d 100644 --- a/console/src/app/pages/events/events.component.ts +++ b/console/src/app/pages/events/events.component.ts @@ -176,13 +176,13 @@ export class EventsComponent implements OnDestroy { req.setEditorUserId(filterRequest.getEditorUserId()); req.setResourceOwner(filterRequest.getResourceOwner()); req.setSequence(filterRequest.getSequence()); - req.setCreationDate(filterRequest.getCreationDate()); + req.setRange(filterRequest.getRange()); + req.setFrom(filterRequest.getFrom()); const isAsc: boolean = filterRequest.getAsc(); req.setAsc(isAsc); if (this.sortAsc !== isAsc) { - this.sort.sort({ id: 'sequence', start: isAsc ? 'asc' : 'desc', disableClear: true }); + this.sort.sort({ id: 'creationDate', start: isAsc ? 'asc' : 'desc', disableClear: true }); } - this.loadEvents(req, true); } diff --git a/console/src/app/pages/instance-settings/instance-settings.component.ts b/console/src/app/pages/instance-settings/instance-settings.component.ts index 2a379df62d..e2b2a23ca9 100644 --- a/console/src/app/pages/instance-settings/instance-settings.component.ts +++ b/console/src/app/pages/instance-settings/instance-settings.component.ts @@ -10,7 +10,7 @@ import { BRANDING, COMPLEXITY, DOMAIN, - GENERAL, + LANGUAGES, IDP, LOCKOUT, LOGIN, @@ -34,7 +34,6 @@ export class InstanceSettingsComponent implements OnInit, OnDestroy { public id: string = ''; public PolicyComponentServiceType: any = PolicyComponentServiceType; public defaultSettingsList: SidenavSetting[] = [ - GENERAL, // notifications // { showWarn: true, ...NOTIFICATIONS }, NOTIFICATIONS, @@ -53,6 +52,7 @@ export class InstanceSettingsComponent implements OnInit, OnDestroy { LOGINTEXTS, // others PRIVACYPOLICY, + LANGUAGES, OIDC, SECRETS, SECURITY, diff --git a/console/src/app/pages/org-create/org-create.component.html b/console/src/app/pages/org-create/org-create.component.html index 1672159ca0..003e85f235 100644 --- a/console/src/app/pages/org-create/org-create.component.html +++ b/console/src/app/pages/org-create/org-create.component.html @@ -88,7 +88,7 @@ {{ 'USER.PROFILE.PREFERRED_LANGUAGE' | translate }} - + {{ 'LANGUAGES.' + language | translate }} diff --git a/console/src/app/pages/org-create/org-create.component.ts b/console/src/app/pages/org-create/org-create.component.ts index 7b0fc73e7b..96a946b195 100644 --- a/console/src/app/pages/org-create/org-create.component.ts +++ b/console/src/app/pages/org-create/org-create.component.ts @@ -20,7 +20,7 @@ import { AdminService } from 'src/app/services/admin.service'; import { Breadcrumb, BreadcrumbService, BreadcrumbType } from 'src/app/services/breadcrumb.service'; import { ManagementService } from 'src/app/services/mgmt.service'; import { ToastService } from 'src/app/services/toast.service'; -import { supportedLanguages } from 'src/app/utils/language'; +import { LanguagesService } from '../../services/languages.service'; @Component({ selector: 'cnsl-org-create', @@ -46,7 +46,6 @@ export class OrgCreateComponent { public pwdForm?: UntypedFormGroup; public genders: Gender[] = [Gender.GENDER_FEMALE, Gender.GENDER_MALE, Gender.GENDER_UNSPECIFIED]; - public languages: string[] = supportedLanguages; public policy?: PasswordComplexityPolicy.AsObject; public usePassword: boolean = false; @@ -60,6 +59,7 @@ export class OrgCreateComponent { private _location: Location, private fb: UntypedFormBuilder, private mgmtService: ManagementService, + public langSvc: LanguagesService, breadcrumbService: BreadcrumbService, ) { const instanceBread = new Breadcrumb({ @@ -70,10 +70,6 @@ export class OrgCreateComponent { breadcrumbService.setBreadcrumb([instanceBread]); this.initForm(); - - this.adminService.getSupportedLanguages().then((supportedResp) => { - this.languages = supportedResp.languagesList; - }); } public createSteps: number = 2; diff --git a/console/src/app/pages/users/user-create/user-create.component.html b/console/src/app/pages/users/user-create/user-create.component.html index 24f751be89..94a42cdc98 100644 --- a/console/src/app/pages/users/user-create/user-create.component.html +++ b/console/src/app/pages/users/user-create/user-create.component.html @@ -91,7 +91,7 @@ {{ 'USER.PROFILE.PREFERRED_LANGUAGE' | translate }} - + {{ 'LANGUAGES.' + language | translate }} diff --git a/console/src/app/pages/users/user-create/user-create.component.ts b/console/src/app/pages/users/user-create/user-create.component.ts index 9d43c07a73..ce6cf60a75 100644 --- a/console/src/app/pages/users/user-create/user-create.component.ts +++ b/console/src/app/pages/users/user-create/user-create.component.ts @@ -2,7 +2,7 @@ import { Location } from '@angular/common'; import { ChangeDetectorRef, Component, OnDestroy, OnInit, ViewChild } from '@angular/core'; import { AbstractControl, UntypedFormBuilder, UntypedFormGroup, ValidatorFn, Validators } from '@angular/forms'; import { Router } from '@angular/router'; -import { Subject, debounceTime } from 'rxjs'; +import { Subject, debounceTime, Observable } from 'rxjs'; import { AddHumanUserRequest } from 'src/app/proto/generated/zitadel/management_pb'; import { Domain } from 'src/app/proto/generated/zitadel/org_pb'; import { PasswordComplexityPolicy } from 'src/app/proto/generated/zitadel/policy_pb'; @@ -13,7 +13,6 @@ import { ToastService } from 'src/app/services/toast.service'; import { CountryCallingCodesService, CountryPhoneCode } from 'src/app/services/country-calling-codes.service'; import { formatPhone } from 'src/app/utils/formatPhone'; -import { supportedLanguages } from 'src/app/utils/language'; import { containsLowerCaseValidator, containsNumberValidator, @@ -25,6 +24,7 @@ import { phoneValidator, requiredValidator, } from '../../../modules/form-field/validators/validators'; +import { LanguagesService } from '../../../services/languages.service'; @Component({ selector: 'cnsl-user-create', @@ -34,7 +34,6 @@ import { export class UserCreateComponent implements OnInit, OnDestroy { public user: AddHumanUserRequest.AsObject = new AddHumanUserRequest().toObject(); public genders: Gender[] = [Gender.GENDER_FEMALE, Gender.GENDER_MALE, Gender.GENDER_UNSPECIFIED]; - public languages: string[] = supportedLanguages; public selected: CountryPhoneCode | undefined = { countryCallingCode: '1', countryCode: 'US', @@ -61,6 +60,7 @@ export class UserCreateComponent implements OnInit, OnDestroy { private changeDetRef: ChangeDetectorRef, private _location: Location, private countryCallingCodesService: CountryCallingCodesService, + public langSvc: LanguagesService, breadcrumbService: BreadcrumbService, ) { breadcrumbService.setBreadcrumb([ @@ -69,7 +69,6 @@ export class UserCreateComponent implements OnInit, OnDestroy { routerLink: ['/org'], }), ]); - this.loading = true; this.loadOrg(); this.mgmtService @@ -88,10 +87,6 @@ export class UserCreateComponent implements OnInit, OnDestroy { this.loading = false; this.changeDetRef.detectChanges(); }); - - this.mgmtService.getSupportedLanguages().then((lang) => { - this.languages = lang.languagesList; - }); } public close(): void { diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html index 8fae04a306..20fc3d3412 100644 --- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html +++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html @@ -19,7 +19,12 @@
- + { const { id } = params; if (id) { + this.cleanupTranslation(); this.currentSetting = id; } }); @@ -97,10 +99,6 @@ export class AuthUserDetailComponent implements OnDestroy { this.loading = true; this.refreshUser(); - this.userService.getSupportedLanguages().then((lang) => { - this.languages = lang.languagesList; - }); - this.userService.getMyLoginPolicy().then((policy) => { if (policy.policy) { this.loginPolicy = policy.policy; @@ -109,6 +107,7 @@ export class AuthUserDetailComponent implements OnDestroy { } private changeSelection(small: boolean): void { + this.cleanupTranslation(); if (small) { this.currentSetting = undefined; } else { @@ -138,6 +137,7 @@ export class AuthUserDetailComponent implements OnDestroy { }), ]); } + this.savedLanguage = resp.user?.human?.profile?.preferredLanguage; this.loading = false; }) .catch((error) => { @@ -147,9 +147,22 @@ export class AuthUserDetailComponent implements OnDestroy { } public ngOnDestroy(): void { + this.cleanupTranslation(); this.subscription.unsubscribe(); } + public settingChanged(): void { + this.cleanupTranslation(); + } + + private cleanupTranslation(): void { + if (this?.savedLanguage) { + this.translate.use(this?.savedLanguage); + } else { + this.translate.use(this.translate.defaultLang); + } + } + public changeUsername(): void { const dialogRef = this.dialog.open(EditDialogComponent, { data: { @@ -193,6 +206,7 @@ export class AuthUserDetailComponent implements OnDestroy { ) .then(() => { this.toast.showInfo('USER.TOAST.SAVED', true); + this.savedLanguage = this.user?.human?.profile?.preferredLanguage; this.refreshChanges$.emit(); }) .catch((error) => { diff --git a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html index f59cc6dc7c..6153ccccad 100644 --- a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html +++ b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html @@ -83,7 +83,7 @@ [preferredLoginName]="user.preferredLoginName" [disabled]="(canWrite$ | async) === false" [genders]="genders" - [languages]="languages" + [languages]="(langSvc.supported$ | async) || []" [username]="user.userName" [user]="user.human" (submitData)="saveProfile($event)" diff --git a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts index 91fe3cf2e9..2418baafc4 100644 --- a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts +++ b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts @@ -22,10 +22,11 @@ import { Breadcrumb, BreadcrumbService, BreadcrumbType } from 'src/app/services/ import { ManagementService } from 'src/app/services/mgmt.service'; import { ToastService } from 'src/app/services/toast.service'; import { formatPhone } from 'src/app/utils/formatPhone'; -import { supportedLanguages } from 'src/app/utils/language'; import { EditDialogComponent, EditDialogType } from '../auth-user-detail/edit-dialog/edit-dialog.component'; import { ResendEmailDialogComponent } from '../auth-user-detail/resend-email-dialog/resend-email-dialog.component'; import { MachineSecretDialogComponent } from './machine-secret-dialog/machine-secret-dialog.component'; +import { Observable } from 'rxjs'; +import { LanguagesService } from '../../../../services/languages.service'; const GENERAL: SidenavSetting = { id: 'general', i18nKey: 'USER.SETTINGS.GENERAL' }; const GRANTS: SidenavSetting = { id: 'grants', i18nKey: 'USER.SETTINGS.USERGRANTS' }; @@ -45,7 +46,6 @@ export class UserDetailComponent implements OnInit { public user!: User.AsObject; public metadata: Metadata.AsObject[] = []; public genders: Gender[] = [Gender.GENDER_MALE, Gender.GENDER_FEMALE, Gender.GENDER_DIVERSE]; - public languages: string[] = supportedLanguages; public ChangeType: any = ChangeType; @@ -76,6 +76,7 @@ export class UserDetailComponent implements OnInit { private router: Router, activatedRoute: ActivatedRoute, private mediaMatcher: MediaMatcher, + public langSvc: LanguagesService, breadcrumbService: BreadcrumbService, ) { activatedRoute.queryParams.pipe(take(1)).subscribe((params: Params) => { @@ -100,10 +101,6 @@ export class UserDetailComponent implements OnInit { this.mediaMatcher.matchMedia(mediaq).onchange = (small) => { this.changeSelection(small.matches); }; - - this.mgmtUserService.getSupportedLanguages().then((lang) => { - this.languages = lang.languagesList; - }); } private changeSelection(small: boolean): void { diff --git a/console/src/app/pages/users/user-list/user-table/user-table.component.ts b/console/src/app/pages/users/user-list/user-table/user-table.component.ts index ace9a5bd4e..018c8043d7 100644 --- a/console/src/app/pages/users/user-list/user-table/user-table.component.ts +++ b/console/src/app/pages/users/user-list/user-table/user-table.component.ts @@ -309,6 +309,7 @@ export class UserTableComponent implements OnInit { setTimeout(() => { this.refreshPage(); }, 1000); + this.selection.clear(); this.toast.showInfo('USER.TOAST.DELETED', true); }) .catch((error) => { diff --git a/console/src/app/services/admin.service.ts b/console/src/app/services/admin.service.ts index 1a67b50ffd..8c79ac1713 100644 --- a/console/src/app/services/admin.service.ts +++ b/console/src/app/services/admin.service.ts @@ -54,6 +54,8 @@ import { DeactivateSMSProviderResponse, DeleteProviderRequest, DeleteProviderResponse, + GetAllowedLanguagesRequest, + GetAllowedLanguagesResponse, GetCustomDomainClaimedMessageTextRequest, GetCustomDomainClaimedMessageTextResponse, GetCustomDomainPolicyRequest, @@ -126,6 +128,7 @@ import { GetPrivacyPolicyResponse, GetProviderByIDRequest, GetProviderByIDResponse, + GetRestrictionsResponse, GetSecretGeneratorRequest, GetSecretGeneratorResponse, GetSecurityPolicyRequest, @@ -192,6 +195,7 @@ import { ResetCustomDomainPolicyToDefaultResponse, ResetCustomLoginTextsToDefaultRequest, ResetCustomLoginTextsToDefaultResponse, + SelectLanguages, SetCustomLoginTextsRequest, SetCustomLoginTextsResponse, SetDefaultDomainClaimedMessageTextRequest, @@ -216,6 +220,8 @@ import { SetDefaultVerifyPhoneMessageTextResponse, SetDefaultVerifySMSOTPMessageTextRequest, SetDefaultVerifySMSOTPMessageTextResponse, + SetRestrictionsRequest, + SetRestrictionsResponse, SetSecurityPolicyRequest, SetSecurityPolicyResponse, SetUpOrgRequest, @@ -433,6 +439,11 @@ export class AdminService { return this.grpcService.admin.getSupportedLanguages(req, null).then((resp) => resp.toObject()); } + public getAllowedLanguages(): Promise { + const req = new GetAllowedLanguagesRequest(); + return this.grpcService.admin.getAllowedLanguages(req, null).then((resp) => resp.toObject()); + } + public getDefaultLoginTexts(req: GetDefaultLoginTextsRequest): Promise { return this.grpcService.admin.getDefaultLoginTexts(req, null).then((resp) => resp.toObject()); } @@ -823,6 +834,29 @@ export class AdminService { return this.grpcService.admin.setDefaultLanguage(req, null).then((resp) => resp.toObject()); } + /* restrictions */ + + public getRestrictions(): Promise { + const req = new GetDefaultLanguageRequest(); + return this.grpcService.admin.getRestrictions(req, null).then((resp) => resp.toObject()); + } + + public setRestrictions( + disallowPublicOrgRegistration?: boolean, + allowedLanguages?: string[], + ): Promise { + const req = new SetRestrictionsRequest(); + if (disallowPublicOrgRegistration !== undefined) { + req.setDisallowPublicOrgRegistration(disallowPublicOrgRegistration); + } + if (allowedLanguages !== undefined) { + const langs = new SelectLanguages(); + langs.setListList(allowedLanguages); + req.setAllowedLanguages(langs); + } + return this.grpcService.admin.setRestrictions(req, null).then((resp) => resp.toObject()); + } + /* notification policy */ public getNotificationPolicy(): Promise { diff --git a/console/src/app/services/grpc-auth.service.ts b/console/src/app/services/grpc-auth.service.ts index 6ebf448332..ace6ed22b3 100644 --- a/console/src/app/services/grpc-auth.service.ts +++ b/console/src/app/services/grpc-auth.service.ts @@ -32,8 +32,6 @@ import { GetMyProfileResponse, GetMyUserRequest, GetMyUserResponse, - GetSupportedLanguagesRequest, - GetSupportedLanguagesResponse, ListMyAuthFactorsRequest, ListMyAuthFactorsResponse, ListMyLinkedIDPsRequest, @@ -494,11 +492,6 @@ export class GrpcAuthService { return this.grpcService.auth.resendMyEmailVerification(req, null).then((resp) => resp.toObject()); } - public getSupportedLanguages(): Promise { - const req = new GetSupportedLanguagesRequest(); - return this.grpcService.auth.getSupportedLanguages(req, null).then((resp) => resp.toObject()); - } - public getMyLoginPolicy(): Promise { const req = new GetMyLoginPolicyRequest(); return this.grpcService.auth.getMyLoginPolicy(req, null).then((resp) => resp.toObject()); diff --git a/console/src/app/services/languages.service.ts b/console/src/app/services/languages.service.ts new file mode 100644 index 0000000000..60260a12ef --- /dev/null +++ b/console/src/app/services/languages.service.ts @@ -0,0 +1,46 @@ +import { forkJoin, Observable, ReplaySubject, Subscription } from 'rxjs'; +import { map, withLatestFrom } from 'rxjs/operators'; +import { Injectable } from '@angular/core'; +import { AdminService } from './admin.service'; + +@Injectable({ + providedIn: 'root', +}) +export class LanguagesService { + private supportedSubject$ = new ReplaySubject(1); + public supported$: Observable = this.supportedSubject$.asObservable(); + private allowedSubject$ = new ReplaySubject(1); + public allowed$: Observable = this.allowedSubject$.asObservable(); + public notAllowed$: Observable = this.allowed$.pipe( + withLatestFrom(this.supported$), + map(([allowed, supported]) => { + return supported.filter((s) => !allowed.includes(s)); + }), + ); + public restricted$: Observable = this.notAllowed$.pipe( + map((notallowed) => { + return notallowed.length > 0; + }), + ); + + constructor(private adminSvc: AdminService) { + const sub: Subscription = forkJoin([ + this.adminSvc.getSupportedLanguages(), + this.adminSvc.getAllowedLanguages(), + ]).subscribe({ + next: ([{ languagesList: supported }, { languagesList: allowed }]) => { + this.supportedSubject$.next(supported); + this.allowedSubject$.next(allowed); + }, + complete: () => sub.unsubscribe(), + }); + } + + public newAllowed(languages: string[]) { + this.allowedSubject$.next(languages); + } + + public isNotAllowed(language: string): Observable { + return this.notAllowed$.pipe(map((notAllowed) => notAllowed.includes(language))); + } +} diff --git a/console/src/app/services/mgmt.service.ts b/console/src/app/services/mgmt.service.ts index aaf9398b9e..ae975a228d 100644 --- a/console/src/app/services/mgmt.service.ts +++ b/console/src/app/services/mgmt.service.ts @@ -551,11 +551,6 @@ export class ManagementService { constructor(private readonly grpcService: GrpcService) {} - public getSupportedLanguages(): Promise { - const req = new GetSupportedLanguagesRequest(); - return this.grpcService.mgmt.getSupportedLanguages(req, null).then((resp) => resp.toObject()); - } - public getDefaultLoginTexts(req: GetDefaultLoginTextsRequest): Promise { return this.grpcService.mgmt.getDefaultLoginTexts(req, null).then((resp) => resp.toObject()); } diff --git a/console/src/app/services/toast.service.ts b/console/src/app/services/toast.service.ts index 44dd7296e6..a38caf0ad5 100644 --- a/console/src/app/services/toast.service.ts +++ b/console/src/app/services/toast.service.ts @@ -36,7 +36,7 @@ export class ToastService { } } - public showError(error: any | string, isGrpc: boolean = true, i18nKey: boolean = false): void { + public showError = (error: any | string, isGrpc: boolean = true, i18nKey: boolean = false) => { if (isGrpc) { const { message, code, metadata } = error; if (code !== 16) { @@ -57,7 +57,7 @@ export class ToastService { } else { this.showMessage(error as string, '', false); } - } + }; private showMessage(message: string, action: string, success: boolean): Observable { const ref = this.snackBar.open(message, action, { diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json index e2821f14c6..0b86740de4 100644 --- a/console/src/assets/i18n/bg.json +++ b/console/src/assets/i18n/bg.json @@ -865,14 +865,16 @@ }, "SEQUENCE": { "LABEL": "Последователност", - "CHECKBOX": "Филтриране по последователност", - "SORT": "Сортиране", - "ASC": "Възходящ", - "DESC": "Спускане" + "CHECKBOX": "Филтриране по последователност" }, + "SORT": "Сортиране", + "ASC": "Възходящ", + "DESC": "Спускане", "CREATIONDATE": { - "LABEL": "Дата на създаване", - "CHECKBOX": "Филтриране по дата на създаване" + "RADIO_FROM": "От", + "RADIO_RANGE": "Обхват", + "LABEL_SINCE": "От", + "LABEL_UNTIL": "До" }, "OTHER": "друго", "OTHERS": "други" @@ -922,20 +924,22 @@ "BTN": "Преименуване" }, "ORGDOMAIN": { - "TITLE": "Проверка на собствеността върху домейна на организацията", - "VERIFICATION": "За да потвърдите собствеността на вашия домейн, трябва да изтеглите файл за проверка и да го качите на предоставения URL адрес, посочен по-долу, или да поставите DNS запис в TXT запис за предоставения URL адрес. ", - "VERIFICATION_SKIP": "Можете да пропуснете проверката засега и да продължите да създавате вашата организация, но за да използвате вашата организация, тази стъпка трябва да бъде завършена!", - "VERIFICATION_VALIDATION_DESC": "Токените се проверяват редовно, за да се гарантира, че все още сте собственик на домейна.", + "TITLE": "Потвърдете собствеността на {{value}}", + "VERIFICATION": "Предлагаме ви два метода за ръчно валидиране на вашия домейн:", + "VERIFICATION_HTML": "- HTTP. Хоствайте временен файл за проверка на уебсайта си", + "VERIFICATION_DNS": "- DNS. Създайте DNS запис за TXT запис", + "VERIFICATION_DNS_DESC": "Ако управлявате {{ value }} и имате достъп до вашите DNS записи, можете да създадете нов TXT запис със следните стойности:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Използвайте този код за стойността на TXT записа:", + "VERIFICATION_HTTP_DESC": "Ако имате достъп до хостинг на уебсайта си, просто изтеглете файла за проверка и го качете на предоставения URL адрес", + "VERIFICATION_HTTP_URL_LABEL": "Очакван URL адрес:", + "VERIFICATION_HTTP_FILE_LABEL": "Файл за проверка:", + "VERIFICATION_SKIP": "Можете да пропуснете проверката засега и да продължите да създавате вашата организация, но за да използвате домейна си, тази стъпка трябва да бъде изпълнена!", + "VERIFICATION_VALIDATION_DESC": "Не изтривайте кода за потвърждение, тъй като ZITADEL ще проверява отново собствеността на вашия домейн от време на време.", "VERIFICATION_NEWTOKEN_TITLE": "Поискайте нов токен", - "VERIFICATION_NEWTOKEN_DESC": "Ако искате да поискате нов токен, изберете предпочитания от вас метод. ", - "VERIFICATION_VALIDATION_ONGOING": "Вече е заявен токен за потвърждение. ", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Тип на токена:", + "VERIFICATION_VALIDATION_ONGOING": "Методът {{ value }} е избран за потвърждение на вашия домейн. Щракнете върху бутона, за да задействате проверка за проверка или да нулирате процеса на проверка.", "VERIFICATION_SUCCESSFUL": "Домейнът е успешно проверен!", - "REQUESTNEWTOKEN": "Поискайте нов токен", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Нулирайте метода за проверка" }, "DOWNLOAD_FILE": "Свали файл", "SELECTORGTOOLTIP": "Изберете тази организация.", @@ -1012,7 +1016,7 @@ "DESCRIPTION": "Тези настройки разширяват и презаписват настройките на вашия екземпляр." }, "LIST": { - "GENERAL": "Общ", + "LANGUAGES": "Езици", "LOGIN": "Поведение при влизане и сигурност", "LOCKOUT": "Блокиране", "COMPLEXITY": "Сложност на паролата", @@ -1041,22 +1045,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Език по подразбиране", - "LANGUAGE": { - "de": "Deutsch", - "en": "Английски", - "es": "Español", - "fr": "Français", - "it": "Италиано", - "ja": "日本語", - "pl": "Полски", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Настройки на езика", + "DEFAULT": "Език по подразбиране", + "ALLOWED": "Разрешени езици", + "NOT_ALLOWED": "Не са разрешени езици", + "ALLOW_ALL": "Разрешете всички езици", + "DISALLOW_ALL": "Забранете всички езици", + "SETASDEFAULT": "Задайте като език по подразбиране", + "DEFAULT_SAVED": "Езикът по подразбиране е запазен успешно.", + "ALLOWED_SAVED": "Разрешените езици са запазени успешно.", + "OPTIONS": { + "de": "Deutsch", + "en": "Английски", + "es": "Español", + "fr": "Français", + "it": "Италиано", + "ja": "日本語", + "pl": "Полски", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP настройки", @@ -1255,8 +1269,10 @@ "RESET_DESCRIPTION": "На път сте да възстановите всички стойности по подразбиране. ", "UNSAVED_TITLE": "Продължаване без запазване?", "UNSAVED_DESCRIPTION": "Направихте промени без да запазите. ", - "LOCALE": "Локален код", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Избрахте език, който не е разрешен. Можете да продължите да променяте текстовете. Но ако искате вашите потребители да могат да използват този език, променете ограниченията на вашите екземпляри.", + "LANGUAGES_NOT_ALLOWED": "Не е разрешено:", + "LANGUAGE": "Език", + "LANGUAGES": { "de": "Deutsch", "en": "Английски", "es": "Español", @@ -1367,7 +1383,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP адресът на изпращача съвпада с домейна на екземпляра", "ALLOWUSERNAMEPASSWORD": "Потребителско име Паролата е разрешена", "ALLOWEXTERNALIDP": "Допуска се външен IDP", - "ALLOWREGISTER": "Регистрацията е разрешена", + "ALLOWREGISTERUSERS": "Регистрирайте потребители", + "ALLOWREGISTERORGS": "Регистрирайте организации", "ALLOWUSERNAMEPASSWORD_DESC": "Разрешено е конвенционалното влизане с потребителско име и парола.", "ALLOWEXTERNALIDP_DESC": "Входът е разрешен за основните доставчици на самоличност", "ALLOWREGISTER_DESC": "Ако опцията е избрана, в входа се появява допълнителна стъпка за регистрация на потребител.", diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json index b734a58f64..d724fd9612 100644 --- a/console/src/assets/i18n/cs.json +++ b/console/src/assets/i18n/cs.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Sekvence", - "CHECKBOX": "Filtrovat podle Sekvence", - "SORT": "Třídění", - "ASC": "Vzestupně", - "DESC": "Sestupně" + "CHECKBOX": "Filtrovat podle Sekvence" }, + "SORT": "Třídění", + "ASC": "Vzestupně", + "DESC": "Sestupně", "CREATIONDATE": { - "LABEL": "Datum vytvoření", - "CHECKBOX": "Filtrovat podle Datumu vytvoření" + "RADIO_FROM": "Od", + "RADIO_RANGE": "Rozsah", + "LABEL_SINCE": "Od", + "LABEL_UNTIL": "Do" }, "OTHER": "jiný", "OTHERS": "jiné" @@ -929,20 +931,22 @@ "BTN": "Přejmenovat" }, "ORGDOMAIN": { - "TITLE": "Ověření vlastnictví domény organizace", - "VERIFICATION": "Pro ověření vlastnictví vaší domény je potřeba stáhnout ověřovací soubor a nahrát jej na uvedené URL níže, nebo umístit záznam TXT Record DNS pro uvedené URL. Pro dokončení klikněte na tlačítko a proveďte ověření.", - "VERIFICATION_SKIP": "Ověření můžete nyní přeskočit a pokračovat ve vytváření vaší organizace, ale pro používání vaší organizace je třeba tento krok dokončit!", - "VERIFICATION_VALIDATION_DESC": "Tokeny jsou pravidelně kontrolovány, aby bylo zajištěno, že jste stále vlastníkem domény.", - "VERIFICATION_NEWTOKEN_TITLE": "Požádat o nový token", - "VERIFICATION_NEWTOKEN_DESC": "Pokud si přejete požádat o nový token, vyberte preferovanou metodu. Pokud chcete ověřit stávající token, klikněte na tlačítko výše.", - "VERIFICATION_VALIDATION_ONGOING": "Token pro ověření byl již požadován. Klikněte na tlačítko a spusťte ověřovací kontrolu.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Typ tokenu:", + "TITLE": "Ověřte vlastnictví {{value}}", + "VERIFICATION": "Nabízíme vám dva způsoby ručního ověření domény:", + "VERIFICATION_HTML": "- HTTP. Hostujte na svém webu dočasný ověřovací soubor", + "VERIFICATION_DNS": "- DNS. Vytvořte záznam DNS záznamu TXT", + "VERIFICATION_DNS_DESC": "Pokud spravujete {{ value }} a máte přístup ke svým záznamům DNS, můžete vytvořit nový záznam TXT s následujícími hodnotami:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Pro hodnotu TXT záznamu použijte tento kód:", + "VERIFICATION_HTTP_DESC": "Pokud máte přístup k hostování svých webových stránek, jednoduše si stáhněte ověřovací soubor a nahrajte jej na uvedenou adresu URL", + "VERIFICATION_HTTP_URL_LABEL": "Očekávaná adresa URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Ověřovací soubor:", + "VERIFICATION_SKIP": "Ověření můžete zatím přeskočit a pokračovat ve vytváření organizace, ale abyste mohli používat svou doménu, musíte tento krok dokončit!", + "VERIFICATION_VALIDATION_DESC": "Nemažte ověřovací kód, protože ZITADEL čas od času znovu zkontroluje vlastnictví vaší domény.", + "VERIFICATION_NEWTOKEN_TITLE": "Vyžádejte si nový token", + "VERIFICATION_VALIDATION_ONGOING": "Pro ověření vaší domény byla vybrána metoda {{ value }}. Kliknutím na tlačítko spustíte kontrolu ověření nebo resetujete proces ověření.", "VERIFICATION_SUCCESSFUL": "Doména byla úspěšně ověřena!", - "REQUESTNEWTOKEN": "Požadovat nový token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Resetovat metodu ověření" }, "DOWNLOAD_FILE": "Stáhnout soubor", "SELECTORGTOOLTIP": "Vybrat tuto organizaci.", @@ -1019,7 +1023,7 @@ "DESCRIPTION": "Tato nastavení rozšiřují a přepisují nastavení vaší instance." }, "LIST": { - "GENERAL": "Obecné", + "LANGUAGES": "Jazyky", "LOGIN": "Chování při přihlášení a bezpečnost", "LOCKOUT": "Blokování", "COMPLEXITY": "Složitost hesla", @@ -1048,22 +1052,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Výchozí jazyk", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Nastavení jazyka", + "DEFAULT": "Výchozí jazyk", + "ALLOWED": "Povolené jazyky", + "NOT_ALLOWED": "Nepovolené jazyky", + "ALLOW_ALL": "Povolit všechny jazyky", + "DISALLOW_ALL": "Zakázat všechny jazyky", + "SETASDEFAULT": "Nastavit jako výchozí", + "DEFAULT_SAVED": "Výchozí jazyk byl úspěšně nastaven.", + "ALLOWED_SAVED": "Povolené jazyky byly úspěšně nastaveny.", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Nastavení SMTP", @@ -1262,8 +1276,10 @@ "RESET_DESCRIPTION": "Chystáte se obnovit všechny výchozí hodnoty. Všechny vaše změny budou trvale smazány. Opravdu chcete pokračovat?", "UNSAVED_TITLE": "Pokračovat bez uložení?", "UNSAVED_DESCRIPTION": "Provedli jste změny bez uložení. Chcete je nyní uložit?", - "LOCALE": "Kód jazyka", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Vybrali jste jazyk, který není povolen. Můžete pokračovat v úpravách textů. Ale pokud chcete, aby vaši uživatelé mohli tento jazyk skutečně používat, změňte omezení vašich instancí.", + "LANGUAGES_NOT_ALLOWED": "Nepovolené jazyky:", + "LANGUAGE": "Jazyk", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1375,6 +1391,8 @@ "ALLOWUSERNAMEPASSWORD": "Povoleno uživatelské jméno a heslo", "ALLOWEXTERNALIDP": "Povoleno externí IDP", "ALLOWREGISTER": "Registrace povolena", + "ALLOWREGISTERUSERS": "Registrace uživatelů povolena", + "ALLOWREGISTERORGS": "Registrace organizací povolena", "ALLOWUSERNAMEPASSWORD_DESC": "Je povoleno klasické přihlášení s uživatelským jménem a heslem.", "ALLOWEXTERNALIDP_DESC": "Přihlášení je povoleno pro níže uvedené poskytovatele identity.", "ALLOWREGISTER_DESC": "Pokud je možnost vybrána, objeví se při přihlášení další krok pro registraci uživatele.", diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 8685ee4bb7..d41dd5db5a 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -871,14 +871,16 @@ }, "SEQUENCE": { "LABEL": "Sequenz", - "CHECKBOX": "Nach Sequenz filtern", - "SORT": "Sortierung", - "ASC": "aufsteigend", - "DESC": "absteigend" + "CHECKBOX": "Nach Sequenz filtern" }, + "SORT": "Sortierung", + "ASC": "Aufsteigend", + "DESC": "Absteigend", "CREATIONDATE": { - "LABEL": "Erstelldatum", - "CHECKBOX": "Nach Erstelldatum filtern" + "RADIO_FROM": "Von", + "RADIO_RANGE": "Zeitraum", + "LABEL_SINCE": "Seit", + "LABEL_UNTIL": "Bis" }, "OTHER": "weiterer", "OTHERS": "weitere" @@ -928,20 +930,22 @@ "BTN": "Umbenennen" }, "ORGDOMAIN": { - "TITLE": "Verifikation der Domain der Organisation", - "VERIFICATION": "Überprüfe den Besitz Deiner Domain, indem Du eine Bestätigungsdatei herunterlädst und unter der angegebenen URL speicherst, oder indem Du sie mit einem DNS-Eintrag verifizierst.", - "VERIFICATION_SKIP": "Du kannst die Überprüfung vorerst überspringen und Deine Organisation erstellen. Um Deine Organisation jedoch verwenden zu können, muss dieser Schritt abgeschlossen sein.", - "VERIFICATION_VALIDATION_DESC": "Die Tokens werden regelmässig überprüft, um sicherzustellen, dass Du weiterhin im Besitz der Domain bist.", - "VERIFICATION_NEWTOKEN_TITLE": "Neues Token anfordern", - "VERIFICATION_NEWTOKEN_DESC": "Wenn Du ein neues Token anfordern willst, klicke auf die gewünschte Methode. Wenn Du ein vorhandenes Token validieren möchtest, klicke auf \"Verifizieren\".", - "VERIFICATION_VALIDATION_ONGOING": "Ein Token zur Validierung wurde bereits angefragt. Klicke auf \"Verifizieren\", um dieses Token zu validieren.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Typ des Tokens:", - "VERIFICATION_SUCCESSFUL": "Domain erfolgreich validiert!", - "REQUESTNEWTOKEN": "Neues Token anfordern", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "TITLE": "Bestätigen Sie die Inhaberschaft von {{value}}", + "VERIFICATION": "Wir bieten Ihnen zwei Methoden zur manuellen Validierung Ihrer Domain:", + "VERIFICATION_HTML": "- HTTP. Hosten Sie eine temporäre Verifizierungsdatei auf Ihrer Website", + "VERIFICATION_DNS": "- DNS. Erstellen Sie einen DNS-Eintrag für den TXT-Eintrag", + "VERIFICATION_DNS_DESC": "Wenn Sie {{ value }} verwalten und Zugriff auf Ihre DNS-Einträge haben, können Sie einen neuen TXT-Eintrag mit den folgenden Werten erstellen:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Verwenden Sie diesen Code für den Wert des TXT-Datensatzes:", + "VERIFICATION_HTTP_DESC": "Wenn Sie Zugriff auf das Hosting Ihrer Website haben, laden Sie einfach die Bestätigungsdatei herunter und laden Sie sie unter der angegebenen URL hoch", + "VERIFICATION_HTTP_URL_LABEL": "Erwartete URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Verifizierungsdatei:", + "VERIFICATION_SKIP": "Sie können die Verifizierung vorerst überspringen und mit der Erstellung Ihrer Organisation fortfahren, aber um Ihre Domain nutzen zu können, muss dieser Schritt abgeschlossen sein!", + "VERIFICATION_VALIDATION_DESC": "Löschen Sie den Bestätigungscode nicht, da ZITADEL die Inhaberschaft Ihrer Domain von Zeit zu Zeit erneut überprüft.", + "VERIFICATION_NEWTOKEN_TITLE": "Fordern Sie ein neues Token an", + "VERIFICATION_VALIDATION_ONGOING": "Zur Verifizierung Ihrer Domain wurde die Methode {{ value }} ausgewählt. Klicken Sie auf die Schaltfläche, um eine Verifizierungsprüfung auszulösen oder den Verifizierungsprozess zurückzusetzen.", + "VERIFICATION_SUCCESSFUL": "Domain erfolgreich verifiziert!", + "RESETMETHOD": "Verifizierungsmethode zurücksetzen" }, "DOWNLOAD_FILE": "Datei herunterladen", "SELECTORGTOOLTIP": "Diese Organisation auswählen", @@ -1018,7 +1022,7 @@ "DESCRIPTION": "Diese Einstellungen erweitern bzw. überschreiben die Einstellungen Ihrer Instanz." }, "LIST": { - "GENERAL": "Allgemein", + "LANGUAGES": "Sprachen", "LOGIN": "Loginverhalten und Sicherheit", "LOCKOUT": "Sperrmechanismen", "COMPLEXITY": "Passwordkomplexität", @@ -1047,22 +1051,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Standardsprache", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Spracheinstellungen", + "DEFAULT": "Standardsprache", + "ALLOWED": "Erlaubte Sprachen", + "NOT_ALLOWED": "Nicht erlaubte Sprachen", + "ALLOW_ALL": "Alle Sprachen erlauben", + "DISALLOW_ALL": "Alle Sprachen verbieten", + "SETASDEFAULT": "Als Standard setzen", + "DEFAULT_SAVED": "Standard Sprache gesetzt", + "ALLOWED_SAVED": "Erlaubte Sprachen gesetzt", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP Einstellungen", @@ -1261,8 +1275,10 @@ "RESET_DESCRIPTION": "Sie sind im Begriff alle Standardwerte wiederherzustellen. Alle von Ihnen gesetzten Änderungen werden unwiderruflich gelöscht. Wollen Sie fortfahren?", "UNSAVED_TITLE": "Ohne speichern fortfahren?", "UNSAVED_DESCRIPTION": "Sie haben Änderungen vorgenommen ohne zu speichern. Möchten Sie jetzt speichern?", - "LOCALE": "Sprachcode", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Sie haben eine Sprache ausgewählt, die nicht erlaubt ist. Sie können weiterhin die Texte ändern. Wenn Sie jedoch möchten, dass Ihre Benutzer diese Sprache tatsächlich verwenden können, ändern Sie die Einschränkungen Ihrer Instanz.", + "LANGUAGES_NOT_ALLOWED": "Nicht erlaubt:", + "LANGUAGE": "Sprache", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1373,7 +1389,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP Sender Adresse entspricht Instanzdomain", "ALLOWUSERNAMEPASSWORD": "Benutzername Passwort erlaubt", "ALLOWEXTERNALIDP": "Externer IDP erlaubt", - "ALLOWREGISTER": "Registrieren erlaubt", + "ALLOWREGISTERUSERS": "Benutzerregistrierung erlaubt", + "ALLOWREGISTERORGS": "Organisationsregistrierung erlaubt", "ALLOWUSERNAMEPASSWORD_DESC": "Der konventionelle Login mit Benutzername und Passwort wird erlaubt.", "ALLOWEXTERNALIDP_DESC": "Der Login wird für die darunter liegenden Identitätsanbieter erlaubt.", "ALLOWREGISTER_DESC": "Ist die Option gewählt, erscheint im Login ein zusätzlicher Schritt zum Registrieren eines Benutzers.", diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index 0af6455fe7..6a2a2bafe2 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Sequence", - "CHECKBOX": "Filter by Sequence", - "SORT": "Sorting", - "ASC": "Ascending", - "DESC": "Descending" + "CHECKBOX": "Filter by Sequence" }, + "SORT": "Sort", + "ASC": "Ascending", + "DESC": "Descending", "CREATIONDATE": { - "LABEL": "Creation Date", - "CHECKBOX": "Filter by Creation Date" + "RADIO_FROM": "From", + "RADIO_RANGE": "Range", + "LABEL_SINCE": "Since", + "LABEL_UNTIL": "Until" }, "OTHER": "other", "OTHERS": "others" @@ -929,20 +931,22 @@ "BTN": "Rename" }, "ORGDOMAIN": { - "TITLE": "Organization Domain Ownership Verification", - "VERIFICATION": "To verify the ownership of your domain, you need to download a verification file and upload it at the provided URL listed below, or place a TXT Record DNS entry for the provided URL. To complete, click the button to verify.", - "VERIFICATION_SKIP": "You can skip verification for now and continue to create your organization, but in order to use your organization this step has to be completed!", - "VERIFICATION_VALIDATION_DESC": "The tokens are checked regularly to ensure you are still owner of the domain.", + "TITLE": "Verify {{value}} ownership", + "VERIFICATION": "We offer you two methods to manually validate your domain:", + "VERIFICATION_HTML": "- HTTP. Host a temporary verification file on your website", + "VERIFICATION_DNS": "- DNS. Create a TXT Record DNS entry", + "VERIFICATION_DNS_DESC": "If you manage {{ value }} and you have access to your DNS records, you can create a new TXT record with the following values:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Use this code for the value of the TXT record:", + "VERIFICATION_HTTP_DESC": "If you have access to your website hosting, simply download the verification file and upload it at the provided URL", + "VERIFICATION_HTTP_URL_LABEL": "Expected URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Verification file:", + "VERIFICATION_SKIP": "You can skip verification for now and continue to create your organization, but in order to use your domain this step has to be completed!", + "VERIFICATION_VALIDATION_DESC": "Do not delete the verification code, as ZITADEL will re-check the ownership of your domain from time to time.", "VERIFICATION_NEWTOKEN_TITLE": "Request New Token", - "VERIFICATION_NEWTOKEN_DESC": "If you want to request a new token, select you preferred method. If you want to validate a persisting token, click the button above.", - "VERIFICATION_VALIDATION_ONGOING": "A verification token has already been requested. Click on the button to trigger a verification check.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Type of the token:", + "VERIFICATION_VALIDATION_ONGOING": "The {{ value }} method has been selected to verify your domain. Click on the button to trigger a verification check or reset the verification process.", "VERIFICATION_SUCCESSFUL": "Domain successfully verified!", - "REQUESTNEWTOKEN": "Request new token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Reset verification method" }, "DOWNLOAD_FILE": "Download File", "SELECTORGTOOLTIP": "Select this organization.", @@ -1019,7 +1023,7 @@ "DESCRIPTION": "These settings extend and overwrite your instance settings." }, "LIST": { - "GENERAL": "General", + "LANGUAGES": "Languages", "LOGIN": "Login Behavior and Security", "LOCKOUT": "Lockout", "COMPLEXITY": "Password complexity", @@ -1048,22 +1052,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Default Language", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Language Settings", + "DEFAULT": "Default Language", + "ALLOWED": "Allowed Languages", + "NOT_ALLOWED": "Not Allowed Languages", + "ALLOW_ALL": "Allow All", + "DISALLOW_ALL": "Disallow All", + "SETASDEFAULT": "Set as Default Language", + "DEFAULT_SAVED": "Default Language saved", + "ALLOWED_SAVED": "Allowed Languages saved", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP Settings", @@ -1262,8 +1276,10 @@ "RESET_DESCRIPTION": "You are about to restore all default values. All changes you have made will be permanently deleted. Do you really want to continue?", "UNSAVED_TITLE": "Continue without saving?", "UNSAVED_DESCRIPTION": "You have made changes without saving. Do you want to save now?", - "LOCALE": "Locale Code", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "You selected a language that is not allowed. You can go on modifying the texts. But if you want your users to actually be able to use this language, change your instances restrictions.", + "LANGUAGES_NOT_ALLOWED": "Not allowed:", + "LANGUAGE": "Language", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1374,7 +1390,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP Sender Address matches Instance Domain", "ALLOWUSERNAMEPASSWORD": "Username Password allowed", "ALLOWEXTERNALIDP": "External IDP allowed", - "ALLOWREGISTER": "Register allowed", + "ALLOWREGISTERUSERS": "Register users allowed", + "ALLOWREGISTERORGS": "Register organizations allowed", "ALLOWUSERNAMEPASSWORD_DESC": "The conventional login with user name and password is allowed.", "ALLOWEXTERNALIDP_DESC": "The login is allowed for the underlying identity providers", "ALLOWREGISTER_DESC": "If the option is selected, an additional step for registering a user appears in the login.", diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json index 7b4a338a00..883dc55a0b 100644 --- a/console/src/assets/i18n/es.json +++ b/console/src/assets/i18n/es.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Secuencia", - "CHECKBOX": "Filtrar por secuencia", - "SORT": "Ordenado", - "ASC": "Ascendente", - "DESC": "Descendente" + "CHECKBOX": "Filtrar por secuencia" }, + "SORT": "Ordenado", + "ASC": "Ascendente", + "DESC": "Descendente", "CREATIONDATE": { - "LABEL": "Fecha de creación", - "CHECKBOX": "Filtrar por fecha de creación" + "RADIO_FROM": "Desde", + "RADIO_RANGE": "Rango", + "LABEL_SINCE": "Desde", + "LABEL_UNTIL": "Hasta" }, "OTHER": "otro", "OTHERS": "otros" @@ -929,20 +931,23 @@ "BTN": "Renombrar" }, "ORGDOMAIN": { - "TITLE": "Verificación de la propiedad del dominio de la organización", - "VERIFICATION": "Para verificar la propiedad de tu dominio, necesitas descargar un fichero de verificación y subirlo a la URL proporcionada a continuación, o crear un registro DNS de tipo TXT que contenga la URL proporcionada. Para completar este paso, haz clic en el botón para verificarlo.", - "VERIFICATION_SKIP": "Puedes saltarte esta verificación por ahora y continuar con la creación de tu organización, pero para poder utilizar esta organización ¡deberás completar este paso!", - "VERIFICATION_VALIDATION_DESC": "Los tokens se comprueban regularmente para asegurar que todavía eres el dueño del dominio.", + "TITLE": "Verifica la propiedad de {{value}}", + "VERIFICATION": "Ofrecemos dos métodos para validar manualmente tu dominio:", + "VERIFICATION_HTML": "- HTTP. Coloca un fichero de verificación temporal en tu sitio web", + "VERIFICATION_DNS": "- DNS. Crea una registro TXT en tu DNS", + "VERIFICATION_DNS_DESC": "Si administras {{ value }} y tienes acceso a tus registros DNS, puedes crear un nuevo registro TXT con los siguientes valores:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Utiliza este código como valor para el registro TXT:", + "VERIFICATION_HTTP_DESC": "Si tienes acceso al alojamiento de su sitio web, simplemente descarga el archivo de verificación y cárgalo en la URL proporcionada.", + "VERIFICATION_HTTP_URL_LABEL": "URL esperada:", + "VERIFICATION_HTTP_FILE_LABEL": "Fichero de verificación:", + "VERIFICATION_SKIP": "Puedes omitir la verificación por ahora y continuar creando tu organización, pero para poder usar este dominio debes completar este paso.", + "VERIFICATION_VALIDATION_DESC": "No elimines el código de verificación, ya que ZITADEL volverá a comprobar la propiedad de tu dominio de vez en cuando.", "VERIFICATION_NEWTOKEN_TITLE": "Solicitar nuevo token", - "VERIFICATION_NEWTOKEN_DESC": "Si quieres solicitar un nuevo token, selecciona tu método preferido. Si quieres validar un token persistente, haz clic en el botón de arriba.", - "VERIFICATION_VALIDATION_ONGOING": "Ya se ha solicitado un token de verificación. Haz clic en el botón para lanzar una comprobación de verificación.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Tipo de token:", + "VERIFICATION_NEWTOKEN_DESC": "Si deseas solicitar un nuevo token, selecciona tu método preferido. Si desea validar un token persistente, haga clic en el botón de arriba.", + "VERIFICATION_VALIDATION_ONGOING": "Se ha seleccionado el método {{ value }} para verificar su dominio. Haz clic en el botón para forzar una verificación o restablecer el proceso de verificación.", "VERIFICATION_SUCCESSFUL": "¡Dominio verificado con éxito!", - "REQUESTNEWTOKEN": "Solicitar nuevo token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Restablecer el método de verificación" }, "DOWNLOAD_FILE": "Descargar fichero", "SELECTORGTOOLTIP": "Seleccionar esta organización.", @@ -1019,7 +1024,7 @@ "DESCRIPTION": "Estas configuraciones amplían y sobrescriben tus configuraciones de instancia." }, "LIST": { - "GENERAL": "General", + "LANGUAGES": "Idiomas", "LOGIN": "Comportamiento del inicio de sesión y de la seguridad", "LOCKOUT": "Bloqueo", "COMPLEXITY": "Complejidad de contraseña", @@ -1048,22 +1053,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Idioma por defecto", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Ajustes de idioma", + "DEFAULT": "Idioma predeterminado", + "ALLOWED": "Idiomas permitidos", + "NOT_ALLOWED": "Idiomas no permitidos", + "ALLOW_ALL": "Permitir todos los idiomas", + "DISALLOW_ALL": "No permitir ningún idioma", + "SETASDEFAULT": "Establecer como idioma predeterminado", + "DEFAULT_SAVED": "Idioma predeterminado guardado", + "ALLOWED_SAVED": "Idiomas permitidos guardados", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Ajustes SMTP", @@ -1262,8 +1277,10 @@ "RESET_DESCRIPTION": "Estás a punto de restaurar todos los valores por defecto. Todos los cambios que has hecho serán borrados permanentemente. ¿Estás seguro de que quieres continuar?", "UNSAVED_TITLE": "¿Continuar sin guardar?", "UNSAVED_DESCRIPTION": "Has hecho cambios sin guardar. ¿Quieres guardarlos ahora?", - "LOCALE": "Código de idioma", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Has seleccionado un idioma que no está permitido. Puedes seguir modificando los textos. Pero si quieres que tus usuarios realmente puedan usar este idioma, cambia las restricciones de tus instancias.", + "LANGUAGES_NOT_ALLOWED": "No permitido:", + "LANGUAGE": "Idioma", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1374,7 +1391,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "La dirección del remitente SMTP coincide con el dominio de la instancia", "ALLOWUSERNAMEPASSWORD": "Nombre de usuario y contraseña permitido", "ALLOWEXTERNALIDP": "Permitido IDP externo", - "ALLOWREGISTER": "Registro permitido", + "ALLOWREGISTERUSERS": "Registro de usuarios permitido", + "ALLOWREGISTERORGS": "Registro de organizaciones permitido", "ALLOWUSERNAMEPASSWORD_DESC": "El inicio de sesión convencional con nombre de usuario y contraseña está permitido.", "ALLOWEXTERNALIDP_DESC": "El inicio de sesión está permitido para los proveedores de identidad subyacentes", "ALLOWREGISTER_DESC": "Si esta opción es seleccionada, aparece un paso adicional durante el inicio de sesión para registrar un usuario.", diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json index aa293ba4bf..3548dd454c 100644 --- a/console/src/assets/i18n/fr.json +++ b/console/src/assets/i18n/fr.json @@ -871,14 +871,16 @@ }, "SEQUENCE": { "LABEL": "séquence", - "CHECKBOX": "Filtrer par séquence", - "SORT": "Triage", - "ASC": "Ascendant", - "DESC": "Descendant" + "CHECKBOX": "Filtrer par séquence" }, + "SORT": "Triage", + "ASC": "Ascendant", + "DESC": "Descendant", "CREATIONDATE": { - "LABEL": "Date de création", - "CHECKBOX": "Filtrer par date de création" + "RADIO_FROM": "De", + "RADIO_RANGE": "Gamme", + "LABEL_SINCE": "Depuis", + "LABEL_UNTIL": "Jusqu'à" }, "OTHER": "autre", "OTHERS": "autres" @@ -928,20 +930,22 @@ "BTN": "Renommer" }, "ORGDOMAIN": { - "TITLE": "Vérification de la propriété du domaine de l'organisation", - "VERIFICATION": "Pour vérifier la propriété de votre domaine, vous devez télécharger un fichier de vérification et le charger à l'URL indiquée ci-dessous, ou placer une entrée DNS TXT Record pour l'URL indiquée. Pour terminer, cliquez sur le bouton de vérification.", - "VERIFICATION_SKIP": "Vous pouvez ignorer la vérification pour l'instant et continuer à créer votre organisation, mais cette étape doit être terminée pour pouvoir utiliser votre organisation !", - "VERIFICATION_VALIDATION_DESC": "Les jetons sont vérifiés régulièrement pour s'assurer que vous êtes toujours propriétaire du domaine.", + "TITLE": "Vérifier la propriété de {{value}}", + "VERIFICATION": "Nous vous proposons deux méthodes pour valider manuellement votre domaine :", + "VERIFICATION_HTML": "-HTTP. Hébergez un fichier de vérification temporaire sur votre site Web", + "VERIFICATION_DNS": "-DNS. Créer une entrée DNS d'enregistrement TXT", + "VERIFICATION_DNS_DESC": "Si vous gérez {{ value }} et que vous avez accès à vos enregistrements DNS, vous pouvez créer un nouvel enregistrement TXT avec les valeurs suivantes :", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Utilisez ce code pour la valeur de l'enregistrement TXT :", + "VERIFICATION_HTTP_DESC": "Si vous avez accès à l'hébergement de votre site Web, téléchargez simplement le fichier de vérification et téléchargez-le à l'URL fournie.", + "VERIFICATION_HTTP_URL_LABEL": "URL attendue :", + "VERIFICATION_HTTP_FILE_LABEL": "Dossier de vérification :", + "VERIFICATION_SKIP": "Vous pouvez ignorer la vérification pour le moment et continuer à créer votre organisation, mais pour pouvoir utiliser votre domaine, cette étape doit être complétée !", + "VERIFICATION_VALIDATION_DESC": "Ne supprimez pas le code de vérification, car ZITADEL revérifiera de temps en temps la propriété de votre domaine.", "VERIFICATION_NEWTOKEN_TITLE": "Demander un nouveau jeton", - "VERIFICATION_NEWTOKEN_DESC": "Si vous voulez demander un nouveau jeton, sélectionnez votre méthode préférée. Si vous voulez valider un jeton persistant, cliquez sur le bouton ci-dessus.", - "VERIFICATION_VALIDATION_ONGOING": "Un jeton de vérification a déjà été demandé. Cliquez sur le bouton pour déclencher un contrôle de vérification.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Type de jeton", - "VERIFICATION_SUCCESSFUL": "Domaine vérifié avec succès !", - "REQUESTNEWTOKEN": "Demander un nouveau jeton", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "VERIFICATION_VALIDATION_ONGOING": "La méthode {{ value }} a été sélectionnée pour vérifier votre domaine. Cliquez sur le bouton pour déclencher une vérification ou réinitialiser le processus de vérification.", + "VERIFICATION_SUCCESSFUL": "Domaine vérifié avec succès !", + "RESETMETHOD": "Réinitialiser la méthode de vérification" }, "DOWNLOAD_FILE": "Télécharger le fichier", "SELECTORGTOOLTIP": "Sélectionnez cette organisation.", @@ -1018,7 +1022,7 @@ "DESCRIPTION": "Ces paramètres étendent et remplacent les paramètres de votre instance." }, "LIST": { - "GENERAL": "Général", + "LANGUAGES": "Langues", "LOGIN": "Comportement de connexion et sécurité", "LOCKOUT": "Verrouillage", "COMPLEXITY": "Complexité du mot de passe", @@ -1047,22 +1051,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Langue par défaut", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Paramètres de langue", + "DEFAULT": "Langue par défaut", + "ALLOWED": "Langues autorisées", + "NOT_ALLOWED": "Langues non autorisées", + "ALLOW_ALL": "Autoriser toutes les langues", + "DISALLOW_ALL": "Interdire toutes les langues", + "SETASDEFAULT": "Définir comme langue par défaut", + "DEFAULT_SAVED": "Langue par défaut enregistrée", + "ALLOWED_SAVED": "Langues autorisées enregistrées", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Paramètres SMTP", @@ -1261,8 +1275,10 @@ "RESET_DESCRIPTION": "Vous êtes sur le point de restaurer toutes les valeurs par défaut. Toutes les modifications que vous avez apportées seront définitivement supprimées. Voulez-vous vraiment continuer ?", "UNSAVED_TITLE": "Continuer sans sauvegarder ?", "UNSAVED_DESCRIPTION": "Vous avez apporté des modifications sans les sauvegarder. Voulez-vous les enregistrer maintenant ?", - "LOCALE": "Code Locale", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Vous avez sélectionné une langue qui n'est pas autorisée. Vous pouvez continuer à modifier les textes. Mais si vous voulez que vos utilisateurs puissent réellement utiliser cette langue, modifiez les restrictions de vos instances.", + "LANGUAGES_NOT_ALLOWED": "Non autorisé:", + "LANGUAGE": "Langue", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1373,7 +1389,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "L'adresse de l'expéditeur SMTP correspond au domaine de l'instance", "ALLOWUSERNAMEPASSWORD": "Nom d'utilisateur Mot de passe autorisé", "ALLOWEXTERNALIDP": "IDP externe autorisé", - "ALLOWREGISTER": "Enregistrement autorisé", + "ALLOWREGISTERUSERS": "Enregistrer les utilisateurs autorisés", + "ALLOWREGISTERORGS": "Enregistrer les organisations autorisées", "ALLOWUSERNAMEPASSWORD_DESC": "La connexion classique avec nom d'utilisateur et mot de passe est autorisée.", "ALLOWEXTERNALIDP_DESC": "La connexion est autorisée pour les fournisseurs d'identité sous-jacents", "ALLOWREGISTER_DESC": "Si l'option est sélectionnée, une étape supplémentaire pour l'enregistrement d'un utilisateur apparaît dans la connexion.", diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json index caca5f6fc7..c685a5c865 100644 --- a/console/src/assets/i18n/it.json +++ b/console/src/assets/i18n/it.json @@ -870,14 +870,16 @@ }, "SEQUENCE": { "LABEL": "Sequence", - "CHECKBOX": "Filter per sequenza", - "SORT": "", - "ASC": "Ascending", - "DESC": "Descending" + "CHECKBOX": "Filter per sequenza" }, + "SORT": "Ordina per", + "ASC": "Ascendente", + "DESC": "Discendente", "CREATIONDATE": { - "LABEL": "Creation Date", - "CHECKBOX": "Filter by Creation Date" + "RADIO_FROM": "Da", + "RADIO_RANGE": "Intervallo", + "LABEL_SINCE": "Da", + "LABEL_UNTIL": "A" }, "OTHER": "altro", "OTHERS": "altri" @@ -928,20 +930,22 @@ "BTN": "Rinomina" }, "ORGDOMAIN": { - "TITLE": "Verificazione della propriet\u00e0 del dominio dell'organizzazione", - "VERIFICATION": "Verifica la propriet\u00e0 del tuo dominio. \u00c8 necessario scaricare un file di verifica e caricarlo all'URL fornito elencato di seguito, o inserire una voce DNS TXT Record per l'URL fornito. Per completare, clicca sul pulsante di verifica.", - "VERIFICATION_SKIP": "Puoi saltare la verifica per ora e continuare a creare la tua organizzazione, ma per usare la tua organizzazione questo passo deve essere completato!", - "VERIFICATION_VALIDATION_DESC": "I token sono controllati regolarmente per assicurarsi che tu sia ancora proprietario del dominio.", - "VERIFICATION_NEWTOKEN_TITLE": "Richiesta di un nuovo token", - "VERIFICATION_NEWTOKEN_DESC": "Se vuoi richiedere un nuovo token, seleziona il tuo metodo preferito. Se vuoi convalidare un token persistente, clicca sul pulsante qui sopra.", - "VERIFICATION_VALIDATION_ONGOING": "\u00c8 gi\u00e0 stato richiesto un token di verifica. Clicca sul pulsante per richiedere un altro controllo di verifica.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Tipo di token:", + "TITLE": "Verifica la proprietà di {{value}}", + "VERIFICATION": "Ti offriamo due metodi per convalidare manualmente il tuo dominio:", + "VERIFICATION_HTML": "-HTTP. Ospita un file di verifica temporaneo sul tuo sito web", + "VERIFICATION_DNS": "-DNS. Crea una voce DNS del record TXT", + "VERIFICATION_DNS_DESC": "Se gestisci {{ value }} e hai accesso ai tuoi record DNS, puoi creare un nuovo record TXT con i seguenti valori:", + "VERIFICATION_DNS_HOST_LABEL": "Ospite:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Utilizza questo codice per il valore del record TXT:", + "VERIFICATION_HTTP_DESC": "Se hai accesso all'hosting del tuo sito web, scarica semplicemente il file di verifica e caricalo all'URL fornito", + "VERIFICATION_HTTP_URL_LABEL": "URL previsto:", + "VERIFICATION_HTTP_FILE_LABEL": "File di verifica:", + "VERIFICATION_SKIP": "Per ora puoi saltare la verifica e continuare a creare la tua organizzazione, ma per poter utilizzare il tuo dominio è necessario completare questo passaggio!", + "VERIFICATION_VALIDATION_DESC": "Non eliminare il codice di verifica, poiché ZITADEL ricontrollerà di tanto in tanto la proprietà del tuo dominio.", + "VERIFICATION_NEWTOKEN_TITLE": "Richiedi nuovo token", + "VERIFICATION_VALIDATION_ONGOING": "Il metodo {{ value }} è stato selezionato per verificare il tuo dominio. Fare clic sul pulsante per attivare un controllo di verifica o reimpostare il processo di verifica.", "VERIFICATION_SUCCESSFUL": "Dominio verificato con successo!", - "REQUESTNEWTOKEN": "Richiedi un nuovo token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Reimposta il metodo di verifica" }, "DOWNLOAD_FILE": "Scaricare il file", "SELECTORGTOOLTIP": "Seleziona questa organizzazione.", @@ -1018,7 +1022,7 @@ "DESCRIPTION": "Queste impostazioni si applicheranno alla organizzazione corrente." }, "LIST": { - "GENERAL": "Generale", + "LANGUAGES": "Lingue", "LOGIN": "Comportamento login e sicurezza", "LOCKOUT": "Meccanismi di bloccaggio", "COMPLEXITY": "Complessità della password", @@ -1047,22 +1051,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Lingua standard", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Impostazioni della lingua", + "DEFAULT": "Lingua predefinita", + "ALLOWED": "Lingue consentite", + "NOT_ALLOWED": "Lingue non consentite", + "ALLOW_ALL": "Consenti tutte le lingue", + "DISALLOW_ALL": "Non consentire tutte le lingue", + "SETASDEFAULT": "Imposta come lingua predefinita", + "DEFAULT_SAVED": "Lingua predefinita salvata", + "ALLOWED_SAVED": "Lingue consentite salvate", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Impostazioni SMTP", @@ -1261,8 +1275,10 @@ "RESET_DESCRIPTION": "Stai per ripristinare tutti i valori predefiniti. Tutte le modifiche che hai fatto saranno cancellate in modo permanente. Vuoi davvero continuare?", "UNSAVED_TITLE": "Continuare senza salvare?", "UNSAVED_DESCRIPTION": "Hai fatto delle modifiche senza salvare. Vuoi salvare ora?", - "LOCALE": "Codice locale", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Hai selezionato una lingua non consentita. Puoi continuare a modificare i testi. Ma se vuoi che i tuoi utenti possano effettivamente utilizzare questa lingua, cambia le restrizioni delle tue istanze.", + "LANGUAGE": "Lingua", + "LANGUAGES_NOT_ALLOWED": "Non consentito:", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1373,7 +1389,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "L'indirizzo mittente SMTP corrisponde al dominio dell'istanza", "ALLOWUSERNAMEPASSWORD": "Autenticazione classica con password consentita", "ALLOWEXTERNALIDP": "IDP esterno consentito", - "ALLOWREGISTER": "Registrazione consentita", + "ALLOWREGISTERUSERS": "Registrazione utenti consentita", + "ALLOWREGISTERORGS": "Registrazione organizzazioni consentita", "ALLOWUSERNAMEPASSWORD_DESC": "Autenticazione classica con nome utente e password \u00e8 permessa.", "ALLOWEXTERNALIDP_DESC": "Il login \u00e8 permesso per gli IDP sottostanti", "ALLOWREGISTER_DESC": "Se l'opzione \u00e8 selezionata, nel login apparirà un passo aggiuntivo per la registrazione di un utente.", diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json index 527bf018ff..272a9ae569 100644 --- a/console/src/assets/i18n/ja.json +++ b/console/src/assets/i18n/ja.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "シーケンス", - "CHECKBOX": "シーケンスで絞り込み", - "SORT": "ソート", - "ASC": "昇順", - "DESC": "降順" + "CHECKBOX": "シーケンスで絞り込み" }, + "SORT": "ソート", + "ASC": "昇順", + "DESC": "降順", "CREATIONDATE": { - "LABEL": "作成日", - "CHECKBOX": "作成日で絞り込み" + "RADIO_FROM": "から", + "RADIO_RANGE": "範囲", + "LABEL_SINCE": "以降", + "LABEL_UNTIL": "まで" }, "OTHER": "その他", "OTHERS": "その他" @@ -929,20 +931,22 @@ "BTN": "名前の変更" }, "ORGDOMAIN": { - "TITLE": "組織ドメインの所有権の認証", - "VERIFICATION": "ドメインの所有権を確認するには、検証ファイルをダウンロードし、下記の提供されたURLにアップロードするか、提供されたURLのTXTレコードのDNSエントリーを配置する必要があります。完了するには、検証するボタンをクリックしてください。", - "VERIFICATION_SKIP": "認証をスキップしたまま組織を作成することはできますが、組織を使用するにはこのステップを完了する必要があります。", - "VERIFICATION_VALIDATION_DESC": "ユーザーがドメインの所有者であることを確認するために、トークンは定期的にチェックされます。", + "TITLE": "{{value}} の所有権を確認します", + "VERIFICATION": "ドメインを手動で検証する 2 つの方法が提供されています。", + "VERIFICATION_HTML": "- HTTP。 Web サイト上で一時検証ファイルをホストする", + "VERIFICATION_DNS": "-DNS。 TXT レコードの DNS エントリを作成する", + "VERIFICATION_DNS_DESC": "{{ value }} を管理しており、DNS レコードにアクセスできる場合は、次の値を使用して新しい TXT レコードを作成できます。", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "TXT レコードの値には次のコードを使用します。", + "VERIFICATION_HTTP_DESC": "Web サイトのホスティングにアクセスできる場合は、検証ファイルをダウンロードし、指定された URL にアップロードするだけです。", + "VERIFICATION_HTTP_URL_LABEL": "予想される URL:", + "VERIFICATION_HTTP_FILE_LABEL": "検証ファイル:", + "VERIFICATION_SKIP": "現時点では検証をスキップして組織の作成を続行できますが、ドメインを使用するにはこの手順を完了する必要があります。", + "VERIFICATION_VALIDATION_DESC": "ZITADEL はドメインの所有権を随時再確認するため、確認コードは削除しないでください。", "VERIFICATION_NEWTOKEN_TITLE": "新しいトークンをリクエストする", - "VERIFICATION_NEWTOKEN_DESC": "新しいトークンをリクエストする場合は、方法を選択します。永続的なトークンを認証する場合は、上のボタンをクリックします。", - "VERIFICATION_VALIDATION_ONGOING": "認証トークンはすでにリクエストされています。ボタンをクリックして、認証チェックをトリガーする。", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "トークンのタイプ:", - "VERIFICATION_SUCCESSFUL": "ドメインは正常に認証されました!", - "REQUESTNEWTOKEN": "新しいトークンをリクエストする", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "VERIFICATION_VALIDATION_ONGOING": "ドメインを確認するために {{ value }} 方法が選択されました。ボタンをクリックして検証チェックをトリガーするか、検証プロセスをリセットします。", + "VERIFICATION_SUCCESSFUL": "ドメインが正常に認証されました。", + "RESETMETHOD": "リセット確認方法" }, "DOWNLOAD_FILE": "ファイルをダウンロード", "SELECTORGTOOLTIP": "この組織を選択", @@ -1019,7 +1023,7 @@ "DESCRIPTION": "これらの設定は、インスタンス設定を拡張・上書きします。" }, "LIST": { - "GENERAL": "全般", + "LANGUAGES": "一般設定", "LOGIN": "ログイン動作とセキュリティ", "LOCKOUT": "ロックアウト", "COMPLEXITY": "パスワードの複雑さ", @@ -1048,22 +1052,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "デフォルトの言語", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "言語設定", + "DEFAULT": "デフォルト言語", + "ALLOWED": "許可された言語", + "NOT_ALLOWED": "許可されていない言語", + "ALLOW_ALL": "すべての言語を許可する", + "DISALLOW_ALL": "すべての言語を許可しない", + "SETASDEFAULT": "デフォルト言語として設定する", + "DEFAULT_SAVED": "デフォルト言語が保存されました", + "ALLOWED_SAVED": "許可された言語が保存されました", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP設定", @@ -1257,8 +1271,10 @@ "RESET_DESCRIPTION": "すべてのデフォルト値を復元しようとしています。ユーザーが行ったすべての変更は完全に削除されます。本当によろしいですか?", "UNSAVED_TITLE": "保存せずに続行しますか?", "UNSAVED_DESCRIPTION": "あなたは保存せずに変更を加えました。今すぐ保存しますか?", - "LOCALE": "ロケールコード", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "許可されていない言語を選択しました。テキストを変更し続けることはできますが、実際にこの言語を使用できるようにするには、インスタンスの制限を変更してください。", + "LANGUAGES_NOT_ALLOWED": "許可されていない言語:", + "LANGUAGE": "言語", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1369,7 +1385,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP送信者アドレスはインスタンスドメインに一致しています", "ALLOWUSERNAMEPASSWORD": "ユーザー名とパスワードを許可", "ALLOWEXTERNALIDP": "外部IDPを許可", - "ALLOWREGISTER": "登録を許可", + "ALLOWREGISTERUSERS": "ユーザーの登録を許可", + "ALLOWREGISTERORGS": "組織の登録を許可", "ALLOWUSERNAMEPASSWORD_DESC": "ユーザー名とパスワードを使用した従来のログインを許可します。", "ALLOWEXTERNALIDP_DESC": "基礎となるIDプロバイダーにログインを許可します。", "ALLOWREGISTER_DESC": "このオプションが選択されている場合、ユーザーを登録するための追加のステップがログインに表示されます。", diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json index 4f6df0710c..af8976c93d 100644 --- a/console/src/assets/i18n/mk.json +++ b/console/src/assets/i18n/mk.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Секвенца", - "CHECKBOX": "Филтер според секвенцата", - "SORT": "Сортирање", - "ASC": "Растечки", - "DESC": "Опаѓачки" + "CHECKBOX": "Филтер според секвенцата" }, + "SORT": "Сортирање", + "ASC": "Растечки", + "DESC": "Опаѓачки", "CREATIONDATE": { - "LABEL": "Датум на креирање", - "CHECKBOX": "Филтер според датумот на креирање" + "RADIO_FROM": "Од", + "RADIO_RANGE": "Ранг", + "LABEL_SINCE": "Од", + "LABEL_UNTIL": "До" }, "OTHER": "друго", "OTHERS": "други" @@ -929,20 +931,22 @@ "BTN": "Преименувај" }, "ORGDOMAIN": { - "TITLE": "Потврда за сопственост на доменот на организацијата", - "VERIFICATION": "За да ја потврдите сопственоста на вашиот домен, треба да преземете датотека за потврда и да ја прикачите на препратената URL адреса наведена подолу, или да поставите запис на DNS (TXT Record) за препратената URL адреса. За да завршите, кликнете на копчето за верификација.", - "VERIFICATION_SKIP": "Можете да ја прескокнете верификацијата за сега и да продолжите со креирањето на вашата организација, но за да ја користите вашата организација, овој чекор треба да се заврши!", - "VERIFICATION_VALIDATION_DESC": "Токените редовно се проверуваат за да се осигура дека сѐ уште сте сопственик на доменот.", - "VERIFICATION_NEWTOKEN_TITLE": "Побарај нов токен", - "VERIFICATION_NEWTOKEN_DESC": "Ако сакате да побарате нов токен, изберете ја вашата посакувана метода. Ако сакате да валидирате веќе постоечки токен, кликнете на копчето погоре.", - "VERIFICATION_VALIDATION_ONGOING": "Веќе е баран верификациски токен. Кликнете на копчето за да покренете проверка на верификацијата.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Тип на токенот:", - "VERIFICATION_SUCCESSFUL": "Доменот е успешно верифициран!", - "REQUESTNEWTOKEN": "Побарај нов токен", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "TITLE": "Потврдете ја сопственоста на {{value}}", + "VERIFICATION": "Ви нудиме два методи за рачно потврдување на вашиот домен:", + "VERIFICATION_HTML": "- HTTP. Поставете привремена датотека за потврда на вашата веб-локација", + "VERIFICATION_DNS": "- DNS. Креирајте запис за DNS за снимање TXT", + "VERIFICATION_DNS_DESC": "Ако управувате со {{ вредност }} и имате пристап до вашите записи DNS, можете да креирате нов TXT запис со следните вредности:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Користете го овој код за вредноста на записот TXT:", + "VERIFICATION_HTTP_DESC": "Ако имате пристап до хостирањето на вашата веб-локација, едноставно преземете ја датотеката за верификација и поставете ја на дадената URL адреса", + "VERIFICATION_HTTP_URL_LABEL": "Очекувана URL адреса:", + "VERIFICATION_HTTP_FILE_LABEL": "Датотека за верификација:", + "VERIFICATION_SKIP": "Засега можете да ја прескокнете потврдата и да продолжите да ја креирате вашата организација, но за да го користите вашиот домен, овој чекор треба да се заврши!", + "VERIFICATION_VALIDATION_DESC": "Не бришете го кодот за потврда, бидејќи ZITADEL одвреме-навреме повторно ќе ја проверува сопственоста на вашиот домен.", + "VERIFICATION_NEWTOKEN_TITLE": "Побарајте нов токен", + "VERIFICATION_VALIDATION_ONGOING": "Методот {{ вредност }} е избран за да се потврди вашиот домен. Кликнете на копчето за да активирате проверка за верификација или да го ресетирате процесот на верификација.", + "VERIFICATION_SUCCESSFUL": "Доменот е успешно потврден!", + "RESETMETHOD": "Ресетирај го методот за верификација" }, "DOWNLOAD_FILE": "Преземи датотека", "SELECTORGTOOLTIP": "Изберете ја оваа организација.", @@ -1020,7 +1024,7 @@ "DESCRIPTION": "Овие подесувања ги прошируваат и препишуваат подесувањата на вашата инстанца." }, "LIST": { - "GENERAL": "Генерални", + "LANGUAGES": "Општо", "LOGIN": "Правила и безбедност при најава", "LOCKOUT": "Забрана на пристап", "COMPLEXITY": "Сложеност на лозинката", @@ -1049,22 +1053,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Стандарден јазик", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Подесувања за јазик", + "DEFAULT": "Стандарден јазик", + "ALLOWED": "Дозволени јазици", + "NOT_ALLOWED": "Не дозволени јазици", + "ALLOW_ALL": "Дозволи ги сите јазици", + "DISALLOW_ALL": "Забрани ги сите јазици", + "SETASDEFAULT": "Постави како стандарден јазик", + "DEFAULT_SAVED": "Стандардниот јазик е зачуван", + "ALLOWED_SAVED": "Дозволените јазици се зачувани", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP подесувања", @@ -1263,8 +1277,10 @@ "RESET_DESCRIPTION": "Се подготвувате да ги вратите сите стандардни вредности. Сите промени што ги направивте ќе бидат трајно избришани. Дали сте сигурни дека сакате да продолжите?", "UNSAVED_TITLE": "Дали сакате да продолжите без зачувување?", "UNSAVED_DESCRIPTION": "Имате направено промени без зачувување. Дали сакате да ги зачувате сега?", - "LOCALE": "Locale Code", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Избравте јазик кој не е дозволен. Можете да продолжите да ги менувате текстовите. Но, ако сакате вашите корисници да можат да го користат овој јазик, променете ги ограничувањата на вашата инстанца.", + "LANGUAGES_NOT_ALLOWED": "Не е дозволено:", + "LANGUAGE": "Јазик", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1375,7 +1391,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP адресата на испраќачот се поклопува со доменот на инстанцата", "ALLOWUSERNAMEPASSWORD": "Дозволено корисничко име и лозинка", "ALLOWEXTERNALIDP": "Дозволен надворешен IDP", - "ALLOWREGISTER": "Дозволена регистрација", + "ALLOWREGISTERUSERS": "Дозволена регистрација на корисници", + "ALLOWREGISTERORGS": "Дозволена регистрација на организации", "ALLOWUSERNAMEPASSWORD_DESC": "Дозволена е конвенционална најава со корисничко име и лозинка.", "ALLOWEXTERNALIDP_DESC": "Најавата е дозволена за поддржуваните IDPs", "ALLOWREGISTER_DESC": "Доколку е избрана опцијата, се прикажува дополнителен чекор за регистрирање на корисник во најавата.", diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json index db071c2f45..d7e38eaed0 100644 --- a/console/src/assets/i18n/nl.json +++ b/console/src/assets/i18n/nl.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Reeks", - "CHECKBOX": "Filter op Reeks", - "SORT": "Sortering", - "ASC": "Oplopend", - "DESC": "Aflopend" + "CHECKBOX": "Filter op Reeks" }, + "SORT": "Sortering", + "ASC": "Oplopend", + "DESC": "Aflopend", "CREATIONDATE": { - "LABEL": "Aanmaakdatum", - "CHECKBOX": "Filter op Aanmaakdatum" + "RADIO_FROM": "Van", + "RADIO_RANGE": "Reeks", + "LABEL_SINCE": "Sinds", + "LABEL_UNTIL": "Tot" }, "OTHER": "ander", "OTHERS": "anderen" @@ -929,20 +931,22 @@ "BTN": "Hernoemen" }, "ORGDOMAIN": { - "TITLE": "Verificatie van Organisatie Domein Eigendom", - "VERIFICATION": "Om het eigendom van uw domein te verifiëren, moet u een verificatiebestand downloaden en uploaden op de hieronder vermelde URL, of een TXT Record DNS-invoer plaatsen voor de verstrekte URL. Om te voltooien, klik op de knop om te verifiëren.", - "VERIFICATION_SKIP": "Je kunt de verificatie nu overslaan en doorgaan met het aanmaken van je organisatie, maar om je organisatie te kunnen gebruiken, moet deze stap worden voltooid!", - "VERIFICATION_VALIDATION_DESC": "De tokens worden regelmatig gecontroleerd om te zorgen dat u nog steeds eigenaar bent van het domein.", - "VERIFICATION_NEWTOKEN_TITLE": "Vraag nieuw token aan", - "VERIFICATION_NEWTOKEN_DESC": "Als u een nieuw token wilt aanvragen, selecteer dan uw voorkeursmethode. Als u een bestaand token wilt valideren, klik dan op de knop hierboven.", - "VERIFICATION_VALIDATION_ONGOING": "Er is al een verificatietoken aangevraagd. Klik op de knop om een verificatiecontrole te activeren.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Type van het token:", + "TITLE": "Verifieer het eigendom van {{value}}", + "VERIFICATION": "Wij bieden u twee methoden aan om uw domein handmatig te valideren:", + "VERIFICATION_HTML": "-HTTP. Host een tijdelijk verificatiebestand op uw website", + "VERIFICATION_DNS": "- DNS. Maak een TXT Record DNS-vermelding", + "VERIFICATION_DNS_DESC": "Als u {{ value }} beheert en toegang heeft tot uw DNS-records, kunt u een nieuw TXT-record maken met de volgende waarden:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Gebruik deze code voor de waarde van het TXT-record:", + "VERIFICATION_HTTP_DESC": "Als u toegang heeft tot de hosting van uw website, downloadt u eenvoudigweg het verificatiebestand en uploadt u dit naar de opgegeven URL", + "VERIFICATION_HTTP_URL_LABEL": "Verwachte URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Verificatiebestand:", + "VERIFICATION_SKIP": "U kunt de verificatie voorlopig overslaan en doorgaan met het aanmaken van uw organisatie, maar om uw domein te gebruiken moet deze stap worden voltooid!", + "VERIFICATION_VALIDATION_DESC": "Verwijder de verificatiecode niet, aangezien ZITADEL van tijd tot tijd het eigendom van uw domein opnieuw zal controleren.", + "VERIFICATION_NEWTOKEN_TITLE": "Vraag een nieuw token aan", + "VERIFICATION_VALIDATION_ONGOING": "De methode {{ value }} is geselecteerd om uw domein te verifiëren. Klik op de knop om een ​​verificatiecontrole te activeren of het verificatieproces opnieuw in te stellen.", "VERIFICATION_SUCCESSFUL": "Domein succesvol geverifieerd!", - "REQUESTNEWTOKEN": "Vraag nieuw token aan", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Verificatiemethode opnieuw instellen" }, "DOWNLOAD_FILE": "Download bestand", "SELECTORGTOOLTIP": "Selecteer deze organisatie.", @@ -1019,7 +1023,7 @@ "DESCRIPTION": "Deze instellingen breiden uw instantie instellingen uit en overschrijven deze." }, "LIST": { - "GENERAL": "Algemeen", + "LANGUAGES": "Talen", "LOGIN": "Login Gedrag en Beveiliging", "LOCKOUT": "Lockout", "COMPLEXITY": "Wachtwoord complexiteit", @@ -1048,22 +1052,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Standaard Taal", - "LANGUAGE": { - "de": "Deutsch", - "en": "Engels", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portugees", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Taalinstellingen", + "DEFAULT": "Standaardtaal", + "ALLOWED": "Toegestane Talen", + "NOT_ALLOWED": "Niet Toegestane Talen", + "ALLOW_ALL": "Sta alle talen toe", + "DISALLOW_ALL": "Sta geen talen toe", + "SETASDEFAULT": "Stel in als standaardtaal", + "DEFAULT_SAVED": "Standaardtaal opgeslagen", + "ALLOWED_SAVED": "Toegestane talen opgeslagen", + "OPTIONS": { + "de": "Deutsch", + "en": "Engels", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portugees", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP Instellingen", @@ -1261,9 +1275,11 @@ "RESET_TITLE": "Herstel Standaard Waarden", "RESET_DESCRIPTION": "U staat op het punt om alle standaardwaarden te herstellen. Alle wijzigingen die u heeft gemaakt zullen permanent worden verwijderd. Weet u zeker dat u wilt doorgaan?", "UNSAVED_TITLE": "Doorgaan zonder opslaan?", - "UNSAAVED_DESCRIPTION": "U heeft wijzigingen gemaakt zonder op te slaan. Wilt u nu opslaan?", - "LOCALE": "Locale Code", - "LOCALES": { + "UNSAVED_DESCRIPTION": "U heeft wijzigingen gemaakt zonder op te slaan. Wilt u nu opslaan?", + "ACTIVE_LANGUAGE_NOT_ALLOWED": "U heeft een taal geselecteerd die niet is toegestaan. U kunt doorgaan met het wijzigen van de teksten. Maar als u wilt dat uw gebruikers deze taal daadwerkelijk kunnen gebruiken, wijzig dan de beperkingen van uw instantie.", + "LANGUAGES_NOT_ALLOWED": "Niet toegestaan:", + "LANGUAGE": "Taal", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1374,7 +1390,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP Afzender Adres komt overeen met Instantie Domein", "ALLOWUSERNAMEPASSWORD": "Gebruikersnaam Wachtwoord toegestaan", "ALLOWEXTERNALIDP": "Externe IDP toegestaan", - "ALLOWREGISTER": "Registratie toegestaan", + "ALLOWREGISTERUSERS": "Gebruikersregistratie toegestaan", + "ALLOWREGISTERORGS": "Organisatieregistratie toegestaan", "ALLOWUSERNAMEPASSWORD_DESC": "De conventionele login met gebruikersnaam en wachtwoord is toegestaan.", "ALLOWEXTERNALIDP_DESC": "De login is toegestaan voor de onderliggende identiteitsproviders", "ALLOWREGISTER_DESC": "Als de optie is geselecteerd, verschijnt er een extra stap voor het registreren van een gebruiker in het login proces.", diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json index 39068f2481..7de4c9b4ca 100644 --- a/console/src/assets/i18n/pl.json +++ b/console/src/assets/i18n/pl.json @@ -871,14 +871,16 @@ }, "SEQUENCE": { "LABEL": "Sekwencja", - "CHECKBOX": "Filtruj według sekwencji", - "SORT": "Sortowanie", - "ASC": "Rosnące", - "DESC": "Malejące" + "CHECKBOX": "Filtruj według sekwencji" }, + "SORT": "Sortowanie", + "ASC": "Rosnące", + "DESC": "Malejące", "CREATIONDATE": { - "LABEL": "Data utworzenia", - "CHECKBOX": "Filtruj według daty utworzenia" + "RADIO_FROM": "Od", + "RADIO_RANGE": "Zakres", + "LABEL_SINCE": "Od", + "LABEL_UNTIL": "Do" }, "OTHER": "inne", "OTHERS": "inni" @@ -928,20 +930,22 @@ "BTN": "Zmień nazwę" }, "ORGDOMAIN": { - "TITLE": "Weryfikacja własności domeny organizacji", - "VERIFICATION": "Aby zweryfikować własność swojej domeny, musisz pobrać plik weryfikacyjny i przesłać go na podany poniżej adres URL lub dodać rekord TXT DNS dla podanego adresu URL. Aby zakończyć, kliknij przycisk weryfikuj.", - "VERIFICATION_SKIP": "Możesz teraz pominąć weryfikację i kontynuować tworzenie swojej organizacji, ale aby korzystać z organizacji, ta krok musi zostać ukończony!", - "VERIFICATION_VALIDATION_DESC": "Tokeny są regularnie sprawdzane, aby upewnić się, że nadal jesteś właścicielem domeny.", - "VERIFICATION_NEWTOKEN_TITLE": "Prośba o nowy token", - "VERIFICATION_NEWTOKEN_DESC": "Jeśli chcesz poprosić o nowy token, wybierz preferowany sposób. Jeśli chcesz zwalidować trwający token, kliknij powyższy przycisk.", - "VERIFICATION_VALIDATION_ONGOING": "Token weryfikacyjny został już zażądany. Kliknij przycisk, aby uruchomić sprawdzenie weryfikacyjne.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Typ tokenu:", - "VERIFICATION_SUCCESSFUL": "Domena zweryfikowana pomyślnie!", - "REQUESTNEWTOKEN": "Poproś o nowy token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "TITLE": "Zweryfikuj własność {{value}}", + "VERIFICATION": "Oferujemy dwie metody ręcznej weryfikacji domeny:", + "VERIFICATION_HTML": "-HTTP. Umieść tymczasowy plik weryfikacyjny w swojej witrynie", + "VERIFICATION_DNS": "-DNS. Utwórz wpis DNS rekordu TXT", + "VERIFICATION_DNS_DESC": "Jeśli zarządzasz wartością {{ value }} i masz dostęp do swoich rekordów DNS, możesz utworzyć nowy rekord TXT z następującymi wartościami:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Użyj tego kodu dla wartości rekordu TXT:", + "VERIFICATION_HTTP_DESC": "Jeśli masz dostęp do hostingu swojej witryny, po prostu pobierz plik weryfikacyjny i prześlij go pod podanym adresem URL", + "VERIFICATION_HTTP_URL_LABEL": "Oczekiwany adres URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Plik weryfikacyjny:", + "VERIFICATION_SKIP": "Możesz na razie pominąć weryfikację i kontynuować tworzenie organizacji, jednak aby móc korzystać z domeny, ten krok musi zostać ukończony!", + "VERIFICATION_VALIDATION_DESC": "Nie usuwaj kodu weryfikacyjnego, ponieważ ZITADEL będzie od czasu do czasu ponownie sprawdzał własność Twojej domeny.", + "VERIFICATION_NEWTOKEN_TITLE": "Poproś o nowy token", + "VERIFICATION_VALIDATION_ONGOING": "Wybrano metodę {{ value }} do weryfikacji Twojej domeny. Kliknij przycisk, aby uruchomić kontrolę weryfikacyjną lub zresetować proces weryfikacji.", + "VERIFICATION_SUCCESSFUL": "Domena pomyślnie zweryfikowana!", + "RESETMETHOD": "Zresetuj metodę weryfikacji" }, "DOWNLOAD_FILE": "Pobierz plik", "SELECTORGTOOLTIP": "Wybierz tę organizację.", @@ -1018,7 +1022,7 @@ "DESCRIPTION": "Te ustawienia rozszerzają i nadpisują ustawienia instancji." }, "LIST": { - "GENERAL": "Ogólne", + "LANGUAGES": "Języki", "LOGIN": "Zachowanie logowania i bezpieczeństwo", "LOCKOUT": "Blokada", "COMPLEXITY": "Złożoność hasła", @@ -1047,22 +1051,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Domyślny język", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Ustawienia językowe", + "DEFAULT": "Domyślny język", + "ALLOWED": "Dozwolone języki", + "NOT_ALLOWED": "Niedozwolone języki", + "ALLOW_ALL": "Zezwól na wszystkie języki", + "DISALLOW_ALL": "Zabroń wszystkich języków", + "SETASDEFAULT": "Ustaw jako domyślny język", + "DEFAULT_SAVED": "Domyślny język zapisany", + "ALLOWED_SAVED": "Dozwolone języki zapisane", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Ustawienia SMTP", @@ -1261,8 +1275,10 @@ "RESET_DESCRIPTION": "Masz zamiar przywrócić domyślne linki dla TOS i polityki prywatności. Czy na pewno chcesz kontynuować?", "UNSAVED_TITLE": "Kontynuuj bez zapisywania?", "UNSAVED_DESCRIPTION": "Wprowadziłeś zmiany bez zapisywania. Czy chcesz zapisać teraz?", - "LOCALE": "Kod Języka", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Wybrałeś język, który nie jest dozwolony. Możesz kontynuować modyfikowanie tekstów. Ale jeśli chcesz, aby twoi użytkownicy mogli faktycznie używać tego języka, zmień ograniczenia swoich instancji.", + "LANGUAGES_NOT_ALLOWED": "Niedozwolone:", + "LANGUAGE": "Język", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1373,7 +1389,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "Adres nadawcy SMTP pasuje do domeny instancji", "ALLOWUSERNAMEPASSWORD": "Zezwól na użycie nazwy użytkownika i hasła", "ALLOWEXTERNALIDP": "Zezwól na zewnętrznego dostawcę tożsamości", - "ALLOWREGISTER": "Zezwól na rejestrację", + "ALLOWREGISTERUSERS": "Zezwól na rejestrację użytkowników", + "ALLOWREGISTERORGS": "Zezwól na rejestrację organizacji", "ALLOWUSERNAMEPASSWORD_DESC": "Zwykłe logowanie za pomocą nazwy użytkownika i hasła jest dozwolone.", "ALLOWEXTERNALIDP_DESC": "Logowanie jest dozwolone dla dostawców tożsamości podstawowych", "ALLOWREGISTER_DESC": "Jeśli ta opcja jest zaznaczona, pojawi się dodatkowy krok rejestracji użytkownika w procesie logowania.", diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json index 21e4c67a39..746b865ff4 100644 --- a/console/src/assets/i18n/pt.json +++ b/console/src/assets/i18n/pt.json @@ -872,14 +872,16 @@ }, "SEQUENCE": { "LABEL": "Sequência", - "CHECKBOX": "Filtrar por Sequência", - "SORT": "Ordenação", - "ASC": "Crescente", - "DESC": "Decrescente" + "CHECKBOX": "Filtrar por Sequência" }, + "SORT": "Ordenação", + "ASC": "Crescente", + "DESC": "Decrescente", "CREATIONDATE": { - "LABEL": "Data de Criação", - "CHECKBOX": "Filtrar por Data de Criação" + "RADIO_FROM": "Desde", + "RADIO_RANGE": "Intervalo", + "LABEL_SINCE": "Desde", + "LABEL_UNTIL": "Até" }, "OTHER": "outro", "OTHERS": "outros" @@ -929,20 +931,22 @@ "BTN": "Renomear" }, "ORGDOMAIN": { - "TITLE": "Verificação de Propriedade do Domínio da Organização", - "VERIFICATION": "Para verificar a propriedade do seu domínio, você precisa baixar um arquivo de verificação e enviá-lo para a URL fornecida abaixo, ou criar um registro DNS TXT para a URL fornecida. Para concluir, clique no botão para verificar.", - "VERIFICATION_SKIP": "Você pode pular a verificação por enquanto e continuar a criar sua organização, mas para usar sua organização, esta etapa deve ser concluída!", - "VERIFICATION_VALIDATION_DESC": "Os tokens são verificados regularmente para garantir que você ainda seja o proprietário do domínio.", - "VERIFICATION_NEWTOKEN_TITLE": "Solicitar Novo Token", - "VERIFICATION_NEWTOKEN_DESC": "Se você deseja solicitar um novo token, selecione seu método preferido. Se você deseja validar um token persistente, clique no botão acima.", - "VERIFICATION_VALIDATION_ONGOING": "Um token de verificação já foi solicitado. Clique no botão para iniciar uma verificação.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Tipo do token:", + "TITLE": "Verifique a propriedade de {{value}}", + "VERIFICATION": "Oferecemos dois métodos para validar manualmente o seu domínio:", + "VERIFICATION_HTML": "-HTTP. Hospede um arquivo de verificação temporário em seu site", + "VERIFICATION_DNS": "-DNS. Crie uma entrada DNS de registro TXT", + "VERIFICATION_DNS_DESC": "Se você gerencia {{ value }} e tem acesso aos seus registros DNS, poderá criar um novo registro TXT com os seguintes valores:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Use este código para o valor do registro TXT:", + "VERIFICATION_HTTP_DESC": "Se você tiver acesso à hospedagem do seu site, basta baixar o arquivo de verificação e carregá-lo no URL fornecido", + "VERIFICATION_HTTP_URL_LABEL": "URL esperado:", + "VERIFICATION_HTTP_FILE_LABEL": "Arquivo de verificação:", + "VERIFICATION_SKIP": "Você pode pular a verificação por enquanto e continuar a criar sua organização, mas para usar seu domínio esta etapa precisa ser concluída!", + "VERIFICATION_VALIDATION_DESC": "Não exclua o código de verificação, pois a ZITADEL verificará novamente a propriedade do seu domínio de tempos em tempos.", + "VERIFICATION_NEWTOKEN_TITLE": "Solicitar novo token", + "VERIFICATION_VALIDATION_ONGOING": "O método {{ value }} foi selecionado para verificar seu domínio. Clique no botão para acionar uma verificação ou redefinir o processo de verificação.", "VERIFICATION_SUCCESSFUL": "Domínio verificado com sucesso!", - "REQUESTNEWTOKEN": "Solicitar novo token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Redefinir método de verificação" }, "DOWNLOAD_FILE": "Baixar Arquivo", "SELECTORGTOOLTIP": "Selecionar esta organização.", @@ -1020,7 +1024,7 @@ "DESCRIPTION": "Essas configurações estendem e sobrescrevem as configurações da sua instância." }, "LIST": { - "GENERAL": "Geral", + "LANGUAGES": "Idiomas", "LOGIN": "Comportamento de Login e Segurança", "LOCKOUT": "Bloqueio", "COMPLEXITY": "Complexidade de Senha", @@ -1049,22 +1053,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Idioma padrão", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Configurações de Idioma", + "DEFAULT": "Idioma Padrão", + "ALLOWED": "Idiomas Permitidos", + "NOT_ALLOWED": "Idiomas Não Permitidos", + "ALLOW_ALL": "Permitir Todos os Idiomas", + "DISALLOW_ALL": "Não Permitir Todos os Idiomas", + "SETASDEFAULT": "Definir como Idioma Padrão", + "DEFAULT_SAVED": "Idioma Padrão salvo", + "ALLOWED_SAVED": "Idiomas Permitidos salvos", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Configurações SMTP", @@ -1263,8 +1277,10 @@ "RESET_DESCRIPTION": "Você está prestes a restaurar todos os valores padrão. Todas as alterações que você fez serão excluídas permanentemente. Deseja realmente continuar?", "UNSAVED_TITLE": "Continuar sem salvar?", "UNSAVED_DESCRIPTION": "Você fez alterações sem salvar. Deseja salvar agora?", - "LOCALE": "Código de localidade", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Você selecionou um idioma que não é permitido. Você pode continuar modificando os textos. Mas se deseja que seus usuários realmente possam usar este idioma, altere as restrições de suas instâncias.", + "LANGUAGES_NOT_ALLOWED": "Não permitido:", + "LANGUAGE": "Idioma", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1375,7 +1391,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "O endereço do remetente do SMTP corresponde ao domínio da Instância", "ALLOWUSERNAMEPASSWORD": "Permitir usuário e senha", "ALLOWEXTERNALIDP": "Permitir provedor de ID externo", - "ALLOWREGISTER": "Permitir registro", + "ALLOWREGISTERUSERS": "Permitir registro de usuários", + "ALLOWREGISTERORGS": "Permitir registro de organizações", "ALLOWUSERNAMEPASSWORD_DESC": "O login convencional com nome de usuário e senha é permitido.", "ALLOWEXTERNALIDP_DESC": "O login é permitido para os provedores de identidade subjacentes", "ALLOWREGISTER_DESC": "Se a opção estiver selecionada, uma etapa adicional para registrar um usuário aparecerá no login.", diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json index e4f826021b..a51e288475 100644 --- a/console/src/assets/i18n/ru.json +++ b/console/src/assets/i18n/ru.json @@ -868,14 +868,16 @@ }, "SEQUENCE": { "LABEL": "Последовательность", - "CHECKBOX": "Фильтровать по последовательности", - "SORT": "Сортировка", - "ASC": "Восходящий", - "DESC": "По убыванию" + "CHECKBOX": "Фильтровать по последовательности" }, + "SORT": "Сортировка", + "ASC": "Восходящий", + "DESC": "По убыванию", "CREATIONDATE": { - "LABEL": "Дата создания", - "CHECKBOX": "Фильтровать по дате создания" + "RADIO_FROM": "От", + "RADIO_RANGE": "Диапазон", + "LABEL_SINCE": "С", + "LABEL_UNTIL": "К" }, "OTHER": "другой", "OTHERS": "другие" @@ -925,20 +927,22 @@ "BTN": "Переименовать" }, "ORGDOMAIN": { - "TITLE": "Проверка владения доменом организации", - "VERIFICATION": "Чтобы подтвердить право собственности на ваш домен, вам необходимо скачать файл подтверждения и загрузить его по предоставленному URL-адресу, указанному ниже, или разместить DNS-запись TXT для предоставленного URL-адреса. Для завершения нажмите кнопку «Подтвердить».", - "VERIFICATION_SKIP": "Вы можете пока пропустить проверку и продолжить создание своей организации, но для того, чтобы использовать свою организацию, необходимо выполнить этот шаг!", - "VERIFICATION_VALIDATION_DESC": "Токены регулярно проверяются, чтобы убедиться, что вы по-прежнему являетесь владельцем домена.", + "TITLE": "Подтвердите право собственности на {{value}}", + "VERIFICATION": "Мы предлагаем вам два метода проверки вашего домена вручную:", + "VERIFICATION_HTML": "- HTTP. Разместите временный файл подтверждения на своем веб-сайте.", + "VERIFICATION_DNS": "- ДНС. Создайте DNS-запись TXT Record.", + "VERIFICATION_DNS_DESC": "Если вы управляете {{ value }} и у вас есть доступ к вашим записям DNS, вы можете создать новую запись TXT со следующими значениями:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "Используйте этот код для значения записи TXT:", + "VERIFICATION_HTTP_DESC": "Если у вас есть доступ к хостингу вашего веб-сайта, просто скачайте файл подтверждения и загрузите его по указанному URL-адресу.", + "VERIFICATION_HTTP_URL_LABEL": "Ожидаемый URL:", + "VERIFICATION_HTTP_FILE_LABEL": "Файл проверки:", + "VERIFICATION_SKIP": "Вы можете пока пропустить проверку и продолжить создание своей организации, но для того, чтобы использовать свой домен, необходимо выполнить этот шаг!", + "VERIFICATION_VALIDATION_DESC": "Не удаляйте код подтверждения, так как ZITADEL будет время от времени перепроверять право собственности на ваш домен.", "VERIFICATION_NEWTOKEN_TITLE": "Запросить новый токен", - "VERIFICATION_NEWTOKEN_DESC": "Если вы хотите запросить новый токен, выберите предпочтительный метод. Если вы хотите проверить постоянный токен, нажмите кнопку выше.", - "VERIFICATION_VALIDATION_ONGOING": "Токен подтверждения уже запрошен. Нажмите кнопку, чтобы запустить проверку.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Тип токена:", + "VERIFICATION_VALIDATION_ONGOING": "Для подтверждения вашего домена выбран метод {{ value }}. Нажмите кнопку, чтобы запустить проверку или сбросить процесс проверки.", "VERIFICATION_SUCCESSFUL": "Домен успешно подтвержден!", - "REQUESTNEWTOKEN": "Запросить новый токен", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "Сбросить метод проверки" }, "DOWNLOAD_FILE": "Загрузить файл", "SELECTORGTOOLTIP": "Выберите эту организацию.", @@ -1015,7 +1019,7 @@ "DESCRIPTION": "Эти настройки расширяют и перезаписывают настройки вашего экземпляра." }, "LIST": { - "GENERAL": "Общие", + "LANGUAGES": "Языки", "LOGIN": "Поведение при входе и безопасность", "LOCKOUT": "Блокировка", "COMPLEXITY": "Сложность пароля", @@ -1041,21 +1045,31 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "Язык по умолчанию", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "Настройки языка", + "DEFAULT": "Язык по умолчанию", + "ALLOWED": "Разрешенные языки", + "NOT_ALLOWED": "Неразрешенные языки", + "ALLOW_ALL": "Разрешить все языки", + "DISALLOW_ALL": "Запретить все языки", + "SETASDEFAULT": "Установить как язык по умолчанию", + "DEFAULT_SAVED": "Язык по умолчанию сохранен", + "ALLOWED_SAVED": "Разрешенные языки сохранены", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "Настройки SMTP", @@ -1248,8 +1262,10 @@ "RESET_DESCRIPTION": "Вы собираетесь восстановить все значения по умолчанию. Все внесенные вами изменения будут безвозвратно удалены. Вы действительно хотите продолжить?", "UNSAVED_TITLE": "Продолжить без сохранения?", "UNSAVED_DESCRIPTION": "Вы внесли изменения без сохранения. Вы хотите сохранить сейчас?", - "LOCALE": "Код региона", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "Вы выбрали язык, который не разрешен. Вы можете продолжить изменять тексты. Но если вы хотите, чтобы ваши пользователи могли фактически использовать этот язык, измените ограничения ваших экземпляров.", + "LANGUAGES_NOT_ALLOWED": "Не разрешено:", + "LANGUAGE": "Язык", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1261,6 +1277,7 @@ "bg": "Български", "pt": "Portuguese", "mk": "Македонски", + "cs": "Čeština", "ru": "Русский", "nl": "Nederlands" }, @@ -1359,7 +1376,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "Адрес отправителя SMTP соответствует домену экземпляра", "ALLOWUSERNAMEPASSWORD": "Вход с паролем разрешен", "ALLOWEXTERNALIDP": "Внешний поставщик разрешен", - "ALLOWREGISTER": "Регистрация разрешена", + "ALLOWREGISTERUSERS": "Регистрация пользователей разрешена", + "ALLOWREGISTERORGS": "Регистрация организаций разрешена", "ALLOWUSERNAMEPASSWORD_DESC": "Разрешен обычный вход в систему с использованием имени пользователя и паролем.", "ALLOWEXTERNALIDP_DESC": "Вход разрешен для базовых поставщиков удостоверений.", "ALLOWREGISTER_DESC": "Если опция выбрана, в логине появляется дополнительный шаг для регистрации пользователя.", diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json index 9697037c14..9efefcd12b 100644 --- a/console/src/assets/i18n/zh.json +++ b/console/src/assets/i18n/zh.json @@ -871,14 +871,16 @@ }, "SEQUENCE": { "LABEL": "序列", - "CHECKBOX": "按顺序过滤", - "SORT": "分拣", - "ASC": "上升中", - "DESC": "下降" + "CHECKBOX": "按顺序过滤" }, + "SORT": "分拣", + "ASC": "上升中", + "DESC": "下降", "CREATIONDATE": { - "LABEL": "创建日期", - "CHECKBOX": "按创建日期过滤" + "RADIO_FROM": "从", + "RADIO_RANGE": "范围", + "LABEL_SINCE": "自从", + "LABEL_UNTIL": "直到" }, "OTHER": "其他", "OTHERS": "其他" @@ -928,20 +930,22 @@ "BTN": "改名" }, "ORGDOMAIN": { - "TITLE": "组织域所有权验证", - "VERIFICATION": "要验证您对域的所有权,您需要下载验证文件并将其上传到下面列出的提供的 URL,或者为提供的域名添加一条类型为TXT的DNS解析记录。完成后请单击按钮进行验证。", - "VERIFICATION_SKIP": "您现在可以跳过验证并继续创建您的组织,但要使用您的组织,必须完成此步骤!", - "VERIFICATION_VALIDATION_DESC": "定期检查令牌以确保您仍然是域的所有者。", + "TITLE": "验证 {{value}} 所有权", + "VERIFICATION": "我们为您提供两种手动验证域的方法:", + "VERIFICATION_HTML": "- HTTP。在您的网站上托管临时验证文件", + "VERIFICATION_DNS": "- DNS。创建 TXT 记录 DNS 条目", + "VERIFICATION_DNS_DESC": "如果您管理 {{ value }} 并且有权访问您的 DNS 记录,则可以使用以下值创建新的 TXT 记录:", + "VERIFICATION_DNS_HOST_LABEL": "Host:", + "VERIFICATION_DNS_CHALLENGE_LABEL": "使用此代码作为 TXT 记录的值:", + "VERIFICATION_HTTP_DESC": "如果您有权访问您的网站托管,只需下载验证文件并将其上传到提供的 URL", + "VERIFICATION_HTTP_URL_LABEL": "预期网址:", + "VERIFICATION_HTTP_FILE_LABEL": "验证文件:", + "VERIFICATION_SKIP": "您现在可以跳过验证并继续创建您的组织,但为了使用您的域,必须完成此步骤!", + "VERIFICATION_VALIDATION_DESC": "不要删除验证码,因为 ZITADEL 会不时重新检查您的域名所有权。", "VERIFICATION_NEWTOKEN_TITLE": "请求新令牌", - "VERIFICATION_NEWTOKEN_DESC": "如果您想请求新令牌,请选择您喜欢的方法。如果要验证持久性令牌,请单击上面的按钮。", - "VERIFICATION_VALIDATION_ONGOING": "已请求验证令牌,单击按钮以触发验证检查。", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "输入令牌:", + "VERIFICATION_VALIDATION_ONGOING": "已选择 {{ value }} 方法来验证您的域。单击该按钮可触发验证检查或重置验证过程。", "VERIFICATION_SUCCESSFUL": "域名验证成功!", - "REQUESTNEWTOKEN": "请求新令牌", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } + "RESETMETHOD": "重置验证方式" }, "DOWNLOAD_FILE": "下载文件", "SELECTORGTOOLTIP": "选择此组织。", @@ -1018,7 +1022,7 @@ "DESCRIPTION": "这些设置将扩展或覆盖您的实例设置。" }, "LIST": { - "GENERAL": "通用", + "LANGUAGES": "语言", "LOGIN": "登录行为和安全", "LOCKOUT": "安全锁策略", "COMPLEXITY": "密码复杂性", @@ -1047,22 +1051,32 @@ } }, "SETTING": { - "DEFAULTLANGUAGE": "默认语言", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски", - "cs": "Čeština", - "ru": "Русский", - "nl": "Nederlands" + "LANGUAGES": { + "TITLE": "语言设置", + "DEFAULT": "默认语言", + "ALLOWED": "允许的语言", + "NOT_ALLOWED": "不允许的语言", + "ALLOW_ALL": "允许所有语言", + "DISALLOW_ALL": "禁止所有语言", + "SETASDEFAULT": "设置为默认语言", + "DEFAULT_SAVED": "默认语言已保存", + "ALLOWED_SAVED": "允许的语言已保存", + "OPTIONS": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски", + "cs": "Čeština", + "ru": "Русский", + "nl": "Nederlands" + } }, "SMTP": { "TITLE": "SMTP 设置", @@ -1260,8 +1274,10 @@ "RESET_DESCRIPTION": "您即将恢复所有默认值。您所做的所有更改都将被永久删除。你真的要继续吗?", "UNSAVED_TITLE": "继续但不保存?", "UNSAVED_DESCRIPTION": "您在未保存的情况下进行了更改。您现在要保存吗?", - "LOCALE": "本地化", - "LOCALES": { + "ACTIVE_LANGUAGE_NOT_ALLOWED": "您选择了不允许的语言。您可以继续修改文本。但是,如果您希望您的用户实际上能够使用此语言,请更改您的实例限制。", + "LANGUAGES_NOT_ALLOWED": "不允许:", + "LANGUAGE": "语言", + "LANGUAGES": { "de": "Deutsch", "en": "English", "es": "Español", @@ -1372,7 +1388,8 @@ "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP 发件人地址与实例域名匹配", "ALLOWUSERNAMEPASSWORD": "允许用户名密码", "ALLOWEXTERNALIDP": "允许外部身份提供者", - "ALLOWREGISTER": "允许注册", + "ALLOWREGISTERUSERS": "允许注册用户", + "ALLOWREGISTERORGS": "允许注册组织", "ALLOWUSERNAMEPASSWORD_DESC": "允许使用用户名和密码进行登录。", "ALLOWEXTERNALIDP_DESC": "允许外部身份提供者进行登录", "ALLOWREGISTER_DESC": "如果选择了该选项,登录中会出现一个用于注册用户的附加步骤。", diff --git a/console/src/component-themes.scss b/console/src/component-themes.scss index d78729c056..c77acd3d18 100644 --- a/console/src/component-themes.scss +++ b/console/src/component-themes.scss @@ -65,6 +65,7 @@ @import 'src/app/modules/policies/login-policy/factor-table/factor-table.component.scss'; @import 'src/app/modules/info-overlay/info-overlay.component.scss'; @import 'src/app/modules/create-layout/create-layout.component.scss'; +@import 'src/app/modules/domains/domain-verification/domain-verification.component.scss'; @import './styles/codemirror.scss'; @mixin component-themes($theme) { @@ -136,4 +137,5 @@ @include codemirror-theme($theme); @include contact-theme($theme); @include app-create-theme($theme); + @include domain-verification-theme($theme); } diff --git a/docs/docs/examples/call-zitadel-api/go.md b/docs/docs/examples/call-zitadel-api/go.md index 2ca6a4330f..e9f7654e9a 100644 --- a/docs/docs/examples/call-zitadel-api/go.md +++ b/docs/docs/examples/call-zitadel-api/go.md @@ -8,6 +8,8 @@ It demonstrates how to fetch some data from the ZITADEL management API. At the end of the guide you should have an application able to read the details of your organization. +> This documentation references our [CLI example](https://github.com/zitadel/zitadel-go/blob/next/example/client/cli/cli.go). + ## Prerequisites The client [SDK](https://github.com/zitadel/zitadel-go) will handle all necessary OAuth 2.0 requests and send the required headers to the ZITADEL API using our [OIDC client library](https://github.com/zitadel/oidc). @@ -26,109 +28,36 @@ However, we recommend you read the guide on [how to access ZITADEL API](../../gu You need to add the SDK into Go Modules by: ```bash -go get github.com/zitadel/zitadel-go/v2 +go get -u github.com/zitadel/zitadel-go/v3 ``` ### Create example client -Create a new go file with the content below. This will create a client for the management api and call its `GetMyOrg` function. +Create a new go file with the content below. This will create a client and call its `GetMyOrg` function on the ManagementService. The SDK will make sure you will have access to the API by retrieving a Bearer Token using JWT Profile with the provided scopes (`openid` and `urn:zitadel:iam:org:project:id:zitadel:aud`). -Make sure to fill the vars `issuer` and `api`. - -The issuer and api is the domain of your instance you can find it on the instance detail in the ZITADEL Cloud Customer Portal or in the ZITADEL Console. - -:::note -The issuer will require the protocol (`https://` and `http://`) and you will only have to specify a port if they're not default (443 for https and 80 for http). The API will always require a port, but no protocol. -::: - -```go -package main - -import ( - "context" - "flag" - "log" - - "github.com/zitadel/oidc/pkg/oidc" - - "github.com/zitadel/zitadel-go/v2/pkg/client/management" - "github.com/zitadel/zitadel-go/v2/pkg/client/middleware" - "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel" - pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management" -) - -var ( - issuer = flag.String("issuer", "", "issuer of your ZITADEL instance (in the form: https://.zitadel.cloud or https://)") - api = flag.String("api", "", "gRPC endpoint of your ZITADEL instance (in the form: .zitadel.cloud:443 or :443)") -) - -func main() { - flag.Parse() - - //create a client for the management api providing: - //- issuer (e.g. https://acme-dtfhdg.zitadel.cloud) - //- api (e.g. acme-dtfhdg.zitadel.cloud:443) - //- scopes (including the ZITADEL project ID), - //- a JWT Profile token source (e.g. path to your key json), if not provided, the file will be read from the path set in env var ZITADEL_KEY_PATH - client, err := management.NewClient( - *issuer, - *api, - []string{oidc.ScopeOpenID, zitadel.ScopeZitadelAPI()}, - ) - if err != nil { - log.Fatalln("could not create client", err) - } - defer func() { - err := client.Connection.Close() - if err != nil { - log.Println("could not close grpc connection", err) - } - }() - - ctx := context.Background() - - //call ZITADEL and print the name and creation date of your organisation - //the call was successful if no error occurred - resp, err := client.GetMyOrg(ctx, &pb.GetMyOrgRequest{}) - if err != nil { - log.Fatalln("call failed: ", err) - } - log.Printf("%s was created on: %s", resp.Org.Name, resp.Org.Details.CreationDate.AsTime()) -} +```go reference +https://github.com/zitadel/zitadel-go/blob/next/example/client/cli/cli.go ``` -#### Key JSON - -To provide the key JSON to the SDK, simply set an environment variable `ZITADEL_KEY_PATH` with the path to the JSON as value. - -```bash -export ZITADEL_KEY_PATH=/Users/test/servicekey.json -``` - -For development purposes you should be able to set this in your IDE. - -If you're not able to set it via environment variable, you can also pass it with an additional option: - -```go -client, err := management.NewClient( - []string{oidc.ScopeOpenID, zitadel.ScopeZitadelAPI()}, - zitadel.WithKeyPath("/Users/test/servicekey.json"), -) -``` - -### Test client +### Test After you have configured everything correctly, you can simply start the example by: ```bash -go run main.go +go run cli.go --domain --key +``` + +This could look like: + +```bash +go run cli.go --domain my-domain.zitadel.cloud --key ./api.json ``` This will output something similar to: ``` -2021/04/21 11:27:36 DemoOrg was created on: 2021-04-08 13:36:05.578194 +0000 UTC +2023/12/20 08:48:23 INFO retrieved the organisation orgID=165467338479501569 name=DemoOrg ``` ## Completion @@ -143,16 +72,12 @@ If you've run into any other problem, don't hesitate to contact us or raise an i ### Whats next? -Now you can proceed implementing our APIs by adding more calls or trying to overwrite the organization context: +Now you can proceed implementing our APIs by adding more calls or using a different service like the SessionService: ```go - respOverwrite, err := client.GetMyOrg(middleware.SetOrgID(ctx, "74161146763996133"), &pb.GetMyOrgRequest{}) - if err != nil { - log.Fatalln("call failed: ", err) - } - log.Printf("%s was created on: %s", respOverwrite.Org.Name, respOverwrite.Org.Details.CreationDate.AsTime()) -} +api.SessionService().CreateSession(ctx, &session.CreateSessionRequest{}) ``` -Checkout more [examples from the SDK](https://github.com/zitadel/zitadel-go/blob/main/example) or refer to our [API Docs](/apis/introduction). +Checkout more [examples from the SDK](https://github.com/zitadel/zitadel-go/blob/next/example), +like how you can integrate the [client in your own API](https://github.com/zitadel/zitadel-go/blob/next/example/api/client/main.go) +or refer to our [API Docs](/apis/introduction). -> This guide will be updated soon to show you how to use the SDK for your own API as well. diff --git a/docs/docs/examples/introduction.mdx b/docs/docs/examples/introduction.mdx index f88ce3afd9..49ac1a834d 100644 --- a/docs/docs/examples/introduction.mdx +++ b/docs/docs/examples/introduction.mdx @@ -1,5 +1,5 @@ --- -title: Overview of ZITADEL Examples, Quickstarts, and SDKs +title: Overview of ZITADEL example applications and quickstarts sidebar_label: Overview --- @@ -91,9 +91,9 @@ Our examples cover a range of programming languages and frameworks, so no matter golang Go Web - - - SDK + + Guide + SDK @@ -148,9 +148,9 @@ Our examples cover a range of programming languages and frameworks, so no matter golang Golang - + Guide - SDK + SDK @@ -198,3 +198,12 @@ Our examples cover a range of programming languages and frameworks, so no matter + +## Other example applications + +- [B2B customer portal](https://github.com/zitadel/zitadel-nextjs-b2b): Showcase the use of personal access tokens in a B2B environment. Uses NextJS Framework. +- [Frontend with backend API](https://github.com/zitadel/example-quote-generator-app): A simple web application using a React front-end and a Python back-end API, both secured using ZITADEL +- [Introspection](https://github.com/zitadel/examples-api-access-and-token-introspection): Python examples for securing an API and invoking it as a service user +- [Fine-grained authorization](https://github.com/zitadel/example-fine-grained-authorization): Leverage actions, custom metadata, and claims for attribute-based access control + +Search for the "example" tag in our repository to [explore all examples](https://github.com/search?q=topic%3Aexamples+org%3Azitadel&type=repositories). diff --git a/docs/docs/examples/login/go.md b/docs/docs/examples/login/go.md new file mode 100644 index 0000000000..02bbd1ebd4 --- /dev/null +++ b/docs/docs/examples/login/go.md @@ -0,0 +1,152 @@ +--- +title: ZITADEL with Go +sidebar_label: Go +--- + +This integration guide demonstrates the recommended way to incorporate ZITADEL into your Go web application. +It explains how to enable user login in your application and how to fetch data from the user info endpoint. + +By the end of this guide, your application will have login functionality and will be able to access the current user's profile. + +> This documentation references our [example](https://github.com/zitadel/zitadel-go) on GitHub. +> You can either create your own application or directly run the example by providing the necessary arguments. + +## Set up application + +Before we begin developing our application, we need to perform a few configuration steps in the ZITADEL Console. +You'll need to provide some information about your app. We recommend creating a new app to start from scratch. Navigate to your Project, then add a new application at the top of the page. +Select the **Web** application type and continue. + +![Create app in console](/img/go/app-create.png) + +We recommend that you use [Proof Key for Code Exchange (PKCE)](/apis/openidoauth/grant-types#proof-key-for-code-exchange) for all applications. + +![Create app in console - set auth method](/img/go/app-create-auth.png) + +### Redirect URIs + +The Redirect URIs field tells ZITADEL where it's allowed to redirect users after authentication. For development, you can set dev mode to `true` to enable insecure HTTP and redirect to a `localhost` URI. +The Post-logout redirect send the users back to a route on your application after they have logged out. + +> If you are following along with the [example](https://github.com/zitadel/zitadel-go), set the dev mode to `true`, the Redirect URIs to and Post redirect URI to . + +![Create app in console - set redirectURI](/img/go/app-create-redirect.png) + +Continue and create the application. + +### Client ID + +After successful creation of the app, a pop-up will appear displaying the app's client ID. Copy the client ID, as you will need it to configure your Go client. + +![Create app in console - copy client_id](/img/go/app-create-clientid.png) + +## Go setup + +Now that you have configured your web application on the ZITADEL side, you can proceed with the integration of your Go client. + +### Install ZITADEL Go SDK + +To connect with ZITADEL, you need to install an OAuth/OIDC client. Run the following command: + +```bash +go get -u github.com/zitadel/zitadel-go/v3 +``` + +### Create the application server + +Create a new go file with the content below. This will create an application with a home and profile page. + +```go reference +https://github.com/zitadel/zitadel-go/blob/next/example/app/app.go +``` + +This will basically set up everything. So let's look at some parts of the code. + +**Register authentication handler**: + +For the authentication to work, the SDK needs some handlers in your application. +In this example we will register them on the `/auth/` prefix. +The SDK itself will then register three routes on that to be able to: + - start the authentication process and redirect to the Login UI (`/auth/login`) + - continue with the authentication process after the login UI (`/auth/callback`) + - terminate the session (`/auth/logout`) + - +```go +router.Handle("/auth/", z.Authentication) +``` + +***Authentication checks*** + +To ensure the user is authenticated before they are able to use your application, the middleware provides two options: +- You can either require the user to be authenticated. If he's not yet, he will be automatically redirected to the Login UI: + ```go + mw.RequireAuthentication()(handler) + ``` +- You can just check if he already is, but still continue serving the page: + ```go + mw.CheckAuthentication()(handler) + ``` + +***Authentication context*** + +If you used either of the authentication checks above, you can then access context information in your handler: +```go +mw.Context(req.Context()) +``` + +### Add pages to your application + +To be able to serve these pages create a `templates` directory in the same folder as you just created the go file. +Now create two HTML files in the new `templates` folder and copy the content of the examples: + +**home.html** + +The home page will display a short welcome message and allow the user to manually start the login process. + +```go reference +https://github.com/zitadel/zitadel-go/blob/next/example/app/templates/home.html +``` + +**profile.html** + +The profile page will display the Userinfo from the authentication context and allow the user to logout. + +```go reference +https://github.com/zitadel/zitadel-go/blob/next/example/app/templates/profile.html +``` + +### Start your application + +You will need to provide some values for the program to run: +- `domain`: Your ZITADEL instance domain, e.g. my-domain.zitadel.cloud +- `key`: The path to the downloaded key.json +- `clientID`: The clientID provided by ZITADEL +- `redirectURI`: The redirectURI registered at ZITADEL +- `port`: The port on which the API will be accessible, default it 8089 + +```bash +go run main.go --domain --key -- clientID --redirectURI +``` + +This could look like: + +```bash +go run main.go --domain my-domain.zitadel.cloud --key XKv2Lqd7YAq13NUZVUWZEWZeruqyzViM --clientID 243861220627644836@example --redirectURI http://localhost:8089/auth/callback +``` + +If you then visit on http://localhost:8089 you should get the following screen: + +![Home Page](/img/go/app-home.png) + +By clicking on `Login` you will be redirected to your ZITADEL instance. After login with your existing user you will be presented the profile page: + +![Profile Page](/img/go/app-profile.png) + +## Completion + +Congratulations! You have successfully integrated your Go application with ZITADEL! + +If you get stuck, consider checking out our [example](https://github.com/zitadel/zitadel-go) application. +This application includes all the functionalities mentioned in this quickstart. +You can directly start it with your own configuration. If you face issues, contact us or raise an issue on [GitHub](https://github.com/zitadel/zitadel-go/issues). + diff --git a/docs/docs/examples/sdks.md b/docs/docs/examples/sdks.md index 6d58fa5f9a..7ac248b684 100644 --- a/docs/docs/examples/sdks.md +++ b/docs/docs/examples/sdks.md @@ -4,20 +4,21 @@ sidebar_label: SDKs --- On this page you find our official SDKs, links to supporting frameworks and providers, and resources to help with SDKs. -The SDKs wrap either our [gRPC or REST APIs](/docs/apis/introduction) to provide the client with User Authentication and Management for resources. +The SDKs wrap either our [gRPC or REST APIs](/docs/apis/introduction) to provide the client with User Authentication and +Management for resources. ## ZITADEL SDKs -| Language / Framework | Link Github | User Authentication | Manage resources | Notes | -|----------------------|---------------------------------------------------------------| --- | --- | --- | -| .NET | [zitadel-net](https://github.com/smartive/zitadel-net) | ✔️ | ✔️ | `community` | -| Elixir | [zitadel_api](https://github.com/jshmrtn/zitadel_api) | ✔️ | ✔️ | `community` | -| Go | [zitadel-go](https://github.com/zitadel/zitadel-go) | ❌ | ✔️ | `official` | -| JVM | 🚧 [WIP](https://github.com/zitadel/zitadel/discussions/3650) | ❓ | ❓ | TBD | -| Python | 🚧 [WIP](https://github.com/zitadel/zitadel/issues/3675) | ❓ | ❓ | TBD | -| NodeJS | [@zitadel/node](https://www.npmjs.com/package/@zitadel/node) | ❌ | ✔️ | `community` | -| Dart | [zitadel-dart](https://github.com/smartive/zitadel-dart) | ❌ | ✔️ | `community` | -| Rust | [zitadel-rust](https://github.com/smartive/zitadel-rust) | ✔️ | ✔️ | `community` | +| Language / Framework | Link Github | User Authentication | Manage resources | Notes | +|----------------------|---------------------------------------------------------------|-----------------------------------------------------------|------------------|-------------| +| .NET | [zitadel-net](https://github.com/smartive/zitadel-net) | ✔️ | ✔️ | `community` | +| Elixir | [zitadel_api](https://github.com/jshmrtn/zitadel_api) | ✔️ | ✔️ | `community` | +| Go | [zitadel-go](https://github.com/zitadel/zitadel-go) | 🚧 [WIP](https://github.com/zitadel/zitadel-go/tree/next) | ✔️ | `official` | +| JVM | 🚧 [WIP](https://github.com/zitadel/zitadel/discussions/3650) | ❓ | ❓ | TBD | +| Python | 🚧 [WIP](https://github.com/zitadel/zitadel/issues/3675) | ❓ | ❓ | TBD | +| NodeJS | [@zitadel/node](https://www.npmjs.com/package/@zitadel/node) | ❌ | ✔️ | `community` | +| Dart | [zitadel-dart](https://github.com/smartive/zitadel-dart) | ❌ | ✔️ | `community` | +| Rust | [zitadel-rust](https://github.com/smartive/zitadel-rust) | ✔️ | ✔️ | `community` | ## Missing SDK @@ -27,7 +28,8 @@ Is your language/framework missing? Fear not, you can generate your gRPC API Cli 2. Create a `buf.gen.yaml` and configure the [plugins](https://buf.build/plugins) you need 3. Run `buf generate https://github.com/zitadel/zitadel#format=git,tag=v2.23.1` (change the versions to your needs) -Let us make an example with Ruby. Any other supported language by buf will work as well. Consult the [buf plugin registry](https://buf.build/plugins) for more ideas. +Let us make an example with Ruby. Any other supported language by buf will work as well. Consult +the [buf plugin registry](https://buf.build/plugins) for more ideas. ### Example with Ruby @@ -43,7 +45,8 @@ plugins: out: gen ``` -If you now run `buf generate https://github.com/zitadel/zitadel#format=git,tag=v2.23.1` in the folder where your `buf.gen.yaml` is located you should see the folder `gen` appear. +If you now run `buf generate https://github.com/zitadel/zitadel#format=git,tag=v2.23.1` in the folder where +your `buf.gen.yaml` is located you should see the folder `gen` appear. If you run `ls -la gen/zitadel/` you should see something like this: @@ -86,12 +89,14 @@ Import these files into your project to start interacting with ZITADEL's APIs. ## More -While we are not actively maintaining the following projects, it is worth checking out if you're interested in exploring ZITADEL in different programming languages or frameworks. +While we are not actively maintaining the following projects, it is worth checking out if you're interested in exploring +ZITADEL in different programming languages or frameworks. - [NodeJS passport](https://github.com/buehler/node-passport-zitadel) authentication helper - [NextAuth Provider for ZITADEL](https://next-auth.js.org/providers/zitadel) -If we do not provide an example, SDK or guide, we strongly recommend using existing authentication libraries for your language or framework instead of building your own. +If we do not provide an example, SDK or guide, we strongly recommend using existing authentication libraries for your +language or framework instead of building your own. Certified libraries have undergone rigorous testing and validation to ensure high security and reliability. There are many recommended libraries available, this saves time and ensures that users' data is well-protected. diff --git a/docs/docs/examples/secure-api/go.md b/docs/docs/examples/secure-api/go.md index 60609a0e38..f6a1fd7474 100644 --- a/docs/docs/examples/secure-api/go.md +++ b/docs/docs/examples/secure-api/go.md @@ -8,9 +8,26 @@ OAuth 2 Token Introspection. At the end of the guide you should have an API with a protected endpoint. +> This documentation references our HTTP example. There's also one for GRPC. Check them out on [GitHub](https://github.com/zitadel/zitadel-go/tree/authorization/example/api). + +## Set up application and obtain keys + +Before we begin developing our API, we need to perform a few configuration steps in the ZITADEL Console. +You'll need to provide some information about your app. We recommend creating a new app to start from scratch. Navigate to your Project, then add a new application at the top of the page. +Select the **API** application type and continue. + +![Create app in console](/img/go/api-create.png) + +We recommend that you use JWT Profile for authenticating at the Introspection Endpoint. + +![Create app in console](/img/go/api-create-auth.png) + +Then create a new key with your desired expiration date. Be sure to download it, as you won't be able to retrieve it again. + +![Create api key in console](/img/go/api-create-key.png) + ## Prerequisites -The client [SDK](https://github.com/zitadel/zitadel-go) will provides an interceptor for both GRPC and HTTP. This will handle the OAuth 2.0 introspection request including authentication using JWT with Private Key using our [OIDC client library](https://github.com/zitadel/oidc). All that is required, is to create your API and download the private key file later called `Key JSON` for the service user. @@ -18,134 +35,170 @@ All that is required, is to create your API and download the private key file la ### Add Go SDK to your project -You need to add the SDK into Go Modules by: +You need to add the [SDK](https://github.com/zitadel/zitadel-go) into Go Modules by: ```bash -go get github.com/zitadel/zitadel-go/v2 +go get -u github.com/zitadel/zitadel-go/v3 ``` ### Create example API -Create a new go file with the content below. This will create an API with two endpoints. On path `/public` it will always write -back `ok` and the current timestamp. On `/protected` it will respond the same but only if a valid access_token is sent. The token -must not be expired and the API has to be part of the audience (either client_id or project_id). +Create a new go file with the content below. This will create an API with three endpoints: +- `/api/healthz`: can be called by anyone and always returns `OK` +- `/api/tasks`: requires authorization and returns the available tasks +- `/api/add-task`: requires authorization with granted `admin` role and adds the task to the list -Make sure to fill the var `issuer` with your own domain. This is the domain of your instance you can find it on the instance detail in the ZITADEL Cloud Customer Portal or in the ZITADEL Console. -```go -package main +If authorization is required, the token must not be expired and the API has to be part of the audience (either client_id or project_id). -import ( - "flag" - "log" - "net/http" - "time" - - http_mw "github.com/zitadel/zitadel-go/v2/pkg/api/middleware/http" - "github.com/zitadel/zitadel-go/v2/pkg/client/middleware" -) - -var ( - issuer = flag.String("issuer", "", "issuer of your ZITADEL instance (in the form: https://.zitadel.cloud or https://)") -) - -func main() { - flag.Parse() - - introspection, err := http_mw.NewIntrospectionInterceptor(*issuer, middleware.OSKeyPath()) - if err != nil { - log.Fatal(err) - } - - router := http.NewServeMux() - router.HandleFunc("/public", writeOK) - router.HandleFunc("/protected", introspection.HandlerFunc(writeOK)) - - lis := "127.0.0.1:5001" - log.Fatal(http.ListenAndServe(lis, router)) -} - -func writeOK(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("OK " + time.Now().String())) -} +For tests we will use a Personal Access Token. +```go reference +https://github.com/zitadel/zitadel-go/blob/next/example/api/http/main.go ``` -#### Key JSON +You will need to provide some values for the program to run: +- `domain`: Your ZITADEL instance domain, e.g. https://my-domain.zitadel.cloud +- `key`: The path to the downloaded key.json +- `port`: The port on which the API will be accessible, default it 8089 -To provide the key JSON to the SDK, simply set an environment variable `ZITADEL_KEY_PATH` with the path to the JSON as value. - -```bash -export ZITADEL_KEY_PATH=/Users/test/apikey.json -``` - -For development purposes you should be able to set this in your IDE. - -If you're not able to set it via environment variable, you can also exchange the `middleware.OSKeyPath()` and pass it directly: - -```go -introspection, err := http_mw.NewIntrospectionInterceptor( - client.Issuer, - "/Users/test/apikey.json", -) -``` - -### Test API +## Test API After you have configured everything correctly, you can simply start the example by: ```bash -go run main.go +go run main.go --domain --key ``` -You can now call the API by browser or curl. Try the public endpoint first: +This could look like: ```bash -curl -i localhost:5001/public +go run main.go --domain my-domain.zitadel.cloud --key ./api.json +``` + +After you get a successful log: +``` +2023/12/04 10:27:42 INFO server listening, press ctrl+c to stop addr=http://localhost:8089 +``` + +### Public endpoint + +Now you can call the API by browser or curl. Try the healthz endpoint first: + +```bash +curl -i http://localhost:8089/api/healthz ``` it should return something like: ``` HTTP/1.1 200 OK -Date: Tue, 24 Aug 2021 11:11:17 GMT -Content-Length: 59 -Content-Type: text/plain; charset=utf-8 +Content-Type: application/json +Date: Mon, 04 Dec 2023 09:29:38 GMT +Content-Length: 4 -OK 2021-08-24 13:11:17.135719 +0200 CEST m=+30704.913892168 +"OK" ``` -and the protected: +### Task list + +and the task list endpoint: ```bash -curl -i localhost:5001/protected +curl -i http://localhost:8089/api/tasks ``` it will return: ``` HTTP/1.1 401 Unauthorized -Content-Type: application/json -Date: Tue, 24 Aug 2021 11:13:10 GMT -Content-Length: 21 +Content-Type: text/plain; charset=utf-8 +X-Content-Type-Options: nosniff +Date: Mon, 04 Dec 2023 09:41:54 GMT +Content-Length: 44 -"auth header missing" +unauthorized: authorization header is empty ``` -Get a valid access_token for the API. You can achieve this by login into an application of the same project or -by explicitly requesting the project_id for the audience by scope `urn:zitadel:iam:org:project:id:{projectid}:aud`. +Get a valid access_token for the API. You can either achieve this by getting an access token with the project_id in the audience +or use a PAT of a service account. If you provide a valid Bearer Token: ```bash -curl -i -H "Authorization: Bearer ${token}" localhost:5001/protected +curl -i -H "Authorization: Bearer ${token}" http://localhost:8089/api/tasks ``` -it will return an OK response as well: +it will return an empty list: ``` HTTP/1.1 200 OK -Date: Tue, 24 Aug 2021 11:13:33 GMT -Content-Length: 59 -Content-Type: text/plain; charset=utf-8 +Content-Type: application/json +Date: Mon, 04 Dec 2023 09:49:06 GMT +Content-Length: 2 -OK 2021-08-24 13:13:33.131943 +0200 CEST m=+30840.911149251 +{} +``` + +### Try to add a new task + +Let's see what happens if you call the AddTask endpoint: + +```bash +curl -i -H "Authorization: Bearer ${token}" http://localhost:8089/api/add-task +``` + +it will complain about the missing `admin` role: +``` +HTTP/1.1 403 Forbidden +Content-Type: text/plain; charset=utf-8 +X-Content-Type-Options: nosniff +Date: Mon, 04 Dec 2023 09:52:00 GMT +Content-Length: 50 + +permission denied: missing required role: `admin` +``` + +### Add admin role + +So let's create the role and grant it to the user. To do so, go to your project in ZITADEL Console +and create the role by selecting `Roles` in the navigation and then clicking on the `New Role` button. +Finally, create the role as shown below: + +![Create project role in console](/img/go/api-project-role.png) + +After you have created the role, let's grant it the user, who requested the tasks. +Click on `Authorization` in the navigation and create a new one by selecting the user and the `admin` role. +After successful creation, it should look like: + +![Created authorization in console](/img/go/api-project-auth.png) + +So you should now be able to add a new task: + +```bash +curl -i -H "Authorization: Bearer ${token}" http://localhost:8089/api/add-task --data "task=My new task" +``` + +which will report back the successful addition: +``` +HTTP/1.1 200 OK +Content-Type: application/json +Date: Mon, 04 Dec 2023 10:06:29 GMT +Content-Length: 26 + +"task `My new task` added" +``` + +Let's now retrieve the task list again: + +```bash +curl -i -H "Authorization: Bearer ${token}" http://localhost:8089/api/tasks +``` + +As you can see your new task ist listed. And since you're an `admin` now, you will always get an additional `create a new task on /api/add-task`: +``` +HTTP/1.1 200 OK +Content-Type: application/json +Date: Mon, 04 Dec 2023 10:08:38 GMT +Content-Length: 62 + +{"tasks":["My new task","create a new task on /api/add-task"]} ``` diff --git a/docs/docs/guides/integrate/identity-providers/_activate.mdx b/docs/docs/guides/integrate/identity-providers/_activate.mdx index 689d35cb7d..138885ca52 100644 --- a/docs/docs/guides/integrate/identity-providers/_activate.mdx +++ b/docs/docs/guides/integrate/identity-providers/_activate.mdx @@ -1,2 +1,5 @@ Once you created the provider, it is listed in the providers overview. -Activate it by selecting the tick with the tooltip *set as available*. \ No newline at end of file +Activate it by selecting the tick with the tooltip *set as available*. + +If you deactivate a provider, your users with links to it will not be able to authenticate anymore. +You can reactivate it and the logins will work again. \ No newline at end of file diff --git a/docs/docs/guides/integrate/identity-providers/okta.mdx b/docs/docs/guides/integrate/identity-providers/okta.mdx index 60eca1f3c8..b1e856ce61 100644 --- a/docs/docs/guides/integrate/identity-providers/okta.mdx +++ b/docs/docs/guides/integrate/identity-providers/okta.mdx @@ -65,3 +65,11 @@ import TestSetup from './_test_setup.mdx'; ![OKTA Button](/img/guides/zitadel_login_okta.png) ![OKTA Login](/img/guides/okta_login.png) + +## Optional: Add ZITADEL action to autofill userdata + + + +```js reference +https://github.com/zitadel/actions/blob/main/examples/okta_identity_provider.js +``` diff --git a/docs/docs/guides/integrate/login-ui/external-login.mdx b/docs/docs/guides/integrate/login-ui/external-login.mdx index da6d0ef9ad..9678a3b797 100644 --- a/docs/docs/guides/integrate/login-ui/external-login.mdx +++ b/docs/docs/guides/integrate/login-ui/external-login.mdx @@ -76,7 +76,7 @@ curl --request POST \ --header 'Authorization: Bearer '"$TOKEN"''\ --header 'Content-Type: application/json' \ --data '{ - "token": "k50WQmDaPIazQDJsyKaEPaQPwgsytxqgQ3K1ifQeQtAmeQ" + "idpIntentToken": "k50WQmDaPIazQDJsyKaEPaQPwgsytxqgQ3K1ifQeQtAmeQ" }' ``` diff --git a/docs/docs/guides/manage/console/managers.mdx b/docs/docs/guides/manage/console/managers.mdx index 5536b6fd65..e4b9d09e65 100644 --- a/docs/docs/guides/manage/console/managers.mdx +++ b/docs/docs/guides/manage/console/managers.mdx @@ -42,7 +42,7 @@ Per default you will only search for users within the selected organization. If ## Configure roles -If you run a self hosted ZITADEL istance you can define your custom roles by overwriting the defaults.yaml +If you run a self hosted ZITADEL instance you can define your custom roles by overwriting the defaults.yaml In the InternalAuthZ section you will find all the roles and which permissions they have. Example: diff --git a/docs/docs/guides/manage/console/organizations.mdx b/docs/docs/guides/manage/console/organizations.mdx index 3ac96e75bd..0e22bea57c 100644 --- a/docs/docs/guides/manage/console/organizations.mdx +++ b/docs/docs/guides/manage/console/organizations.mdx @@ -77,7 +77,21 @@ You can also disable domain verification with DNS challenge in the [instance set 1. Browse to your organization settings 2. Select the menu entry **Verified domains** 3. To start the domain verification click the domain name and a dialog will appear, where you can choose between DNS or HTTP challenge methods. -4. For example, create a TXT record with your DNS provider for the used domain and click verify. ZITADEL will then proceed and check your DNS. + +Select Organization + +4. For example, create a TXT record with your DNS provider for the used domain and click verify. ZITADEL will then proceed and check your DNS. Here are some useful links explaining how you can add TXT records for popular domain providers: + +- [Cloudflare](https://www.zoho.com/mail/help/adminconsole/cloudflare.html#alink1) +- [Squarespace](https://support.squarespace.com/hc/en-us/articles/205812388-Domain-verification-with-a-TXT-Record-alternative-method-) +- [Name.com](https://www.name.com/support/articles/115004972547-adding-a-txt-record) +- [EasyDNS](https://kb.easydns.com/knowledge/how-to-make-a-dns-entry/) +- [DNS Made Easy](https://support.dnsmadeeasy.com/support/solutions/articles/47001001376-create-a-txt-record) + 5. When the verification is successful you have the option to activate the domain by clicking **Set as primary** :::caution diff --git a/docs/docs/guides/manage/customize/restrictions.md b/docs/docs/guides/manage/customize/restrictions.md index 443dd0a948..4ad29cef7a 100644 --- a/docs/docs/guides/manage/customize/restrictions.md +++ b/docs/docs/guides/manage/customize/restrictions.md @@ -8,7 +8,11 @@ Users with the role IAM_OWNER can change the restrictions of their instance usin Currently, the following restrictions are available: - *Disallow public organization registrations* - If restricted, only users with the role IAM_OWNERS can create new organizations. The endpoint */ui/login/register/org* returns HTTP status 404 on GET requests, and 409 on POST requests. -- *[Coming soon](https://github.com/zitadel/zitadel/issues/6250): AllowedLanguages* +- *AllowedLanguages* - The following rules apply if languages are restricted: + - Only allowed languages are listed in the OIDC discovery endpoint */.well-kown/openid-configuration*. + - Login UI texts are only rendered in allowed languages. + - Notification message texts are only rendered in allowed languages. + - Custom Texts can be created for disallowed languages as long as ZITADEL supports that language. Therefore, all texts can be customized before allowing a language. Feature restrictions for an instance are intended to be configured by a user that is managed within that instance. However, if you are self-hosting and need to control your virtual instances usage, [read about the APIs for limits and quotas](/self-hosting/manage/usage_control) that are intended to be used by system users. diff --git a/docs/docs/guides/manage/customize/texts.md b/docs/docs/guides/manage/customize/texts.md index 7fe26b872b..6617e709b2 100644 --- a/docs/docs/guides/manage/customize/texts.md +++ b/docs/docs/guides/manage/customize/texts.md @@ -49,6 +49,17 @@ ZITADEL is available in the following languages - Russian (ru) - Dutch (nl) -A language is displayed based on your agent's language header. The default language is English. +A language is displayed based on your agent's language header. +If a users language header doesn't match any of the supported or [restricted](#restrict-languages) languages, the instances default language will be used. If you need support for a specific language we highly encourage you to [contribute translation files](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md) for the missing language. + +## Restrict Languages + +If you only want to enable a subset of the supported languages, you can configure the languages you'd like to allow using the [restrictions API](./restrictions.md). +The login UI and notification messages are only rendered in one of the allowed languages and fallback to the instances default language. +Also, the instances OIDC discovery endpoint will only list the allowed languages in the *ui_locales_supported* field. + +All language settings are also configurable in the consoles *Languages* instance settings. + +![Languages](/img/guides/console/languages.png) diff --git a/docs/docs/guides/solution-scenarios/configurations.mdx b/docs/docs/guides/solution-scenarios/configurations.mdx index bb5fa5da5f..090572e898 100644 --- a/docs/docs/guides/solution-scenarios/configurations.mdx +++ b/docs/docs/guides/solution-scenarios/configurations.mdx @@ -137,3 +137,14 @@ Content-Security-Policy: frame-ancestors https://custom-domain.com ``` and remove the X-Frame-Options header. + +### Disable Multi-factor (MFA) Prompt + +To encourage the users to more security for their accounts, a multi-factor prompt is shown after a certain time, to prompt them to configure an additional factor. +This prompt is shown even if multi-factor is not enforced for the users. + +If you do want to disable the prompt for your users, go to the login behavior settings and set the "Multifactor Init Lifetime" to 0. +If the setting is not configured to 0, it means that after that time, the user will be asked again to setup a factor. + +![Login Behavior Settings: Multi-factor init lifetime](/img/guides/scenarios/login-settings-mfa-init-lifetime.png) + diff --git a/docs/docs/legal/service-description/cloud-service-description.md b/docs/docs/legal/service-description/cloud-service-description.md index 6d24e0315d..900fdcb631 100644 --- a/docs/docs/legal/service-description/cloud-service-description.md +++ b/docs/docs/legal/service-description/cloud-service-description.md @@ -27,7 +27,7 @@ You will benefit from the transparency of the open source and the hyper-scalabil #### Benefits over using open source / community license -- [Enterprise supported features](support-services) are only supported under an Enterprise license +- [Enterprise supported features](/docs/support/software-release-cycles-support#enterprise-supported) are only supported under an Enterprise license - Individual [onboarding support](./support-services#onboarding-support) tailored to your needs and team - Get access to our support with a [Service Level Agreement](support-services#service-level-agreement) that is tailored to your needs - Benefit from personal [technical account management](support-services#technical-account-manager) provided by our engineers to help you with architecture, integration, migration, and operational improvements of your setup diff --git a/docs/docs/self-hosting/deploy/linux.mdx b/docs/docs/self-hosting/deploy/linux.mdx index d697f40a04..c061821075 100644 --- a/docs/docs/self-hosting/deploy/linux.mdx +++ b/docs/docs/self-hosting/deploy/linux.mdx @@ -3,11 +3,10 @@ title: Install ZITADEL on Linux sidebar_label: Linux --- -import Disclaimer from './_disclaimer.mdx' -import DefaultUser from './_defaultuser.mdx' -import Next from './_next.mdx' -import NoteInstanceNotFound from './troubleshooting/_note_instance_not_found.mdx'; - +import Disclaimer from "./_disclaimer.mdx"; +import DefaultUser from "./_defaultuser.mdx"; +import Next from "./_next.mdx"; +import NoteInstanceNotFound from "./troubleshooting/_note_instance_not_found.mdx"; ## Install CockroachDB @@ -22,15 +21,10 @@ cockroach start-single-node --insecure --background --http-addr :9090 --listen-a ## Install ZITADEL -Download the ZITADEL release according to your architecture from [Github](https://github.com/zitadel/zitadel/releases/latest) - -## Unpack the archive -move to your download location and unpack the archive +Download the ZITADEL release according to your architecture from [Github](https://github.com/zitadel/zitadel/releases/latest), unpack the archive and copy zitadel binary to /usr/local/bin ```bash -#unpack and copy to /usr/local/bin -LATEST=$(curl -i https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r'); wget -qO- https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel_Linux_$(uname -m).tar.gz | tar -xz zitadel && sudo mv zitadel /usr/local/bin - +LATEST=$(curl -i https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r'); ARCH=$(uname -m); case $ARCH in armv5*) ARCH="armv5";; armv6*) ARCH="armv6";; armv7*) ARCH="arm";; aarch64) ARCH="arm64";; x86) ARCH="386";; x86_64) ARCH="amd64";; i686) ARCH="386";; i386) ARCH="386";; esac; wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | tar -xz && sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin ``` ## Run ZITADEL @@ -41,10 +35,19 @@ ZITADEL_EXTERNALSECURE=false zitadel start-from-init --masterkey "MasterkeyNeeds - + ## VideoGuide - + + ### Setup ZITADEL with a service account @@ -59,5 +62,3 @@ This key can be used to provision resources with for example [Terraform](/docs/g - - diff --git a/docs/docs/self-hosting/manage/database/_postgres.mdx b/docs/docs/self-hosting/manage/database/_postgres.mdx index bb87a7a1c4..ec2d7861ae 100644 --- a/docs/docs/self-hosting/manage/database/_postgres.mdx +++ b/docs/docs/self-hosting/manage/database/_postgres.mdx @@ -17,6 +17,7 @@ Database: Port: 5432 Database: zitadel MaxOpenConns: 25 + MaxIdleConns: 10 MaxConnLifetime: 1h MaxConnIdleTime: 5m Options: @@ -54,4 +55,4 @@ GRANT CONNECT, CREATE ON DATABASE zitadel TO zitadel; Don't forget to adjust `pg_hba.conf` and set a password for the zitadel user. With the setup done, follow the [phases guide](/docs/self-hosting/manage/updating_scaling#separating-init-and-setup-from-the-runtime) -to run the init and then setup phase to get all necessary tables and data set up. \ No newline at end of file +to run the init and then setup phase to get all necessary tables and data set up. diff --git a/docs/docs/support/advisory/a10006.md b/docs/docs/support/advisory/a10006.md index 47042da4cb..72d5349068 100644 --- a/docs/docs/support/advisory/a10006.md +++ b/docs/docs/support/advisory/a10006.md @@ -12,6 +12,8 @@ Date: Calendar week 41/42 2023 Versions >= 2.39.0 require the cockroach database user of ZITADEL to be granted to the `VIEWACTIVITY` grant. This can either be reached by grant the role manually or execute the `zitadel init` command. +Cockroach versions 22.2 < 22.2.11 and 23.1 < 23.1.4 will fail the migration. Please make sure to upgrade to more recent versions first. ZITADEL recommends to use the latest stable version of Cockroachdb. + ## Statement To query correct order of events the cockroach database user of ZITADEL needs additional privileges to query the `crdb_internal.cluster_transactions`-table @@ -20,6 +22,8 @@ To query correct order of events the cockroach database user of ZITADEL needs ad Before migrating to versions >= 2.39.0 make sure the cockroach database user has sufficient grants. +Cockroachdb version is up to date. + ## Impact If the user doesn't have sufficient grants, events won't be updated. diff --git a/docs/sidebars.js b/docs/sidebars.js index aaa282a211..cafcdfc4d6 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -15,6 +15,7 @@ module.exports = { "examples/login/react", "examples/login/flutter", "examples/login/nextjs", + "examples/login/go", ], collapsed: true, }, diff --git a/docs/static/img/console_verify_domain.png b/docs/static/img/console_verify_domain.png new file mode 100644 index 0000000000..a801623539 Binary files /dev/null and b/docs/static/img/console_verify_domain.png differ diff --git a/docs/static/img/go/api-create-auth.png b/docs/static/img/go/api-create-auth.png new file mode 100644 index 0000000000..f16980baa9 Binary files /dev/null and b/docs/static/img/go/api-create-auth.png differ diff --git a/docs/static/img/go/api-create-key.png b/docs/static/img/go/api-create-key.png new file mode 100644 index 0000000000..200b5f5d12 Binary files /dev/null and b/docs/static/img/go/api-create-key.png differ diff --git a/docs/static/img/go/api-create.png b/docs/static/img/go/api-create.png new file mode 100644 index 0000000000..1c21cf0706 Binary files /dev/null and b/docs/static/img/go/api-create.png differ diff --git a/docs/static/img/go/api-project-auth.png b/docs/static/img/go/api-project-auth.png new file mode 100644 index 0000000000..741c08a558 Binary files /dev/null and b/docs/static/img/go/api-project-auth.png differ diff --git a/docs/static/img/go/api-project-role.png b/docs/static/img/go/api-project-role.png new file mode 100644 index 0000000000..a819f6b8d3 Binary files /dev/null and b/docs/static/img/go/api-project-role.png differ diff --git a/docs/static/img/go/app-create-auth.png b/docs/static/img/go/app-create-auth.png new file mode 100644 index 0000000000..e54b41bd49 Binary files /dev/null and b/docs/static/img/go/app-create-auth.png differ diff --git a/docs/static/img/go/app-create-clientid.png b/docs/static/img/go/app-create-clientid.png new file mode 100644 index 0000000000..76473e47d6 Binary files /dev/null and b/docs/static/img/go/app-create-clientid.png differ diff --git a/docs/static/img/go/app-create-redirect.png b/docs/static/img/go/app-create-redirect.png new file mode 100644 index 0000000000..e92d2587a6 Binary files /dev/null and b/docs/static/img/go/app-create-redirect.png differ diff --git a/docs/static/img/go/app-create.png b/docs/static/img/go/app-create.png new file mode 100644 index 0000000000..ca78b1ec0c Binary files /dev/null and b/docs/static/img/go/app-create.png differ diff --git a/docs/static/img/go/app-home.png b/docs/static/img/go/app-home.png new file mode 100644 index 0000000000..22e92bbf60 Binary files /dev/null and b/docs/static/img/go/app-home.png differ diff --git a/docs/static/img/go/app-profile.png b/docs/static/img/go/app-profile.png new file mode 100644 index 0000000000..218d1240dc Binary files /dev/null and b/docs/static/img/go/app-profile.png differ diff --git a/docs/static/img/guides/console/languages.png b/docs/static/img/guides/console/languages.png new file mode 100644 index 0000000000..2f6e2cd3ad Binary files /dev/null and b/docs/static/img/guides/console/languages.png differ diff --git a/docs/static/img/guides/scenarios/login-settings-mfa-init-lifetime.png b/docs/static/img/guides/scenarios/login-settings-mfa-init-lifetime.png new file mode 100644 index 0000000000..b93d2014b6 Binary files /dev/null and b/docs/static/img/guides/scenarios/login-settings-mfa-init-lifetime.png differ diff --git a/e2e/cypress/e2e/events/events.cy.ts b/e2e/cypress/e2e/events/events.cy.ts index 65362b6129..facd298b12 100644 --- a/e2e/cypress/e2e/events/events.cy.ts +++ b/e2e/cypress/e2e/events/events.cy.ts @@ -9,9 +9,8 @@ describe('events', () => { cy.get('[data-e2e="event-type-cell"]').should('have.length', 20); cy.get('[data-e2e="open-filter-button"]').click(); cy.get('[data-e2e="event-type-filter-checkbox"]').click(); - cy.get('#mat-select-value-1').click(); - cy.contains('mat-option', eventTypeEnglish).click(); - cy.get('body').click(); + cy.contains('mat-select', 'Descending').click(); + cy.contains('mat-option', 'Ascending').click(); cy.get('[data-e2e="filter-finish-button"]').click(); cy.contains('[data-e2e="event-type-cell"]', eventTypeEnglish).should('have.length.at.least', 1); }); diff --git a/go.mod b/go.mod index 815aad0685..6b1bf71d41 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/allegro/bigcache v1.2.1 github.com/benbjohnson/clock v1.3.5 github.com/boombuler/barcode v1.0.1 + github.com/brianvoe/gofakeit/v6 v6.25.0 github.com/cockroachdb/cockroach-go/v2 v2.3.5 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be github.com/crewjam/saml v0.4.14 @@ -49,7 +50,6 @@ require ( github.com/muhlemmer/gu v0.3.1 github.com/muhlemmer/httpforwarded v0.1.0 github.com/nicksnyder/go-i18n/v2 v2.2.2 - github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.4.0 github.com/rakyll/statik v0.1.7 github.com/rs/cors v1.10.1 @@ -60,9 +60,9 @@ require ( github.com/superseriousbusiness/exifremove v0.0.0-20210330092427-6acd27eac203 github.com/ttacon/libphonenumber v1.2.1 github.com/zitadel/logging v0.5.0 - github.com/zitadel/oidc/v3 v3.4.0 + github.com/zitadel/oidc/v3 v3.8.1 github.com/zitadel/passwap v0.4.0 - github.com/zitadel/saml v0.1.2 + github.com/zitadel/saml v0.1.3 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 go.opentelemetry.io/otel v1.21.0 @@ -74,10 +74,10 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.20.0 go.opentelemetry.io/otel/trace v1.21.0 go.uber.org/mock v0.3.0 - golang.org/x/crypto v0.15.0 + golang.org/x/crypto v0.17.0 golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 - golang.org/x/net v0.18.0 - golang.org/x/oauth2 v0.14.0 + golang.org/x/net v0.19.0 + golang.org/x/oauth2 v0.15.0 golang.org/x/sync v0.5.0 golang.org/x/text v0.14.0 google.golang.org/api v0.150.0 @@ -90,7 +90,7 @@ require ( require ( github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.44.0 // indirect github.com/crewjam/httperr v0.2.0 // indirect - github.com/go-chi/chi/v5 v5.0.10 // indirect + github.com/go-chi/chi/v5 v5.0.11 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-sql-driver/mysql v1.7.1 // indirect @@ -107,6 +107,7 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/pkg/errors v0.9.1 // indirect github.com/sagikazarmark/locafero v0.3.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect @@ -154,7 +155,7 @@ require ( github.com/golang/geo v0.0.0-20230421003525-6adc56603217 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/snappy v0.0.4 // indirect - github.com/google/uuid v1.4.0 + github.com/google/uuid v1.5.0 github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/gorilla/handlers v1.5.2 // indirect @@ -201,7 +202,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 // indirect go.opentelemetry.io/proto/otlp v1.0.0 // indirect - golang.org/x/sys v0.14.0 + golang.org/x/sys v0.15.0 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/appengine v1.6.8 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 98ea3f3ce3..9954053ade 100644 --- a/go.sum +++ b/go.sum @@ -122,6 +122,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/brianvoe/gofakeit/v6 v6.25.0 h1:ZpFjktOpLZUeF8q223o0rUuXtA+m5qW5srjvVi+JkXk= +github.com/brianvoe/gofakeit/v6 v6.25.0/go.mod h1:Xj58BMSnFqcn/fAQeSK+/PLtC5kSb7FJIq4JyGa8vEs= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= @@ -256,8 +258,8 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA= github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk= -github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= +github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.0.2/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs= github.com/go-errors/errors v1.1.1/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs= @@ -408,8 +410,8 @@ github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -865,12 +867,12 @@ github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8= github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= github.com/zitadel/logging v0.5.0 h1:Kunouvqse/efXy4UDvFw5s3vP+Z4AlHo3y8wF7stXHA= github.com/zitadel/logging v0.5.0/go.mod h1:IzP5fzwFhzzyxHkSmfF8dsyqFsQRJLLcQmwhIBzlGsE= -github.com/zitadel/oidc/v3 v3.4.0 h1:JkbNnrk/7IG+NOBoZp/P0kx6tPcBvnCekSqDTPCOok4= -github.com/zitadel/oidc/v3 v3.4.0/go.mod h1:jUnLnx5ihKlo88cSEduZkKlzeMrjzcWVZ8fTzKBxZKY= +github.com/zitadel/oidc/v3 v3.8.1 h1:YsFWUpT3JFsDlF9ePwM851CymDwqfQ3UU1CoOEOMEdU= +github.com/zitadel/oidc/v3 v3.8.1/go.mod h1:rUKTJBsamKtqurN1MpuRYxF5FgW/9RJ/1/AF3g7/2k0= github.com/zitadel/passwap v0.4.0 h1:cMaISx+Ve7ilgG7Q8xOli4Z6IWr8Gndss+jeBk5A3O0= github.com/zitadel/passwap v0.4.0/go.mod h1:yHaDM4A68yRkdic5BZ4iUNoc19hT+kYt8n1/Nz+I87g= -github.com/zitadel/saml v0.1.2 h1:RICwNTuP2upX4A1sZ8iq1rv4/x3DhZHzFx1e5bTKoTo= -github.com/zitadel/saml v0.1.2/go.mod h1:M+X+3vMUulpoLofKeH/W1/qjQQ3owitc2GuGDu3oYpM= +github.com/zitadel/saml v0.1.3 h1:LI4DOCVyyU1qKPkzs3vrGcA5J3H4pH3+CL9zr9ShkpM= +github.com/zitadel/saml v0.1.3/go.mod h1:MdkjyU3mwnTuh4lNnhPG+RyZL/VfzD72wUG/eWWBaXc= github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0= github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -951,8 +953,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1040,8 +1042,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1051,8 +1053,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= -golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1133,8 +1135,9 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff --git a/internal/actions/actions.go b/internal/actions/actions.go index 34d745d2c2..5fa3a3c28a 100644 --- a/internal/actions/actions.go +++ b/internal/actions/actions.go @@ -8,8 +8,8 @@ import ( "github.com/dop251/goja_nodejs/require" "github.com/sirupsen/logrus" - z_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -32,7 +32,7 @@ func actionFailedMessage(err error) string { func Run(ctx context.Context, ctxParam contextFields, apiParam apiFields, script, name string, opts ...Option) (err error) { config := newRunConfig(ctx, append(opts, withLogger(ctx))...) if config.functionTimeout == 0 { - return z_errs.ThrowInternal(nil, "ACTIO-uCpCx", "Errrors.Internal") + return zerrors.ThrowInternal(nil, "ACTIO-uCpCx", "Errrors.Internal") } remaining := logstoreService.Limit(ctx, config.instanceID) @@ -40,7 +40,7 @@ func Run(ctx context.Context, ctxParam contextFields, apiParam apiFields, script config.logger.Log(actionStartedMessage) if remaining != nil && *remaining == 0 { - return z_errs.ThrowResourceExhausted(nil, "ACTIO-f19Ii", "Errors.Quota.Execution.Exhausted") + return zerrors.ThrowResourceExhausted(nil, "ACTIO-f19Ii", "Errors.Quota.Execution.Exhausted") } defer func() { diff --git a/internal/actions/http_module.go b/internal/actions/http_module.go index a86c81b655..33cfbc91bc 100644 --- a/internal/actions/http_module.go +++ b/internal/actions/http_module.go @@ -13,7 +13,7 @@ import ( "github.com/dop251/goja" "github.com/zitadel/logging" - z_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func WithHTTP(ctx context.Context) Option { @@ -66,7 +66,7 @@ func (c *HTTP) fetchConfigFromArg(arg *goja.Object, config *fetchConfig) (err er } config.Body = bytes.NewReader(body) default: - return z_errs.ThrowInvalidArgument(nil, "ACTIO-OfUeA", "key is invalid") + return zerrors.ThrowInvalidArgument(nil, "ACTIO-OfUeA", "key is invalid") } } return nil @@ -177,7 +177,7 @@ func (*transport) RoundTrip(req *http.Request) (*http.Response, error) { return http.DefaultTransport.RoundTrip(req) } if isHostBlocked(httpConfig.DenyList, req.URL) { - return nil, z_errs.ThrowInvalidArgument(nil, "ACTIO-N72d0", "host is denied") + return nil, zerrors.ThrowInvalidArgument(nil, "ACTIO-N72d0", "host is denied") } return http.DefaultTransport.RoundTrip(req) } diff --git a/internal/actions/http_module_config.go b/internal/actions/http_module_config.go index 2484078896..29045168aa 100644 --- a/internal/actions/http_module_config.go +++ b/internal/actions/http_module_config.go @@ -5,7 +5,7 @@ import ( "reflect" "github.com/mitchellh/mapstructure" - z_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func SetHTTPConfig(config *HTTPConfig) { @@ -68,7 +68,7 @@ func NewIPChecker(i string) (AddressChecker, error) { if ip := net.ParseIP(i); ip != nil { return &IPChecker{IP: ip}, nil } - return nil, z_errs.ThrowInvalidArgument(nil, "ACTIO-ddJ7h", "invalid ip") + return nil, zerrors.ThrowInvalidArgument(nil, "ACTIO-ddJ7h", "invalid ip") } type IPChecker struct { diff --git a/internal/actions/http_module_test.go b/internal/actions/http_module_test.go index 1b456d2196..0d3bdef75e 100644 --- a/internal/actions/http_module_test.go +++ b/internal/actions/http_module_test.go @@ -11,9 +11,9 @@ import ( "github.com/dop251/goja" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/logstore" "github.com/zitadel/zitadel/internal/logstore/record" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_isHostBlocked(t *testing.T) { @@ -208,7 +208,7 @@ func TestHTTP_fetchConfigFromArg(t *testing.T) { }, wantConfig: fetchConfig{}, wantErr: func(err error) bool { - return errors.IsErrorInvalidArgument(err) + return zerrors.IsErrorInvalidArgument(err) }, }, } diff --git a/internal/api/api.go b/internal/api/api.go index 82d574fe04..538d22f48d 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -19,10 +19,10 @@ import ( http_util "github.com/zitadel/zitadel/internal/api/http" http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/api/ui/login" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/metrics" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type API struct { @@ -196,7 +196,7 @@ func (a *API) healthHandler() http.Handler { checks := []ValidationFunction{ func(ctx context.Context) error { if err := a.health.Health(ctx); err != nil { - return errors.ThrowInternal(err, "API-F24h2", "DB CONNECTION ERROR") + return zerrors.ThrowInternal(err, "API-F24h2", "DB CONNECTION ERROR") } return nil }, diff --git a/internal/api/authz/access_token_test.go b/internal/api/authz/access_token_test.go index 54f3c6518c..dacbda8c77 100644 --- a/internal/api/authz/access_token_test.go +++ b/internal/api/authz/access_token_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_extractBearerToken(t *testing.T) { @@ -58,7 +58,7 @@ func Test_extractBearerToken(t *testing.T) { t.Errorf("got wrong result, should not get err: actual: %v ", err) } - if tt.wantErr && !errors.IsUnauthenticated(err) { + if tt.wantErr && !zerrors.IsUnauthenticated(err) { t.Errorf("got wrong err: %v ", err) } }) diff --git a/internal/api/authz/authorization.go b/internal/api/authz/authorization.go index ad55ab976c..2099b3e426 100644 --- a/internal/api/authz/authorization.go +++ b/internal/api/authz/authorization.go @@ -6,8 +6,8 @@ import ( "reflect" "strings" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -56,7 +56,7 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID, func checkUserPermissions(req interface{}, userPerms []string, authOpt Option) error { if len(userPerms) == 0 { - return errors.ThrowPermissionDenied(nil, "AUTH-5mWD2", "No matching permissions found") + return zerrors.ThrowPermissionDenied(nil, "AUTH-5mWD2", "No matching permissions found") } if authOpt.CheckParam == "" { @@ -71,7 +71,7 @@ func checkUserPermissions(req interface{}, userPerms []string, authOpt Option) e return nil } - return errors.ThrowPermissionDenied(nil, "AUTH-3jknH", "No matching permissions found") + return zerrors.ThrowPermissionDenied(nil, "AUTH-3jknH", "No matching permissions found") } func SplitPermission(perm string) (string, string) { diff --git a/internal/api/authz/authorization_test.go b/internal/api/authz/authorization_test.go index fea2e9bc71..4b81c73d81 100644 --- a/internal/api/authz/authorization_test.go +++ b/internal/api/authz/authorization_test.go @@ -3,7 +3,7 @@ package authz import ( "testing" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type TestRequest struct { @@ -77,7 +77,7 @@ func Test_CheckUserPermissions(t *testing.T) { t.Errorf("shouldn't get err: %v ", err) } - if tt.wantErr && !errors.IsPermissionDenied(err) { + if tt.wantErr && !zerrors.IsPermissionDenied(err) { t.Errorf("got wrong err: %v ", err) } }) diff --git a/internal/api/authz/context.go b/internal/api/authz/context.go index abd44c8ead..3a11684947 100644 --- a/internal/api/authz/context.go +++ b/internal/api/authz/context.go @@ -11,8 +11,8 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc" http_util "github.com/zitadel/zitadel/internal/api/http" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type key int @@ -105,7 +105,7 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st } userID, clientID, agentID, prefLang, resourceOwner, err := t.VerifyAccessToken(ctx, tokenWOBearer) var sysMemberships Memberships - if err != nil && !zitadel_errors.IsUnauthenticated(err) { + if err != nil && !zerrors.IsUnauthenticated(err) { return CtxData{}, err } if err != nil { @@ -113,7 +113,7 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st var sysTokenErr error sysMemberships, userID, sysTokenErr = t.VerifySystemToken(ctx, tokenWOBearer, orgID) if sysTokenErr != nil || sysMemberships == nil { - return CtxData{}, zitadel_errors.ThrowUnauthenticated(errors.Join(err, sysTokenErr), "AUTH-7fs1e", "Errors.Token.Invalid") + return CtxData{}, zerrors.ThrowUnauthenticated(errors.Join(err, sysTokenErr), "AUTH-7fs1e", "Errors.Token.Invalid") } } var projectID string @@ -121,7 +121,7 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st if clientID != "" { projectID, origins, err = t.ProjectIDAndOriginsByClientID(ctx, clientID) if err != nil { - return CtxData{}, zitadel_errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid") + return CtxData{}, zerrors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid") } // We used to check origins for every token, but service users shouldn't be used publicly (native app / SPA). // Therefore, mostly won't send an origin and aren't able to configure them anyway. @@ -137,7 +137,7 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st if orgID != "" { orgID, err = t.ExistsOrg(ctx, orgID, orgDomain) if err != nil { - return CtxData{}, zitadel_errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist") + return CtxData{}, zerrors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist") } } return CtxData{ @@ -176,13 +176,13 @@ func checkOrigin(ctx context.Context, origins []string) error { if http_util.IsOriginAllowed(origins, origin) { return nil } - return zitadel_errors.ThrowPermissionDenied(nil, "AUTH-DZG21", "Errors.OriginNotAllowed") + return zerrors.ThrowPermissionDenied(nil, "AUTH-DZG21", "Errors.OriginNotAllowed") } func extractBearerToken(token string) (part string, err error) { parts := strings.Split(token, BearerPrefix) if len(parts) != 2 { - return "", zitadel_errors.ThrowUnauthenticated(nil, "AUTH-7fs1e", "invalid auth header") + return "", zerrors.ThrowUnauthenticated(nil, "AUTH-7fs1e", "invalid auth header") } return parts[1], nil } diff --git a/internal/api/authz/permissions.go b/internal/api/authz/permissions.go index 8400efe8ff..e96a7b256b 100644 --- a/internal/api/authz/permissions.go +++ b/internal/api/authz/permissions.go @@ -3,8 +3,8 @@ package authz import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func CheckPermission(ctx context.Context, resolver MembershipsResolver, roleMappings []RoleMapping, permission, orgID, resourceID string) (err error) { @@ -27,7 +27,7 @@ func getUserPermissions(ctx context.Context, resolver MembershipsResolver, requi defer func() { span.EndWithError(err) }() if ctxData.IsZero() { - return nil, nil, errors.ThrowUnauthenticated(nil, "AUTH-rKLWEH", "context missing") + return nil, nil, zerrors.ThrowUnauthenticated(nil, "AUTH-rKLWEH", "context missing") } if ctxData.SystemMemberships != nil { @@ -43,7 +43,7 @@ func getUserPermissions(ctx context.Context, resolver MembershipsResolver, requi if len(memberships) == 0 { memberships, err = resolver.SearchMyMemberships(ctx, orgID, true) if len(memberships) == 0 { - return nil, nil, errors.ThrowNotFound(nil, "AUTHZ-cdgFk", "membership not found") + return nil, nil, zerrors.ThrowNotFound(nil, "AUTHZ-cdgFk", "membership not found") } if err != nil { return nil, nil, err @@ -57,7 +57,7 @@ func getUserPermissions(ctx context.Context, resolver MembershipsResolver, requi // or the specific resource (project.write:123) func checkUserResourcePermissions(userPerms []string, resourceID string) error { if len(userPerms) == 0 { - return errors.ThrowPermissionDenied(nil, "AUTH-AWfge", "No matching permissions found") + return zerrors.ThrowPermissionDenied(nil, "AUTH-AWfge", "No matching permissions found") } if resourceID == "" { @@ -72,7 +72,7 @@ func checkUserResourcePermissions(userPerms []string, resourceID string) error { return nil } - return errors.ThrowPermissionDenied(nil, "AUTH-Swrgg2", "No matching permissions found") + return zerrors.ThrowPermissionDenied(nil, "AUTH-Swrgg2", "No matching permissions found") } func hasContextResourcePermission(permissions []string, resourceID string) bool { diff --git a/internal/api/authz/permissions_test.go b/internal/api/authz/permissions_test.go index a500f6a4fb..7919747de6 100644 --- a/internal/api/authz/permissions_test.go +++ b/internal/api/authz/permissions_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func equalStringArray(a, b []string) bool { @@ -61,7 +61,7 @@ func Test_GetUserPermissions(t *testing.T) { }, }, wantErr: true, - errFunc: caos_errs.IsUnauthenticated, + errFunc: zerrors.IsUnauthenticated, result: []string{"project.read"}, }, { @@ -563,7 +563,7 @@ func Test_CheckUserResourcePermissions(t *testing.T) { t.Errorf("shouldn't get err: %v ", err) } - if tt.wantErr && !caos_errs.IsPermissionDenied(err) { + if tt.wantErr && !zerrors.IsPermissionDenied(err) { t.Errorf("got wrong err: %v ", err) } }) diff --git a/internal/api/authz/session_token.go b/internal/api/authz/session_token.go index 1691828513..eb46008659 100644 --- a/internal/api/authz/session_token.go +++ b/internal/api/authz/session_token.go @@ -6,8 +6,8 @@ import ( "fmt" "github.com/zitadel/zitadel/internal/crypto" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -25,7 +25,7 @@ func SessionTokenVerifier(algorithm crypto.EncryptionAlgorithm) func(ctx context token, err := algorithm.DecryptString(decodedToken, algorithm.EncryptionKeyID()) spanPasswordComparison.EndWithError(err) if err != nil || token != fmt.Sprintf(SessionTokenFormat, sessionID, tokenID) { - return zitadel_errors.ThrowPermissionDenied(err, "COMMAND-sGr42", "Errors.Session.Token.Invalid") + return zerrors.ThrowPermissionDenied(err, "COMMAND-sGr42", "Errors.Session.Token.Invalid") } return nil } diff --git a/internal/api/authz/system_token.go b/internal/api/authz/system_token.go index 08d7bde664..da4c7d81d3 100644 --- a/internal/api/authz/system_token.go +++ b/internal/api/authz/system_token.go @@ -12,7 +12,7 @@ import ( "github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/zitadel/internal/crypto" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ SystemTokenVerifier = (*SystemTokenVerifierFromConfig)(nil) @@ -61,7 +61,7 @@ func (s *SystemTokenVerifierFromConfig) VerifySystemToken(ctx context.Context, t } systemUserMemberships, ok := s.systemUsers[jwtReq.Subject] if !ok { - return nil, "", zitadel_errors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") + return nil, "", zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") } matchingMemberships = make(Memberships, 0, len(systemUserMemberships)) for _, membership := range systemUserMemberships { @@ -91,7 +91,7 @@ func (s *SystemAPIUser) readKey() (*rsa.PublicKey, error) { var err error s.KeyData, err = os.ReadFile(s.Path) if err != nil { - return nil, zitadel_errors.ThrowInternal(err, "AUTHZ-JK31F", "Errors.NotFound") + return nil, zerrors.ThrowInternal(err, "AUTHZ-JK31F", "Errors.NotFound") } } return crypto.BytesToPublicKey(s.KeyData) @@ -104,7 +104,7 @@ func (s *systemJWTStorage) GetKeyByIDAndClientID(_ context.Context, _, userID st } key, ok := s.keys[userID] if !ok { - return nil, zitadel_errors.ThrowNotFound(nil, "AUTHZ-asfd3", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "AUTHZ-asfd3", "Errors.User.NotFound") } s.mutex.Lock() defer s.mutex.Unlock() diff --git a/internal/api/authz/user.go b/internal/api/authz/user.go index 3bfbe45cec..23c7ae358a 100644 --- a/internal/api/authz/user.go +++ b/internal/api/authz/user.go @@ -3,14 +3,14 @@ package authz import ( "context" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) // UserIDInCTX checks if the userID // equals the authenticated user in the context. func UserIDInCTX(ctx context.Context, userID string) error { if GetCtxData(ctx).UserID != userID { - return errors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") + return zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") } return nil } diff --git a/internal/api/grpc/admin/event.go b/internal/api/grpc/admin/event.go index 72adfa0151..576fce8af1 100644 --- a/internal/api/grpc/admin/event.go +++ b/internal/api/grpc/admin/event.go @@ -2,6 +2,7 @@ package admin import ( "context" + "time" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/eventstore" @@ -36,6 +37,25 @@ func (s *Server) ListAggregateTypes(ctx context.Context, in *admin_pb.ListAggreg } func eventRequestToFilter(ctx context.Context, req *admin_pb.ListEventsRequest) (*eventstore.SearchQueryBuilder, error) { + var fromTime, sinceTime, untilTime time.Time + // We ignore the deprecation warning here because we still need to support the deprecated field. + //nolint:staticcheck + if creationDatePb := req.GetCreationDate(); creationDatePb != nil { + fromTime = creationDatePb.AsTime() + } + if fromTimePb := req.GetFrom(); fromTimePb != nil { + fromTime = fromTimePb.AsTime() + } + if timeRange := req.GetRange(); timeRange != nil { + // If range is set, we ignore the from and the deprecated creation_date fields + fromTime = time.Time{} + if timeSincePb := timeRange.GetSince(); timeSincePb != nil { + sinceTime = timeSincePb.AsTime() + } + if timeUntilPb := timeRange.GetUntil(); timeUntilPb != nil { + untilTime = timeUntilPb.AsTime() + } + } eventTypes := make([]eventstore.EventType, len(req.EventTypes)) for i, eventType := range req.EventTypes { eventTypes[i] = eventstore.EventType(eventType) @@ -60,7 +80,9 @@ func eventRequestToFilter(ctx context.Context, req *admin_pb.ListEventsRequest) AwaitOpenTransactions(). ResourceOwner(req.ResourceOwner). EditorUser(req.EditorUserId). - SequenceGreater(req.Sequence) + SequenceGreater(req.Sequence). + CreationDateAfter(sinceTime). + CreationDateBefore(untilTime) if len(aggregateIDs) > 0 || len(aggregateTypes) > 0 || len(eventTypes) > 0 { builder.AddQuery(). @@ -72,10 +94,9 @@ func eventRequestToFilter(ctx context.Context, req *admin_pb.ListEventsRequest) if req.GetAsc() { builder.OrderAsc() - builder.CreationDateAfter(req.CreationDate.AsTime()) + builder.CreationDateAfter(fromTime) } else { - builder.CreationDateBefore(req.CreationDate.AsTime()) + builder.CreationDateBefore(fromTime) } - return builder, nil } diff --git a/internal/api/grpc/admin/export.go b/internal/api/grpc/admin/export.go index ec90866853..0bfe18528e 100644 --- a/internal/api/grpc/admin/export.go +++ b/internal/api/grpc/admin/export.go @@ -9,9 +9,9 @@ import ( authn_grpc "github.com/zitadel/zitadel/internal/api/grpc/authn" text_grpc "github.com/zitadel/zitadel/internal/api/grpc/text" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" app_pb "github.com/zitadel/zitadel/pkg/grpc/app" idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp" @@ -325,7 +325,7 @@ func (s *Server) getIDPs(ctx context.Context, orgID string) (_ []*v1_pb.DataOIDC for _, idp := range idps.IDPs { if idp.OIDCIDP != nil { clientSecret, err := s.query.GetOIDCIDPClientSecret(ctx, false, orgID, idp.ID, false) - if err != nil && !caos_errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, nil, err } oidcIdps = append(oidcIdps, &v1_pb.DataOIDCIDP{ @@ -590,7 +590,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w ctx, pwspan := tracing.NewSpan(ctx) encodedHash, err := s.query.GetHumanPassword(ctx, org, user.ID) pwspan.EndWithError(err) - if err != nil && !caos_errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, nil, nil, nil, err } if err == nil && encodedHash != "" { @@ -603,7 +603,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w ctx, otpspan := tracing.NewSpan(ctx) code, err := s.query.GetHumanOTPSecret(ctx, user.ID, org) otpspan.EndWithError(err) - if err != nil && !caos_errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, nil, nil, nil, err } if err == nil && code != "" { diff --git a/internal/api/grpc/admin/iam_settings_converter.go b/internal/api/grpc/admin/iam_settings_converter.go index 2238562d54..575fe75b35 100644 --- a/internal/api/grpc/admin/iam_settings_converter.go +++ b/internal/api/grpc/admin/iam_settings_converter.go @@ -7,9 +7,9 @@ import ( obj_grpc "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels/smtp" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" settings_pb "github.com/zitadel/zitadel/pkg/grpc/settings" ) @@ -47,7 +47,7 @@ func SecretGeneratorQueryToModel(apiQuery *settings_pb.SecretGeneratorQuery) (qu domainType := SecretGeneratorTypeToDomain(q.TypeQuery.GeneratorType) return query.NewSecretGeneratorTypeSearchQuery(int32(domainType)) default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-fm9es", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-fm9es", "List.Query.Invalid") } } diff --git a/internal/api/grpc/admin/idp_converter.go b/internal/api/grpc/admin/idp_converter.go index c5b6ede88a..ce3884d2b5 100644 --- a/internal/api/grpc/admin/idp_converter.go +++ b/internal/api/grpc/admin/idp_converter.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp" ) @@ -126,7 +126,7 @@ func idpQueryToModel(idpQuery *admin_pb.IDPQuery) (query.SearchQuery, error) { case *admin_pb.IDPQuery_IdpIdQuery: return query.NewIDPIDSearchQuery(q.IdpIdQuery.Id) default: - return nil, errors.ThrowInvalidArgument(nil, "ADMIN-VmqQu", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ADMIN-VmqQu", "List.Query.Invalid") } } @@ -200,7 +200,7 @@ func providerQueryToQuery(idpQuery *admin_pb.ProviderQuery) (query.SearchQuery, case *admin_pb.ProviderQuery_IdpIdQuery: return query.NewIDPTemplateIDSearchQuery(q.IdpIdQuery.Id) default: - return nil, errors.ThrowInvalidArgument(nil, "ADMIN-Dr2aa", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ADMIN-Dr2aa", "List.Query.Invalid") } } diff --git a/internal/api/grpc/admin/import.go b/internal/api/grpc/admin/import.go index 6b1e54fefa..f464a44702 100644 --- a/internal/api/grpc/admin/import.go +++ b/internal/api/grpc/admin/import.go @@ -12,17 +12,17 @@ import ( "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" + "github.com/zitadel/logging" "google.golang.org/api/option" "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/types/known/durationpb" - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/api/authz" action_grpc "github.com/zitadel/zitadel/internal/api/grpc/action" "github.com/zitadel/zitadel/internal/api/grpc/authn" "github.com/zitadel/zitadel/internal/api/grpc/management" "github.com/zitadel/zitadel/internal/command" + "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/telemetry/tracing" @@ -34,10 +34,10 @@ import ( type importResponse struct { ret *admin_pb.ImportDataResponse - count *count + count *counts err error } -type count struct { +type counts struct { humanUserCount int humanUserLen int machineUserCount int @@ -70,7 +70,7 @@ type count struct { machineKeysCount int } -func (c *count) getProgress() string { +func (c *counts) getProgress() string { return "progress:" + "human_users " + strconv.Itoa(c.humanUserCount) + "/" + strconv.Itoa(c.humanUserLen) + ", " + "machine_users " + strconv.Itoa(c.machineUserCount) + "/" + strconv.Itoa(c.machineUserLen) + ", " + @@ -91,7 +91,6 @@ func (c *count) getProgress() string { func (s *Server) ImportData(ctx context.Context, req *admin_pb.ImportDataRequest) (_ *admin_pb.ImportDataResponse, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - if req.GetDataOrgs() != nil || req.GetDataOrgsv1() != nil { timeoutDuration, err := time.ParseDuration(req.Timeout) if err != nil { @@ -293,10 +292,736 @@ func getFileFromGCS(ctx context.Context, input *admin_pb.ImportDataRequest_GCSIn return ioutil.ReadAll(reader) } -func (s *Server) importData(ctx context.Context, orgs []*admin_pb.DataOrg) (*admin_pb.ImportDataResponse, *count, error) { +func importOrg1(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, ctxData authz.CtxData, org *admin_pb.DataOrg, success *admin_pb.ImportDataSuccess, count *counts, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode, appSecretGenerator crypto.Generator) error { + _, err := s.command.AddOrgWithID(ctx, org.GetOrg().GetName(), ctxData.UserID, ctxData.ResourceOwner, org.GetOrgId(), []string{}) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "org", Id: org.GetOrgId(), Message: err.Error()}) + if _, err := s.query.OrgByID(ctx, true, org.OrgId); err != nil { + // TODO: Only nil if err != not found + return nil + } + } + successOrg := &admin_pb.ImportDataSuccessOrg{ + OrgId: org.GetOrgId(), + ProjectIds: []string{}, + OidcAppIds: []string{}, + ApiAppIds: []string{}, + HumanUserIds: []string{}, + MachineUserIds: []string{}, + ActionIds: []string{}, + ProjectGrants: []*admin_pb.ImportDataSuccessProjectGrant{}, + UserGrants: []*admin_pb.ImportDataSuccessUserGrant{}, + OrgMembers: []string{}, + ProjectMembers: []*admin_pb.ImportDataSuccessProjectMember{}, + ProjectGrantMembers: []*admin_pb.ImportDataSuccessProjectGrantMember{}, + } + logging.Debugf("successful org: %s", successOrg.OrgId) + success.Orgs = append(success.Orgs, successOrg) + + domainPolicy := org.GetDomainPolicy() + if org.DomainPolicy != nil { + _, err := s.command.AddOrgDomainPolicy(ctx, org.GetOrgId(), domainPolicy.UserLoginMustBeDomain, domainPolicy.ValidateOrgDomains, domainPolicy.SmtpSenderAddressMatchesInstanceDomain) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "domain_policy", Id: org.GetOrgId(), Message: err.Error()}) + } + } + return importResources(ctx, s, errors, successOrg, org, count, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode, appSecretGenerator) +} + +func importLabelPolicy(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) error { + if org.LabelPolicy == nil { + return nil + } + _, err := s.command.AddLabelPolicy(ctx, org.GetOrgId(), management.AddLabelPolicyToDomain(org.GetLabelPolicy())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "label_policy", Id: org.GetOrgId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + } else { + _, err = s.command.ActivateLabelPolicy(ctx, org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "label_policy", Id: org.GetOrgId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + } + } + return nil +} + +func importLockoutPolicy(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.LockoutPolicy == nil { + return + } + _, err := s.command.AddLockoutPolicy(ctx, org.GetOrgId(), management.AddLockoutPolicyToDomain(org.GetLockoutPolicy())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "lockout_policy", Id: org.GetOrgId(), Message: err.Error()}) + } +} + +func importOidcIdps(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg) error { + if org.OidcIdps == nil { + return nil + } + for _, idp := range org.OidcIdps { + logging.Debugf("import oidcidp: %s", idp.IdpId) + _, err := s.command.ImportIDPConfig(ctx, management.AddOIDCIDPRequestToDomain(idp.Idp), idp.IdpId, org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "oidc_idp", Id: idp.IdpId, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + logging.Debugf("successful oidcidp: %s", idp.GetIdpId()) + successOrg.OidcIpds = append(successOrg.OidcIpds, idp.GetIdpId()) + } + return nil +} + +func importJwtIdps(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg) error { + if org.JwtIdps == nil { + return nil + } + for _, idp := range org.JwtIdps { + logging.Debugf("import jwtidp: %s", idp.IdpId) + _, err := s.command.ImportIDPConfig(ctx, management.AddJWTIDPRequestToDomain(idp.Idp), idp.IdpId, org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "jwt_idp", Id: idp.IdpId, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + logging.Debugf("successful jwtidp: %s", idp.GetIdpId()) + successOrg.JwtIdps = append(successOrg.JwtIdps, idp.GetIdpId()) + } + return nil +} + +func importLoginPolicy(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.LoginPolicy == nil { + return + } + _, err := s.command.AddLoginPolicy(ctx, org.GetOrgId(), management.AddLoginPolicyToCommand(org.GetLoginPolicy())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "login_policy", Id: org.GetOrgId(), Message: err.Error()}) + } +} + +func importPwComlexityPolicy(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.PasswordComplexityPolicy == nil { + return + } + _, err := s.command.AddPasswordComplexityPolicy(ctx, org.GetOrgId(), management.AddPasswordComplexityPolicyToDomain(org.GetPasswordComplexityPolicy())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "password_complexity_policy", Id: org.GetOrgId(), Message: err.Error()}) + } +} + +func importPrivacyPolicy(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.PrivacyPolicy == nil { + return + } + _, err := s.command.AddPrivacyPolicy(ctx, org.GetOrgId(), management.AddPrivacyPolicyToDomain(org.GetPrivacyPolicy())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "privacy_policy", Id: org.GetOrgId(), Message: err.Error()}) + } +} + +func importHumanUsers(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode crypto.Generator) error { + if org.HumanUsers == nil { + return nil + } + for _, user := range org.GetHumanUsers() { + logging.Debugf("import user: %s", user.GetUserId()) + human, passwordless, links := management.ImportHumanUserRequestToDomain(user.User) + human.AggregateID = user.UserId + _, _, err := s.command.ImportHuman(ctx, org.GetOrgId(), human, passwordless, links, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "human_user", Id: user.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + } else { + count.humanUserCount += 1 + logging.Debugf("successful user %d: %s", count.humanUserCount, user.GetUserId()) + successOrg.HumanUserIds = append(successOrg.HumanUserIds, user.GetUserId()) + } + + if user.User.OtpCode != "" { + logging.Debugf("import user otp: %s", user.GetUserId()) + if err := s.command.ImportHumanTOTP(ctx, user.UserId, "", org.GetOrgId(), user.User.OtpCode); err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "human_user_otp", Id: user.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + } else { + logging.Debugf("successful user otp: %s", user.GetUserId()) + } + } + } + return nil +} + +func importMachineUsers(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.MachineUsers == nil { + return nil + } + for _, user := range org.GetMachineUsers() { + logging.Debugf("import user: %s", user.GetUserId()) + _, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId())) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "machine_user", Id: user.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.machineUserCount += 1 + logging.Debugf("successful user %d: %s", count.machineUserCount, user.GetUserId()) + successOrg.MachineUserIds = append(successOrg.MachineUserIds, user.GetUserId()) + } + return nil +} + +func importUserMetadata(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.UserMetadata == nil { + return nil + } + for _, userMetadata := range org.GetUserMetadata() { + logging.Debugf("import usermetadata: %s", userMetadata.GetId()+"_"+userMetadata.GetKey()) + _, err := s.command.SetUserMetadata(ctx, &domain.Metadata{Key: userMetadata.GetKey(), Value: userMetadata.GetValue()}, userMetadata.GetId(), org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "user_metadata", Id: userMetadata.GetId() + "_" + userMetadata.GetKey(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.userMetadataCount += 1 + logging.Debugf("successful usermetadata %d: %s", count.userMetadataCount, userMetadata.GetId()+"_"+userMetadata.GetKey()) + successOrg.UserMetadata = append(successOrg.UserMetadata, &admin_pb.ImportDataSuccessUserMetadata{UserId: userMetadata.GetId(), Key: userMetadata.GetKey()}) + } + return nil +} + +func importMachineKeys(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.MachineKeys == nil { + return nil + } + for _, key := range org.GetMachineKeys() { + logging.Debugf("import machine_user_key: %s", key.KeyId) + _, err := s.command.AddUserMachineKey(ctx, &command.MachineKey{ + ObjectRoot: models.ObjectRoot{ + AggregateID: key.UserId, + ResourceOwner: org.GetOrgId(), + }, + KeyID: key.KeyId, + Type: authn.KeyTypeToDomain(key.Type), + ExpirationDate: key.ExpirationDate.AsTime(), + PublicKey: key.PublicKey, + }) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "machine_user_key", Id: key.KeyId, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.machineKeysCount += 1 + logging.Debugf("successful machine_user_key %d: %s", count.machineKeysCount, key.KeyId) + successOrg.MachineKeys = append(successOrg.MachineKeys, key.KeyId) + } + return nil +} + +func importUserLinks(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.UserLinks == nil { + return nil + } + for _, userLinks := range org.GetUserLinks() { + logging.Debugf("import userlink: %s", userLinks.GetUserId()+"_"+userLinks.GetIdpId()+"_"+userLinks.GetProvidedUserId()+"_"+userLinks.GetProvidedUserName()) + externalIDP := &command.AddLink{ + IDPID: userLinks.IdpId, + IDPExternalID: userLinks.ProvidedUserId, + DisplayName: userLinks.ProvidedUserName, + } + if _, err := s.command.AddUserIDPLink(ctx, userLinks.UserId, org.GetOrgId(), externalIDP); err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "user_link", Id: userLinks.UserId + "_" + userLinks.IdpId, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.userLinksCount += 1 + logging.Debugf("successful userlink %d: %s", count.userLinksCount, userLinks.GetUserId()+"_"+userLinks.GetIdpId()+"_"+userLinks.GetProvidedUserId()+"_"+userLinks.GetProvidedUserName()) + successOrg.UserLinks = append(successOrg.UserLinks, &admin_pb.ImportDataSuccessUserLinks{UserId: userLinks.GetUserId(), IdpId: userLinks.GetIdpId(), ExternalUserId: userLinks.GetProvidedUserId(), DisplayName: userLinks.GetProvidedUserName()}) + } + return nil + +} + +func importProjects(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.Projects == nil { + return nil + } + for _, project := range org.GetProjects() { + logging.Debugf("import project: %s", project.GetProjectId()) + _, err := s.command.AddProjectWithID(ctx, management.ProjectCreateToDomain(project.GetProject()), org.GetOrgId(), project.GetProjectId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "project", Id: project.GetProjectId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.projectCount += 1 + logging.Debugf("successful project %d: %s", count.projectCount, project.GetProjectId()) + successOrg.ProjectIds = append(successOrg.ProjectIds, project.GetProjectId()) + } + return nil +} + +func importOIDCApps(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts, appSecretGenerator crypto.Generator) error { + if org.OidcApps == nil { + return nil + } + for _, app := range org.GetOidcApps() { + logging.Debugf("import oidcapplication: %s", app.GetAppId()) + _, err := s.command.AddOIDCApplicationWithID(ctx, management.AddOIDCAppRequestToDomain(app.App), org.GetOrgId(), app.GetAppId(), appSecretGenerator) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "oidc_app", Id: app.GetAppId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.oidcAppCount += 1 + logging.Debugf("successful oidcapplication %d: %s", count.oidcAppCount, app.GetAppId()) + successOrg.OidcAppIds = append(successOrg.OidcAppIds, app.GetAppId()) + } + return nil +} + +func importAPIApps(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts, appSecretGenerator crypto.Generator) error { + if org.ApiApps == nil { + return nil + } + for _, app := range org.GetApiApps() { + logging.Debugf("import apiapplication: %s", app.GetAppId()) + _, err := s.command.AddAPIApplicationWithID(ctx, management.AddAPIAppRequestToDomain(app.GetApp()), org.GetOrgId(), app.GetAppId(), appSecretGenerator) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "api_app", Id: app.GetAppId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.apiAppCount += 1 + logging.Debugf("successful apiapplication %d: %s", count.apiAppCount, app.GetAppId()) + successOrg.ApiAppIds = append(successOrg.ApiAppIds, app.GetAppId()) + } + return nil +} + +func importAppKeys(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.AppKeys == nil { + return nil + } + for _, key := range org.GetAppKeys() { + logging.Debugf("import app_key: %s", key.Id) + _, err := s.command.AddApplicationKeyWithID(ctx, &domain.ApplicationKey{ + ObjectRoot: models.ObjectRoot{ + AggregateID: key.ProjectId, + ResourceOwner: org.GetOrgId(), + }, + ApplicationID: key.AppId, + ClientID: key.ClientId, + KeyID: key.Id, + Type: authn.KeyTypeToDomain(key.Type), + ExpirationDate: key.ExpirationDate.AsTime(), + PublicKey: key.PublicKey, + }, org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "app_key", Id: key.Id, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.appKeysCount += 1 + logging.Debugf("successful app_key %d: %s", count.appKeysCount, key.Id) + successOrg.AppKeys = append(successOrg.AppKeys, key.Id) + } + return nil +} + +func importActions(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.Actions == nil { + return nil + } + for _, action := range org.GetActions() { + logging.Debugf("import action: %s", action.GetActionId()) + _, _, err := s.command.AddActionWithID(ctx, management.CreateActionRequestToDomain(action.GetAction()), org.GetOrgId(), action.GetActionId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "action", Id: action.GetActionId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.actionCount += 1 + logging.Debugf("successful action %d: %s", count.actionCount, action.GetActionId()) + successOrg.ActionIds = append(successOrg.ActionIds, action.ActionId) + } + return nil +} +func importProjectRoles(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) error { + if org.ProjectRoles == nil { + return nil + } + for _, role := range org.GetProjectRoles() { + logging.Debugf("import projectroles: %s", role.ProjectId+"_"+role.RoleKey) + _, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToDomain(role), org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "project_role", Id: role.ProjectId + "_" + role.RoleKey, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.projectRolesCount += 1 + logging.Debugf("successful projectroles %d: %s", count.projectRolesCount, role.ProjectId+"_"+role.RoleKey) + successOrg.ProjectRoles = append(successOrg.ProjectRoles, successOrg.ActionIds...) + successOrg.ProjectRoles = append(successOrg.ProjectRoles, role.ProjectId+"_"+role.RoleKey) + } + return nil +} + +func importResources(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode, appSecretGenerator crypto.Generator) error { + if err := importOrgDomains(ctx, s, errors, successOrg, org); err != nil { + return err + } + if err := importLabelPolicy(ctx, s, errors, org); err != nil { + return err + } + importLockoutPolicy(ctx, s, errors, org) + if err := importOidcIdps(ctx, s, errors, successOrg, org); err != nil { + return err + } + if err := importJwtIdps(ctx, s, errors, successOrg, org); err != nil { + return err + } + importLoginPolicy(ctx, s, errors, org) + importPwComlexityPolicy(ctx, s, errors, org) + importPrivacyPolicy(ctx, s, errors, org) + importLoginTexts(ctx, s, errors, org) + importInitMessageTexts(ctx, s, errors, org) + importPWResetMessageTexts(ctx, s, errors, org) + importVerifyEmailMessageTexts(ctx, s, errors, org) + importVerifyPhoneMessageTexts(ctx, s, errors, org) + importDomainClaimedMessageTexts(ctx, s, errors, org) + importPasswordlessRegistrationMessageTexts(ctx, s, errors, org) + if err := importHumanUsers(ctx, s, errors, successOrg, org, count, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode); err != nil { + return err + } + if err := importMachineUsers(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importUserMetadata(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importMachineKeys(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importUserLinks(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importProjects(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importOIDCApps(ctx, s, errors, successOrg, org, count, appSecretGenerator); err != nil { + return err + } + if err := importAPIApps(ctx, s, errors, successOrg, org, count, appSecretGenerator); err != nil { + return err + } + if err := importAppKeys(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importActions(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + if err := importProjectRoles(ctx, s, errors, successOrg, org, count); err != nil { + return err + } + return nil +} + +func importOrgDomains(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg) error { + if org.Domains == nil { + return nil + } + for _, domainR := range org.Domains { + orgDomain := &domain.OrgDomain{ + ObjectRoot: models.ObjectRoot{ + AggregateID: org.GetOrgId(), + }, + Domain: domainR.DomainName, + Verified: domainR.IsVerified, + Primary: domainR.IsPrimary, + } + _, err := s.command.AddOrgDomain(ctx, org.GetOrgId(), domainR.DomainName, []string{}) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "domain", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + logging.Debugf("successful domain: %s", domainR.DomainName) + successOrg.Domains = append(successOrg.Domains, domainR.DomainName) + + if domainR.IsVerified { + if _, err := s.command.VerifyOrgDomain(ctx, org.GetOrgId(), domainR.DomainName); err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "domain_isverified", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) + } + } + if domainR.IsPrimary { + if _, err := s.command.SetPrimaryOrgDomain(ctx, orgDomain); err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "domain_isprimary", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) + } + } + } + return nil +} + +func importLoginTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.LoginTexts == nil { + return + } + for _, text := range org.GetLoginTexts() { + _, err := s.command.SetOrgLoginText(ctx, org.GetOrgId(), management.SetLoginCustomTextToDomain(text)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "login_texts", Id: org.GetOrgId() + "_" + text.Language, Message: err.Error()}) + } + } +} + +func importInitMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.InitMessages == nil { + return + } + for _, message := range org.GetInitMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetInitCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "init_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importPWResetMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.PasswordResetMessages == nil { + return + } + for _, message := range org.GetPasswordResetMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetPasswordResetCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "password_reset_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importVerifyEmailMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.VerifyEmailMessages == nil { + return + } + for _, message := range org.GetVerifyEmailMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetVerifyEmailCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "verify_email_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importVerifyPhoneMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.VerifyPhoneMessages != nil { + return + } + for _, message := range org.GetVerifyPhoneMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetVerifyPhoneCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "verify_phone_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importDomainClaimedMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.DomainClaimedMessages == nil { + return + } + for _, message := range org.GetDomainClaimedMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetDomainClaimedCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "domain_claimed_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importPasswordlessRegistrationMessageTexts(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, org *admin_pb.DataOrg) { + if org.PasswordlessRegistrationMessages == nil { + return + } + for _, message := range org.GetPasswordlessRegistrationMessages() { + _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetPasswordlessRegistrationCustomTextToDomain(message)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "passwordless_registration_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) + } + } +} + +func importOrg2(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, success *admin_pb.ImportDataSuccess, count *counts, org *admin_pb.DataOrg) error { + successOrg := findOldOrg(success, org.OrgId) + if successOrg == nil { + return nil + } + if org.TriggerActions != nil { + for _, triggerAction := range org.GetTriggerActions() { + _, err := s.command.SetTriggerActions(ctx, action_grpc.FlowTypeToDomain(triggerAction.FlowType), action_grpc.TriggerTypeToDomain(triggerAction.TriggerType), triggerAction.ActionIds, org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "trigger_action", Id: triggerAction.FlowType + "_" + triggerAction.TriggerType, Message: err.Error()}) + continue + } + successOrg.TriggerActions = append(successOrg.TriggerActions, &management_pb.SetTriggerActionsRequest{FlowType: triggerAction.FlowType, TriggerType: triggerAction.TriggerType, ActionIds: triggerAction.GetActionIds()}) + } + } + if org.ProjectGrants != nil { + for _, grant := range org.GetProjectGrants() { + logging.Debugf("import projectgrant: %s", grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId()) + _, err := s.command.AddProjectGrantWithID(ctx, management.AddProjectGrantRequestToDomain(grant.GetProjectGrant()), grant.GetGrantId(), org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "project_grant", Id: org.GetOrgId() + "_" + grant.GetProjectGrant().GetProjectId() + "_" + grant.GetProjectGrant().GetGrantedOrgId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.projectGrantCount += 1 + logging.Debugf("successful projectgrant %d: %s", count.projectGrantCount, grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId()) + successOrg.ProjectGrants = append(successOrg.ProjectGrants, &admin_pb.ImportDataSuccessProjectGrant{GrantId: grant.GetGrantId(), ProjectId: grant.GetProjectGrant().GetProjectId(), OrgId: grant.GetProjectGrant().GetGrantedOrgId()}) + } + } + if org.UserGrants != nil { + for _, grant := range org.GetUserGrants() { + logging.Debugf("import usergrant: %s", grant.GetProjectId()+"_"+grant.GetUserId()) + _, err := s.command.AddUserGrant(ctx, management.AddUserGrantRequestToDomain(grant), org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "user_grant", Id: org.GetOrgId() + "_" + grant.GetProjectId() + "_" + grant.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.userGrantCount += 1 + logging.Debugf("successful usergrant %d: %s", count.userGrantCount, grant.GetProjectId()+"_"+grant.GetUserId()) + successOrg.UserGrants = append(successOrg.UserGrants, &admin_pb.ImportDataSuccessUserGrant{ProjectId: grant.GetProjectId(), UserId: grant.GetUserId()}) + } + } + return nil +} + +func importOrg3(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, success *admin_pb.ImportDataSuccess, count *counts, org *admin_pb.DataOrg) error { + successOrg := findOldOrg(success, org.OrgId) + if successOrg == nil { + return nil + } + if err := importOrgMembers(ctx, s, errors, successOrg, count, org); err != nil { + return err + } + if err := importProjectGrantMembers(ctx, s, errors, successOrg, count, org); err != nil { + return err + } + return importProjectMembers(ctx, s, errors, successOrg, count, org) +} + +func importOrgMembers(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, count *counts, org *admin_pb.DataOrg) error { + if org.OrgMembers == nil { + return nil + } + for _, member := range org.GetOrgMembers() { + logging.Debugf("import orgmember: %s", member.GetUserId()) + _, err := s.command.AddOrgMember(ctx, org.GetOrgId(), member.GetUserId(), member.GetRoles()...) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "org_member", Id: org.GetOrgId() + "_" + member.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.orgMemberCount += 1 + logging.Debugf("successful orgmember %d: %s", count.orgMemberCount, member.GetUserId()) + successOrg.OrgMembers = append(successOrg.OrgMembers, member.GetUserId()) + } + return nil +} + +func importProjectGrantMembers(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, count *counts, org *admin_pb.DataOrg) error { + if org.ProjectGrantMembers == nil { + return nil + } + for _, member := range org.GetProjectGrantMembers() { + logging.Debugf("import projectgrantmember: %s", member.GetProjectId()+"_"+member.GetGrantId()+"_"+member.GetUserId()) + _, err := s.command.AddProjectGrantMember(ctx, management.AddProjectGrantMemberRequestToDomain(member)) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "project_grant_member", Id: org.GetOrgId() + "_" + member.GetProjectId() + "_" + member.GetGrantId() + "_" + member.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.projectGrantMemberCount += 1 + logging.Debugf("successful projectgrantmember %d: %s", count.projectGrantMemberCount, member.GetProjectId()+"_"+member.GetGrantId()+"_"+member.GetUserId()) + successOrg.ProjectGrantMembers = append(successOrg.ProjectGrantMembers, &admin_pb.ImportDataSuccessProjectGrantMember{ProjectId: member.GetProjectId(), GrantId: member.GetGrantId(), UserId: member.GetUserId()}) + } + return nil +} + +func importProjectMembers(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, count *counts, org *admin_pb.DataOrg) error { + if org.ProjectMembers == nil { + return nil + } + for _, member := range org.GetProjectMembers() { + logging.Debugf("import orgmember: %s", member.GetProjectId()+"_"+member.GetUserId()) + _, err := s.command.AddProjectMember(ctx, management.AddProjectMemberRequestToDomain(member), org.GetOrgId()) + if err != nil { + *errors = append(*errors, &admin_pb.ImportDataError{Type: "project_member", Id: org.GetOrgId() + "_" + member.GetProjectId() + "_" + member.GetUserId(), Message: err.Error()}) + if isCtxTimeout(ctx) { + return err + } + continue + } + count.projectMembersCount += 1 + logging.Debugf("successful orgmember %d: %s", count.projectMembersCount, member.GetProjectId()+"_"+member.GetUserId()) + successOrg.ProjectMembers = append(successOrg.ProjectMembers, &admin_pb.ImportDataSuccessProjectMember{ProjectId: member.GetProjectId(), UserId: member.GetUserId()}) + } + return nil +} + +func findOldOrg(success *admin_pb.ImportDataSuccess, orgId string) *admin_pb.ImportDataSuccessOrg { + for _, oldOrd := range success.Orgs { + if orgId == oldOrd.OrgId { + return oldOrd + } + } + return nil +} + +func (s *Server) importData(ctx context.Context, orgs []*admin_pb.DataOrg) (*admin_pb.ImportDataResponse, *counts, error) { errors := make([]*admin_pb.ImportDataError, 0) success := &admin_pb.ImportDataSuccess{} - count := &count{} + count := &counts{} appSecretGenerator, err := s.query.InitHashGenerator(ctx, domain.SecretGeneratorTypeAppSecret, s.passwordHashAlg) if err != nil { @@ -338,533 +1063,21 @@ func (s *Server) importData(ctx context.Context, orgs []*admin_pb.DataOrg) (*adm count.machineKeysCount += len(org.GetMachineKeys()) count.appKeysCount += len(org.GetAppKeys()) } - for _, org := range orgs { - _, err := s.command.AddOrgWithID(ctx, org.GetOrg().GetName(), ctxData.UserID, ctxData.ResourceOwner, org.GetOrgId(), []string{}) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "org", Id: org.GetOrgId(), Message: err.Error()}) - - if _, err := s.query.OrgByID(ctx, true, org.OrgId); err != nil { - continue - } - } - successOrg := &admin_pb.ImportDataSuccessOrg{ - OrgId: org.GetOrgId(), - ProjectIds: []string{}, - OidcAppIds: []string{}, - ApiAppIds: []string{}, - HumanUserIds: []string{}, - MachineUserIds: []string{}, - ActionIds: []string{}, - ProjectGrants: []*admin_pb.ImportDataSuccessProjectGrant{}, - UserGrants: []*admin_pb.ImportDataSuccessUserGrant{}, - OrgMembers: []string{}, - ProjectMembers: []*admin_pb.ImportDataSuccessProjectMember{}, - ProjectGrantMembers: []*admin_pb.ImportDataSuccessProjectGrantMember{}, - } - logging.Debugf("successful org: %s", successOrg.OrgId) - success.Orgs = append(success.Orgs, successOrg) - - domainPolicy := org.GetDomainPolicy() - if org.DomainPolicy != nil { - _, err := s.command.AddOrgDomainPolicy(ctx, org.GetOrgId(), domainPolicy.UserLoginMustBeDomain, domainPolicy.ValidateOrgDomains, domainPolicy.SmtpSenderAddressMatchesInstanceDomain) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "domain_policy", Id: org.GetOrgId(), Message: err.Error()}) - } - } - if org.Domains != nil { - for _, domainR := range org.Domains { - orgDomain := &domain.OrgDomain{ - ObjectRoot: models.ObjectRoot{ - AggregateID: org.GetOrgId(), - }, - Domain: domainR.DomainName, - Verified: domainR.IsVerified, - Primary: domainR.IsPrimary, - } - _, err := s.command.AddOrgDomain(ctx, org.GetOrgId(), domainR.DomainName, []string{}) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "domain", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - logging.Debugf("successful domain: %s", domainR.DomainName) - successOrg.Domains = append(successOrg.Domains, domainR.DomainName) - - if domainR.IsVerified { - if _, err := s.command.VerifyOrgDomain(ctx, org.GetOrgId(), domainR.DomainName); err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "domain_isverified", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) - } - } - if domainR.IsPrimary { - if _, err := s.command.SetPrimaryOrgDomain(ctx, orgDomain); err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "domain_isprimary", Id: org.GetOrgId() + "_" + domainR.DomainName, Message: err.Error()}) - } - } - } - } - if org.LabelPolicy != nil { - _, err = s.command.AddLabelPolicy(ctx, org.GetOrgId(), management.AddLabelPolicyToDomain(org.GetLabelPolicy())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "label_policy", Id: org.GetOrgId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - } else { - _, err = s.command.ActivateLabelPolicy(ctx, org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "label_policy", Id: org.GetOrgId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - } - } - } - if org.LockoutPolicy != nil { - _, err = s.command.AddLockoutPolicy(ctx, org.GetOrgId(), management.AddLockoutPolicyToDomain(org.GetLockoutPolicy())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "lockout_policy", Id: org.GetOrgId(), Message: err.Error()}) - } - } - if org.OidcIdps != nil { - for _, idp := range org.OidcIdps { - logging.Debugf("import oidcidp: %s", idp.IdpId) - _, err := s.command.ImportIDPConfig(ctx, management.AddOIDCIDPRequestToDomain(idp.Idp), idp.IdpId, org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "oidc_idp", Id: idp.IdpId, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - logging.Debugf("successful oidcidp: %s", idp.GetIdpId()) - successOrg.OidcIpds = append(successOrg.OidcIpds, idp.GetIdpId()) - } - } - if org.JwtIdps != nil { - for _, idp := range org.JwtIdps { - logging.Debugf("import jwtidp: %s", idp.IdpId) - _, err := s.command.ImportIDPConfig(ctx, management.AddJWTIDPRequestToDomain(idp.Idp), idp.IdpId, org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "jwt_idp", Id: idp.IdpId, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - logging.Debugf("successful jwtidp: %s", idp.GetIdpId()) - successOrg.JwtIdps = append(successOrg.JwtIdps, idp.GetIdpId()) - } - } - if org.LoginPolicy != nil { - _, err = s.command.AddLoginPolicy(ctx, org.GetOrgId(), management.AddLoginPolicyToCommand(org.GetLoginPolicy())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "login_policy", Id: org.GetOrgId(), Message: err.Error()}) - } - } - if org.PasswordComplexityPolicy != nil { - _, err = s.command.AddPasswordComplexityPolicy(ctx, org.GetOrgId(), management.AddPasswordComplexityPolicyToDomain(org.GetPasswordComplexityPolicy())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "password_complexity_policy", Id: org.GetOrgId(), Message: err.Error()}) - } - } - if org.PrivacyPolicy != nil { - _, err = s.command.AddPrivacyPolicy(ctx, org.GetOrgId(), management.AddPrivacyPolicyToDomain(org.GetPrivacyPolicy())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "privacy_policy", Id: org.GetOrgId(), Message: err.Error()}) - } - } - if org.LoginTexts != nil { - for _, text := range org.GetLoginTexts() { - _, err := s.command.SetOrgLoginText(ctx, org.GetOrgId(), management.SetLoginCustomTextToDomain(text)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "login_texts", Id: org.GetOrgId() + "_" + text.Language, Message: err.Error()}) - } - } - } - if org.InitMessages != nil { - for _, message := range org.GetInitMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetInitCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "init_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - if org.PasswordResetMessages != nil { - for _, message := range org.GetPasswordResetMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetPasswordResetCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "password_reset_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - if org.VerifyEmailMessages != nil { - for _, message := range org.GetVerifyEmailMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetVerifyEmailCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "verify_email_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - if org.VerifyPhoneMessages != nil { - for _, message := range org.GetVerifyPhoneMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetVerifyPhoneCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "verify_phone_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - if org.DomainClaimedMessages != nil { - for _, message := range org.GetDomainClaimedMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetDomainClaimedCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "domain_claimed_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - if org.PasswordlessRegistrationMessages != nil { - for _, message := range org.GetPasswordlessRegistrationMessages() { - _, err := s.command.SetOrgMessageText(ctx, authz.GetCtxData(ctx).OrgID, management.SetPasswordlessRegistrationCustomTextToDomain(message)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "passwordless_registration_message", Id: org.GetOrgId() + "_" + message.Language, Message: err.Error()}) - } - } - } - - if org.HumanUsers != nil { - for _, user := range org.GetHumanUsers() { - logging.Debugf("import user: %s", user.GetUserId()) - human, passwordless, links := management.ImportHumanUserRequestToDomain(user.User) - human.AggregateID = user.UserId - _, _, err := s.command.ImportHuman(ctx, org.GetOrgId(), human, passwordless, links, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "human_user", Id: user.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - } else { - count.humanUserCount += 1 - logging.Debugf("successful user %d: %s", count.humanUserCount, user.GetUserId()) - successOrg.HumanUserIds = append(successOrg.HumanUserIds, user.GetUserId()) - } - - if user.User.OtpCode != "" { - logging.Debugf("import user otp: %s", user.GetUserId()) - if err := s.command.ImportHumanTOTP(ctx, user.UserId, "", org.GetOrgId(), user.User.OtpCode); err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "human_user_otp", Id: user.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - } else { - logging.Debugf("successful user otp: %s", user.GetUserId()) - } - } - } - } - if org.MachineUsers != nil { - for _, user := range org.GetMachineUsers() { - logging.Debugf("import user: %s", user.GetUserId()) - _, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId())) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "machine_user", Id: user.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.machineUserCount += 1 - logging.Debugf("successful user %d: %s", count.machineUserCount, user.GetUserId()) - successOrg.MachineUserIds = append(successOrg.MachineUserIds, user.GetUserId()) - } - } - if org.UserMetadata != nil { - for _, userMetadata := range org.GetUserMetadata() { - logging.Debugf("import usermetadata: %s", userMetadata.GetId()+"_"+userMetadata.GetKey()) - _, err := s.command.SetUserMetadata(ctx, &domain.Metadata{Key: userMetadata.GetKey(), Value: userMetadata.GetValue()}, userMetadata.GetId(), org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "user_metadata", Id: userMetadata.GetId() + "_" + userMetadata.GetKey(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.userMetadataCount += 1 - logging.Debugf("successful usermetadata %d: %s", count.userMetadataCount, userMetadata.GetId()+"_"+userMetadata.GetKey()) - successOrg.UserMetadata = append(successOrg.UserMetadata, &admin_pb.ImportDataSuccessUserMetadata{UserId: userMetadata.GetId(), Key: userMetadata.GetKey()}) - } - } - if org.MachineKeys != nil { - for _, key := range org.GetMachineKeys() { - logging.Debugf("import machine_user_key: %s", key.KeyId) - _, err := s.command.AddUserMachineKey(ctx, &command.MachineKey{ - ObjectRoot: models.ObjectRoot{ - AggregateID: key.UserId, - ResourceOwner: org.GetOrgId(), - }, - KeyID: key.KeyId, - Type: authn.KeyTypeToDomain(key.Type), - ExpirationDate: key.ExpirationDate.AsTime(), - PublicKey: key.PublicKey, - }) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "machine_user_key", Id: key.KeyId, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.machineKeysCount += 1 - logging.Debugf("successful machine_user_key %d: %s", count.machineKeysCount, key.KeyId) - successOrg.MachineKeys = append(successOrg.MachineKeys, key.KeyId) - } - } - if org.UserLinks != nil { - for _, userLinks := range org.GetUserLinks() { - logging.Debugf("import userlink: %s", userLinks.GetUserId()+"_"+userLinks.GetIdpId()+"_"+userLinks.GetProvidedUserId()+"_"+userLinks.GetProvidedUserName()) - externalIDP := &command.AddLink{ - IDPID: userLinks.IdpId, - IDPExternalID: userLinks.ProvidedUserId, - DisplayName: userLinks.ProvidedUserName, - } - if _, err := s.command.AddUserIDPLink(ctx, userLinks.UserId, org.GetOrgId(), externalIDP); err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "user_link", Id: userLinks.UserId + "_" + userLinks.IdpId, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.userLinksCount += 1 - logging.Debugf("successful userlink %d: %s", count.userLinksCount, userLinks.GetUserId()+"_"+userLinks.GetIdpId()+"_"+userLinks.GetProvidedUserId()+"_"+userLinks.GetProvidedUserName()) - successOrg.UserLinks = append(successOrg.UserLinks, &admin_pb.ImportDataSuccessUserLinks{UserId: userLinks.GetUserId(), IdpId: userLinks.GetIdpId(), ExternalUserId: userLinks.GetProvidedUserId(), DisplayName: userLinks.GetProvidedUserName()}) - } - } - if org.Projects != nil { - for _, project := range org.GetProjects() { - logging.Debugf("import project: %s", project.GetProjectId()) - _, err := s.command.AddProjectWithID(ctx, management.ProjectCreateToDomain(project.GetProject()), org.GetOrgId(), project.GetProjectId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "project", Id: project.GetProjectId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.projectCount += 1 - logging.Debugf("successful project %d: %s", count.projectCount, project.GetProjectId()) - successOrg.ProjectIds = append(successOrg.ProjectIds, project.GetProjectId()) - } - } - if org.OidcApps != nil { - for _, app := range org.GetOidcApps() { - logging.Debugf("import oidcapplication: %s", app.GetAppId()) - _, err := s.command.AddOIDCApplicationWithID(ctx, management.AddOIDCAppRequestToDomain(app.App), org.GetOrgId(), app.GetAppId(), appSecretGenerator) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "oidc_app", Id: app.GetAppId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.oidcAppCount += 1 - logging.Debugf("successful oidcapplication %d: %s", count.oidcAppCount, app.GetAppId()) - successOrg.OidcAppIds = append(successOrg.OidcAppIds, app.GetAppId()) - } - } - if org.ApiApps != nil { - for _, app := range org.GetApiApps() { - logging.Debugf("import apiapplication: %s", app.GetAppId()) - _, err := s.command.AddAPIApplicationWithID(ctx, management.AddAPIAppRequestToDomain(app.GetApp()), org.GetOrgId(), app.GetAppId(), appSecretGenerator) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "api_app", Id: app.GetAppId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.apiAppCount += 1 - logging.Debugf("successful apiapplication %d: %s", count.apiAppCount, app.GetAppId()) - successOrg.ApiAppIds = append(successOrg.ApiAppIds, app.GetAppId()) - } - } - if org.AppKeys != nil { - for _, key := range org.GetAppKeys() { - logging.Debugf("import app_key: %s", key.Id) - _, err := s.command.AddApplicationKeyWithID(ctx, &domain.ApplicationKey{ - ObjectRoot: models.ObjectRoot{ - AggregateID: key.ProjectId, - ResourceOwner: org.GetOrgId(), - }, - ApplicationID: key.AppId, - ClientID: key.ClientId, - KeyID: key.Id, - Type: authn.KeyTypeToDomain(key.Type), - ExpirationDate: key.ExpirationDate.AsTime(), - PublicKey: key.PublicKey, - }, org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "app_key", Id: key.Id, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.appKeysCount += 1 - logging.Debugf("successful app_key %d: %s", count.appKeysCount, key.Id) - successOrg.AppKeys = append(successOrg.AppKeys, key.Id) - } - } - if org.Actions != nil { - for _, action := range org.GetActions() { - logging.Debugf("import action: %s", action.GetActionId()) - _, _, err := s.command.AddActionWithID(ctx, management.CreateActionRequestToDomain(action.GetAction()), org.GetOrgId(), action.GetActionId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "action", Id: action.GetActionId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.actionCount += 1 - logging.Debugf("successful action %d: %s", count.actionCount, action.GetActionId()) - successOrg.ActionIds = append(successOrg.ActionIds, action.ActionId) - } - } - if org.ProjectRoles != nil { - for _, role := range org.GetProjectRoles() { - logging.Debugf("import projectroles: %s", role.ProjectId+"_"+role.RoleKey) - _, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToDomain(role), org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "project_role", Id: role.ProjectId + "_" + role.RoleKey, Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.projectRolesCount += 1 - logging.Debugf("successful projectroles %d: %s", count.projectRolesCount, role.ProjectId+"_"+role.RoleKey) - successOrg.ProjectRoles = append(successOrg.ActionIds, role.ProjectId+"_"+role.RoleKey) - } + if err = importOrg1(ctx, s, &errors, ctxData, org, success, count, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode, appSecretGenerator); err != nil { + return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err } } - for _, org := range orgs { - var successOrg *admin_pb.ImportDataSuccessOrg - for _, oldOrd := range success.Orgs { - if org.OrgId == oldOrd.OrgId { - successOrg = oldOrd - } - } - if successOrg == nil { - continue - } - - if org.TriggerActions != nil { - for _, triggerAction := range org.GetTriggerActions() { - _, err := s.command.SetTriggerActions(ctx, action_grpc.FlowTypeToDomain(triggerAction.FlowType), action_grpc.TriggerTypeToDomain(triggerAction.TriggerType), triggerAction.ActionIds, org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "trigger_action", Id: triggerAction.FlowType + "_" + triggerAction.TriggerType, Message: err.Error()}) - continue - } - successOrg.TriggerActions = append(successOrg.TriggerActions, &management_pb.SetTriggerActionsRequest{FlowType: triggerAction.FlowType, TriggerType: triggerAction.TriggerType, ActionIds: triggerAction.GetActionIds()}) - } - } - if org.ProjectGrants != nil { - for _, grant := range org.GetProjectGrants() { - logging.Debugf("import projectgrant: %s", grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId()) - _, err := s.command.AddProjectGrantWithID(ctx, management.AddProjectGrantRequestToDomain(grant.GetProjectGrant()), grant.GetGrantId(), org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "project_grant", Id: org.GetOrgId() + "_" + grant.GetProjectGrant().GetProjectId() + "_" + grant.GetProjectGrant().GetGrantedOrgId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.projectGrantCount += 1 - logging.Debugf("successful projectgrant %d: %s", count.projectGrantCount, grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId()) - successOrg.ProjectGrants = append(successOrg.ProjectGrants, &admin_pb.ImportDataSuccessProjectGrant{GrantId: grant.GetGrantId(), ProjectId: grant.GetProjectGrant().GetProjectId(), OrgId: grant.GetProjectGrant().GetGrantedOrgId()}) - } - } - if org.UserGrants != nil { - for _, grant := range org.GetUserGrants() { - logging.Debugf("import usergrant: %s", grant.GetProjectId()+"_"+grant.GetUserId()) - _, err := s.command.AddUserGrant(ctx, management.AddUserGrantRequestToDomain(grant), org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "user_grant", Id: org.GetOrgId() + "_" + grant.GetProjectId() + "_" + grant.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.userGrantCount += 1 - logging.Debugf("successful usergrant %d: %s", count.userGrantCount, grant.GetProjectId()+"_"+grant.GetUserId()) - successOrg.UserGrants = append(successOrg.UserGrants, &admin_pb.ImportDataSuccessUserGrant{ProjectId: grant.GetProjectId(), UserId: grant.GetUserId()}) - } + if err = importOrg2(ctx, s, &errors, success, count, org); err != nil { + return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err } } - for _, org := range orgs { - var successOrg *admin_pb.ImportDataSuccessOrg - for _, oldOrd := range success.Orgs { - if org.OrgId == oldOrd.OrgId { - successOrg = oldOrd - } - } - if successOrg == nil { - continue - } - - if org.OrgMembers != nil { - for _, member := range org.GetOrgMembers() { - logging.Debugf("import orgmember: %s", member.GetUserId()) - _, err := s.command.AddOrgMember(ctx, org.GetOrgId(), member.GetUserId(), member.GetRoles()...) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "org_member", Id: org.GetOrgId() + "_" + member.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.orgMemberCount += 1 - logging.Debugf("successful orgmember %d: %s", count.orgMemberCount, member.GetUserId()) - successOrg.OrgMembers = append(successOrg.OrgMembers, member.GetUserId()) - } - } - if org.ProjectGrantMembers != nil { - for _, member := range org.GetProjectGrantMembers() { - logging.Debugf("import projectgrantmember: %s", member.GetProjectId()+"_"+member.GetGrantId()+"_"+member.GetUserId()) - _, err := s.command.AddProjectGrantMember(ctx, management.AddProjectGrantMemberRequestToDomain(member)) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "project_grant_member", Id: org.GetOrgId() + "_" + member.GetProjectId() + "_" + member.GetGrantId() + "_" + member.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.projectGrantMemberCount += 1 - logging.Debugf("successful projectgrantmember %d: %s", count.projectGrantMemberCount, member.GetProjectId()+"_"+member.GetGrantId()+"_"+member.GetUserId()) - successOrg.ProjectGrantMembers = append(successOrg.ProjectGrantMembers, &admin_pb.ImportDataSuccessProjectGrantMember{ProjectId: member.GetProjectId(), GrantId: member.GetGrantId(), UserId: member.GetUserId()}) - } - } - if org.ProjectMembers != nil { - for _, member := range org.GetProjectMembers() { - logging.Debugf("import orgmember: %s", member.GetProjectId()+"_"+member.GetUserId()) - _, err := s.command.AddProjectMember(ctx, management.AddProjectMemberRequestToDomain(member), org.GetOrgId()) - if err != nil { - errors = append(errors, &admin_pb.ImportDataError{Type: "project_member", Id: org.GetOrgId() + "_" + member.GetProjectId() + "_" + member.GetUserId(), Message: err.Error()}) - if isCtxTimeout(ctx) { - return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err - } - continue - } - count.projectMembersCount += 1 - logging.Debugf("successful orgmember %d: %s", count.projectMembersCount, member.GetProjectId()+"_"+member.GetUserId()) - successOrg.ProjectMembers = append(successOrg.ProjectMembers, &admin_pb.ImportDataSuccessProjectMember{ProjectId: member.GetProjectId(), UserId: member.GetUserId()}) - } + if err = importOrg3(ctx, s, &errors, success, count, org); err != nil { + return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err } } - return &admin_pb.ImportDataResponse{ Errors: errors, Success: success, diff --git a/internal/api/grpc/admin/language.go b/internal/api/grpc/admin/language.go index 73924a401e..eecf32d4ed 100644 --- a/internal/api/grpc/admin/language.go +++ b/internal/api/grpc/admin/language.go @@ -2,30 +2,23 @@ package admin import ( "context" - - "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/api/grpc/text" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/i18n" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" ) func (s *Server) GetSupportedLanguages(ctx context.Context, req *admin_pb.GetSupportedLanguagesRequest) (*admin_pb.GetSupportedLanguagesResponse, error) { - langs, err := s.query.Languages(ctx) - if err != nil { - return nil, err - } - return &admin_pb.GetSupportedLanguagesResponse{Languages: text.LanguageTagsToStrings(langs)}, nil + return &admin_pb.GetSupportedLanguagesResponse{Languages: domain.LanguagesToStrings(i18n.SupportedLanguages())}, nil } func (s *Server) SetDefaultLanguage(ctx context.Context, req *admin_pb.SetDefaultLanguageRequest) (*admin_pb.SetDefaultLanguageResponse, error) { - lang, err := language.Parse(req.Language) + lang, err := domain.ParseLanguage(req.Language) if err != nil { - return nil, caos_errors.ThrowInvalidArgument(err, "API-39nnf", "Errors.Language.Parse") + return nil, err } - details, err := s.command.SetDefaultLanguage(ctx, lang) + details, err := s.command.SetDefaultLanguage(ctx, lang[0]) if err != nil { return nil, err } @@ -37,3 +30,15 @@ func (s *Server) SetDefaultLanguage(ctx context.Context, req *admin_pb.SetDefaul func (s *Server) GetDefaultLanguage(ctx context.Context, _ *admin_pb.GetDefaultLanguageRequest) (*admin_pb.GetDefaultLanguageResponse, error) { return &admin_pb.GetDefaultLanguageResponse{Language: authz.GetInstance(ctx).DefaultLanguage().String()}, nil } + +func (s *Server) GetAllowedLanguages(ctx context.Context, _ *admin_pb.GetAllowedLanguagesRequest) (*admin_pb.GetAllowedLanguagesResponse, error) { + restrictions, err := s.query.GetInstanceRestrictions(ctx) + if err != nil { + return nil, err + } + allowed := restrictions.AllowedLanguages + if len(allowed) == 0 { + allowed = i18n.SupportedLanguages() + } + return &admin_pb.GetAllowedLanguagesResponse{Languages: domain.LanguagesToStrings(allowed)}, nil +} diff --git a/internal/api/grpc/admin/language_converter.go b/internal/api/grpc/admin/language_converter.go new file mode 100644 index 0000000000..c36fc229ba --- /dev/null +++ b/internal/api/grpc/admin/language_converter.go @@ -0,0 +1,19 @@ +package admin + +import ( + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/pkg/grpc/admin" +) + +func selectLanguagesToCommand(languages *admin.SelectLanguages) (tags []language.Tag, err error) { + allowedLanguages := languages.GetList() + if allowedLanguages == nil && languages != nil { + allowedLanguages = make([]string, 0) + } + if allowedLanguages == nil { + return nil, nil + } + return domain.ParseLanguage(allowedLanguages...) +} diff --git a/internal/api/grpc/admin/login_policy.go b/internal/api/grpc/admin/login_policy.go index 6b751bec86..9b80cc4c2d 100644 --- a/internal/api/grpc/admin/login_policy.go +++ b/internal/api/grpc/admin/login_policy.go @@ -7,9 +7,7 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/idp" "github.com/zitadel/zitadel/internal/api/grpc/object" policy_grpc "github.com/zitadel/zitadel/internal/api/grpc/policy" - "github.com/zitadel/zitadel/internal/api/grpc/user" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/query" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" ) @@ -61,19 +59,7 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *admin_pb.AddIDPTo } func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *admin_pb.RemoveIDPFromLoginPolicyRequest) (*admin_pb.RemoveIDPFromLoginPolicyResponse, error) { - idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId) - if err != nil { - return nil, err - } - idps, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{ - Queries: []query.SearchQuery{idpQuery}, - }, true) - - if err != nil { - return nil, err - } - - objectDetails, err := s.command.RemoveIDPProviderFromDefaultLoginPolicy(ctx, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(idps.Links)...) + objectDetails, err := s.command.RemoveIDPProviderFromDefaultLoginPolicy(ctx, &domain.IDPProvider{IDPConfigID: req.IdpId}) if err != nil { return nil, err } diff --git a/internal/api/grpc/admin/milestone_converter.go b/internal/api/grpc/admin/milestone_converter.go index 0419cd3fe0..97ac1ae583 100644 --- a/internal/api/grpc/admin/milestone_converter.go +++ b/internal/api/grpc/admin/milestone_converter.go @@ -2,9 +2,9 @@ package admin import ( "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/milestone" + "github.com/zitadel/zitadel/internal/zerrors" admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin" milestone_pb "github.com/zitadel/zitadel/pkg/grpc/milestone" "google.golang.org/protobuf/types/known/timestamppb" @@ -48,7 +48,7 @@ func milestoneQueryToModel(milestoneQuery *milestone_pb.MilestoneQuery) (query.S } return query.NewIsNullQuery(query.MilestoneReachedDateColID) default: - return nil, errors.ThrowInvalidArgument(nil, "ADMIN-sE7pc", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ADMIN-sE7pc", "List.Query.Invalid") } } diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go index f3beb383e5..23fe94a78e 100644 --- a/internal/api/grpc/admin/org.go +++ b/internal/api/grpc/admin/org.go @@ -75,7 +75,6 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (* return nil, err } human := setUpOrgHumanToCommand(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) //TODO: handle machine - createdOrg, err := s.command.SetUpOrg(ctx, &command.OrgSetup{ Name: req.Org.Name, CustomDomain: req.Org.Domain, diff --git a/internal/api/grpc/admin/restrictions.go b/internal/api/grpc/admin/restrictions.go index 974f2e3555..ec4b6b7f18 100644 --- a/internal/api/grpc/admin/restrictions.go +++ b/internal/api/grpc/admin/restrictions.go @@ -5,11 +5,19 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/command" + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/pkg/grpc/admin" ) func (s *Server) SetRestrictions(ctx context.Context, req *admin.SetRestrictionsRequest) (*admin.SetRestrictionsResponse, error) { - details, err := s.command.SetInstanceRestrictions(ctx, &command.SetRestrictions{DisallowPublicOrgRegistration: req.DisallowPublicOrgRegistration}) + lang, err := selectLanguagesToCommand(req.GetAllowedLanguages()) + if err != nil { + return nil, err + } + details, err := s.command.SetInstanceRestrictions(ctx, &command.SetRestrictions{ + DisallowPublicOrgRegistration: req.DisallowPublicOrgRegistration, + AllowedLanguages: lang, + }) if err != nil { return nil, err } @@ -26,5 +34,6 @@ func (s *Server) GetRestrictions(ctx context.Context, _ *admin.GetRestrictionsRe return &admin.GetRestrictionsResponse{ Details: object.ToViewDetailsPb(restrictions.Sequence, restrictions.CreationDate, restrictions.ChangeDate, restrictions.ResourceOwner), DisallowPublicOrgRegistration: restrictions.DisallowPublicOrgRegistration, + AllowedLanguages: domain.LanguagesToStrings(restrictions.AllowedLanguages), }, nil } diff --git a/internal/api/grpc/admin/restrictions_integration_test.go b/internal/api/grpc/admin/restrictions_integration_allow_public_org_registrations_test.go similarity index 51% rename from internal/api/grpc/admin/restrictions_integration_test.go rename to internal/api/grpc/admin/restrictions_integration_allow_public_org_registrations_test.go index 07a56409e9..92707df9d6 100644 --- a/internal/api/grpc/admin/restrictions_integration_test.go +++ b/internal/api/grpc/admin/restrictions_integration_allow_public_org_registrations_test.go @@ -6,6 +6,7 @@ import ( "bytes" "context" "github.com/muhlemmer/gu" + "github.com/stretchr/testify/assert" "io" "net/http" "net/http/cookiejar" @@ -21,7 +22,7 @@ import ( func TestServer_Restrictions_DisallowPublicOrgRegistration(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() - domain, _, iamOwnerCtx := Tester.UseIsolatedInstance(ctx, SystemCTX) + domain, _, iamOwnerCtx := Tester.UseIsolatedInstance(t, ctx, SystemCTX) regOrgUrl, err := url.Parse("http://" + domain + ":8080/ui/login/register/org") require.NoError(t, err) // The CSRF cookie must be sent with every request. @@ -29,19 +30,25 @@ func TestServer_Restrictions_DisallowPublicOrgRegistration(t *testing.T) { jar, err := cookiejar.New(nil) require.NoError(t, err) browserSession := &http.Client{Jar: jar} - // Default should be allowed - csrfToken := awaitAllowed(t, iamOwnerCtx, browserSession, regOrgUrl) - _, err = Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{DisallowPublicOrgRegistration: gu.Ptr(true)}) - require.NoError(t, err) - awaitDisallowed(t, iamOwnerCtx, browserSession, regOrgUrl, csrfToken) - _, err = Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{DisallowPublicOrgRegistration: gu.Ptr(false)}) - require.NoError(t, err) - awaitAllowed(t, iamOwnerCtx, browserSession, regOrgUrl) + var csrfToken string + t.Run("public org registration is allowed by default", func(*testing.T) { + csrfToken = awaitPubOrgRegAllowed(t, iamOwnerCtx, browserSession, regOrgUrl) + }) + t.Run("disallowing public org registration disables the endpoints", func(*testing.T) { + _, err = Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{DisallowPublicOrgRegistration: gu.Ptr(true)}) + require.NoError(t, err) + awaitPubOrgRegDisallowed(t, iamOwnerCtx, browserSession, regOrgUrl, csrfToken) + }) + t.Run("allowing public org registration again re-enables the endpoints", func(*testing.T) { + _, err = Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{DisallowPublicOrgRegistration: gu.Ptr(false)}) + require.NoError(t, err) + awaitPubOrgRegAllowed(t, iamOwnerCtx, browserSession, regOrgUrl) + }) } -// awaitAllowed doesn't accept a CSRF token, as we expected it to always produce a new one -func awaitAllowed(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL) string { - csrfToken := awaitGetResponse(t, ctx, client, parsedURL, http.StatusOK) +// awaitPubOrgRegAllowed doesn't accept a CSRF token, as we expected it to always produce a new one +func awaitPubOrgRegAllowed(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL) string { + csrfToken := awaitGetSSRGetResponse(t, ctx, client, parsedURL, http.StatusOK) awaitPostFormResponse(t, ctx, client, parsedURL, http.StatusOK, csrfToken) restrictions, err := Tester.Client.Admin.GetRestrictions(ctx, &admin.GetRestrictionsRequest{}) require.NoError(t, err) @@ -49,19 +56,19 @@ func awaitAllowed(t *testing.T, ctx context.Context, client *http.Client, parsed return csrfToken } -// awaitDisallowed accepts an old CSRF token, as we don't expect to get a CSRF token from the GET request anymore -func awaitDisallowed(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL, reuseOldCSRFToken string) { - awaitGetResponse(t, ctx, client, parsedURL, http.StatusNotFound) +// awaitPubOrgRegDisallowed accepts an old CSRF token, as we don't expect to get a CSRF token from the GET request anymore +func awaitPubOrgRegDisallowed(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL, reuseOldCSRFToken string) { + awaitGetSSRGetResponse(t, ctx, client, parsedURL, http.StatusNotFound) awaitPostFormResponse(t, ctx, client, parsedURL, http.StatusConflict, reuseOldCSRFToken) restrictions, err := Tester.Client.Admin.GetRestrictions(ctx, &admin.GetRestrictionsRequest{}) require.NoError(t, err) require.True(t, restrictions.DisallowPublicOrgRegistration) } -// awaitGetResponse cuts the CSRF token from the response body if it exists -func awaitGetResponse(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL, expectCode int) string { +// awaitGetSSRGetResponse cuts the CSRF token from the response body if it exists +func awaitGetSSRGetResponse(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL, expectCode int) string { var csrfToken []byte - await(t, ctx, func() bool { + await(t, ctx, func(tt *assert.CollectT) { resp, err := client.Get(parsedURL.String()) require.NoError(t, err) body, err := io.ReadAll(resp.Body) @@ -71,36 +78,18 @@ func awaitGetResponse(t *testing.T, ctx context.Context, client *http.Client, pa if hasCsrfToken { csrfToken, _, _ = bytes.Cut(after, []byte(`">`)) } - return resp.StatusCode == expectCode + assert.Equal(tt, resp.StatusCode, expectCode) }) return string(csrfToken) } // awaitPostFormResponse needs a valid CSRF token to make it to the actual endpoint implementation and get the expected status code func awaitPostFormResponse(t *testing.T, ctx context.Context, client *http.Client, parsedURL *url.URL, expectCode int, csrfToken string) { - await(t, ctx, func() bool { + await(t, ctx, func(tt *assert.CollectT) { resp, err := client.PostForm(parsedURL.String(), url.Values{ "gorilla.csrf.Token": {csrfToken}, }) require.NoError(t, err) - return resp.StatusCode == expectCode - + assert.Equal(tt, resp.StatusCode, expectCode) }) } - -func await(t *testing.T, ctx context.Context, cb func() bool) { - deadline, ok := ctx.Deadline() - require.True(t, ok, "context must have deadline") - require.Eventuallyf( - t, - func() bool { - defer func() { - require.Nil(t, recover(), "panic in await callback") - }() - return cb() - }, - time.Until(deadline), - 100*time.Millisecond, - "awaiting successful callback failed", - ) -} diff --git a/internal/api/grpc/admin/restrictions_integration_allowed_languages_test.go b/internal/api/grpc/admin/restrictions_integration_allowed_languages_test.go new file mode 100644 index 0000000000..277375f525 --- /dev/null +++ b/internal/api/grpc/admin/restrictions_integration_allowed_languages_test.go @@ -0,0 +1,259 @@ +//go:build integration + +package admin_test + +import ( + "context" + "encoding/json" + "io" + "net/http" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/text/language" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + "github.com/zitadel/zitadel/pkg/grpc/admin" + "github.com/zitadel/zitadel/pkg/grpc/management" + "github.com/zitadel/zitadel/pkg/grpc/text" + "github.com/zitadel/zitadel/pkg/grpc/user" +) + +func TestServer_Restrictions_AllowedLanguages(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Hour) + defer cancel() + + var ( + defaultAndAllowedLanguage = language.German + supportedLanguagesStr = []string{language.German.String(), language.English.String(), language.Japanese.String()} + disallowedLanguage = language.Spanish + unsupportedLanguage = language.Afrikaans + ) + + domain, _, iamOwnerCtx := Tester.UseIsolatedInstance(t, ctx, SystemCTX) + t.Run("assumed defaults are correct", func(tt *testing.T) { + tt.Run("languages are not restricted by default", func(ttt *testing.T) { + restrictions, err := Tester.Client.Admin.GetRestrictions(iamOwnerCtx, &admin.GetRestrictionsRequest{}) + require.NoError(ttt, err) + require.Len(ttt, restrictions.AllowedLanguages, 0) + }) + tt.Run("default language is English by default", func(ttt *testing.T) { + defaultLang, err := Tester.Client.Admin.GetDefaultLanguage(iamOwnerCtx, &admin.GetDefaultLanguageRequest{}) + require.NoError(ttt, err) + require.Equal(ttt, language.Make(defaultLang.Language), language.English) + }) + tt.Run("the discovery endpoint returns all supported languages", func(ttt *testing.T) { + awaitDiscoveryEndpoint(ttt, domain, supportedLanguagesStr, nil) + }) + }) + t.Run("restricting the default language fails", func(tt *testing.T) { + _, err := Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{AllowedLanguages: &admin.SelectLanguages{List: []string{defaultAndAllowedLanguage.String()}}}) + expectStatus, ok := status.FromError(err) + require.True(tt, ok) + require.Equal(tt, codes.FailedPrecondition, expectStatus.Code()) + }) + t.Run("not defining any restrictions throws an error", func(tt *testing.T) { + _, err := Tester.Client.Admin.SetRestrictions(iamOwnerCtx, &admin.SetRestrictionsRequest{}) + expectStatus, ok := status.FromError(err) + require.True(tt, ok) + require.Equal(tt, codes.InvalidArgument, expectStatus.Code()) + }) + t.Run("setting the default language works", func(tt *testing.T) { + setAndAwaitDefaultLanguage(iamOwnerCtx, tt, defaultAndAllowedLanguage) + }) + t.Run("restricting allowed languages works", func(tt *testing.T) { + setAndAwaitAllowedLanguages(iamOwnerCtx, tt, []string{defaultAndAllowedLanguage.String()}) + }) + t.Run("GetAllowedLanguage returns only the allowed languages", func(tt *testing.T) { + expectContains, expectNotContains := []string{defaultAndAllowedLanguage.String()}, []string{disallowedLanguage.String()} + adminResp, err := Tester.Client.Admin.GetAllowedLanguages(iamOwnerCtx, &admin.GetAllowedLanguagesRequest{}) + require.NoError(t, err) + langs := adminResp.GetLanguages() + assert.Condition(t, contains(langs, expectContains)) + assert.Condition(t, not(contains(langs, expectNotContains))) + }) + t.Run("setting the default language to a disallowed language fails", func(tt *testing.T) { + _, err := Tester.Client.Admin.SetDefaultLanguage(iamOwnerCtx, &admin.SetDefaultLanguageRequest{Language: disallowedLanguage.String()}) + expectStatus, ok := status.FromError(err) + require.True(tt, ok) + require.Equal(tt, codes.FailedPrecondition, expectStatus.Code()) + }) + t.Run("the list of supported languages includes the disallowed languages", func(tt *testing.T) { + supported, err := Tester.Client.Admin.GetSupportedLanguages(iamOwnerCtx, &admin.GetSupportedLanguagesRequest{}) + require.NoError(tt, err) + require.Condition(tt, contains(supported.GetLanguages(), supportedLanguagesStr)) + }) + t.Run("the disallowed language is not listed in the discovery endpoint", func(tt *testing.T) { + awaitDiscoveryEndpoint(tt, domain, []string{defaultAndAllowedLanguage.String()}, []string{disallowedLanguage.String()}) + }) + t.Run("the login ui is rendered in the default language", func(tt *testing.T) { + awaitLoginUILanguage(tt, domain, disallowedLanguage, defaultAndAllowedLanguage, "Allgemeine Geschäftsbedingungen und Datenschutz") + }) + t.Run("preferred languages are not restricted by the supported languages", func(tt *testing.T) { + tt.Run("change user profile", func(ttt *testing.T) { + resp, err := Tester.Client.Mgmt.ListUsers(iamOwnerCtx, &management.ListUsersRequest{Queries: []*user.SearchQuery{{Query: &user.SearchQuery_UserNameQuery{UserNameQuery: &user.UserNameQuery{ + UserName: "zitadel-admin@zitadel.localhost"}}, + }}}) + require.NoError(ttt, err) + require.Len(ttt, resp.GetResult(), 1) + humanAdmin := resp.GetResult()[0] + profile := humanAdmin.GetHuman().GetProfile() + require.NotEqual(ttt, unsupportedLanguage.String(), profile.GetPreferredLanguage()) + _, updateErr := Tester.Client.Mgmt.UpdateHumanProfile(iamOwnerCtx, &management.UpdateHumanProfileRequest{ + PreferredLanguage: unsupportedLanguage.String(), + UserId: humanAdmin.GetId(), + FirstName: profile.GetFirstName(), + LastName: profile.GetLastName(), + NickName: profile.GetNickName(), + DisplayName: profile.GetDisplayName(), + Gender: profile.GetGender(), + }) + require.NoError(ttt, updateErr) + }) + }) + t.Run("custom texts are only restricted by the supported languages", func(tt *testing.T) { + _, err := Tester.Client.Admin.SetCustomLoginText(iamOwnerCtx, &admin.SetCustomLoginTextsRequest{ + Language: disallowedLanguage.String(), + EmailVerificationText: &text.EmailVerificationScreenText{ + Description: "hodor", + }, + }) + assert.NoError(tt, err) + _, err = Tester.Client.Mgmt.SetCustomLoginText(iamOwnerCtx, &management.SetCustomLoginTextsRequest{ + Language: disallowedLanguage.String(), + EmailVerificationText: &text.EmailVerificationScreenText{ + Description: "hodor", + }, + }) + assert.NoError(tt, err) + _, err = Tester.Client.Mgmt.SetCustomInitMessageText(iamOwnerCtx, &management.SetCustomInitMessageTextRequest{ + Language: disallowedLanguage.String(), + Text: "hodor", + }) + assert.NoError(tt, err) + _, err = Tester.Client.Admin.SetDefaultInitMessageText(iamOwnerCtx, &admin.SetDefaultInitMessageTextRequest{ + Language: disallowedLanguage.String(), + Text: "hodor", + }) + assert.NoError(tt, err) + }) + t.Run("allowing all languages works", func(tt *testing.T) { + tt.Run("restricting allowed languages works", func(ttt *testing.T) { + setAndAwaitAllowedLanguages(iamOwnerCtx, ttt, make([]string, 0)) + }) + }) + + t.Run("allowing the language makes it usable again", func(tt *testing.T) { + tt.Run("the previously disallowed language is listed in the discovery endpoint again", func(ttt *testing.T) { + awaitDiscoveryEndpoint(ttt, domain, []string{disallowedLanguage.String()}, nil) + }) + tt.Run("the login ui is rendered in the previously disallowed language", func(ttt *testing.T) { + awaitLoginUILanguage(ttt, domain, disallowedLanguage, disallowedLanguage, "Términos y condiciones") + }) + }) +} + +func setAndAwaitAllowedLanguages(ctx context.Context, t *testing.T, selectLanguages []string) { + _, err := Tester.Client.Admin.SetRestrictions(ctx, &admin.SetRestrictionsRequest{AllowedLanguages: &admin.SelectLanguages{List: selectLanguages}}) + require.NoError(t, err) + awaitCtx, awaitCancel := context.WithTimeout(ctx, 10*time.Second) + defer awaitCancel() + await(t, awaitCtx, func(tt *assert.CollectT) { + restrictions, getErr := Tester.Client.Admin.GetRestrictions(awaitCtx, &admin.GetRestrictionsRequest{}) + expectLanguages := selectLanguages + if len(selectLanguages) == 0 { + expectLanguages = nil + } + assert.NoError(tt, getErr) + assert.Equal(tt, expectLanguages, restrictions.GetAllowedLanguages()) + }) +} + +func setAndAwaitDefaultLanguage(ctx context.Context, t *testing.T, lang language.Tag) { + _, err := Tester.Client.Admin.SetDefaultLanguage(ctx, &admin.SetDefaultLanguageRequest{Language: lang.String()}) + require.NoError(t, err) + awaitCtx, awaitCancel := context.WithTimeout(ctx, 10*time.Second) + defer awaitCancel() + await(t, awaitCtx, func(tt *assert.CollectT) { + defaultLang, getErr := Tester.Client.Admin.GetDefaultLanguage(awaitCtx, &admin.GetDefaultLanguageRequest{}) + assert.NoError(tt, getErr) + assert.Equal(tt, lang.String(), defaultLang.GetLanguage()) + }) +} + +func awaitDiscoveryEndpoint(t *testing.T, domain string, containsUILocales, notContainsUILocales []string) { + awaitCtx, awaitCancel := context.WithTimeout(context.Background(), 10*time.Second) + defer awaitCancel() + await(t, awaitCtx, func(tt *assert.CollectT) { + req, err := http.NewRequestWithContext(awaitCtx, http.MethodGet, "http://"+domain+":8080/.well-known/openid-configuration", nil) + require.NoError(tt, err) + resp, err := http.DefaultClient.Do(req) + require.NoError(tt, err) + require.Equal(tt, http.StatusOK, resp.StatusCode) + body, err := io.ReadAll(resp.Body) + defer func() { + require.NoError(tt, resp.Body.Close()) + }() + require.NoError(tt, err) + doc := struct { + UILocalesSupported []string `json:"ui_locales_supported"` + }{} + require.NoError(tt, json.Unmarshal(body, &doc)) + if containsUILocales != nil { + assert.Condition(tt, contains(doc.UILocalesSupported, containsUILocales)) + } + if notContainsUILocales != nil { + assert.Condition(tt, not(contains(doc.UILocalesSupported, notContainsUILocales))) + } + }) +} + +func awaitLoginUILanguage(t *testing.T, domain string, acceptLanguage language.Tag, expectLang language.Tag, containsText string) { + awaitCtx, awaitCancel := context.WithTimeout(context.Background(), 10*time.Second) + defer awaitCancel() + await(t, awaitCtx, func(tt *assert.CollectT) { + req, err := http.NewRequestWithContext(awaitCtx, http.MethodGet, "http://"+domain+":8080/ui/login/register", nil) + req.Header.Set("Accept-Language", acceptLanguage.String()) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode) + body, err := io.ReadAll(resp.Body) + defer func() { + require.NoError(t, resp.Body.Close()) + }() + require.NoError(t, err) + assert.Containsf(t, string(body), containsText, "login ui language is in "+expectLang.String()) + }) +} + +// We would love to use assert.Contains here, but it doesn't work with slices of strings +func contains(container []string, subset []string) assert.Comparison { + return func() bool { + if subset == nil { + return true + } + for _, str := range subset { + var found bool + for _, containerStr := range container { + if str == containerStr { + found = true + break + } + } + if !found { + return false + } + } + return true + } +} + +func not(cmp assert.Comparison) assert.Comparison { + return func() bool { + return !cmp() + } +} diff --git a/internal/api/grpc/admin/server_integration_test.go b/internal/api/grpc/admin/server_integration_test.go index 64a761dd7f..f3907dddb0 100644 --- a/internal/api/grpc/admin/server_integration_test.go +++ b/internal/api/grpc/admin/server_integration_test.go @@ -8,6 +8,9 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/zitadel/zitadel/internal/integration" ) @@ -30,3 +33,29 @@ func TestMain(m *testing.M) { return m.Run() }()) } + +func await(t *testing.T, ctx context.Context, cb func(*assert.CollectT)) { + deadline, ok := ctx.Deadline() + require.True(t, ok, "context must have deadline") + require.EventuallyWithT( + t, + func(tt *assert.CollectT) { + defer func() { + // Panics are not recovered and don't mark the test as failed, so we need to do that ourselves + require.Nil(t, recover(), "panic in await callback") + }() + cb(tt) + }, + time.Until(deadline), + 100*time.Millisecond, + "awaiting successful callback failed", + ) +} + +var _ assert.TestingT = (*noopAssertionT)(nil) + +type noopAssertionT struct{} + +func (*noopAssertionT) FailNow() {} + +func (*noopAssertionT) Errorf(string, ...interface{}) {} diff --git a/internal/api/grpc/auth/language.go b/internal/api/grpc/auth/language.go index 91f78cd150..9f1d65bbb7 100644 --- a/internal/api/grpc/auth/language.go +++ b/internal/api/grpc/auth/language.go @@ -2,15 +2,12 @@ package auth import ( "context" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/i18n" - "github.com/zitadel/zitadel/internal/api/grpc/text" auth_pb "github.com/zitadel/zitadel/pkg/grpc/auth" ) -func (s *Server) GetSupportedLanguages(ctx context.Context, req *auth_pb.GetSupportedLanguagesRequest) (*auth_pb.GetSupportedLanguagesResponse, error) { - langs, err := s.query.Languages(ctx) - if err != nil { - return nil, err - } - return &auth_pb.GetSupportedLanguagesResponse{Languages: text.LanguageTagsToStrings(langs)}, nil +func (s *Server) GetSupportedLanguages(context.Context, *auth_pb.GetSupportedLanguagesRequest) (*auth_pb.GetSupportedLanguagesResponse, error) { + return &auth_pb.GetSupportedLanguagesResponse{Languages: domain.LanguagesToStrings(i18n.SupportedLanguages())}, nil } diff --git a/internal/api/grpc/auth/password.go b/internal/api/grpc/auth/password.go index 0cbc8d4f61..cd0f85ae69 100644 --- a/internal/api/grpc/auth/password.go +++ b/internal/api/grpc/auth/password.go @@ -11,7 +11,7 @@ import ( func (s *Server) UpdateMyPassword(ctx context.Context, req *auth_pb.UpdateMyPasswordRequest) (*auth_pb.UpdateMyPasswordResponse, error) { ctxData := authz.GetCtxData(ctx) - objectDetails, err := s.command.ChangePassword(ctx, ctxData.ResourceOwner, ctxData.UserID, req.OldPassword, req.NewPassword, "") + objectDetails, err := s.command.ChangePassword(ctx, ctxData.ResourceOwner, ctxData.UserID, req.OldPassword, req.NewPassword) if err != nil { return nil, err } diff --git a/internal/api/grpc/auth/user.go b/internal/api/grpc/auth/user.go index 6b90a940ef..251b08c1b1 100644 --- a/internal/api/grpc/auth/user.go +++ b/internal/api/grpc/auth/user.go @@ -10,7 +10,6 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/org" user_grpc "github.com/zitadel/zitadel/internal/api/grpc/user" "github.com/zitadel/zitadel/internal/command" - "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" @@ -275,41 +274,6 @@ func ListMyProjectOrgsRequestToQuery(req *auth_pb.ListMyProjectOrgsRequest) (*qu }, nil } -func membershipToDomain(memberships []*query.Membership) []*domain.UserMembership { - result := make([]*domain.UserMembership, len(memberships)) - for i, membership := range memberships { - typ, displayName, aggID, objID := MemberTypeToDomain(membership) - result[i] = &domain.UserMembership{ - UserID: membership.UserID, - MemberType: typ, - AggregateID: aggID, - ObjectID: objID, - Roles: membership.Roles, - DisplayName: displayName, - CreationDate: membership.CreationDate, - ChangeDate: membership.ChangeDate, - ResourceOwner: membership.ResourceOwner, - //TODO: implement - // ResourceOwnerName: membership.ResourceOwnerName, - Sequence: membership.Sequence, - } - } - return result -} - -func MemberTypeToDomain(m *query.Membership) (_ domain.MemberType, displayName, aggID, objID string) { - if m.Org != nil { - return domain.MemberTypeOrganisation, m.Org.Name, m.Org.OrgID, "" - } else if m.IAM != nil { - return domain.MemberTypeIam, m.IAM.Name, m.IAM.IAMID, "" - } else if m.Project != nil { - return domain.MemberTypeProject, m.Project.Name, m.Project.ProjectID, "" - } else if m.ProjectGrant != nil { - return domain.MemberTypeProjectGrant, m.ProjectGrant.ProjectName, m.ProjectGrant.ProjectID, m.ProjectGrant.GrantID - } - return domain.MemberTypeUnspecified, "", "", "" -} - func cascadingMemberships(memberships []*query.Membership) []*command.CascadingMembership { cascades := make([]*command.CascadingMembership, len(memberships)) for i, membership := range memberships { diff --git a/internal/api/grpc/errors/caos_errors.go b/internal/api/grpc/errors/caos_errors.go deleted file mode 100644 index a1d6c25065..0000000000 --- a/internal/api/grpc/errors/caos_errors.go +++ /dev/null @@ -1,63 +0,0 @@ -package errors - -import ( - "context" - - "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/pkg/grpc/message" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -func CaosToGRPCError(ctx context.Context, err error) error { - if err == nil { - return nil - } - code, key, id, ok := ExtractCaosError(err) - if !ok { - return status.Convert(err).Err() - } - msg := key - msg += " (" + id + ")" - - s, err := status.New(code, msg).WithDetails(&message.ErrorDetail{Id: id, Message: key}) - if err != nil { - logging.Log("GRPC-gIeRw").WithError(err).Debug("unable to add detail") - return status.New(code, msg).Err() - } - - return s.Err() -} - -func ExtractCaosError(err error) (c codes.Code, msg, id string, ok bool) { - if err == nil { - return codes.OK, "", "", false - } - switch caosErr := err.(type) { - case *caos_errs.AlreadyExistsError: - return codes.AlreadyExists, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.DeadlineExceededError: - return codes.DeadlineExceeded, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.InternalError: - return codes.Internal, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.InvalidArgumentError: - return codes.InvalidArgument, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.NotFoundError: - return codes.NotFound, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.PermissionDeniedError: - return codes.PermissionDenied, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.PreconditionFailedError: - return codes.FailedPrecondition, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.UnauthenticatedError: - return codes.Unauthenticated, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.UnavailableError: - return codes.Unavailable, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.UnimplementedError: - return codes.Unimplemented, caosErr.GetMessage(), caosErr.GetID(), true - case *caos_errs.ResourceExhaustedError: - return codes.ResourceExhausted, caosErr.GetMessage(), caosErr.GetID(), true - default: - return codes.Unknown, err.Error(), "", false - } -} diff --git a/internal/api/grpc/event/event.go b/internal/api/grpc/event/event.go index 204c148a85..9d708b5591 100644 --- a/internal/api/grpc/event/event.go +++ b/internal/api/grpc/event/event.go @@ -4,8 +4,8 @@ import ( "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/timestamppb" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" eventpb "github.com/zitadel/zitadel/pkg/grpc/event" "github.com/zitadel/zitadel/pkg/grpc/message" ) @@ -28,7 +28,7 @@ func EventToPb(event *query.Event) (response *eventpb.Event, err error) { if len(event.Payload) > 0 { payload = new(structpb.Struct) if err := payload.UnmarshalJSON(event.Payload); err != nil { - return nil, errors.ThrowInternal(err, "ADMIN-eaimD", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "ADMIN-eaimD", "Errors.Internal") } } return &eventpb.Event{ diff --git a/internal/api/grpc/gerrors/zitadel_errors.go b/internal/api/grpc/gerrors/zitadel_errors.go new file mode 100644 index 0000000000..60e8473898 --- /dev/null +++ b/internal/api/grpc/gerrors/zitadel_errors.go @@ -0,0 +1,68 @@ +package gerrors + +import ( + "errors" + + "github.com/zitadel/logging" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + "github.com/zitadel/zitadel/internal/zerrors" + "github.com/zitadel/zitadel/pkg/grpc/message" +) + +func ZITADELToGRPCError(err error) error { + if err == nil { + return nil + } + code, key, id, ok := ExtractZITADELError(err) + if !ok { + return status.Convert(err).Err() + } + msg := key + msg += " (" + id + ")" + + s, err := status.New(code, msg).WithDetails(&message.ErrorDetail{Id: id, Message: key}) + if err != nil { + logging.WithError(err).WithField("logID", "GRPC-gIeRw").Debug("unable to add detail") + return status.New(code, msg).Err() + } + + return s.Err() +} + +func ExtractZITADELError(err error) (c codes.Code, msg, id string, ok bool) { + if err == nil { + return codes.OK, "", "", false + } + zitadelErr := new(zerrors.ZitadelError) + if ok := errors.As(err, &zitadelErr); !ok { + return codes.Unknown, err.Error(), "", false + } + switch { + case zerrors.IsErrorAlreadyExists(err): + return codes.AlreadyExists, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsDeadlineExceeded(err): + return codes.DeadlineExceeded, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsInternal(err): + return codes.Internal, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsErrorInvalidArgument(err): + return codes.InvalidArgument, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsNotFound(err): + return codes.NotFound, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsPermissionDenied(err): + return codes.PermissionDenied, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsPreconditionFailed(err): + return codes.FailedPrecondition, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsUnauthenticated(err): + return codes.Unauthenticated, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsUnavailable(err): + return codes.Unavailable, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsUnimplemented(err): + return codes.Unimplemented, zitadelErr.GetMessage(), zitadelErr.GetID(), true + case zerrors.IsResourceExhausted(err): + return codes.ResourceExhausted, zitadelErr.GetMessage(), zitadelErr.GetID(), true + default: + return codes.Unknown, err.Error(), "", false + } +} diff --git a/internal/api/grpc/errors/caos_errors_test.go b/internal/api/grpc/gerrors/zitadel_errors_test.go similarity index 66% rename from internal/api/grpc/errors/caos_errors_test.go rename to internal/api/grpc/gerrors/zitadel_errors_test.go index 3a14f1bbfc..4e5604790a 100644 --- a/internal/api/grpc/errors/caos_errors_test.go +++ b/internal/api/grpc/gerrors/zitadel_errors_test.go @@ -1,13 +1,12 @@ -package errors +package gerrors import ( - "context" "errors" "testing" "google.golang.org/grpc/codes" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCaosToGRPCError(t *testing.T) { @@ -31,14 +30,14 @@ func TestCaosToGRPCError(t *testing.T) { }, { "caos error", - args{caos_errs.ThrowInternal(nil, "", "message")}, + args{zerrors.ThrowInternal(nil, "", "message")}, true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := CaosToGRPCError(context.Background(), tt.args.err); (err != nil) != tt.wantErr { - t.Errorf("CaosToGRPCError() error = %v, wantErr %v", err, tt.wantErr) + if err := ZITADELToGRPCError(tt.args.err); (err != nil) != tt.wantErr { + t.Errorf("ZITADELToGRPCError() error = %v, wantErr %v", err, tt.wantErr) } }) } @@ -58,7 +57,7 @@ func Test_Extract(t *testing.T) { }{ { "already exists", - args{caos_errs.ThrowAlreadyExists(nil, "id", "already exists")}, + args{zerrors.ThrowAlreadyExists(nil, "id", "already exists")}, codes.AlreadyExists, "already exists", "id", @@ -66,7 +65,7 @@ func Test_Extract(t *testing.T) { }, { "deadline exceeded", - args{caos_errs.ThrowDeadlineExceeded(nil, "id", "deadline exceeded")}, + args{zerrors.ThrowDeadlineExceeded(nil, "id", "deadline exceeded")}, codes.DeadlineExceeded, "deadline exceeded", "id", @@ -74,7 +73,7 @@ func Test_Extract(t *testing.T) { }, { "internal error", - args{caos_errs.ThrowInternal(nil, "id", "internal error")}, + args{zerrors.ThrowInternal(nil, "id", "internal error")}, codes.Internal, "internal error", "id", @@ -82,7 +81,7 @@ func Test_Extract(t *testing.T) { }, { "invalid argument", - args{caos_errs.ThrowInvalidArgument(nil, "id", "invalid argument")}, + args{zerrors.ThrowInvalidArgument(nil, "id", "invalid argument")}, codes.InvalidArgument, "invalid argument", "id", @@ -90,7 +89,7 @@ func Test_Extract(t *testing.T) { }, { "not found", - args{caos_errs.ThrowNotFound(nil, "id", "not found")}, + args{zerrors.ThrowNotFound(nil, "id", "not found")}, codes.NotFound, "not found", "id", @@ -98,7 +97,7 @@ func Test_Extract(t *testing.T) { }, { "permission denied", - args{caos_errs.ThrowPermissionDenied(nil, "id", "permission denied")}, + args{zerrors.ThrowPermissionDenied(nil, "id", "permission denied")}, codes.PermissionDenied, "permission denied", "id", @@ -106,7 +105,7 @@ func Test_Extract(t *testing.T) { }, { "precondition failed", - args{caos_errs.ThrowPreconditionFailed(nil, "id", "precondition failed")}, + args{zerrors.ThrowPreconditionFailed(nil, "id", "precondition failed")}, codes.FailedPrecondition, "precondition failed", "id", @@ -114,7 +113,7 @@ func Test_Extract(t *testing.T) { }, { "unauthenticated", - args{caos_errs.ThrowUnauthenticated(nil, "id", "unauthenticated")}, + args{zerrors.ThrowUnauthenticated(nil, "id", "unauthenticated")}, codes.Unauthenticated, "unauthenticated", "id", @@ -122,7 +121,7 @@ func Test_Extract(t *testing.T) { }, { "unavailable", - args{caos_errs.ThrowUnavailable(nil, "id", "unavailable")}, + args{zerrors.ThrowUnavailable(nil, "id", "unavailable")}, codes.Unavailable, "unavailable", "id", @@ -130,7 +129,7 @@ func Test_Extract(t *testing.T) { }, { "unimplemented", - args{caos_errs.ThrowUnimplemented(nil, "id", "unimplemented")}, + args{zerrors.ThrowUnimplemented(nil, "id", "unimplemented")}, codes.Unimplemented, "unimplemented", "id", @@ -138,7 +137,7 @@ func Test_Extract(t *testing.T) { }, { "exhausted", - args{caos_errs.ThrowResourceExhausted(nil, "id", "exhausted")}, + args{zerrors.ThrowResourceExhausted(nil, "id", "exhausted")}, codes.ResourceExhausted, "exhausted", "id", @@ -155,7 +154,7 @@ func Test_Extract(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotC, gotMsg, gotID, gotOk := ExtractCaosError(tt.args.err) + gotC, gotMsg, gotID, gotOk := ExtractZITADELError(tt.args.err) if gotC != tt.wantC { t.Errorf("extract() gotC = %v, want %v", gotC, tt.wantC) } diff --git a/internal/api/grpc/idp/converter.go b/internal/api/grpc/idp/converter.go index 6cf44a834e..c92f2bd3b0 100644 --- a/internal/api/grpc/idp/converter.go +++ b/internal/api/grpc/idp/converter.go @@ -6,7 +6,6 @@ import ( obj_grpc "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - iam_model "github.com/zitadel/zitadel/internal/iam/model" "github.com/zitadel/zitadel/internal/idp/providers/azuread" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/idp" @@ -255,40 +254,6 @@ func IDPProviderTypeFromPb(typ idp_pb.IDPOwnerType) domain.IdentityProviderType } } -func IDPProviderTypeModelFromPb(typ idp_pb.IDPOwnerType) iam_model.IDPProviderType { - switch typ { - case idp_pb.IDPOwnerType_IDP_OWNER_TYPE_ORG: - return iam_model.IDPProviderTypeOrg - case idp_pb.IDPOwnerType_IDP_OWNER_TYPE_SYSTEM: - return iam_model.IDPProviderTypeSystem - default: - return iam_model.IDPProviderTypeOrg - } -} - -func IDPIDQueryToModel(query *idp_pb.IDPIDQuery) *iam_model.IDPConfigSearchQuery { - return &iam_model.IDPConfigSearchQuery{ - Key: iam_model.IDPConfigSearchKeyIdpConfigID, - Method: domain.SearchMethodEquals, - Value: query.Id, - } -} - -func IDPNameQueryToModel(query *idp_pb.IDPNameQuery) *iam_model.IDPConfigSearchQuery { - return &iam_model.IDPConfigSearchQuery{ - Key: iam_model.IDPConfigSearchKeyName, - Method: obj_grpc.TextMethodToModel(query.Method), - Value: query.Name, - } -} - -func IDPOwnerTypeQueryToModel(query *idp_pb.IDPOwnerTypeQuery) *iam_model.IDPConfigSearchQuery { - return &iam_model.IDPConfigSearchQuery{ - Key: iam_model.IDPConfigSearchKeyIdpProviderType, - Method: domain.SearchMethodEquals, - Value: IDPProviderTypeModelFromPb(query.OwnerType), - } -} func ownerTypeToPB(typ domain.IdentityProviderType) idp_pb.IDPOwnerType { switch typ { case domain.IdentityProviderTypeOrg: diff --git a/internal/api/grpc/instance/converter.go b/internal/api/grpc/instance/converter.go index ae98bcfa5e..6bfb3e553e 100644 --- a/internal/api/grpc/instance/converter.go +++ b/internal/api/grpc/instance/converter.go @@ -3,8 +3,8 @@ package org import ( "github.com/zitadel/zitadel/cmd/build" "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" instance_pb "github.com/zitadel/zitadel/pkg/grpc/instance" ) @@ -66,7 +66,7 @@ func InstanceQueryToModel(searchQuery *instance_pb.Query) (query.SearchQuery, er case *instance_pb.Query_DomainQuery: return query.NewInstanceDomainsListSearchQuery(q.DomainQuery.Domains...) default: - return nil, errors.ThrowInvalidArgument(nil, "INST-3m0se", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-3m0se", "List.Query.Invalid") } } @@ -90,7 +90,7 @@ func DomainQueryToModel(searchQuery *instance_pb.DomainSearchQuery) (query.Searc case *instance_pb.DomainSearchQuery_PrimaryQuery: return query.NewInstanceDomainPrimarySearchQuery(q.PrimaryQuery.Primary) default: - return nil, errors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid") } } diff --git a/internal/api/grpc/management/actions_converter.go b/internal/api/grpc/management/actions_converter.go index 643ba88b10..de75734b88 100644 --- a/internal/api/grpc/management/actions_converter.go +++ b/internal/api/grpc/management/actions_converter.go @@ -4,9 +4,9 @@ import ( action_grpc "github.com/zitadel/zitadel/internal/api/grpc/action" "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -63,5 +63,5 @@ func ActionQueryToQuery(query interface{}) (query.SearchQuery, error) { case *mgmt_pb.ActionQuery_ActionIdQuery: return action_grpc.ActionIDQuery(q.ActionIdQuery) } - return nil, errors.ThrowInvalidArgument(nil, "MGMT-dsg3z", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(nil, "MGMT-dsg3z", "Errors.Query.InvalidRequest") } diff --git a/internal/api/grpc/management/auth_checks.go b/internal/api/grpc/management/auth_checks.go index 62e8d8c020..2b2ad25005 100644 --- a/internal/api/grpc/management/auth_checks.go +++ b/internal/api/grpc/management/auth_checks.go @@ -4,7 +4,7 @@ import ( "context" "github.com/zitadel/zitadel/internal/api/authz" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error { @@ -19,7 +19,7 @@ func checkExplicitProjectPermission(ctx context.Context, grantID, projectID stri if listContainsID(ids, projectID) { return nil } - return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject") + return zerrors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject") } func listContainsID(ids []string, id string) bool { diff --git a/internal/api/grpc/management/flow.go b/internal/api/grpc/management/flow.go index 8a38c80f2d..3d9fbab520 100644 --- a/internal/api/grpc/management/flow.go +++ b/internal/api/grpc/management/flow.go @@ -7,7 +7,7 @@ import ( action_grpc "github.com/zitadel/zitadel/internal/api/grpc/action" obj_grpc "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" action_pb "github.com/zitadel/zitadel/pkg/grpc/action" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -26,7 +26,7 @@ func (s *Server) ListFlowTypes(ctx context.Context, _ *mgmt_pb.ListFlowTypesRequ func (s *Server) ListFlowTriggerTypes(ctx context.Context, req *mgmt_pb.ListFlowTriggerTypesRequest) (*mgmt_pb.ListFlowTriggerTypesResponse, error) { triggerTypes := action_grpc.FlowTypeToDomain(req.Type).TriggerTypes() if len(triggerTypes) == 0 { - return nil, errors.ThrowNotFound(nil, "MANAG-P2OBk", "Errors.NotFound") + return nil, zerrors.ThrowNotFound(nil, "MANAG-P2OBk", "Errors.NotFound") } return &mgmt_pb.ListFlowTriggerTypesResponse{ Result: action_grpc.TriggerTypesToPb(triggerTypes), diff --git a/internal/api/grpc/management/idp_converter.go b/internal/api/grpc/management/idp_converter.go index e6df255f33..d8949a5444 100644 --- a/internal/api/grpc/management/idp_converter.go +++ b/internal/api/grpc/management/idp_converter.go @@ -10,10 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" - iam_model "github.com/zitadel/zitadel/internal/iam/model" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -132,30 +131,7 @@ func idpQueryToModel(idpQuery *mgmt_pb.IDPQuery) (query.SearchQuery, error) { case *mgmt_pb.IDPQuery_OwnerTypeQuery: return query.NewIDPOwnerTypeSearchQuery(idp_grpc.IDPProviderTypeFromPb(q.OwnerTypeQuery.OwnerType)) default: - return nil, errors.ThrowInvalidArgument(nil, "MANAG-WtLPV", "List.Query.Invalid") - } -} - -func idpProviderViewsToDomain(idps []*iam_model.IDPProviderView) []*domain.IDPProvider { - idpProvider := make([]*domain.IDPProvider, len(idps)) - for i, idp := range idps { - idpProvider[i] = &domain.IDPProvider{ - ObjectRoot: models.ObjectRoot{ - AggregateID: idp.AggregateID, - }, - IDPConfigID: idp.IDPConfigID, - Type: idpConfigTypeToDomain(idp.IDPProviderType), - } - } - return idpProvider -} - -func idpConfigTypeToDomain(idpType iam_model.IDPProviderType) domain.IdentityProviderType { - switch idpType { - case iam_model.IDPProviderTypeOrg: - return domain.IdentityProviderTypeOrg - default: - return domain.IdentityProviderTypeSystem + return nil, zerrors.ThrowInvalidArgument(nil, "MANAG-WtLPV", "List.Query.Invalid") } } @@ -217,7 +193,7 @@ func providerQueryToQuery(idpQuery *mgmt_pb.ProviderQuery) (query.SearchQuery, e case *mgmt_pb.ProviderQuery_OwnerTypeQuery: return query.NewIDPTemplateOwnerTypeSearchQuery(idp_grpc.IDPProviderTypeFromPb(q.OwnerTypeQuery.OwnerType)) default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-Dr2aa", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dr2aa", "List.Query.Invalid") } } diff --git a/internal/api/grpc/management/language.go b/internal/api/grpc/management/language.go index cab36f63e6..fbcfdc9fbe 100644 --- a/internal/api/grpc/management/language.go +++ b/internal/api/grpc/management/language.go @@ -2,15 +2,11 @@ package management import ( "context" - - "github.com/zitadel/zitadel/internal/api/grpc/text" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/i18n" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) -func (s *Server) GetSupportedLanguages(ctx context.Context, req *mgmt_pb.GetSupportedLanguagesRequest) (*mgmt_pb.GetSupportedLanguagesResponse, error) { - langs, err := s.query.Languages(ctx) - if err != nil { - return nil, err - } - return &mgmt_pb.GetSupportedLanguagesResponse{Languages: text.LanguageTagsToStrings(langs)}, nil +func (s *Server) GetSupportedLanguages(context.Context, *mgmt_pb.GetSupportedLanguagesRequest) (*mgmt_pb.GetSupportedLanguagesResponse, error) { + return &mgmt_pb.GetSupportedLanguagesResponse{Languages: domain.LanguagesToStrings(i18n.SupportedLanguages())}, nil } diff --git a/internal/api/grpc/management/policy_login.go b/internal/api/grpc/management/policy_login.go index 3aa160353f..1d4d9461f0 100644 --- a/internal/api/grpc/management/policy_login.go +++ b/internal/api/grpc/management/policy_login.go @@ -7,9 +7,7 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/idp" "github.com/zitadel/zitadel/internal/api/grpc/object" policy_grpc "github.com/zitadel/zitadel/internal/api/grpc/policy" - "github.com/zitadel/zitadel/internal/api/grpc/user" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/query" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -94,21 +92,7 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *mgmt_pb.AddIDPToL func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveIDPFromLoginPolicyRequest) (*mgmt_pb.RemoveIDPFromLoginPolicyResponse, error) { orgID := authz.GetCtxData(ctx).OrgID - idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId) - if err != nil { - return nil, err - } - resourceOwnerQuery, err := query.NewIDPUserLinksResourceOwnerSearchQuery(orgID) - if err != nil { - return nil, err - } - userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{ - Queries: []query.SearchQuery{idpQuery, resourceOwnerQuery}, - }, false) - if err != nil { - return nil, err - } - objectDetails, err := s.command.RemoveIDPFromLoginPolicy(ctx, orgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(userLinks.Links)...) + objectDetails, err := s.command.RemoveIDPFromLoginPolicy(ctx, orgID, &domain.IDPProvider{IDPConfigID: req.IdpId}) if err != nil { return nil, err } diff --git a/internal/api/grpc/management/project_grant_converter.go b/internal/api/grpc/management/project_grant_converter.go index 1e5d941fac..de7d1de041 100644 --- a/internal/api/grpc/management/project_grant_converter.go +++ b/internal/api/grpc/management/project_grant_converter.go @@ -7,9 +7,9 @@ import ( member_grpc "github.com/zitadel/zitadel/internal/api/grpc/member" "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" proj_pb "github.com/zitadel/zitadel/pkg/grpc/project" ) @@ -55,7 +55,7 @@ func ProjectGrantQueryToModel(apiQuery *proj_pb.ProjectGrantQuery) (query.Search case *proj_pb.ProjectGrantQuery_RoleKeyQuery: return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyQuery.RoleKey) default: - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid") } } func listAllProjectGrantsRequestToModel(req *mgmt_pb.ListAllProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) { @@ -97,7 +97,7 @@ func AllProjectGrantQueryToModel(apiQuery *proj_pb.AllProjectGrantQuery) (query. case *proj_pb.AllProjectGrantQuery_GrantedOrgIdQuery: return query.NewProjectGrantGrantedOrgIDSearchQuery(q.GrantedOrgIdQuery.GrantedOrgId) default: - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid") } } func AddProjectGrantRequestToDomain(req *mgmt_pb.AddProjectGrantRequest) *domain.ProjectGrant { diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go index 5dc33bb459..26d66d6122 100644 --- a/internal/api/grpc/management/user.go +++ b/internal/api/grpc/management/user.go @@ -20,10 +20,10 @@ import ( "github.com/zitadel/zitadel/internal/api/ui/login" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -33,7 +33,7 @@ func (s *Server) getUserByID(ctx context.Context, id string) (*query.User, error return nil, err } if user.ResourceOwner != authz.GetCtxData(ctx).OrgID { - return nil, errors.ThrowNotFound(nil, "MANAG-fpo4B", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "MANAG-fpo4B", "Errors.User.NotFound") } return user, nil } @@ -216,8 +216,7 @@ func (s *Server) BulkRemoveUserMetadata(ctx context.Context, req *mgmt_pb.BulkRe func (s *Server) AddHumanUser(ctx context.Context, req *mgmt_pb.AddHumanUserRequest) (*mgmt_pb.AddHumanUserResponse, error) { human := AddHumanUserRequestToAddHuman(req) - err := s.command.AddHuman(ctx, authz.GetCtxData(ctx).OrgID, human, true) - if err != nil { + if err := s.command.AddHuman(ctx, authz.GetCtxData(ctx).OrgID, human, true); err != nil { return nil, err } return &mgmt_pb.AddHumanUserResponse{ diff --git a/internal/api/grpc/management/user_converter.go b/internal/api/grpc/management/user_converter.go index d20ad57c4b..dc627c885a 100644 --- a/internal/api/grpc/management/user_converter.go +++ b/internal/api/grpc/management/user_converter.go @@ -18,7 +18,6 @@ import ( "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" - user_model "github.com/zitadel/zitadel/internal/user/model" mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management" ) @@ -359,38 +358,3 @@ func ListUserMembershipsRequestToModel(ctx context.Context, req *mgmt_pb.ListUse Queries: queries, }, nil } - -func UserMembershipViewsToDomain(memberships []*user_model.UserMembershipView) []*domain.UserMembership { - result := make([]*domain.UserMembership, len(memberships)) - for i, membership := range memberships { - result[i] = &domain.UserMembership{ - UserID: membership.UserID, - MemberType: MemberTypeToDomain(membership.MemberType), - AggregateID: membership.AggregateID, - ObjectID: membership.ObjectID, - Roles: membership.Roles, - DisplayName: membership.DisplayName, - CreationDate: membership.CreationDate, - ChangeDate: membership.ChangeDate, - ResourceOwner: membership.ResourceOwner, - ResourceOwnerName: membership.ResourceOwnerName, - Sequence: membership.Sequence, - } - } - return result -} - -func MemberTypeToDomain(mType user_model.MemberType) domain.MemberType { - switch mType { - case user_model.MemberTypeIam: - return domain.MemberTypeIam - case user_model.MemberTypeOrganisation: - return domain.MemberTypeOrganisation - case user_model.MemberTypeProject: - return domain.MemberTypeProject - case user_model.MemberTypeProjectGrant: - return domain.MemberTypeProjectGrant - default: - return domain.MemberTypeUnspecified - } -} diff --git a/internal/api/grpc/management/user_integration_test.go b/internal/api/grpc/management/user_integration_test.go index 6b5fe77d1a..5d612b158f 100644 --- a/internal/api/grpc/management/user_integration_test.go +++ b/internal/api/grpc/management/user_integration_test.go @@ -55,14 +55,14 @@ func TestImport_and_Get(t *testing.T) { // create unique names. lastName := strconv.FormatInt(time.Now().Unix(), 10) userName := strings.Join([]string{firstName, lastName}, "_") - email := strings.Join([]string{userName, "zitadel.com"}, "@") + email := strings.Join([]string{userName, "example.com"}, "@") res, err := Client.ImportHumanUser(CTX, &management.ImportHumanUserRequest{ UserName: userName, Profile: &management.ImportHumanUserRequest_Profile{ FirstName: firstName, LastName: lastName, - PreferredLanguage: language.Afrikaans.String(), + PreferredLanguage: language.Japanese.String(), Gender: user.Gender_GENDER_DIVERSE, }, Email: &management.ImportHumanUserRequest_Email{ @@ -82,3 +82,21 @@ func TestImport_and_Get(t *testing.T) { }) } } + +func TestImport_UnparsablePreferredLanguage(t *testing.T) { + random := integration.RandString(5) + _, err := Client.ImportHumanUser(CTX, &management.ImportHumanUserRequest{ + UserName: random, + Profile: &management.ImportHumanUserRequest_Profile{ + FirstName: random, + LastName: random, + PreferredLanguage: "not valid", + Gender: user.Gender_GENDER_DIVERSE, + }, + Email: &management.ImportHumanUserRequest_Email{ + Email: random + "@example.com", + IsEmailVerified: true, + }, + }) + require.NoError(t, err) +} diff --git a/internal/api/grpc/member/converter.go b/internal/api/grpc/member/converter.go index a62e2c3238..0e5c87ceb1 100644 --- a/internal/api/grpc/member/converter.go +++ b/internal/api/grpc/member/converter.go @@ -4,18 +4,11 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/api/grpc/user" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" member_pb "github.com/zitadel/zitadel/pkg/grpc/member" ) -func MemberToDomain(member *member_pb.Member) *domain.Member { - return &domain.Member{ - UserID: member.UserId, - Roles: member.Roles, - } -} - func MembersToPb(assetAPIPrefix string, members []*query.Member) []*member_pb.Member { m := make([]*member_pb.Member, len(members)) for i, member := range members { @@ -66,6 +59,6 @@ func MemberQueryToMember(search *member_pb.SearchQuery) (query.SearchQuery, erro case *member_pb.SearchQuery_UserIdQuery: return query.NewMemberUserIDSearchQuery(q.UserIdQuery.UserId) default: - return nil, errors.ThrowInvalidArgument(nil, "MEMBE-7Bb92", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(nil, "MEMBE-7Bb92", "Errors.Query.InvalidRequest") } } diff --git a/internal/api/grpc/metadata/metadata.go b/internal/api/grpc/metadata/metadata.go index e54007e09a..e6be7685f7 100644 --- a/internal/api/grpc/metadata/metadata.go +++ b/internal/api/grpc/metadata/metadata.go @@ -2,8 +2,8 @@ package metadata import ( "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" meta_pb "github.com/zitadel/zitadel/pkg/grpc/metadata" ) @@ -65,7 +65,7 @@ func MetadataQueryToQuery(query *meta_pb.MetadataQuery) (query.SearchQuery, erro case *meta_pb.MetadataQuery_KeyQuery: return MetadataKeyQueryToQuery(q.KeyQuery) default: - return nil, errors.ThrowInvalidArgument(nil, "METAD-fdg23", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "METAD-fdg23", "List.Query.Invalid") } } diff --git a/internal/api/grpc/object/converter.go b/internal/api/grpc/object/converter.go index 85fdf5fba0..bdb7a1362d 100644 --- a/internal/api/grpc/object/converter.go +++ b/internal/api/grpc/object/converter.go @@ -97,29 +97,6 @@ func ToListDetails( return details } -func TextMethodToModel(method object_pb.TextQueryMethod) domain.SearchMethod { - switch method { - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS: - return domain.SearchMethodEquals - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS_IGNORE_CASE: - return domain.SearchMethodEqualsIgnoreCase - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_STARTS_WITH: - return domain.SearchMethodStartsWith - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_STARTS_WITH_IGNORE_CASE: - return domain.SearchMethodStartsWithIgnoreCase - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS: - return domain.SearchMethodContains - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE: - return domain.SearchMethodContainsIgnoreCase - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_ENDS_WITH: - return domain.SearchMethodEndsWith - case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_ENDS_WITH_IGNORE_CASE: - return domain.SearchMethodEndsWithIgnoreCase - default: - return -1 - } -} - func TextMethodToQuery(method object_pb.TextQueryMethod) query.TextComparison { switch method { case object_pb.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS: diff --git a/internal/api/grpc/oidc/v2/oidc.go b/internal/api/grpc/oidc/v2/oidc.go index 6ca77bb619..258ebd6a69 100644 --- a/internal/api/grpc/oidc/v2/oidc.go +++ b/internal/api/grpc/oidc/v2/oidc.go @@ -13,8 +13,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta" ) @@ -81,7 +81,7 @@ func (s *Server) CreateCallback(ctx context.Context, req *oidc_pb.CreateCallback case *oidc_pb.CreateCallbackRequest_Session: return s.linkSessionToAuthRequest(ctx, req.GetAuthRequestId(), v.Session) default: - return nil, errors.ThrowUnimplementedf(nil, "OIDCv2-zee7A", "verification oneOf %T in method CreateCallback not implemented", v) + return nil, zerrors.ThrowUnimplementedf(nil, "OIDCv2-zee7A", "verification oneOf %T in method CreateCallback not implemented", v) } } diff --git a/internal/api/grpc/oidc/v2/oidc_integration_test.go b/internal/api/grpc/oidc/v2/oidc_integration_test.go index db11f9022b..f3e7e0a75d 100644 --- a/internal/api/grpc/oidc/v2/oidc_integration_test.go +++ b/internal/api/grpc/oidc/v2/oidc_integration_test.go @@ -52,7 +52,7 @@ func TestMain(m *testing.M) { func TestServer_GetAuthRequest(t *testing.T) { project, err := Tester.CreateProject(CTX) require.NoError(t, err) - client, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId()) + client, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false) require.NoError(t, err) authRequestID, err := Tester.CreateOIDCAuthRequest(CTX, client.GetClientId(), Tester.Users[integration.FirstInstanceUsersKey][integration.OrgOwner].ID, redirectURI) require.NoError(t, err) @@ -96,7 +96,7 @@ func TestServer_GetAuthRequest(t *testing.T) { func TestServer_CreateCallback(t *testing.T) { project, err := Tester.CreateProject(CTX) require.NoError(t, err) - client, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId()) + client, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false) require.NoError(t, err) sessionResp, err := Tester.Client.SessionV2.CreateSession(CTX, &session.CreateSessionRequest{ Checks: &session.Checks{ diff --git a/internal/api/grpc/org/converter.go b/internal/api/grpc/org/converter.go index 142df950e5..d3c3cb3c11 100644 --- a/internal/api/grpc/org/converter.go +++ b/internal/api/grpc/org/converter.go @@ -3,8 +3,8 @@ package org import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" org_pb "github.com/zitadel/zitadel/pkg/grpc/org" ) @@ -28,7 +28,7 @@ func OrgQueryToModel(apiQuery *org_pb.OrgQuery) (query.SearchQuery, error) { case *org_pb.OrgQuery_StateQuery: return query.NewOrgStateSearchQuery(OrgStateToDomain(q.StateQuery.State)) default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid") } } @@ -52,7 +52,7 @@ func OrgQueryToQuery(search *org_pb.OrgQuery) (query.SearchQuery, error) { case *org_pb.OrgQuery_StateQuery: return query.NewOrgStateSearchQuery(OrgStateToDomain(q.StateQuery.State)) default: - return nil, errors.ThrowInvalidArgument(nil, "ADMIN-ADvsd", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ADMIN-ADvsd", "List.Query.Invalid") } } @@ -137,7 +137,7 @@ func DomainQueryToModel(searchQuery *org_pb.DomainSearchQuery) (query.SearchQuer case *org_pb.DomainSearchQuery_DomainNameQuery: return query.NewOrgDomainDomainSearchQuery(object.TextMethodToQuery(q.DomainNameQuery.Method), q.DomainNameQuery.Name) default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid") } } diff --git a/internal/api/grpc/org/v2/org.go b/internal/api/grpc/org/v2/org.go index cc8f78cdd6..1fc0ca8aad 100644 --- a/internal/api/grpc/org/v2/org.go +++ b/internal/api/grpc/org/v2/org.go @@ -6,7 +6,7 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object/v2" "github.com/zitadel/zitadel/internal/api/grpc/user/v2" "github.com/zitadel/zitadel/internal/command" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta" ) @@ -62,7 +62,7 @@ func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admi Roles: admin.GetRoles(), }, nil default: - return nil, caos_errs.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", a) + return nil, zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", a) } } diff --git a/internal/api/grpc/org/v2/org_test.go b/internal/api/grpc/org/v2/org_test.go index c8c4c0ea0d..5024b59c1d 100644 --- a/internal/api/grpc/org/v2/org_test.go +++ b/internal/api/grpc/org/v2/org_test.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" @@ -37,7 +37,7 @@ func Test_addOrganizationRequestToCommand(t *testing.T) { }, }, }, - wantErr: caos_errs.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil), + wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil), }, { name: "user ID", diff --git a/internal/api/grpc/project/application.go b/internal/api/grpc/project/application.go index e555e93d27..c1a5a88f37 100644 --- a/internal/api/grpc/project/application.go +++ b/internal/api/grpc/project/application.go @@ -5,8 +5,8 @@ import ( object_grpc "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" app_pb "github.com/zitadel/zitadel/pkg/grpc/app" message_pb "github.com/zitadel/zitadel/pkg/grpc/message" ) @@ -303,6 +303,6 @@ func AppQueryToModel(appQuery *app_pb.AppQuery) (query.SearchQuery, error) { case *app_pb.AppQuery_NameQuery: return query.NewAppNameSearchQuery(object_grpc.TextMethodToQuery(q.NameQuery.Method), q.NameQuery.Name) default: - return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid") } } diff --git a/internal/api/grpc/project/converter.go b/internal/api/grpc/project/converter.go index 86dafa4536..d1d1fc2187 100644 --- a/internal/api/grpc/project/converter.go +++ b/internal/api/grpc/project/converter.go @@ -3,9 +3,8 @@ package project import ( "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" - proj_model "github.com/zitadel/zitadel/internal/project/model" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" proj_pb "github.com/zitadel/zitadel/pkg/grpc/project" ) @@ -75,7 +74,7 @@ func ProjectQueryToModel(apiQuery *proj_pb.ProjectQuery) (query.SearchQuery, err case *proj_pb.ProjectQuery_ProjectResourceOwnerQuery: return query.NewProjectResourceOwnerSearchQuery(q.ProjectResourceOwnerQuery.ResourceOwner) default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid") } } @@ -112,45 +111,6 @@ func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) proj_pb.P } } -func grantedProjectStateToPb(state proj_model.ProjectState) proj_pb.ProjectGrantState { - switch state { - case proj_model.ProjectStateActive: - return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_ACTIVE - case proj_model.ProjectStateInactive: - return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_INACTIVE - default: - return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED - } -} - -func GrantedProjectQueriesToModel(queries []*proj_pb.ProjectQuery) (_ []*proj_model.ProjectGrantViewSearchQuery, err error) { - q := make([]*proj_model.ProjectGrantViewSearchQuery, len(queries)) - for i, query := range queries { - q[i], err = GrantedProjectQueryToModel(query) - if err != nil { - return nil, err - } - } - return q, nil -} - -func GrantedProjectQueryToModel(query *proj_pb.ProjectQuery) (*proj_model.ProjectGrantViewSearchQuery, error) { - switch q := query.Query.(type) { - case *proj_pb.ProjectQuery_NameQuery: - return GrantedProjectQueryNameToModel(q.NameQuery), nil - default: - return nil, errors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid") - } -} - -func GrantedProjectQueryNameToModel(query *proj_pb.ProjectNameQuery) *proj_model.ProjectGrantViewSearchQuery { - return &proj_model.ProjectGrantViewSearchQuery{ - Key: proj_model.GrantedProjectSearchKeyName, - Method: object.TextMethodToModel(query.Method), - Value: query.Name, - } -} - func RoleQueriesToModel(queries []*proj_pb.RoleQuery) (_ []query.SearchQuery, err error) { q := make([]query.SearchQuery, len(queries)) for i, query := range queries { @@ -169,7 +129,7 @@ func RoleQueryToModel(apiQuery *proj_pb.RoleQuery) (query.SearchQuery, error) { case *proj_pb.RoleQuery_DisplayNameQuery: return query.NewProjectRoleDisplayNameSearchQuery(object.TextMethodToQuery(q.DisplayNameQuery.Method), q.DisplayNameQuery.DisplayName) default: - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-fms0e", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-fms0e", "List.Query.Invalid") } } diff --git a/internal/api/grpc/server/middleware/activity_interceptor.go b/internal/api/grpc/server/middleware/activity_interceptor.go index 79a3930c2d..7b8b164e99 100644 --- a/internal/api/grpc/server/middleware/activity_interceptor.go +++ b/internal/api/grpc/server/middleware/activity_interceptor.go @@ -9,7 +9,7 @@ import ( "google.golang.org/grpc/metadata" "github.com/zitadel/zitadel/internal/activity" - "github.com/zitadel/zitadel/internal/api/grpc/errors" + "github.com/zitadel/zitadel/internal/api/grpc/gerrors" ainfo "github.com/zitadel/zitadel/internal/api/info" ) @@ -18,7 +18,7 @@ func ActivityInterceptor() grpc.UnaryServerInterceptor { ctx = activityInfoFromGateway(ctx).SetMethod(info.FullMethod).IntoContext(ctx) resp, err := handler(ctx, req) if isResourceAPI(info.FullMethod) { - code, _, _, _ := errors.ExtractCaosError(err) + code, _, _, _ := gerrors.ExtractZITADELError(err) ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx) activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI) } diff --git a/internal/api/grpc/server/middleware/auth_interceptor_test.go b/internal/api/grpc/server/middleware/auth_interceptor_test.go index c644ab2e31..3551d3e419 100644 --- a/internal/api/grpc/server/middleware/auth_interceptor_test.go +++ b/internal/api/grpc/server/middleware/auth_interceptor_test.go @@ -10,7 +10,7 @@ import ( "google.golang.org/grpc/metadata" "github.com/zitadel/zitadel/internal/api/authz" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const anAPIRole = "AN_API_ROLE" @@ -43,7 +43,7 @@ var ( return "user1", "", "", "", "org1", nil }) accessTokenNOK = authz.AccessTokenVerifierFunc(func(ctx context.Context, token string) (userID string, clientID string, agentID string, prefLan string, resourceOwner string, err error) { - return "", "", "", "", "", zitadel_errors.ThrowUnauthenticated(nil, "TEST-fQHDI", "unauthenticaded") + return "", "", "", "", "", zerrors.ThrowUnauthenticated(nil, "TEST-fQHDI", "unauthenticaded") }) systemTokenNOK = authz.SystemTokenVerifierFunc(func(ctx context.Context, token string, orgID string) (memberships authz.Memberships, userID string, err error) { return nil, "", errors.New("system token error") diff --git a/internal/api/grpc/server/middleware/error_interceptor.go b/internal/api/grpc/server/middleware/error_interceptor.go index b06cd930fd..7c5e3163bc 100644 --- a/internal/api/grpc/server/middleware/error_interceptor.go +++ b/internal/api/grpc/server/middleware/error_interceptor.go @@ -3,10 +3,9 @@ package middleware import ( "context" - "github.com/zitadel/zitadel/internal/api/grpc/errors" - "google.golang.org/grpc" + "github.com/zitadel/zitadel/internal/api/grpc/gerrors" _ "github.com/zitadel/zitadel/internal/statik" ) @@ -18,5 +17,5 @@ func ErrorHandler() grpc.UnaryServerInterceptor { func toGRPCError(ctx context.Context, req interface{}, handler grpc.UnaryHandler) (interface{}, error) { resp, err := handler(ctx, req) - return resp, errors.CaosToGRPCError(ctx, err) + return resp, gerrors.ZITADELToGRPCError(err) } diff --git a/internal/api/grpc/server/middleware/instance_interceptor.go b/internal/api/grpc/server/middleware/instance_interceptor.go index 77302fdf77..31f5e2c168 100644 --- a/internal/api/grpc/server/middleware/instance_interceptor.go +++ b/internal/api/grpc/server/middleware/instance_interceptor.go @@ -2,7 +2,7 @@ package middleware import ( "context" - errs "errors" + "errors" "fmt" "strings" @@ -14,9 +14,9 @@ import ( "google.golang.org/grpc/status" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -24,7 +24,7 @@ const ( ) func InstanceInterceptor(verifier authz.InstanceVerifier, headerName string, explicitInstanceIdServices ...string) grpc.UnaryServerInterceptor { - translator, err := newZitadelTranslator(language.English) + translator, err := i18n.NewZitadelTranslator(language.English) logging.OnError(err).Panic("unable to get translator") return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { return setInstance(ctx, req, info, handler, verifier, headerName, translator, explicitInstanceIdServices...) @@ -46,8 +46,8 @@ func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInf ctx = authz.WithInstanceID(ctx, withInstanceIDProperty.GetInstanceId()) instance, err := verifier.InstanceByID(ctx) if err != nil { - notFoundErr := new(errors.NotFoundError) - if errs.As(err, ¬FoundErr) { + notFoundErr := new(zerrors.NotFoundError) + if errors.As(err, ¬FoundErr) { notFoundErr.Message = translator.LocalizeFromCtx(ctx, notFoundErr.GetMessage(), nil) } return nil, status.Error(codes.NotFound, err.Error()) @@ -62,8 +62,8 @@ func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInf } instance, err := verifier.InstanceByHost(interceptorCtx, host) if err != nil { - notFoundErr := new(errors.NotFoundError) - if errs.As(err, ¬FoundErr) { + notFoundErr := new(zerrors.NotFoundError) + if errors.As(err, ¬FoundErr) { notFoundErr.Message = translator.LocalizeFromCtx(ctx, notFoundErr.GetMessage(), nil) } return nil, status.Error(codes.NotFound, err.Error()) diff --git a/internal/api/grpc/server/middleware/mock_test.go b/internal/api/grpc/server/middleware/mock_test.go index 8670a20fb0..498f45082c 100644 --- a/internal/api/grpc/server/middleware/mock_test.go +++ b/internal/api/grpc/server/middleware/mock_test.go @@ -5,7 +5,7 @@ import ( "google.golang.org/grpc" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func emptyMockHandler(_ context.Context, req interface{}) (interface{}, error) { @@ -13,7 +13,7 @@ func emptyMockHandler(_ context.Context, req interface{}) (interface{}, error) { } func errorMockHandler(_ context.Context, req interface{}) (interface{}, error) { - return nil, errors.ThrowInternal(nil, "test", "error") + return nil, zerrors.ThrowInternal(nil, "test", "error") } type mockReq struct{} diff --git a/internal/api/grpc/server/middleware/quota_interceptor.go b/internal/api/grpc/server/middleware/quota_interceptor.go index be6e4d6e4d..e51ecabbbc 100644 --- a/internal/api/grpc/server/middleware/quota_interceptor.go +++ b/internal/api/grpc/server/middleware/quota_interceptor.go @@ -7,10 +7,10 @@ import ( "google.golang.org/grpc" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/logstore" "github.com/zitadel/zitadel/internal/logstore/record" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func QuotaExhaustedInterceptor(svc *logstore.Service[*record.AccessLog], ignoreService ...string) grpc.UnaryServerInterceptor { @@ -43,7 +43,7 @@ func QuotaExhaustedInterceptor(svc *logstore.Service[*record.AccessLog], ignoreS instance := authz.GetInstance(ctx) remaining := svc.Limit(interceptorCtx, instance.InstanceID()) if remaining != nil && *remaining == 0 { - return nil, errors.ThrowResourceExhausted(nil, "QUOTA-vjAy8", "Quota.Access.Exhausted") + return nil, zerrors.ThrowResourceExhausted(nil, "QUOTA-vjAy8", "Quota.Access.Exhausted") } span.End() return handler(ctx, req) diff --git a/internal/api/grpc/server/middleware/translation_interceptor.go b/internal/api/grpc/server/middleware/translation_interceptor.go index 996e80acc6..08e1540531 100644 --- a/internal/api/grpc/server/middleware/translation_interceptor.go +++ b/internal/api/grpc/server/middleware/translation_interceptor.go @@ -7,6 +7,7 @@ import ( "google.golang.org/grpc" "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/i18n" _ "github.com/zitadel/zitadel/internal/statik" "github.com/zitadel/zitadel/internal/telemetry/tracing" ) @@ -18,17 +19,15 @@ func TranslationHandler() func(ctx context.Context, req interface{}, info *grpc. defer func() { span.EndWithError(err) }() if loc, ok := resp.(localizers); ok && resp != nil { - translator, translatorError := newZitadelTranslator(authz.GetInstance(ctx).DefaultLanguage()) + translator, translatorError := getTranslator(ctx) if translatorError != nil { - logging.New().WithError(translatorError).Error("could not load translator") return resp, err } translateFields(ctx, loc, translator) } if err != nil { - translator, translatorError := newZitadelTranslator(authz.GetInstance(ctx).DefaultLanguage()) + translator, translatorError := getTranslator(ctx) if translatorError != nil { - logging.New().WithError(translatorError).Error("could not load translator") return resp, err } err = translateError(ctx, err, translator) @@ -36,3 +35,11 @@ func TranslationHandler() func(ctx context.Context, req interface{}, info *grpc. return resp, err } } + +func getTranslator(ctx context.Context) (*i18n.Translator, error) { + translator, err := i18n.NewZitadelTranslator(authz.GetInstance(ctx).DefaultLanguage()) + if err != nil { + logging.New().WithError(err).Error("could not load translator") + } + return translator, err +} diff --git a/internal/api/grpc/server/middleware/translator.go b/internal/api/grpc/server/middleware/translator.go index f42741db0b..65e7175a64 100644 --- a/internal/api/grpc/server/middleware/translator.go +++ b/internal/api/grpc/server/middleware/translator.go @@ -4,12 +4,8 @@ import ( "context" "errors" - "github.com/rakyll/statik/fs" - "github.com/zitadel/logging" - "golang.org/x/text/language" - - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/i18n" + "github.com/zitadel/zitadel/internal/zerrors" ) type localizers interface { @@ -33,20 +29,9 @@ func translateError(ctx context.Context, err error, translator *i18n.Translator) if translator == nil || err == nil { return err } - caosErr := new(caos_errs.CaosError) + caosErr := new(zerrors.ZitadelError) if errors.As(err, &caosErr) { caosErr.SetMessage(translator.LocalizeFromCtx(ctx, caosErr.GetMessage(), nil)) } return err } - -func newZitadelTranslator(defaultLanguage language.Tag) (*i18n.Translator, error) { - return translatorFromNamespace("zitadel", defaultLanguage) -} - -func translatorFromNamespace(namespace string, defaultLanguage language.Tag) (*i18n.Translator, error) { - dir, err := fs.NewWithNamespace(namespace) - logging.WithFields("namespace", namespace).OnError(err).Panic("unable to get namespace") - - return i18n.NewTranslator(dir, defaultLanguage, "") -} diff --git a/internal/api/grpc/server/probes.go b/internal/api/grpc/server/probes.go index c0eedcfcb6..6ca649926e 100644 --- a/internal/api/grpc/server/probes.go +++ b/internal/api/grpc/server/probes.go @@ -7,8 +7,8 @@ import ( "google.golang.org/protobuf/types/known/emptypb" "google.golang.org/protobuf/types/known/structpb" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type ValidationFunction func(ctx context.Context) error @@ -29,7 +29,7 @@ func (v *Validator) Ready(ctx context.Context, e *emptypb.Empty) (*emptypb.Empty if len(validate(ctx, v.validations)) == 0 { return e, nil } - return nil, errors.ThrowInternal(nil, "API-2jD9a", "not ready") + return nil, zerrors.ThrowInternal(nil, "API-2jD9a", "not ready") } func (v *Validator) Validate(ctx context.Context, _ *emptypb.Empty) (*structpb.Struct, error) { diff --git a/internal/api/grpc/server/probes_test.go b/internal/api/grpc/server/probes_test.go index a54b74a44d..3fe42aea40 100644 --- a/internal/api/grpc/server/probes_test.go +++ b/internal/api/grpc/server/probes_test.go @@ -7,7 +7,7 @@ import ( "google.golang.org/protobuf/types/known/emptypb" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestValidator_Healthz(t *testing.T) { @@ -66,7 +66,7 @@ func TestValidator_Ready(t *testing.T) { "unready error", fields{validations: map[string]ValidationFunction{ "error": func(_ context.Context) error { - return errors.ThrowInternal(nil, "id", "message") + return zerrors.ThrowInternal(nil, "id", "message") }, }}, res{ @@ -137,13 +137,13 @@ func Test_validate(t *testing.T) { return nil }, "error": func(_ context.Context) error { - return errors.ThrowInternal(nil, "id", "message") + return zerrors.ThrowInternal(nil, "id", "message") }, }, }, res{ map[string]any{ - "error": errors.ThrowInternal(nil, "id", "message"), + "error": zerrors.ThrowInternal(nil, "id", "message"), }, }, }, diff --git a/internal/api/grpc/session/v2/session.go b/internal/api/grpc/session/v2/session.go index 7b1f27ef82..68d98e57ee 100644 --- a/internal/api/grpc/session/v2/session.go +++ b/internal/api/grpc/session/v2/session.go @@ -15,8 +15,8 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc/object/v2" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" objpb "github.com/zitadel/zitadel/pkg/grpc/object" session "github.com/zitadel/zitadel/pkg/grpc/session/v2beta" ) @@ -284,7 +284,7 @@ func sessionQueryToQuery(sq *session.SearchQuery) (query.SearchQuery, error) { case *session.SearchQuery_CreationDateQuery: return creationDateQueryToQuery(q.CreationDateQuery) default: - return nil, caos_errs.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid") } } @@ -447,7 +447,7 @@ func (s *Server) createOTPEmailChallengeCommand(req *session.RequestChallenges_O case nil: return nil, s.command.CreateOTPEmailChallenge(), nil default: - return nil, nil, caos_errs.ThrowUnimplementedf(nil, "SESSION-k3ng0", "delivery_type oneOf %T in OTPEmailChallenge not implemented", t) + return nil, nil, zerrors.ThrowUnimplementedf(nil, "SESSION-k3ng0", "delivery_type oneOf %T in OTPEmailChallenge not implemented", t) } } @@ -461,7 +461,7 @@ func userCheck(user *session.CheckUser) (userSearch, error) { case *session.CheckUser_LoginName: return userByLoginName(s.LoginName) default: - return nil, caos_errs.ThrowUnimplementedf(nil, "SESSION-d3b4g0", "user search %T not implemented", s) + return nil, zerrors.ThrowUnimplementedf(nil, "SESSION-d3b4g0", "user search %T not implemented", s) } } diff --git a/internal/api/grpc/session/v2/session_test.go b/internal/api/grpc/session/v2/session_test.go index 8ec831a504..a268a9c889 100644 --- a/internal/api/grpc/session/v2/session_test.go +++ b/internal/api/grpc/session/v2/session_test.go @@ -14,11 +14,10 @@ import ( "google.golang.org/protobuf/types/known/timestamppb" "github.com/zitadel/zitadel/internal/api/authz" - objpb "github.com/zitadel/zitadel/pkg/grpc/object" - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" + objpb "github.com/zitadel/zitadel/pkg/grpc/object" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" session "github.com/zitadel/zitadel/pkg/grpc/session/v2beta" ) @@ -439,7 +438,7 @@ func Test_listSessionsRequestToQuery(t *testing.T) { }, }, }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), }, } for _, tt := range tests { @@ -479,7 +478,7 @@ func Test_sessionQueriesToQuery(t *testing.T) { {Query: nil}, }, }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), }, { name: "creator and sessions", @@ -529,7 +528,7 @@ func Test_sessionQueryToQuery(t *testing.T) { args: args{&session.SearchQuery{ Query: nil, }}, - wantErr: caos_errs.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(nil, "GRPC-Sfefs", "List.Query.Invalid"), }, { name: "ids query", @@ -624,7 +623,7 @@ func Test_userCheck(t *testing.T) { args: args{&session.CheckUser{ Search: nil, }}, - wantErr: caos_errs.ThrowUnimplementedf(nil, "SESSION-d3b4g0", "user search %T not implemented", nil), + wantErr: zerrors.ThrowUnimplementedf(nil, "SESSION-d3b4g0", "user search %T not implemented", nil), }, } for _, tt := range tests { diff --git a/internal/api/grpc/settings/v2/settings.go b/internal/api/grpc/settings/v2/settings.go index ff458fa98d..5e09f8e89a 100644 --- a/internal/api/grpc/settings/v2/settings.go +++ b/internal/api/grpc/settings/v2/settings.go @@ -7,7 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/object/v2" - "github.com/zitadel/zitadel/internal/api/grpc/text" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/query" object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta" @@ -116,13 +117,9 @@ func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.G } func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) { - langs, err := s.query.Languages(ctx) - if err != nil { - return nil, err - } instance := authz.GetInstance(ctx) return &settings.GetGeneralSettingsResponse{ - SupportedLanguages: text.LanguageTagsToStrings(langs), + SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()), DefaultOrgId: instance.DefaultOrganisationID(), DefaultLanguage: instance.DefaultLanguage().String(), }, nil diff --git a/internal/api/grpc/system/feature.go b/internal/api/grpc/system/feature.go index a577af4f00..01a15977b6 100644 --- a/internal/api/grpc/system/feature.go +++ b/internal/api/grpc/system/feature.go @@ -5,7 +5,7 @@ import ( object_pb "github.com/zitadel/zitadel/internal/api/grpc/object" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" system_pb "github.com/zitadel/zitadel/pkg/grpc/system" ) @@ -23,12 +23,12 @@ func (s *Server) SetInstanceFeature(ctx context.Context, req *system_pb.SetInsta func (s *Server) setInstanceFeature(ctx context.Context, req *system_pb.SetInstanceFeatureRequest) (*domain.ObjectDetails, error) { feat := domain.Feature(req.FeatureId) if !feat.IsAFeature() { - return nil, errors.ThrowInvalidArgument(nil, "SYST-SGV45", "Errors.Feature.NotExisting") + return nil, zerrors.ThrowInvalidArgument(nil, "SYST-SGV45", "Errors.Feature.NotExisting") } switch t := req.Value.(type) { case *system_pb.SetInstanceFeatureRequest_Bool: return s.command.SetBooleanInstanceFeature(ctx, feat, t.Bool) default: - return nil, errors.ThrowInvalidArgument(nil, "SYST-dag5g", "Errors.Feature.TypeNotSupported") + return nil, zerrors.ThrowInvalidArgument(nil, "SYST-dag5g", "Errors.Feature.TypeNotSupported") } } diff --git a/internal/api/grpc/system/instance_integration_test.go b/internal/api/grpc/system/instance_integration_test.go index f874ac79f0..a04118f59f 100644 --- a/internal/api/grpc/system/instance_integration_test.go +++ b/internal/api/grpc/system/instance_integration_test.go @@ -13,7 +13,7 @@ import ( ) func TestServer_ListInstances(t *testing.T) { - domain, instanceID, _ := Tester.UseIsolatedInstance(CTX, SystemCTX) + domain, instanceID, _ := Tester.UseIsolatedInstance(t, CTX, SystemCTX) tests := []struct { name string diff --git a/internal/api/grpc/system/limits_integration_test.go b/internal/api/grpc/system/limits_integration_test.go index e2480d0c0c..96ceafcdc3 100644 --- a/internal/api/grpc/system/limits_integration_test.go +++ b/internal/api/grpc/system/limits_integration_test.go @@ -4,6 +4,7 @@ package system_test import ( "context" + "google.golang.org/protobuf/types/known/timestamppb" "math/rand" "sync" "testing" @@ -20,9 +21,10 @@ import ( ) func TestServer_Limits_AuditLogRetention(t *testing.T) { - _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) userID, projectID, appID, projectGrantID := seedObjects(iamOwnerCtx, t) beforeTime := time.Now() + farPast := timestamppb.New(beforeTime.Add(-10 * time.Hour).UTC()) zeroCounts := &eventCounts{} seededCount := requireEventually(t, iamOwnerCtx, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) { counts.assertAll(t, c, "seeded events are > 0", assert.Greater, zeroCounts) @@ -36,10 +38,22 @@ func TestServer_Limits_AuditLogRetention(t *testing.T) { AuditLogRetention: durationpb.New(time.Now().Sub(beforeTime)), }) require.NoError(t, err) + var limitedCounts *eventCounts requireEventually(t, iamOwnerCtx, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) { counts.assertAll(t, c, "limited events < added events", assert.Less, addedCount) counts.assertAll(t, c, "limited events > 0", assert.Greater, zeroCounts) + limitedCounts = counts }, "wait for limited event assertions to pass") + listedEvents, err := Tester.Client.Admin.ListEvents(iamOwnerCtx, &admin.ListEventsRequest{CreationDateFilter: &admin.ListEventsRequest_From{ + From: farPast, + }}) + require.NoError(t, err) + assert.LessOrEqual(t, len(listedEvents.GetEvents()), limitedCounts.all, "ListEvents with from query older than retention doesn't return more events") + listedEvents, err = Tester.Client.Admin.ListEvents(iamOwnerCtx, &admin.ListEventsRequest{CreationDateFilter: &admin.ListEventsRequest_Range{Range: &admin.ListEventsRequestCreationDateRange{ + Since: farPast, + }}}) + require.NoError(t, err) + assert.LessOrEqual(t, len(listedEvents.GetEvents()), limitedCounts.all, "ListEvents with since query older than retention doesn't return more events") _, err = Tester.Client.System.ResetLimits(SystemCTX, &system.ResetLimitsRequest{ InstanceId: instanceID, }) diff --git a/internal/api/grpc/system/quota_integration_test.go b/internal/api/grpc/system/quota_integration_test.go index ba0e2cb4d7..7b9403377a 100644 --- a/internal/api/grpc/system/quota_integration_test.go +++ b/internal/api/grpc/system/quota_integration_test.go @@ -23,7 +23,7 @@ import ( var callURL = "http://localhost:" + integration.PortQuotaServer func TestServer_QuotaNotification_Limit(t *testing.T) { - _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) amount := 10 percent := 50 percentAmount := amount * percent / 100 @@ -67,7 +67,7 @@ func TestServer_QuotaNotification_Limit(t *testing.T) { } func TestServer_QuotaNotification_NoLimit(t *testing.T) { - _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) amount := 10 percent := 50 percentAmount := amount * percent / 100 @@ -149,7 +149,7 @@ func awaitNotification(t *testing.T, bodies chan []byte, unit quota.Unit, percen } func TestServer_AddAndRemoveQuota(t *testing.T) { - _, instanceID, _ := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, _ := Tester.UseIsolatedInstance(t, CTX, SystemCTX) got, err := Tester.Client.System.SetQuota(SystemCTX, &system.SetQuotaRequest{ InstanceId: instanceID, diff --git a/internal/api/grpc/text/language.go b/internal/api/grpc/text/language.go deleted file mode 100644 index 9ae5b1ed1a..0000000000 --- a/internal/api/grpc/text/language.go +++ /dev/null @@ -1,13 +0,0 @@ -package text - -import ( - "golang.org/x/text/language" -) - -func LanguageTagsToStrings(langs []language.Tag) []string { - result := make([]string, len(langs)) - for i, lang := range langs { - result[i] = lang.String() - } - return result -} diff --git a/internal/api/grpc/user/converter.go b/internal/api/grpc/user/converter.go index 7b00d2f4cc..eca346bad8 100644 --- a/internal/api/grpc/user/converter.go +++ b/internal/api/grpc/user/converter.go @@ -72,7 +72,7 @@ func MachineToPb(view *query.Machine) *user_pb.Machine { return &user_pb.Machine{ Name: view.Name, Description: view.Description, - HasSecret: view.HasSecret, + HasSecret: view.Secret != nil, AccessTokenType: AccessTokenTypeToPb(view.AccessTokenType), } } diff --git a/internal/api/grpc/user/membership.go b/internal/api/grpc/user/membership.go index 4aaa213090..1235f0ab72 100644 --- a/internal/api/grpc/user/membership.go +++ b/internal/api/grpc/user/membership.go @@ -2,8 +2,8 @@ package user import ( "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" user_pb "github.com/zitadel/zitadel/pkg/grpc/user" ) @@ -30,7 +30,7 @@ func MembershipQueryToQuery(req *user_pb.MembershipQuery) (query.SearchQuery, er case *user_pb.MembershipQuery_IamQuery: return query.NewMembershipIsIAMQuery() default: - return nil, errors.ThrowInvalidArgument(nil, "USER-dsg3z", "Errors.List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "USER-dsg3z", "Errors.List.Query.Invalid") } } diff --git a/internal/api/grpc/user/query.go b/internal/api/grpc/user/query.go index 2e997b2a18..cd01e545a4 100644 --- a/internal/api/grpc/user/query.go +++ b/internal/api/grpc/user/query.go @@ -2,8 +2,8 @@ package user import ( "github.com/zitadel/zitadel/internal/api/grpc/object" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" user_pb "github.com/zitadel/zitadel/pkg/grpc/user" ) @@ -21,7 +21,7 @@ func UserQueriesToQuery(queries []*user_pb.SearchQuery, level uint8) (_ []query. func UserQueryToQuery(query *user_pb.SearchQuery, level uint8) (query.SearchQuery, error) { if level > 20 { // can't go deeper than 20 levels of nesting. - return nil, errors.ThrowInvalidArgument(nil, "USER-zsQ97", "Errors.User.TooManyNestingLevels") + return nil, zerrors.ThrowInvalidArgument(nil, "USER-zsQ97", "Errors.User.TooManyNestingLevels") } switch q := query.Query.(type) { case *user_pb.SearchQuery_UserNameQuery: @@ -53,7 +53,7 @@ func UserQueryToQuery(query *user_pb.SearchQuery, level uint8) (query.SearchQuer case *user_pb.SearchQuery_NotQuery: return NotQueryToQuery(q.NotQuery, level) default: - return nil, errors.ThrowInvalidArgument(nil, "GRPC-vR9nC", "List.Query.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "GRPC-vR9nC", "List.Query.Invalid") } } diff --git a/internal/api/grpc/user/v2/email.go b/internal/api/grpc/user/v2/email.go index 83f771b358..7936fa4d1d 100644 --- a/internal/api/grpc/user/v2/email.go +++ b/internal/api/grpc/user/v2/email.go @@ -6,7 +6,7 @@ import ( "google.golang.org/protobuf/types/known/timestamppb" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -25,7 +25,7 @@ func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp case nil: email, err = s.command.ChangeUserEmail(ctx, req.GetUserId(), resourceOwner, req.GetEmail(), s.userCodeAlg) default: - err = caos_errs.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetEmail not implemented", v) + err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetEmail not implemented", v) } if err != nil { return nil, err diff --git a/internal/api/grpc/user/v2/passkey.go b/internal/api/grpc/user/v2/passkey.go index 659ef62388..69a7e8fdaa 100644 --- a/internal/api/grpc/user/v2/passkey.go +++ b/internal/api/grpc/user/v2/passkey.go @@ -8,7 +8,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/object/v2" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -47,7 +47,7 @@ func webAuthNRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails } options := new(structpb.Struct) if err := options.UnmarshalJSON(details.PublicKeyCredentialCreationOptions); err != nil { - return nil, nil, caos_errs.ThrowInternal(err, "USERv2-Dohr6", "Errors.Internal") + return nil, nil, zerrors.ThrowInternal(err, "USERv2-Dohr6", "Errors.Internal") } return object.DomainToDetailsPb(details.ObjectDetails), options, nil } @@ -68,7 +68,7 @@ func (s *Server) VerifyPasskeyRegistration(ctx context.Context, req *user.Verify resourceOwner := authz.GetCtxData(ctx).OrgID pkc, err := req.GetPublicKeyCredential().MarshalJSON() if err != nil { - return nil, caos_errs.ThrowInternal(err, "USERv2-Pha2o", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "USERv2-Pha2o", "Errors.Internal") } objectDetails, err := s.command.HumanHumanPasswordlessSetup(ctx, req.GetUserId(), resourceOwner, req.GetPasskeyName(), "", pkc) if err != nil { @@ -96,7 +96,7 @@ func (s *Server) CreatePasskeyRegistrationLink(ctx context.Context, req *user.Cr s.command.AddUserPasskeyCodeReturn(ctx, req.GetUserId(), resourceOwner, s.userCodeAlg), ) default: - return nil, caos_errs.ThrowUnimplementedf(nil, "USERv2-gaD8y", "verification oneOf %T in method CreatePasskeyRegistrationLink not implemented", medium) + return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-gaD8y", "verification oneOf %T in method CreatePasskeyRegistrationLink not implemented", medium) } } diff --git a/internal/api/grpc/user/v2/passkey_integration_test.go b/internal/api/grpc/user/v2/passkey_integration_test.go index 139bef3e68..383eeb0c82 100644 --- a/internal/api/grpc/user/v2/passkey_integration_test.go +++ b/internal/api/grpc/user/v2/passkey_integration_test.go @@ -24,6 +24,10 @@ func TestServer_RegisterPasskey(t *testing.T) { }) require.NoError(t, err) + // We also need a user session + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID) + type args struct { ctx context.Context req *user.RegisterPasskeyRequest @@ -95,14 +99,12 @@ func TestServer_RegisterPasskey(t *testing.T) { }, wantErr: true, }, - /* TODO: after we are able to obtain a Bearer token for a human user - https://github.com/zitadel/zitadel/issues/6022 { - name: "human user", + name: "user setting its own passkey", args: args{ - ctx: CTX, + ctx: Tester.WithAuthorizationToken(CTX, sessionToken), req: &user.RegisterPasskeyRequest{ - UserId: humanUserID, + UserId: userID, }, }, want: &user.RegisterPasskeyResponse{ @@ -111,7 +113,6 @@ func TestServer_RegisterPasskey(t *testing.T) { }, }, }, - */ } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/api/grpc/user/v2/passkey_test.go b/internal/api/grpc/user/v2/passkey_test.go index 8071db92bf..7d45c41756 100644 --- a/internal/api/grpc/user/v2/passkey_test.go +++ b/internal/api/grpc/user/v2/passkey_test.go @@ -13,7 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -81,7 +81,7 @@ func Test_passkeyRegistrationDetailsToPb(t *testing.T) { }, err: nil, }, - wantErr: caos_errs.ThrowInternal(nil, "USERv2-Dohr6", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(nil, "USERv2-Dohr6", "Errors.Internal"), }, { name: "ok", diff --git a/internal/api/grpc/user/v2/password.go b/internal/api/grpc/user/v2/password.go index 1bd1604058..c5e23f920e 100644 --- a/internal/api/grpc/user/v2/password.go +++ b/internal/api/grpc/user/v2/password.go @@ -6,7 +6,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/object/v2" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -22,7 +22,7 @@ func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetReque case nil: details, code, err = s.command.RequestPasswordReset(ctx, req.GetUserId()) default: - err = caos_errs.ThrowUnimplementedf(nil, "USERv2-SDeeg", "verification oneOf %T in method RequestPasswordReset not implemented", m) + err = zerrors.ThrowUnimplementedf(nil, "USERv2-SDeeg", "verification oneOf %T in method RequestPasswordReset not implemented", m) } if err != nil { return nil, err @@ -53,13 +53,13 @@ func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest) switch v := req.GetVerification().(type) { case *user.SetPasswordRequest_CurrentPassword: - details, err = s.command.ChangePassword(ctx, resourceOwner, req.GetUserId(), v.CurrentPassword, req.GetNewPassword().GetPassword(), "") + details, err = s.command.ChangePassword(ctx, resourceOwner, req.GetUserId(), v.CurrentPassword, req.GetNewPassword().GetPassword()) case *user.SetPasswordRequest_VerificationCode: - details, err = s.command.SetPasswordWithVerifyCode(ctx, resourceOwner, req.GetUserId(), v.VerificationCode, req.GetNewPassword().GetPassword(), "") + details, err = s.command.SetPasswordWithVerifyCode(ctx, resourceOwner, req.GetUserId(), v.VerificationCode, req.GetNewPassword().GetPassword()) case nil: details, err = s.command.SetPassword(ctx, resourceOwner, req.GetUserId(), req.GetNewPassword().GetPassword(), req.GetNewPassword().GetChangeRequired()) default: - err = caos_errs.ThrowUnimplementedf(nil, "USERv2-SFdf2", "verification oneOf %T in method SetPasswordRequest not implemented", v) + err = zerrors.ThrowUnimplementedf(nil, "USERv2-SFdf2", "verification oneOf %T in method SetPasswordRequest not implemented", v) } if err != nil { return nil, err diff --git a/internal/api/grpc/user/v2/phone.go b/internal/api/grpc/user/v2/phone.go index 9e97bb0195..b2df7d2c6c 100644 --- a/internal/api/grpc/user/v2/phone.go +++ b/internal/api/grpc/user/v2/phone.go @@ -6,7 +6,7 @@ import ( "google.golang.org/protobuf/types/known/timestamppb" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -25,7 +25,7 @@ func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp case nil: phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg) default: - err = caos_errs.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v) + err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v) } if err != nil { return nil, err diff --git a/internal/api/grpc/user/v2/totp_integration_test.go b/internal/api/grpc/user/v2/totp_integration_test.go index 18a5e43bd1..4fef7bbf9b 100644 --- a/internal/api/grpc/user/v2/totp_integration_test.go +++ b/internal/api/grpc/user/v2/totp_integration_test.go @@ -5,16 +5,22 @@ package user_test import ( "context" "testing" + "time" + "github.com/pquerna/otp/totp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/zitadel/zitadel/internal/integration" + object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) func TestServer_RegisterTOTP(t *testing.T) { - // userID := Tester.CreateHumanUser(CTX).GetUserId() + userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID) + ctx := Tester.WithAuthorizationToken(CTX, sessionToken) type args struct { ctx context.Context @@ -29,7 +35,7 @@ func TestServer_RegisterTOTP(t *testing.T) { { name: "missing user id", args: args{ - ctx: CTX, + ctx: ctx, req: &user.RegisterTOTPRequest{}, }, wantErr: true, @@ -37,19 +43,17 @@ func TestServer_RegisterTOTP(t *testing.T) { { name: "user mismatch", args: args{ - ctx: CTX, + ctx: ctx, req: &user.RegisterTOTPRequest{ UserId: "wrong", }, }, wantErr: true, }, - /* TODO: after we are able to obtain a Bearer token for a human user - https://github.com/zitadel/zitadel/issues/6022 { - name: "human user", + name: "success", args: args{ - ctx: CTX, + ctx: ctx, req: &user.RegisterTOTPRequest{ UserId: userID, }, @@ -60,7 +64,6 @@ func TestServer_RegisterTOTP(t *testing.T) { }, }, }, - */ } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -80,15 +83,16 @@ func TestServer_RegisterTOTP(t *testing.T) { func TestServer_VerifyTOTPRegistration(t *testing.T) { userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID) + ctx := Tester.WithAuthorizationToken(CTX, sessionToken) - /* TODO: after we are able to obtain a Bearer token for a human user - reg, err := Client.RegisterTOTP(CTX, &user.RegisterTOTPRequest{ + reg, err := Client.RegisterTOTP(ctx, &user.RegisterTOTPRequest{ UserId: userID, }) require.NoError(t, err) code, err := totp.GenerateCode(reg.Secret, time.Now()) require.NoError(t, err) - */ type args struct { ctx context.Context @@ -103,7 +107,7 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) { { name: "user mismatch", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyTOTPRegistrationRequest{ UserId: "wrong", }, @@ -113,7 +117,7 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) { { name: "wrong code", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyTOTPRegistrationRequest{ UserId: userID, Code: "123", @@ -121,12 +125,10 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) { }, wantErr: true, }, - /* TODO: after we are able to obtain a Bearer token for a human user - https://github.com/zitadel/zitadel/issues/6022 { name: "success", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyTOTPRegistrationRequest{ UserId: userID, Code: code, @@ -138,7 +140,6 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) { }, }, }, - */ } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/api/grpc/user/v2/u2f.go b/internal/api/grpc/user/v2/u2f.go index 077f2346ef..56310508ff 100644 --- a/internal/api/grpc/user/v2/u2f.go +++ b/internal/api/grpc/user/v2/u2f.go @@ -6,7 +6,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/object/v2" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -32,7 +32,7 @@ func (s *Server) VerifyU2FRegistration(ctx context.Context, req *user.VerifyU2FR resourceOwner := authz.GetCtxData(ctx).OrgID pkc, err := req.GetPublicKeyCredential().MarshalJSON() if err != nil { - return nil, caos_errs.ThrowInternal(err, "USERv2-IeTh4", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "USERv2-IeTh4", "Errors.Internal") } objectDetails, err := s.command.HumanVerifyU2FSetup(ctx, req.GetUserId(), resourceOwner, req.GetTokenName(), "", pkc) if err != nil { diff --git a/internal/api/grpc/user/v2/u2f_integration_test.go b/internal/api/grpc/user/v2/u2f_integration_test.go index febe0ddfb1..77653f8789 100644 --- a/internal/api/grpc/user/v2/u2f_integration_test.go +++ b/internal/api/grpc/user/v2/u2f_integration_test.go @@ -11,12 +11,17 @@ import ( "google.golang.org/protobuf/types/known/structpb" "github.com/zitadel/zitadel/internal/integration" + object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) func TestServer_RegisterU2F(t *testing.T) { userID := Tester.CreateHumanUser(CTX).GetUserId() + // We also need a user session + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID) + type args struct { ctx context.Context req *user.RegisterU2FRequest @@ -45,12 +50,10 @@ func TestServer_RegisterU2F(t *testing.T) { }, wantErr: true, }, - /* TODO: after we are able to obtain a Bearer token for a human user - https://github.com/zitadel/zitadel/issues/6022 { - name: "human user", + name: "user setting its own passkey", args: args{ - ctx: CTX, + ctx: Tester.WithAuthorizationToken(CTX, sessionToken), req: &user.RegisterU2FRequest{ UserId: userID, }, @@ -61,7 +64,6 @@ func TestServer_RegisterU2F(t *testing.T) { }, }, }, - */ } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -85,8 +87,11 @@ func TestServer_RegisterU2F(t *testing.T) { func TestServer_VerifyU2FRegistration(t *testing.T) { userID := Tester.CreateHumanUser(CTX).GetUserId() - /* TODO after we are able to obtain a Bearer token for a human user - pkr, err := Client.RegisterU2F(CTX, &user.RegisterU2FRequest{ + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID) + ctx := Tester.WithAuthorizationToken(CTX, sessionToken) + + pkr, err := Client.RegisterU2F(ctx, &user.RegisterU2FRequest{ UserId: userID, }) require.NoError(t, err) @@ -94,7 +99,6 @@ func TestServer_VerifyU2FRegistration(t *testing.T) { attestationResponse, err := Tester.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions()) require.NoError(t, err) - */ type args struct { ctx context.Context @@ -109,7 +113,7 @@ func TestServer_VerifyU2FRegistration(t *testing.T) { { name: "missing user id", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyU2FRegistrationRequest{ U2FId: "123", TokenName: "nice name", @@ -117,11 +121,10 @@ func TestServer_VerifyU2FRegistration(t *testing.T) { }, wantErr: true, }, - /* TODO after we are able to obtain a Bearer token for a human user { name: "success", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyU2FRegistrationRequest{ UserId: userID, U2FId: pkr.GetU2FId(), @@ -135,11 +138,10 @@ func TestServer_VerifyU2FRegistration(t *testing.T) { }, }, }, - */ { name: "wrong credential", args: args{ - ctx: CTX, + ctx: ctx, req: &user.VerifyU2FRegistrationRequest{ UserId: userID, U2FId: "123", diff --git a/internal/api/grpc/user/v2/u2f_test.go b/internal/api/grpc/user/v2/u2f_test.go index 0a4aaf9563..087837ce3c 100644 --- a/internal/api/grpc/user/v2/u2f_test.go +++ b/internal/api/grpc/user/v2/u2f_test.go @@ -12,7 +12,7 @@ import ( "github.com/zitadel/zitadel/internal/api/grpc" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -50,7 +50,7 @@ func Test_u2fRegistrationDetailsToPb(t *testing.T) { }, err: nil, }, - wantErr: caos_errs.ThrowInternal(nil, "USERv2-Dohr6", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(nil, "USERv2-Dohr6", "Errors.Internal"), }, { name: "ok", diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go index 4301bc097d..146020cdf3 100644 --- a/internal/api/grpc/user/v2/user.go +++ b/internal/api/grpc/user/v2/user.go @@ -2,7 +2,7 @@ package user import ( "context" - errs "errors" + "errors" "io" "golang.org/x/text/language" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp/providers/ldap" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -28,8 +28,7 @@ func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest return nil, err } orgID := authz.GetCtxData(ctx).OrgID - err = s.command.AddHuman(ctx, orgID, human, false) - if err != nil { + if err = s.command.AddUserHuman(ctx, orgID, human, false, s.userCodeAlg); err != nil { return nil, err } return &user.AddHumanUserResponse{ @@ -114,6 +113,172 @@ func genderToDomain(gender user.Gender) domain.Gender { } } +func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserRequest) (_ *user.UpdateHumanUserResponse, err error) { + human, err := UpdateUserRequestToChangeHuman(req) + if err != nil { + return nil, err + } + err = s.command.ChangeUserHuman(ctx, human, s.userCodeAlg) + if err != nil { + return nil, err + } + return &user.UpdateHumanUserResponse{ + Details: object.DomainToDetailsPb(human.Details), + EmailCode: human.EmailCode, + PhoneCode: human.PhoneCode, + }, nil +} + +func (s *Server) LockUser(ctx context.Context, req *user.LockUserRequest) (_ *user.LockUserResponse, err error) { + details, err := s.command.LockUserV2(ctx, req.UserId) + if err != nil { + return nil, err + } + return &user.LockUserResponse{ + Details: object.DomainToDetailsPb(details), + }, nil +} + +func (s *Server) UnlockUser(ctx context.Context, req *user.UnlockUserRequest) (_ *user.UnlockUserResponse, err error) { + details, err := s.command.UnlockUserV2(ctx, req.UserId) + if err != nil { + return nil, err + } + return &user.UnlockUserResponse{ + Details: object.DomainToDetailsPb(details), + }, nil +} + +func (s *Server) DeactivateUser(ctx context.Context, req *user.DeactivateUserRequest) (_ *user.DeactivateUserResponse, err error) { + details, err := s.command.DeactivateUserV2(ctx, req.UserId) + if err != nil { + return nil, err + } + return &user.DeactivateUserResponse{ + Details: object.DomainToDetailsPb(details), + }, nil +} + +func (s *Server) ReactivateUser(ctx context.Context, req *user.ReactivateUserRequest) (_ *user.ReactivateUserResponse, err error) { + details, err := s.command.ReactivateUserV2(ctx, req.UserId) + if err != nil { + return nil, err + } + return &user.ReactivateUserResponse{ + Details: object.DomainToDetailsPb(details), + }, nil +} + +func ifNotNilPtr[v, p any](value *v, conv func(v) p) *p { + var pNil *p + if value == nil { + return pNil + } + pVal := conv(*value) + return &pVal +} + +func UpdateUserRequestToChangeHuman(req *user.UpdateHumanUserRequest) (*command.ChangeHuman, error) { + email, err := SetHumanEmailToEmail(req.Email, req.GetUserId()) + if err != nil { + return nil, err + } + return &command.ChangeHuman{ + ID: req.GetUserId(), + Username: req.Username, + Profile: SetHumanProfileToProfile(req.Profile), + Email: email, + Phone: SetHumanPhoneToPhone(req.Phone), + Password: SetHumanPasswordToPassword(req.Password), + }, nil +} + +func SetHumanProfileToProfile(profile *user.SetHumanProfile) *command.Profile { + if profile == nil { + return nil + } + var firstName *string + if profile.GivenName != "" { + firstName = &profile.GivenName + } + var lastName *string + if profile.FamilyName != "" { + lastName = &profile.FamilyName + } + return &command.Profile{ + FirstName: firstName, + LastName: lastName, + NickName: profile.NickName, + DisplayName: profile.DisplayName, + PreferredLanguage: ifNotNilPtr(profile.PreferredLanguage, language.Make), + Gender: ifNotNilPtr(profile.Gender, genderToDomain), + } +} + +func SetHumanEmailToEmail(email *user.SetHumanEmail, userID string) (*command.Email, error) { + if email == nil { + return nil, nil + } + var urlTemplate string + if email.GetSendCode() != nil && email.GetSendCode().UrlTemplate != nil { + urlTemplate = *email.GetSendCode().UrlTemplate + if err := domain.RenderConfirmURLTemplate(io.Discard, urlTemplate, userID, "code", "orgID"); err != nil { + return nil, err + } + } + return &command.Email{ + Address: domain.EmailAddress(email.Email), + Verified: email.GetIsVerified(), + ReturnCode: email.GetReturnCode() != nil, + URLTemplate: urlTemplate, + }, nil +} + +func SetHumanPhoneToPhone(phone *user.SetHumanPhone) *command.Phone { + if phone == nil { + return nil + } + return &command.Phone{ + Number: domain.PhoneNumber(phone.GetPhone()), + Verified: phone.GetIsVerified(), + ReturnCode: phone.GetReturnCode() != nil, + } +} + +func SetHumanPasswordToPassword(password *user.SetPassword) *command.Password { + if password == nil { + return nil + } + var changeRequired bool + var passwordStr *string + if password.GetPassword() != nil { + passwordStr = &password.GetPassword().Password + changeRequired = password.GetPassword().GetChangeRequired() + } + var hash *string + if password.GetHashedPassword() != nil { + hash = &password.GetHashedPassword().Hash + changeRequired = password.GetHashedPassword().GetChangeRequired() + } + var code *string + if password.GetVerificationCode() != "" { + codeT := password.GetVerificationCode() + code = &codeT + } + var oldPassword *string + if password.GetCurrentPassword() != "" { + oldPasswordT := password.GetCurrentPassword() + oldPassword = &oldPasswordT + } + return &command.Password{ + PasswordCode: code, + OldPassword: oldPassword, + Password: passwordStr, + EncodedPasswordHash: hash, + ChangeRequired: changeRequired, + } +} + func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) { orgID := authz.GetCtxData(ctx).OrgID details, err := s.command.AddUserIDPLink(ctx, req.UserId, orgID, &command.AddLink{ @@ -129,6 +294,92 @@ func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ }, nil } +func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) { + memberships, grants, err := s.removeUserDependencies(ctx, req.GetUserId()) + if err != nil { + return nil, err + } + details, err := s.command.RemoveUserV2(ctx, req.UserId, memberships, grants...) + if err != nil { + return nil, err + } + return &user.DeleteUserResponse{ + Details: object.DomainToDetailsPb(details), + }, nil +} + +func (s *Server) removeUserDependencies(ctx context.Context, userID string) ([]*command.CascadingMembership, []string, error) { + userGrantUserQuery, err := query.NewUserGrantUserIDSearchQuery(userID) + if err != nil { + return nil, nil, err + } + grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{ + Queries: []query.SearchQuery{userGrantUserQuery}, + }, true, true) + if err != nil { + return nil, nil, err + } + membershipsUserQuery, err := query.NewMembershipUserIDQuery(userID) + if err != nil { + return nil, nil, err + } + memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{ + Queries: []query.SearchQuery{membershipsUserQuery}, + }, false) + if err != nil { + return nil, nil, err + } + return cascadingMemberships(memberships.Memberships), userGrantsToIDs(grants.UserGrants), nil +} + +func cascadingMemberships(memberships []*query.Membership) []*command.CascadingMembership { + cascades := make([]*command.CascadingMembership, len(memberships)) + for i, membership := range memberships { + cascades[i] = &command.CascadingMembership{ + UserID: membership.UserID, + ResourceOwner: membership.ResourceOwner, + IAM: cascadingIAMMembership(membership.IAM), + Org: cascadingOrgMembership(membership.Org), + Project: cascadingProjectMembership(membership.Project), + ProjectGrant: cascadingProjectGrantMembership(membership.ProjectGrant), + } + } + return cascades +} + +func cascadingIAMMembership(membership *query.IAMMembership) *command.CascadingIAMMembership { + if membership == nil { + return nil + } + return &command.CascadingIAMMembership{IAMID: membership.IAMID} +} +func cascadingOrgMembership(membership *query.OrgMembership) *command.CascadingOrgMembership { + if membership == nil { + return nil + } + return &command.CascadingOrgMembership{OrgID: membership.OrgID} +} +func cascadingProjectMembership(membership *query.ProjectMembership) *command.CascadingProjectMembership { + if membership == nil { + return nil + } + return &command.CascadingProjectMembership{ProjectID: membership.ProjectID} +} +func cascadingProjectGrantMembership(membership *query.ProjectGrantMembership) *command.CascadingProjectGrantMembership { + if membership == nil { + return nil + } + return &command.CascadingProjectGrantMembership{ProjectID: membership.ProjectID, GrantID: membership.GrantID} +} + +func userGrantsToIDs(userGrants []*query.UserGrant) []string { + converted := make([]string, len(userGrants)) + for i, grant := range userGrants { + converted[i] = grant.ID + } + return converted +} + func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.StartIdentityProviderIntentRequest) (_ *user.StartIdentityProviderIntentResponse, err error) { switch t := req.GetContent().(type) { case *user.StartIdentityProviderIntentRequest_Urls: @@ -136,7 +387,7 @@ func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.Star case *user.StartIdentityProviderIntentRequest_Ldap: return s.startLDAPIntent(ctx, req.GetIdpId(), t.Ldap) default: - return nil, errors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t) + return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t) } } @@ -221,12 +472,12 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string } ldapProvider, ok := provider.(*ldap.Provider) if !ok { - return nil, "", nil, errors.ThrowInvalidArgument(nil, "IDP-9a02j2n2bh", "Errors.ExternalIDP.IDPTypeNotImplemented") + return nil, "", nil, zerrors.ThrowInvalidArgument(nil, "IDP-9a02j2n2bh", "Errors.ExternalIDP.IDPTypeNotImplemented") } session := ldapProvider.GetSession(username, password) externalUser, err := session.FetchUser(ctx) - if errs.Is(err, ldap.ErrFailedLogin) || errs.Is(err, ldap.ErrNoSingleUser) { - return nil, "", nil, errors.ThrowInvalidArgument(nil, "COMMAND-nzun2i", "Errors.User.ExternalIDP.LoginFailed") + if errors.Is(err, ldap.ErrFailedLogin) || errors.Is(err, ldap.ErrNoSingleUser) { + return nil, "", nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-nzun2i", "Errors.User.ExternalIDP.LoginFailed") } if err != nil { return nil, "", nil, err @@ -252,7 +503,7 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R return nil, err } if intent.State != domain.IDPIntentStateSucceeded { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-Hk38e", "Errors.Intent.NotSucceeded") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-Hk38e", "Errors.Intent.NotSucceeded") } return idpIntentToIDPIntentPb(intent, s.idpAlg) } diff --git a/internal/api/grpc/user/v2/user_integration_test.go b/internal/api/grpc/user/v2/user_integration_test.go index 55f0e76a17..56dfc47f38 100644 --- a/internal/api/grpc/user/v2/user_integration_test.go +++ b/internal/api/grpc/user/v2/user_integration_test.go @@ -13,11 +13,14 @@ import ( "github.com/muhlemmer/gu" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/timestamppb" "github.com/zitadel/zitadel/internal/api/grpc" "github.com/zitadel/zitadel/internal/integration" + "github.com/zitadel/zitadel/pkg/grpc/idp" mgmt "github.com/zitadel/zitadel/pkg/grpc/management" object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" @@ -537,6 +540,896 @@ func TestServer_AddHumanUser(t *testing.T) { if tt.want.GetEmailCode() != "" { assert.NotEmpty(t, got.GetEmailCode()) } + if tt.want.GetPhoneCode() != "" { + assert.NotEmpty(t, got.GetPhoneCode()) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_UpdateHumanUser(t *testing.T) { + type args struct { + ctx context.Context + req *user.UpdateHumanUserRequest + } + tests := []struct { + name string + prepare func(request *user.UpdateHumanUserRequest) error + args args + want *user.UpdateHumanUserResponse + wantErr bool + }{ + { + name: "not exisiting", + prepare: func(request *user.UpdateHumanUserRequest) error { + request.UserId = "notexisiting" + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Username: gu.Ptr("changed"), + }, + }, + wantErr: true, + }, + { + name: "change username, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Username: gu.Ptr(fmt.Sprint(time.Now().UnixNano() + 1)), + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change profile, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Profile: &user.SetHumanProfile{ + GivenName: "Donald", + FamilyName: "Duck", + NickName: gu.Ptr("Dukkie"), + DisplayName: gu.Ptr("Donald Duck"), + PreferredLanguage: gu.Ptr("en"), + Gender: user.Gender_GENDER_DIVERSE.Enum(), + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change email, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Email: &user.SetHumanEmail{ + Email: "changed@test.com", + Verification: &user.SetHumanEmail_IsVerified{IsVerified: true}, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change email, code, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Email: &user.SetHumanEmail{ + Email: "changed@test.com", + Verification: &user.SetHumanEmail_ReturnCode{}, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + EmailCode: gu.Ptr("something"), + }, + }, + { + name: "change phone, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Phone: &user.SetHumanPhone{ + Phone: "+41791234567", + Verification: &user.SetHumanPhone_IsVerified{IsVerified: true}, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change phone, code, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Phone: &user.SetHumanPhone{ + Phone: "+41791234568", + Verification: &user.SetHumanPhone_ReturnCode{}, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + PhoneCode: gu.Ptr("something"), + }, + }, + { + name: "change password, code, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{ + UserId: userID, + Medium: &user.PasswordResetRequest_ReturnCode{ + ReturnCode: &user.ReturnPasswordResetCode{}, + }, + }) + if err != nil { + return err + } + request.Password.Verification = &user.SetPassword_VerificationCode{ + VerificationCode: resp.GetVerificationCode(), + } + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Password: &user.SetPassword{ + PasswordType: &user.SetPassword_Password{ + Password: &user.Password{ + Password: "Password1!", + ChangeRequired: true, + }, + }, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change hashed password, code, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{ + UserId: userID, + Medium: &user.PasswordResetRequest_ReturnCode{ + ReturnCode: &user.ReturnPasswordResetCode{}, + }, + }) + if err != nil { + return err + } + request.Password.Verification = &user.SetPassword_VerificationCode{ + VerificationCode: resp.GetVerificationCode(), + } + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Password: &user.SetPassword{ + PasswordType: &user.SetPassword_HashedPassword{ + HashedPassword: &user.HashedPassword{ + Hash: "$2y$12$hXUrnqdq1RIIYZ2HPytIIe5lXdIvbhqrTvdPsSF7o.jFh817Z6lwm", + }, + }, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "change hashed password, code, not supported", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{ + UserId: userID, + Medium: &user.PasswordResetRequest_ReturnCode{ + ReturnCode: &user.ReturnPasswordResetCode{}, + }, + }) + if err != nil { + return err + } + request.Password = &user.SetPassword{ + Verification: &user.SetPassword_VerificationCode{ + VerificationCode: resp.GetVerificationCode(), + }, + } + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Password: &user.SetPassword{ + PasswordType: &user.SetPassword_HashedPassword{ + HashedPassword: &user.HashedPassword{ + Hash: "$scrypt$ln=16,r=8,p=1$cmFuZG9tc2FsdGlzaGFyZA$Rh+NnJNo1I6nRwaNqbDm6kmADswD1+7FTKZ7Ln9D8nQ", + }, + }, + }, + }, + }, + wantErr: true, + }, + { + name: "change password, old password, ok", + prepare: func(request *user.UpdateHumanUserRequest) error { + userID := Tester.CreateHumanUser(CTX).GetUserId() + request.UserId = userID + + resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{ + UserId: userID, + Medium: &user.PasswordResetRequest_ReturnCode{ + ReturnCode: &user.ReturnPasswordResetCode{}, + }, + }) + if err != nil { + return err + } + pw := "Password1." + _, err = Client.SetPassword(CTX, &user.SetPasswordRequest{ + UserId: userID, + NewPassword: &user.Password{ + Password: pw, + ChangeRequired: true, + }, + Verification: &user.SetPasswordRequest_VerificationCode{ + VerificationCode: resp.GetVerificationCode(), + }, + }) + if err != nil { + return err + } + request.Password.Verification = &user.SetPassword_CurrentPassword{ + CurrentPassword: pw, + } + return nil + }, + args: args{ + CTX, + &user.UpdateHumanUserRequest{ + Password: &user.SetPassword{ + PasswordType: &user.SetPassword_Password{ + Password: &user.Password{ + Password: "Password1!", + ChangeRequired: true, + }, + }, + }, + }, + }, + want: &user.UpdateHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.UpdateHumanUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + if tt.want.GetEmailCode() != "" { + assert.NotEmpty(t, got.GetEmailCode()) + } + if tt.want.GetPhoneCode() != "" { + assert.NotEmpty(t, got.GetPhoneCode()) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_LockUser(t *testing.T) { + type args struct { + ctx context.Context + req *user.LockUserRequest + prepare func(request *user.LockUserRequest) error + } + tests := []struct { + name string + args args + want *user.LockUserResponse + wantErr bool + }{ + { + name: "lock, not existing", + args: args{ + CTX, + &user.LockUserRequest{ + UserId: "notexisting", + }, + func(request *user.LockUserRequest) error { return nil }, + }, + wantErr: true, + }, + { + name: "lock, ok", + args: args{ + CTX, + &user.LockUserRequest{}, + func(request *user.LockUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + want: &user.LockUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "lock machine, ok", + args: args{ + CTX, + &user.LockUserRequest{}, + func(request *user.LockUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + want: &user.LockUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "lock, already locked", + args: args{ + CTX, + &user.LockUserRequest{}, + func(request *user.LockUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.LockUser(CTX, &user.LockUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + wantErr: true, + }, + { + name: "lock machine, already locked", + args: args{ + CTX, + &user.LockUserRequest{}, + func(request *user.LockUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.LockUser(CTX, &user.LockUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.args.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.LockUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_UnLockUser(t *testing.T) { + type args struct { + ctx context.Context + req *user.UnlockUserRequest + prepare func(request *user.UnlockUserRequest) error + } + tests := []struct { + name string + args args + want *user.UnlockUserResponse + wantErr bool + }{ + { + name: "unlock, not existing", + args: args{ + CTX, + &user.UnlockUserRequest{ + UserId: "notexisting", + }, + func(request *user.UnlockUserRequest) error { return nil }, + }, + wantErr: true, + }, + { + name: "unlock, not locked", + args: args{ + ctx: CTX, + req: &user.UnlockUserRequest{}, + prepare: func(request *user.UnlockUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + wantErr: true, + }, + { + name: "unlock machine, not locked", + args: args{ + ctx: CTX, + req: &user.UnlockUserRequest{}, + prepare: func(request *user.UnlockUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + wantErr: true, + }, + { + name: "unlock, ok", + args: args{ + ctx: CTX, + req: &user.UnlockUserRequest{}, + prepare: func(request *user.UnlockUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.LockUser(CTX, &user.LockUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + want: &user.UnlockUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "unlock machine, ok", + args: args{ + ctx: CTX, + req: &user.UnlockUserRequest{}, + prepare: func(request *user.UnlockUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.LockUser(CTX, &user.LockUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + want: &user.UnlockUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.args.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.UnlockUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_DeactivateUser(t *testing.T) { + type args struct { + ctx context.Context + req *user.DeactivateUserRequest + prepare func(request *user.DeactivateUserRequest) error + } + tests := []struct { + name string + args args + want *user.DeactivateUserResponse + wantErr bool + }{ + { + name: "deactivate, not existing", + args: args{ + CTX, + &user.DeactivateUserRequest{ + UserId: "notexisting", + }, + func(request *user.DeactivateUserRequest) error { return nil }, + }, + wantErr: true, + }, + { + name: "deactivate, ok", + args: args{ + CTX, + &user.DeactivateUserRequest{}, + func(request *user.DeactivateUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + want: &user.DeactivateUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "deactivate machine, ok", + args: args{ + CTX, + &user.DeactivateUserRequest{}, + func(request *user.DeactivateUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + want: &user.DeactivateUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "deactivate, already deactivated", + args: args{ + CTX, + &user.DeactivateUserRequest{}, + func(request *user.DeactivateUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.DeactivateUser(CTX, &user.DeactivateUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + wantErr: true, + }, + { + name: "deactivate machine, already deactivated", + args: args{ + CTX, + &user.DeactivateUserRequest{}, + func(request *user.DeactivateUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.DeactivateUser(CTX, &user.DeactivateUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.args.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.DeactivateUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_ReactivateUser(t *testing.T) { + type args struct { + ctx context.Context + req *user.ReactivateUserRequest + prepare func(request *user.ReactivateUserRequest) error + } + tests := []struct { + name string + args args + want *user.ReactivateUserResponse + wantErr bool + }{ + { + name: "reactivate, not existing", + args: args{ + CTX, + &user.ReactivateUserRequest{ + UserId: "notexisting", + }, + func(request *user.ReactivateUserRequest) error { return nil }, + }, + wantErr: true, + }, + { + name: "reactivate, not deactivated", + args: args{ + ctx: CTX, + req: &user.ReactivateUserRequest{}, + prepare: func(request *user.ReactivateUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + wantErr: true, + }, + { + name: "reactivate machine, not deactivated", + args: args{ + ctx: CTX, + req: &user.ReactivateUserRequest{}, + prepare: func(request *user.ReactivateUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + return nil + }, + }, + wantErr: true, + }, + { + name: "reactivate, ok", + args: args{ + ctx: CTX, + req: &user.ReactivateUserRequest{}, + prepare: func(request *user.ReactivateUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.DeactivateUser(CTX, &user.DeactivateUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + want: &user.ReactivateUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "reactivate machine, ok", + args: args{ + ctx: CTX, + req: &user.ReactivateUserRequest{}, + prepare: func(request *user.ReactivateUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + _, err := Client.DeactivateUser(CTX, &user.DeactivateUserRequest{ + UserId: resp.GetUserId(), + }) + return err + }, + }, + want: &user.ReactivateUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.args.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.ReactivateUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_DeleteUser(t *testing.T) { + projectResp, err := Tester.CreateProject(CTX) + require.NoError(t, err) + type args struct { + ctx context.Context + req *user.DeleteUserRequest + prepare func(request *user.DeleteUserRequest) error + } + tests := []struct { + name string + args args + want *user.DeleteUserResponse + wantErr bool + }{ + { + name: "remove, not existing", + args: args{ + CTX, + &user.DeleteUserRequest{ + UserId: "notexisting", + }, + func(request *user.DeleteUserRequest) error { return nil }, + }, + wantErr: true, + }, + { + name: "remove human, ok", + args: args{ + ctx: CTX, + req: &user.DeleteUserRequest{}, + prepare: func(request *user.DeleteUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + return err + }, + }, + want: &user.DeleteUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "remove machine, ok", + args: args{ + ctx: CTX, + req: &user.DeleteUserRequest{}, + prepare: func(request *user.DeleteUserRequest) error { + resp := Tester.CreateMachineUser(CTX) + request.UserId = resp.GetUserId() + return err + }, + }, + want: &user.DeleteUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "remove dependencies, ok", + args: args{ + ctx: CTX, + req: &user.DeleteUserRequest{}, + prepare: func(request *user.DeleteUserRequest) error { + resp := Tester.CreateHumanUser(CTX) + request.UserId = resp.GetUserId() + Tester.CreateProjectUserGrant(t, CTX, projectResp.GetId(), request.UserId) + Tester.CreateProjectMembership(t, CTX, projectResp.GetId(), request.UserId) + Tester.CreateOrgMembership(t, CTX, request.UserId) + return err + }, + }, + want: &user.DeleteUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := tt.args.prepare(tt.args.req) + require.NoError(t, err) + + got, err := Client.DeleteUser(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } integration.AssertDetails(t, tt.want, got) }) } @@ -677,7 +1570,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) { parametersEqual: map[string]string{ "client_id": "clientID", "prompt": "select_account", - "redirect_uri": "http://localhost:8080/idps/callback", + "redirect_uri": "http://" + Tester.Config.ExternalDomain + ":8080/idps/callback", "response_type": "code", "scope": "openid profile email", }, @@ -704,7 +1597,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) { ChangeDate: timestamppb.Now(), ResourceOwner: Tester.Organisation.ID, }, - url: "http://localhost:8000/sso", + url: "http://" + Tester.Config.ExternalDomain + ":8000/sso", parametersExisting: []string{"RelayState", "SAMLRequest"}, }, wantErr: false, @@ -728,7 +1621,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) { ChangeDate: timestamppb.Now(), ResourceOwner: Tester.Organisation.ID, }, - url: "http://localhost:8000/sso", + url: "http://" + Tester.Config.ExternalDomain + ":8000/sso", parametersExisting: []string{"RelayState", "SAMLRequest"}, }, wantErr: false, @@ -1063,12 +1956,27 @@ func TestServer_ListAuthenticationMethodTypes(t *testing.T) { ClientSecret: "client_secret", }) require.NoError(t, err) + _, err = Tester.Client.Mgmt.AddCustomLoginPolicy(CTX, &mgmt.AddCustomLoginPolicyRequest{}) + require.Condition(t, func() bool { + code := status.Convert(err).Code() + return code == codes.AlreadyExists || code == codes.OK + }) + _, err = Tester.Client.Mgmt.AddIDPToLoginPolicy(CTX, &mgmt.AddIDPToLoginPolicyRequest{ + IdpId: provider.GetId(), + OwnerType: idp.IDPOwnerType_IDP_OWNER_TYPE_ORG, + }) + require.NoError(t, err) idpLink, err := Tester.Client.UserV2.AddIDPLink(CTX, &user.AddIDPLinkRequest{UserId: userMultipleAuth, IdpLink: &user.IDPLink{ IdpId: provider.GetId(), UserId: "external-id", UserName: "displayName", }}) require.NoError(t, err) + // This should not remove the user IDP links + _, err = Tester.Client.Mgmt.RemoveIDPFromLoginPolicy(CTX, &mgmt.RemoveIDPFromLoginPolicyRequest{ + IdpId: provider.GetId(), + }) + require.NoError(t, err) type args struct { ctx context.Context diff --git a/internal/api/grpc/user/v2/user_test.go b/internal/api/grpc/user/v2/user_test.go index 9b8ca86114..45775dc9e4 100644 --- a/internal/api/grpc/user/v2/user_test.go +++ b/internal/api/grpc/user/v2/user_test.go @@ -16,8 +16,8 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -78,11 +78,11 @@ func Test_idpIntentToIDPIntentPb(t *testing.T) { UserID: "userID", State: domain.IDPIntentStateSucceeded, }, - alg: decryption(caos_errs.ThrowInternal(nil, "id", "invalid key id")), + alg: decryption(zerrors.ThrowInternal(nil, "id", "invalid key id")), }, res{ resp: nil, - err: caos_errs.ThrowInternal(nil, "id", "invalid key id"), + err: zerrors.ThrowInternal(nil, "id", "invalid key id"), }, }, { "successful oauth", diff --git a/internal/api/http/cookie.go b/internal/api/http/cookie.go index 18a748dc38..e40cfdaa3a 100644 --- a/internal/api/http/cookie.go +++ b/internal/api/http/cookie.go @@ -6,7 +6,7 @@ import ( "github.com/gorilla/securecookie" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -102,7 +102,7 @@ func (c *CookieHandler) GetEncryptedCookieValue(r *http.Request, name string, va return err } if c.securecookie == nil { - return errors.ThrowInternal(nil, "HTTP-X6XpnL", "securecookie not configured") + return zerrors.ThrowInternal(nil, "HTTP-X6XpnL", "securecookie not configured") } return c.securecookie.Decode(name, cookie.Value, value) } @@ -113,7 +113,7 @@ func (c *CookieHandler) SetCookie(w http.ResponseWriter, name, domain, value str func (c *CookieHandler) SetEncryptedCookie(w http.ResponseWriter, name, domain string, value interface{}, sameSiteNone bool) error { if c.securecookie == nil { - return errors.ThrowInternal(nil, "HTTP-s2HUtx", "securecookie not configured") + return zerrors.ThrowInternal(nil, "HTTP-s2HUtx", "securecookie not configured") } encoded, err := c.securecookie.Encode(name, value) if err != nil { diff --git a/internal/api/http/domain_check.go b/internal/api/http/domain_check.go index 419682202b..00ab0597dc 100644 --- a/internal/api/http/domain_check.go +++ b/internal/api/http/domain_check.go @@ -7,7 +7,7 @@ import ( "net" "net/http" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type CheckType int @@ -27,30 +27,30 @@ func ValidateDomain(domain, token, verifier string, checkType CheckType) error { case CheckTypeDNS: return ValidateDomainDNS(domain, verifier) default: - return errors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "Errors.Internal") + return zerrors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "Errors.Internal") } } func ValidateDomainHTTP(domain, token, verifier string) error { resp, err := http.Get(tokenUrlHTTP(domain, token)) if err != nil { - return errors.ThrowInternal(err, "HTTP-BH42h", "Errors.Internal") + return zerrors.ThrowInternal(err, "HTTP-BH42h", "Errors.Internal") } if resp.StatusCode != 200 { if resp.StatusCode == 404 { - return errors.ThrowNotFound(err, "ORG-F4zhw", "Errors.Org.DomainVerificationHTTPNotFound") + return zerrors.ThrowNotFound(err, "ORG-F4zhw", "Errors.Org.DomainVerificationHTTPNotFound") } - return errors.ThrowInternal(err, "HTTP-G2zsw", "Errors.Internal") + return zerrors.ThrowInternal(err, "HTTP-G2zsw", "Errors.Internal") } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil { - return errors.ThrowInternal(err, "HTTP-HB432", "Errors.Internal") + return zerrors.ThrowInternal(err, "HTTP-HB432", "Errors.Internal") } if string(body) == verifier { return nil } - return errors.ThrowNotFound(err, "ORG-GH422", "Errors.Org.DomainVerificationHTTPNoMatch") + return zerrors.ThrowNotFound(err, "ORG-GH422", "Errors.Org.DomainVerificationHTTPNoMatch") } func ValidateDomainDNS(domain, verifier string) error { @@ -59,13 +59,13 @@ func ValidateDomainDNS(domain, verifier string) error { var dnsError *net.DNSError if errorsAs.As(err, &dnsError) { if dnsError.IsNotFound { - return errors.ThrowNotFound(err, "ORG-G241f", "Errors.Org.DomainVerificationTXTNotFound") + return zerrors.ThrowNotFound(err, "ORG-G241f", "Errors.Org.DomainVerificationTXTNotFound") } if dnsError.IsTimeout { - return errors.ThrowNotFound(err, "ORG-K563l", "Errors.Org.DomainVerificationTimeout") + return zerrors.ThrowNotFound(err, "ORG-K563l", "Errors.Org.DomainVerificationTimeout") } } - return errors.ThrowInternal(err, "HTTP-Hwsw2", "Errors.Internal") + return zerrors.ThrowInternal(err, "HTTP-Hwsw2", "Errors.Internal") } for _, record := range txtRecords { @@ -73,7 +73,7 @@ func ValidateDomainDNS(domain, verifier string) error { return nil } } - return errors.ThrowNotFound(err, "ORG-G28if", "Errors.Org.DomainVerificationTXTNoMatch") + return zerrors.ThrowNotFound(err, "ORG-G28if", "Errors.Org.DomainVerificationTXTNoMatch") } func TokenUrl(domain, token string, checkType CheckType) (string, error) { @@ -83,7 +83,7 @@ func TokenUrl(domain, token string, checkType CheckType) (string, error) { case CheckTypeDNS: return tokenUrlDNS(domain), nil default: - return "", errors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "") + return "", zerrors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "") } } diff --git a/internal/api/http/error.go b/internal/api/http/error.go index e73f1def96..1469ab0108 100644 --- a/internal/api/http/error.go +++ b/internal/api/http/error.go @@ -4,7 +4,7 @@ import ( "errors" "net/http" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func ZitadelErrorToHTTPStatusCode(err error) (statusCode int, ok bool) { @@ -13,32 +13,32 @@ func ZitadelErrorToHTTPStatusCode(err error) (statusCode int, ok bool) { } //nolint:errorlint switch err.(type) { - case *caos_errs.AlreadyExistsError: + case *zerrors.AlreadyExistsError: return http.StatusConflict, true - case *caos_errs.DeadlineExceededError: + case *zerrors.DeadlineExceededError: return http.StatusGatewayTimeout, true - case *caos_errs.InternalError: + case *zerrors.InternalError: return http.StatusInternalServerError, true - case *caos_errs.InvalidArgumentError: + case *zerrors.InvalidArgumentError: return http.StatusBadRequest, true - case *caos_errs.NotFoundError: + case *zerrors.NotFoundError: return http.StatusNotFound, true - case *caos_errs.PermissionDeniedError: + case *zerrors.PermissionDeniedError: return http.StatusForbidden, true - case *caos_errs.PreconditionFailedError: + case *zerrors.PreconditionFailedError: // use the same code as grpc-gateway: // https://github.com/grpc-ecosystem/grpc-gateway/blob/9e33e38f15cb7d2f11096366e62ea391a3459ba9/runtime/errors.go#L59 return http.StatusBadRequest, true - case *caos_errs.UnauthenticatedError: + case *zerrors.UnauthenticatedError: return http.StatusUnauthorized, true - case *caos_errs.UnavailableError: + case *zerrors.UnavailableError: return http.StatusServiceUnavailable, true - case *caos_errs.UnimplementedError: + case *zerrors.UnimplementedError: return http.StatusNotImplemented, true - case *caos_errs.ResourceExhaustedError: + case *zerrors.ResourceExhaustedError: return http.StatusTooManyRequests, true default: - c := new(caos_errs.CaosError) + c := new(zerrors.ZitadelError) if errors.As(err, &c) { return ZitadelErrorToHTTPStatusCode(errors.Unwrap(err)) } diff --git a/internal/api/http/error_test.go b/internal/api/http/error_test.go index 08fed349d2..d44c206f80 100644 --- a/internal/api/http/error_test.go +++ b/internal/api/http/error_test.go @@ -6,7 +6,7 @@ import ( "net/http" "testing" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestZitadelErrorToHTTPStatusCode(t *testing.T) { @@ -30,7 +30,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped already exists", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowAlreadyExists(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowAlreadyExists(nil, "id", "message")), }, wantStatusCode: http.StatusConflict, wantOk: true, @@ -38,7 +38,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped deadline exceeded", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowDeadlineExceeded(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowDeadlineExceeded(nil, "id", "message")), }, wantStatusCode: http.StatusGatewayTimeout, wantOk: true, @@ -46,7 +46,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped internal", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowInternal(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowInternal(nil, "id", "message")), }, wantStatusCode: http.StatusInternalServerError, wantOk: true, @@ -54,7 +54,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped invalid argument", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowInvalidArgument(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowInvalidArgument(nil, "id", "message")), }, wantStatusCode: http.StatusBadRequest, wantOk: true, @@ -62,7 +62,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped not found", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowNotFound(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowNotFound(nil, "id", "message")), }, wantStatusCode: http.StatusNotFound, wantOk: true, @@ -70,7 +70,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped permission denied", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowPermissionDenied(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowPermissionDenied(nil, "id", "message")), }, wantStatusCode: http.StatusForbidden, wantOk: true, @@ -78,7 +78,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped precondition failed", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowPreconditionFailed(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowPreconditionFailed(nil, "id", "message")), }, wantStatusCode: http.StatusBadRequest, wantOk: true, @@ -86,7 +86,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped unauthenticated", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowUnauthenticated(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowUnauthenticated(nil, "id", "message")), }, wantStatusCode: http.StatusUnauthorized, wantOk: true, @@ -94,7 +94,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped unavailable", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowUnavailable(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowUnavailable(nil, "id", "message")), }, wantStatusCode: http.StatusServiceUnavailable, wantOk: true, @@ -102,7 +102,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped unimplemented", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowUnimplemented(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowUnimplemented(nil, "id", "message")), }, wantStatusCode: http.StatusNotImplemented, wantOk: true, @@ -110,7 +110,7 @@ func TestZitadelErrorToHTTPStatusCode(t *testing.T) { { name: "wrapped resource exhausted", args: args{ - err: fmt.Errorf("wrapped %w", caos_errors.ThrowResourceExhausted(nil, "id", "message")), + err: fmt.Errorf("wrapped %w", zerrors.ThrowResourceExhausted(nil, "id", "message")), }, wantStatusCode: http.StatusTooManyRequests, wantOk: true, diff --git a/internal/api/http/middleware/instance_interceptor.go b/internal/api/http/middleware/instance_interceptor.go index 276037301d..ac944278b1 100644 --- a/internal/api/http/middleware/instance_interceptor.go +++ b/internal/api/http/middleware/instance_interceptor.go @@ -8,15 +8,14 @@ import ( "net/url" "strings" - "github.com/rakyll/statik/fs" "github.com/zitadel/logging" "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/authz" zitadel_http "github.com/zitadel/zitadel/internal/api/http" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type instanceInterceptor struct { @@ -56,7 +55,7 @@ func (a *instanceInterceptor) handleInstance(w http.ResponseWriter, r *http.Requ } ctx, err := setInstance(r, a.verifier, a.headerName) if err != nil { - caosErr := new(caos_errors.NotFoundError) + caosErr := new(zerrors.NotFoundError) if errors.As(err, &caosErr) { caosErr.Message = a.translator.LocalizeFromRequest(r, caosErr.GetMessage(), nil) } @@ -75,7 +74,7 @@ func setInstance(r *http.Request, verifier authz.InstanceVerifier, headerName st host, err := HostFromRequest(r, headerName) if err != nil { - return nil, caos_errors.ThrowNotFound(err, "INST-zWq7X", "Errors.Instance.NotFound") + return nil, zerrors.ThrowNotFound(err, "INST-zWq7X", "Errors.Instance.NotFound") } instance, err := verifier.InstanceByHost(authCtx, host) @@ -112,7 +111,7 @@ func hostFromOrigin(ctx context.Context) (host string, err error) { if err != nil { return "", err } - host = u.Hostname() + host = u.Host if host == "" { err = errors.New("empty host") } @@ -120,10 +119,7 @@ func hostFromOrigin(ctx context.Context) (host string, err error) { } func newZitadelTranslator() *i18n.Translator { - dir, err := fs.NewWithNamespace("zitadel") - logging.WithFields("namespace", "zitadel").OnError(err).Panic("unable to get namespace") - - translator, err := i18n.NewTranslator(dir, language.English, "") + translator, err := i18n.NewZitadelTranslator(language.English) logging.OnError(err).Panic("unable to get translator") return translator } diff --git a/internal/api/http/middleware/instance_interceptor_test.go b/internal/api/http/middleware/instance_interceptor_test.go index e61fade72d..5273d2fd58 100644 --- a/internal/api/http/middleware/instance_interceptor_test.go +++ b/internal/api/http/middleware/instance_interceptor_test.go @@ -221,7 +221,7 @@ func Test_setInstance(t *testing.T) { r.Header.Set("host", "fromrequest") return r.WithContext(zitadel_http.WithComposedOrigin(r.Context(), "https://fromorigin:9999")) }(), - verifier: &mockInstanceVerifier{"fromorigin"}, + verifier: &mockInstanceVerifier{"fromorigin:9999"}, headerName: "host", }, res{ diff --git a/internal/api/http/middleware/middleware_test.go b/internal/api/http/middleware/middleware_test.go new file mode 100644 index 0000000000..4d7cb6636d --- /dev/null +++ b/internal/api/http/middleware/middleware_test.go @@ -0,0 +1,18 @@ +package middleware + +import ( + "testing" + + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/i18n" +) + +var ( + SupportedLanguages = []language.Tag{language.English, language.German} +) + +func TestMain(m *testing.M) { + i18n.SupportLanguages(SupportedLanguages...) + m.Run() +} diff --git a/internal/api/http/middleware/user_agent_cookie.go b/internal/api/http/middleware/user_agent_cookie.go index 36d5155f18..c156e6d942 100644 --- a/internal/api/http/middleware/user_agent_cookie.go +++ b/internal/api/http/middleware/user_agent_cookie.go @@ -10,8 +10,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" http_utils "github.com/zitadel/zitadel/internal/api/http" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/id" + "github.com/zitadel/zitadel/internal/zerrors" ) type cookieKey int @@ -95,7 +95,7 @@ func (ua *userAgentHandler) getUserAgent(r *http.Request) (*UserAgent, error) { userAgent := new(UserAgent) err := ua.cookieHandler.GetEncryptedCookieValue(r, ua.cookieName, userAgent) if err != nil { - return nil, errors.ThrowPermissionDenied(err, "HTTP-YULqH4", "cannot read user agent cookie") + return nil, zerrors.ThrowPermissionDenied(err, "HTTP-YULqH4", "cannot read user agent cookie") } return userAgent, nil } @@ -103,7 +103,7 @@ func (ua *userAgentHandler) getUserAgent(r *http.Request) (*UserAgent, error) { func (ua *userAgentHandler) setUserAgent(w http.ResponseWriter, host string, agent *UserAgent, iframe bool) error { err := ua.cookieHandler.SetEncryptedCookie(w, ua.cookieName, host, agent, iframe) if err != nil { - return errors.ThrowPermissionDenied(err, "HTTP-AqgqdA", "cannot set user agent cookie") + return zerrors.ThrowPermissionDenied(err, "HTTP-AqgqdA", "cannot set user agent cookie") } return nil } diff --git a/internal/api/http/parser.go b/internal/api/http/parser.go index f53df03408..f51157a0dd 100644 --- a/internal/api/http/parser.go +++ b/internal/api/http/parser.go @@ -5,7 +5,7 @@ import ( "github.com/gorilla/schema" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type Parser struct { @@ -21,7 +21,7 @@ func NewParser() *Parser { func (p *Parser) Parse(r *http.Request, data interface{}) error { err := r.ParseForm() if err != nil { - return errors.ThrowInternal(err, "FORM-lCC9zI", "error parsing http form") + return zerrors.ThrowInternal(err, "FORM-lCC9zI", "error parsing http form") } return p.decoder.Decode(data, r.Form) diff --git a/internal/api/idp/idp.go b/internal/api/idp/idp.go index f1fa32fc57..acae4f36b0 100644 --- a/internal/api/idp/idp.go +++ b/internal/api/idp/idp.go @@ -18,7 +18,6 @@ import ( "github.com/zitadel/zitadel/internal/api/ui/login" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" - z_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/form" "github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp/providers/apple" @@ -32,6 +31,7 @@ import ( openid "github.com/zitadel/zitadel/internal/idp/providers/oidc" saml2 "github.com/zitadel/zitadel/internal/idp/providers/saml" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -147,7 +147,7 @@ func (h *Handler) handleCertificate(w http.ResponseWriter, r *http.Request) { } samlProvider, ok := provider.(*saml2.Provider) if !ok { - http.Error(w, z_errs.ThrowInvalidArgument(nil, "SAML-lrud8s9coi", "Errors.Intent.IDPInvalid").Error(), http.StatusBadRequest) + http.Error(w, zerrors.ThrowInvalidArgument(nil, "SAML-lrud8s9coi", "Errors.Intent.IDPInvalid").Error(), http.StatusBadRequest) return } @@ -178,7 +178,7 @@ func (h *Handler) handleMetadata(w http.ResponseWriter, r *http.Request) { samlProvider, ok := provider.(*saml2.Provider) if !ok { - http.Error(w, z_errs.ThrowInvalidArgument(nil, "SAML-lrud8s9coi", "Errors.Intent.IDPInvalid").Error(), http.StatusBadRequest) + http.Error(w, zerrors.ThrowInvalidArgument(nil, "SAML-lrud8s9coi", "Errors.Intent.IDPInvalid").Error(), http.StatusBadRequest) return } @@ -225,7 +225,7 @@ func (h *Handler) handleACS(w http.ResponseWriter, r *http.Request) { } samlProvider, ok := provider.(*saml2.Provider) if !ok { - err := z_errs.ThrowInvalidArgument(nil, "SAML-ui9wyux0hp", "Errors.Intent.IDPInvalid") + err := zerrors.ThrowInvalidArgument(nil, "SAML-ui9wyux0hp", "Errors.Intent.IDPInvalid") http.Error(w, err.Error(), http.StatusBadRequest) return } @@ -237,7 +237,7 @@ func (h *Handler) handleACS(w http.ResponseWriter, r *http.Request) { intent, err := h.commands.GetActiveIntent(ctx, data.RelayState) if err != nil { - if z_errs.IsNotFound(err) { + if zerrors.IsNotFound(err) { http.Error(w, err.Error(), http.StatusBadRequest) return } @@ -264,7 +264,7 @@ func (h *Handler) handleACS(w http.ResponseWriter, r *http.Request) { token, err := h.commands.SucceedSAMLIDPIntent(ctx, intent, idpUser, userID, session.Assertion) if err != nil { - redirectToFailureURLErr(w, r, intent, z_errs.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed")) + redirectToFailureURLErr(w, r, intent, zerrors.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed")) return } redirectToSuccessURL(w, r, intent, token, userID) @@ -279,7 +279,7 @@ func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) { } intent, err := h.commands.GetActiveIntent(ctx, data.State) if err != nil { - if z_errs.IsNotFound(err) { + if zerrors.IsNotFound(err) { http.Error(w, err.Error(), http.StatusBadRequest) return } @@ -320,7 +320,7 @@ func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) { token, err := h.commands.SucceedIDPIntent(ctx, intent, idpUser, idpSession, userID) if err != nil { - redirectToFailureURLErr(w, r, intent, z_errs.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed")) + redirectToFailureURLErr(w, r, intent, zerrors.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed")) return } redirectToSuccessURL(w, r, intent, token, userID) @@ -349,7 +349,7 @@ func (h *Handler) parseCallbackRequest(r *http.Request) (*externalIDPCallbackDat return nil, err } if data.State == "" { - return nil, z_errs.ThrowInvalidArgument(nil, "IDP-Hk38e", "Errors.Intent.StateMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "IDP-Hk38e", "Errors.Intent.StateMissing") } return data, nil } @@ -368,7 +368,7 @@ func redirectToSuccessURL(w http.ResponseWriter, r *http.Request, intent *comman func redirectToFailureURLErr(w http.ResponseWriter, r *http.Request, i *command.IDPIntentWriteModel, err error) { msg := err.Error() var description string - zErr := new(z_errs.CaosError) + zErr := new(zerrors.ZitadelError) if errors.As(err, &zErr) { msg = zErr.GetID() description = zErr.GetMessage() // TODO: i18n? @@ -403,9 +403,9 @@ func (h *Handler) fetchIDPUserFromCode(ctx context.Context, identityProvider idp case *apple.Provider: session = &apple.Session{Session: &openid.Session{Provider: provider.Provider, Code: code}, UserFormValue: appleUser} case *jwt.Provider, *ldap.Provider, *saml2.Provider: - return nil, nil, z_errs.ThrowInvalidArgument(nil, "IDP-52jmn", "Errors.ExternalIDP.IDPTypeNotImplemented") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "IDP-52jmn", "Errors.ExternalIDP.IDPTypeNotImplemented") default: - return nil, nil, z_errs.ThrowUnimplemented(nil, "IDP-SSDg", "Errors.ExternalIDP.IDPTypeNotImplemented") + return nil, nil, zerrors.ThrowUnimplemented(nil, "IDP-SSDg", "Errors.ExternalIDP.IDPTypeNotImplemented") } user, err = session.FetchUser(ctx) diff --git a/internal/api/idp/idp_test.go b/internal/api/idp/idp_test.go index 1e6395197e..6804a035af 100644 --- a/internal/api/idp/idp_test.go +++ b/internal/api/idp/idp_test.go @@ -8,8 +8,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/command" - z_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/form" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_redirectToSuccessURL(t *testing.T) { @@ -146,7 +146,7 @@ func Test_redirectToFailureURLErr(t *testing.T) { id: "id", failureURL: "https://example.com/failure", successURL: "https://example.com/success", - err: z_errors.ThrowError(nil, "test", "testdesc"), + err: zerrors.ThrowError(nil, "test", "testdesc"), }, res{ "https://example.com/failure?error=test&error_description=testdesc&id=id", diff --git a/internal/api/oidc/access_token.go b/internal/api/oidc/access_token.go index d01badda98..173e507530 100644 --- a/internal/api/oidc/access_token.go +++ b/internal/api/oidc/access_token.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/zitadel/internal/command" - errz "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type accessToken struct { @@ -55,7 +55,7 @@ func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (*accessToke token, err := s.repo.TokenByIDs(ctx, subject, tokenID) if err != nil { - return nil, errz.ThrowPermissionDenied(err, "OIDC-Dsfb2", "token is not valid or has expired") + return nil, zerrors.ThrowPermissionDenied(err, "OIDC-Dsfb2", "token is not valid or has expired") } return accessTokenV1(tokenID, subject, token), nil } @@ -91,7 +91,7 @@ func (s *Server) assertClientScopesForPAT(ctx context.Context, token *accessToke token.audience = append(token.audience, clientID) projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(projectID) if err != nil { - return errz.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") + return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") } roles, err := s.query.SearchProjectRoles(ctx, s.features.TriggerIntrospectionProjections, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go index fa1e919f6b..062b0e3351 100644 --- a/internal/api/oidc/auth_request.go +++ b/internal/api/oidc/auth_request.go @@ -16,10 +16,10 @@ import ( "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -83,11 +83,11 @@ func (o *OPStorage) createAuthRequestLoginClient(ctx context.Context, req *oidc. func (o *OPStorage) createAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error) { userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sd436", "no user agent id") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-sd436", "no user agent id") } req.Scopes, err = o.assertProjectRoleScopes(ctx, req.ClientID, req.Scopes) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "OIDC-Gqrfg", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(err, "OIDC-Gqrfg", "Errors.Internal") } authRequest := CreateAuthRequestToBusiness(ctx, req, userAgentID, userID) resp, err := o.repo.CreateAuthRequest(ctx, authRequest) @@ -124,7 +124,7 @@ func (o *OPStorage) AuthRequestByID(ctx context.Context, id string) (_ op.AuthRe userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-D3g21", "no user agent id") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-D3g21", "no user agent id") } resp, err := o.repo.AuthRequestByIDCheckLoggedIn(ctx, id, userAgentID) if err != nil { @@ -174,7 +174,7 @@ func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) (err erro userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - return errors.ThrowPreconditionFailed(nil, "OIDC-Dgus2", "no user agent id") + return zerrors.ThrowPreconditionFailed(nil, "OIDC-Dgus2", "no user agent id") } return o.repo.SaveAuthCode(ctx, id, code, userAgentID) } @@ -200,6 +200,8 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) // trigger activity log for authentication for user activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken) return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID()) + case op.IDTokenRequest: + applicationID = authReq.GetClientID() } accessTokenLifetime, _, _, _, err := o.getOIDCSettings(ctx) @@ -236,7 +238,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok userAgentID, applicationID, userOrgID, authTime, authMethodsReferences := getInfoFromRequest(req) scopes, err := o.assertProjectRoleScopes(ctx, applicationID, req.GetScopes()) if err != nil { - return "", "", time.Time{}, errors.ThrowPreconditionFailed(err, "OIDC-Df2fq", "Errors.Internal") + return "", "", time.Time{}, zerrors.ThrowPreconditionFailed(err, "OIDC-Df2fq", "Errors.Internal") } if request, ok := req.(op.RefreshTokenRequest); ok { request.SetCurrentScopes(scopes) @@ -251,7 +253,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok refreshToken, req.GetAudience(), scopes, authMethodsReferences, accessTokenLifetime, refreshTokenIdleExpiration, refreshTokenExpiration, authTime) //PLANNED: lifetime from client if err != nil { - if errors.IsErrorInvalidArgument(err) { + if zerrors.IsErrorInvalidArgument(err) { err = oidc.ErrInvalidGrant().WithParent(err) } return "", "", time.Time{}, err @@ -263,15 +265,16 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok } func getInfoFromRequest(req op.TokenRequest) (string, string, string, time.Time, []string) { - authReq, ok := req.(*AuthRequest) - if ok { - return authReq.AgentID, authReq.ApplicationID, authReq.UserOrgID, authReq.AuthTime, authReq.GetAMR() + switch r := req.(type) { + case *AuthRequest: + return r.AgentID, r.ApplicationID, r.UserOrgID, r.AuthTime, r.GetAMR() + case *RefreshTokenRequest: + return r.UserAgentID, r.ClientID, "", r.AuthTime, r.AuthMethodsReferences + case op.IDTokenRequest: + return "", r.GetClientID(), "", r.GetAuthTime(), r.GetAMR() + default: + return "", "", "", time.Time{}, nil } - refreshReq, ok := req.(*RefreshTokenRequest) - if ok { - return refreshReq.UserAgentID, refreshReq.ClientID, "", refreshReq.AuthTime, refreshReq.AuthMethodsReferences - } - return "", "", "", time.Time{}, nil } func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (_ op.RefreshTokenRequest, err error) { @@ -308,7 +311,7 @@ func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID strin userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { logging.Error("no user agent id") - return errors.ThrowPreconditionFailed(nil, "OIDC-fso7F", "no user agent id") + return zerrors.ThrowPreconditionFailed(nil, "OIDC-fso7F", "no user agent id") } userIDs, err := o.repo.UserSessionUserIDsByAgentID(ctx, userAgentID) if err != nil { @@ -366,7 +369,7 @@ func (o *OPStorage) RevokeToken(ctx context.Context, token, userID, clientID str if err == nil { return nil } - if errors.IsPreconditionFailed(err) { + if zerrors.IsPreconditionFailed(err) { return oidc.ErrInvalidClient().WithDescription("token was not issued for this client") } return oidc.ErrServerError().WithParent(err) @@ -382,14 +385,14 @@ func (o *OPStorage) revokeTokenV1(ctx context.Context, token, userID, clientID s return oidc.ErrInvalidClient().WithDescription("token was not issued for this client") } _, err = o.command.RevokeRefreshToken(ctx, refreshToken.UserID, refreshToken.ResourceOwner, refreshToken.ID) - if err == nil || errors.IsNotFound(err) { + if err == nil || zerrors.IsNotFound(err) { return nil } return oidc.ErrServerError().WithParent(err) } accessToken, err := o.repo.TokenByIDs(ctx, userID, token) if err != nil { - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return nil } return oidc.ErrServerError().WithParent(err) @@ -398,7 +401,7 @@ func (o *OPStorage) revokeTokenV1(ctx context.Context, token, userID, clientID s return oidc.ErrInvalidClient().WithDescription("token was not issued for this client") } _, err = o.command.RevokeAccessToken(ctx, userID, accessToken.ResourceOwner, accessToken.ID) - if err == nil || errors.IsNotFound(err) { + if err == nil || zerrors.IsNotFound(err) { return nil } return oidc.ErrServerError().WithParent(err) @@ -434,18 +437,18 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string } projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, clientID) if err != nil { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-AEG4d", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-AEG4d", "Errors.Internal") } project, err := o.query.ProjectByID(ctx, false, projectID) if err != nil { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-w4wIn", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-w4wIn", "Errors.Internal") } if !project.ProjectRoleAssertion { return scopes, nil } projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(project.ID) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") } roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { @@ -468,7 +471,7 @@ func (o *OPStorage) assertProjectRoleScopesByProject(ctx context.Context, projec } projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(project.ID) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") } roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { @@ -484,7 +487,7 @@ func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.T token.Audience = append(token.Audience, clientID) projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(projectID) if err != nil { - return errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") + return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") } roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { @@ -505,7 +508,7 @@ func setContextUserSystem(ctx context.Context) context.Context { func (o *OPStorage) getOIDCSettings(ctx context.Context) (accessTokenLifetime, idTokenLifetime, refreshTokenIdleExpiration, refreshTokenExpiration time.Duration, _ error) { oidcSettings, err := o.query.OIDCSettingsByAggID(ctx, authz.GetInstance(ctx).InstanceID()) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return time.Duration(0), time.Duration(0), time.Duration(0), time.Duration(0), err } diff --git a/internal/api/oidc/auth_request_converter.go b/internal/api/oidc/auth_request_converter.go index 8fbd18530d..4cb3d60a8a 100644 --- a/internal/api/oidc/auth_request_converter.go +++ b/internal/api/oidc/auth_request_converter.go @@ -13,8 +13,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" http_utils "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequest struct { @@ -96,7 +96,7 @@ func (a *AuthRequest) oidc() *domain.AuthRequestOIDC { func AuthRequestFromBusiness(authReq *domain.AuthRequest) (_ op.AuthRequest, err error) { if _, ok := authReq.Request.(*domain.AuthRequestOIDC); !ok { - return nil, errors.ThrowInvalidArgument(nil, "OIDC-Haz7A", "auth request is not of type oidc") + return nil, zerrors.ThrowInvalidArgument(nil, "OIDC-Haz7A", "auth request is not of type oidc") } return &AuthRequest{authReq}, nil } diff --git a/internal/api/oidc/auth_request_integration_test.go b/internal/api/oidc/auth_request_integration_test.go index 83762e338a..9f8e77688d 100644 --- a/internal/api/oidc/auth_request_integration_test.go +++ b/internal/api/oidc/auth_request_integration_test.go @@ -17,6 +17,7 @@ import ( http_utils "github.com/zitadel/zitadel/internal/api/http" oidc_api "github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/internal/command" + "github.com/zitadel/zitadel/internal/integration" oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta" session "github.com/zitadel/zitadel/pkg/grpc/session/v2beta" ) @@ -500,8 +501,7 @@ func exchangeTokens(t testing.TB, clientID, code string) (*oidc.Tokens[*oidc.IDT provider, err := Tester.CreateRelyingParty(CTX, clientID, redirectURI) require.NoError(t, err) - codeVerifier := "codeVerifier" - return rp.CodeExchange[*oidc.IDTokenClaims](context.Background(), code, provider, rp.WithCodeVerifier(codeVerifier)) + return rp.CodeExchange[*oidc.IDTokenClaims](context.Background(), code, provider, rp.WithCodeVerifier(integration.CodeVerifier)) } func refreshTokens(t testing.TB, clientID, refreshToken string) (*oidc.Tokens[*oidc.IDTokenClaims], error) { diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 891bf28f87..ca8156a665 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -21,9 +21,9 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -43,32 +43,14 @@ const ( func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Client, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - client, err := o.query.AppByOIDCClientID(ctx, id) + client, err := o.query.GetOIDCClientByID(ctx, id, false) if err != nil { return nil, err } if client.State != domain.AppStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sdaGg", "client is not active") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-sdaGg", "client is not active") } - projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(client.ProjectID) - if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-mPxqP", "Errors.Internal") - } - projectRoles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) - if err != nil { - return nil, err - } - allowedScopes := make([]string, len(projectRoles.ProjectRoles)) - for i, role := range projectRoles.ProjectRoles { - allowedScopes[i] = ScopeProjectRolePrefix + role.Key - } - - accessTokenLifetime, idTokenLifetime, _, _, err := o.getOIDCSettings(ctx) - if err != nil { - return nil, err - } - - return ClientFromBusiness(client, o.defaultLoginURL, o.defaultLoginURLV2, accessTokenLifetime, idTokenLifetime, allowedScopes) + return ClientFromBusiness(client, o.defaultLoginURL, o.defaultLoginURLV2), nil } func (o *OPStorage) GetKeyByIDAndClientID(ctx context.Context, keyID, userID string) (_ *jose.JSONWebKey, err error) { @@ -135,7 +117,7 @@ func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo *oidc.Use token, err := o.repo.TokenByIDs(ctx, subject, tokenID) if err != nil { - return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired") + return zerrors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired") } if token.ApplicationID != "" { if err = o.isOriginAllowed(ctx, token.ApplicationID, origin); err != nil { @@ -156,7 +138,7 @@ func (o *OPStorage) SetUserinfoFromScopes(ctx context.Context, userInfo *oidc.Us if app.OIDCConfig.AssertIDTokenRole { scopes, err = o.assertProjectRoleScopes(ctx, applicationID, scopes) if err != nil { - return errors.ThrowPreconditionFailed(err, "OIDC-Dfe2s", "Errors.Internal") + return zerrors.ThrowPreconditionFailed(err, "OIDC-Dfe2s", "Errors.Internal") } } } @@ -186,7 +168,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection } projectID, err := o.query.ProjectIDFromClientID(ctx, clientID) if err != nil { - return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") + return zerrors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") } return o.introspect(ctx, introspection, tokenID, token.UserID, token.ClientID, clientID, projectID, @@ -196,16 +178,16 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection token, err := o.repo.TokenByIDs(ctx, subject, tokenID) if err != nil { - return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired") + return zerrors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired") } projectID, err := o.query.ProjectIDFromClientID(ctx, clientID) if err != nil { - return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") + return zerrors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") } if token.IsPAT { err = o.assertClientScopesForPAT(ctx, token, clientID, projectID) if err != nil { - return errors.ThrowPreconditionFailed(err, "OIDC-AGefw", "Errors.Internal") + return zerrors.ThrowPreconditionFailed(err, "OIDC-AGefw", "Errors.Internal") } } return o.introspect(ctx, introspection, @@ -231,22 +213,10 @@ func (o *OPStorage) ClientCredentialsTokenRequest(ctx context.Context, clientID }, nil } -func (o *OPStorage) ClientCredentials(ctx context.Context, clientID, clientSecret string) (op.Client, error) { - loginname, err := query.NewUserLoginNamesSearchQuery(clientID) - if err != nil { - return nil, err - } - user, err := o.query.GetUser(ctx, false, loginname) - if err != nil { - return nil, err - } - if _, err := o.command.VerifyMachineSecret(ctx, user.ID, user.ResourceOwner, clientSecret); err != nil { - return nil, err - } - return &clientCredentialsClient{ - id: clientID, - tokenType: accessTokenTypeToOIDC(user.Machine.AccessTokenType), - }, nil +// ClientCredentials method is kept to keep the storage interface implemented. +// However, it should never be called as the VerifyClient method on the Server is overridden. +func (o *OPStorage) ClientCredentials(context.Context, string, string) (op.Client, error) { + return nil, zerrors.ThrowInternal(nil, "OIDC-Su8So", "Errors.Internal") } // isOriginAllowed checks whether a call by the client to the endpoint is allowed from the provided origin @@ -262,7 +232,7 @@ func (o *OPStorage) isOriginAllowed(ctx context.Context, clientID, origin string if api_http.IsOriginAllowed(app.OIDCConfig.AllowedOrigins, origin) { return nil } - return errors.ThrowPermissionDenied(nil, "OIDC-da1f3", "origin is not allowed") + return zerrors.ThrowPermissionDenied(nil, "OIDC-da1f3", "origin is not allowed") } func (o *OPStorage) introspect( @@ -295,7 +265,7 @@ func (o *OPStorage) introspect( return nil } } - return errors.ThrowPermissionDenied(nil, "OIDC-sdg3G", "token is not valid for this client") + return zerrors.ThrowPermissionDenied(nil, "OIDC-sdg3G", "token is not valid for this client") } func (o *OPStorage) checkOrgScopes(ctx context.Context, user *query.User, scopes []string) ([]string, error) { @@ -762,7 +732,7 @@ func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID strin } projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID) // applicationID might contain a username (e.g. client credentials) -> ignore the not found - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, nil, err } // ensure the projectID of the requesting is part of the roleAudience @@ -930,3 +900,73 @@ func userinfoClaims(userInfo *oidc.UserInfo) func(c *actions.FieldConfig) interf return c.Runtime.ToValue(claims) } } + +func (s *Server) VerifyClient(ctx context.Context, r *op.Request[op.ClientCredentials]) (_ op.Client, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + if oidc.GrantType(r.Form.Get("grant_type")) == oidc.GrantTypeClientCredentials { + return s.clientCredentialsAuth(ctx, r.Data.ClientID, r.Data.ClientSecret) + } + + clientID, assertion, err := clientIDFromCredentials(r.Data) + if err != nil { + return nil, err + } + client, err := s.query.GetOIDCClientByID(ctx, clientID, assertion) + if zerrors.IsNotFound(err) { + return nil, oidc.ErrInvalidClient().WithParent(err).WithDescription("client not found") + } + if err != nil { + return nil, err // defaults to server error + } + if client.State != domain.AppStateActive { + return nil, oidc.ErrInvalidClient().WithDescription("client is not active") + } + if client.Settings == nil { + client.Settings = &query.OIDCSettings{ + AccessTokenLifetime: s.defaultAccessTokenLifetime, + IdTokenLifetime: s.defaultIdTokenLifetime, + } + } + + switch client.AuthMethodType { + case domain.OIDCAuthMethodTypeBasic, domain.OIDCAuthMethodTypePost: + err = s.verifyClientSecret(ctx, client, r.Data.ClientSecret) + case domain.OIDCAuthMethodTypePrivateKeyJWT: + err = s.verifyClientAssertion(ctx, client, r.Data.ClientAssertion) + case domain.OIDCAuthMethodTypeNone: + } + if err != nil { + return nil, err + } + + return ClientFromBusiness(client, s.defaultLoginURL, s.defaultLoginURLV2), nil +} + +func (s *Server) verifyClientAssertion(ctx context.Context, client *query.OIDCClient, assertion string) (err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + if assertion == "" { + return oidc.ErrInvalidClient().WithDescription("empty client assertion") + } + verifier := op.NewJWTProfileVerifierKeySet(keySetMap(client.PublicKeys), op.IssuerFromContext(ctx), time.Hour, client.ClockSkew) + if _, err := op.VerifyJWTAssertion(ctx, assertion, verifier); err != nil { + return oidc.ErrInvalidClient().WithParent(err).WithDescription("invalid assertion") + } + return nil +} + +func (s *Server) verifyClientSecret(ctx context.Context, client *query.OIDCClient, secret string) (err error) { + _, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + if secret == "" { + return oidc.ErrInvalidClient().WithDescription("empty client secret") + } + if err = crypto.CompareHash(client.ClientSecret, []byte(secret), s.hashAlg); err != nil { + return oidc.ErrInvalidClient().WithParent(err).WithDescription("invalid secret") + } + return nil +} diff --git a/internal/api/oidc/client_converter.go b/internal/api/oidc/client_converter.go index ec208db27c..b8334b578e 100644 --- a/internal/api/oidc/client_converter.go +++ b/internal/api/oidc/client_converter.go @@ -1,6 +1,7 @@ package oidc import ( + "slices" "strings" "time" @@ -9,43 +10,40 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" ) type Client struct { - app *query.App - defaultLoginURL string - defaultLoginURLV2 string - defaultAccessTokenLifetime time.Duration - defaultIdTokenLifetime time.Duration - allowedScopes []string + client *query.OIDCClient + defaultLoginURL string + defaultLoginURLV2 string + allowedScopes []string } -func ClientFromBusiness(app *query.App, defaultLoginURL, defaultLoginURLV2 string, defaultAccessTokenLifetime, defaultIdTokenLifetime time.Duration, allowedScopes []string) (op.Client, error) { - if app.OIDCConfig == nil { - return nil, errors.ThrowInvalidArgument(nil, "OIDC-d5bhD", "client is not a proper oidc application") +func ClientFromBusiness(client *query.OIDCClient, defaultLoginURL, defaultLoginURLV2 string) op.Client { + allowedScopes := make([]string, len(client.ProjectRoleKeys)) + for i, roleKey := range client.ProjectRoleKeys { + allowedScopes[i] = ScopeProjectRolePrefix + roleKey } + return &Client{ - app: app, - defaultLoginURL: defaultLoginURL, - defaultLoginURLV2: defaultLoginURLV2, - defaultAccessTokenLifetime: defaultAccessTokenLifetime, - defaultIdTokenLifetime: defaultIdTokenLifetime, - allowedScopes: allowedScopes}, - nil + client: client, + defaultLoginURL: defaultLoginURL, + defaultLoginURLV2: defaultLoginURLV2, + allowedScopes: allowedScopes, + } } func (c *Client) ApplicationType() op.ApplicationType { - return op.ApplicationType(c.app.OIDCConfig.AppType) + return op.ApplicationType(c.client.ApplicationType) } func (c *Client) AuthMethod() oidc.AuthMethod { - return authMethodToOIDC(c.app.OIDCConfig.AuthMethodType) + return authMethodToOIDC(c.client.AuthMethodType) } func (c *Client) GetID() string { - return c.app.OIDCConfig.ClientID + return c.client.ClientID } func (c *Client) LoginURL(id string) string { @@ -56,28 +54,28 @@ func (c *Client) LoginURL(id string) string { } func (c *Client) RedirectURIs() []string { - return c.app.OIDCConfig.RedirectURIs + return c.client.RedirectURIs } func (c *Client) PostLogoutRedirectURIs() []string { - return c.app.OIDCConfig.PostLogoutRedirectURIs + return c.client.PostLogoutRedirectURIs } func (c *Client) ResponseTypes() []oidc.ResponseType { - return responseTypesToOIDC(c.app.OIDCConfig.ResponseTypes) + return responseTypesToOIDC(c.client.ResponseTypes) } func (c *Client) GrantTypes() []oidc.GrantType { - return grantTypesToOIDC(c.app.OIDCConfig.GrantTypes) + return grantTypesToOIDC(c.client.GrantTypes) } func (c *Client) DevMode() bool { - return c.app.OIDCConfig.IsDevMode + return c.client.IsDevMode } func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string { return func(scopes []string) []string { - if c.app.OIDCConfig.AssertIDTokenRole { + if c.client.IDTokenRoleAssertion { return scopes } return removeScopeWithPrefix(scopes, ScopeProjectRolePrefix) @@ -86,7 +84,7 @@ func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []strin func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string { return func(scopes []string) []string { - if c.app.OIDCConfig.AssertAccessTokenRole { + if c.client.AccessTokenRoleAssertion { return scopes } return removeScopeWithPrefix(scopes, ScopeProjectRolePrefix) @@ -94,15 +92,15 @@ func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []s } func (c *Client) AccessTokenLifetime() time.Duration { - return c.defaultAccessTokenLifetime //PLANNED: impl from real client + return c.client.Settings.AccessTokenLifetime } func (c *Client) IDTokenLifetime() time.Duration { - return c.defaultIdTokenLifetime //PLANNED: impl from real client + return c.client.Settings.IdTokenLifetime } func (c *Client) AccessTokenType() op.AccessTokenType { - return accessTokenTypeToOIDC(c.app.OIDCConfig.AccessTokenType) + return accessTokenTypeToOIDC(c.client.AccessTokenType) } func (c *Client) IsScopeAllowed(scope string) bool { @@ -127,20 +125,29 @@ func (c *Client) IsScopeAllowed(scope string) bool { if scope == ScopeProjectsRoles { return true } - for _, allowedScope := range c.allowedScopes { - if scope == allowedScope { - return true - } - } - return false + return slices.Contains(c.allowedScopes, scope) } func (c *Client) ClockSkew() time.Duration { - return c.app.OIDCConfig.ClockSkew + return c.client.ClockSkew } func (c *Client) IDTokenUserinfoClaimsAssertion() bool { - return c.app.OIDCConfig.AssertIDTokenUserinfo + return c.client.IDTokenUserinfoAssertion +} + +func (c *Client) RedirectURIGlobs() []string { + if c.DevMode() { + return c.RedirectURIs() + } + return nil +} + +func (c *Client) PostLogoutRedirectURIGlobs() []string { + if c.DevMode() { + return c.PostLogoutRedirectURIs() + } + return nil } func accessTokenTypeToOIDC(tokenType domain.OIDCTokenType) op.AccessTokenType { @@ -229,3 +236,14 @@ func removeScopeWithPrefix(scopes []string, scopePrefix ...string) []string { } return newScopeList } + +func clientIDFromCredentials(cc *op.ClientCredentials) (clientID string, assertion bool, err error) { + if cc.ClientAssertion != "" { + claims := new(oidc.JWTTokenRequest) + if _, err := oidc.ParseToken(cc.ClientAssertion, claims); err != nil { + return "", false, oidc.ErrInvalidClient().WithParent(err) + } + return claims.Issuer, true, nil + } + return cc.ClientID, false, nil +} diff --git a/internal/api/oidc/client_credentials.go b/internal/api/oidc/client_credentials.go index 3c2f272ead..c3622680c9 100644 --- a/internal/api/oidc/client_credentials.go +++ b/internal/api/oidc/client_credentials.go @@ -1,10 +1,15 @@ package oidc import ( + "context" "time" "github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/op" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) type clientCredentialsRequest struct { @@ -28,15 +33,38 @@ func (c *clientCredentialsRequest) GetScopes() []string { return c.scopes } +func (s *Server) clientCredentialsAuth(ctx context.Context, clientID, clientSecret string) (op.Client, error) { + user, err := s.query.GetUserByLoginName(ctx, false, clientID) + if zerrors.IsNotFound(err) { + return nil, oidc.ErrInvalidClient().WithParent(err).WithDescription("client not found") + } + if err != nil { + return nil, err // defaults to server error + } + if user.Machine == nil || user.Machine.Secret == nil { + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-pieP8", "Errors.User.Machine.Secret.NotExisting") + } + if err = crypto.CompareHash(user.Machine.Secret, []byte(clientSecret), s.hashAlg); err != nil { + s.command.MachineSecretCheckFailed(ctx, user.ID, user.ResourceOwner) + return nil, zerrors.ThrowInvalidArgument(err, "OIDC-VoXo6", "Errors.User.Machine.Secret.Invalid") + } + + s.command.MachineSecretCheckSucceeded(ctx, user.ID, user.ResourceOwner) + return &clientCredentialsClient{ + id: clientID, + user: user, + }, nil +} + type clientCredentialsClient struct { - id string - tokenType op.AccessTokenType + id string + user *query.User } // AccessTokenType returns the AccessTokenType for the token to be created because of the client credentials request // machine users currently only have opaque tokens ([op.AccessTokenTypeBearer]) func (c *clientCredentialsClient) AccessTokenType() op.AccessTokenType { - return c.tokenType + return accessTokenTypeToOIDC(c.user.Machine.AccessTokenType) } // GetID returns the client_id (username of the machine user) for the token to be created because of the client credentials request diff --git a/internal/api/oidc/client_integration_test.go b/internal/api/oidc/client_integration_test.go index 2c3d8e3735..a20e388dca 100644 --- a/internal/api/oidc/client_integration_test.go +++ b/internal/api/oidc/client_integration_test.go @@ -4,20 +4,26 @@ package oidc_test import ( "context" + "fmt" "testing" "time" + "github.com/brianvoe/gofakeit/v6" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/zitadel/oidc/v3/pkg/client" "github.com/zitadel/oidc/v3/pkg/client/rp" "github.com/zitadel/oidc/v3/pkg/client/rs" "github.com/zitadel/oidc/v3/pkg/oidc" "golang.org/x/text/language" oidc_api "github.com/zitadel/zitadel/internal/api/oidc" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/integration" "github.com/zitadel/zitadel/pkg/grpc/authn" "github.com/zitadel/zitadel/pkg/grpc/management" oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta" + "github.com/zitadel/zitadel/pkg/grpc/user" ) func TestOPStorage_SetUserinfoFromToken(t *testing.T) { @@ -53,48 +59,118 @@ func TestOPStorage_SetUserinfoFromToken(t *testing.T) { func TestServer_Introspect(t *testing.T) { project, err := Tester.CreateProject(CTX) require.NoError(t, err) - app, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId()) - require.NoError(t, err) - api, err := Tester.CreateAPIClient(CTX, project.GetId()) - require.NoError(t, err) - keyResp, err := Tester.Client.Mgmt.AddAppKey(CTX, &management.AddAppKeyRequest{ - ProjectId: project.GetId(), - AppId: api.GetAppId(), - Type: authn.KeyType_KEY_TYPE_JSON, - ExpirationDate: nil, - }) - require.NoError(t, err) - resourceServer, err := Tester.CreateResourceServer(CTX, keyResp.GetKeyDetails()) + app, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false) require.NoError(t, err) - scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc_api.ScopeResourceOwner} - authRequestID := createAuthRequest(t, app.GetClientId(), redirectURI, scope...) - sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId()) - linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{ - AuthRequestId: authRequestID, - CallbackKind: &oidc_pb.CreateCallbackRequest_Session{ - Session: &oidc_pb.Session{ - SessionId: sessionID, - SessionToken: sessionToken, + wantAudience := []string{app.GetClientId(), project.GetId()} + + tests := []struct { + name string + api func(*testing.T) (apiID string, resourceServer rs.ResourceServer) + wantErr bool + }{ + { + name: "client assertion", + api: func(t *testing.T) (string, rs.ResourceServer) { + api, err := Tester.CreateAPIClientJWT(CTX, project.GetId()) + require.NoError(t, err) + keyResp, err := Tester.Client.Mgmt.AddAppKey(CTX, &management.AddAppKeyRequest{ + ProjectId: project.GetId(), + AppId: api.GetAppId(), + Type: authn.KeyType_KEY_TYPE_JSON, + ExpirationDate: nil, + }) + require.NoError(t, err) + resourceServer, err := Tester.CreateResourceServerJWTProfile(CTX, keyResp.GetKeyDetails()) + require.NoError(t, err) + return api.GetClientId(), resourceServer }, }, - }) - require.NoError(t, err) + { + name: "client credentials", + api: func(t *testing.T) (string, rs.ResourceServer) { + api, err := Tester.CreateAPIClientBasic(CTX, project.GetId()) + require.NoError(t, err) + resourceServer, err := Tester.CreateResourceServerClientCredentials(CTX, api.GetClientId(), api.GetClientSecret()) + require.NoError(t, err) + return api.GetClientId(), resourceServer + }, + }, + { + name: "client invalid id, error", + api: func(t *testing.T) (string, rs.ResourceServer) { + api, err := Tester.CreateAPIClientBasic(CTX, project.GetId()) + require.NoError(t, err) + resourceServer, err := Tester.CreateResourceServerClientCredentials(CTX, "xxxxx", api.GetClientSecret()) + require.NoError(t, err) + return api.GetClientId(), resourceServer + }, + wantErr: true, + }, + { + name: "client invalid secret, error", + api: func(t *testing.T) (string, rs.ResourceServer) { + api, err := Tester.CreateAPIClientBasic(CTX, project.GetId()) + require.NoError(t, err) + resourceServer, err := Tester.CreateResourceServerClientCredentials(CTX, api.GetClientId(), "xxxxx") + require.NoError(t, err) + return api.GetClientId(), resourceServer + }, + wantErr: true, + }, + { + name: "client credentials on jwt client, error", + api: func(t *testing.T) (string, rs.ResourceServer) { + api, err := Tester.CreateAPIClientJWT(CTX, project.GetId()) + require.NoError(t, err) + resourceServer, err := Tester.CreateResourceServerClientCredentials(CTX, api.GetClientId(), "xxxxx") + require.NoError(t, err) + return api.GetClientId(), resourceServer + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + apiID, resourceServer := tt.api(t) + // wantAudience grows for every API we add to the project. + wantAudience = append(wantAudience, apiID) - // code exchange - code := assertCodeResponse(t, linkResp.GetCallbackUrl()) - tokens, err := exchangeTokens(t, app.GetClientId(), code) - require.NoError(t, err) - assertTokens(t, tokens, true) - assertIDTokenClaims(t, tokens.IDTokenClaims, armPasskey, startTime, changeTime) + scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc_api.ScopeResourceOwner} + authRequestID := createAuthRequest(t, app.GetClientId(), redirectURI, scope...) + sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId()) + linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{ + AuthRequestId: authRequestID, + CallbackKind: &oidc_pb.CreateCallbackRequest_Session{ + Session: &oidc_pb.Session{ + SessionId: sessionID, + SessionToken: sessionToken, + }, + }, + }) + require.NoError(t, err) - // test actual introspection - introspection, err := rs.Introspect[*oidc.IntrospectionResponse](context.Background(), resourceServer, tokens.AccessToken) - require.NoError(t, err) - assertIntrospection(t, introspection, - Tester.OIDCIssuer(), app.GetClientId(), - scope, []string{app.GetClientId(), api.GetClientId(), project.GetId()}, - tokens.Expiry, tokens.Expiry.Add(-12*time.Hour)) + // code exchange + code := assertCodeResponse(t, linkResp.GetCallbackUrl()) + tokens, err := exchangeTokens(t, app.GetClientId(), code) + require.NoError(t, err) + assertTokens(t, tokens, true) + assertIDTokenClaims(t, tokens.IDTokenClaims, armPasskey, startTime, changeTime) + + // test actual introspection + introspection, err := rs.Introspect[*oidc.IntrospectionResponse](context.Background(), resourceServer, tokens.AccessToken) + if tt.wantErr { + require.Error(t, err) + return + } + + require.NoError(t, err) + assertIntrospection(t, introspection, + Tester.OIDCIssuer(), app.GetClientId(), + scope, wantAudience, + tokens.Expiry, tokens.Expiry.Add(-12*time.Hour)) + }) + } } func assertUserinfo(t *testing.T, userinfo *oidc.UserInfo) { @@ -142,3 +218,245 @@ func assertIntrospection( assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"name"]) assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"primary_domain"]) } + +// TestServer_VerifyClient tests verification by running code flow tests +// with clients that have different authentication methods. +func TestServer_VerifyClient(t *testing.T) { + sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId()) + project, err := Tester.CreateProject(CTX) + require.NoError(t, err) + + inactiveClient, err := Tester.CreateOIDCInactivateClient(CTX, redirectURI, logoutRedirectURI, project.GetId()) + require.NoError(t, err) + nativeClient, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false) + require.NoError(t, err) + basicWebClient, err := Tester.CreateOIDCWebClientBasic(CTX, redirectURI, logoutRedirectURI, project.GetId()) + require.NoError(t, err) + jwtWebClient, keyData, err := Tester.CreateOIDCWebClientJWT(CTX, redirectURI, logoutRedirectURI, project.GetId()) + require.NoError(t, err) + + type clientDetails struct { + authReqClientID string + clientID string + clientSecret string + keyData []byte + } + tests := []struct { + name string + client clientDetails + wantErr bool + }{ + { + name: "empty client ID error", + client: clientDetails{ + authReqClientID: nativeClient.GetClientId(), + }, + wantErr: true, + }, + { + name: "client not found error", + client: clientDetails{ + authReqClientID: nativeClient.GetClientId(), + clientID: "foo", + }, + wantErr: true, + }, + { + name: "client inactive error", + client: clientDetails{ + authReqClientID: nativeClient.GetClientId(), + clientID: inactiveClient.GetClientId(), + }, + wantErr: true, + }, + { + name: "native client success", + client: clientDetails{ + authReqClientID: nativeClient.GetClientId(), + clientID: nativeClient.GetClientId(), + }, + }, + { + name: "web client basic secret empty error", + client: clientDetails{ + authReqClientID: basicWebClient.GetClientId(), + clientID: basicWebClient.GetClientId(), + clientSecret: "", + }, + wantErr: true, + }, + { + name: "web client basic secret invalid error", + client: clientDetails{ + authReqClientID: basicWebClient.GetClientId(), + clientID: basicWebClient.GetClientId(), + clientSecret: "wrong", + }, + wantErr: true, + }, + { + name: "web client basic secret success", + client: clientDetails{ + authReqClientID: basicWebClient.GetClientId(), + clientID: basicWebClient.GetClientId(), + clientSecret: basicWebClient.GetClientSecret(), + }, + }, + { + name: "web client JWT profile empty assertion error", + client: clientDetails{ + authReqClientID: jwtWebClient.GetClientId(), + clientID: jwtWebClient.GetClientId(), + }, + wantErr: true, + }, + { + name: "web client JWT profile invalid assertion error", + client: clientDetails{ + authReqClientID: jwtWebClient.GetClientId(), + clientID: jwtWebClient.GetClientId(), + keyData: createInvalidKeyData(t, jwtWebClient), + }, + wantErr: true, + }, + { + name: "web client JWT profile success", + client: clientDetails{ + authReqClientID: jwtWebClient.GetClientId(), + clientID: jwtWebClient.GetClientId(), + keyData: keyData, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fmt.Printf("\n\n%s\n\n", tt.client.keyData) + + authRequestID, err := Tester.CreateOIDCAuthRequest(CTX, tt.client.authReqClientID, Tester.Users[integration.FirstInstanceUsersKey][integration.Login].ID, redirectURI, oidc.ScopeOpenID) + require.NoError(t, err) + linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{ + AuthRequestId: authRequestID, + CallbackKind: &oidc_pb.CreateCallbackRequest_Session{ + Session: &oidc_pb.Session{ + SessionId: sessionID, + SessionToken: sessionToken, + }, + }, + }) + require.NoError(t, err) + + // use a new RP so we can inject different credentials + var options []rp.Option + if tt.client.keyData != nil { + options = append(options, rp.WithJWTProfile(rp.SignerFromKeyFile(tt.client.keyData))) + } + provider, err := rp.NewRelyingPartyOIDC(CTX, Tester.OIDCIssuer(), tt.client.clientID, tt.client.clientSecret, redirectURI, []string{oidc.ScopeOpenID}, options...) + require.NoError(t, err) + + // test code exchange + code := assertCodeResponse(t, linkResp.GetCallbackUrl()) + codeOpts := codeExchangeOptions(t, provider) + tokens, err := rp.CodeExchange[*oidc.IDTokenClaims](context.Background(), code, provider, codeOpts...) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + assertTokens(t, tokens, false) + assertIDTokenClaims(t, tokens.IDTokenClaims, armPasskey, startTime, changeTime) + }) + } +} + +func codeExchangeOptions(t testing.TB, provider rp.RelyingParty) []rp.CodeExchangeOpt { + codeOpts := []rp.CodeExchangeOpt{rp.WithCodeVerifier(integration.CodeVerifier)} + if signer := provider.Signer(); signer != nil { + assertion, err := client.SignedJWTProfileAssertion(provider.OAuthConfig().ClientID, []string{provider.Issuer()}, time.Hour, provider.Signer()) + require.NoError(t, err) + codeOpts = append(codeOpts, rp.WithClientAssertionJWT(assertion)) + } + return codeOpts +} + +func createInvalidKeyData(t testing.TB, client *management.AddOIDCAppResponse) []byte { + key := domain.ApplicationKey{ + Type: domain.AuthNKeyTypeJSON, + KeyID: "1", + PrivateKey: []byte("-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxHd087RoEm9ywVWZ/H+tDWxQsmVvhfRz4jAq/RfU+OWXNH4J\njMMSHdFs0Q+WP98nNXRyc7fgbMb8NdmlB2yD4qLYapN5SDaBc5dh/3EnyFt53oSs\njTlKnQUPAeJr2qh/NY046CfyUyQMM4JR5OiQFo4TssfWnqdcgamGt0AEnk2lvbMZ\nKQdAqNS9lDzYbjMGavEQPTZE35mFXFQXjaooZXq+TIa7hbaq7/idH7cHNbLcPLgj\nfPQA8q+DYvnvhXlmq0LPQZH3Oiixf+SF2vRwrBzT2mqGD2OiOkUmhuPwyqEiiBHt\nfxklRtRU6WfLa1Gcb1PsV0uoBGpV3KybIl/GlwIDAQABAoIBAEQjDduLgOCL6Gem\n0X3hpdnW6/HC/jed/Sa//9jBECq2LYeWAqff64ON40hqOHi0YvvGA/+gEOSI6mWe\nsv5tIxxRz+6+cLybsq+tG96kluCE4TJMHy/nY7orS/YiWbd+4odnEApr+D3fbZ/b\nnZ1fDsHTyn8hkYx6jLmnWsJpIHDp7zxD76y7k2Bbg6DZrCGiVxngiLJk23dvz79W\np03lHLM7XE92aFwXQmhfxHGxrbuoB/9eY4ai5IHp36H4fw0vL6NXdNQAo/bhe0p9\nAYB7y0ZumF8Hg0Z/BmMeEzLy6HrYB+VE8cO93pNjhSyH+p2yDB/BlUyTiRLQAoM0\nVTmOZXECgYEA7NGlzpKNhyQEJihVqt0MW0LhKIO/xbBn+XgYfX6GpqPa/ucnMx5/\nVezpl3gK8IU4wPUhAyXXAHJiqNBcEeyxrw0MXLujDVMJgYaLysCLJdvMVgoY08mS\nK5IQivpbozpf4+0y3mOnA+Sy1kbfxv2X8xiWLODRQW3f3q/xoklwOR8CgYEA1GEe\nfaibOFTQAYcIVj77KXtBfYZsX3EGAyfAN9O7cKHq5oaxVstwnF47WxpuVtoKZxCZ\nbNm9D5WvQ9b+Ztpioe42tzwE7Bff/Osj868GcDdRPK7nFlh9N2yVn/D514dOYVwR\n4MBr1KrJzgRWt4QqS4H+to1GzudDTSNlG7gnK4kCgYBUi6AbOHzoYzZL/RhgcJwp\ntJ23nhmH1Su5h2OO4e3mbhcP66w19sxU+8iFN+kH5zfUw26utgKk+TE5vXExQQRK\nT2k7bg2PAzcgk80ybD0BHhA8I0yrx4m0nmfjhe/TPVLgh10iwgbtP+eM0i6v1vc5\nZWyvxu9N4ZEL6lpkqr0y1wKBgG/NAIQd8jhhTW7Aav8cAJQBsqQl038avJOEpYe+\nCnpsgoAAf/K0/f8TDCQVceh+t+MxtdK7fO9rWOxZjWsPo8Si5mLnUaAHoX4/OpnZ\nlYYVWMqdOEFnK+O1Yb7k2GFBdV2DXlX2dc1qavntBsls5ecB89id3pyk2aUN8Pf6\npYQhAoGAMGtrHFely9wyaxI0RTCyfmJbWZHGVGkv6ELK8wneJjdjl82XOBUGCg5q\naRCrTZ3dPitKwrUa6ibJCIFCIziiriBmjDvTHzkMvoJEap2TVxYNDR6IfINVsQ57\nlOsiC4A2uGq4Lbfld+gjoplJ5GX6qXtTgZ6m7eo0y7U6zm2tkN0=\n-----END RSA PRIVATE KEY-----\n"), + ApplicationID: client.GetAppId(), + ClientID: client.GetClientId(), + } + data, err := key.Detail() + require.NoError(t, err) + return data +} + +func TestServer_CreateAccessToken_ClientCredentials(t *testing.T) { + clientID, clientSecret, err := Tester.CreateOIDCCredentialsClient(CTX) + require.NoError(t, err) + + type clientDetails struct { + clientID string + clientSecret string + keyData []byte + } + tests := []struct { + name string + clientID string + clientSecret string + wantErr bool + }{ + { + name: "missing client ID error", + clientID: "", + clientSecret: clientSecret, + wantErr: true, + }, + { + name: "client not found error", + clientID: "foo", + clientSecret: clientSecret, + wantErr: true, + }, + { + name: "machine user without secret error", + clientID: func() string { + name := gofakeit.Username() + _, err := Tester.Client.Mgmt.AddMachineUser(CTX, &management.AddMachineUserRequest{ + Name: name, + UserName: name, + AccessTokenType: user.AccessTokenType_ACCESS_TOKEN_TYPE_JWT, + }) + require.NoError(t, err) + return name + }(), + clientSecret: clientSecret, + wantErr: true, + }, + { + name: "wrong secret error", + clientID: clientID, + clientSecret: "bar", + wantErr: true, + }, + { + name: "success", + clientID: clientID, + clientSecret: clientSecret, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + provider, err := rp.NewRelyingPartyOIDC(CTX, Tester.OIDCIssuer(), tt.clientID, tt.clientSecret, redirectURI, []string{oidc.ScopeOpenID}) + require.NoError(t, err) + tokens, err := rp.ClientCredentials(CTX, provider, nil) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + assert.NotNil(t, tokens) + assert.NotEmpty(t, tokens.AccessToken) + }) + } +} diff --git a/internal/api/oidc/device_auth.go b/internal/api/oidc/device_auth.go index 80298e8afd..775ec6f9e3 100644 --- a/internal/api/oidc/device_auth.go +++ b/internal/api/oidc/device_auth.go @@ -5,13 +5,13 @@ import ( "time" "github.com/zitadel/logging" - "github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/zitadel/internal/api/ui/login" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -78,47 +78,39 @@ func (o *OPStorage) StoreDeviceAuthorization(ctx context.Context, clientID, devi span.EndWithError(err) }() - // TODO(muhlemmer): Remove the following code block with oidc v3 - // https://github.com/zitadel/oidc/issues/370 - client, err := o.GetClientByClientID(ctx, clientID) - if err != nil { - return err - } - if !op.ValidateGrantType(client, oidc.GrantTypeDeviceCode) { - return errors.ThrowPermissionDeniedf(nil, "OIDC-et1Ae", "grant type %q not allowed for client", oidc.GrantTypeDeviceCode) - } - scopes, err = o.assertProjectRoleScopes(ctx, clientID, scopes) if err != nil { - return errors.ThrowPreconditionFailed(err, "OIDC-She4t", "Errors.Internal") + return zerrors.ThrowPreconditionFailed(err, "OIDC-She4t", "Errors.Internal") } - aggrID, details, err := o.command.AddDeviceAuth(ctx, clientID, deviceCode, userCode, expires, scopes) + details, err := o.command.AddDeviceAuth(ctx, clientID, deviceCode, userCode, expires, scopes) if err == nil { - logger.SetFields("aggregate_id", aggrID, "details", details).Debug(logMsg) + logger.SetFields("details", details).Debug(logMsg) } return err } -func newDeviceAuthorizationState(d *domain.DeviceAuth) *op.DeviceAuthorizationState { +func newDeviceAuthorizationState(d *query.DeviceAuth) *op.DeviceAuthorizationState { return &op.DeviceAuthorizationState{ ClientID: d.ClientID, Scopes: d.Scopes, Expires: d.Expires, Done: d.State.Done(), - Subject: d.Subject, Denied: d.State.Denied(), + Subject: d.Subject, + AMR: AuthMethodTypesToAMR(d.UserAuthMethods), + AuthTime: d.AuthTime, } } -// GetDeviceAuthorizatonState retieves the current state of the Device Authorization process. +// GetDeviceAuthorizatonState retrieves the current state of the Device Authorization process. // It implements the [op.DeviceAuthorizationStorage] interface and is used by devices that // are polling until they successfully receive a token or we indicate a denied or expired state. // As generated user codes are of low entropy, this implementation also takes care or // device authorization request cleanup, when it has been Approved, Denied or Expired. func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, deviceCode string) (state *op.DeviceAuthorizationState, err error) { const logMsg = "get device authorization state" - logger := logging.WithFields("client_id", clientID, "device_code", deviceCode) + logger := logging.WithFields("device_code", deviceCode) ctx, span := tracing.NewSpan(ctx) defer func() { @@ -128,7 +120,7 @@ func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, de span.EndWithError(err) }() - deviceAuth, err := o.query.DeviceAuthByDeviceCode(ctx, clientID, deviceCode) + deviceAuth, err := o.query.DeviceAuthByDeviceCode(ctx, deviceCode) if err != nil { return nil, err } @@ -139,38 +131,12 @@ func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, de // Cancel the request if it is expired, only if it wasn't Done meanwhile if !deviceAuth.State.Done() && deviceAuth.Expires.Before(time.Now()) { - _, err = o.command.CancelDeviceAuth(ctx, deviceAuth.AggregateID, domain.DeviceAuthCanceledExpired) + _, err = o.command.CancelDeviceAuth(ctx, deviceAuth.DeviceCode, domain.DeviceAuthCanceledExpired) if err != nil { return nil, err } deviceAuth.State = domain.DeviceAuthStateExpired } - // When the request is more then initiated, it has been either Approved, Denied or Expired. - // At this point we should remove it from the DB to avoid user code conflicts. - if deviceAuth.State > domain.DeviceAuthStateInitiated { - _, err = o.command.RemoveDeviceAuth(ctx, deviceAuth.AggregateID) - if err != nil { - return nil, err - } - } - return newDeviceAuthorizationState(deviceAuth), nil } - -// TODO(muhlemmer): remove the following methods with oidc v3. -// They are actually not used, but are required by the oidc device storage interface. -// https://github.com/zitadel/oidc/issues/371 -func (o *OPStorage) GetDeviceAuthorizationByUserCode(ctx context.Context, userCode string) (*op.DeviceAuthorizationState, error) { - return nil, nil -} - -func (o *OPStorage) CompleteDeviceAuthorization(ctx context.Context, userCode, subject string) (err error) { - return nil -} - -func (o *OPStorage) DenyDeviceAuthorization(ctx context.Context, userCode string) (err error) { - return nil -} - -// TODO end. diff --git a/internal/api/oidc/introspect.go b/internal/api/oidc/introspect.go index d48bf001ec..8c73755199 100644 --- a/internal/api/oidc/introspect.go +++ b/internal/api/oidc/introspect.go @@ -11,9 +11,9 @@ import ( "github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/zitadel/internal/crypto" - errz "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionRequest]) (resp *op.Response, err error) { @@ -31,14 +31,14 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR ctx, cancel := context.WithCancel(ctx) defer cancel() - clientChan := make(chan *instrospectionClientResult) - go s.instrospectionClientAuth(ctx, r.Data.ClientCredentials, clientChan) + clientChan := make(chan *introspectionClientResult) + go s.introspectionClientAuth(ctx, r.Data.ClientCredentials, clientChan) tokenChan := make(chan *introspectionTokenResult) go s.introspectionToken(ctx, r.Data.Token, tokenChan) var ( - client *instrospectionClientResult + client *introspectionClientResult token *introspectionTokenResult ) @@ -72,7 +72,7 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR return nil, err } - // remaining errors shoudn't be returned to the client, + // remaining errors shouldn't be returned to the client, // so we catch errors here, log them and return the response // with active: false defer func() { @@ -116,13 +116,15 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR return op.NewResponse(introspectionResp), nil } -type instrospectionClientResult struct { +type introspectionClientResult struct { clientID string projectID string err error } -func (s *Server) instrospectionClientAuth(ctx context.Context, cc *op.ClientCredentials, rc chan<- *instrospectionClientResult) { +var errNoClientSecret = errors.New("client has no configured secret") + +func (s *Server) introspectionClientAuth(ctx context.Context, cc *op.ClientCredentials, rc chan<- *introspectionClientResult) { ctx, span := tracing.NewSpan(ctx) clientID, projectID, err := func() (string, string, error) { @@ -136,18 +138,21 @@ func (s *Server) instrospectionClientAuth(ctx context.Context, cc *op.ClientCred if _, err := op.VerifyJWTAssertion(ctx, cc.ClientAssertion, verifier); err != nil { return "", "", oidc.ErrUnauthorizedClient().WithParent(err) } - } else { + return client.ClientID, client.ProjectID, nil + + } + if client.ClientSecret != nil { if err := crypto.CompareHash(client.ClientSecret, []byte(cc.ClientSecret), s.hashAlg); err != nil { return "", "", oidc.ErrUnauthorizedClient().WithParent(err) } + return client.ClientID, client.ProjectID, nil } - - return client.ClientID, client.ProjectID, nil + return "", "", oidc.ErrUnauthorizedClient().WithParent(errNoClientSecret) }() span.EndWithError(err) - rc <- &instrospectionClientResult{ + rc <- &introspectionClientResult{ clientID: clientID, projectID: projectID, err: err, @@ -157,15 +162,11 @@ func (s *Server) instrospectionClientAuth(ctx context.Context, cc *op.ClientCred // clientFromCredentials parses the client ID early, // and makes a single query for the client for either auth methods. func (s *Server) clientFromCredentials(ctx context.Context, cc *op.ClientCredentials) (client *query.IntrospectionClient, err error) { - if cc.ClientAssertion != "" { - claims := new(oidc.JWTTokenRequest) - if _, err := oidc.ParseToken(cc.ClientAssertion, claims); err != nil { - return nil, oidc.ErrUnauthorizedClient().WithParent(err) - } - client, err = s.query.GetIntrospectionClientByID(ctx, claims.Issuer, true) - } else { - client, err = s.query.GetIntrospectionClientByID(ctx, cc.ClientID, false) + clientID, assertion, err := clientIDFromCredentials(cc) + if err != nil { + return nil, err } + client, err = s.query.GetIntrospectionClientByID(ctx, clientID, assertion) if errors.Is(err, sql.ErrNoRows) { return nil, oidc.ErrUnauthorizedClient().WithParent(err) } @@ -196,5 +197,5 @@ func validateIntrospectionAudience(audience []string, clientID, projectID string return nil } - return errz.ThrowPermissionDenied(nil, "OIDC-sdg3G", "token is not valid for this client") + return zerrors.ThrowPermissionDenied(nil, "OIDC-sdg3G", "token is not valid for this client") } diff --git a/internal/api/oidc/jwt-profile.go b/internal/api/oidc/jwt-profile.go index a0bf491bbd..805936dff3 100644 --- a/internal/api/oidc/jwt-profile.go +++ b/internal/api/oidc/jwt-profile.go @@ -7,7 +7,7 @@ import ( "github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func (o *OPStorage) JWTProfileTokenType(ctx context.Context, request op.TokenRequest) (op.AccessTokenType, error) { @@ -18,7 +18,7 @@ func (o *OPStorage) JWTProfileTokenType(ctx context.Context, request op.TokenReq } // the user should always be a machine, but let's just be sure if user.Machine == nil { - return 0, errors.ThrowInvalidArgument(nil, "OIDC-jk26S", "invalid client type") + return 0, zerrors.ThrowInvalidArgument(nil, "OIDC-jk26S", "invalid client type") } return accessTokenTypeToOIDC(user.Machine.AccessTokenType), nil } diff --git a/internal/api/oidc/key.go b/internal/api/oidc/key.go index 6f9e51407a..d0e781a0c2 100644 --- a/internal/api/oidc/key.go +++ b/internal/api/oidc/key.go @@ -14,12 +14,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/keypair" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) // keySetCache implements oidc.KeySet for Access Token verification. @@ -97,7 +97,7 @@ func (k *keySetCache) getKey(ctx context.Context, keyID string) (_ *jose.JSONWeb if key.Expiry().After(k.clock.Now()) { return jsonWebkey(key), nil } - return nil, errors.ThrowInvalidArgument(nil, "OIDC-Zoh9E", "Errors.Key.ExpireBeforeNow") + return nil, zerrors.ThrowInvalidArgument(nil, "OIDC-Zoh9E", "Errors.Key.ExpireBeforeNow") } key, err = k.queryKey(ctx, keyID, k.clock.Now()) @@ -114,7 +114,7 @@ func (k *keySetCache) VerifySignature(ctx context.Context, jws *jose.JSONWebSign defer func() { span.EndWithError(err) }() if len(jws.Signatures) != 1 { - return nil, errors.ThrowInvalidArgument(nil, "OIDC-Gid9s", "Errors.Token.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "OIDC-Gid9s", "Errors.Token.Invalid") } key, err := k.getKey(ctx, jws.Signatures[0].Header.KeyID) if err != nil { @@ -152,7 +152,7 @@ func (k keySetMap) getKey(keyID string) (*jose.JSONWebKey, error) { // VerifySignature implements the oidc.KeySet interface. func (k keySetMap) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error) { if len(jws.Signatures) != 1 { - return nil, errors.ThrowInvalidArgument(nil, "OIDC-Eeth6", "Errors.Token.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "OIDC-Eeth6", "Errors.Token.Invalid") } key, err := k.getKey(jws.Signatures[0].Header.KeyID) if err != nil { @@ -248,7 +248,7 @@ func (o *OPStorage) SigningKey(ctx context.Context) (key op.SigningKey, err erro return err } if key == nil { - return errors.ThrowInternal(nil, "test", "test") + return zerrors.ThrowInternal(nil, "test", "test") } return nil }) @@ -273,13 +273,13 @@ func (o *OPStorage) getSigningKey(ctx context.Context) (op.SigningKey, error) { func (o *OPStorage) refreshSigningKey(ctx context.Context, algorithm string, position float64) error { ok, err := o.ensureIsLatestKey(ctx, position) if err != nil || !ok { - return errors.ThrowInternal(err, "OIDC-ASfh3", "cannot ensure that projection is up to date") + return zerrors.ThrowInternal(err, "OIDC-ASfh3", "cannot ensure that projection is up to date") } err = o.lockAndGenerateSigningKeyPair(ctx, algorithm) if err != nil { - return errors.ThrowInternal(err, "OIDC-ADh31", "could not create signing key") + return zerrors.ThrowInternal(err, "OIDC-ADh31", "could not create signing key") } - return errors.ThrowInternal(nil, "OIDC-Df1bh", "") + return zerrors.ThrowInternal(nil, "OIDC-Df1bh", "") } func (o *OPStorage) ensureIsLatestKey(ctx context.Context, position float64) (bool, error) { @@ -315,7 +315,7 @@ func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context, algorithm errs := o.locker.Lock(ctx, lockDuration, authz.GetInstance(ctx).InstanceID()) err, ok := <-errs if err != nil || !ok { - if errors.IsErrorAlreadyExists(err) { + if zerrors.IsErrorAlreadyExists(err) { return nil } logging.OnError(err).Debug("initial lock failed") diff --git a/internal/api/oidc/oidc_integration_test.go b/internal/api/oidc/oidc_integration_test.go index e1531fff3b..f956b5c48f 100644 --- a/internal/api/oidc/oidc_integration_test.go +++ b/internal/api/oidc/oidc_integration_test.go @@ -31,9 +31,9 @@ var ( ) const ( - redirectURI = "oidcintegrationtest://callback" + redirectURI = "https://callback" redirectURIImplicit = "http://localhost:9999/callback" - logoutRedirectURI = "oidcintegrationtest://logged-out" + logoutRedirectURI = "https://logged-out" zitadelAudienceScope = domain.ProjectIDScope + domain.ProjectIDScopeZITADEL + domain.AudSuffix ) @@ -174,6 +174,40 @@ func Test_ZITADEL_API_success(t *testing.T) { require.Equal(t, User.GetUserId(), myUserResp.GetUser().GetId()) } +func Test_ZITADEL_API_glob_redirects(t *testing.T) { + const redirectURI = "https://my-org-1yfnjl2xj-my-app.vercel.app/api/auth/callback/zitadel" + clientID := createClientWithOpts(t, clientOpts{ + redirectURI: "https://my-org-*-my-app.vercel.app/api/auth/callback/zitadel", + logoutURI: "https://my-org-*-my-app.vercel.app/", + devMode: true, + }) + authRequestID := createAuthRequest(t, clientID, redirectURI, oidc.ScopeOpenID, zitadelAudienceScope) + sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId()) + linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{ + AuthRequestId: authRequestID, + CallbackKind: &oidc_pb.CreateCallbackRequest_Session{ + Session: &oidc_pb.Session{ + SessionId: sessionID, + SessionToken: sessionToken, + }, + }, + }) + require.NoError(t, err) + + // code exchange + code := assertCodeResponse(t, linkResp.GetCallbackUrl()) + tokens, err := exchangeTokens(t, clientID, code) + require.NoError(t, err) + assertTokens(t, tokens, false) + assertIDTokenClaims(t, tokens.IDTokenClaims, armPasskey, startTime, changeTime) + + ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("%s %s", tokens.TokenType, tokens.AccessToken)) + + myUserResp, err := Tester.Client.Auth.GetMyUser(ctx, &auth.GetMyUserRequest{}) + require.NoError(t, err) + require.Equal(t, User.GetUserId(), myUserResp.GetUser().GetId()) +} + func Test_ZITADEL_API_inactive_access_token(t *testing.T) { clientID := createClient(t) authRequestID := createAuthRequest(t, clientID, redirectURI, oidc.ScopeOpenID, oidc.ScopeOfflineAccess, zitadelAudienceScope) @@ -257,9 +291,23 @@ func Test_ZITADEL_API_terminated_session(t *testing.T) { } func createClient(t testing.TB) string { + return createClientWithOpts(t, clientOpts{ + redirectURI: redirectURI, + logoutURI: logoutRedirectURI, + devMode: false, + }) +} + +type clientOpts struct { + redirectURI string + logoutURI string + devMode bool +} + +func createClientWithOpts(t testing.TB, opts clientOpts) string { project, err := Tester.CreateProject(CTX) require.NoError(t, err) - app, err := Tester.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId()) + app, err := Tester.CreateOIDCNativeClient(CTX, opts.redirectURI, opts.logoutURI, project.GetId(), opts.devMode) require.NoError(t, err) return app.GetClientId() } diff --git a/internal/api/oidc/op.go b/internal/api/oidc/op.go index defa5fdcdc..272f2a285a 100644 --- a/internal/api/oidc/op.go +++ b/internal/api/oidc/op.go @@ -6,11 +6,9 @@ import ( "net/http" "time" - "github.com/rakyll/statik/fs" "github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/op" "golang.org/x/exp/slog" - "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/assets" http_utils "github.com/zitadel/zitadel/internal/api/http" @@ -20,12 +18,11 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/crdb" - "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/metrics" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -104,7 +101,7 @@ func NewServer( ) (*Server, error) { opConfig, err := createOPConfig(config, defaultLogoutRedirectURI, cryptoKey) if err != nil { - return nil, caos_errs.ThrowInternal(err, "OIDC-EGrqd", "cannot create op config: %w") + return nil, zerrors.ThrowInternal(err, "OIDC-EGrqd", "cannot create op config: %w") } storage := newStorage(config, command, query, repo, encryptionAlg, es, projections, externalSecure) var options []op.Option @@ -112,7 +109,7 @@ func NewServer( options = append(options, op.WithAllowInsecure()) } if err != nil { - return nil, caos_errs.ThrowInternal(err, "OIDC-D3gq1", "cannot create options: %w") + return nil, zerrors.ThrowInternal(err, "OIDC-D3gq1", "cannot create options: %w") } provider, err := op.NewProvider( opConfig, @@ -121,20 +118,25 @@ func NewServer( options..., ) if err != nil { - return nil, caos_errs.ThrowInternal(err, "OIDC-DAtg3", "cannot create provider") + return nil, zerrors.ThrowInternal(err, "OIDC-DAtg3", "cannot create provider") } server := &Server{ - LegacyServer: op.NewLegacyServer(provider, endpoints(config.CustomEndpoints)), - features: config.Features, - repo: repo, - query: query, - command: command, - keySet: newKeySet(context.TODO(), time.Hour, query.GetActivePublicKeyByID), - fallbackLogger: fallbackLogger, - hashAlg: crypto.NewBCrypt(10), // as we are only verifying in oidc, the cost is already part of the hash string and the config here is irrelevant. - signingKeyAlgorithm: config.SigningKeyAlgorithm, - assetAPIPrefix: assets.AssetAPI(externalSecure), + LegacyServer: op.NewLegacyServer(provider, endpoints(config.CustomEndpoints)), + features: config.Features, + repo: repo, + query: query, + command: command, + keySet: newKeySet(context.TODO(), time.Hour, query.GetActivePublicKeyByID), + defaultLoginURL: fmt.Sprintf("%s%s?%s=", login.HandlerPrefix, login.EndpointLogin, login.QueryAuthRequestID), + defaultLoginURLV2: config.DefaultLoginURLV2, + defaultLogoutURLV2: config.DefaultLogoutURLV2, + defaultAccessTokenLifetime: config.DefaultAccessTokenLifetime, + defaultIdTokenLifetime: config.DefaultIdTokenLifetime, + fallbackLogger: fallbackLogger, + hashAlg: crypto.NewBCrypt(10), // as we are only verifying in oidc, the cost is already part of the hash string and the config here is irrelevant. + signingKeyAlgorithm: config.SigningKeyAlgorithm, + assetAPIPrefix: assets.AssetAPI(externalSecure), } metricTypes := []metrics.MetricType{metrics.MetricTypeRequestCount, metrics.MetricTypeStatusCode, metrics.MetricTypeTotalCount} server.Handler = op.RegisterLegacyServer(server, op.WithHTTPMiddleware( @@ -167,10 +169,6 @@ func ignoredQuotaLimitEndpoint(endpoints *EndpointConfig) []string { } func createOPConfig(config Config, defaultLogoutRedirectURI string, cryptoKey []byte) (*op.Config, error) { - supportedLanguages, err := getSupportedLanguages() - if err != nil { - return nil, err - } opConfig := &op.Config{ DefaultLogoutRedirectURI: defaultLogoutRedirectURI, CodeMethodS256: config.CodeMethodS256, @@ -178,11 +176,10 @@ func createOPConfig(config Config, defaultLogoutRedirectURI string, cryptoKey [] AuthMethodPrivateKeyJWT: config.AuthMethodPrivateKeyJWT, GrantTypeRefreshToken: config.GrantTypeRefreshToken, RequestObjectSupported: config.RequestObjectSupported, - SupportedUILocales: supportedLanguages, DeviceAuthorization: config.DeviceAuth.toOPConfig(), } if cryptoLength := len(cryptoKey); cryptoLength != 32 { - return nil, caos_errs.ThrowInternalf(nil, "OIDC-D43gf", "crypto key must be 32 bytes, but is %d", cryptoLength) + return nil, zerrors.ThrowInternalf(nil, "OIDC-D43gf", "crypto key must be 32 bytes, but is %d", cryptoLength) } copy(opConfig.CryptoKey[:], cryptoKey) return opConfig, nil @@ -211,11 +208,3 @@ func newStorage(config Config, command *command.Commands, query *query.Queries, func (o *OPStorage) Health(ctx context.Context) error { return o.repo.Health(ctx) } - -func getSupportedLanguages() ([]language.Tag, error) { - statikLoginFS, err := fs.NewWithNamespace("login") - if err != nil { - return nil, err - } - return i18n.SupportedLanguages(statikLoginFS) -} diff --git a/internal/api/oidc/server.go b/internal/api/oidc/server.go index fe16078f34..8ba186dd7b 100644 --- a/internal/api/oidc/server.go +++ b/internal/api/oidc/server.go @@ -3,6 +3,7 @@ package oidc import ( "context" "net/http" + "time" "github.com/zitadel/logging" "github.com/zitadel/oidc/v3/pkg/oidc" @@ -12,6 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/auth/repository" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" ) @@ -26,6 +28,12 @@ type Server struct { command *command.Commands keySet *keySetCache + defaultLoginURL string + defaultLoginURLV2 string + defaultLogoutURLV2 string + defaultAccessTokenLifetime time.Duration + defaultIdTokenLifetime time.Duration + fallbackLogger *slog.Logger hashAlg crypto.HashAlgorithm signingKeyAlgorithm string @@ -103,8 +111,15 @@ func (s *Server) Ready(ctx context.Context, r *op.Request[struct{}]) (_ *op.Resp func (s *Server) Discovery(ctx context.Context, r *op.Request[struct{}]) (_ *op.Response, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - - return op.NewResponse(s.createDiscoveryConfig(ctx)), nil + restrictions, err := s.query.GetInstanceRestrictions(ctx) + if err != nil { + return nil, err + } + allowedLanguages := restrictions.AllowedLanguages + if len(allowedLanguages) == 0 { + allowedLanguages = i18n.SupportedLanguages() + } + return op.NewResponse(s.createDiscoveryConfig(ctx, allowedLanguages)), nil } func (s *Server) Keys(ctx context.Context, r *op.Request[struct{}]) (_ *op.Response, err error) { @@ -135,13 +150,6 @@ func (s *Server) DeviceAuthorization(ctx context.Context, r *op.ClientRequest[oi return s.LegacyServer.DeviceAuthorization(ctx, r) } -func (s *Server) VerifyClient(ctx context.Context, r *op.Request[op.ClientCredentials]) (_ op.Client, err error) { - ctx, span := tracing.NewSpan(ctx) - defer func() { span.EndWithError(err) }() - - return s.LegacyServer.VerifyClient(ctx, r) -} - func (s *Server) CodeExchange(ctx context.Context, r *op.ClientRequest[oidc.AccessTokenRequest]) (_ *op.Response, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() @@ -205,7 +213,7 @@ func (s *Server) EndSession(ctx context.Context, r *op.Request[oidc.EndSessionRe return s.LegacyServer.EndSession(ctx, r) } -func (s *Server) createDiscoveryConfig(ctx context.Context) *oidc.DiscoveryConfiguration { +func (s *Server) createDiscoveryConfig(ctx context.Context, supportedUILocales oidc.Locales) *oidc.DiscoveryConfiguration { issuer := op.IssuerFromContext(ctx) return &oidc.DiscoveryConfiguration{ Issuer: issuer, @@ -231,7 +239,7 @@ func (s *Server) createDiscoveryConfig(ctx context.Context) *oidc.DiscoveryConfi RevocationEndpointAuthMethodsSupported: op.AuthMethodsRevocationEndpoint(s.Provider()), ClaimsSupported: op.SupportedClaims(s.Provider()), CodeChallengeMethodsSupported: op.CodeChallengeMethods(s.Provider()), - UILocalesSupported: s.Provider().SupportedUILocales(), + UILocalesSupported: supportedUILocales, RequestParameterSupported: s.Provider().RequestObjectSupported(), } } diff --git a/internal/api/oidc/server_test.go b/internal/api/oidc/server_test.go index d7f258d0d2..c42c11d195 100644 --- a/internal/api/oidc/server_test.go +++ b/internal/api/oidc/server_test.go @@ -16,7 +16,8 @@ func TestServer_createDiscoveryConfig(t *testing.T) { signingKeyAlgorithm string } type args struct { - ctx context.Context + ctx context.Context + supportedUILocales []language.Tag } tests := []struct { name string @@ -36,7 +37,6 @@ func TestServer_createDiscoveryConfig(t *testing.T) { AuthMethodPrivateKeyJWT: true, GrantTypeRefreshToken: true, RequestObjectSupported: true, - SupportedUILocales: []language.Tag{language.English, language.German}, }, nil, ) @@ -56,7 +56,8 @@ func TestServer_createDiscoveryConfig(t *testing.T) { signingKeyAlgorithm: "RS256", }, args{ - ctx: op.ContextWithIssuer(context.Background(), "https://issuer.com"), + ctx: op.ContextWithIssuer(context.Background(), "https://issuer.com"), + supportedUILocales: []language.Tag{language.English, language.German}, }, &oidc.DiscoveryConfiguration{ Issuer: "https://issuer.com", @@ -113,7 +114,7 @@ func TestServer_createDiscoveryConfig(t *testing.T) { LegacyServer: tt.fields.LegacyServer, signingKeyAlgorithm: tt.fields.signingKeyAlgorithm, } - assert.Equalf(t, tt.want, s.createDiscoveryConfig(tt.args.ctx), "createDiscoveryConfig(%v)", tt.args.ctx) + assert.Equalf(t, tt.want, s.createDiscoveryConfig(tt.args.ctx, tt.args.supportedUILocales), "createDiscoveryConfig(%v)", tt.args.ctx) }) } } diff --git a/internal/api/saml/auth_request_converter.go b/internal/api/saml/auth_request_converter.go index 28f2a3c548..cf4450f857 100644 --- a/internal/api/saml/auth_request_converter.go +++ b/internal/api/saml/auth_request_converter.go @@ -9,7 +9,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ models.AuthRequestInt = &AuthRequest{} @@ -66,7 +66,7 @@ func (a *AuthRequest) GetUserName() string { func AuthRequestFromBusiness(authReq *domain.AuthRequest) (_ models.AuthRequestInt, err error) { if _, ok := authReq.Request.(*domain.AuthRequestSAML); !ok { - return nil, errors.ThrowInvalidArgument(nil, "SAML-Hbz7A", "auth request is not of type saml") + return nil, zerrors.ThrowInvalidArgument(nil, "SAML-Hbz7A", "auth request is not of type saml") } return &AuthRequest{authReq}, nil } diff --git a/internal/api/saml/certificate.go b/internal/api/saml/certificate.go index 6dd02e1bc2..1dd6a7407f 100644 --- a/internal/api/saml/certificate.go +++ b/internal/api/saml/certificate.go @@ -12,11 +12,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/keypair" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -60,7 +60,7 @@ func (p *Storage) GetCertificateAndKey(ctx context.Context, usage domain.KeyUsag return err } if certAndKey == nil { - return errors.ThrowInternal(err, "SAML-8u01nks", "no certificate found") + return zerrors.ThrowInternal(err, "SAML-8u01nks", "no certificate found") } return nil }) @@ -120,7 +120,7 @@ func (p *Storage) lockAndGenerateCertificateAndKey(ctx context.Context, usage do errs := p.locker.Lock(ctx, lockDuration, authz.GetInstance(ctx).InstanceID()) err, ok := <-errs if err != nil || !ok { - if errors.IsErrorAlreadyExists(err) { + if zerrors.IsErrorAlreadyExists(err) { return nil } logging.OnError(err).Debug("initial lock failed") diff --git a/internal/api/saml/storage.go b/internal/api/saml/storage.go index afcc06d984..54378bb91b 100644 --- a/internal/api/saml/storage.go +++ b/internal/api/saml/storage.go @@ -21,11 +21,11 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/crdb" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ provider.EntityStorage = &Storage{} @@ -60,7 +60,7 @@ func (p *Storage) GetEntityByID(ctx context.Context, entityID string) (*servicep return nil, err } if app.State != domain.AppStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "SAML-sdaGg", "app is not active") + return nil, zerrors.ThrowPreconditionFailed(nil, "SAML-sdaGg", "app is not active") } return serviceprovider.NewServiceProvider( app.ID, @@ -77,7 +77,7 @@ func (p *Storage) GetEntityIDByAppID(ctx context.Context, appID string) (string, return "", err } if app.State != domain.AppStateActive { - return "", errors.ThrowPreconditionFailed(nil, "SAML-sdaGg", "app is not active") + return "", zerrors.ThrowPreconditionFailed(nil, "SAML-sdaGg", "app is not active") } return app.SAMLConfig.EntityID, nil } @@ -103,7 +103,7 @@ func (p *Storage) CreateAuthRequest(ctx context.Context, req *samlp.AuthnRequest defer func() { span.EndWithError(err) }() userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - return nil, errors.ThrowPreconditionFailed(nil, "SAML-sd436", "no user agent id") + return nil, zerrors.ThrowPreconditionFailed(nil, "SAML-sd436", "no user agent id") } authRequest := CreateAuthRequestToBusiness(ctx, req, acsUrl, protocolBinding, applicationID, relayState, userAgentID) @@ -121,7 +121,7 @@ func (p *Storage) AuthRequestByID(ctx context.Context, id string) (_ models.Auth defer func() { span.EndWithError(err) }() userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - return nil, errors.ThrowPreconditionFailed(nil, "SAML-D3g21", "no user agent id") + return nil, zerrors.ThrowPreconditionFailed(nil, "SAML-D3g21", "no user agent id") } resp, err := p.repo.AuthRequestByIDCheckLoggedIn(ctx, id, userAgentID) if err != nil { diff --git a/internal/api/ui/login/change_password_handler.go b/internal/api/ui/login/change_password_handler.go index 08eb8badeb..ecbbf41028 100644 --- a/internal/api/ui/login/change_password_handler.go +++ b/internal/api/ui/login/change_password_handler.go @@ -4,8 +4,6 @@ import ( "net/http" "github.com/zitadel/zitadel/internal/domain" - - http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" ) const ( @@ -26,8 +24,7 @@ func (l *Login) handleChangePassword(w http.ResponseWriter, r *http.Request) { l.renderError(w, r, authReq, err) return } - userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) - _, err = l.command.ChangePassword(setContext(r.Context(), authReq.UserOrgID), authReq.UserOrgID, authReq.UserID, data.OldPassword, data.NewPassword, userAgentID) + _, err = l.command.ChangePassword(setContext(r.Context(), authReq.UserOrgID), authReq.UserOrgID, authReq.UserID, data.OldPassword, data.NewPassword) if err != nil { l.renderChangePassword(w, r, authReq, err) return @@ -36,13 +33,13 @@ func (l *Login) handleChangePassword(w http.ResponseWriter, r *http.Request) { } func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) { - var errID, errMessage string + var errType, errMessage string if err != nil { - errID, errMessage = l.getErrorMessage(r, err) + errType, errMessage = l.getErrorMessage(r, err) } translator := l.getTranslator(r.Context(), authReq) data := passwordData{ - baseData: l.getBaseData(r, authReq, "PasswordChange.Title", "PasswordChange.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "PasswordChange.Title", "PasswordChange.Description", errType, errMessage), profileData: l.getProfileData(authReq), } policy := l.getPasswordComplexityPolicy(r, authReq.UserOrgID) @@ -65,8 +62,7 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut } func (l *Login) renderChangePasswordDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { - var errType, errMessage string translator := l.getTranslator(r.Context(), authReq) - data := l.getUserData(r, authReq, "PasswordChange.Title", "PasswordChange.Description", errType, errMessage) + data := l.getUserData(r, authReq, translator, "PasswordChange.Title", "PasswordChange.Description", "", "") l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangePasswordDone], data, nil) } diff --git a/internal/api/ui/login/device_auth.go b/internal/api/ui/login/device_auth.go index e2322ee04f..2135772e48 100644 --- a/internal/api/ui/login/device_auth.go +++ b/internal/api/ui/login/device_auth.go @@ -1,7 +1,7 @@ package login import ( - errs "errors" + "errors" "fmt" "net/http" "net/url" @@ -14,7 +14,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -28,13 +28,13 @@ func (l *Login) renderDeviceAuthUserCode(w http.ResponseWriter, r *http.Request, logging.WithError(err).Error() errID, errMessage = l.getErrorMessage(r, err) } - - data := l.getBaseData(r, nil, "DeviceAuth.Title", "DeviceAuth.UserCode.Description", errID, errMessage) translator := l.getTranslator(r.Context(), nil) + data := l.getBaseData(r, nil, translator, "DeviceAuth.Title", "DeviceAuth.UserCode.Description", errID, errMessage) l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplDeviceAuthUserCode], data, nil) } func (l *Login) renderDeviceAuthAction(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, scopes []string) { + translator := l.getTranslator(r.Context(), authReq) data := &struct { baseData AuthRequestID string @@ -42,14 +42,13 @@ func (l *Login) renderDeviceAuthAction(w http.ResponseWriter, r *http.Request, a ClientID string Scopes []string }{ - baseData: l.getBaseData(r, authReq, "DeviceAuth.Title", "DeviceAuth.Action.Description", "", ""), + baseData: l.getBaseData(r, authReq, translator, "DeviceAuth.Title", "DeviceAuth.Action.Description", "", ""), AuthRequestID: authReq.ID, Username: authReq.UserName, ClientID: authReq.ApplicationID, Scopes: scopes, } - translator := l.getTranslator(r.Context(), authReq) l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplDeviceAuthAction], data, nil) } @@ -60,14 +59,13 @@ const ( // renderDeviceAuthDone renders success.html when the action was allowed and error.html when it was denied. func (l *Login) renderDeviceAuthDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, action string) { + translator := l.getTranslator(r.Context(), authReq) data := &struct { baseData Message string }{ - baseData: l.getBaseData(r, authReq, "DeviceAuth.Title", "DeviceAuth.Done.Description", "", ""), + baseData: l.getBaseData(r, authReq, translator, "DeviceAuth.Title", "DeviceAuth.Done.Description", "", ""), } - - translator := l.getTranslator(r.Context(), authReq) switch action { case deviceAuthAllowed: data.Message = translator.LocalizeFromRequest(r, "DeviceAuth.Done.Approved", nil) @@ -97,32 +95,27 @@ func (l *Login) handleDeviceAuthUserCode(w http.ResponseWriter, r *http.Request) userCode := r.Form.Get("user_code") if userCode == "" { if prompt, _ := url.QueryUnescape(r.Form.Get("prompt")); prompt != "" { - err = errs.New(prompt) + err = errors.New(prompt) } l.renderDeviceAuthUserCode(w, r, err) return } - deviceAuth, err := l.query.DeviceAuthByUserCode(ctx, userCode) + deviceAuthReq, err := l.query.DeviceAuthRequestByUserCode(ctx, userCode) if err != nil { l.renderDeviceAuthUserCode(w, r, err) return } userAgentID, ok := middleware.UserAgentIDFromCtx(ctx) if !ok { - l.renderDeviceAuthUserCode(w, r, errs.New("internal error: agent ID missing")) + l.renderDeviceAuthUserCode(w, r, errors.New("internal error: agent ID missing")) return } authRequest, err := l.authRepo.CreateAuthRequest(ctx, &domain.AuthRequest{ CreationDate: time.Now(), AgentID: userAgentID, - ApplicationID: deviceAuth.ClientID, + ApplicationID: deviceAuthReq.ClientID, InstanceID: authz.GetInstance(ctx).InstanceID(), - Request: &domain.AuthRequestDevice{ - ID: deviceAuth.AggregateID, - DeviceCode: deviceAuth.DeviceCode, - UserCode: deviceAuth.UserCode, - Scopes: deviceAuth.Scopes, - }, + Request: deviceAuthReq, }) if err != nil { l.renderDeviceAuthUserCode(w, r, err) @@ -153,7 +146,7 @@ func (l *Login) redirectDeviceAuthStart(w http.ResponseWriter, r *http.Request, func (l *Login) handleDeviceAuthAction(w http.ResponseWriter, r *http.Request) { authReq, err := l.getAuthRequest(r) if authReq == nil { - err = errors.ThrowInvalidArgument(err, "LOGIN-OLah8", "invalid or missing auth request") + err = zerrors.ThrowInvalidArgument(err, "LOGIN-OLah8", "invalid or missing auth request") l.redirectDeviceAuthStart(w, r, err.Error()) return } @@ -170,9 +163,9 @@ func (l *Login) handleDeviceAuthAction(w http.ResponseWriter, r *http.Request) { action := mux.Vars(r)["action"] switch action { case deviceAuthAllowed: - _, err = l.command.ApproveDeviceAuth(r.Context(), authDev.ID, authReq.UserID) + _, err = l.command.ApproveDeviceAuth(r.Context(), authDev.DeviceCode, authReq.UserID, authReq.UserAuthMethodTypes(), authReq.AuthTime) case deviceAuthDenied: - _, err = l.command.CancelDeviceAuth(r.Context(), authDev.ID, domain.DeviceAuthCanceledDenied) + _, err = l.command.CancelDeviceAuth(r.Context(), authDev.DeviceCode, domain.DeviceAuthCanceledDenied) default: l.renderDeviceAuthAction(w, r, authReq, authDev.Scopes) return diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go index 3bab7b90e6..532bd69e20 100644 --- a/internal/api/ui/login/external_provider_handler.go +++ b/internal/api/ui/login/external_provider_handler.go @@ -17,7 +17,6 @@ import ( http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp/providers/apple" @@ -32,6 +31,7 @@ import ( "github.com/zitadel/zitadel/internal/idp/providers/saml" "github.com/zitadel/zitadel/internal/idp/providers/saml/requesttracker" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -106,7 +106,7 @@ func (l *Login) handleExternalLoginStep(w http.ResponseWriter, r *http.Request, return } } - l.renderLogin(w, r, authReq, errors.ThrowInvalidArgument(nil, "VIEW-Fsj7f", "Errors.User.ExternalIDP.NotAllowed")) + l.renderLogin(w, r, authReq, zerrors.ThrowInvalidArgument(nil, "VIEW-Fsj7f", "Errors.User.ExternalIDP.NotAllowed")) } // handleExternalLogin is called when a user selects the idp on the login page @@ -179,7 +179,7 @@ func (l *Login) handleIDP(w http.ResponseWriter, r *http.Request, authReq *domai case domain.IDPTypeUnspecified: fallthrough default: - l.renderLogin(w, r, authReq, errors.ThrowInvalidArgument(nil, "LOGIN-AShek", "Errors.ExternalIDP.IDPTypeNotImplemented")) + l.renderLogin(w, r, authReq, zerrors.ThrowInvalidArgument(nil, "LOGIN-AShek", "Errors.ExternalIDP.IDPTypeNotImplemented")) return } if err != nil { @@ -330,7 +330,7 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque domain.IDPTypeUnspecified: fallthrough default: - l.renderLogin(w, r, authReq, errors.ThrowInvalidArgument(nil, "LOGIN-SFefg", "Errors.ExternalIDP.IDPTypeNotImplemented")) + l.renderLogin(w, r, authReq, zerrors.ThrowInvalidArgument(nil, "LOGIN-SFefg", "Errors.ExternalIDP.IDPTypeNotImplemented")) return } @@ -365,7 +365,7 @@ func (l *Login) migrateExternalUserID(r *http.Request, authReq *domain.AuthReque // always reset to the mapped ID externalUser.ExternalUserID = externalUserID // but ignore the error if the user was just not found with the previousID - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return false, nil } return false, err @@ -382,7 +382,7 @@ func (l *Login) migrateExternalUserID(r *http.Request, authReq *domain.AuthReque return previousIDMatched, l.command.MigrateUserIDP(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, externalUser.IDPConfigID, previousID, externalUserID) } -// handleExternalUserAuthenticated maps the IDP user, checks for a corresponding externalID +// handleExternalUserAuthenticated maps the IDP user, checks for a corresponding externalID and that the IDP is allowed func (l *Login) handleExternalUserAuthenticated( w http.ResponseWriter, r *http.Request, @@ -393,13 +393,18 @@ func (l *Login) handleExternalUserAuthenticated( callback func(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest), ) { externalUser := mapIDPUserToExternalUser(user, provider.ID) + // ensure the linked IDP is added to the login policy + if err := l.authRepo.SelectExternalIDP(r.Context(), authReq.ID, provider.ID, authReq.AgentID); err != nil { + l.renderError(w, r, authReq, err) + return + } // check and fill in local linked user externalErr := l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, externalUser, domain.BrowserInfoFromRequest(r), false) - if externalErr != nil && !errors.IsNotFound(externalErr) { + if externalErr != nil && !zerrors.IsNotFound(externalErr) { l.renderError(w, r, authReq, externalErr) return } - if externalErr != nil && errors.IsNotFound(externalErr) { + if externalErr != nil && zerrors.IsNotFound(externalErr) { previousIDMatched, err := l.tryMigrateExternalUserID(r, session, authReq, externalUser) if err != nil { l.renderError(w, r, authReq, err) @@ -423,7 +428,7 @@ func (l *Login) handleExternalUserAuthenticated( return } // if action is done and no user linked then link or register - if errors.IsNotFound(externalErr) { + if zerrors.IsNotFound(externalErr) { l.externalUserNotExisting(w, r, authReq, provider, externalUser, externalUserChange) return } @@ -489,7 +494,7 @@ func (l *Login) externalUserNotExisting(w http.ResponseWriter, r *http.Request, // autoCreateExternalUser takes the externalUser and creates it automatically (without user interaction) func (l *Login) autoCreateExternalUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { if len(authReq.LinkingUsers) == 0 { - l.renderError(w, r, authReq, errors.ThrowPreconditionFailed(nil, "LOGIN-asfg3", "Errors.ExternalIDP.NoExternalUserData")) + l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "LOGIN-asfg3", "Errors.ExternalIDP.NoExternalUserData")) return } @@ -549,7 +554,7 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ translator := l.getTranslator(r.Context(), authReq) data := externalNotFoundOptionData{ - baseData: l.getBaseData(r, authReq, "ExternalNotFound.Title", "ExternalNotFound.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "ExternalNotFound.Title", "ExternalNotFound.Description", errID, errMessage), externalNotFoundOptionFormData: externalNotFoundOptionFormData{ externalRegisterFormData: externalRegisterFormData{ Email: human.EmailAddress, @@ -613,7 +618,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http // if the user selects the linking button if data.Link { if !idpTemplate.IsLinkingAllowed { - l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, errors.ThrowPreconditionFailed(nil, "LOGIN-AS3ff", "Errors.ExternalIDP.LinkingNotAllowed")) + l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, zerrors.ThrowPreconditionFailed(nil, "LOGIN-AS3ff", "Errors.ExternalIDP.LinkingNotAllowed")) return } l.renderLogin(w, r, authReq, nil) @@ -621,7 +626,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http } // if the user selects the creation button if !idpTemplate.IsCreationAllowed { - l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, errors.ThrowPreconditionFailed(nil, "LOGIN-dsfd3", "Errors.ExternalIDP.CreationNotAllowed")) + l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, zerrors.ThrowPreconditionFailed(nil, "LOGIN-dsfd3", "Errors.ExternalIDP.CreationNotAllowed")) return } linkingUser := mapExternalNotFoundOptionFormDataToLoginUser(data) @@ -682,7 +687,7 @@ func (l *Login) updateExternalUser(ctx context.Context, authReq *domain.AuthRequ return err } if user.Human == nil { - return errors.ThrowPreconditionFailed(nil, "LOGIN-WLTce", "Errors.User.NotHuman") + return zerrors.ThrowPreconditionFailed(nil, "LOGIN-WLTce", "Errors.User.NotHuman") } err = l.updateExternalUserEmail(ctx, user, externalUser) logging.WithFields("authReq", authReq.ID, "user", authReq.UserID).OnError(err).Error("unable to update email") @@ -693,6 +698,9 @@ func (l *Login) updateExternalUser(ctx context.Context, authReq *domain.AuthRequ err = l.updateExternalUserProfile(ctx, user, externalUser) logging.WithFields("authReq", authReq.ID, "user", authReq.UserID).OnError(err).Error("unable to update profile") + err = l.updateExternalUsername(ctx, user, externalUser) + logging.WithFields("authReq", authReq.ID, "user", authReq.UserID).OnError(err).Error("unable to update external username") + return nil } @@ -757,6 +765,36 @@ func (l *Login) updateExternalUserProfile(ctx context.Context, user *query.User, return err } +func (l *Login) updateExternalUsername(ctx context.Context, user *query.User, externalUser *domain.ExternalUser) error { + externalIDQuery, err := query.NewIDPUserLinksExternalIDSearchQuery(externalUser.ExternalUserID) + if err != nil { + return err + } + idpIDQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(externalUser.IDPConfigID) + if err != nil { + return err + } + userIDQuery, err := query.NewIDPUserLinksUserIDSearchQuery(user.ID) + if err != nil { + return err + } + links, err := l.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{externalIDQuery, idpIDQuery, userIDQuery}}, false) + if err != nil || len(links.Links) == 0 { + return err + } + if links.Links[0].ProvidedUsername == externalUser.PreferredUsername { + return nil + } + return l.command.UpdateUserIDPLinkUsername( + setContext(ctx, user.ResourceOwner), + user.ID, + user.ResourceOwner, + externalUser.IDPConfigID, + externalUser.ExternalUserID, + externalUser.PreferredUsername, + ) +} + func hasEmailChanged(user *query.User, externalUser *domain.ExternalUser) bool { externalUser.Email = externalUser.Email.Normalize() if externalUser.Email == "" { diff --git a/internal/api/ui/login/init_password_handler.go b/internal/api/ui/login/init_password_handler.go index b0d9c686bc..c0af8880a2 100644 --- a/internal/api/ui/login/init_password_handler.go +++ b/internal/api/ui/login/init_password_handler.go @@ -4,9 +4,8 @@ import ( "fmt" "net/http" - http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -64,7 +63,7 @@ func (l *Login) handleInitPasswordCheck(w http.ResponseWriter, r *http.Request) func (l *Login) checkPWCode(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *initPasswordFormData) { if data.Password != data.PasswordConfirm { - err := errors.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") + err := zerrors.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") l.renderInitPassword(w, r, authReq, data.UserID, data.Code, err) return } @@ -72,8 +71,7 @@ func (l *Login) checkPWCode(w http.ResponseWriter, r *http.Request, authReq *dom if authReq != nil { userOrg = authReq.UserOrgID } - userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) - _, err := l.command.SetPasswordWithVerifyCode(setContext(r.Context(), userOrg), userOrg, data.UserID, data.Code, data.Password, userAgentID) + _, err := l.command.SetPasswordWithVerifyCode(setContext(r.Context(), userOrg), userOrg, data.UserID, data.Code, data.Password) if err != nil { l.renderInitPassword(w, r, authReq, data.UserID, "", err) return @@ -83,7 +81,7 @@ func (l *Login) checkPWCode(w http.ResponseWriter, r *http.Request, authReq *dom func (l *Login) resendPasswordSet(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { if authReq == nil { - l.renderError(w, r, nil, errors.ThrowInternal(nil, "LOGIN-8sn7s", "Errors.AuthRequest.NotFound")) + l.renderError(w, r, nil, zerrors.ThrowInternal(nil, "LOGIN-8sn7s", "Errors.AuthRequest.NotFound")) return } userOrg := login @@ -116,7 +114,7 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR translator := l.getTranslator(r.Context(), authReq) data := initPasswordData{ - baseData: l.getBaseData(r, authReq, "InitPassword.Title", "InitPassword.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "InitPassword.Title", "InitPassword.Description", errID, errMessage), profileData: l.getProfileData(authReq), UserID: userID, Code: code, @@ -147,8 +145,8 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR } func (l *Login) renderInitPasswordDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) { - data := l.getUserData(r, authReq, "InitPasswordDone.Title", "InitPasswordDone.Description", "", "") translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "InitPasswordDone.Title", "InitPasswordDone.Description", "", "") if authReq == nil { l.customTexts(r.Context(), translator, orgID) } diff --git a/internal/api/ui/login/init_user_handler.go b/internal/api/ui/login/init_user_handler.go index df2f940d6a..f88480a5be 100644 --- a/internal/api/ui/login/init_user_handler.go +++ b/internal/api/ui/login/init_user_handler.go @@ -6,7 +6,7 @@ import ( "strconv" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -72,7 +72,7 @@ func (l *Login) handleInitUserCheck(w http.ResponseWriter, r *http.Request) { func (l *Login) checkUserInitCode(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *initUserFormData, err error) { if data.Password != data.PasswordConfirm { - err := caos_errs.ThrowInvalidArgument(nil, "VIEW-fsdfd", "Errors.User.Password.ConfirmationWrong") + err := zerrors.ThrowInvalidArgument(nil, "VIEW-fsdfd", "Errors.User.Password.ConfirmationWrong") l.renderInitUser(w, r, authReq, data.UserID, data.LoginName, data.Code, data.PasswordSet, err) return } @@ -118,7 +118,7 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq * translator := l.getTranslator(r.Context(), authReq) data := initUserData{ - baseData: l.getBaseData(r, authReq, "InitUser.Title", "InitUser.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "InitUser.Title", "InitUser.Description", errID, errMessage), profileData: l.getProfileData(authReq), UserID: userID, Code: code, @@ -155,8 +155,8 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq * } func (l *Login) renderInitUserDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) { - data := l.getUserData(r, authReq, "InitUserDone.Title", "InitUserDone.Description", "", "") translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "InitUserDone.Title", "InitUserDone.Description", "", "") if authReq == nil { l.customTexts(r.Context(), translator, orgID) } diff --git a/internal/api/ui/login/jwt_handler.go b/internal/api/ui/login/jwt_handler.go index aa7a4466dc..7c643e9a43 100644 --- a/internal/api/ui/login/jwt_handler.go +++ b/internal/api/ui/login/jwt_handler.go @@ -13,9 +13,9 @@ import ( http_util "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/idp/providers/jwt" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) type jwtRequest struct { @@ -31,7 +31,7 @@ func (l *Login) handleJWTRequest(w http.ResponseWriter, r *http.Request) { return } if data.AuthRequestID == "" || data.UserAgentID == "" { - l.renderError(w, r, nil, errors.ThrowInvalidArgument(nil, "LOGIN-adfzz", "Errors.AuthRequest.MissingParameters")) + l.renderError(w, r, nil, zerrors.ThrowInvalidArgument(nil, "LOGIN-adfzz", "Errors.AuthRequest.MissingParameters")) return } id, err := base64.RawURLEncoding.DecodeString(data.UserAgentID) @@ -158,7 +158,7 @@ func getToken(r *http.Request, headerName string) (string, error) { } auth := r.Header.Get(headerName) if auth == "" { - return "", errors.ThrowInvalidArgument(nil, "LOGIN-adh42", "Errors.AuthRequest.TokenNotFound") + return "", zerrors.ThrowInvalidArgument(nil, "LOGIN-adh42", "Errors.AuthRequest.TokenNotFound") } return strings.TrimPrefix(auth, oidc.PrefixBearer), nil } diff --git a/internal/api/ui/login/ldap_handler.go b/internal/api/ui/login/ldap_handler.go index 3ec49f4a7f..93590458f6 100644 --- a/internal/api/ui/login/ldap_handler.go +++ b/internal/api/ui/login/ldap_handler.go @@ -35,8 +35,9 @@ func (l *Login) renderLDAPLogin(w http.ResponseWriter, r *http.Request, authReq errID, errMessage = l.getErrorMessage(r, err) } temp := l.renderer.Templates[tmplLDAPLogin] - data := l.getUserData(r, authReq, "Login.Title", "Login.Description", errID, errMessage) - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), temp, data, nil) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "Login.Title", "Login.Description", errID, errMessage) + l.renderer.RenderTemplate(w, r, translator, temp, data, nil) } func (l *Login) handleLDAPCallback(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/link_users_handler.go b/internal/api/ui/login/link_users_handler.go index 09d42e91ec..1952ed1213 100644 --- a/internal/api/ui/login/link_users_handler.go +++ b/internal/api/ui/login/link_users_handler.go @@ -19,6 +19,7 @@ func (l *Login) linkUsers(w http.ResponseWriter, r *http.Request, authReq *domai func (l *Login) renderLinkUsersDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) { var errType, errMessage string - data := l.getUserData(r, authReq, "LinkingUsersDone.Title", "LinkingUsersDone.Description", errType, errMessage) - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLinkUsersDone], data, nil) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "LinkingUsersDone.Title", "LinkingUsersDone.Description", errType, errMessage) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplLinkUsersDone], data, nil) } diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go index dc8e834fcd..71bba44d5d 100644 --- a/internal/api/ui/login/login.go +++ b/internal/api/ui/login/login.go @@ -2,15 +2,12 @@ package login import ( "context" - "fmt" "net/http" "strings" "time" "github.com/gorilla/csrf" "github.com/gorilla/mux" - "github.com/rakyll/statik/fs" - "github.com/zitadel/zitadel/feature" "github.com/zitadel/zitadel/internal/api/authz" http_utils "github.com/zitadel/zitadel/internal/api/http" @@ -93,17 +90,12 @@ func CreateLogin(config Config, userCodeAlg: userCodeAlg, featureCheck: featureCheck, } - statikFS, err := fs.NewWithNamespace("login") - if err != nil { - return nil, fmt.Errorf("unable to create filesystem: %w", err) - } - csrfInterceptor := createCSRFInterceptor(config.CSRFCookieName, csrfCookieKey, externalSecure, login.csrfErrorHandler()) cacheInterceptor := createCacheInterceptor(config.Cache.MaxAge, config.Cache.SharedMaxAge, assetCache) security := middleware.SecurityHeaders(csp(), login.cspErrorHandler) - login.router = CreateRouter(login, statikFS, middleware.TelemetryHandler(IgnoreInstanceEndpoints...), oidcInstanceHandler, samlInstanceHandler, csrfInterceptor, cacheInterceptor, security, userAgentCookie, issuerInterceptor, accessHandler) - login.renderer = CreateRenderer(HandlerPrefix, statikFS, staticStorage, config.LanguageCookieName) + login.router = CreateRouter(login, middleware.TelemetryHandler(IgnoreInstanceEndpoints...), oidcInstanceHandler, samlInstanceHandler, csrfInterceptor, cacheInterceptor, security, userAgentCookie, issuerInterceptor, accessHandler) + login.renderer = CreateRenderer(HandlerPrefix, staticStorage, config.LanguageCookieName) login.parser = form.NewParser() return login, nil } diff --git a/internal/api/ui/login/login_handler.go b/internal/api/ui/login/login_handler.go index c141600926..31f16b8555 100644 --- a/internal/api/ui/login/login_handler.go +++ b/internal/api/ui/login/login_handler.go @@ -7,7 +7,7 @@ import ( http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -77,7 +77,7 @@ func (l *Login) handleLoginNameCheck(w http.ResponseWriter, r *http.Request) { return } if authReq == nil { - l.renderLogin(w, r, nil, errors.ThrowInvalidArgument(nil, "LOGIN-adrg3", "Errors.AuthRequest.NotFound")) + l.renderLogin(w, r, nil, zerrors.ThrowInvalidArgument(nil, "LOGIN-adrg3", "Errors.AuthRequest.NotFound")) return } userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) @@ -99,7 +99,8 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom l.handleIDP(w, r, authReq, authReq.AllowedExternalIDPs[0].IDPConfigID) return } - data := l.getUserData(r, authReq, "Login.Title", "Login.Description", errID, errMessage) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "Login.Title", "Login.Description", errID, errMessage) funcs := map[string]interface{}{ "hasUsernamePasswordLogin": func() bool { return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword @@ -111,7 +112,7 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowRegister }, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLogin], data, funcs) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplLogin], data, funcs) } func singleIDPAllowed(authReq *domain.AuthRequest) bool { diff --git a/internal/api/ui/login/login_success_handler.go b/internal/api/ui/login/login_success_handler.go index f05ee48185..00f29becfd 100644 --- a/internal/api/ui/login/login_success_handler.go +++ b/internal/api/ui/login/login_success_handler.go @@ -5,7 +5,7 @@ import ( "net/http" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -41,8 +41,9 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request, if err != nil { errID, errMessage = l.getErrorMessage(r, err) } + translator := l.getTranslator(r.Context(), authReq) data := loginSuccessData{ - userData: l.getUserData(r, authReq, "LoginSuccess.Title", "", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "LoginSuccess.Title", "", errID, errMessage), } if authReq != nil { data.RedirectURI, err = l.authRequestCallback(r.Context(), authReq) @@ -51,7 +52,7 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request, return } } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLoginSuccess], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplLoginSuccess], data, nil) } func (l *Login) redirectToCallback(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { @@ -72,6 +73,6 @@ func (l *Login) authRequestCallback(ctx context.Context, authReq *domain.AuthReq case *domain.AuthRequestDevice: return l.deviceAuthCallbackURL(authReq.ID), nil default: - return "", caos_errs.ThrowInternal(nil, "LOGIN-rhjQF", "Errors.AuthRequest.RequestTypeNotSupported") + return "", zerrors.ThrowInternal(nil, "LOGIN-rhjQF", "Errors.AuthRequest.RequestTypeNotSupported") } } diff --git a/internal/api/ui/login/logout_handler.go b/internal/api/ui/login/logout_handler.go index 2146d47e49..e270cd5541 100644 --- a/internal/api/ui/login/logout_handler.go +++ b/internal/api/ui/login/logout_handler.go @@ -13,6 +13,7 @@ func (l *Login) handleLogoutDone(w http.ResponseWriter, r *http.Request) { } func (l *Login) renderLogoutDone(w http.ResponseWriter, r *http.Request) { - data := l.getUserData(r, nil, "LogoutDone.Title", "LogoutDone.Description", "", "") - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), nil), l.renderer.Templates[tmplLogoutDone], data, nil) + translator := l.getTranslator(r.Context(), nil) + data := l.getUserData(r, nil, translator, "LogoutDone.Title", "LogoutDone.Description", "", "") + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplLogoutDone], data, nil) } diff --git a/internal/api/ui/login/mail_verify_handler.go b/internal/api/ui/login/mail_verify_handler.go index bfcb322fa2..50f03df811 100644 --- a/internal/api/ui/login/mail_verify_handler.go +++ b/internal/api/ui/login/mail_verify_handler.go @@ -95,7 +95,7 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a translator := l.getTranslator(r.Context(), authReq) data := mailVerificationData{ - baseData: l.getBaseData(r, authReq, "EmailVerification.Title", "EmailVerification.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "EmailVerification.Title", "EmailVerification.Description", errID, errMessage), UserID: userID, profileData: l.getProfileData(authReq), } @@ -111,7 +111,7 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a func (l *Login) renderMailVerified(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) { translator := l.getTranslator(r.Context(), authReq) data := mailVerificationData{ - baseData: l.getBaseData(r, authReq, "EmailVerificationDone.Title", "EmailVerificationDone.Description", "", ""), + baseData: l.getBaseData(r, authReq, translator, "EmailVerificationDone.Title", "EmailVerificationDone.Description", "", ""), profileData: l.getProfileData(authReq), } if authReq == nil { diff --git a/internal/api/ui/login/mfa_init_done_handler.go b/internal/api/ui/login/mfa_init_done_handler.go index f38927d5e7..437fde29f4 100644 --- a/internal/api/ui/login/mfa_init_done_handler.go +++ b/internal/api/ui/login/mfa_init_done_handler.go @@ -16,7 +16,7 @@ type mfaInitDoneData struct { func (l *Login) renderMFAInitDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaDoneData) { var errType, errMessage string translator := l.getTranslator(r.Context(), authReq) - data.baseData = l.getBaseData(r, authReq, "InitMFADone.Title", "InitMFADone.Description", errType, errMessage) + data.baseData = l.getBaseData(r, authReq, translator, "InitMFADone.Title", "InitMFADone.Description", errType, errMessage) data.profileData = l.getProfileData(authReq) l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAInitDone], data, nil) } diff --git a/internal/api/ui/login/mfa_init_sms.go b/internal/api/ui/login/mfa_init_sms.go index 965806c90b..a947918634 100644 --- a/internal/api/ui/login/mfa_init_sms.go +++ b/internal/api/ui/login/mfa_init_sms.go @@ -57,10 +57,11 @@ func (l *Login) renderRegisterSMS(w http.ResponseWriter, r *http.Request, authRe if err != nil { errID, errMessage = l.getErrorMessage(r, err) } - data.baseData = l.getBaseData(r, authReq, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage) + translator := l.getTranslator(r.Context(), authReq) + data.baseData = l.getBaseData(r, authReq, translator, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage) data.profileData = l.getProfileData(authReq) data.MFAType = domain.MFATypeOTPSMS - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplMFASMSInit], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFASMSInit], data, nil) } // handleRegisterSMSCheck handles form submissions of the SMS registration. diff --git a/internal/api/ui/login/mfa_init_u2f.go b/internal/api/ui/login/mfa_init_u2f.go index f00b398f0e..2cd1029ee5 100644 --- a/internal/api/ui/login/mfa_init_u2f.go +++ b/internal/api/ui/login/mfa_init_u2f.go @@ -29,14 +29,15 @@ func (l *Login) renderRegisterU2F(w http.ResponseWriter, r *http.Request, authRe if u2f != nil { credentialData = base64.RawURLEncoding.EncodeToString(u2f.CredentialCreationData) } + translator := l.getTranslator(r.Context(), authReq) data := &u2fInitData{ webAuthNData: webAuthNData{ - userData: l.getUserData(r, authReq, "InitMFAU2F.Title", "InitMFAU2F.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "InitMFAU2F.Title", "InitMFAU2F.Description", errID, errMessage), CredentialCreationData: credentialData, }, MFAType: domain.MFATypeU2F, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplMFAU2FInit], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAU2FInit], data, nil) } func (l *Login) handleRegisterU2F(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/mfa_init_verify_handler.go b/internal/api/ui/login/mfa_init_verify_handler.go index e6f0749e92..5f0f0e3119 100644 --- a/internal/api/ui/login/mfa_init_verify_handler.go +++ b/internal/api/ui/login/mfa_init_verify_handler.go @@ -71,7 +71,7 @@ func (l *Login) renderMFAInitVerify(w http.ResponseWriter, r *http.Request, auth errID, errMessage = l.getErrorMessage(r, err) } translator := l.getTranslator(r.Context(), authReq) - data.baseData = l.getBaseData(r, authReq, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage) + data.baseData = l.getBaseData(r, authReq, translator, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage) data.profileData = l.getProfileData(authReq) if data.MFAType == domain.MFATypeTOTP { code, err := generateQrCode(data.totpData.Url) diff --git a/internal/api/ui/login/mfa_prompt_handler.go b/internal/api/ui/login/mfa_prompt_handler.go index 9f4e8be409..bee8df2160 100644 --- a/internal/api/ui/login/mfa_prompt_handler.go +++ b/internal/api/ui/login/mfa_prompt_handler.go @@ -4,8 +4,7 @@ import ( "net/http" "github.com/zitadel/zitadel/internal/domain" - - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -56,12 +55,12 @@ func (l *Login) renderMFAPrompt(w http.ResponseWriter, r *http.Request, authReq } translator := l.getTranslator(r.Context(), authReq) data := mfaData{ - baseData: l.getBaseData(r, authReq, "InitMFAPrompt.Title", "InitMFAPrompt.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "InitMFAPrompt.Title", "InitMFAPrompt.Description", errID, errMessage), profileData: l.getProfileData(authReq), } if mfaPromptData == nil { - l.renderError(w, r, authReq, caos_errs.ThrowPreconditionFailed(nil, "APP-XU0tj", "Errors.User.MFA.NoProviders")) + l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "APP-XU0tj", "Errors.User.MFA.NoProviders")) return } @@ -93,7 +92,7 @@ func (l *Login) handleMFACreation(w http.ResponseWriter, r *http.Request, authRe l.renderRegisterU2F(w, r, authReq, nil) return } - l.renderError(w, r, authReq, caos_errs.ThrowPreconditionFailed(nil, "APP-Or3HO", "Errors.User.MFA.NoProviders")) + l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "APP-Or3HO", "Errors.User.MFA.NoProviders")) } func (l *Login) handleTOTPCreation(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaVerifyData) { diff --git a/internal/api/ui/login/mfa_verify_handler.go b/internal/api/ui/login/mfa_verify_handler.go index addb7347fb..80f1c94e25 100644 --- a/internal/api/ui/login/mfa_verify_handler.go +++ b/internal/api/ui/login/mfa_verify_handler.go @@ -66,12 +66,12 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request, if err != nil { errID, errMessage = l.getErrorMessage(r, err) } - data := l.getUserData(r, authReq, "", "", errID, errMessage) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "", "", errID, errMessage) if verificationStep == nil { l.renderError(w, r, authReq, err) return } - translator := l.getTranslator(r.Context(), authReq) switch selectedProvider { case domain.MFATypeU2F: diff --git a/internal/api/ui/login/mfa_verify_otp_handler.go b/internal/api/ui/login/mfa_verify_otp_handler.go index 88aa37c947..297485933a 100644 --- a/internal/api/ui/login/mfa_verify_otp_handler.go +++ b/internal/api/ui/login/mfa_verify_otp_handler.go @@ -61,12 +61,13 @@ func (l *Login) renderOTPVerification(w http.ResponseWriter, r *http.Request, au if err != nil { errID, errMessage = l.getErrorMessage(r, err) } + translator := l.getTranslator(r.Context(), authReq) data := &mfaOTPData{ - userData: l.getUserData(r, authReq, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage), MFAProviders: removeSelectedProviderFromList(providers, selectedProvider), SelectedProvider: selectedProvider, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplOTPVerification], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplOTPVerification], data, nil) } // handleOTPVerificationCheck handles form submissions of the OTP verification. diff --git a/internal/api/ui/login/mfa_verify_u2f_handler.go b/internal/api/ui/login/mfa_verify_u2f_handler.go index 2fc1361b44..c6cbe359ea 100644 --- a/internal/api/ui/login/mfa_verify_u2f_handler.go +++ b/internal/api/ui/login/mfa_verify_u2f_handler.go @@ -37,15 +37,16 @@ func (l *Login) renderU2FVerification(w http.ResponseWriter, r *http.Request, au if webAuthNLogin != nil { credentialData = base64.RawURLEncoding.EncodeToString(webAuthNLogin.CredentialAssertionData) } + translator := l.getTranslator(r.Context(), authReq) data := &mfaU2FData{ webAuthNData: webAuthNData{ - userData: l.getUserData(r, authReq, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage), CredentialCreationData: credentialData, }, MFAProviders: providers, SelectedProvider: -1, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplU2FVerification], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplU2FVerification], data, nil) } func (l *Login) handleU2FVerification(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/password_handler.go b/internal/api/ui/login/password_handler.go index 9e448842e9..28baf4a1e1 100644 --- a/internal/api/ui/login/password_handler.go +++ b/internal/api/ui/login/password_handler.go @@ -19,7 +19,8 @@ func (l *Login) renderPassword(w http.ResponseWriter, r *http.Request, authReq * if err != nil { errID, errMessage = l.getErrorMessage(r, err) } - data := l.getUserData(r, authReq, "Password.Title", "Password.Description", errID, errMessage) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "Password.Title", "Password.Description", errID, errMessage) funcs := map[string]interface{}{ "showPasswordReset": func() bool { if authReq.LoginPolicy != nil { @@ -28,7 +29,7 @@ func (l *Login) renderPassword(w http.ResponseWriter, r *http.Request, authReq * return true }, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplPassword], data, funcs) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPassword], data, funcs) } func (l *Login) handlePasswordCheck(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/password_reset_handler.go b/internal/api/ui/login/password_reset_handler.go index b6e401fe63..ad5782db51 100644 --- a/internal/api/ui/login/password_reset_handler.go +++ b/internal/api/ui/login/password_reset_handler.go @@ -4,7 +4,7 @@ import ( "net/http" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -19,7 +19,7 @@ func (l *Login) handlePasswordReset(w http.ResponseWriter, r *http.Request) { } user, err := l.query.GetUserByLoginName(setContext(r.Context(), authReq.UserOrgID), true, authReq.LoginName) if err != nil { - if authReq.LoginPolicy.IgnoreUnknownUsernames && errors.IsNotFound(err) { + if authReq.LoginPolicy.IgnoreUnknownUsernames && zerrors.IsNotFound(err) { err = nil } l.renderPasswordResetDone(w, r, authReq, err) @@ -27,7 +27,7 @@ func (l *Login) handlePasswordReset(w http.ResponseWriter, r *http.Request) { } passwordCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypePasswordResetCode, l.userCodeAlg) if err != nil { - if authReq.LoginPolicy.IgnoreUnknownUsernames && errors.IsNotFound(err) { + if authReq.LoginPolicy.IgnoreUnknownUsernames && zerrors.IsNotFound(err) { err = nil } l.renderPasswordResetDone(w, r, authReq, err) @@ -42,6 +42,7 @@ func (l *Login) renderPasswordResetDone(w http.ResponseWriter, r *http.Request, if err != nil { errID, errMessage = l.getErrorMessage(r, err) } - data := l.getUserData(r, authReq, "PasswordResetDone.Title", "PasswordResetDone.Description", errID, errMessage) - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplPasswordResetDone], data, nil) + translator := l.getTranslator(r.Context(), authReq) + data := l.getUserData(r, authReq, translator, "PasswordResetDone.Title", "PasswordResetDone.Description", errID, errMessage) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPasswordResetDone], data, nil) } diff --git a/internal/api/ui/login/passwordless_login_handler.go b/internal/api/ui/login/passwordless_login_handler.go index 58cba32efb..8373a8fbdb 100644 --- a/internal/api/ui/login/passwordless_login_handler.go +++ b/internal/api/ui/login/passwordless_login_handler.go @@ -36,14 +36,15 @@ func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Re if passwordSet && authReq.LoginPolicy != nil { passwordSet = authReq.LoginPolicy.AllowUsernamePassword } + translator := l.getTranslator(r.Context(), authReq) data := &passwordlessData{ webAuthNData{ - userData: l.getUserData(r, authReq, "Passwordless.Title", "Passwordless.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "Passwordless.Title", "Passwordless.Description", errID, errMessage), CredentialCreationData: credentialData, }, passwordSet, } - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplPasswordlessVerification], data, nil) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPasswordlessVerification], data, nil) } func (l *Login) handlePasswordlessVerification(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/passwordless_prompt_handler.go b/internal/api/ui/login/passwordless_prompt_handler.go index 24a1eabf6c..ee70b76126 100644 --- a/internal/api/ui/login/passwordless_prompt_handler.go +++ b/internal/api/ui/login/passwordless_prompt_handler.go @@ -31,10 +31,9 @@ func (l *Login) renderPasswordlessPrompt(w http.ResponseWriter, r *http.Request, if err != nil { errID, errMessage = l.getErrorMessage(r, err) } - data := &passwordlessPromptData{ - userData: l.getUserData(r, authReq, "PasswordlessPrompt.Title", "PasswordlessPrompt.Description", errID, errMessage), - } - translator := l.getTranslator(r.Context(), authReq) + data := &passwordlessPromptData{ + userData: l.getUserData(r, authReq, translator, "PasswordlessPrompt.Title", "PasswordlessPrompt.Description", errID, errMessage), + } l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPasswordlessPrompt], data, nil) } diff --git a/internal/api/ui/login/passwordless_registration_handler.go b/internal/api/ui/login/passwordless_registration_handler.go index b70aac0c60..4c2d379b48 100644 --- a/internal/api/ui/login/passwordless_registration_handler.go +++ b/internal/api/ui/login/passwordless_registration_handler.go @@ -99,11 +99,10 @@ func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Re if webAuthNToken != nil { credentialData = base64.RawURLEncoding.EncodeToString(webAuthNToken.CredentialCreationData) } - translator := l.getTranslator(r.Context(), authReq) data := &passwordlessRegistrationData{ webAuthNData{ - userData: l.getUserData(r, authReq, "PasswordlessRegistration.Title", "PasswordlessRegistration.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "PasswordlessRegistration.Title", "PasswordlessRegistration.Description", errID, errMessage), CredentialCreationData: credentialData, }, code, @@ -117,8 +116,6 @@ func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Re policy, err := l.query.ActiveLabelPolicyByOrg(r.Context(), orgID, false) logging.Log("HANDL-XjWKE").OnError(err).Error("unable to get active label policy") data.LabelPolicy = labelPolicyToDomain(policy) - - translator, err = l.renderer.NewTranslator(r.Context()) if err == nil { texts, err := l.authRepo.GetLoginText(r.Context(), orgID) logging.Log("LOGIN-HJK4t").OnError(err).Warn("could not get custom texts") @@ -193,9 +190,8 @@ func (l *Login) renderPasswordlessRegistrationDone(w http.ResponseWriter, r *htt errID, errMessage = l.getErrorMessage(r, err) } translator := l.getTranslator(r.Context(), authReq) - data := passwordlessRegistrationDoneDate{ - userData: l.getUserData(r, authReq, "PasswordlessRegistrationDone.Title", "PasswordlessRegistrationDone.Description", errID, errMessage), + userData: l.getUserData(r, authReq, translator, "PasswordlessRegistrationDone.Title", "PasswordlessRegistrationDone.Description", errID, errMessage), HideNextButton: authReq == nil, } if authReq == nil { diff --git a/internal/api/ui/login/register_handler.go b/internal/api/ui/login/register_handler.go index d2b4845db8..8fed0d46e7 100644 --- a/internal/api/ui/login/register_handler.go +++ b/internal/api/ui/login/register_handler.go @@ -8,7 +8,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -57,7 +57,7 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) { return } if data.Password != data.Password2 { - err := caos_errs.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") + err := zerrors.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") l.renderRegister(w, r, authRequest, data, err) return } @@ -96,7 +96,6 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) { l.renderRegister(w, r, authRequest, data, err) return } - user, err = l.command.RegisterHuman(setContext(r.Context(), resourceOwner), resourceOwner, user, nil, nil, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator) if err != nil { l.renderRegister(w, r, authRequest, data, err) @@ -160,7 +159,7 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque } data := registerData{ - baseData: l.getBaseData(r, authRequest, "RegistrationUser.Title", "RegistrationUser.Description", errID, errMessage), + baseData: l.getBaseData(r, authRequest, translator, "RegistrationUser.Title", "RegistrationUser.Description", errID, errMessage), registerFormData: *formData, } diff --git a/internal/api/ui/login/register_option_handler.go b/internal/api/ui/login/register_option_handler.go index b2d0c9e16f..7d88f76c6c 100644 --- a/internal/api/ui/login/register_option_handler.go +++ b/internal/api/ui/login/register_option_handler.go @@ -54,7 +54,7 @@ func (l *Login) renderRegisterOption(w http.ResponseWriter, r *http.Request, aut } translator := l.getTranslator(r.Context(), authReq) data := registerOptionData{ - baseData: l.getBaseData(r, authReq, "RegisterOption.Title", "RegisterOption.Description", errID, errMessage), + baseData: l.getBaseData(r, authReq, translator, "RegisterOption.Title", "RegisterOption.Description", errID, errMessage), } funcs := map[string]interface{}{ "hasRegistration": func() bool { diff --git a/internal/api/ui/login/register_org_handler.go b/internal/api/ui/login/register_org_handler.go index 662f683d02..0243a37569 100644 --- a/internal/api/ui/login/register_org_handler.go +++ b/internal/api/ui/login/register_org_handler.go @@ -1,13 +1,12 @@ package login import ( - "context" "net/http" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -39,8 +38,12 @@ type registerOrgData struct { } func (l *Login) handleRegisterOrg(w http.ResponseWriter, r *http.Request) { - disallowed, err := l.publicOrgRegistrationIsDisallowed(r.Context()) - if disallowed || err != nil { + restrictions, err := l.query.GetInstanceRestrictions(r.Context()) + if err != nil { + l.renderError(w, r, nil, err) + return + } + if restrictions.DisallowPublicOrgRegistration { w.WriteHeader(http.StatusNotFound) return } @@ -54,8 +57,12 @@ func (l *Login) handleRegisterOrg(w http.ResponseWriter, r *http.Request) { } func (l *Login) handleRegisterOrgCheck(w http.ResponseWriter, r *http.Request) { - disallowed, err := l.publicOrgRegistrationIsDisallowed(r.Context()) - if disallowed || err != nil { + restrictions, err := l.query.GetInstanceRestrictions(r.Context()) + if err != nil { + l.renderError(w, r, nil, err) + return + } + if restrictions.DisallowPublicOrgRegistration { w.WriteHeader(http.StatusConflict) return } @@ -66,7 +73,7 @@ func (l *Login) handleRegisterOrgCheck(w http.ResponseWriter, r *http.Request) { return } if data.Password != data.Password2 { - err := caos_errs.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") + err := zerrors.ThrowInvalidArgument(nil, "VIEW-KaGue", "Errors.User.Password.ConfirmationWrong") l.renderRegisterOrg(w, r, authRequest, data, err) return } @@ -99,7 +106,7 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe } translator := l.getTranslator(r.Context(), authRequest) data := registerOrgData{ - baseData: l.getBaseData(r, authRequest, "RegistrationOrg.Title", "RegistrationOrg.Description", errID, errMessage), + baseData: l.getBaseData(r, authRequest, translator, "RegistrationOrg.Title", "RegistrationOrg.Description", errID, errMessage), registerOrgFormData: *formData, } pwPolicy := l.getPasswordComplexityPolicy(r, "0") @@ -130,11 +137,6 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplRegisterOrg], data, nil) } -func (l *Login) publicOrgRegistrationIsDisallowed(ctx context.Context) (bool, error) { - restrictions, err := l.query.GetInstanceRestrictions(ctx) - return restrictions.DisallowPublicOrgRegistration, err -} - func (d registerOrgFormData) toUserDomain() *domain.Human { if d.Username == "" { d.Username = string(d.Email) diff --git a/internal/api/ui/login/renderer.go b/internal/api/ui/login/renderer.go index d81ab4567e..c5f6bd50e8 100644 --- a/internal/api/ui/login/renderer.go +++ b/internal/api/ui/login/renderer.go @@ -16,12 +16,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" http_mw "github.com/zitadel/zitadel/internal/api/http/middleware" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/notification/templates" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/renderer" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -39,7 +39,7 @@ type LanguageData struct { Lang string } -func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage static.Storage, cookieName string) *Renderer { +func CreateRenderer(pathPrefix string, staticStorage static.Storage, cookieName string) *Renderer { r := &Renderer{ pathPrefix: pathPrefix, staticStorage: staticStorage, @@ -238,7 +238,6 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage } var err error r.Renderer, err = renderer.NewRenderer( - staticDir, tmplMapping, funcs, cookieName, ) @@ -248,7 +247,7 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage func (l *Login) renderNextStep(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { if authReq == nil { - l.renderInternalError(w, r, nil, caos_errs.ThrowInvalidArgument(nil, "LOGIN-Df3f2", "Errors.AuthRequest.NotFound")) + l.renderInternalError(w, r, nil, zerrors.ThrowInvalidArgument(nil, "LOGIN-Df3f2", "Errors.AuthRequest.NotFound")) return } authReq, err := l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID) @@ -257,7 +256,7 @@ func (l *Login) renderNextStep(w http.ResponseWriter, r *http.Request, authReq * return } if len(authReq.PossibleSteps) == 0 { - l.renderInternalError(w, r, authReq, caos_errs.ThrowInternal(nil, "APP-9sdp4", "no possible steps")) + l.renderInternalError(w, r, authReq, zerrors.ThrowInternal(nil, "APP-9sdp4", "no possible steps")) return } l.chooseNextStep(w, r, authReq, 0, nil) @@ -269,7 +268,7 @@ func (l *Login) renderError(w http.ResponseWriter, r *http.Request, authReq *dom return } if authReq == nil || len(authReq.PossibleSteps) == 0 { - l.renderInternalError(w, r, authReq, caos_errs.ThrowInternal(err, "APP-OVOiT", "no possible steps")) + l.renderInternalError(w, r, authReq, zerrors.ThrowInternal(err, "APP-OVOiT", "no possible steps")) return } l.chooseNextStep(w, r, authReq, 0, err) @@ -324,11 +323,11 @@ func (l *Login) chooseNextStep(w http.ResponseWriter, r *http.Request, authReq * case *domain.ExternalLoginStep: l.handleExternalLoginStep(w, r, authReq, step.SelectedIDPConfigID) case *domain.GrantRequiredStep: - l.renderInternalError(w, r, authReq, caos_errs.ThrowPreconditionFailed(nil, "APP-asb43", "Errors.User.GrantRequired")) + l.renderInternalError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "APP-asb43", "Errors.User.GrantRequired")) case *domain.ProjectRequiredStep: - l.renderInternalError(w, r, authReq, caos_errs.ThrowPreconditionFailed(nil, "APP-m92d", "Errors.User.ProjectRequired")) + l.renderInternalError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "APP-m92d", "Errors.User.ProjectRequired")) default: - l.renderInternalError(w, r, authReq, caos_errs.ThrowInternal(nil, "APP-ds3QF", "step no possible")) + l.renderInternalError(w, r, authReq, zerrors.ThrowInternal(nil, "APP-ds3QF", "step no possible")) } } @@ -343,13 +342,14 @@ func (l *Login) renderInternalError(w http.ResponseWriter, r *http.Request, auth _, msg = l.getErrorMessage(r, err) } - data := l.getBaseData(r, authReq, "Errors.Internal", "", "Internal", msg) - l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplError], data, nil) + translator := l.getTranslator(r.Context(), authReq) + data := l.getBaseData(r, authReq, translator, "Errors.Internal", "", "Internal", msg) + l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplError], data, nil) } -func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) userData { +func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, translator *i18n.Translator, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) userData { userData := userData{ - baseData: l.getBaseData(r, authReq, titleI18nKey, descriptionI18nKey, errType, errMessage), + baseData: l.getBaseData(r, authReq, translator, titleI18nKey, descriptionI18nKey, errType, errMessage), profileData: l.getProfileData(authReq), } if authReq != nil && authReq.LinkingUsers != nil { @@ -358,9 +358,7 @@ func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, titleI return userData } -func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) baseData { - translator := l.getTranslator(r.Context(), authReq) - +func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, translator *i18n.Translator, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) baseData { title := "" if titleI18nKey != "" { title = translator.LocalizeWithoutArgs(titleI18nKey) @@ -418,7 +416,11 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI } func (l *Login) getTranslator(ctx context.Context, authReq *domain.AuthRequest) *i18n.Translator { - translator, err := l.renderer.NewTranslator(ctx) + restrictions, err := l.query.GetInstanceRestrictions(ctx) + if err != nil { + logging.OnError(err).Warn("cannot load instance restrictions to retrieve allowed languages for creating the translator") + } + translator, err := l.renderer.NewTranslator(ctx, restrictions.AllowedLanguages) logging.OnError(err).Warn("cannot load translator") if authReq != nil { l.addLoginTranslations(translator, authReq.DefaultTranslations) @@ -468,7 +470,7 @@ func (l *Login) setLinksOnBaseData(baseData baseData, privacyPolicy *domain.Priv } func (l *Login) getErrorMessage(r *http.Request, err error) (errID, errMsg string) { - caosErr := new(caos_errs.CaosError) + caosErr := new(zerrors.ZitadelError) if errors.As(err, &caosErr) { localized := l.renderer.LocalizeFromRequest(l.getTranslator(r.Context(), nil), r, caosErr.Message, nil) return caosErr.ID, localized diff --git a/internal/api/ui/login/resources_handler.go b/internal/api/ui/login/resources_handler.go index 6abe666e98..7f263f6b8e 100644 --- a/internal/api/ui/login/resources_handler.go +++ b/internal/api/ui/login/resources_handler.go @@ -7,6 +7,7 @@ import ( "github.com/zitadel/zitadel/internal/api/assets" "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/i18n" ) type dynamicResourceData struct { @@ -15,8 +16,8 @@ type dynamicResourceData struct { FileName string `schema:"filename"` } -func (l *Login) handleResources(staticDir http.FileSystem) http.Handler { - return http.FileServer(staticDir) +func (l *Login) handleResources() http.Handler { + return http.FileServer(i18n.LoadFilesystem(i18n.LOGIN)) } func (l *Login) handleDynamicResources(w http.ResponseWriter, r *http.Request) { diff --git a/internal/api/ui/login/router.go b/internal/api/ui/login/router.go index 34a0092607..414ffb1919 100644 --- a/internal/api/ui/login/router.go +++ b/internal/api/ui/login/router.go @@ -64,7 +64,7 @@ var ( } ) -func CreateRouter(login *Login, staticDir http.FileSystem, interceptors ...mux.MiddlewareFunc) *mux.Router { +func CreateRouter(login *Login, interceptors ...mux.MiddlewareFunc) *mux.Router { router := mux.NewRouter() router.Use(interceptors...) router.HandleFunc(EndpointRoot, login.handleLogin).Methods(http.MethodGet) @@ -113,7 +113,7 @@ func CreateRouter(login *Login, staticDir http.FileSystem, interceptors ...mux.M router.HandleFunc(EndpointExternalRegisterCallback, login.handleExternalLoginCallback).Methods(http.MethodGet) router.HandleFunc(EndpointLogoutDone, login.handleLogoutDone).Methods(http.MethodGet) router.HandleFunc(EndpointDynamicResources, login.handleDynamicResources).Methods(http.MethodGet) - router.PathPrefix(EndpointResources).Handler(login.handleResources(staticDir)).Methods(http.MethodGet) + router.PathPrefix(EndpointResources).Handler(login.handleResources()).Methods(http.MethodGet) router.HandleFunc(EndpointRegisterOrg, login.handleRegisterOrg).Methods(http.MethodGet) router.HandleFunc(EndpointRegisterOrg, login.handleRegisterOrgCheck).Methods(http.MethodPost) router.HandleFunc(EndpointLoginSuccess, login.handleLoginSuccess).Methods(http.MethodGet) diff --git a/internal/api/ui/login/select_user_handler.go b/internal/api/ui/login/select_user_handler.go index d1078cbb83..2f9292d7ae 100644 --- a/internal/api/ui/login/select_user_handler.go +++ b/internal/api/ui/login/select_user_handler.go @@ -28,7 +28,7 @@ func (l *Login) renderUserSelection(w http.ResponseWriter, r *http.Request, auth descriptionI18nKey = "SelectAccount.DescriptionLinking" } data := userSelectionData{ - baseData: l.getBaseData(r, authReq, titleI18nKey, descriptionI18nKey, "", ""), + baseData: l.getBaseData(r, authReq, translator, titleI18nKey, descriptionI18nKey, "", ""), Users: selectionData.Users, Linking: linking, } diff --git a/internal/api/ui/login/static/templates/register.html b/internal/api/ui/login/static/templates/register.html index 00cda839cf..8430a56a11 100644 --- a/internal/api/ui/login/static/templates/register.html +++ b/internal/api/ui/login/static/templates/register.html @@ -106,8 +106,8 @@ {{template "error-message" .}}
- - {{t "RegistrationUser.BackButtonText"}} + + diff --git a/internal/api/ui/login/username_change_handler.go b/internal/api/ui/login/username_change_handler.go index 79affe9705..7a497c4eb5 100644 --- a/internal/api/ui/login/username_change_handler.go +++ b/internal/api/ui/login/username_change_handler.go @@ -21,7 +21,7 @@ func (l *Login) renderChangeUsername(w http.ResponseWriter, r *http.Request, aut errID, errMessage = l.getErrorMessage(r, err) } translator := l.getTranslator(r.Context(), authReq) - data := l.getUserData(r, authReq, "UsernameChange.Title", "UsernameChange.Description", errID, errMessage) + data := l.getUserData(r, authReq, translator, "UsernameChange.Title", "UsernameChange.Description", errID, errMessage) l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsername], data, nil) } @@ -43,6 +43,6 @@ func (l *Login) handleChangeUsername(w http.ResponseWriter, r *http.Request) { func (l *Login) renderChangeUsernameDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) { var errType, errMessage string translator := l.getTranslator(r.Context(), authReq) - data := l.getUserData(r, authReq, "UsernameChangeDone.Title", "UsernameChangeDone.Description", errType, errMessage) + data := l.getUserData(r, authReq, translator, "UsernameChangeDone.Title", "UsernameChangeDone.Description", errType, errMessage) l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsernameDone], data, nil) } diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index b0e1c4c7ab..2d2c60e3cc 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -14,7 +14,6 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -23,6 +22,7 @@ import ( "github.com/zitadel/zitadel/internal/telemetry/tracing" user_model "github.com/zitadel/zitadel/internal/user/model" user_view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const unknownUserID = "UNKNOWN" @@ -262,7 +262,7 @@ func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReq return err } err = repo.checkExternalUserLogin(ctx, request, externalUser.IDPConfigID, externalUser.ExternalUserID) - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { // clear potential user information (e.g. when username was entered but another external user was returned) request.SetUserInfo("", "", "", "", "", request.UserOrgID) // in case the check was done with an ID, that was retrieved by a session that allows migration, @@ -328,7 +328,7 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAge return err } if request.RequestedOrgID != "" && request.RequestedOrgID != user.ResourceOwner { - return errors.ThrowPreconditionFailed(nil, "EVENT-fJe2a", "Errors.User.NotAllowedOrg") + return zerrors.ThrowPreconditionFailed(nil, "EVENT-fJe2a", "Errors.User.NotAllowedOrg") } username := user.UserName if request.RequestedOrgID == "" { @@ -344,7 +344,7 @@ func (repo *AuthRequestRepo) VerifyPassword(ctx context.Context, authReqID, user request, err := repo.getAuthRequestEnsureUser(ctx, authReqID, userAgentID, userID) if err != nil { if isIgnoreUserNotFoundError(err, request) { - return errors.ThrowInvalidArgument(nil, "EVENT-SDe2f", "Errors.User.UsernameOrPassword.Invalid") + return zerrors.ThrowInvalidArgument(nil, "EVENT-SDe2f", "Errors.User.UsernameOrPassword.Invalid") } return err } @@ -354,17 +354,17 @@ func (repo *AuthRequestRepo) VerifyPassword(ctx context.Context, authReqID, user } err = repo.Command.HumanCheckPassword(ctx, resourceOwner, userID, password, request.WithCurrentInfo(info), lockoutPolicyToDomain(policy)) if isIgnoreUserInvalidPasswordError(err, request) { - return errors.ThrowInvalidArgument(nil, "EVENT-Jsf32", "Errors.User.UsernameOrPassword.Invalid") + return zerrors.ThrowInvalidArgument(nil, "EVENT-Jsf32", "Errors.User.UsernameOrPassword.Invalid") } return err } func isIgnoreUserNotFoundError(err error, request *domain.AuthRequest) bool { - return request != nil && request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames && errors.IsNotFound(err) && errors.Contains(err, "Errors.User.NotFound") + return request != nil && request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames && zerrors.IsNotFound(err) && zerrors.Contains(err, "Errors.User.NotFound") } func isIgnoreUserInvalidPasswordError(err error, request *domain.AuthRequest) bool { - return request != nil && request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames && errors.IsErrorInvalidArgument(err) && errors.Contains(err, "Errors.User.Password.Invalid") + return request != nil && request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames && zerrors.IsErrorInvalidArgument(err) && zerrors.Contains(err, "Errors.User.Password.Invalid") } func lockoutPolicyToDomain(policy *query.LockoutPolicy) *domain.LockoutPolicy { @@ -613,7 +613,7 @@ func (repo *AuthRequestRepo) getAuthRequestEnsureUser(ctx context.Context, authR } } if request.UserID != userID { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-GBH32", "Errors.User.NotMatchingUserID") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-GBH32", "Errors.User.NotMatchingUserID") } _, err = activeUserByID(ctx, repo.UserViewProvider, repo.UserEventProvider, repo.OrgViewProvider, repo.LockoutPolicyViewProvider, request.UserID, false) if err != nil { @@ -631,7 +631,7 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID return nil, err } if request.AgentID != userAgentID { - return nil, errors.ThrowPermissionDenied(nil, "EVENT-adk13", "Errors.AuthRequest.UserAgentNotCorresponding") + return nil, zerrors.ThrowPermissionDenied(nil, "EVENT-adk13", "Errors.AuthRequest.UserAgentNotCorresponding") } err = repo.fillPolicies(ctx, request) if err != nil { @@ -743,7 +743,7 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain user, err = repo.checkLoginNameInput(ctx, request, preferredLoginName) } // return any error apart from not found ones directly - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } // if there's an active (human) user, let's use it @@ -759,11 +759,11 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain } // let's once again check if the user was just inactive if user != nil && user.State == int32(domain.UserStateInactive) { - return errors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive") + return zerrors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive") } // or locked if user != nil && user.State == int32(domain.UserStateLocked) { - return errors.ThrowPreconditionFailed(nil, "AUTH-SF3gb", "Errors.User.Locked") + return zerrors.ThrowPreconditionFailed(nil, "AUTH-SF3gb", "Errors.User.Locked") } // let's just check if unknown usernames are ignored if request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames { @@ -780,11 +780,11 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain } // let's check if it was a machine user if !user.MachineView.IsZero() { - return errors.ThrowPreconditionFailed(nil, "AUTH-DGV4g", "Errors.User.NotHuman") + return zerrors.ThrowPreconditionFailed(nil, "AUTH-DGV4g", "Errors.User.NotHuman") } // everything should be handled by now logging.WithFields("authRequest", request.ID, "loginName", loginName).Error("unhandled state for checkLoginName") - return errors.ThrowInternal(nil, "AUTH-asf3df", "Errors.Internal") + return zerrors.ThrowInternal(nil, "AUTH-asf3df", "Errors.Internal") } func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *domain.AuthRequest, loginName string) (bool, error) { @@ -889,12 +889,12 @@ func (repo *AuthRequestRepo) checkLoginPolicyWithResourceOwner(ctx context.Conte return err } if len(request.LinkingUsers) != 0 && !loginPolicy.AllowExternalIDPs { - return errors.ThrowInvalidArgument(nil, "LOGIN-s9sio", "Errors.User.NotAllowedToLink") + return zerrors.ThrowInvalidArgument(nil, "LOGIN-s9sio", "Errors.User.NotAllowedToLink") } if len(request.LinkingUsers) != 0 { exists := linkingIDPConfigExistingInAllowedIDPs(request.LinkingUsers, idpProviders) if !exists { - return errors.ThrowInvalidArgument(nil, "LOGIN-Dj89o", "Errors.User.NotAllowedToLink") + return zerrors.ThrowInvalidArgument(nil, "LOGIN-Dj89o", "Errors.User.NotAllowedToLink") } } request.LoginPolicy = queryLoginPolicyToDomain(loginPolicy) @@ -941,7 +941,7 @@ func (repo *AuthRequestRepo) checkSelectedExternalIDP(request *domain.AuthReques return nil } } - return errors.ThrowNotFound(nil, "LOGIN-Nsm8r", "Errors.User.ExternalIDP.NotAllowed") + return zerrors.ThrowNotFound(nil, "LOGIN-Nsm8r", "Errors.User.ExternalIDP.NotAllowed") } func (repo *AuthRequestRepo) checkExternalUserLogin(ctx context.Context, request *domain.AuthRequest, idpConfigID, externalUserID string) (err error) { @@ -968,7 +968,7 @@ func (repo *AuthRequestRepo) checkExternalUserLogin(ctx context.Context, request return err } if len(links.Links) != 1 { - return errors.ThrowNotFound(nil, "AUTH-Sf8sd", "Errors.ExternalIDP.NotFound") + return zerrors.ThrowNotFound(nil, "AUTH-Sf8sd", "Errors.ExternalIDP.NotFound") } user, err := activeUserByID(ctx, repo.UserViewProvider, repo.UserEventProvider, repo.OrgViewProvider, repo.LockoutPolicyViewProvider, links.Links[0].UserID, false) if err != nil { @@ -988,7 +988,7 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth defer func() { span.EndWithError(err) }() if request == nil { - return nil, errors.ThrowInvalidArgument(nil, "EVENT-ds27a", "Errors.Internal") + return nil, zerrors.ThrowInvalidArgument(nil, "EVENT-ds27a", "Errors.Internal") } steps = make([]domain.NextStep, 0) if !checkLoggedIn && domain.IsPrompt(request.Prompt, domain.PromptNone) { @@ -1216,7 +1216,7 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, if promptRequired || !repo.mfaSkippedOrSetUp(user, request) { types := user.MFATypesSetupPossible(mfaLevel, request.LoginPolicy) if promptRequired && len(types) == 0 { - return nil, false, errors.ThrowPreconditionFailed(nil, "LOGIN-5Hm8s", "Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured") + return nil, false, zerrors.ThrowPreconditionFailed(nil, "LOGIN-5Hm8s", "Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured") } if len(types) == 0 { return nil, true, nil @@ -1265,7 +1265,7 @@ func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, reques func (repo *AuthRequestRepo) GetPrivacyPolicy(ctx context.Context, orgID string) (*domain.PrivacyPolicy, error) { policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID, false) - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return new(domain.PrivacyPolicy), nil } if err != nil { @@ -1468,7 +1468,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve session, err := provider.UserSessionByIDs(agentID, user.ID, instanceID) if err != nil { - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return nil, err } session = &user_view_model.UserSessionView{UserAgentID: agentID, UserID: user.ID} @@ -1510,7 +1510,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve continue } case user_repo.UserRemovedType: - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dG2fe", "Errors.User.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-dG2fe", "Errors.User.NotActive") } err := sessionCopy.AppendEvent(event) logging.WithFields("traceID", tracing.TraceIDFromCtx(ctx)).OnError(err).Warn("error appending event") @@ -1522,7 +1522,7 @@ func activeUserByID(ctx context.Context, userViewProvider userViewProvider, user // PLANNED: Check LockoutPolicy user, err = userByID(ctx, userViewProvider, userEventProvider, userID) if err != nil { - if ignoreUnknownUsernames && errors.IsNotFound(err) { + if ignoreUnknownUsernames && zerrors.IsNotFound(err) { return &user_model.UserView{ ID: userID, HumanView: &user_model.HumanView{}, @@ -1532,20 +1532,20 @@ func activeUserByID(ctx context.Context, userViewProvider userViewProvider, user } if user.HumanView == nil { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Lm69x", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-Lm69x", "Errors.User.NotHuman") } if user.State == user_model.UserStateLocked || user.State == user_model.UserStateSuspend { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-FJ262", "Errors.User.Locked") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-FJ262", "Errors.User.Locked") } if !(user.State == user_model.UserStateActive || user.State == user_model.UserStateInitial) { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-FJ262", "Errors.User.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-FJ262", "Errors.User.NotActive") } org, err := queries.OrgByID(ctx, false, user.ResourceOwner) if err != nil { return nil, err } if org.State != domain.OrgStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Zws3s", "Errors.User.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-Zws3s", "Errors.User.NotActive") } return user, nil } @@ -1555,7 +1555,7 @@ func userByID(ctx context.Context, viewProvider userViewProvider, eventProvider defer func() { span.EndWithError(err) }() user, viewErr := viewProvider.UserByID(userID, authz.GetInstance(ctx).InstanceID()) - if viewErr != nil && !errors.IsNotFound(viewErr) { + if viewErr != nil && !zerrors.IsNotFound(viewErr) { return nil, viewErr } else if user == nil { user = new(user_view_model.UserView) @@ -1578,7 +1578,7 @@ func userByID(ctx context.Context, viewProvider userViewProvider, eventProvider } } if userCopy.State == int32(user_model.UserStateDeleted) { - return nil, errors.ThrowNotFound(nil, "EVENT-3F9so", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-3F9so", "Errors.User.NotFound") } return user_view_model.UserToModel(&userCopy), nil } @@ -1626,7 +1626,7 @@ func userGrantRequired(ctx context.Context, request *domain.AuthRequest, user *u return false, err } default: - return false, errors.ThrowPreconditionFailed(nil, "EVENT-dfrw2", "Errors.AuthRequest.RequestTypeNotSupported") + return false, zerrors.ThrowPreconditionFailed(nil, "EVENT-dfrw2", "Errors.AuthRequest.RequestTypeNotSupported") } if !project.ProjectRoleCheck { return false, nil @@ -1647,7 +1647,7 @@ func projectRequired(ctx context.Context, request *domain.AuthRequest, projectPr return false, err } default: - return false, errors.ThrowPreconditionFailed(nil, "EVENT-ku4He", "Errors.AuthRequest.RequestTypeNotSupported") + return false, zerrors.ThrowPreconditionFailed(nil, "EVENT-ku4He", "Errors.AuthRequest.RequestTypeNotSupported") } // if the user and project are part of the same organisation we do not need to check if the project exists on that org if !project.HasProjectCheck || project.ResourceOwner == request.UserOrgID { diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index 36355350af..de0af84247 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -14,7 +14,6 @@ import ( "github.com/zitadel/zitadel/internal/auth_request/repository/mock" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" @@ -22,6 +21,7 @@ import ( user_model "github.com/zitadel/zitadel/internal/user/model" user_es_model "github.com/zitadel/zitadel/internal/user/repository/eventsourcing/model" user_view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -31,7 +31,7 @@ var ( type mockViewNoUserSession struct{} func (m *mockViewNoUserSession) UserSessionByIDs(string, string, string) (*user_view_model.UserSessionView, error) { - return nil, errors.ThrowNotFound(nil, "id", "user session not found") + return nil, zerrors.ThrowNotFound(nil, "id", "user session not found") } func (m *mockViewNoUserSession) UserSessionsByAgentID(string, string) ([]*user_view_model.UserSessionView, error) { @@ -45,11 +45,11 @@ func (m *mockViewNoUserSession) GetLatestUserSessionSequence(ctx context.Context type mockViewErrUserSession struct{} func (m *mockViewErrUserSession) UserSessionByIDs(string, string, string) (*user_view_model.UserSessionView, error) { - return nil, errors.ThrowInternal(nil, "id", "internal error") + return nil, zerrors.ThrowInternal(nil, "id", "internal error") } func (m *mockViewErrUserSession) UserSessionsByAgentID(string, string) ([]*user_view_model.UserSessionView, error) { - return nil, errors.ThrowInternal(nil, "id", "internal error") + return nil, zerrors.ThrowInternal(nil, "id", "internal error") } func (m *mockViewErrUserSession) GetLatestUserSessionSequence(ctx context.Context, instanceID string) (*query.CurrentState, error) { @@ -102,7 +102,7 @@ func (m *mockViewUserSession) GetLatestUserSessionSequence(ctx context.Context, type mockViewNoUser struct{} func (m *mockViewNoUser) UserByID(string, string) (*user_view_model.UserView, error) { - return nil, errors.ThrowNotFound(nil, "id", "user not found") + return nil, zerrors.ThrowNotFound(nil, "id", "user not found") } type mockEventUser struct { @@ -127,11 +127,11 @@ func (m *mockEventUser) BulkAddExternalIDPs(ctx context.Context, userID string, type mockEventErrUser struct{} func (m *mockEventErrUser) UserEventsByID(ctx context.Context, id string, changeDate time.Time, types []eventstore.EventType) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "id", "internal error") + return nil, zerrors.ThrowInternal(nil, "id", "internal error") } func (m *mockEventErrUser) BulkAddExternalIDPs(ctx context.Context, userID string, externalIDPs []*user_model.ExternalIDP) error { - return errors.ThrowInternal(nil, "id", "internal error") + return zerrors.ThrowInternal(nil, "id", "internal error") } type mockViewUser struct { @@ -226,11 +226,11 @@ func (m *mockViewOrg) OrgByPrimaryDomain(context.Context, string) (*query.Org, e type mockViewErrOrg struct{} func (m *mockViewErrOrg) OrgByID(context.Context, bool, string) (*query.Org, error) { - return nil, errors.ThrowInternal(nil, "id", "internal error") + return nil, zerrors.ThrowInternal(nil, "id", "internal error") } func (m *mockViewErrOrg) OrgByPrimaryDomain(context.Context, string) (*query.Org, error) { - return nil, errors.ThrowInternal(nil, "id", "internal error") + return nil, zerrors.ThrowInternal(nil, "id", "internal error") } type mockUserGrants struct { @@ -276,7 +276,7 @@ func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string) (*query.App, if m.app != nil { return m.app, nil } - return nil, errors.ThrowNotFound(nil, "ERROR", "error") + return nil, zerrors.ThrowNotFound(nil, "ERROR", "error") } type mockIDPUserLinks struct { @@ -321,7 +321,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { fields{}, args{nil, false}, nil, - errors.IsErrorInvalidArgument, + zerrors.IsErrorInvalidArgument, }, { "prompt none and checkLoggedIn false, callback step", @@ -386,7 +386,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{Prompt: []domain.Prompt{domain.PromptSelectAccount}}, false}, nil, - errors.IsInternal, + zerrors.IsInternal, }, { "user not set, prompt select account, select account step", @@ -666,7 +666,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsNotFound, + zerrors.IsNotFound, }, { "user not active, precondition failed error", @@ -688,7 +688,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsPreconditionFailed, + zerrors.IsPreconditionFailed, }, { "user locked, precondition failed error", @@ -709,7 +709,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsPreconditionFailed, + zerrors.IsPreconditionFailed, }, { "org error, internal error", @@ -725,7 +725,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsInternal, + zerrors.IsInternal, }, { "org not active, precondition failed error", @@ -741,7 +741,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsPreconditionFailed, + zerrors.IsPreconditionFailed, }, { "usersession not found, new user session, password step", @@ -779,7 +779,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false}, nil, - errors.IsInternal, + zerrors.IsInternal, }, { "user not initialized, init user step", @@ -1716,7 +1716,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { }, nil, false, - errors.IsPreconditionFailed, + zerrors.IsPreconditionFailed, }, { "not set up, no mfas configured, no prompt and true", @@ -2073,7 +2073,7 @@ func Test_userSessionByIDs(t *testing.T) { user: &user_model.UserView{ID: "id"}, }, nil, - errors.IsInternal, + zerrors.IsInternal, }, { "error user events, old view model state", @@ -2184,7 +2184,7 @@ func Test_userSessionByIDs(t *testing.T) { }, }, nil, - errors.IsPreconditionFailed, + zerrors.IsPreconditionFailed, }, } for _, tt := range tests { @@ -2220,7 +2220,7 @@ func Test_userByID(t *testing.T) { eventProvider: &mockEventUser{}, }, nil, - errors.IsNotFound, + zerrors.IsNotFound, }, { "error user events, old view model state", diff --git a/internal/auth/repository/eventsourcing/eventstore/refresh_token.go b/internal/auth/repository/eventsourcing/eventstore/refresh_token.go index a51edca476..90b98aaf8c 100644 --- a/internal/auth/repository/eventsourcing/eventstore/refresh_token.go +++ b/internal/auth/repository/eventsourcing/eventstore/refresh_token.go @@ -10,12 +10,12 @@ import ( "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/telemetry/tracing" usr_model "github.com/zitadel/zitadel/internal/user/model" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type RefreshTokenRepo struct { @@ -35,7 +35,7 @@ func (r *RefreshTokenRepo) RefreshTokenByToken(ctx context.Context, refreshToken return nil, err } if tokenView.Token != token { - return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid") + return nil, zerrors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid") } return tokenView, nil } @@ -51,10 +51,10 @@ func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID Errorf("could not get current sequence for RefreshTokenByID") tokenView, viewErr := r.View.RefreshTokenByID(tokenID, instanceID) - if viewErr != nil && !errors.IsNotFound(viewErr) { + if viewErr != nil && !zerrors.IsNotFound(viewErr) { return nil, viewErr } - if errors.IsNotFound(viewErr) { + if zerrors.IsNotFound(viewErr) { tokenView = new(model.RefreshTokenView) tokenView.ID = tokenID tokenView.UserID = userID @@ -65,8 +65,8 @@ func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID } events, esErr := r.getUserEvents(ctx, userID, tokenView.InstanceID, tokenView.ChangeDate, tokenView.GetRelevantEventTypes()) - if errors.IsNotFound(viewErr) && len(events) == 0 { - return nil, errors.ThrowNotFound(nil, "EVENT-BHB52", "Errors.User.RefreshToken.Invalid") + if zerrors.IsNotFound(viewErr) && len(events) == 0 { + return nil, zerrors.ThrowNotFound(nil, "EVENT-BHB52", "Errors.User.RefreshToken.Invalid") } if esErr != nil { @@ -81,7 +81,7 @@ func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID } } if !tokenView.Expiration.After(time.Now()) { - return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid") + return nil, zerrors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid") } return model.RefreshTokenViewToModel(tokenView), nil } diff --git a/internal/auth/repository/eventsourcing/eventstore/token.go b/internal/auth/repository/eventsourcing/eventstore/token.go index 3a91e25107..ba58dfd4d7 100644 --- a/internal/auth/repository/eventsourcing/eventstore/token.go +++ b/internal/auth/repository/eventsourcing/eventstore/token.go @@ -8,12 +8,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/telemetry/tracing" usr_model "github.com/zitadel/zitadel/internal/user/model" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type TokenRepo struct { @@ -32,10 +32,11 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) ( Errorf("could not get current sequence for TokenByIDs") token, viewErr := repo.View.TokenByIDs(tokenID, userID, instanceID) - if viewErr != nil && !errors.IsNotFound(viewErr) { + if viewErr != nil && !zerrors.IsNotFound(viewErr) { return nil, viewErr } - if errors.IsNotFound(viewErr) { + if zerrors.IsNotFound(viewErr) { + token = new(model.TokenView) token.ID = tokenID token.UserID = userID @@ -46,8 +47,8 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) ( } events, esErr := repo.getUserEvents(ctx, userID, token.InstanceID, token.ChangeDate, token.GetRelevantEventTypes()) - if errors.IsNotFound(viewErr) && len(events) == 0 { - return nil, errors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") + if zerrors.IsNotFound(viewErr) && len(events) == 0 { + return nil, zerrors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") } if esErr != nil { @@ -62,7 +63,7 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) ( } } if !token.Expiration.After(time.Now().UTC()) || token.Deactivated { - return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") } return model.TokenViewToModel(token), nil } diff --git a/internal/auth/repository/eventsourcing/eventstore/user_session.go b/internal/auth/repository/eventsourcing/eventstore/user_session.go index 3fb60fc75e..8bacef942b 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user_session.go +++ b/internal/auth/repository/eventsourcing/eventstore/user_session.go @@ -20,8 +20,3 @@ func (repo *UserSessionRepo) GetMyUserSessions(ctx context.Context) ([]*usr_mode } return model.UserSessionsToModel(userSessions), nil } - -func (repo *UserSessionRepo) ActiveUserSessionCount() int64 { - userSessions, _ := repo.View.ActiveUserSessionsCount() - return int64(userSessions) -} diff --git a/internal/auth/repository/eventsourcing/handler/refresh_token.go b/internal/auth/repository/eventsourcing/handler/refresh_token.go index 5a1b59d492..4dac7eab6f 100644 --- a/internal/auth/repository/eventsourcing/handler/refresh_token.go +++ b/internal/auth/repository/eventsourcing/handler/refresh_token.go @@ -6,13 +6,13 @@ import ( "github.com/zitadel/logging" auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -112,7 +112,7 @@ func (t *RefreshToken) Reduce(event eventstore.Event) (_ *handler.Statement, err e := new(user.HumanRefreshTokenRenewedEvent) if err := event.Unmarshal(e); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-BHn75", "could not unmarshal data") + return zerrors.ThrowInternal(nil, "MODEL-BHn75", "could not unmarshal data") } token, err := t.view.RefreshTokenByID(e.TokenID, event.Aggregate().InstanceID) if err != nil { @@ -127,7 +127,7 @@ func (t *RefreshToken) Reduce(event eventstore.Event) (_ *handler.Statement, err e := new(user.HumanRefreshTokenRemovedEvent) if err := event.Unmarshal(e); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-Bz653", "could not unmarshal data") + return zerrors.ThrowInternal(nil, "MODEL-Bz653", "could not unmarshal data") } return t.view.DeleteRefreshToken(e.TokenID, event.Aggregate().InstanceID) case user.UserLockedType, diff --git a/internal/auth/repository/eventsourcing/handler/token.go b/internal/auth/repository/eventsourcing/handler/token.go index 03827aa44b..14641cacdc 100644 --- a/internal/auth/repository/eventsourcing/handler/token.go +++ b/internal/auth/repository/eventsourcing/handler/token.go @@ -6,7 +6,6 @@ import ( "github.com/zitadel/logging" auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" @@ -18,6 +17,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -242,7 +242,7 @@ func agentIDFromSession(event eventstore.Event) (string, error) { session := make(map[string]interface{}) if err := event.Unmarshal(&session); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return "", caos_errs.ThrowInternal(nil, "MODEL-sd325", "could not unmarshal data") + return "", zerrors.ThrowInternal(nil, "MODEL-sd325", "could not unmarshal data") } return session["userAgentID"].(string), nil } @@ -251,7 +251,7 @@ func applicationFromSession(event eventstore.Event) (*project_es_model.Applicati application := new(project_es_model.Application) if err := event.Unmarshal(application); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return nil, caos_errs.ThrowInternal(nil, "MODEL-Hrw1q", "could not unmarshal data") + return nil, zerrors.ThrowInternal(nil, "MODEL-Hrw1q", "could not unmarshal data") } return application, nil } @@ -260,7 +260,7 @@ func tokenIDFromRemovedEvent(event eventstore.Event) (string, error) { removed := make(map[string]interface{}) if err := event.Unmarshal(&removed); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return "", caos_errs.ThrowInternal(nil, "MODEL-Sff32", "could not unmarshal data") + return "", zerrors.ThrowInternal(nil, "MODEL-Sff32", "could not unmarshal data") } return removed["tokenId"].(string), nil } @@ -269,7 +269,7 @@ func refreshTokenIDFromRemovedEvent(event eventstore.Event) (string, error) { removed := make(map[string]interface{}) if err := event.Unmarshal(&removed); err != nil { logging.WithError(err).Error("could not unmarshal event data") - return "", caos_errs.ThrowInternal(nil, "MODEL-Dfb3w", "could not unmarshal data") + return "", zerrors.ThrowInternal(nil, "MODEL-Dfb3w", "could not unmarshal data") } return removed["tokenId"].(string), nil } @@ -293,7 +293,7 @@ func (t *Token) getProjectByID(ctx context.Context, projID, instanceID string) ( } if esProject.Sequence == 0 { - return nil, caos_errs.ThrowNotFound(nil, "EVENT-Dsdw2", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-Dsdw2", "Errors.Project.NotFound") } return project_es_model.ProjectToModel(esProject), nil } diff --git a/internal/auth/repository/eventsourcing/handler/user.go b/internal/auth/repository/eventsourcing/handler/user.go index 96a5ea5a51..c93dc06477 100644 --- a/internal/auth/repository/eventsourcing/handler/user.go +++ b/internal/auth/repository/eventsourcing/handler/user.go @@ -6,7 +6,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" @@ -19,6 +18,7 @@ import ( user_repo "github.com/zitadel/zitadel/internal/repository/user" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -389,7 +389,7 @@ func (u *User) ProcessUser(event eventstore.Event) (_ *handler.Statement, err er user_repo.HumanPasswordlessInitCodeRequestedType: user, err = u.view.UserByID(event.Aggregate().ID, event.Aggregate().InstanceID) if err != nil { - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return err } user, err = u.userFromEventstore(event.Aggregate(), user.EventTypes()) @@ -402,7 +402,7 @@ func (u *User) ProcessUser(event eventstore.Event) (_ *handler.Statement, err er user_repo.UserUserNameChangedType: user, err = u.view.UserByID(event.Aggregate().ID, event.Aggregate().InstanceID) if err != nil { - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return err } user, err = u.userFromEventstore(event.Aggregate(), user.EventTypes()) @@ -521,7 +521,7 @@ func (u *User) getOrgByID(ctx context.Context, orgID, instanceID string) (*org_m return nil, err } if esOrg.Sequence == 0 { - return nil, errors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound") } return org_es_model.OrgToModel(esOrg), nil diff --git a/internal/auth/repository/eventsourcing/handler/user_session.go b/internal/auth/repository/eventsourcing/handler/user_session.go index a9cefcccae..65d1facf54 100644 --- a/internal/auth/repository/eventsourcing/handler/user_session.go +++ b/internal/auth/repository/eventsourcing/handler/user_session.go @@ -6,7 +6,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/eventstore/v1/models" @@ -18,6 +17,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -241,7 +241,7 @@ func (u *UserSession) Reduce(event eventstore.Event) (_ *handler.Statement, err } session, err = u.view.UserSessionByIDs(eventData.UserAgentID, event.Aggregate().ID, event.Aggregate().InstanceID) if err != nil { - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return err } session = &view_model.UserSessionView{ @@ -392,7 +392,7 @@ func (u *UserSession) getOrgByID(ctx context.Context, orgID, instanceID string) } if esOrg.Sequence == 0 { - return nil, errors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound") } return org_es_model.OrgToModel(esOrg), nil } diff --git a/internal/auth/repository/eventsourcing/view/refresh_token.go b/internal/auth/repository/eventsourcing/view/refresh_token.go index 64933bc7cb..b45f769cb7 100644 --- a/internal/auth/repository/eventsourcing/view/refresh_token.go +++ b/internal/auth/repository/eventsourcing/view/refresh_token.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" user_model "github.com/zitadel/zitadel/internal/user/model" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -39,7 +39,7 @@ func (v *View) PutRefreshTokens(token []*model.RefreshTokenView) error { func (v *View) DeleteRefreshToken(tokenID, instanceID string) error { err := usr_view.DeleteRefreshToken(v.Db, refreshTokenTable, tokenID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -47,7 +47,7 @@ func (v *View) DeleteRefreshToken(tokenID, instanceID string) error { func (v *View) DeleteUserRefreshTokens(userID, instanceID string) error { err := usr_view.DeleteUserRefreshTokens(v.Db, refreshTokenTable, userID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -55,7 +55,7 @@ func (v *View) DeleteUserRefreshTokens(userID, instanceID string) error { func (v *View) DeleteApplicationRefreshTokens(event *models.Event, ids ...string) error { err := usr_view.DeleteApplicationTokens(v.Db, refreshTokenTable, event.InstanceID, ids) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -63,7 +63,7 @@ func (v *View) DeleteApplicationRefreshTokens(event *models.Event, ids ...string func (v *View) DeleteInstanceRefreshTokens(instanceID string) error { err := usr_view.DeleteInstanceRefreshTokens(v.Db, refreshTokenTable, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -71,7 +71,7 @@ func (v *View) DeleteInstanceRefreshTokens(instanceID string) error { func (v *View) DeleteOrgRefreshTokens(event eventstore.Event) error { err := usr_view.DeleteOrgRefreshTokens(v.Db, refreshTokenTable, event.Aggregate().InstanceID, event.Aggregate().ResourceOwner) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil diff --git a/internal/auth/repository/eventsourcing/view/token.go b/internal/auth/repository/eventsourcing/view/token.go index 549907d893..b19f5a69aa 100644 --- a/internal/auth/repository/eventsourcing/view/token.go +++ b/internal/auth/repository/eventsourcing/view/token.go @@ -3,11 +3,11 @@ package view import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -32,7 +32,7 @@ func (v *View) PutTokens(token []*model.TokenView) error { func (v *View) DeleteToken(tokenID, instanceID string) error { err := usr_view.DeleteToken(v.Db, tokenTable, tokenID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -40,7 +40,7 @@ func (v *View) DeleteToken(tokenID, instanceID string) error { func (v *View) DeleteSessionTokens(agentID string, event eventstore.Event) error { err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, event.Aggregate().ID, event.Aggregate().InstanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -48,7 +48,7 @@ func (v *View) DeleteSessionTokens(agentID string, event eventstore.Event) error func (v *View) DeleteUserTokens(event eventstore.Event) error { err := usr_view.DeleteUserTokens(v.Db, tokenTable, event.Aggregate().ID, event.Aggregate().InstanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -56,7 +56,7 @@ func (v *View) DeleteUserTokens(event eventstore.Event) error { func (v *View) DeleteApplicationTokens(event eventstore.Event, ids ...string) error { err := usr_view.DeleteApplicationTokens(v.Db, tokenTable, event.Aggregate().InstanceID, ids) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -64,7 +64,7 @@ func (v *View) DeleteApplicationTokens(event eventstore.Event, ids ...string) er func (v *View) DeleteTokensFromRefreshToken(refreshTokenID, instanceID string) error { err := usr_view.DeleteTokensFromRefreshToken(v.Db, tokenTable, refreshTokenID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -72,7 +72,7 @@ func (v *View) DeleteTokensFromRefreshToken(refreshTokenID, instanceID string) e func (v *View) DeleteInstanceTokens(event eventstore.Event) error { err := usr_view.DeleteInstanceTokens(v.Db, tokenTable, event.Aggregate().InstanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -80,7 +80,7 @@ func (v *View) DeleteInstanceTokens(event eventstore.Event) error { func (v *View) DeleteOrgTokens(event eventstore.Event) error { err := usr_view.DeleteOrgTokens(v.Db, tokenTable, event.Aggregate().InstanceID, event.Aggregate().ResourceOwner) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil diff --git a/internal/auth/repository/eventsourcing/view/user.go b/internal/auth/repository/eventsourcing/view/user.go index 0f15991e33..8479924f9a 100644 --- a/internal/auth/repository/eventsourcing/view/user.go +++ b/internal/auth/repository/eventsourcing/view/user.go @@ -5,12 +5,12 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" usr_model "github.com/zitadel/zitadel/internal/user/model" "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -43,7 +43,7 @@ func (v *View) UserByLoginNameAndResourceOwner(ctx context.Context, loginName, r return nil, err } if user.ResourceOwner != resourceOwner { - return nil, errors.ThrowNotFound(nil, "VIEW-qScmi", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "VIEW-qScmi", "Errors.User.NotFound") } return user, nil @@ -105,7 +105,7 @@ func (v *View) userByID(ctx context.Context, instanceID string, queries ...query Errorf("could not get current sequence for userByID") user, err := view.UserByID(v.Db, userTable, queriedUser.ID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } @@ -136,7 +136,7 @@ func (v *View) userByID(ctx context.Context, instanceID string, queries ...query } if user.State == int32(usr_model.UserStateDeleted) { - return nil, errors.ThrowNotFound(nil, "VIEW-r4y8r", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "VIEW-r4y8r", "Errors.User.NotFound") } return user, nil @@ -156,7 +156,7 @@ func (v *View) PutUsers(users []*model.UserView, event eventstore.Event) error { func (v *View) DeleteUser(userID, instanceID string, event eventstore.Event) error { err := view.DeleteUser(v.Db, userTable, userID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -164,7 +164,7 @@ func (v *View) DeleteUser(userID, instanceID string, event eventstore.Event) err func (v *View) DeleteInstanceUsers(event eventstore.Event) error { err := view.DeleteInstanceUsers(v.Db, userTable, event.Aggregate().InstanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -172,7 +172,7 @@ func (v *View) DeleteInstanceUsers(event eventstore.Event) error { func (v *View) UpdateOrgOwnerRemovedUsers(event eventstore.Event) error { err := view.UpdateOrgOwnerRemovedUsers(v.Db, userTable, event.Aggregate().InstanceID, event.Aggregate().ID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil diff --git a/internal/auth/repository/eventsourcing/view/user_session.go b/internal/auth/repository/eventsourcing/view/user_session.go index 5303b0deab..e2e4938d62 100644 --- a/internal/auth/repository/eventsourcing/view/user_session.go +++ b/internal/auth/repository/eventsourcing/view/user_session.go @@ -3,11 +3,11 @@ package view import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -44,7 +44,7 @@ func (v *View) PutUserSessions(userSession []*model.UserSessionView) error { func (v *View) DeleteUserSessions(userID, instanceID string) error { err := view.DeleteUserSessions(v.Db, userSessionTable, userID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -52,7 +52,7 @@ func (v *View) DeleteUserSessions(userID, instanceID string) error { func (v *View) DeleteInstanceUserSessions(instanceID string) error { err := view.DeleteInstanceUserSessions(v.Db, userSessionTable, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -60,7 +60,7 @@ func (v *View) DeleteInstanceUserSessions(instanceID string) error { func (v *View) DeleteOrgUserSessions(event eventstore.Event) error { err := view.DeleteOrgUserSessions(v.Db, userSessionTable, event.Aggregate().InstanceID, event.Aggregate().ResourceOwner) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil diff --git a/internal/auth/repository/user_session.go b/internal/auth/repository/user_session.go index 0bfaf47e1f..182fe9edea 100644 --- a/internal/auth/repository/user_session.go +++ b/internal/auth/repository/user_session.go @@ -8,5 +8,4 @@ import ( type UserSessionRepository interface { GetMyUserSessions(ctx context.Context) ([]*model.UserSessionView, error) - ActiveUserSessionCount() int64 } diff --git a/internal/auth_request/repository/cache/cache.go b/internal/auth_request/repository/cache/cache.go index 10090ef286..63c442ef2d 100644 --- a/internal/auth_request/repository/cache/cache.go +++ b/internal/auth_request/repository/cache/cache.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequestCache struct { @@ -50,7 +50,7 @@ func (c *AuthRequestCache) UpdateAuthRequest(_ context.Context, request *domain. func (c *AuthRequestCache) DeleteAuthRequest(ctx context.Context, id string) error { _, err := c.client.Exec("DELETE FROM auth.auth_requests WHERE instance_id = $1 and id = $2", authz.GetInstance(ctx).InstanceID(), id) if err != nil { - return caos_errs.ThrowInternal(err, "CACHE-dsHw3", "unable to delete auth request") + return zerrors.ThrowInternal(err, "CACHE-dsHw3", "unable to delete auth request") } return nil } @@ -67,16 +67,16 @@ func (c *AuthRequestCache) getAuthRequest(key, value, instanceID string) (*domai if err != nil { if errors.Is(err, sql.ErrNoRows) { - return nil, caos_errs.ThrowNotFound(err, "CACHE-d24aD", "Errors.AuthRequest.NotFound") + return nil, zerrors.ThrowNotFound(err, "CACHE-d24aD", "Errors.AuthRequest.NotFound") } - return nil, caos_errs.ThrowInternal(err, "CACHE-as3kj", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "CACHE-as3kj", "Errors.Internal") } request, err := domain.NewAuthRequestFromType(requestType) if err == nil { err = json.Unmarshal(b, request) } if err != nil { - return nil, caos_errs.ThrowInternal(err, "CACHE-2wshg", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "CACHE-2wshg", "Errors.Internal") } return request, nil } @@ -84,11 +84,11 @@ func (c *AuthRequestCache) getAuthRequest(key, value, instanceID string) (*domai func (c *AuthRequestCache) saveAuthRequest(request *domain.AuthRequest, query string, date time.Time, param interface{}) error { b, err := json.Marshal(request) if err != nil { - return caos_errs.ThrowInternal(err, "CACHE-os0GH", "Errors.Internal") + return zerrors.ThrowInternal(err, "CACHE-os0GH", "Errors.Internal") } _, err = c.client.Exec(query, request.ID, b, request.InstanceID, date, param) if err != nil { - return caos_errs.ThrowInternal(err, "CACHE-su3GK", "Errors.Internal") + return zerrors.ThrowInternal(err, "CACHE-su3GK", "Errors.Internal") } return nil } diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go index ea007dfa63..2ddcc3cf93 100644 --- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go +++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go @@ -18,13 +18,13 @@ import ( "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" usr_model "github.com/zitadel/zitadel/internal/user/model" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type TokenVerifierRepo struct { @@ -53,10 +53,10 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st Errorf("could not get current sequence for token check") token, viewErr := repo.View.TokenByIDs(tokenID, userID, instanceID) - if viewErr != nil && !caos_errs.IsNotFound(viewErr) { + if viewErr != nil && !zerrors.IsNotFound(viewErr) { return nil, viewErr } - if caos_errs.IsNotFound(viewErr) { + if zerrors.IsNotFound(viewErr) { token = new(model.TokenView) token.ID = tokenID token.UserID = userID @@ -66,8 +66,8 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st } events, esErr := repo.getUserEvents(ctx, userID, instanceID, token.ChangeDate, token.GetRelevantEventTypes()) - if caos_errs.IsNotFound(viewErr) && len(events) == 0 { - return nil, caos_errs.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") + if zerrors.IsNotFound(viewErr) && len(events) == 0 { + return nil, zerrors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") } if esErr != nil { @@ -82,7 +82,7 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st } } if !token.Expiration.After(time.Now().UTC()) || token.Deactivated { - return nil, caos_errs.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") + return nil, zerrors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") } return model.TokenViewToModel(token), nil } @@ -93,7 +93,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin tokenID, subject, ok := repo.getTokenIDAndSubject(ctx, tokenString) if !ok { - return "", "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-Reb32", "invalid token") + return "", "", "", "", "", zerrors.ThrowUnauthenticated(nil, "APP-Reb32", "invalid token") } if strings.HasPrefix(tokenID, command.IDPrefixV2) { userID, clientID, resourceOwner, err = repo.verifyAccessTokenV2(ctx, tokenID, verifierClientID, projectID) @@ -114,10 +114,10 @@ func (repo *TokenVerifierRepo) verifyAccessTokenV1(ctx context.Context, tokenID, token, err := repo.tokenByID(ctx, tokenID, subject) tokenSpan.EndWithError(err) if err != nil { - return "", "", "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token") + return "", "", "", "", "", zerrors.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token") } if !token.Expiration.After(time.Now().UTC()) { - return "", "", "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-k9KS0", "invalid token") + return "", "", "", "", "", zerrors.ThrowUnauthenticated(err, "APP-k9KS0", "invalid token") } if token.IsPAT { return token.UserID, "", "", "", token.ResourceOwner, nil @@ -154,7 +154,7 @@ func (repo *TokenVerifierRepo) verifySessionToken(ctx context.Context, sessionID return "", "", "", err } if !session.Expiration.IsZero() && session.Expiration.Before(time.Now()) { - return "", "", "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-EGDo3", "session expired") + return "", "", "", zerrors.ThrowPermissionDenied(nil, "AUTHZ-EGDo3", "session expired") } if err = repo.checkAuthentication(ctx, authMethodsFromSession(session), session.UserFactor.UserID); err != nil { return "", "", "", err @@ -166,7 +166,7 @@ func (repo *TokenVerifierRepo) verifySessionToken(ctx context.Context, sessionID // It will also check if there was a multi factor authentication, if either MFA is forced by the login policy or if the user has set up any func (repo *TokenVerifierRepo) checkAuthentication(ctx context.Context, authMethods []domain.UserAuthMethodType, userID string) error { if len(authMethods) == 0 { - return caos_errs.ThrowPermissionDenied(nil, "AUTHZ-Kl3p0", "authentication required") + return zerrors.ThrowPermissionDenied(nil, "AUTHZ-Kl3p0", "authentication required") } if domain.HasMFA(authMethods) { return nil @@ -176,7 +176,7 @@ func (repo *TokenVerifierRepo) checkAuthentication(ctx context.Context, authMeth return err } if domain.RequiresMFA(forceMFA, forceMFALocalOnly, hasIDPAuthentication(authMethods)) || domain.HasMFA(availableAuthMethods) { - return caos_errs.ThrowPermissionDenied(nil, "AUTHZ-Kl3p0", "mfa required") + return zerrors.ThrowPermissionDenied(nil, "AUTHZ-Kl3p0", "mfa required") } return nil } @@ -288,11 +288,11 @@ func (repo *TokenVerifierRepo) jwtTokenVerifier(ctx context.Context) *op.AccessT func (repo *TokenVerifierRepo) decryptAccessToken(token string) (string, error) { tokenData, err := base64.RawURLEncoding.DecodeString(token) if err != nil { - return "", caos_errs.ThrowUnauthenticated(nil, "APP-ASdgg", "invalid token") + return "", zerrors.ThrowUnauthenticated(nil, "APP-ASdgg", "invalid token") } tokenIDSubject, err := repo.TokenVerificationKey.DecryptString(tokenData, repo.TokenVerificationKey.EncryptionKeyID()) if err != nil { - return "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token") + return "", zerrors.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token") } return tokenIDSubject, nil } @@ -303,7 +303,7 @@ func verifyAudience(audience []string, verifierClientID, projectID string) error return nil } } - return caos_errs.ThrowUnauthenticated(nil, "APP-Zxfako", "invalid audience") + return zerrors.ThrowUnauthenticated(nil, "APP-Zxfako", "invalid audience") } type openIDKeySet struct { diff --git a/internal/authz/repository/eventsourcing/view/application.go b/internal/authz/repository/eventsourcing/view/application.go index 8958f2e7e8..8db8ec8e39 100644 --- a/internal/authz/repository/eventsourcing/view/application.go +++ b/internal/authz/repository/eventsourcing/view/application.go @@ -3,9 +3,9 @@ package view import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (v *View) ApplicationByOIDCClientID(ctx context.Context, clientID string) (*query.App, error) { @@ -37,7 +37,7 @@ func (v *View) ApplicationByProjecIDAndAppName(ctx context.Context, projectID, a return nil, err } if len(apps.Apps) != 1 { - return nil, errors.ThrowNotFound(nil, "VIEW-svLQq", "app not found") + return nil, zerrors.ThrowNotFound(nil, "VIEW-svLQq", "app not found") } return apps.Apps[0], nil diff --git a/internal/authz/repository/eventsourcing/view/token.go b/internal/authz/repository/eventsourcing/view/token.go index 20baf22747..47667ae68e 100644 --- a/internal/authz/repository/eventsourcing/view/token.go +++ b/internal/authz/repository/eventsourcing/view/token.go @@ -4,11 +4,11 @@ import ( "context" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/query" usr_view "github.com/zitadel/zitadel/internal/user/repository/view" usr_view_model "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -25,7 +25,7 @@ func (v *View) PutToken(token *usr_view_model.TokenView, event *models.Event) er func (v *View) DeleteToken(tokenID, instanceID string, event *models.Event) error { err := usr_view.DeleteToken(v.Db, tokenTable, tokenID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil @@ -33,7 +33,7 @@ func (v *View) DeleteToken(tokenID, instanceID string, event *models.Event) erro func (v *View) DeleteSessionTokens(agentID, userID, instanceID string, event *models.Event) error { err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID, instanceID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return err } return nil diff --git a/internal/cache/bigcache/bigcache_test.go b/internal/cache/bigcache/bigcache_test.go deleted file mode 100644 index 2c91f019c5..0000000000 --- a/internal/cache/bigcache/bigcache_test.go +++ /dev/null @@ -1,222 +0,0 @@ -package bigcache - -import ( - "reflect" - "testing" - - a_cache "github.com/allegro/bigcache" - "github.com/zitadel/zitadel/internal/errors" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type TestStruct struct { - Test string -} - -func getBigCacheMock() *Bigcache { - cache, _ := a_cache.NewBigCache(a_cache.DefaultConfig(2000)) - return &Bigcache{cache: cache} -} - -func TestSet(t *testing.T) { - type args struct { - cache *Bigcache - key string - value *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "set cache no err", - args: args{ - cache: getBigCacheMock(), - key: "KEY", - value: &TestStruct{Test: "Test"}, - }, - res: res{ - result: &TestStruct{}, - }, - }, - { - name: "key empty", - args: args{ - cache: getBigCacheMock(), - key: "", - value: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - { - name: "set cache nil value", - args: args{ - cache: getBigCacheMock(), - key: "KEY", - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set(tt.args.key, tt.args.value) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc == nil { - tt.args.cache.Get(tt.args.key, tt.res.result) - if tt.res.result == nil { - t.Errorf("got wrong result should get result: %v ", err) - } - } - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} - -func TestGet(t *testing.T) { - type args struct { - event []*es_models.Event - cache *Bigcache - key string - setValue *TestStruct - getValue *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "get cache no err", - args: args{ - cache: getBigCacheMock(), - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - result: &TestStruct{Test: "Test"}, - }, - }, - { - name: "get cache no key", - args: args{ - cache: getBigCacheMock(), - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - { - name: "get cache no value", - args: args{ - cache: getBigCacheMock(), - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set("KEY", tt.args.setValue) - if err != nil { - t.Errorf("something went wrong") - } - - err = tt.args.cache.Get(tt.args.key, tt.args.getValue) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc == nil && !reflect.DeepEqual(tt.args.getValue, tt.res.result) { - t.Errorf("got wrong result expected: %v actual: %v", tt.res.result, tt.args.getValue) - } - - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} - -func TestDelete(t *testing.T) { - type args struct { - event []*es_models.Event - cache *Bigcache - key string - setValue *TestStruct - getValue *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "delete cache no err", - args: args{ - cache: getBigCacheMock(), - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - }, - res: res{}, - }, - { - name: "get cache no key", - args: args{ - cache: getBigCacheMock(), - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set("KEY", tt.args.setValue) - if err != nil { - t.Errorf("something went wrong") - } - - err = tt.args.cache.Delete(tt.args.key) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} diff --git a/internal/cache/bigcache/cache.go b/internal/cache/bigcache/cache.go deleted file mode 100644 index 9e7baea93e..0000000000 --- a/internal/cache/bigcache/cache.go +++ /dev/null @@ -1,66 +0,0 @@ -package bigcache - -import ( - "bytes" - "encoding/gob" - "reflect" - - a_cache "github.com/allegro/bigcache" - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" -) - -type Bigcache struct { - cache *a_cache.BigCache -} - -func NewBigcache(c *Config) (*Bigcache, error) { - cacheConfig := a_cache.DefaultConfig(c.CacheLifetime) - cacheConfig.HardMaxCacheSize = c.MaxCacheSizeInMB - cache, err := a_cache.NewBigCache(cacheConfig) - if err != nil { - return nil, err - } - - return &Bigcache{ - cache: cache, - }, nil -} - -func (c *Bigcache) Set(key string, object interface{}) error { - if key == "" || reflect.ValueOf(object).IsNil() { - return errors.ThrowInvalidArgument(nil, "BIGCA-du73s", "key or value should not be empty") - } - var b bytes.Buffer - enc := gob.NewEncoder(&b) - if err := enc.Encode(object); err != nil { - return errors.ThrowInvalidArgument(err, "BIGCA-RUyxI", "unable to encode object") - } - return c.cache.Set(key, b.Bytes()) -} - -func (c *Bigcache) Get(key string, ptrToObject interface{}) error { - if key == "" || reflect.ValueOf(ptrToObject).IsNil() { - return errors.ThrowInvalidArgument(nil, "BIGCA-dksoe", "key or value should not be empty") - } - value, err := c.cache.Get(key) - if err == a_cache.ErrEntryNotFound { - return errors.ThrowNotFound(err, "BIGCA-we32s", "not in cache") - } - if err != nil { - logging.Log("BIGCA-ftofbc").WithError(err).Info("read from cache failed") - return errors.ThrowInvalidArgument(err, "BIGCA-3idls", "error in reading from cache") - } - - b := bytes.NewBuffer(value) - dec := gob.NewDecoder(b) - - return dec.Decode(ptrToObject) -} - -func (c *Bigcache) Delete(key string) error { - if key == "" { - return errors.ThrowInvalidArgument(nil, "BIGCA-clsi2", "key should not be empty") - } - return c.cache.Delete(key) -} diff --git a/internal/cache/bigcache/config.go b/internal/cache/bigcache/config.go deleted file mode 100644 index fa997ea59c..0000000000 --- a/internal/cache/bigcache/config.go +++ /dev/null @@ -1,17 +0,0 @@ -package bigcache - -import ( - "time" - - "github.com/zitadel/zitadel/internal/cache" -) - -type Config struct { - MaxCacheSizeInMB int - //CacheLifetime if set, entries older than the lifetime will be deleted on cleanup (every minute) - CacheLifetime time.Duration -} - -func (c *Config) NewCache() (cache.Cache, error) { - return NewBigcache(c) -} diff --git a/internal/cache/cache.go b/internal/cache/cache.go deleted file mode 100644 index b2eef1cc6f..0000000000 --- a/internal/cache/cache.go +++ /dev/null @@ -1,7 +0,0 @@ -package cache - -type Cache interface { - Set(key string, object interface{}) error - Get(key string, ptrToObject interface{}) error - Delete(key string) error -} diff --git a/internal/cache/config.go b/internal/cache/config.go deleted file mode 100644 index 86c298241d..0000000000 --- a/internal/cache/config.go +++ /dev/null @@ -1,5 +0,0 @@ -package cache - -type Config interface { - NewCache() (Cache, error) -} diff --git a/internal/cache/config/config.go b/internal/cache/config/config.go deleted file mode 100644 index 7cabee8fc1..0000000000 --- a/internal/cache/config/config.go +++ /dev/null @@ -1,59 +0,0 @@ -package config - -import ( - "encoding/json" - - "github.com/zitadel/zitadel/internal/cache" - "github.com/zitadel/zitadel/internal/cache/bigcache" - "github.com/zitadel/zitadel/internal/cache/fastcache" - "github.com/zitadel/zitadel/internal/errors" -) - -type CacheConfig struct { - Type string - Config cache.Config -} - -var caches = map[string]func() cache.Config{ - "bigcache": func() cache.Config { return &bigcache.Config{} }, - "fastcache": func() cache.Config { return &fastcache.Config{} }, -} - -func (c *CacheConfig) UnmarshalJSON(data []byte) error { - var rc struct { - Type string - Config json.RawMessage - } - - if err := json.Unmarshal(data, &rc); err != nil { - return errors.ThrowInternal(err, "CONFI-98ejs", "unable to unmarshal config") - } - - c.Type = rc.Type - - var err error - c.Config, err = newCacheConfig(c.Type, rc.Config) - if err != nil { - return errors.ThrowInternal(err, "CONFI-do9es", "unable create config") - } - - return nil -} - -func newCacheConfig(cacheType string, configData []byte) (cache.Config, error) { - t, ok := caches[cacheType] - if !ok { - return nil, errors.ThrowInternal(nil, "CONFI-di328s", "no config") - } - - cacheConfig := t() - if len(configData) == 0 { - return cacheConfig, nil - } - - if err := json.Unmarshal(configData, cacheConfig); err != nil { - return nil, errors.ThrowInternal(nil, "CONFI-skei3", "could not read config") - } - - return cacheConfig, nil -} diff --git a/internal/cache/fastcache/config.go b/internal/cache/fastcache/config.go deleted file mode 100644 index 5e68126156..0000000000 --- a/internal/cache/fastcache/config.go +++ /dev/null @@ -1,11 +0,0 @@ -package fastcache - -import "github.com/zitadel/zitadel/internal/cache" - -type Config struct { - MaxCacheSizeInByte int -} - -func (c *Config) NewCache() (cache.Cache, error) { - return NewFastcache(c) -} diff --git a/internal/cache/fastcache/fastcache.go b/internal/cache/fastcache/fastcache.go deleted file mode 100644 index 1ff4eee140..0000000000 --- a/internal/cache/fastcache/fastcache.go +++ /dev/null @@ -1,57 +0,0 @@ -package fastcache - -import ( - "bytes" - "encoding/gob" - "reflect" - - "github.com/zitadel/zitadel/internal/errors" - - "github.com/VictoriaMetrics/fastcache" -) - -type Fastcache struct { - cache *fastcache.Cache -} - -func NewFastcache(config *Config) (*Fastcache, error) { - return &Fastcache{ - cache: fastcache.New(config.MaxCacheSizeInByte), - }, nil -} - -func (fc *Fastcache) Set(key string, object interface{}) error { - if key == "" || reflect.ValueOf(object).IsNil() { - return errors.ThrowInvalidArgument(nil, "FASTC-87dj3", "key or value should not be empty") - } - var b bytes.Buffer - enc := gob.NewEncoder(&b) - if err := enc.Encode(object); err != nil { - return errors.ThrowInvalidArgument(err, "FASTC-RUyxI", "unable to encode object") - } - fc.cache.Set([]byte(key), b.Bytes()) - return nil -} - -func (fc *Fastcache) Get(key string, ptrToObject interface{}) error { - if key == "" || reflect.ValueOf(ptrToObject).IsNil() { - return errors.ThrowInvalidArgument(nil, "FASTC-di8es", "key or value should not be empty") - } - data := fc.cache.Get(nil, []byte(key)) - if len(data) == 0 { - return errors.ThrowNotFound(nil, "FASTC-xYzSm", "key not found") - } - - b := bytes.NewBuffer(data) - dec := gob.NewDecoder(b) - - return dec.Decode(ptrToObject) -} - -func (fc *Fastcache) Delete(key string) error { - if key == "" { - return errors.ThrowInvalidArgument(nil, "FASTC-lod92", "key should not be empty") - } - fc.cache.Del([]byte(key)) - return nil -} diff --git a/internal/cache/fastcache/fastcache_test.go b/internal/cache/fastcache/fastcache_test.go deleted file mode 100644 index e17566e12a..0000000000 --- a/internal/cache/fastcache/fastcache_test.go +++ /dev/null @@ -1,217 +0,0 @@ -package fastcache - -import ( - "reflect" - "testing" - - "github.com/VictoriaMetrics/fastcache" - "github.com/zitadel/zitadel/internal/errors" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type TestStruct struct { - Test string -} - -func TestSet(t *testing.T) { - type args struct { - cache *Fastcache - key string - value *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "set cache no err", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "KEY", - value: &TestStruct{Test: "Test"}, - }, - res: res{ - result: &TestStruct{}, - }, - }, - { - name: "key empty", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "", - value: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - { - name: "set cache nil value", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "KEY", - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set(tt.args.key, tt.args.value) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc == nil { - tt.args.cache.Get(tt.args.key, tt.res.result) - if tt.res.result == nil { - t.Errorf("got wrong result should get result: %v ", err) - } - } - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} - -func TestGet(t *testing.T) { - type args struct { - event []*es_models.Event - cache *Fastcache - key string - setValue *TestStruct - getValue *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "get cache no err", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - result: &TestStruct{Test: "Test"}, - }, - }, - { - name: "get cache no key", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - { - name: "get cache no value", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set("KEY", tt.args.setValue) - if err != nil { - t.Errorf("something went wrong") - } - - err = tt.args.cache.Get(tt.args.key, tt.args.getValue) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc == nil && !reflect.DeepEqual(tt.args.getValue, tt.res.result) { - t.Errorf("got wrong result expected: %v actual: %v", tt.res.result, tt.args.getValue) - } - - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} - -func TestDelete(t *testing.T) { - type args struct { - event []*es_models.Event - cache *Fastcache - key string - setValue *TestStruct - getValue *TestStruct - } - type res struct { - result *TestStruct - errFunc func(err error) bool - } - tests := []struct { - name string - args args - res res - }{ - { - name: "delete cache no err", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - key: "KEY", - setValue: &TestStruct{Test: "Test"}, - }, - res: res{}, - }, - { - name: "get cache no key", - args: args{ - cache: &Fastcache{cache: fastcache.New(2000)}, - setValue: &TestStruct{Test: "Test"}, - getValue: &TestStruct{Test: "Test"}, - }, - res: res{ - errFunc: errors.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - err := tt.args.cache.Set("KEY", tt.args.setValue) - if err != nil { - t.Errorf("something went wrong") - } - - err = tt.args.cache.Delete(tt.args.key) - - if tt.res.errFunc == nil && err != nil { - t.Errorf("got wrong result should not get err: %v ", err) - } - - if tt.res.errFunc != nil && !tt.res.errFunc(err) { - t.Errorf("got wrong err: %v ", err) - } - }) - } -} diff --git a/internal/cache/generate.go b/internal/cache/generate.go deleted file mode 100644 index 2809d31003..0000000000 --- a/internal/cache/generate.go +++ /dev/null @@ -1,3 +0,0 @@ -package cache - -//go:generate mockgen -package mock -destination ./mock/cache.mock.go github.com/zitadel/zitadel/internal/cache Cache diff --git a/internal/cache/mock/cache.mock.go b/internal/cache/mock/cache.mock.go deleted file mode 100644 index 56a238922f..0000000000 --- a/internal/cache/mock/cache.mock.go +++ /dev/null @@ -1,80 +0,0 @@ -// Code generated by MockGen. DO NOT EDIT. -// Source: github.com/zitadel/zitadel/internal/cache (interfaces: Cache) -// -// Generated by this command: -// -// mockgen -package mock -destination ./mock/cache.mock.go github.com/zitadel/zitadel/internal/cache Cache -// -// Package mock is a generated GoMock package. -package mock - -import ( - reflect "reflect" - - gomock "go.uber.org/mock/gomock" -) - -// MockCache is a mock of Cache interface. -type MockCache struct { - ctrl *gomock.Controller - recorder *MockCacheMockRecorder -} - -// MockCacheMockRecorder is the mock recorder for MockCache. -type MockCacheMockRecorder struct { - mock *MockCache -} - -// NewMockCache creates a new mock instance. -func NewMockCache(ctrl *gomock.Controller) *MockCache { - mock := &MockCache{ctrl: ctrl} - mock.recorder = &MockCacheMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use. -func (m *MockCache) EXPECT() *MockCacheMockRecorder { - return m.recorder -} - -// Delete mocks base method. -func (m *MockCache) Delete(arg0 string) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Delete", arg0) - ret0, _ := ret[0].(error) - return ret0 -} - -// Delete indicates an expected call of Delete. -func (mr *MockCacheMockRecorder) Delete(arg0 any) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Delete", reflect.TypeOf((*MockCache)(nil).Delete), arg0) -} - -// Get mocks base method. -func (m *MockCache) Get(arg0 string, arg1 any) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Get", arg0, arg1) - ret0, _ := ret[0].(error) - return ret0 -} - -// Get indicates an expected call of Get. -func (mr *MockCacheMockRecorder) Get(arg0, arg1 any) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockCache)(nil).Get), arg0, arg1) -} - -// Set mocks base method. -func (m *MockCache) Set(arg0 string, arg1 any) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Set", arg0, arg1) - ret0, _ := ret[0].(error) - return ret0 -} - -// Set indicates an expected call of Set. -func (mr *MockCacheMockRecorder) Set(arg0, arg1 any) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Set", reflect.TypeOf((*MockCache)(nil).Set), arg0, arg1) -} diff --git a/internal/command/auth_checks.go b/internal/command/auth_checks.go index 703c2a89ee..994060f0d3 100644 --- a/internal/command/auth_checks.go +++ b/internal/command/auth_checks.go @@ -4,7 +4,7 @@ import ( "context" "github.com/zitadel/zitadel/internal/api/authz" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error { @@ -19,7 +19,7 @@ func checkExplicitProjectPermission(ctx context.Context, grantID, projectID stri if listContainsID(ids, projectID) { return nil } - return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject") + return zerrors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject") } func listContainsID(ids []string, id string) bool { diff --git a/internal/command/auth_request.go b/internal/command/auth_request.go index b0b0226100..1a24e75b5c 100644 --- a/internal/command/auth_request.go +++ b/internal/command/auth_request.go @@ -6,9 +6,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/authrequest" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequest struct { @@ -50,7 +50,7 @@ func (c *Commands) AddAuthRequest(ctx context.Context, authRequest *AuthRequest) return nil, err } if writeModel.AuthRequestState != domain.AuthRequestStateUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-Sf3gt", "Errors.AuthRequest.AlreadyExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sf3gt", "Errors.AuthRequest.AlreadyExisting") } err = c.pushAppendAndReduce(ctx, writeModel, authrequest.NewAddedEvent( ctx, @@ -82,13 +82,13 @@ func (c *Commands) LinkSessionToAuthRequest(ctx context.Context, id, sessionID, return nil, nil, err } if writeModel.AuthRequestState == domain.AuthRequestStateUnspecified { - return nil, nil, errors.ThrowNotFound(nil, "COMMAND-jae5P", "Errors.AuthRequest.NotExisting") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-jae5P", "Errors.AuthRequest.NotExisting") } if writeModel.AuthRequestState != domain.AuthRequestStateAdded { - return nil, nil, errors.ThrowPreconditionFailed(nil, "COMMAND-Sx208nt", "Errors.AuthRequest.AlreadyHandled") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sx208nt", "Errors.AuthRequest.AlreadyHandled") } if checkLoginClient && authz.GetCtxData(ctx).UserID != writeModel.LoginClient { - return nil, nil, errors.ThrowPermissionDenied(nil, "COMMAND-rai9Y", "Errors.AuthRequest.WrongLoginClient") + return nil, nil, zerrors.ThrowPermissionDenied(nil, "COMMAND-rai9Y", "Errors.AuthRequest.WrongLoginClient") } sessionWriteModel := NewSessionWriteModel(sessionID, authz.GetInstance(ctx).InstanceID()) err = c.eventstore.FilterToQueryReducer(ctx, sessionWriteModel) @@ -120,7 +120,7 @@ func (c *Commands) FailAuthRequest(ctx context.Context, id string, reason domain return nil, nil, err } if writeModel.AuthRequestState != domain.AuthRequestStateAdded { - return nil, nil, errors.ThrowPreconditionFailed(nil, "COMMAND-Sx202nt", "Errors.AuthRequest.AlreadyHandled") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sx202nt", "Errors.AuthRequest.AlreadyHandled") } err = c.pushAppendAndReduce(ctx, writeModel, authrequest.NewFailedEvent( ctx, @@ -135,14 +135,14 @@ func (c *Commands) FailAuthRequest(ctx context.Context, id string, reason domain func (c *Commands) AddAuthRequestCode(ctx context.Context, authRequestID, code string) (err error) { if code == "" { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Ht52d", "Errors.AuthRequest.InvalidCode") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Ht52d", "Errors.AuthRequest.InvalidCode") } writeModel, err := c.getAuthRequestWriteModel(ctx, authRequestID) if err != nil { return err } if writeModel.AuthRequestState != domain.AuthRequestStateAdded || writeModel.SessionID == "" { - return errors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.AlreadyHandled") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.AlreadyHandled") } return c.pushAppendAndReduce(ctx, writeModel, authrequest.NewCodeAddedEvent(ctx, &authrequest.NewAggregate(writeModel.AggregateID, authz.GetInstance(ctx).InstanceID()).Aggregate)) @@ -150,14 +150,14 @@ func (c *Commands) AddAuthRequestCode(ctx context.Context, authRequestID, code s func (c *Commands) ExchangeAuthCode(ctx context.Context, code string) (authRequest *CurrentAuthRequest, err error) { if code == "" { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-Sf3g2", "Errors.AuthRequest.InvalidCode") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sf3g2", "Errors.AuthRequest.InvalidCode") } writeModel, err := c.getAuthRequestWriteModel(ctx, code) if err != nil { return nil, err } if writeModel.AuthRequestState != domain.AuthRequestStateCodeAdded { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.NoCode") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.NoCode") } err = c.pushAppendAndReduce(ctx, writeModel, authrequest.NewCodeExchangedEvent(ctx, &authrequest.NewAggregate(writeModel.AggregateID, authz.GetInstance(ctx).InstanceID()).Aggregate)) diff --git a/internal/command/auth_request_model.go b/internal/command/auth_request_model.go index d27caf8764..235477f627 100644 --- a/internal/command/auth_request_model.go +++ b/internal/command/auth_request_model.go @@ -6,9 +6,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequestWriteModel struct { @@ -95,7 +95,7 @@ func (m *AuthRequestWriteModel) Query() *eventstore.SearchQueryBuilder { // and in case of a Code Flow the code must have been exchanged func (m *AuthRequestWriteModel) CheckAuthenticated() error { if m.SessionID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated") + return zerrors.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated") } // in case of OIDC Code Flow, the code must have been exchanged if m.ResponseType == domain.OIDCResponseTypeCode && m.AuthRequestState == domain.AuthRequestStateCodeExchanged { @@ -106,5 +106,5 @@ func (m *AuthRequestWriteModel) CheckAuthenticated() error { m.AuthRequestState == domain.AuthRequestStateAdded { return nil } - return caos_errs.ThrowPreconditionFailed(nil, "AUTHR-sajk3", "Errors.AuthRequest.NotAuthenticated") + return zerrors.ThrowPreconditionFailed(nil, "AUTHR-sajk3", "Errors.AuthRequest.NotAuthenticated") } diff --git a/internal/command/auth_request_test.go b/internal/command/auth_request_test.go index e077c90f97..a70a592bb0 100644 --- a/internal/command/auth_request_test.go +++ b/internal/command/auth_request_test.go @@ -13,12 +13,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/authrequest" "github.com/zitadel/zitadel/internal/repository/session" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddAuthRequest(t *testing.T) { @@ -70,7 +70,7 @@ func TestCommands_AddAuthRequest(t *testing.T) { request: &AuthRequest{}, }, nil, - caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sf3gt", "Errors.AuthRequest.AlreadyExisting"), + zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sf3gt", "Errors.AuthRequest.AlreadyExisting"), }, { "added", @@ -199,7 +199,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { sessionID: "sessionID", }, res{ - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-jae5P", "Errors.AuthRequest.NotExisting"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-jae5P", "Errors.AuthRequest.NotExisting"), }, }, { @@ -239,7 +239,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { sessionID: "sessionID", }, res{ - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sx208nt", "Errors.AuthRequest.AlreadyHandled"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sx208nt", "Errors.AuthRequest.AlreadyHandled"), }, }, { @@ -277,7 +277,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { checkLoginClient: true, }, res{ - wantErr: caos_errs.ThrowPermissionDenied(nil, "COMMAND-rai9Y", "Errors.AuthRequest.WrongLoginClient"), + wantErr: zerrors.ThrowPermissionDenied(nil, "COMMAND-rai9Y", "Errors.AuthRequest.WrongLoginClient"), }, }, { @@ -314,7 +314,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { sessionID: "sessionID", }, res{ - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), }, }, { @@ -374,7 +374,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { sessionToken: "token", }, res{ - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Hkl3d", "Errors.Session.Expired"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Hkl3d", "Errors.Session.Expired"), }, }, { @@ -423,7 +423,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) { sessionToken: "invalid", }, res{ - wantErr: caos_errs.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), + wantErr: zerrors.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), }, }, { @@ -650,7 +650,7 @@ func TestCommands_FailAuthRequest(t *testing.T) { reason: domain.OIDCErrorReasonLoginRequired, }, res{ - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sx202nt", "Errors.AuthRequest.AlreadyHandled"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sx202nt", "Errors.AuthRequest.AlreadyHandled"), }, }, { @@ -745,7 +745,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) { id: "V2_authRequestID", code: "", }, - caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Ht52d", "Errors.AuthRequest.InvalidCode"), + zerrors.ThrowPreconditionFailed(nil, "COMMAND-Ht52d", "Errors.AuthRequest.InvalidCode"), }, { "no session linked error", @@ -781,7 +781,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) { id: "V2_authRequestID", code: "V2_authRequestID", }, - caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.AlreadyHandled"), + zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.AlreadyHandled"), }, { "success", @@ -871,7 +871,7 @@ func TestCommands_ExchangeAuthCode(t *testing.T) { code: "", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sf3g2", "Errors.AuthRequest.InvalidCode"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sf3g2", "Errors.AuthRequest.InvalidCode"), }, }, { @@ -908,7 +908,7 @@ func TestCommands_ExchangeAuthCode(t *testing.T) { code: "V2_authRequestID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.NoCode"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFwd2", "Errors.AuthRequest.NoCode"), }, }, { diff --git a/internal/command/command.go b/internal/command/command.go index 3b45a9b874..d43bd550d7 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -9,19 +9,22 @@ import ( "math/big" "net/http" "strconv" + "sync" "time" + "github.com/zitadel/logging" + "github.com/zitadel/zitadel/internal/api/authz" api_http "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/command/preparation" sd "github.com/zitadel/zitadel/internal/config/systemdefaults" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/repository/deviceauth" "github.com/zitadel/zitadel/internal/repository/feature" "github.com/zitadel/zitadel/internal/repository/idpintent" instance_repo "github.com/zitadel/zitadel/internal/repository/instance" @@ -37,12 +40,16 @@ import ( usr_repo "github.com/zitadel/zitadel/internal/repository/user" usr_grant_repo "github.com/zitadel/zitadel/internal/repository/usergrant" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/telemetry/tracing" webauthn_helper "github.com/zitadel/zitadel/internal/webauthn" + "github.com/zitadel/zitadel/internal/zerrors" ) type Commands struct { httpClient *http.Client + jobs sync.WaitGroup + checkPermission domain.PermissionCheck newCode cryptoCodeFunc newCodeWithDefault cryptoCodeWithDefaultFunc @@ -105,7 +112,7 @@ func StartCommands( defaultSecretGenerators *SecretGenerators, ) (repo *Commands, err error) { if externalDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Df21s", "no external domain specified") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Df21s", "no external domain specified") } idGenerator := id.SonyFlakeGenerator() // reuse the oidcEncryption to be able to handle both tokens in the interceptor later on @@ -160,6 +167,7 @@ func StartCommands( oidcsession.RegisterEventMappers(repo.eventstore) milestone.RegisterEventMappers(repo.eventstore) feature.RegisterEventMappers(repo.eventstore) + deviceauth.RegisterEventMappers(repo.eventstore) repo.codeAlg = crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost) repo.userPasswordHasher, err = defaults.PasswordHasher.PasswordHasher() @@ -249,7 +257,7 @@ func samlCertificateAndKeyGenerator(keySize int) func(id string) ([]byte, []byte derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv) if err != nil { - return nil, nil, errors.ThrowInternalf(err, "COMMAND-x92u101j", "failed to create certificate") + return nil, nil, zerrors.ThrowInternalf(err, "COMMAND-x92u101j", "failed to create certificate") } keyBlock := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)} @@ -257,3 +265,54 @@ func samlCertificateAndKeyGenerator(keySize int) func(id string) ([]byte, []byte return pem.EncodeToMemory(keyBlock), pem.EncodeToMemory(certBlock), nil } } + +// Close blocks until all async jobs are finished, +// the context expires or after eventstore.PushTimeout. +func (c *Commands) Close(ctx context.Context) error { + if c.eventstore.PushTimeout != 0 { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, c.eventstore.PushTimeout) + defer cancel() + } + + done := make(chan struct{}) + go func() { + c.jobs.Wait() + close(done) + }() + select { + case <-done: + return nil + case <-ctx.Done(): + return ctx.Err() + } +} + +// asyncPush attempts to push events to the eventstore in a separate Go routine. +// This can be used to speed up request times when the outcome of the push is +// not important for business logic but have a pure logging function. +// For example this can be used for Secret Check Success and Failed events. +// On push error, a log line describing the error will be emitted. +func (c *Commands) asyncPush(ctx context.Context, cmds ...eventstore.Command) { + // Create a new context, as the request scoped context might get + // canceled before we where able to push. + // The eventstore has its own PushTimeout setting, + // so we don't need to have a context with timeout here. + ctx = context.WithoutCancel(ctx) + + c.jobs.Add(1) + + go func() { + defer c.jobs.Done() + localCtx, span := tracing.NewSpan(ctx) + + _, err := c.eventstore.Push(localCtx, cmds...) + if err != nil { + for _, cmd := range cmds { + logging.WithError(err).Errorf("could not push event %q", cmd.Type()) + } + } + + span.EndWithError(err) + }() +} diff --git a/internal/command/command_test.go b/internal/command/command_test.go new file mode 100644 index 0000000000..2367930b89 --- /dev/null +++ b/internal/command/command_test.go @@ -0,0 +1,146 @@ +package command + +import ( + "context" + "io" + "os" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" + "github.com/zitadel/zitadel/internal/repository/user" +) + +var ( + SupportedLanguages = []language.Tag{language.English, language.German} + OnlyAllowedLanguages = []language.Tag{language.English} + AllowedLanguage = language.English + DisallowedLanguage = language.German + UnsupportedLanguage = language.Spanish +) + +func TestMain(m *testing.M) { + i18n.SupportLanguages(SupportedLanguages...) + os.Exit(m.Run()) +} + +func TestCommands_asyncPush(t *testing.T) { + // make sure the test terminates on deadlock + background := context.Background() + agg := user.NewAggregate("userID", "orgID") + cmd := user.NewMachineSecretCheckFailedEvent(background, &agg.Aggregate) + + tests := []struct { + name string + pushCtx func() (context.Context, context.CancelFunc) + eventstore func(*testing.T) *eventstore.Eventstore + closeCtx func() (context.Context, context.CancelFunc) + wantCloseErr bool + }{ + { + name: "push error", + pushCtx: func() (context.Context, context.CancelFunc) { + return context.WithCancel(background) + }, + eventstore: expectEventstore( + expectPushFailed(io.ErrClosedPipe, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second) + }, + wantCloseErr: false, + }, + { + name: "success", + pushCtx: func() (context.Context, context.CancelFunc) { + return context.WithCancel(background) + }, + eventstore: expectEventstore( + expectPushSlow(time.Second/10, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second) + }, + wantCloseErr: false, + }, + { + name: "success after push context cancels", + pushCtx: func() (context.Context, context.CancelFunc) { + ctx, cancel := context.WithCancel(background) + cancel() + return ctx, cancel + }, + eventstore: expectEventstore( + expectPushSlow(time.Second/10, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second) + }, + wantCloseErr: false, + }, + { + name: "success after push context timeout", + pushCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second/100) + }, + eventstore: expectEventstore( + expectPushSlow(time.Second/10, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second) + }, + wantCloseErr: false, + }, + { + name: "success after push context timeout", + pushCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second/100) + }, + eventstore: expectEventstore( + expectPushSlow(time.Second/10, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second) + }, + wantCloseErr: false, + }, + { + name: "close timeout error", + pushCtx: func() (context.Context, context.CancelFunc) { + return context.WithCancel(background) + }, + eventstore: expectEventstore( + expectPushSlow(time.Second/10, cmd), + ), + closeCtx: func() (context.Context, context.CancelFunc) { + return context.WithTimeout(background, time.Second/100) + }, + wantCloseErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Commands{ + eventstore: tt.eventstore(t), + } + c.eventstore.PushTimeout = 10 * time.Second + pushCtx, cancel := tt.pushCtx() + c.asyncPush(pushCtx, cmd) + cancel() + + closeCtx, cancel := tt.closeCtx() + defer cancel() + err := c.Close(closeCtx) + if tt.wantCloseErr { + assert.Error(t, err) + return + } + require.NoError(t, err) + }) + } +} diff --git a/internal/command/crypto.go b/internal/command/crypto.go index 0f7fe11ce5..dfbbc00012 100644 --- a/internal/command/crypto.go +++ b/internal/command/crypto.go @@ -7,7 +7,7 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type cryptoCodeFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error) @@ -61,7 +61,7 @@ func secretGenerator(ctx context.Context, filter preparation.FilterToQueryReduce case crypto.EncryptionAlgorithm: return crypto.NewEncryptionGenerator(*config, a), config, nil default: - return nil, nil, errors.ThrowInternalf(nil, "COMMA-RreV6", "Errors.Internal unsupported crypto algorithm type %T", a) + return nil, nil, zerrors.ThrowInternalf(nil, "COMMA-RreV6", "Errors.Internal unsupported crypto algorithm type %T", a) } } diff --git a/internal/command/crypto_test.go b/internal/command/crypto_test.go index cebd1118e5..14df176d12 100644 --- a/internal/command/crypto_test.go +++ b/internal/command/crypto_test.go @@ -13,9 +13,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func mockCode(code string, exp time.Duration) cryptoCodeFunc { @@ -270,7 +270,7 @@ func Test_secretGenerator(t *testing.T) { alg: nil, defaultConfig: emptyConfig, }, - wantErr: errors.ThrowInternalf(nil, "COMMA-RreV6", "Errors.Internal unsupported crypto algorithm type %T", nil), + wantErr: zerrors.ThrowInternalf(nil, "COMMA-RreV6", "Errors.Internal unsupported crypto algorithm type %T", nil), }, } for _, tt := range tests { diff --git a/internal/command/device_auth.go b/internal/command/device_auth.go index 6c3e1a3cfa..7abe858017 100644 --- a/internal/command/device_auth.go +++ b/internal/command/device_auth.go @@ -6,19 +6,14 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/deviceauth" + "github.com/zitadel/zitadel/internal/zerrors" ) -func (c *Commands) AddDeviceAuth(ctx context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) (string, *domain.ObjectDetails, error) { - aggrID, err := c.idGenerator.Next() - if err != nil { - return "", nil, err - } - - aggr := deviceauth.NewAggregate(aggrID, authz.GetInstance(ctx).InstanceID()) - model := NewDeviceAuthWriteModel(aggrID, aggr.ResourceOwner) +func (c *Commands) AddDeviceAuth(ctx context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) (*domain.ObjectDetails, error) { + aggr := deviceauth.NewAggregate(deviceCode, authz.GetInstance(ctx).InstanceID()) + model := NewDeviceAuthWriteModel(deviceCode, aggr.ResourceOwner) pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewAddedEvent( ctx, @@ -30,27 +25,27 @@ func (c *Commands) AddDeviceAuth(ctx context.Context, clientID, deviceCode, user scopes, )) if err != nil { - return "", nil, err + return nil, err } err = AppendAndReduce(model, pushedEvents...) if err != nil { - return "", nil, err + return nil, err } - return model.AggregateID, writeModelToObjectDetails(&model.WriteModel), nil + return writeModelToObjectDetails(&model.WriteModel), nil } -func (c *Commands) ApproveDeviceAuth(ctx context.Context, id, subject string) (*domain.ObjectDetails, error) { - model, err := c.getDeviceAuthWriteModelByID(ctx, id) +func (c *Commands) ApproveDeviceAuth(ctx context.Context, deviceCode, subject string, authMethods []domain.UserAuthMethodType, authTime time.Time) (*domain.ObjectDetails, error) { + model, err := c.getDeviceAuthWriteModelByDeviceCode(ctx, deviceCode) if err != nil { return nil, err } if !model.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Hief9", "Errors.DeviceAuth.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Hief9", "Errors.DeviceAuth.NotFound") } aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID) - pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewApprovedEvent(ctx, aggr, subject)) + pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewApprovedEvent(ctx, aggr, subject, authMethods, authTime)) if err != nil { return nil, err } @@ -63,12 +58,12 @@ func (c *Commands) ApproveDeviceAuth(ctx context.Context, id, subject string) (* } func (c *Commands) CancelDeviceAuth(ctx context.Context, id string, reason domain.DeviceAuthCanceled) (*domain.ObjectDetails, error) { - model, err := c.getDeviceAuthWriteModelByID(ctx, id) + model, err := c.getDeviceAuthWriteModelByDeviceCode(ctx, id) if err != nil { return nil, err } if !model.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-gee5A", "Errors.DeviceAuth.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-gee5A", "Errors.DeviceAuth.NotFound") } aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID) @@ -84,27 +79,8 @@ func (c *Commands) CancelDeviceAuth(ctx context.Context, id string, reason domai return writeModelToObjectDetails(&model.WriteModel), nil } -func (c *Commands) RemoveDeviceAuth(ctx context.Context, id string) (*domain.ObjectDetails, error) { - model, err := c.getDeviceAuthWriteModelByID(ctx, id) - if err != nil { - return nil, err - } - aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID) - - pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewRemovedEvent(ctx, aggr, model.ClientID, model.DeviceCode, model.UserCode)) - if err != nil { - return nil, err - } - err = AppendAndReduce(model, pushedEvents...) - if err != nil { - return nil, err - } - - return writeModelToObjectDetails(&model.WriteModel), nil -} - -func (c *Commands) getDeviceAuthWriteModelByID(ctx context.Context, id string) (*DeviceAuthWriteModel, error) { - model := &DeviceAuthWriteModel{WriteModel: eventstore.WriteModel{AggregateID: id}} +func (c *Commands) getDeviceAuthWriteModelByDeviceCode(ctx context.Context, deviceCode string) (*DeviceAuthWriteModel, error) { + model := &DeviceAuthWriteModel{WriteModel: eventstore.WriteModel{AggregateID: deviceCode}} err := c.eventstore.FilterToQueryReducer(ctx, model) if err != nil { return nil, err diff --git a/internal/command/device_auth_model.go b/internal/command/device_auth_model.go index 2ea52a39ab..69a457c514 100644 --- a/internal/command/device_auth_model.go +++ b/internal/command/device_auth_model.go @@ -11,19 +11,21 @@ import ( type DeviceAuthWriteModel struct { eventstore.WriteModel - ClientID string - DeviceCode string - UserCode string - Expires time.Time - Scopes []string - Subject string - State domain.DeviceAuthState + ClientID string + DeviceCode string + UserCode string + Expires time.Time + Scopes []string + State domain.DeviceAuthState + Subject string + UserAuthMethods []domain.UserAuthMethodType + AuthTime time.Time } -func NewDeviceAuthWriteModel(aggrID, resourceOwner string) *DeviceAuthWriteModel { +func NewDeviceAuthWriteModel(deviceCode, resourceOwner string) *DeviceAuthWriteModel { return &DeviceAuthWriteModel{ WriteModel: eventstore.WriteModel{ - AggregateID: aggrID, + AggregateID: deviceCode, ResourceOwner: resourceOwner, }, } @@ -40,12 +42,12 @@ func (m *DeviceAuthWriteModel) Reduce() error { m.Scopes = e.Scopes m.State = e.State case *deviceauth.ApprovedEvent: - m.Subject = e.Subject m.State = domain.DeviceAuthStateApproved + m.Subject = e.Subject + m.UserAuthMethods = e.UserAuthMethods + m.AuthTime = e.AuthTime case *deviceauth.CanceledEvent: m.State = e.Reason.State() - case *deviceauth.RemovedEvent: - m.State = domain.DeviceAuthStateRemoved } } @@ -54,8 +56,14 @@ func (m *DeviceAuthWriteModel) Reduce() error { func (m *DeviceAuthWriteModel) Query() *eventstore.SearchQueryBuilder { return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + ResourceOwner(m.ResourceOwner). AddQuery(). AggregateTypes(deviceauth.AggregateType). AggregateIDs(m.AggregateID). + EventTypes( + deviceauth.AddedEventType, + deviceauth.ApprovedEventType, + deviceauth.CanceledEventType, + ). Builder() } diff --git a/internal/command/device_auth_test.go b/internal/command/device_auth_test.go index 3b74e13224..584f44f134 100644 --- a/internal/command/device_auth_test.go +++ b/internal/command/device_auth_test.go @@ -8,29 +8,24 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "go.uber.org/mock/gomock" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/id" - id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/deviceauth" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddDeviceAuth(t *testing.T) { ctx := authz.WithInstanceID(context.Background(), "instance1") - idErr := errors.New("idErr") pushErr := errors.New("pushErr") now := time.Now() - unique := deviceauth.NewAddUniqueConstraints("client_id", "123", "456") + unique := deviceauth.NewAddUniqueConstraints("123", "456") require.Len(t, unique, 2) type fields struct { - eventstore *eventstore.Eventstore - idGenerator id.Generator + eventstore *eventstore.Eventstore } type args struct { ctx context.Context @@ -44,42 +39,20 @@ func TestCommands_AddDeviceAuth(t *testing.T) { name string fields fields args args - wantID string wantDetails *domain.ObjectDetails wantErr error }{ - { - name: "idGenerator error", - fields: fields{ - eventstore: eventstoreExpect(t), - idGenerator: func() id.Generator { - m := id_mock.NewMockGenerator(gomock.NewController(t)) - m.EXPECT().Next().Return("", idErr) - return m - }(), - }, - args: args{ - ctx: ctx, - clientID: "client_id", - deviceCode: "123", - userCode: "456", - expires: now, - scopes: []string{"a", "b", "c"}, - }, - wantErr: idErr, - }, { name: "success", fields: fields{ eventstore: eventstoreExpect(t, expectPush( deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "1999"), }, args: args{ ctx: authz.WithInstanceID(context.Background(), "instance1"), @@ -89,7 +62,6 @@ func TestCommands_AddDeviceAuth(t *testing.T) { expires: now, scopes: []string{"a", "b", "c"}, }, - wantID: "1999", wantDetails: &domain.ObjectDetails{ ResourceOwner: "instance1", }, @@ -100,12 +72,11 @@ func TestCommands_AddDeviceAuth(t *testing.T) { eventstore: eventstoreExpect(t, expectPushFailed(pushErr, deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, )), ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "1999"), }, args: args{ ctx: authz.WithInstanceID(context.Background(), "instance1"), @@ -121,12 +92,10 @@ func TestCommands_AddDeviceAuth(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &Commands{ - eventstore: tt.fields.eventstore, - idGenerator: tt.fields.idGenerator, + eventstore: tt.fields.eventstore, } - gotID, gotDetails, err := c.AddDeviceAuth(tt.args.ctx, tt.args.clientID, tt.args.deviceCode, tt.args.userCode, tt.args.expires, tt.args.scopes) + gotDetails, err := c.AddDeviceAuth(tt.args.ctx, tt.args.clientID, tt.args.deviceCode, tt.args.userCode, tt.args.expires, tt.args.scopes) require.ErrorIs(t, err, tt.wantErr) - assert.Equal(t, tt.wantID, gotID) assert.Equal(t, tt.wantDetails, gotDetails) }) } @@ -141,9 +110,11 @@ func TestCommands_ApproveDeviceAuth(t *testing.T) { eventstore *eventstore.Eventstore } type args struct { - ctx context.Context - id string - subject string + ctx context.Context + id string + subject string + authMethods []domain.UserAuthMethodType + authTime time.Time } tests := []struct { name string @@ -156,27 +127,15 @@ func TestCommands_ApproveDeviceAuth(t *testing.T) { name: "not found error", fields: fields{ eventstore: eventstoreExpect(t, - expectFilter( - eventFromEventPusherWithInstanceID("instance1", - deviceauth.NewAddedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", now, - []string{"a", "b", "c"}, - ), - ), - eventFromEventPusherWithInstanceID("instance1", - deviceauth.NewRemovedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", - ), - ), - ), + expectFilter(), ), }, - args: args{ctx, "1999", "subj"}, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-Hief9", "Errors.DeviceAuth.NotFound"), + args: args{ + ctx, "123", "subj", + []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword}, + time.Unix(123, 456), + }, + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-Hief9", "Errors.DeviceAuth.NotFound"), }, { name: "push error", @@ -186,19 +145,25 @@ func TestCommands_ApproveDeviceAuth(t *testing.T) { "instance1", deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), expectPushFailed(pushErr, deviceauth.NewApprovedEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), "subj", + ctx, deviceauth.NewAggregate("123", "instance1"), "subj", + []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword}, + time.Unix(123, 456), ), ), ), }, - args: args{ctx, "1999", "subj"}, + args: args{ + ctx, "123", "subj", + []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword}, + time.Unix(123, 456), + }, wantErr: pushErr, }, { @@ -209,19 +174,25 @@ func TestCommands_ApproveDeviceAuth(t *testing.T) { "instance1", deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), expectPush( deviceauth.NewApprovedEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), "subj", + ctx, deviceauth.NewAggregate("123", "instance1"), "subj", + []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword}, + time.Unix(123, 456), ), ), ), }, - args: args{ctx, "1999", "subj"}, + args: args{ + ctx, "123", "subj", + []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword}, + time.Unix(123, 456), + }, wantDetails: &domain.ObjectDetails{ ResourceOwner: "instance1", }, @@ -232,7 +203,7 @@ func TestCommands_ApproveDeviceAuth(t *testing.T) { c := &Commands{ eventstore: tt.fields.eventstore, } - gotDetails, err := c.ApproveDeviceAuth(tt.args.ctx, tt.args.id, tt.args.subject) + gotDetails, err := c.ApproveDeviceAuth(tt.args.ctx, tt.args.id, tt.args.subject, tt.args.authMethods, tt.args.authTime) require.ErrorIs(t, err, tt.wantErr) assert.Equal(t, gotDetails, tt.wantDetails) }) @@ -263,27 +234,11 @@ func TestCommands_CancelDeviceAuth(t *testing.T) { name: "not found error", fields: fields{ eventstore: eventstoreExpect(t, - expectFilter( - eventFromEventPusherWithInstanceID("instance1", - deviceauth.NewAddedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", now, - []string{"a", "b", "c"}, - ), - ), - eventFromEventPusherWithInstanceID("instance1", - deviceauth.NewRemovedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", - ), - ), - ), + expectFilter(), ), }, - args: args{ctx, "1999", domain.DeviceAuthCanceledDenied}, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-gee5A", "Errors.DeviceAuth.NotFound"), + args: args{ctx, "123", domain.DeviceAuthCanceledDenied}, + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-gee5A", "Errors.DeviceAuth.NotFound"), }, { name: "push error", @@ -293,20 +248,20 @@ func TestCommands_CancelDeviceAuth(t *testing.T) { "instance1", deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), expectPushFailed(pushErr, deviceauth.NewCanceledEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), + ctx, deviceauth.NewAggregate("123", "instance1"), domain.DeviceAuthCanceledDenied, ), ), ), }, - args: args{ctx, "1999", domain.DeviceAuthCanceledDenied}, + args: args{ctx, "123", domain.DeviceAuthCanceledDenied}, wantErr: pushErr, }, { @@ -317,20 +272,20 @@ func TestCommands_CancelDeviceAuth(t *testing.T) { "instance1", deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), expectPush( deviceauth.NewCanceledEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), + ctx, deviceauth.NewAggregate("123", "instance1"), domain.DeviceAuthCanceledDenied, ), ), ), }, - args: args{ctx, "1999", domain.DeviceAuthCanceledDenied}, + args: args{ctx, "123", domain.DeviceAuthCanceledDenied}, wantDetails: &domain.ObjectDetails{ ResourceOwner: "instance1", }, @@ -343,20 +298,20 @@ func TestCommands_CancelDeviceAuth(t *testing.T) { "instance1", deviceauth.NewAddedEvent( ctx, - deviceauth.NewAggregate("1999", "instance1"), + deviceauth.NewAggregate("123", "instance1"), "client_id", "123", "456", now, []string{"a", "b", "c"}, ), )), expectPush( deviceauth.NewCanceledEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), + ctx, deviceauth.NewAggregate("123", "instance1"), domain.DeviceAuthCanceledExpired, ), ), ), }, - args: args{ctx, "1999", domain.DeviceAuthCanceledExpired}, + args: args{ctx, "123", domain.DeviceAuthCanceledExpired}, wantDetails: &domain.ObjectDetails{ ResourceOwner: "instance1", }, @@ -373,88 +328,3 @@ func TestCommands_CancelDeviceAuth(t *testing.T) { }) } } - -func TestCommands_RemoveDeviceAuth(t *testing.T) { - ctx := authz.WithInstanceID(context.Background(), "instance1") - now := time.Now() - pushErr := errors.New("pushErr") - - unique := deviceauth.NewRemoveUniqueConstraints("client_id", "123", "456") - require.Len(t, unique, 2) - - type fields struct { - eventstore *eventstore.Eventstore - } - type args struct { - ctx context.Context - id string - } - tests := []struct { - name string - fields fields - args args - wantDetails *domain.ObjectDetails - wantErr error - }{ - { - name: "push error", - fields: fields{ - eventstore: eventstoreExpect(t, - expectFilter(eventFromEventPusherWithInstanceID( - "instance1", - deviceauth.NewAddedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", now, - []string{"a", "b", "c"}, - ), - )), - expectPushFailed(pushErr, - deviceauth.NewRemovedEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", - ), - ), - ), - }, - args: args{ctx, "1999"}, - wantErr: pushErr, - }, - { - name: "success", - fields: fields{ - eventstore: eventstoreExpect(t, - expectFilter(eventFromEventPusherWithInstanceID( - "instance1", - deviceauth.NewAddedEvent( - ctx, - deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", now, - []string{"a", "b", "c"}, - ), - )), - expectPush( - deviceauth.NewRemovedEvent( - ctx, deviceauth.NewAggregate("1999", "instance1"), - "client_id", "123", "456", - ), - ), - ), - }, - args: args{ctx, "1999"}, - wantDetails: &domain.ObjectDetails{ - ResourceOwner: "instance1", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - c := &Commands{ - eventstore: tt.fields.eventstore, - } - gotDetails, err := c.RemoveDeviceAuth(tt.args.ctx, tt.args.id) - require.ErrorIs(t, err, tt.wantErr) - assert.Equal(t, gotDetails, tt.wantDetails) - }) - } -} diff --git a/internal/command/idp.go b/internal/command/idp.go index 3dc8f1ad50..997a772786 100644 --- a/internal/command/idp.go +++ b/internal/command/idp.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/idp" + "github.com/zitadel/zitadel/internal/zerrors" ) type GenericOAuthProvider struct { @@ -167,7 +167,7 @@ func IDPProviderWriteModel(ctx context.Context, filter preparation.FilterToQuery return nil, err } if len(events) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-as02jin", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-as02jin", "Errors.IDPConfig.NotExisting") } writeModel.AppendEvents(events...) if err := writeModel.Reduce(); err != nil { diff --git a/internal/command/idp_intent.go b/internal/command/idp_intent.go index edf28ef460..1afc823fb2 100644 --- a/internal/command/idp_intent.go +++ b/internal/command/idp_intent.go @@ -14,7 +14,6 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp/providers/apple" @@ -23,20 +22,21 @@ import ( "github.com/zitadel/zitadel/internal/idp/providers/oauth" openid "github.com/zitadel/zitadel/internal/idp/providers/oidc" "github.com/zitadel/zitadel/internal/repository/idpintent" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) prepareCreateIntent(writeModel *IDPIntentWriteModel, idpID string, successURL, failureURL string) preparation.Validation { return func() (_ preparation.CreateCommands, err error) { if idpID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-x8j2bk", "Errors.Intent.IDPMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j2bk", "Errors.Intent.IDPMissing") } successURL, err := url.Parse(successURL) if err != nil { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-x8j3bk", "Errors.Intent.SuccessURLMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j3bk", "Errors.Intent.SuccessURLMissing") } failureURL, err := url.Parse(failureURL) if err != nil { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-x8j4bk", "Errors.Intent.FailureURLMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j4bk", "Errors.Intent.FailureURLMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { err = getIDPIntentWriteModel(ctx, writeModel, filter) @@ -45,7 +45,7 @@ func (c *Commands) prepareCreateIntent(writeModel *IDPIntentWriteModel, idpID st } exists, err := ExistsIDP(ctx, filter, idpID, writeModel.ResourceOwner) if !exists || err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-39n221fs", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-39n221fs", "Errors.IDPConfig.NotExisting") } return []eventstore.Command{ idpintent.NewStartedEvent(ctx, writeModel.aggregate, successURL, failureURL, idpID), @@ -117,10 +117,10 @@ func (c *Commands) GetActiveIntent(ctx context.Context, intentID string) (*IDPIn return nil, err } if intent.State == domain.IDPIntentStateUnspecified { - return nil, errors.ThrowNotFound(nil, "IDP-Hk38e", "Errors.Intent.NotStarted") + return nil, zerrors.ThrowNotFound(nil, "IDP-Hk38e", "Errors.Intent.NotStarted") } if intent.State != domain.IDPIntentStateStarted { - return nil, errors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted") + return nil, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted") } return intent, nil } diff --git a/internal/command/idp_intent_test.go b/internal/command/idp_intent_test.go index f930530c3d..a297548f6b 100644 --- a/internal/command/idp_intent_test.go +++ b/internal/command/idp_intent_test.go @@ -16,7 +16,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - z_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" @@ -29,6 +28,7 @@ import ( rep_idp "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/idpintent" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_CreateIntent(t *testing.T) { @@ -58,7 +58,7 @@ func TestCommands_CreateIntent(t *testing.T) { "error no id generator", fields{ eventstore: eventstoreExpect(t), - idGenerator: mock.NewIDGeneratorExpectError(t, z_errors.ThrowInternal(nil, "", "error id")), + idGenerator: mock.NewIDGeneratorExpectError(t, zerrors.ThrowInternal(nil, "", "error id")), }, args{ ctx: authz.SetCtxData(context.Background(), authz.CtxData{OrgID: "ro"}), @@ -67,7 +67,7 @@ func TestCommands_CreateIntent(t *testing.T) { failureURL: "https://failure.url", }, res{ - err: z_errors.ThrowInternal(nil, "", "error id"), + err: zerrors.ThrowInternal(nil, "", "error id"), }, }, { @@ -83,7 +83,7 @@ func TestCommands_CreateIntent(t *testing.T) { failureURL: "https://failure.url", }, res{ - err: z_errors.ThrowInvalidArgument(nil, "COMMAND-x8j2bk", "Errors.Intent.IDPMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j2bk", "Errors.Intent.IDPMissing"), }, }, { @@ -99,7 +99,7 @@ func TestCommands_CreateIntent(t *testing.T) { failureURL: "https://failure.url", }, res{ - err: z_errors.ThrowInvalidArgument(nil, "COMMAND-x8j3bk", "Errors.Intent.SuccessURLMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j3bk", "Errors.Intent.SuccessURLMissing"), }, }, { @@ -115,7 +115,7 @@ func TestCommands_CreateIntent(t *testing.T) { failureURL: ":", }, res{ - err: z_errors.ThrowInvalidArgument(nil, "COMMAND-x8j4bk", "Errors.Intent.FailureURLMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j4bk", "Errors.Intent.FailureURLMissing"), }, }, { @@ -135,7 +135,7 @@ func TestCommands_CreateIntent(t *testing.T) { failureURL: "https://failure.url", }, res{ - err: z_errors.ThrowPreconditionFailed(nil, "COMMAND-39n221fs", "Errors.IDPConfig.NotExisting"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-39n221fs", "Errors.IDPConfig.NotExisting"), }, }, { @@ -249,7 +249,7 @@ func TestCommands_AuthFromProvider(t *testing.T) { callbackURL: "url", }, res{ - err: z_errors.ThrowPreconditionFailed(nil, "", ""), + err: zerrors.ThrowPreconditionFailed(nil, "", ""), }, }, { @@ -293,7 +293,7 @@ func TestCommands_AuthFromProvider(t *testing.T) { callbackURL: "url", }, res{ - err: z_errors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting"), + err: zerrors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting"), }, }, { @@ -620,7 +620,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) { fields{ idpConfigEncryption: func() crypto.EncryptionAlgorithm { m := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t)) - m.EXPECT().Encrypt(gomock.Any()).Return(nil, z_errors.ThrowInternal(nil, "id", "encryption failed")) + m.EXPECT().Encrypt(gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "id", "encryption failed")) return m }(), }, @@ -629,7 +629,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) { writeModel: NewIDPIntentWriteModel("id", "ro"), }, res{ - err: z_errors.ThrowInternal(nil, "id", "encryption failed"), + err: zerrors.ThrowInternal(nil, "id", "encryption failed"), }, }, { @@ -640,7 +640,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) { m.EXPECT().Encrypt(gomock.Any()).DoAndReturn(func(value []byte) ([]byte, error) { return value, nil }) - m.EXPECT().Encrypt(gomock.Any()).Return(nil, z_errors.ThrowInternal(nil, "id", "encryption failed")) + m.EXPECT().Encrypt(gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "id", "encryption failed")) return m }(), }, @@ -656,7 +656,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) { }, }, res{ - err: z_errors.ThrowInternal(nil, "id", "encryption failed"), + err: zerrors.ThrowInternal(nil, "id", "encryption failed"), }, }, { @@ -749,7 +749,7 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) { fields{ idpConfigEncryption: func() crypto.EncryptionAlgorithm { m := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t)) - m.EXPECT().Encrypt(gomock.Any()).Return(nil, z_errors.ThrowInternal(nil, "id", "encryption failed")) + m.EXPECT().Encrypt(gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "id", "encryption failed")) return m }(), }, @@ -758,7 +758,7 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) { writeModel: NewIDPIntentWriteModel("id", "ro"), }, res{ - err: z_errors.ThrowInternal(nil, "id", "encryption failed"), + err: zerrors.ThrowInternal(nil, "id", "encryption failed"), }, }, { @@ -930,7 +930,7 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) { fields{ idpConfigEncryption: func() crypto.EncryptionAlgorithm { m := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t)) - m.EXPECT().Encrypt(gomock.Any()).Return(nil, z_errors.ThrowInternal(nil, "id", "encryption failed")) + m.EXPECT().Encrypt(gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "id", "encryption failed")) return m }(), }, @@ -939,7 +939,7 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) { writeModel: NewIDPIntentWriteModel("id", "ro"), }, res{ - err: z_errors.ThrowInternal(nil, "id", "encryption failed"), + err: zerrors.ThrowInternal(nil, "id", "encryption failed"), }, }, { @@ -1089,14 +1089,14 @@ func Test_tokensForSucceededIDPIntent(t *testing.T) { }, func() crypto.EncryptionAlgorithm { m := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t)) - m.EXPECT().Encrypt(gomock.Any()).Return(nil, z_errors.ThrowInternal(nil, "id", "encryption failed")) + m.EXPECT().Encrypt(gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "id", "encryption failed")) return m }(), }, res{ accessToken: nil, idToken: "", - err: z_errors.ThrowInternal(nil, "id", "encryption failed"), + err: zerrors.ThrowInternal(nil, "id", "encryption failed"), }, }, { diff --git a/internal/command/idp_model.go b/internal/command/idp_model.go index e9949fb406..a71391d511 100644 --- a/internal/command/idp_model.go +++ b/internal/command/idp_model.go @@ -12,7 +12,6 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" providers "github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp/providers/apple" @@ -30,6 +29,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) type OAuthIDPWriteModel struct { @@ -2172,7 +2172,7 @@ func NewAllIDPWriteModel(resourceOwner string, instanceBool bool, id string, idp case domain.IDPTypeUnspecified: fallthrough default: - return nil, errors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting") } } else { switch idpType { @@ -2203,7 +2203,7 @@ func NewAllIDPWriteModel(resourceOwner string, instanceBool bool, id string, idp case domain.IDPTypeUnspecified: fallthrough default: - return nil, errors.ThrowInternal(nil, "COMMAND-xw921111", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowInternal(nil, "COMMAND-xw921111", "Errors.IDPConfig.NotExisting") } } return writeModel, nil @@ -2233,7 +2233,7 @@ func (wm *AllIDPWriteModel) AppendEvents(events ...eventstore.Event) { func (wm *AllIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.EncryptionAlgorithm) (providers.Provider, error) { if wm.model == nil { - return nil, errors.ThrowInternal(nil, "COMMAND-afvf0gc9sa", "ErrorsIDPConfig.NotExisting") + return nil, zerrors.ThrowInternal(nil, "COMMAND-afvf0gc9sa", "ErrorsIDPConfig.NotExisting") } return wm.model.ToProvider(callbackURL, idpAlg) } @@ -2247,7 +2247,7 @@ func (wm *AllIDPWriteModel) GetProviderOptions() idp.Options { func (wm *AllIDPWriteModel) ToSAMLProvider(callbackURL string, idpAlg crypto.EncryptionAlgorithm, getRequest requesttracker.GetRequest, addRequest requesttracker.AddRequest) (providers.Provider, error) { if wm.samlModel == nil { - return nil, errors.ThrowInternal(nil, "COMMAND-csi30hdscv", "ErrorsIDPConfig.NotExisting") + return nil, zerrors.ThrowInternal(nil, "COMMAND-csi30hdscv", "ErrorsIDPConfig.NotExisting") } return wm.samlModel.ToProvider(callbackURL, idpAlg, getRequest, addRequest) } diff --git a/internal/command/idp_model_test.go b/internal/command/idp_model_test.go index 42c2112bf9..423bff39b4 100644 --- a/internal/command/idp_model_test.go +++ b/internal/command/idp_model_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/require" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AllIDPWriteModel(t *testing.T) { @@ -179,7 +179,7 @@ func TestCommands_AllIDPWriteModel(t *testing.T) { idpType: domain.IDPTypeUnspecified, }, res: res{ - err: errors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting"), + err: zerrors.ThrowInternal(nil, "COMMAND-xw921211", "Errors.IDPConfig.NotExisting"), }, }, { @@ -334,7 +334,7 @@ func TestCommands_AllIDPWriteModel(t *testing.T) { idpType: domain.IDPTypeUnspecified, }, res: res{ - err: errors.ThrowInternal(nil, "COMMAND-xw921111", "Errors.IDPConfig.NotExisting"), + err: zerrors.ThrowInternal(nil, "COMMAND-xw921111", "Errors.IDPConfig.NotExisting"), }, }, } diff --git a/internal/command/instance.go b/internal/command/instance.go index 75325b5b32..ce660bc137 100644 --- a/internal/command/instance.go +++ b/internal/command/instance.go @@ -11,8 +11,8 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/notification/channels/smtp" "github.com/zitadel/zitadel/internal/repository/feature" @@ -23,6 +23,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/quota" "github.com/zitadel/zitadel/internal/repository/restrictions" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -107,18 +108,22 @@ type InstanceSetup struct { EmailTemplate []byte MessageTexts []*domain.CustomMessageText SMTPConfiguration *smtp.Config - OIDCSettings *struct { - AccessTokenLifetime time.Duration - IdTokenLifetime time.Duration - RefreshTokenIdleExpiration time.Duration - RefreshTokenExpiration time.Duration - } - Quotas *struct { - Items []*SetQuota - } - Features map[domain.Feature]any - Limits *SetLimits - Restrictions *SetRestrictions + OIDCSettings *OIDCSettings + Quotas *SetQuotas + Features map[domain.Feature]any + Limits *SetLimits + Restrictions *SetRestrictions +} + +type OIDCSettings struct { + AccessTokenLifetime time.Duration + IdTokenLifetime time.Duration + RefreshTokenIdleExpiration time.Duration + RefreshTokenExpiration time.Duration +} + +type SetQuotas struct { + Items []*SetQuota } type SecretGenerators struct { @@ -289,183 +294,32 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str prepareAddDefaultEmailTemplate(instanceAgg, setup.EmailTemplate), } - - if setup.Quotas != nil { - for _, q := range setup.Quotas.Items { - quotaId, err := c.idGenerator.Next() - if err != nil { - return "", "", nil, nil, err - } - validations = append(validations, c.SetQuotaCommand(quota.NewAggregate(quotaId, instanceID), nil, true, q)) - } + if err := setupQuotas(c, &validations, setup.Quotas, instanceID); err != nil { + return "", "", nil, nil, err } - - for _, msg := range setup.MessageTexts { - validations = append(validations, prepareSetInstanceCustomMessageTexts(instanceAgg, msg)) - } - - console := &addOIDCApp{ - AddApp: AddApp{ - Aggregate: *projectAgg, - ID: setup.zitadel.consoleAppID, - Name: consoleAppName, - }, - Version: domain.OIDCVersionV1, - RedirectUris: []string{}, - ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, - GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, - ApplicationType: domain.OIDCApplicationTypeUserAgent, - AuthMethodType: domain.OIDCAuthMethodTypeNone, - PostLogoutRedirectUris: []string{}, - DevMode: !c.externalSecure, - AccessTokenType: domain.OIDCTokenTypeBearer, - AccessTokenRoleAssertion: false, - IDTokenRoleAssertion: false, - IDTokenUserinfoAssertion: false, - ClockSkew: 0, - } - + setupMessageTexts(&validations, setup.MessageTexts, instanceAgg) validations = append(validations, AddOrgCommand(ctx, orgAgg, setup.Org.Name), c.prepareSetDefaultOrg(instanceAgg, orgAgg.ID), ) - - var pat *PersonalAccessToken - var machineKey *MachineKey - // only a human or a machine user should be created as owner - if setup.Org.Machine != nil && setup.Org.Machine.Machine != nil && !setup.Org.Machine.Machine.IsZero() { - validations = append(validations, - AddMachineCommand(userAgg, setup.Org.Machine.Machine), - ) - if setup.Org.Machine.Pat != nil { - pat = NewPersonalAccessToken(orgID, userID, setup.Org.Machine.Pat.ExpirationDate, setup.Org.Machine.Pat.Scopes, domain.UserTypeMachine) - pat.TokenID, err = c.idGenerator.Next() - if err != nil { - return "", "", nil, nil, err - } - validations = append(validations, prepareAddPersonalAccessToken(pat, c.keyAlgorithm)) - } - if setup.Org.Machine.MachineKey != nil { - machineKey = NewMachineKey(orgID, userID, setup.Org.Machine.MachineKey.ExpirationDate, setup.Org.Machine.MachineKey.Type) - machineKey.KeyID, err = c.idGenerator.Next() - if err != nil { - return "", "", nil, nil, err - } - validations = append(validations, prepareAddUserMachineKey(machineKey, c.machineKeySize)) - } - } else if setup.Org.Human != nil { - setup.Org.Human.ID = userID - validations = append(validations, - c.AddHumanCommand(setup.Org.Human, orgID, c.userPasswordHasher, c.userEncryption, true), - ) - } - - validations = append(validations, - c.AddOrgMemberCommand(orgAgg, userID, domain.RoleOrgOwner), - c.AddInstanceMemberCommand(instanceAgg, userID, domain.RoleIAMOwner), - AddProjectCommand(projectAgg, zitadelProjectName, userID, false, false, false, domain.PrivateLabelingSettingUnspecified), - SetIAMProject(instanceAgg, projectAgg.ID), - - c.AddAPIAppCommand( - &addAPIApp{ - AddApp: AddApp{ - Aggregate: *projectAgg, - ID: setup.zitadel.mgmtAppID, - Name: mgmtAppName, - }, - AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, - }, - nil, - ), - - c.AddAPIAppCommand( - &addAPIApp{ - AddApp: AddApp{ - Aggregate: *projectAgg, - ID: setup.zitadel.adminAppID, - Name: adminAppName, - }, - AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, - }, - nil, - ), - - c.AddAPIAppCommand( - &addAPIApp{ - AddApp: AddApp{ - Aggregate: *projectAgg, - ID: setup.zitadel.authAppID, - Name: authAppName, - }, - AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, - }, - nil, - ), - - c.AddOIDCAppCommand(console, nil), - SetIAMConsoleID(instanceAgg, &console.ClientID, &setup.zitadel.consoleAppID), - ) - - addGeneratedDomain, err := c.addGeneratedInstanceDomain(ctx, instanceAgg, setup.InstanceName) + pat, machineKey, err := setupAdmin(c, &validations, setup.Org.Machine, setup.Org.Human, orgID, userID, userAgg) if err != nil { return "", "", nil, nil, err } - validations = append(validations, addGeneratedDomain...) - if setup.CustomDomain != "" { - validations = append(validations, - c.addInstanceDomain(instanceAgg, setup.CustomDomain, false), - setPrimaryInstanceDomain(instanceAgg, setup.CustomDomain), - ) + setupMinimalInterfaces(c, &validations, instanceAgg, projectAgg, orgAgg, userID, setup.zitadel) + if err := setupGeneratedDomain(ctx, c, &validations, instanceAgg, setup.InstanceName); err != nil { + return "", "", nil, nil, err } - - if setup.SMTPConfiguration != nil { - validations = append(validations, - c.prepareAddSMTPConfig( - instanceAgg, - setup.SMTPConfiguration.From, - setup.SMTPConfiguration.FromName, - setup.SMTPConfiguration.ReplyToAddress, - setup.SMTPConfiguration.SMTP.Host, - setup.SMTPConfiguration.SMTP.User, - []byte(setup.SMTPConfiguration.SMTP.Password), - setup.SMTPConfiguration.Tls, - ), - ) - } - - if setup.OIDCSettings != nil { - validations = append(validations, - c.prepareAddOIDCSettings( - instanceAgg, - setup.OIDCSettings.AccessTokenLifetime, - setup.OIDCSettings.IdTokenLifetime, - setup.OIDCSettings.RefreshTokenIdleExpiration, - setup.OIDCSettings.RefreshTokenExpiration, - ), - ) - } - - for f, value := range setup.Features { - switch v := value.(type) { - case bool: - wm, err := NewInstanceFeatureWriteModel[feature.Boolean](instanceID, f) - if err != nil { - return "", "", nil, nil, err - } - validations = append(validations, prepareSetFeature(wm, feature.Boolean{Boolean: v}, c.idGenerator)) - default: - return "", "", nil, nil, errors.ThrowInvalidArgument(nil, "INST-GE4tg", "Errors.Feature.TypeNotSupported") - } - } - - if setup.Limits != nil { - validations = append(validations, c.SetLimitsCommand(limitsAgg, &limitsWriteModel{}, setup.Limits)) - } - - if setup.Restrictions != nil { - validations = append(validations, c.SetRestrictionsCommand(restrictionsAgg, &restrictionsWriteModel{}, setup.Restrictions)) + setupCustomDomain(c, &validations, instanceAgg, setup.CustomDomain) + setupSMTPSettings(c, &validations, setup.SMTPConfiguration, instanceAgg) + setupOIDCSettings(c, &validations, setup.OIDCSettings, instanceAgg) + if err := setupFeatures(c, &validations, setup.Features, instanceID); err != nil { + return "", "", nil, nil, err } + setupLimits(c, &validations, limitsAgg, setup.Limits) + setupRestrictions(c, &validations, restrictionsAgg, setup.Restrictions) + //nolint:staticcheck cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validations...) if err != nil { return "", "", nil, nil, err @@ -488,6 +342,205 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str }, nil } +func setupLimits(commands *Commands, validations *[]preparation.Validation, limitsAgg *limits.Aggregate, setLimits *SetLimits) { + if setLimits != nil { + *validations = append(*validations, commands.SetLimitsCommand(limitsAgg, &limitsWriteModel{}, setLimits)) + } +} + +func setupRestrictions(commands *Commands, validations *[]preparation.Validation, restrictionsAgg *restrictions.Aggregate, setRestrictions *SetRestrictions) { + if setRestrictions != nil { + *validations = append(*validations, commands.SetRestrictionsCommand(restrictionsAgg, &restrictionsWriteModel{}, setRestrictions)) + } +} + +func setupQuotas(commands *Commands, validations *[]preparation.Validation, setQuotas *SetQuotas, instanceID string) error { + if setQuotas == nil { + return nil + } + for _, q := range setQuotas.Items { + quotaId, err := commands.idGenerator.Next() + if err != nil { + return err + } + *validations = append(*validations, commands.SetQuotaCommand(quota.NewAggregate(quotaId, instanceID), nil, true, q)) + } + return nil +} + +func setupFeatures(commands *Commands, validations *[]preparation.Validation, enableFeatures map[domain.Feature]any, instanceID string) error { + for f, value := range enableFeatures { + switch v := value.(type) { + case bool: + wm, err := NewInstanceFeatureWriteModel[feature.Boolean](instanceID, f) + if err != nil { + return err + } + *validations = append(*validations, prepareSetFeature(wm, feature.Boolean{Boolean: v}, commands.idGenerator)) + default: + return zerrors.ThrowInvalidArgument(nil, "INST-GE4tg", "Errors.Feature.TypeNotSupported") + } + } + return nil +} + +func setupOIDCSettings(commands *Commands, validations *[]preparation.Validation, oidcSettings *OIDCSettings, instanceAgg *instance.Aggregate) { + if oidcSettings == nil { + return + } + *validations = append(*validations, + commands.prepareAddOIDCSettings( + instanceAgg, + oidcSettings.AccessTokenLifetime, + oidcSettings.IdTokenLifetime, + oidcSettings.RefreshTokenIdleExpiration, + oidcSettings.RefreshTokenExpiration, + ), + ) +} + +func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation, smtpConfig *smtp.Config, instanceAgg *instance.Aggregate) { + if smtpConfig == nil { + return + } + *validations = append(*validations, + commands.prepareAddSMTPConfig( + instanceAgg, + smtpConfig.From, + smtpConfig.FromName, + smtpConfig.ReplyToAddress, + smtpConfig.SMTP.Host, + smtpConfig.SMTP.User, + []byte(smtpConfig.SMTP.Password), + smtpConfig.Tls, + ), + ) +} + +func setupCustomDomain(commands *Commands, validations *[]preparation.Validation, instanceAgg *instance.Aggregate, customDomain string) { + if customDomain == "" { + return + } + *validations = append(*validations, + commands.addInstanceDomain(instanceAgg, customDomain, false), + setPrimaryInstanceDomain(instanceAgg, customDomain), + ) +} + +func setupGeneratedDomain(ctx context.Context, commands *Commands, validations *[]preparation.Validation, instanceAgg *instance.Aggregate, instanceName string) error { + addGeneratedDomain, err := commands.addGeneratedInstanceDomain(ctx, instanceAgg, instanceName) + if err != nil { + return err + } + *validations = append(*validations, addGeneratedDomain...) + return nil +} + +func setupMinimalInterfaces(commands *Commands, validations *[]preparation.Validation, instanceAgg *instance.Aggregate, projectAgg *project.Aggregate, orgAgg *org.Aggregate, userID string, ids ZitadelConfig) { + cnsl := &addOIDCApp{ + AddApp: AddApp{ + Aggregate: *projectAgg, + ID: ids.consoleAppID, + Name: consoleAppName, + }, + Version: domain.OIDCVersionV1, + RedirectUris: []string{}, + ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, + ApplicationType: domain.OIDCApplicationTypeUserAgent, + AuthMethodType: domain.OIDCAuthMethodTypeNone, + PostLogoutRedirectUris: []string{}, + DevMode: !commands.externalSecure, + AccessTokenType: domain.OIDCTokenTypeBearer, + AccessTokenRoleAssertion: false, + IDTokenRoleAssertion: false, + IDTokenUserinfoAssertion: false, + ClockSkew: 0, + } + *validations = append(*validations, + commands.AddOrgMemberCommand(orgAgg, userID, domain.RoleOrgOwner), + commands.AddInstanceMemberCommand(instanceAgg, userID, domain.RoleIAMOwner), + AddProjectCommand(projectAgg, zitadelProjectName, userID, false, false, false, domain.PrivateLabelingSettingUnspecified), + SetIAMProject(instanceAgg, projectAgg.ID), + + commands.AddAPIAppCommand( + &addAPIApp{ + AddApp: AddApp{ + Aggregate: *projectAgg, + ID: ids.mgmtAppID, + Name: mgmtAppName, + }, + AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, + }, + nil, + ), + + commands.AddAPIAppCommand( + &addAPIApp{ + AddApp: AddApp{ + Aggregate: *projectAgg, + ID: ids.adminAppID, + Name: adminAppName, + }, + AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, + }, + nil, + ), + + commands.AddAPIAppCommand( + &addAPIApp{ + AddApp: AddApp{ + Aggregate: *projectAgg, + ID: ids.authAppID, + Name: authAppName, + }, + AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, + }, + nil, + ), + + commands.AddOIDCAppCommand(cnsl, nil), + SetIAMConsoleID(instanceAgg, &cnsl.ClientID, &ids.consoleAppID), + ) +} + +func setupAdmin(commands *Commands, validations *[]preparation.Validation, machine *AddMachine, human *AddHuman, orgID, userID string, userAgg *user.Aggregate) (pat *PersonalAccessToken, machineKey *MachineKey, err error) { + // only a human or a machine user should be created as owner + if machine != nil && machine.Machine != nil && !machine.Machine.IsZero() { + *validations = append(*validations, + AddMachineCommand(userAgg, machine.Machine), + ) + if machine.Pat != nil { + pat = NewPersonalAccessToken(orgID, userID, machine.Pat.ExpirationDate, machine.Pat.Scopes, domain.UserTypeMachine) + pat.TokenID, err = commands.idGenerator.Next() + if err != nil { + return nil, nil, err + } + *validations = append(*validations, prepareAddPersonalAccessToken(pat, commands.keyAlgorithm)) + } + if machine.MachineKey != nil { + machineKey = NewMachineKey(orgID, userID, machine.MachineKey.ExpirationDate, machine.MachineKey.Type) + machineKey.KeyID, err = commands.idGenerator.Next() + if err != nil { + return nil, nil, err + } + *validations = append(*validations, prepareAddUserMachineKey(machineKey, commands.machineKeySize)) + } + } else if human != nil { + human.ID = userID + *validations = append(*validations, + commands.AddHumanCommand(human, orgID, commands.userPasswordHasher, commands.userEncryption, true), + ) + } + return pat, machineKey, nil +} + +func setupMessageTexts(validations *[]preparation.Validation, setupMessageTexts []*domain.CustomMessageText, instanceAgg *instance.Aggregate) { + for _, msg := range setupMessageTexts { + *validations = append(*validations, prepareSetInstanceCustomMessageTexts(instanceAgg, msg)) + } +} + func (c *Commands) UpdateInstance(ctx context.Context, name string) (*domain.ObjectDetails, error) { instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID()) validation := c.prepareUpdateInstance(instanceAgg, name) @@ -604,7 +657,7 @@ func SetIAMConsoleID(a *instance.Aggregate, clientID, appID *string) preparation func (c *Commands) prepareSetDefaultOrg(a *instance.Aggregate, orgID string) preparation.Validation { return func() (preparation.CreateCommands, error) { if orgID == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-SWffe", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SWffe", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getInstanceWriteModel(ctx, filter) @@ -612,10 +665,10 @@ func (c *Commands) prepareSetDefaultOrg(a *instance.Aggregate, orgID string) pre return nil, err } if writeModel.DefaultOrgID == orgID { - return nil, errors.ThrowPreconditionFailed(nil, "INST-SDfw2", "Errors.Instance.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INST-SDfw2", "Errors.Instance.NotChanged") } if exists, err := ExistsOrg(ctx, filter, orgID); err != nil || !exists { - return nil, errors.ThrowPreconditionFailed(err, "INSTA-Wfe21", "Errors.Org.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "INSTA-Wfe21", "Errors.Org.NotFound") } return []eventstore.Command{instance.NewDefaultOrgSetEventEvent(ctx, &a.Aggregate, orgID)}, nil }, nil @@ -628,7 +681,7 @@ func (c *Commands) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggrega return nil, err } if iamWriteModel.ProjectID != "" { - return nil, errors.ThrowPreconditionFailed(nil, "IAM-EGbw2", "Errors.IAM.IAMProjectAlreadySet") + return nil, zerrors.ThrowPreconditionFailed(nil, "IAM-EGbw2", "Errors.IAM.IAMProjectAlreadySet") } return instance.NewIAMProjectSetEvent(ctx, iamAgg, projectID), nil } @@ -636,7 +689,7 @@ func (c *Commands) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggrega func (c *Commands) prepareUpdateInstance(a *instance.Aggregate, name string) preparation.Validation { return func() (preparation.CreateCommands, error) { if name == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-092mid", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-092mid", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getInstanceWriteModel(ctx, filter) @@ -644,10 +697,10 @@ func (c *Commands) prepareUpdateInstance(a *instance.Aggregate, name string) pre return nil, err } if !writeModel.State.Exists() { - return nil, errors.ThrowNotFound(nil, "INST-nuso2m", "Errors.Instance.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INST-nuso2m", "Errors.Instance.NotFound") } if writeModel.Name == name { - return nil, errors.ThrowPreconditionFailed(nil, "INST-alpxism", "Errors.Instance.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INST-alpxism", "Errors.Instance.NotChanged") } return []eventstore.Command{instance.NewInstanceChangedEvent(ctx, &a.Aggregate, name)}, nil }, nil @@ -656,16 +709,27 @@ func (c *Commands) prepareUpdateInstance(a *instance.Aggregate, name string) pre func (c *Commands) prepareSetDefaultLanguage(a *instance.Aggregate, defaultLanguage language.Tag) preparation.Validation { return func() (preparation.CreateCommands, error) { - if defaultLanguage == language.Und { - return nil, errors.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument") + if err := domain.LanguageIsDefined(defaultLanguage); err != nil { + return nil, err + } + if err := domain.LanguagesAreSupported(i18n.SupportedLanguages(), defaultLanguage); err != nil { + return nil, err } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getInstanceWriteModel(ctx, filter) + if writeModel.DefaultLanguage == defaultLanguage { + return nil, zerrors.ThrowPreconditionFailed(nil, "INST-DS3rq", "Errors.Instance.NotChanged") + } + instanceID := authz.GetInstance(ctx).InstanceID() + restrictionsWM, err := c.getRestrictionsWriteModel(ctx, instanceID, instanceID) if err != nil { return nil, err } - if writeModel.DefaultLanguage == defaultLanguage { - return nil, errors.ThrowPreconditionFailed(nil, "INST-DS3rq", "Errors.Instance.NotChanged") + if err := domain.LanguageIsAllowed(false, restrictionsWM.allowedLanguages, defaultLanguage); err != nil { + return nil, err + } + if err != nil { + return nil, err } return []eventstore.Command{instance.NewDefaultLanguageSetEvent(ctx, &a.Aggregate, defaultLanguage)}, nil }, nil @@ -724,10 +788,10 @@ func (c *Commands) prepareRemoveInstance(a *instance.Aggregate) preparation.Vali return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := c.getInstanceWriteModelByID(ctx, a.ID) if err != nil { - return nil, errors.ThrowNotFound(err, "COMMA-pax9m3", "Errors.Instance.NotFound") + return nil, zerrors.ThrowNotFound(err, "COMMA-pax9m3", "Errors.Instance.NotFound") } if !writeModel.State.Exists() { - return nil, errors.ThrowNotFound(err, "COMMA-AE3GS", "Errors.Instance.NotFound") + return nil, zerrors.ThrowNotFound(err, "COMMA-AE3GS", "Errors.Instance.NotFound") } return []eventstore.Command{instance.NewInstanceRemovedEvent(ctx, &a.Aggregate, diff --git a/internal/command/instance_custom_login_text.go b/internal/command/instance_custom_login_text.go index 7b332b0a15..ca86a48290 100644 --- a/internal/command/instance_custom_login_text.go +++ b/internal/command/instance_custom_login_text.go @@ -3,15 +3,18 @@ package command import ( "context" - "github.com/zitadel/zitadel/internal/api/authz" "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) +// SetCustomInstanceLoginText only validates if the language is supported, not if it is allowed. +// This enables setting texts before allowing a language func (c *Commands) SetCustomInstanceLoginText(ctx context.Context, loginText *domain.CustomLoginText) (*domain.ObjectDetails, error) { iamAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID()) events, existingMailText, err := c.setCustomInstanceLoginText(ctx, &iamAgg.Aggregate, loginText) @@ -31,14 +34,14 @@ func (c *Commands) SetCustomInstanceLoginText(ctx context.Context, loginText *do func (c *Commands) RemoveCustomInstanceLoginTexts(ctx context.Context, lang language.Tag) (*domain.ObjectDetails, error) { if lang == language.Und { - return nil, caos_errs.ThrowInvalidArgument(nil, "IAM-Gfbg3", "Errors.CustomText.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "IAM-Gfbg3", "Errors.CustomText.Invalid") } customText, err := c.defaultLoginTextWriteModelByID(ctx, lang) if err != nil { return nil, err } if customText.State == domain.PolicyStateUnspecified || customText.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "IAM-fru44", "Errors.CustomText.NotFound") + return nil, zerrors.ThrowNotFound(nil, "IAM-fru44", "Errors.CustomText.NotFound") } iamAgg := InstanceAggregateFromWriteModel(&customText.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewCustomTextTemplateRemovedEvent(ctx, iamAgg, domain.LoginCustomText, lang)) @@ -53,8 +56,8 @@ func (c *Commands) RemoveCustomInstanceLoginTexts(ctx context.Context, lang lang } func (c *Commands) setCustomInstanceLoginText(ctx context.Context, instanceAgg *eventstore.Aggregate, text *domain.CustomLoginText) ([]eventstore.Command, *InstanceCustomLoginTextReadModel, error) { - if !text.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "Instance-kd9fs", "Errors.CustomText.Invalid") + if err := text.IsValid(i18n.SupportedLanguages()); err != nil { + return nil, nil, err } existingLoginText, err := c.defaultLoginTextWriteModelByID(ctx, text.Language) if err != nil { diff --git a/internal/command/instance_custom_login_text_test.go b/internal/command/instance_custom_login_text_test.go index fdb47dff17..4ec29acab4 100644 --- a/internal/command/instance_custom_login_text_test.go +++ b/internal/command/instance_custom_login_text_test.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetCustomIAMLoginText(t *testing.T) { @@ -33,18 +33,52 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) { res res }{ { - name: "invalid custom login text, error", + name: "empty custom login text, success", fields: fields{ eventstore: eventstoreExpect( t, + expectFilter(), + expectPush(), ), }, args: args{ - ctx: context.Background(), + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomLoginText{ + Language: AllowedLanguage, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "undefined language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), config: &domain.CustomLoginText{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "unsupported language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomLoginText{ + Language: UnsupportedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/instance_custom_message_text.go b/internal/command/instance_custom_message_text.go index a70b6c5de8..03c073e4d3 100644 --- a/internal/command/instance_custom_message_text.go +++ b/internal/command/instance_custom_message_text.go @@ -7,11 +7,14 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) +// SetDefaultMessageText only validates if the language is supported, not if it is allowed. +// This enables setting texts before allowing a language func (c *Commands) SetDefaultMessageText(ctx context.Context, instanceID string, messageText *domain.CustomMessageText) (*domain.ObjectDetails, error) { instanceAgg := instance.NewAggregate(instanceID) events, existingMessageText, err := c.setDefaultMessageText(ctx, &instanceAgg.Aggregate, messageText) @@ -30,8 +33,8 @@ func (c *Commands) SetDefaultMessageText(ctx context.Context, instanceID string, } func (c *Commands) setDefaultMessageText(ctx context.Context, instanceAgg *eventstore.Aggregate, msg *domain.CustomMessageText) ([]eventstore.Command, *InstanceCustomMessageTextWriteModel, error) { - if !msg.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-kd9fs", "Errors.CustomMessageText.Invalid") + if err := msg.IsValid(i18n.SupportedLanguages()); err != nil { + return nil, nil, err } existingMessageText, err := c.defaultCustomMessageTextWriteModelByID(ctx, msg.MessageTextType, msg.Language) @@ -94,14 +97,14 @@ func (c *Commands) setDefaultMessageText(ctx context.Context, instanceAgg *event func (c *Commands) RemoveInstanceMessageTexts(ctx context.Context, messageTextType string, lang language.Tag) (*domain.ObjectDetails, error) { if messageTextType == "" || lang == language.Und { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-fjw9b", "Errors.CustomMessageText.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-fjw9b", "Errors.CustomMessageText.Invalid") } customText, err := c.defaultCustomMessageTextWriteModelByID(ctx, messageTextType, lang) if err != nil { return nil, err } if customText.State == domain.PolicyStateUnspecified || customText.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-fju90", "Errors.CustomMessageText.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-fju90", "Errors.CustomMessageText.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&customText.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewCustomTextTemplateRemovedEvent(ctx, instanceAgg, messageTextType, lang)) @@ -129,8 +132,8 @@ func prepareSetInstanceCustomMessageTexts( msg *domain.CustomMessageText, ) preparation.Validation { return func() (preparation.CreateCommands, error) { - if !msg.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-kd9fs", "Errors.CustomMessageText.Invalid") + if err := msg.IsValid(i18n.SupportedLanguages()); err != nil { + return nil, err } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { existing, err := existingInstanceCustomMessageText(ctx, filter, msg.MessageTextType, msg.Language) diff --git a/internal/command/instance_custom_message_text_test.go b/internal/command/instance_custom_message_text_test.go index b1c8539cab..edb330c6a3 100644 --- a/internal/command/instance_custom_message_text_test.go +++ b/internal/command/instance_custom_message_text_test.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetDefaultMessageText(t *testing.T) { @@ -34,19 +34,68 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) { res res }{ { - name: "invalid custom text, error", + name: "empty message type, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomMessageText{ + Language: AllowedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "empty custom message text, success", fields: fields{ eventstore: eventstoreExpect( t, + expectFilter(), + expectPush(), ), }, args: args{ - ctx: context.Background(), - instanceID: "INSTANCE", - config: &domain.CustomMessageText{}, + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomMessageText{ + MessageTextType: "Some type", // TODO: check the type! + Language: AllowedLanguage, + }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "undefined language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomMessageText{}, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "unsupported language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + config: &domain.CustomMessageText{ + Language: UnsupportedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/instance_debug_notification_file.go b/internal/command/instance_debug_notification_file.go index 830b4e1b63..6bb58a85a3 100644 --- a/internal/command/instance_debug_notification_file.go +++ b/internal/command/instance_debug_notification_file.go @@ -4,11 +4,11 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/fs" iam_repo "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDebugNotificationProviderFile(ctx context.Context, fileSystemProvider *fs.Config) (*domain.ObjectDetails, error) { @@ -35,7 +35,7 @@ func (c *Commands) addDefaultDebugNotificationFile(ctx context.Context, instance return nil, err } if addedWriteModel.State.Exists() { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-d93nfs", "Errors.IAM.DebugNotificationProvider.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-d93nfs", "Errors.IAM.DebugNotificationProvider.AlreadyExists") } events := []eventstore.Command{ @@ -70,7 +70,7 @@ func (c *Commands) changeDefaultDebugNotificationProviderFile(ctx context.Contex return nil, err } if !existingProvider.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-fm9wl", "Errors.IAM.DebugNotificationProvider.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-fm9wl", "Errors.IAM.DebugNotificationProvider.NotFound") } events := make([]eventstore.Command, 0) changedEvent, hasChanged := existingProvider.NewChangedEvent(ctx, @@ -80,7 +80,7 @@ func (c *Commands) changeDefaultDebugNotificationProviderFile(ctx context.Contex events = append(events, changedEvent) } if len(events) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged") } return events, nil @@ -94,7 +94,7 @@ func (c *Commands) RemoveDefaultNotificationFile(ctx context.Context) (*domain.O return nil, err } if !existingProvider.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-dj9ew", "Errors.IAM.DebugNotificationProvider.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-dj9ew", "Errors.IAM.DebugNotificationProvider.NotFound") } events, err := c.eventstore.Push(ctx, iam_repo.NewDebugNotificationProviderFileRemovedEvent(ctx, instanceAgg)) diff --git a/internal/command/instance_debug_notification_file_test.go b/internal/command/instance_debug_notification_file_test.go index 10c75e193a..73e8b6bc26 100644 --- a/internal/command/instance_debug_notification_file_test.go +++ b/internal/command/instance_debug_notification_file_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/fs" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/settings" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultDebugNotificationProviderFile(t *testing.T) { @@ -57,7 +57,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderFile(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -140,7 +140,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -166,7 +166,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -192,7 +192,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -277,7 +277,7 @@ func TestCommandSide_RemoveDebugNotificationProviderFile(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_debug_notification_log.go b/internal/command/instance_debug_notification_log.go index fd4c42cb18..907dfab429 100644 --- a/internal/command/instance_debug_notification_log.go +++ b/internal/command/instance_debug_notification_log.go @@ -4,11 +4,11 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/fs" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDebugNotificationProviderLog(ctx context.Context, fileSystemProvider *fs.Config) (*domain.ObjectDetails, error) { @@ -35,7 +35,7 @@ func (c *Commands) addDefaultDebugNotificationLog(ctx context.Context, instanceA return nil, err } if addedWriteModel.State.Exists() { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-3h0fs", "Errors.IAM.DebugNotificationProvider.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-3h0fs", "Errors.IAM.DebugNotificationProvider.AlreadyExists") } events := []eventstore.Command{ @@ -70,13 +70,13 @@ func (c *Commands) changeDefaultDebugNotificationProviderLog(ctx context.Context return nil, err } if !existingProvider.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-2h0s3", "Errors.IAM.DebugNotificationProvider.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-2h0s3", "Errors.IAM.DebugNotificationProvider.NotFound") } changedEvent, hasChanged := existingProvider.NewChangedEvent(ctx, instanceAgg, fileSystemProvider.Compact) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-fn9p3", "Errors.IAM.LoginPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-fn9p3", "Errors.IAM.LoginPolicy.NotChanged") } return changedEvent, nil } @@ -89,7 +89,7 @@ func (c *Commands) RemoveDefaultNotificationLog(ctx context.Context) (*domain.Ob return nil, err } if !existingProvider.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-39lse", "Errors.IAM.DebugNotificationProvider.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-39lse", "Errors.IAM.DebugNotificationProvider.NotFound") } events, err := c.eventstore.Push(ctx, instance.NewDebugNotificationProviderLogRemovedEvent(ctx, instanceAgg)) diff --git a/internal/command/instance_debug_notification_log_test.go b/internal/command/instance_debug_notification_log_test.go index cb7031febe..bac9186023 100644 --- a/internal/command/instance_debug_notification_log_test.go +++ b/internal/command/instance_debug_notification_log_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/fs" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/settings" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) { @@ -58,7 +58,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -169,7 +169,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -195,7 +195,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -313,7 +313,7 @@ func TestCommandSide_RemoveDebugNotificationProviderLog(t *testing.T) { ctx: ctx, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_domain.go b/internal/command/instance_domain.go index 02ff63d405..d5f6808cfb 100644 --- a/internal/command/instance_domain.go +++ b/internal/command/instance_domain.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -87,10 +87,10 @@ func (c *Commands) addGeneratedInstanceDomain(ctx context.Context, a *instance.A func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain string, generated bool) preparation.Validation { return func() (preparation.CreateCommands, error) { if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument") } if !allowDomainRunes.MatchString(instanceDomain) { - return nil, errors.ThrowInvalidArgument(nil, "INST-S3v3w", "Errors.Instance.Domain.InvalidCharacter") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-S3v3w", "Errors.Instance.Domain.InvalidCharacter") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { domainWriteModel, err := getInstanceDomainWriteModel(ctx, filter, instanceDomain) @@ -98,7 +98,7 @@ func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain strin return nil, err } if domainWriteModel.State == domain.InstanceDomainStateActive { - return nil, errors.ThrowAlreadyExists(nil, "INST-i2nl", "Errors.Instance.Domain.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INST-i2nl", "Errors.Instance.Domain.AlreadyExists") } events := []eventstore.Command{ instance.NewDomainAddedEvent(ctx, &a.Aggregate, instanceDomain, generated), @@ -118,7 +118,7 @@ func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain strin func (c *Commands) prepareUpdateConsoleRedirectURIs(instanceDomain string) preparation.Validation { return func() (preparation.CreateCommands, error) { if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-E3j3s", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-E3j3s", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { consoleChangeEvent, err := c.updateConsoleRedirectURIs(ctx, filter, instanceDomain) @@ -166,7 +166,7 @@ func (c *Commands) updateConsoleRedirectURIs(ctx context.Context, filter prepara func setPrimaryInstanceDomain(a *instance.Aggregate, instanceDomain string) preparation.Validation { return func() (preparation.CreateCommands, error) { if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-9mWjf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-9mWjf", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { domainWriteModel, err := getInstanceDomainWriteModel(ctx, filter, instanceDomain) @@ -174,7 +174,7 @@ func setPrimaryInstanceDomain(a *instance.Aggregate, instanceDomain string) prep return nil, err } if !domainWriteModel.State.Exists() { - return nil, errors.ThrowNotFound(nil, "INSTANCE-9nkWf", "Errors.Instance.Domain.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-9nkWf", "Errors.Instance.Domain.NotFound") } return []eventstore.Command{instance.NewDomainPrimarySetEvent(ctx, &a.Aggregate, instanceDomain)}, nil }, nil @@ -184,7 +184,7 @@ func setPrimaryInstanceDomain(a *instance.Aggregate, instanceDomain string) prep func removeInstanceDomain(a *instance.Aggregate, instanceDomain string) preparation.Validation { return func() (preparation.CreateCommands, error) { if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-39nls", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-39nls", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { domainWriteModel, err := getInstanceDomainWriteModel(ctx, filter, instanceDomain) @@ -192,10 +192,10 @@ func removeInstanceDomain(a *instance.Aggregate, instanceDomain string) preparat return nil, err } if domainWriteModel.State != domain.InstanceDomainStateActive { - return nil, errors.ThrowNotFound(nil, "INSTANCE-8ls9f", "Errors.Instance.Domain.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-8ls9f", "Errors.Instance.Domain.NotFound") } if domainWriteModel.Generated { - return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-9hn3n", "Errors.Instance.Domain.GeneratedNotRemovable") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-9hn3n", "Errors.Instance.Domain.GeneratedNotRemovable") } return []eventstore.Command{instance.NewDomainRemovedEvent(ctx, &a.Aggregate, instanceDomain)}, nil }, nil diff --git a/internal/command/instance_domain_test.go b/internal/command/instance_domain_test.go index abeab0f3b4..97129ec4ee 100644 --- a/internal/command/instance_domain_test.go +++ b/internal/command/instance_domain_test.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddInstanceDomain(t *testing.T) { @@ -47,7 +47,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) { domain: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -62,7 +62,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) { domain: "hodor's-org.localhost", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -77,7 +77,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) { domain: "bücher.ch", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -92,7 +92,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) { domain: "🦒.ch", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -116,7 +116,7 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) { domain: "domain.ch", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -239,7 +239,7 @@ func TestCommandSide_SetPrimaryInstanceDomain(t *testing.T) { domain: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -255,7 +255,7 @@ func TestCommandSide_SetPrimaryInstanceDomain(t *testing.T) { domain: "domain.ch", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -341,7 +341,7 @@ func TestCommandSide_RemoveInstanceDomain(t *testing.T) { domain: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -357,7 +357,7 @@ func TestCommandSide_RemoveInstanceDomain(t *testing.T) { domain: "domain.ch", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -414,7 +414,7 @@ func TestCommandSide_RemoveInstanceDomain(t *testing.T) { domain: "domain.ch", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, } diff --git a/internal/command/instance_feature.go b/internal/command/instance_feature.go index 6aee52c09b..4ee36b94c2 100644 --- a/internal/command/instance_feature.go +++ b/internal/command/instance_feature.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/feature" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) SetBooleanInstanceFeature(ctx context.Context, f domain.Feature, value bool) (*domain.ObjectDetails, error) { @@ -36,7 +36,7 @@ func (c *Commands) SetBooleanInstanceFeature(ctx context.Context, f domain.Featu func prepareSetFeature[T feature.SetEventType](writeModel *InstanceFeatureWriteModel[T], value T, idGenerator id.Generator) preparation.Validation { return func() (preparation.CreateCommands, error) { if !writeModel.feature.IsAFeature() || writeModel.feature == domain.FeatureUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "FEAT-JK3td", "Errors.Feature.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "FEAT-JK3td", "Errors.Feature.NotExisting") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) diff --git a/internal/command/instance_feature_model.go b/internal/command/instance_feature_model.go index 1389735ca5..5014b1c76a 100644 --- a/internal/command/instance_feature_model.go +++ b/internal/command/instance_feature_model.go @@ -4,9 +4,9 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/feature" + "github.com/zitadel/zitadel/internal/zerrors" ) type FeatureWriteModel[T feature.SetEventType] struct { @@ -26,7 +26,7 @@ func NewFeatureWriteModel[T feature.SetEventType](instanceID, resourceOwner stri feature: feature, } if wm.Value.FeatureType() != feature.Type() { - return nil, errors.ThrowPreconditionFailed(nil, "FEAT-AS4k1", "Errors.Feature.InvalidValue") + return nil, zerrors.ThrowPreconditionFailed(nil, "FEAT-AS4k1", "Errors.Feature.InvalidValue") } return wm, nil } @@ -56,7 +56,7 @@ func (wm *FeatureWriteModel[T]) Reduce() error { case *feature.SetEvent[T]: wm.Value = e.Value default: - return errors.ThrowPreconditionFailed(nil, "FEAT-SDfjk", "Errors.Feature.TypeNotSupported") + return zerrors.ThrowPreconditionFailed(nil, "FEAT-SDfjk", "Errors.Feature.TypeNotSupported") } } return wm.WriteModel.Reduce() diff --git a/internal/command/instance_feature_test.go b/internal/command/instance_feature_test.go index 31ccb58886..56933b9003 100644 --- a/internal/command/instance_feature_test.go +++ b/internal/command/instance_feature_test.go @@ -8,12 +8,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/feature" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_SetBooleanInstanceFeature(t *testing.T) { @@ -47,7 +47,7 @@ func TestCommands_SetBooleanInstanceFeature(t *testing.T) { value: true, }, res{ - err: errors.ThrowPreconditionFailed(nil, "FEAT-AS4k1", "Errors.Feature.InvalidValue"), + err: zerrors.ThrowPreconditionFailed(nil, "FEAT-AS4k1", "Errors.Feature.InvalidValue"), }, }, { @@ -71,7 +71,7 @@ func TestCommands_SetBooleanInstanceFeature(t *testing.T) { value: true, }, res{ - err: errors.ThrowPreconditionFailed(nil, "FEAT-SDfjk", "Errors.Feature.TypeNotSupported"), + err: zerrors.ThrowPreconditionFailed(nil, "FEAT-SDfjk", "Errors.Feature.TypeNotSupported"), }, }, { diff --git a/internal/command/instance_idp.go b/internal/command/instance_idp.go index 31b284f8c5..ed8d458e18 100644 --- a/internal/command/instance_idp.go +++ b/internal/command/instance_idp.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddInstanceGenericOAuthProvider(ctx context.Context, provider GenericOAuthProvider) (string, *domain.ObjectDetails, error) { @@ -119,7 +119,7 @@ func (c *Commands) migrateInstanceGenericOIDC(ctx context.Context, id string, pr case GoogleProvider: validation = c.prepareMigrateInstanceOIDCToGoogleProvider(instanceAgg, writeModel, p) default: - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-s9219", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-s9219", "Errors.IDPConfig.NotExisting") } cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation) @@ -609,25 +609,25 @@ func ExistsInstanceIDP(ctx context.Context, filter preparation.FilterToQueryRedu func (c *Commands) prepareAddInstanceOAuthProvider(a *instance.Aggregate, writeModel *InstanceOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-D32ef", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-D32ef", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dbgzf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dbgzf", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-DF4ga", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-DF4ga", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-B23bs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-B23bs", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-D2gj8", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-D2gj8", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Fb8jk", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fb8jk", "Errors.Invalid.Argument") } if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdf3f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3f", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -665,25 +665,25 @@ func (c *Commands) prepareAddInstanceOAuthProvider(a *instance.Aggregate, writeM func (c *Commands) prepareUpdateInstanceOAuthProvider(a *instance.Aggregate, writeModel *InstanceOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAffg", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAffg", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sf3gh", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sf3gh", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SHJ3ui", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SHJ3ui", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SVrgh", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SVrgh", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-DJKeio", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-DJKeio", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-ILSJi", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-ILSJi", "Errors.Invalid.Argument") } if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JKD3h", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKD3h", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -695,7 +695,7 @@ func (c *Commands) prepareUpdateInstanceOAuthProvider(a *instance.Aggregate, wri return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -723,16 +723,16 @@ func (c *Commands) prepareUpdateInstanceOAuthProvider(a *instance.Aggregate, wri func (c *Commands) prepareAddInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sgtj5", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sgtj5", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Hz6zj", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Hz6zj", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-fb5jm", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-fb5jm", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sfdf4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sfdf4", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -768,16 +768,16 @@ func (c *Commands) prepareAddInstanceOIDCProvider(a *instance.Aggregate, writeMo func (c *Commands) prepareUpdateInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAfd3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAfd3", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dvf4f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dvf4f", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-BDfr3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-BDfr3", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Db3bs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Db3bs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -789,7 +789,7 @@ func (c *Commands) prepareUpdateInstanceOIDCProvider(a *instance.Aggregate, writ return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Dg331", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Dg331", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -815,13 +815,13 @@ func (c *Commands) prepareUpdateInstanceOIDCProvider(a *instance.Aggregate, writ func (c *Commands) prepareMigrateInstanceOIDCToAzureADProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -833,7 +833,7 @@ func (c *Commands) prepareMigrateInstanceOIDCToAzureADProvider(a *instance.Aggre return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Dg29201", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Dg29201", "Errors.IDPConfig.NotExisting") } secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption) if err != nil { @@ -860,10 +860,10 @@ func (c *Commands) prepareMigrateInstanceOIDCToAzureADProvider(a *instance.Aggre func (c *Commands) prepareMigrateInstanceOIDCToGoogleProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -875,7 +875,7 @@ func (c *Commands) prepareMigrateInstanceOIDCToGoogleProvider(a *instance.Aggreg return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Dg29202", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Dg29202", "Errors.IDPConfig.NotExisting") } secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption) if err != nil { @@ -900,19 +900,19 @@ func (c *Commands) prepareMigrateInstanceOIDCToGoogleProvider(a *instance.Aggreg func (c *Commands) prepareAddInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JLKef", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-JLKef", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-WNJK3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-WNJK3", "Errors.Invalid.Argument") } if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKSD", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKSD", "Errors.Invalid.Argument") } if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKE3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKE3", "Errors.Invalid.Argument") } if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-2rlks", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-2rlks", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -943,22 +943,22 @@ func (c *Commands) prepareAddInstanceJWTProvider(a *instance.Aggregate, writeMod func (c *Commands) prepareUpdateInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-HUe3q", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-HUe3q", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JKLS2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKLS2", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JKs3f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-JKs3f", "Errors.Invalid.Argument") } if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKS2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-NJKS2", "Errors.Invalid.Argument") } if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SJk2d", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SJk2d", "Errors.Invalid.Argument") } if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SJK2f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SJK2f", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -970,7 +970,7 @@ func (c *Commands) prepareUpdateInstanceJWTProvider(a *instance.Aggregate, write return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Bhju5", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Bhju5", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -994,13 +994,13 @@ func (c *Commands) prepareUpdateInstanceJWTProvider(a *instance.Aggregate, write func (c *Commands) prepareAddInstanceAzureADProvider(a *instance.Aggregate, writeModel *InstanceAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1036,13 +1036,13 @@ func (c *Commands) prepareAddInstanceAzureADProvider(a *instance.Aggregate, writ func (c *Commands) prepareUpdateInstanceAzureADProvider(a *instance.Aggregate, writeModel *InstanceAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAgh2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAgh2", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-fh3h1", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-fh3h1", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-dmitg", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-dmitg", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1054,7 +1054,7 @@ func (c *Commands) prepareUpdateInstanceAzureADProvider(a *instance.Aggregate, w return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-BHz3q", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-BHz3q", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1080,10 +1080,10 @@ func (c *Commands) prepareUpdateInstanceAzureADProvider(a *instance.Aggregate, w func (c *Commands) prepareAddInstanceGitHubProvider(a *instance.Aggregate, writeModel *InstanceGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Jdsgf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Jdsgf", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-dsgz3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-dsgz3", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1117,10 +1117,10 @@ func (c *Commands) prepareAddInstanceGitHubProvider(a *instance.Aggregate, write func (c *Commands) prepareUpdateInstanceGitHubProvider(a *instance.Aggregate, writeModel *InstanceGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdf4h", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdf4h", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-fdh5z", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-fdh5z", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1132,7 +1132,7 @@ func (c *Commands) prepareUpdateInstanceGitHubProvider(a *instance.Aggregate, wr return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Dr1gs", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Dr1gs", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1156,22 +1156,22 @@ func (c *Commands) prepareUpdateInstanceGitHubProvider(a *instance.Aggregate, wr func (c *Commands) prepareAddInstanceGitHubEnterpriseProvider(a *instance.Aggregate, writeModel *InstanceGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dg4td", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dg4td", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-dgj53", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-dgj53", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Ghjjs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ghjjs", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sani2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sani2", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-agj42", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-agj42", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sd5hn", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sd5hn", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1208,22 +1208,22 @@ func (c *Commands) prepareAddInstanceGitHubEnterpriseProvider(a *instance.Aggreg func (c *Commands) prepareUpdateInstanceGitHubEnterpriseProvider(a *instance.Aggregate, writeModel *InstanceGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdfh3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdfh3", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-shj42", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-shj42", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdh73", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdh73", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-acx2w", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-acx2w", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-dgj6q", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-dgj6q", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-ybj62", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-ybj62", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1235,7 +1235,7 @@ func (c *Commands) prepareUpdateInstanceGitHubEnterpriseProvider(a *instance.Agg return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-GBr42", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-GBr42", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1262,10 +1262,10 @@ func (c *Commands) prepareUpdateInstanceGitHubEnterpriseProvider(a *instance.Agg func (c *Commands) prepareAddInstanceGitLabProvider(a *instance.Aggregate, writeModel *InstanceGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-adsg2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-adsg2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-GD1j2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-GD1j2", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1299,10 +1299,10 @@ func (c *Commands) prepareAddInstanceGitLabProvider(a *instance.Aggregate, write func (c *Commands) prepareUpdateInstanceGitLabProvider(a *instance.Aggregate, writeModel *InstanceGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-HJK91", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-HJK91", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-D12t6", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-D12t6", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1314,7 +1314,7 @@ func (c *Commands) prepareUpdateInstanceGitLabProvider(a *instance.Aggregate, wr return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-HBReq", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-HBReq", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1338,16 +1338,16 @@ func (c *Commands) prepareUpdateInstanceGitLabProvider(a *instance.Aggregate, wr func (c *Commands) prepareAddInstanceGitLabSelfHostedProvider(a *instance.Aggregate, writeModel *InstanceGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-jw4ZT", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-jw4ZT", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-AST4S", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-AST4S", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-DBZHJ", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-DBZHJ", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SDGJ4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SDGJ4", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1382,16 +1382,16 @@ func (c *Commands) prepareAddInstanceGitLabSelfHostedProvider(a *instance.Aggreg func (c *Commands) prepareUpdateInstanceGitLabSelfHostedProvider(a *instance.Aggregate, writeModel *InstanceGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAFG4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAFG4", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-DG4H", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-DG4H", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SD4eb", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SD4eb", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-GHWE3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-GHWE3", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1403,7 +1403,7 @@ func (c *Commands) prepareUpdateInstanceGitLabSelfHostedProvider(a *instance.Agg return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-D2tg1", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-D2tg1", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1428,10 +1428,10 @@ func (c *Commands) prepareUpdateInstanceGitLabSelfHostedProvider(a *instance.Agg func (c *Commands) prepareAddInstanceGoogleProvider(a *instance.Aggregate, writeModel *InstanceGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1465,10 +1465,10 @@ func (c *Commands) prepareAddInstanceGoogleProvider(a *instance.Aggregate, write func (c *Commands) prepareUpdateInstanceGoogleProvider(a *instance.Aggregate, writeModel *InstanceGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-S32t1", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-S32t1", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-ds432", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-ds432", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1480,7 +1480,7 @@ func (c *Commands) prepareUpdateInstanceGoogleProvider(a *instance.Aggregate, wr return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1504,28 +1504,28 @@ func (c *Commands) prepareUpdateInstanceGoogleProvider(a *instance.Aggregate, wr func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAfdd", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAfdd", "Errors.Invalid.Argument") } if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sv31s", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sv31s", "Errors.Invalid.Argument") } if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-sdgf4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-sdgf4", "Errors.Invalid.Argument") } if provider.BindPassword = strings.TrimSpace(provider.BindPassword); provider.BindPassword == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-AEG2w", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-AEG2w", "Errors.Invalid.Argument") } if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAD5n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAD5n", "Errors.Invalid.Argument") } if len(provider.Servers) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAx905n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAx905n", "Errors.Invalid.Argument") } if len(provider.UserObjectClasses) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-S1x905n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-S1x905n", "Errors.Invalid.Argument") } if len(provider.UserFilters) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-aAx905n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx905n", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1566,28 +1566,28 @@ func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeMo func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dgdbs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Dgdbs", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sffgd", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Sffgd", "Errors.Invalid.Argument") } if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-vb3ss", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-vb3ss", "Errors.Invalid.Argument") } if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-hbere", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-hbere", "Errors.Invalid.Argument") } if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-DG45z", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-DG45z", "Errors.Invalid.Argument") } if len(provider.Servers) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAx945n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SAx945n", "Errors.Invalid.Argument") } if len(provider.UserObjectClasses) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-S1x605n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-S1x605n", "Errors.Invalid.Argument") } if len(provider.UserFilters) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-aAx901n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx901n", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1599,7 +1599,7 @@ func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writ return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-ASF3F", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-ASF3F", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1630,16 +1630,16 @@ func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writ func (c *Commands) prepareAddInstanceAppleProvider(a *instance.Aggregate, writeModel *InstanceAppleIDPWriteModel, provider AppleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-jkn3w", "Errors.IDP.ClientIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-jkn3w", "Errors.IDP.ClientIDMissing") } if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Ffg32", "Errors.IDP.TeamIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ffg32", "Errors.IDP.TeamIDMissing") } if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-GDjm5", "Errors.IDP.KeyIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-GDjm5", "Errors.IDP.KeyIDMissing") } if len(provider.PrivateKey) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-GVD4n", "Errors.IDP.PrivateKeyMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-GVD4n", "Errors.IDP.PrivateKeyMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1675,16 +1675,16 @@ func (c *Commands) prepareAddInstanceAppleProvider(a *instance.Aggregate, writeM func (c *Commands) prepareUpdateInstanceAppleProvider(a *instance.Aggregate, writeModel *InstanceAppleIDPWriteModel, provider AppleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-FRHBH", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-FRHBH", "Errors.IDMissing") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SFm4l", "Errors.IDP.ClientIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SFm4l", "Errors.IDP.ClientIDMissing") } if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SG34t", "Errors.IDP.TeamIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-SG34t", "Errors.IDP.TeamIDMissing") } if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Gh4z2", "Errors.IDP.KeyIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Gh4z2", "Errors.IDP.KeyIDMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1696,7 +1696,7 @@ func (c *Commands) prepareUpdateInstanceAppleProvider(a *instance.Aggregate, wri return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-SG3bh", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-SG3bh", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1722,17 +1722,17 @@ func (c *Commands) prepareUpdateInstanceAppleProvider(a *instance.Aggregate, wri func (c *Commands) prepareAddInstanceSAMLProvider(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel, provider SAMLProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-o07zjotgnd", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-o07zjotgnd", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "INST-8vam1khq22", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "INST-8vam1khq22", "Errors.Project.App.SAMLMetadataMissing") } provider.Metadata = data } if provider.Metadata == nil { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-3bi3esi16t", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-3bi3esi16t", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1773,18 +1773,18 @@ func (c *Commands) prepareAddInstanceSAMLProvider(a *instance.Aggregate, writeMo func (c *Commands) prepareUpdateInstanceSAMLProvider(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel, provider SAMLProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-7o3rq1owpm", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-7o3rq1owpm", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-q2s9rak7o9", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-q2s9rak7o9", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-iw1rxnf4sf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-iw1rxnf4sf", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "INST-iijz4h01if", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "INST-iijz4h01if", "Errors.Project.App.SAMLMetadataMissing") } provider.Metadata = data } @@ -1798,7 +1798,7 @@ func (c *Commands) prepareUpdateInstanceSAMLProvider(a *instance.Aggregate, writ return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-D3r1s", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1824,7 +1824,7 @@ func (c *Commands) prepareUpdateInstanceSAMLProvider(a *instance.Aggregate, writ func (c *Commands) prepareRegenerateInstanceSAMLProviderCertificate(a *instance.Aggregate, writeModel *InstanceSAMLIDPWriteModel) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INST-7de108gqya", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-7de108gqya", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1836,7 +1836,7 @@ func (c *Commands) prepareRegenerateInstanceSAMLProviderCertificate(a *instance. return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-76dbwsv9vm", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-76dbwsv9vm", "Errors.IDPConfig.NotExisting") } key, cert, err := c.samlCertificateAndKeyGenerator(writeModel.ID) @@ -1877,7 +1877,7 @@ func (c *Commands) prepareDeleteInstanceProvider(a *instance.Aggregate, id strin return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Se3tg", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Se3tg", "Errors.IDPConfig.NotExisting") } return []eventstore.Command{instance.NewIDPRemovedEvent(ctx, &a.Aggregate, id)}, nil }, nil diff --git a/internal/command/instance_idp_config.go b/internal/command/instance_idp_config.go index 69ee99168e..31a302ff66 100644 --- a/internal/command/instance_idp_config.go +++ b/internal/command/instance_idp_config.go @@ -6,15 +6,15 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { if config.OIDCConfig == nil && config.JWTConfig == nil { - return nil, errors.ThrowInvalidArgument(nil, "IDP-s8nn3", "Errors.IDPConfig.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "IDP-s8nn3", "Errors.IDPConfig.Invalid") } idpConfigID, err := c.idGenerator.Next() if err != nil { @@ -77,20 +77,20 @@ func (c *Commands) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPCo func (c *Commands) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { if config.IDPConfigID == "" { - return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-4m9gs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-4m9gs", "Errors.IDMissing") } existingIDP, err := c.instanceIDPConfigWriteModelByID(ctx, config.IDPConfigID) if err != nil { return nil, err } if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified { - return nil, errors.ThrowNotFound(nil, "INSTANCE-m0e3r", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-m0e3r", "Errors.IDPConfig.NotExisting") } instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel) changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, instanceAgg, config.IDPConfigID, config.Name, config.StylingType, config.AutoRegister) if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-3k0fs", "Errors.IAM.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-3k0fs", "Errors.IAM.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -109,7 +109,7 @@ func (c *Commands) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) return nil, err } if existingIDP.State != domain.IDPConfigStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-2n0fs", "Errors.IAM.IDPConfig.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-2n0fs", "Errors.IAM.IDPConfig.NotActive") } instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewIDPConfigDeactivatedEvent(ctx, instanceAgg, idpID)) @@ -129,7 +129,7 @@ func (c *Commands) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) return nil, err } if existingIDP.State != domain.IDPConfigStateInactive { - return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") } instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewIDPConfigReactivatedEvent(ctx, instanceAgg, idpID)) @@ -149,7 +149,7 @@ func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idp return nil, err } if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified { - return nil, errors.ThrowNotFound(nil, "INSTANCE-4M0xy", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-4M0xy", "Errors.IDPConfig.NotExisting") } instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel) @@ -163,7 +163,7 @@ func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idp events = append(events, userEvents...) } orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel) - orgEvents := c.removeIDPFromLoginPolicy(ctx, orgAgg, idpID, true) + orgEvents := c.removeIDPFromLoginPolicy(ctx, orgAgg, idpID, true, externalIDPs...) events = append(events, orgEvents...) } @@ -184,7 +184,7 @@ func (c *Commands) getInstanceIDPConfigByID(ctx context.Context, idpID string) ( return nil, err } if !config.State.Exists() { - return nil, errors.ThrowNotFound(nil, "INSTANCE-p0pFF", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-p0pFF", "Errors.IDPConfig.NotExisting") } return writeModelToIDPConfig(&config.IDPConfigWriteModel), nil } diff --git a/internal/command/instance_idp_config_test.go b/internal/command/instance_idp_config_test.go index 3c6b829cad..5930db3619 100644 --- a/internal/command/instance_idp_config_test.go +++ b/internal/command/instance_idp_config_test.go @@ -10,13 +10,13 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultIDPConfig(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) { config: &domain.IDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -228,7 +228,7 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) { config: &domain.IDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -246,7 +246,7 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_idp_jwt_config.go b/internal/command/instance_idp_jwt_config.go index e13d429cbe..f2fdc376f5 100644 --- a/internal/command/instance_idp_jwt_config.go +++ b/internal/command/instance_idp_jwt_config.go @@ -4,12 +4,12 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeDefaultIDPJWTConfig(ctx context.Context, config *domain.JWTIDPConfig) (*domain.JWTIDPConfig, error) { if config.IDPConfigID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-m9322", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-m9322", "Errors.IDMissing") } existingConfig := NewInstanceIDPJWTConfigWriteModel(ctx, config.IDPConfigID) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig) @@ -18,7 +18,7 @@ func (c *Commands) ChangeDefaultIDPJWTConfig(ctx context.Context, config *domain } if existingConfig.State == domain.IDPConfigStateRemoved || existingConfig.State == domain.IDPConfigStateUnspecified { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-2m00d", "Errors.IAM.IDPConfig.AlreadyExists") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-2m00d", "Errors.IAM.IDPConfig.AlreadyExists") } instanceAgg := InstanceAggregateFromWriteModel(&existingConfig.WriteModel) @@ -34,7 +34,7 @@ func (c *Commands) ChangeDefaultIDPJWTConfig(ctx context.Context, config *domain return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-3n9gg", "Errors.IAM.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-3n9gg", "Errors.IAM.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/instance_idp_jwt_config_test.go b/internal/command/instance_idp_jwt_config_test.go index 37c32c4d33..da82a6e970 100644 --- a/internal/command/instance_idp_jwt_config_test.go +++ b/internal/command/instance_idp_jwt_config_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) { config: &domain.JWTIDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -70,7 +70,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -117,7 +117,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -162,7 +162,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_idp_oidc_config.go b/internal/command/instance_idp_oidc_config.go index ae659bc513..b9963c605a 100644 --- a/internal/command/instance_idp_oidc_config.go +++ b/internal/command/instance_idp_oidc_config.go @@ -4,12 +4,12 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) { if config.IDPConfigID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-9djf8", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-9djf8", "Errors.IDMissing") } existingConfig := NewInstanceIDPOIDCConfigWriteModel(ctx, config.IDPConfigID) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig) @@ -18,7 +18,7 @@ func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domai } if existingConfig.State == domain.IDPConfigStateRemoved || existingConfig.State == domain.IDPConfigStateUnspecified { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-67J9d", "Errors.IAM.IDPConfig.AlreadyExists") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-67J9d", "Errors.IAM.IDPConfig.AlreadyExists") } instanceAgg := InstanceAggregateFromWriteModel(&existingConfig.WriteModel) @@ -39,7 +39,7 @@ func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domai return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-d8kwF", "Errors.IAM.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-d8kwF", "Errors.IAM.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/instance_idp_oidc_config_test.go b/internal/command/instance_idp_oidc_config_test.go index b74842868d..410c5d2ac0 100644 --- a/internal/command/instance_idp_oidc_config_test.go +++ b/internal/command/instance_idp_oidc_config_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) { config: &domain.OIDCIDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -70,7 +70,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -126,7 +126,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -183,7 +183,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_idp_test.go b/internal/command/instance_idp_test.go index fe46dcd030..3ff14610dc 100644 --- a/internal/command/instance_idp_test.go +++ b/internal/command/instance_idp_test.go @@ -13,12 +13,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { @@ -54,7 +54,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-D32ef", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-D32ef", "")) }, }, }, @@ -72,7 +72,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dbgzf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dbgzf", "")) }, }, }, @@ -91,7 +91,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-DF4ga", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-DF4ga", "")) }, }, }, @@ -111,7 +111,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-B23bs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-B23bs", "")) }, }, }, @@ -132,7 +132,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-D2gj8", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-D2gj8", "")) }, }, }, @@ -154,7 +154,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Fb8jk", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Fb8jk", "")) }, }, }, @@ -177,7 +177,7 @@ func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdf3f", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdf3f", "")) }, }, }, @@ -337,7 +337,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAffg", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAffg", "")) }, }, }, @@ -353,7 +353,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Sf3gh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Sf3gh", "")) }, }, }, @@ -371,7 +371,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SHJ3ui", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SHJ3ui", "")) }, }, }, @@ -390,7 +390,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SVrgh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SVrgh", "")) }, }, }, @@ -410,7 +410,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-DJKeio", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-DJKeio", "")) }, }, }, @@ -431,7 +431,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-ILSJi", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-ILSJi", "")) }, }, }, @@ -453,7 +453,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-JKD3h", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-JKD3h", "")) }, }, }, @@ -477,7 +477,7 @@ func TestCommandSide_UpdateInstanceGenericOAuthIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -657,7 +657,7 @@ func TestCommandSide_AddInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Sgtj5", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Sgtj5", "")) }, }, }, @@ -675,7 +675,7 @@ func TestCommandSide_AddInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Hz6zj", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Hz6zj", "")) }, }, }, @@ -694,7 +694,7 @@ func TestCommandSide_AddInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-fb5jm", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-fb5jm", "")) }, }, }, @@ -714,7 +714,7 @@ func TestCommandSide_AddInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Sfdf4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Sfdf4", "")) }, }, }, @@ -865,7 +865,7 @@ func TestCommandSide_UpdateInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAfd3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAfd3", "")) }, }, }, @@ -881,7 +881,7 @@ func TestCommandSide_UpdateInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dvf4f", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dvf4f", "")) }, }, }, @@ -899,7 +899,7 @@ func TestCommandSide_UpdateInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-BDfr3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-BDfr3", "")) }, }, }, @@ -918,7 +918,7 @@ func TestCommandSide_UpdateInstanceGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Db3bs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Db3bs", "")) }, }, }, @@ -939,7 +939,7 @@ func TestCommandSide_UpdateInstanceGenericOIDCIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1107,7 +1107,7 @@ func TestCommandSide_MigrateInstanceGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdf3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "")) }, }, }, @@ -1124,7 +1124,7 @@ func TestCommandSide_MigrateInstanceGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Fhbr2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "")) }, }, }, @@ -1142,7 +1142,7 @@ func TestCommandSide_MigrateInstanceGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dzh3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "")) }, }, }, @@ -1163,7 +1163,7 @@ func TestCommandSide_MigrateInstanceGenericOIDCToAzureADProvider(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1348,7 +1348,7 @@ func TestCommandSide_MigrateInstanceOIDCToGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-D3fvs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "")) }, }, }, @@ -1365,7 +1365,7 @@ func TestCommandSide_MigrateInstanceOIDCToGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-W2vqs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "")) }, }, }, @@ -1385,7 +1385,7 @@ func TestCommandSide_MigrateInstanceOIDCToGoogleIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1558,7 +1558,7 @@ func TestCommandSide_AddInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdf3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdf3g", "")) }, }, }, @@ -1576,7 +1576,7 @@ func TestCommandSide_AddInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Fhbr2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Fhbr2", "")) }, }, }, @@ -1595,7 +1595,7 @@ func TestCommandSide_AddInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dzh3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dzh3g", "")) }, }, }, @@ -1745,7 +1745,7 @@ func TestCommandSide_UpdateInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAgh2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAgh2", "")) }, }, }, @@ -1761,7 +1761,7 @@ func TestCommandSide_UpdateInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-fh3h1", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-fh3h1", "")) }, }, }, @@ -1779,7 +1779,7 @@ func TestCommandSide_UpdateInstanceAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-dmitg", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-dmitg", "")) }, }, }, @@ -1799,7 +1799,7 @@ func TestCommandSide_UpdateInstanceAzureADIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1967,7 +1967,7 @@ func TestCommandSide_AddInstanceGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Jdsgf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Jdsgf", "")) }, }, }, @@ -1985,7 +1985,7 @@ func TestCommandSide_AddInstanceGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-dsgz3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-dsgz3", "")) }, }, }, @@ -2128,7 +2128,7 @@ func TestCommandSide_UpdateInstanceGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdf4h", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdf4h", "")) }, }, }, @@ -2144,7 +2144,7 @@ func TestCommandSide_UpdateInstanceGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-fdh5z", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-fdh5z", "")) }, }, }, @@ -2163,7 +2163,7 @@ func TestCommandSide_UpdateInstanceGitHubIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2322,7 +2322,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dg4td", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dg4td", "")) }, }, }, @@ -2340,7 +2340,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-dgj53", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-dgj53", "")) }, }, }, @@ -2359,7 +2359,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Ghjjs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Ghjjs", "")) }, }, }, @@ -2379,7 +2379,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sani2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sani2", "")) }, }, }, @@ -2400,7 +2400,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-agj42", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-agj42", "")) }, }, }, @@ -2422,7 +2422,7 @@ func TestCommandSide_AddInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sd5hn", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sd5hn", "")) }, }, }, @@ -2578,7 +2578,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdfh3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdfh3", "")) }, }, }, @@ -2594,7 +2594,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-shj42", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-shj42", "")) }, }, }, @@ -2612,7 +2612,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdh73", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdh73", "")) }, }, }, @@ -2631,7 +2631,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-acx2w", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-acx2w", "")) }, }, }, @@ -2651,7 +2651,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-dgj6q", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-dgj6q", "")) }, }, }, @@ -2672,7 +2672,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-ybj62", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-ybj62", "")) }, }, }, @@ -2695,7 +2695,7 @@ func TestCommandSide_UpdateInstanceGitHubEnterpriseIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2870,7 +2870,7 @@ func TestCommandSide_AddInstanceGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-adsg2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-adsg2", "")) }, }, }, @@ -2888,7 +2888,7 @@ func TestCommandSide_AddInstanceGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-GD1j2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-GD1j2", "")) }, }, }, @@ -3030,7 +3030,7 @@ func TestCommandSide_UpdateInstanceGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-HJK91", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-HJK91", "")) }, }, }, @@ -3046,7 +3046,7 @@ func TestCommandSide_UpdateInstanceGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-D12t6", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-D12t6", "")) }, }, }, @@ -3065,7 +3065,7 @@ func TestCommandSide_UpdateInstanceGitLabIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -3222,7 +3222,7 @@ func TestCommandSide_AddInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-jw4ZT", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-jw4ZT", "")) }, }, }, @@ -3240,7 +3240,7 @@ func TestCommandSide_AddInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-AST4S", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-AST4S", "")) }, }, }, @@ -3259,7 +3259,7 @@ func TestCommandSide_AddInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-DBZHJ", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-DBZHJ", "")) }, }, }, @@ -3279,7 +3279,7 @@ func TestCommandSide_AddInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SDGJ4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SDGJ4", "")) }, }, }, @@ -3427,7 +3427,7 @@ func TestCommandSide_UpdateInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAFG4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAFG4", "")) }, }, }, @@ -3443,7 +3443,7 @@ func TestCommandSide_UpdateInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-DG4H", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-DG4H", "")) }, }, }, @@ -3461,7 +3461,7 @@ func TestCommandSide_UpdateInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SD4eb", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SD4eb", "")) }, }, }, @@ -3480,7 +3480,7 @@ func TestCommandSide_UpdateInstanceGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-GHWE3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-GHWE3", "")) }, }, }, @@ -3501,7 +3501,7 @@ func TestCommandSide_UpdateInstanceGitLabSelfHostedIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -3666,7 +3666,7 @@ func TestCommandSide_AddInstanceGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-D3fvs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-D3fvs", "")) }, }, }, @@ -3684,7 +3684,7 @@ func TestCommandSide_AddInstanceGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-W2vqs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-W2vqs", "")) }, }, }, @@ -3826,7 +3826,7 @@ func TestCommandSide_UpdateInstanceGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-S32t1", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-S32t1", "")) }, }, }, @@ -3842,7 +3842,7 @@ func TestCommandSide_UpdateInstanceGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-ds432", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-ds432", "")) }, }, }, @@ -3861,7 +3861,7 @@ func TestCommandSide_UpdateInstanceGoogleIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -4018,7 +4018,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAfdd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAfdd", "")) }, }, }, @@ -4036,7 +4036,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sv31s", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sv31s", "")) }, }, }, @@ -4055,7 +4055,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-sdgf4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-sdgf4", "")) }, }, }, @@ -4075,7 +4075,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-AEG2w", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-AEG2w", "")) }, }, }, @@ -4096,7 +4096,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAD5n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAD5n", "")) }, }, }, @@ -4118,7 +4118,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAx905n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAx905n", "")) }, }, }, @@ -4141,7 +4141,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-S1x905n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-S1x905n", "")) }, }, }, @@ -4165,7 +4165,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-aAx905n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-aAx905n", "")) }, }, }, @@ -4365,7 +4365,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Dgdbs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Dgdbs", "")) }, }, }, @@ -4381,7 +4381,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Sffgd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Sffgd", "")) }, }, }, @@ -4399,7 +4399,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-vb3ss", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-vb3ss", "")) }, }, }, @@ -4418,7 +4418,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-hbere", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-hbere", "")) }, }, }, @@ -4438,7 +4438,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-DG45z", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-DG45z", "")) }, }, }, @@ -4459,7 +4459,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SAx945n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SAx945n", "")) }, }, }, @@ -4481,7 +4481,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-S1x605n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-S1x605n", "")) }, }, }, @@ -4504,7 +4504,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-aAx901n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-aAx901n", "")) }, }, }, @@ -4531,7 +4531,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "INST-ASF3F", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "INST-ASF3F", "")) }, }, }, @@ -4755,7 +4755,7 @@ func TestCommandSide_AddInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-jkn3w", "Errors.IDP.ClientIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-jkn3w", "Errors.IDP.ClientIDMissing")) }, }, }, @@ -4773,7 +4773,7 @@ func TestCommandSide_AddInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Ffg32", "Errors.IDP.TeamIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Ffg32", "Errors.IDP.TeamIDMissing")) }, }, }, @@ -4792,7 +4792,7 @@ func TestCommandSide_AddInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-GDjm5", "Errors.IDP.KeyIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-GDjm5", "Errors.IDP.KeyIDMissing")) }, }, }, @@ -4812,7 +4812,7 @@ func TestCommandSide_AddInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-GVD4n", "Errors.IDP.PrivateKeyMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-GVD4n", "Errors.IDP.PrivateKeyMissing")) }, }, }, @@ -4962,7 +4962,7 @@ func TestCommandSide_UpdateInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-FRHBH", "Errors.IDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-FRHBH", "Errors.IDMissing")) }, }, }, @@ -4978,7 +4978,7 @@ func TestCommandSide_UpdateInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SFm4l", "Errors.IDP.ClientIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SFm4l", "Errors.IDP.ClientIDMissing")) }, }, }, @@ -4996,7 +4996,7 @@ func TestCommandSide_UpdateInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-SG34t", "Errors.IDP.TeamIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-SG34t", "Errors.IDP.TeamIDMissing")) }, }, }, @@ -5015,7 +5015,7 @@ func TestCommandSide_UpdateInstanceAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-Gh4z2", "Errors.IDP.KeyIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-Gh4z2", "Errors.IDP.KeyIDMissing")) }, }, }, @@ -5036,7 +5036,7 @@ func TestCommandSide_UpdateInstanceAppleIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -5204,7 +5204,7 @@ func TestCommandSide_AddInstanceSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-o07zjotgnd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-o07zjotgnd", "")) }, }, }, @@ -5222,7 +5222,7 @@ func TestCommandSide_AddInstanceSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-3bi3esi16t", "Errors.Invalid.Argument")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-3bi3esi16t", "Errors.Invalid.Argument")) }, }, }, @@ -5372,7 +5372,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-7o3rq1owpm", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-7o3rq1owpm", "")) }, }, }, @@ -5388,7 +5388,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-q2s9rak7o9", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-q2s9rak7o9", "")) }, }, }, @@ -5406,7 +5406,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-iw1rxnf4sf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-iw1rxnf4sf", "")) }, }, }, @@ -5426,7 +5426,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -5582,7 +5582,7 @@ func TestCommandSide_RegenerateInstanceSAMLProviderCertificate(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "INST-7de108gqya", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-7de108gqya", "")) }, }, }, @@ -5598,7 +5598,7 @@ func TestCommandSide_RegenerateInstanceSAMLProviderCertificate(t *testing.T) { id: "id1", }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_member.go b/internal/command/instance_member.go index b7d78a939a..ee9bf15f84 100644 --- a/internal/command/instance_member.go +++ b/internal/command/instance_member.go @@ -7,26 +7,26 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddInstanceMemberCommand(a *instance.Aggregate, userID string, roles ...string) preparation.Validation { return func() (preparation.CreateCommands, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "INSTA-SDSfs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTA-SDSfs", "Errors.Invalid.Argument") } if len(domain.CheckForInvalidRoles(roles, domain.IAMRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-4m0fS", "Errors.IAM.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-4m0fS", "Errors.IAM.MemberInvalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { if exists, err := ExistsUser(ctx, filter, userID, ""); err != nil || !exists { - return nil, errors.ThrowPreconditionFailed(err, "INSTA-GSXOn", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "INSTA-GSXOn", "Errors.User.NotFound") } if isMember, err := IsInstanceMember(ctx, filter, a.ID, userID); err != nil || isMember { - return nil, errors.ThrowAlreadyExists(err, "INSTA-pFDwe", "Errors.Instance.Member.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(err, "INSTA-pFDwe", "Errors.Instance.Member.AlreadyExists") } return []eventstore.Command{instance.NewMemberAddedEvent(ctx, &a.Aggregate, userID, roles...)}, nil }, @@ -90,10 +90,10 @@ func (c *Commands) AddInstanceMember(ctx context.Context, userID string, roles . // ChangeInstanceMember updates an existing member func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { if !member.IsIAMValid() { - return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IAM.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IAM.MemberInvalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.IAMRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-3m9fs", "Errors.IAM.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-3m9fs", "Errors.IAM.MemberInvalid") } existingMember, err := c.instanceMemberWriteModelByID(ctx, member.UserID) @@ -102,7 +102,7 @@ func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Memb } if reflect.DeepEqual(existingMember.Roles, member.Roles) { - return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-LiaZi", "Errors.IAM.Member.RolesNotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-LiaZi", "Errors.IAM.Member.RolesNotChanged") } instanceAgg := InstanceAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewMemberChangedEvent(ctx, instanceAgg, member.UserID, member.Roles...)) @@ -119,13 +119,13 @@ func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Memb func (c *Commands) RemoveInstanceMember(ctx context.Context, userID string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IDMissing") } memberWriteModel, err := c.instanceMemberWriteModelByID(ctx, userID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { // empty response because we have no data that match the request return &domain.ObjectDetails{}, nil } @@ -166,7 +166,7 @@ func (c *Commands) instanceMemberWriteModelByID(ctx context.Context, userID stri } if writeModel.State == domain.MemberStateUnspecified || writeModel.State == domain.MemberStateRemoved { - return nil, errors.ThrowNotFound(nil, "INSTANCE-D8JxR", "Errors.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-D8JxR", "Errors.NotFound") } return writeModel, nil diff --git a/internal/command/instance_member_test.go b/internal/command/instance_member_test.go index 384fdecae4..f520bc3240 100644 --- a/internal/command/instance_member_test.go +++ b/internal/command/instance_member_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddIAMMember(t *testing.T) { @@ -47,7 +47,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -63,7 +63,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { roles: []string{"IAM_OWNER"}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -85,7 +85,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { roles: []string{"IAM_OWNER"}, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -130,7 +130,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { roles: []string{"IAM_OWNER"}, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -155,7 +155,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { ), ), expectFilter(), - expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internal"), instance.NewMemberAddedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, "user1", @@ -175,7 +175,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) { roles: []string{"IAM_OWNER"}, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -285,7 +285,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) { member: &domain.Member{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -303,7 +303,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -327,7 +327,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -359,7 +359,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -464,7 +464,7 @@ func TestCommandSide_RemoveIAMMember(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/instance_oidc_settings.go b/internal/command/instance_oidc_settings.go index c44fc3b567..009198dfe5 100644 --- a/internal/command/instance_oidc_settings.go +++ b/internal/command/instance_oidc_settings.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) prepareAddOIDCSettings(a *instance.Aggregate, accessTokenLifetime, idTokenLifetime, refreshTokenIdleExpiration, refreshTokenExpiration time.Duration) preparation.Validation { @@ -18,7 +18,7 @@ func (c *Commands) prepareAddOIDCSettings(a *instance.Aggregate, accessTokenLife idTokenLifetime == time.Duration(0) || refreshTokenIdleExpiration == time.Duration(0) || refreshTokenExpiration == time.Duration(0) { - return nil, errors.ThrowInvalidArgument(nil, "INST-10s82j", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-10s82j", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { @@ -27,7 +27,7 @@ func (c *Commands) prepareAddOIDCSettings(a *instance.Aggregate, accessTokenLife return nil, err } if writeModel.State == domain.OIDCSettingsStateActive { - return nil, errors.ThrowAlreadyExists(nil, "INST-0aaj1o", "Errors.OIDCSettings.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INST-0aaj1o", "Errors.OIDCSettings.AlreadyExists") } return []eventstore.Command{ instance.NewOIDCSettingsAddedEvent( @@ -49,7 +49,7 @@ func (c *Commands) prepareUpdateOIDCSettings(a *instance.Aggregate, accessTokenL idTokenLifetime == time.Duration(0) || refreshTokenIdleExpiration == time.Duration(0) || refreshTokenExpiration == time.Duration(0) { - return nil, errors.ThrowInvalidArgument(nil, "INST-10sxks", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-10sxks", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { @@ -58,7 +58,7 @@ func (c *Commands) prepareUpdateOIDCSettings(a *instance.Aggregate, accessTokenL return nil, err } if writeModel.State != domain.OIDCSettingsStateActive { - return nil, errors.ThrowNotFound(nil, "INST-90s32oj", "Errors.OIDCSettings.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INST-90s32oj", "Errors.OIDCSettings.NotFound") } changedEvent, hasChanged, err := writeModel.NewChangedEvent( ctx, @@ -72,7 +72,7 @@ func (c *Commands) prepareUpdateOIDCSettings(a *instance.Aggregate, accessTokenL return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-0pk2nu", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-0pk2nu", "Errors.NoChangesFound") } return []eventstore.Command{ changedEvent, diff --git a/internal/command/instance_oidc_settings_test.go b/internal/command/instance_oidc_settings_test.go index ebd04982e7..353efa5813 100644 --- a/internal/command/instance_oidc_settings_test.go +++ b/internal/command/instance_oidc_settings_test.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddOIDCConfig(t *testing.T) { @@ -60,7 +60,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -113,7 +113,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -133,7 +133,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -153,7 +153,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -173,7 +173,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, } @@ -232,7 +232,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -252,7 +252,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -272,7 +272,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -292,7 +292,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -312,7 +312,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -344,7 +344,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_domain.go b/internal/command/instance_policy_domain.go index 13941b6929..969bc219fe 100644 --- a/internal/command/instance_policy_domain.go +++ b/internal/command/instance_policy_domain.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultDomainPolicy(ctx context.Context, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (*domain.ObjectDetails, error) { @@ -44,19 +44,19 @@ func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, userLoginMustB } func (c *Commands) getDefaultDomainPolicy(ctx context.Context) (*domain.DomainPolicy, error) { - policyWriteModel, err := c.defaultDomainPolicyWriteModelByID(ctx) + policyWriteModel, err := c.instanceDomainPolicyWriteModel(ctx) if err != nil { return nil, err } if !policyWriteModel.State.Exists() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-3n8fs", "Errors.IAM.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-3n8fs", "Errors.IAM.PasswordComplexityPolicy.NotFound") } policy := writeModelToDomainPolicy(policyWriteModel) policy.Default = true return policy, nil } -func (c *Commands) defaultDomainPolicyWriteModelByID(ctx context.Context) (policy *InstanceDomainPolicyWriteModel, err error) { +func (c *Commands) instanceDomainPolicyWriteModel(ctx context.Context) (policy *InstanceDomainPolicyWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() @@ -81,7 +81,7 @@ func prepareAddDefaultDomainPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.DomainPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.DomainPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewDomainPolicyAddedEvent(ctx, &a.Aggregate, @@ -107,7 +107,7 @@ func prepareChangeDefaultDomainPolicy( return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0Pl0d", "Errors.Instance.DomainPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0Pl0d", "Errors.Instance.DomainPolicy.NotFound") } changedEvent, usernameChange, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, userLoginMustBeDomain, diff --git a/internal/command/instance_policy_domain_model.go b/internal/command/instance_policy_domain_model.go index 9ce7665283..0ae6015dc1 100644 --- a/internal/command/instance_policy_domain_model.go +++ b/internal/command/instance_policy_domain_model.go @@ -4,11 +4,11 @@ import ( "context" "github.com/zitadel/zitadel/internal/api/authz" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) type InstanceDomainPolicyWriteModel struct { @@ -71,7 +71,7 @@ func (wm *InstanceDomainPolicyWriteModel) NewChangedEvent( changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddresssMatchesInstanceDomain)) } if len(changes) == 0 { - return nil, false, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged") + return nil, false, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged") } changedEvent, err = instance.NewDomainPolicyChangedEvent(ctx, aggregate, changes) return changedEvent, usernameChange, err diff --git a/internal/command/instance_policy_domain_test.go b/internal/command/instance_policy_domain_test.go index 22bca56ef4..e2b5c2ccce 100644 --- a/internal/command/instance_policy_domain_test.go +++ b/internal/command/instance_policy_domain_test.go @@ -9,12 +9,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) { @@ -61,7 +61,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -147,7 +147,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -174,7 +174,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_label.go b/internal/command/instance_policy_label.go index 4a083fce27..8392a7d564 100644 --- a/internal/command/instance_policy_label.go +++ b/internal/command/instance_policy_label.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultLabelPolicy( @@ -54,7 +54,7 @@ func (c *Commands) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain. } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0K9dq", "Errors.IAM.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0K9dq", "Errors.IAM.LabelPolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent( @@ -73,7 +73,7 @@ func (c *Commands) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain. policy.DisableWatermark, policy.ThemeMode) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-28fHe", "Errors.IAM.LabelPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-28fHe", "Errors.IAM.LabelPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -107,11 +107,11 @@ func (c *Commands) AddLogoDefaultLabelPolicy(ctx context.Context, upload *AssetU } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Qw0pd", "Errors.IAM.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-Qw0pd", "Errors.IAM.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "INSTANCE-3m20c", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-3m20c", "Errors.Assets.Object.PutFailed") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLabelPolicyLogoAddedEvent(ctx, instanceAgg, asset.Name)) @@ -132,7 +132,7 @@ func (c *Commands) RemoveLogoDefaultLabelPolicy(ctx context.Context) (*domain.Ob } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Xc8Kf", "Errors.IAM.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-Xc8Kf", "Errors.IAM.LabelPolicy.NotFound") } err = c.removeAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.LogoKey) @@ -158,11 +158,11 @@ func (c *Commands) AddIconDefaultLabelPolicy(ctx context.Context, upload *AssetU } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-1yMx0", "Errors.IAM.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-1yMx0", "Errors.IAM.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "INSTANCE-yxE4f", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-yxE4f", "Errors.Assets.Object.PutFailed") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLabelPolicyIconAddedEvent(ctx, instanceAgg, asset.Name)) @@ -183,7 +183,7 @@ func (c *Commands) RemoveIconDefaultLabelPolicy(ctx context.Context) (*domain.Ob } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-4M0qw", "Errors.IAM.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-4M0qw", "Errors.IAM.LabelPolicy.NotFound") } err = c.removeAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.IconKey) if err != nil { @@ -208,11 +208,11 @@ func (c *Commands) AddLogoDarkDefaultLabelPolicy(ctx context.Context, upload *As } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-ZR9fs", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-ZR9fs", "Errors.Instance.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "INSTANCE-4fMs9", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-4fMs9", "Errors.Assets.Object.PutFailed") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLabelPolicyLogoDarkAddedEvent(ctx, instanceAgg, asset.Name)) @@ -233,7 +233,7 @@ func (c *Commands) RemoveLogoDarkDefaultLabelPolicy(ctx context.Context) (*domai } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-3FGds", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-3FGds", "Errors.Instance.LabelPolicy.NotFound") } err = c.removeAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.LogoDarkKey) if err != nil { @@ -258,11 +258,11 @@ func (c *Commands) AddIconDarkDefaultLabelPolicy(ctx context.Context, upload *As } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-vMsf9", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-vMsf9", "Errors.Instance.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "INSTANCE-1cxM3", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-1cxM3", "Errors.Assets.Object.PutFailed") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLabelPolicyIconDarkAddedEvent(ctx, instanceAgg, asset.Name)) @@ -283,7 +283,7 @@ func (c *Commands) RemoveIconDarkDefaultLabelPolicy(ctx context.Context) (*domai } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-2nc7F", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-2nc7F", "Errors.Instance.LabelPolicy.NotFound") } err = c.removeAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.IconDarkKey) if err != nil { @@ -308,11 +308,11 @@ func (c *Commands) AddFontDefaultLabelPolicy(ctx context.Context, upload *AssetU } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-1N8fE", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-1N8fE", "Errors.Instance.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(nil, "INSTANCE-1N8fs", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(nil, "INSTANCE-1N8fs", "Errors.Assets.Object.PutFailed") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLabelPolicyFontAddedEvent(ctx, instanceAgg, asset.Name)) @@ -333,7 +333,7 @@ func (c *Commands) RemoveFontDefaultLabelPolicy(ctx context.Context) (*domain.Ob } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Tk0gw", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-Tk0gw", "Errors.Instance.LabelPolicy.NotFound") } err = c.removeAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.FontKey) if err != nil { @@ -400,7 +400,7 @@ func prepareAddDefaultLabelPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.LabelPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.LabelPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewLabelPolicyAddedEvent(ctx, &a.Aggregate, @@ -437,7 +437,7 @@ func prepareActivateDefaultLabelPolicy( return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-6M23e", "Errors.Instance.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-6M23e", "Errors.Instance.LabelPolicy.NotFound") } return []eventstore.Command{ instance.NewLabelPolicyActivatedEvent(ctx, &a.Aggregate), diff --git a/internal/command/instance_policy_label_test.go b/internal/command/instance_policy_label_test.go index 35afb8bf89..ca508d414b 100644 --- a/internal/command/instance_policy_label_test.go +++ b/internal/command/instance_policy_label_test.go @@ -10,13 +10,13 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" "github.com/zitadel/zitadel/internal/static" "github.com/zitadel/zitadel/internal/static/mock" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) { @@ -90,7 +90,7 @@ func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) { themeMode: domain.LabelPolicyThemeAuto, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -208,7 +208,7 @@ func TestCommandSide_ChangeDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -255,7 +255,7 @@ func TestCommandSide_ChangeDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -388,7 +388,7 @@ func TestCommandSide_ActivateDefaultLabelPolicy(t *testing.T) { ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -490,7 +490,7 @@ func TestCommandSide_AddLogoDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -532,7 +532,7 @@ func TestCommandSide_AddLogoDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -636,7 +636,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -676,7 +676,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -787,7 +787,7 @@ func TestCommandSide_AddIconDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -829,7 +829,7 @@ func TestCommandSide_AddIconDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -933,7 +933,7 @@ func TestCommandSide_RemoveIconDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1046,7 +1046,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1089,7 +1089,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1193,7 +1193,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1233,7 +1233,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1344,7 +1344,7 @@ func TestCommandSide_AddIconDarkDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1386,7 +1386,7 @@ func TestCommandSide_AddIconDarkDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1490,7 +1490,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1530,7 +1530,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1641,7 +1641,7 @@ func TestCommandSide_AddFontDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1683,7 +1683,7 @@ func TestCommandSide_AddFontDefaultLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1787,7 +1787,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1827,7 +1827,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { diff --git a/internal/command/instance_policy_login.go b/internal/command/instance_policy_login.go index 6e6ce70e6a..3a5cfda5f5 100644 --- a/internal/command/instance_policy_login.go +++ b/internal/command/instance_policy_login.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeDefaultLoginPolicy(ctx context.Context, policy *ChangeLoginPolicy) (*domain.ObjectDetails, error) { @@ -30,7 +30,7 @@ func (c *Commands) ChangeDefaultLoginPolicy(ctx context.Context, policy *ChangeL func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { if !idpProvider.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-9nf88", "Errors.IAM.LoginPolicy.IDP.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-9nf88", "Errors.IAM.LoginPolicy.IDP.Invalid") } existingPolicy := NewInstanceLoginPolicyWriteModel(ctx) err := c.defaultLoginPolicyWriteModelByID(ctx, existingPolicy) @@ -38,12 +38,12 @@ func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpPr return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-GVDfe", "Errors.IAM.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-GVDfe", "Errors.IAM.LoginPolicy.NotFound") } exists, err := ExistsInstanceIDP(ctx, c.eventstore.Filter, idpProvider.IDPConfigID) if err != nil || !exists { - return nil, caos_errs.ThrowPreconditionFailed(err, "INSTANCE-m8fsd", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "INSTANCE-m8fsd", "Errors.IDPConfig.NotExisting") } idpModel := NewInstanceIdentityProviderWriteModel(ctx, idpProvider.IDPConfigID) err = c.eventstore.FilterToQueryReducer(ctx, idpModel) @@ -51,7 +51,7 @@ func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpPr return nil, err } if idpModel.State == domain.IdentityProviderStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.IAM.LoginPolicy.IDP.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.IAM.LoginPolicy.IDP.AlreadyExists") } instanceAgg := InstanceAggregateFromWriteModel(&idpModel.WriteModel) @@ -66,9 +66,9 @@ func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpPr return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil } -func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.UserIDPLink) (*domain.ObjectDetails, error) { +func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.ObjectDetails, error) { if !idpProvider.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-66m9s", "Errors.IAM.LoginPolicy.IDP.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-66m9s", "Errors.IAM.LoginPolicy.IDP.Invalid") } existingPolicy := NewInstanceLoginPolicyWriteModel(ctx) err := c.defaultLoginPolicyWriteModelByID(ctx, existingPolicy) @@ -76,7 +76,7 @@ func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Dfg4t", "Errors.IAM.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-Dfg4t", "Errors.IAM.LoginPolicy.NotFound") } idpModel := NewInstanceIdentityProviderWriteModel(ctx, idpProvider.IDPConfigID) @@ -85,11 +85,11 @@ func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, return nil, err } if idpModel.State == domain.IdentityProviderStateUnspecified || idpModel.State == domain.IdentityProviderStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-39fjs", "Errors.IAM.LoginPolicy.IDP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-39fjs", "Errors.IAM.LoginPolicy.IDP.NotExisting") } instanceAgg := InstanceAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel) - events := c.removeIDPProviderFromDefaultLoginPolicy(ctx, instanceAgg, idpProvider, false, cascadeExternalIDPs...) + events := c.removeIDPProviderFromDefaultLoginPolicy(ctx, instanceAgg, idpProvider, false) pushedEvents, err := c.eventstore.Push(ctx, events...) if err != nil { return nil, err @@ -135,7 +135,7 @@ func (c *Commands) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, seco func (c *Commands) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) (*domain.ObjectDetails, error) { if !secondFactor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-55n8s", "Errors.IAM.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-55n8s", "Errors.IAM.LoginPolicy.MFA.Unspecified") } secondFactorModel := NewInstanceSecondFactorWriteModel(ctx, secondFactor) err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel) @@ -143,7 +143,7 @@ func (c *Commands) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, return nil, err } if secondFactorModel.State == domain.FactorStateUnspecified || secondFactorModel.State == domain.FactorStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting") } instanceAgg := InstanceAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLoginPolicySecondFactorRemovedEvent(ctx, instanceAgg, secondFactor)) @@ -172,7 +172,7 @@ func (c *Commands) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multi func (c *Commands) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) (*domain.ObjectDetails, error) { if !multiFactor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-33m9F", "Errors.IAM.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-33m9F", "Errors.IAM.LoginPolicy.MFA.Unspecified") } multiFactorModel := NewInstanceMultiFactorWriteModel(ctx, multiFactor) err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel) @@ -180,7 +180,7 @@ func (c *Commands) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, return nil, err } if multiFactorModel.State == domain.FactorStateUnspecified || multiFactorModel.State == domain.FactorStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting") } instanceAgg := InstanceAggregateFromWriteModel(&multiFactorModel.MultiFactorWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewLoginPolicyMultiFactorRemovedEvent(ctx, instanceAgg, multiFactor)) @@ -215,7 +215,7 @@ func (c *Commands) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginPoli func prepareChangeDefaultLoginPolicy(a *instance.Aggregate, policy *ChangeLoginPolicy) preparation.Validation { return func() (preparation.CreateCommands, error) { if ok := domain.ValidateDefaultRedirectURI(policy.DefaultRedirectURI); !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "IAM-SFdqd", "Errors.IAM.LoginPolicy.RedirectURIInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "IAM-SFdqd", "Errors.IAM.LoginPolicy.RedirectURIInvalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { wm := NewInstanceLoginPolicyWriteModel(ctx) @@ -223,7 +223,7 @@ func prepareChangeDefaultLoginPolicy(a *instance.Aggregate, policy *ChangeLoginP return nil, err } if !wm.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-M0sif", "Errors.IAM.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-M0sif", "Errors.IAM.LoginPolicy.NotFound") } changedEvent, hasChanged := wm.NewChangedEvent(ctx, &a.Aggregate, policy.AllowUsernamePassword, @@ -244,7 +244,7 @@ func prepareChangeDefaultLoginPolicy(a *instance.Aggregate, policy *ChangeLoginP policy.SecondFactorCheckLifetime, policy.MultiFactorCheckLifetime) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged") } return []eventstore.Command{changedEvent}, nil }, nil @@ -283,7 +283,7 @@ func prepareAddDefaultLoginPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.LoginPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.LoginPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewLoginPolicyAddedEvent(ctx, &a.Aggregate, @@ -313,7 +313,7 @@ func prepareAddDefaultLoginPolicy( func prepareAddSecondFactorToDefaultLoginPolicy(a *instance.Aggregate, factor domain.SecondFactorType) preparation.Validation { return func() (preparation.CreateCommands, error) { if !factor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.Instance.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.Instance.LoginPolicy.MFA.Unspecified") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel := NewInstanceSecondFactorWriteModel(ctx, factor) @@ -326,7 +326,7 @@ func prepareAddSecondFactorToDefaultLoginPolicy(a *instance.Aggregate, factor do return nil, err } if writeModel.State == domain.FactorStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.MFA.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-2B0ps", "Errors.Instance.MFA.AlreadyExists") } return []eventstore.Command{ instance.NewLoginPolicySecondFactorAddedEvent(ctx, &a.Aggregate, factor), @@ -338,7 +338,7 @@ func prepareAddSecondFactorToDefaultLoginPolicy(a *instance.Aggregate, factor do func prepareAddMultiFactorToDefaultLoginPolicy(a *instance.Aggregate, factor domain.MultiFactorType) preparation.Validation { return func() (preparation.CreateCommands, error) { if !factor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.Instance.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.Instance.LoginPolicy.MFA.Unspecified") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel := NewInstanceMultiFactorWriteModel(ctx, factor) @@ -351,7 +351,7 @@ func prepareAddMultiFactorToDefaultLoginPolicy(a *instance.Aggregate, factor dom return nil, err } if writeModel.State == domain.FactorStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-3M9od", "Errors.Instance.MFA.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-3M9od", "Errors.Instance.MFA.AlreadyExists") } return []eventstore.Command{ instance.NewLoginPolicyMultiFactorAddedEvent(ctx, &a.Aggregate, factor), diff --git a/internal/command/instance_policy_login_test.go b/internal/command/instance_policy_login_test.go index bd472da15a..a3f9a936b8 100644 --- a/internal/command/instance_policy_login_test.go +++ b/internal/command/instance_policy_login_test.go @@ -9,12 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" - "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) { @@ -51,7 +50,7 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -108,7 +107,7 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -241,7 +240,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) { provider: &domain.IDPProvider{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -259,7 +258,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -301,7 +300,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -362,7 +361,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -458,9 +457,8 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { eventstore *eventstore.Eventstore } type args struct { - ctx context.Context - provider *domain.IDPProvider - cascadeExternalIDPs []*domain.UserIDPLink + ctx context.Context + provider *domain.IDPProvider } type res struct { want *domain.ObjectDetails @@ -484,7 +482,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { provider: &domain.IDPProvider{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -502,7 +500,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -544,7 +542,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -599,7 +597,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -707,89 +705,6 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { provider: &domain.IDPProvider{ IDPConfigID: "config1", }, - cascadeExternalIDPs: []*domain.UserIDPLink{ - { - ObjectRoot: models.ObjectRoot{ - AggregateID: "user1", - }, - IDPConfigID: "config1", - }, - }, - }, - res: res{ - want: &domain.ObjectDetails{ - ResourceOwner: "INSTANCE", - }, - }, - }, - { - name: "remove provider with external idps, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - instance.NewLoginPolicyAddedEvent(context.Background(), - &instance.NewAggregate("INSTANCE").Aggregate, - true, - true, - true, - true, - true, - true, - true, - true, - true, - true, - domain.PasswordlessTypeAllowed, - "", - time.Hour*1, - time.Hour*2, - time.Hour*3, - time.Hour*4, - time.Hour*5, - ), - ), - ), - expectFilter( - eventFromEventPusher( - instance.NewIdentityProviderAddedEvent(context.Background(), - &instance.NewAggregate("INSTANCE").Aggregate, - "config1", - ), - ), - ), - expectFilter( - eventFromEventPusher( - user.NewUserIDPLinkAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "config1", "", "externaluser1"), - ), - ), - expectPush( - instance.NewIdentityProviderRemovedEvent(context.Background(), - &instance.NewAggregate("INSTANCE").Aggregate, - "config1"), - user.NewUserIDPLinkCascadeRemovedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "config1", "externaluser1"), - ), - ), - }, - args: args{ - ctx: context.Background(), - provider: &domain.IDPProvider{ - IDPConfigID: "config1", - }, - cascadeExternalIDPs: []*domain.UserIDPLink{ - { - ObjectRoot: models.ObjectRoot{ - AggregateID: "user1", - }, - IDPConfigID: "config1", - ExternalUserID: "externaluser1", - }, - }, }, res: res{ want: &domain.ObjectDetails{ @@ -803,7 +718,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } - got, err := r.RemoveIDPProviderFromDefaultLoginPolicy(tt.args.ctx, tt.args.provider, tt.args.cascadeExternalIDPs...) + got, err := r.RemoveIDPProviderFromDefaultLoginPolicy(tt.args.ctx, tt.args.provider) if tt.res.err == nil { assert.NoError(t, err) } @@ -847,7 +762,7 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -870,7 +785,7 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeTOTP, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -1022,7 +937,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1038,7 +953,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeTOTP, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1067,7 +982,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeTOTP, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1096,7 +1011,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeOTPEmail, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1125,7 +1040,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeOTPSMS, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1238,7 +1153,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeOTPSMS, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, } @@ -1291,7 +1206,7 @@ func TestCommandSide_AddMultiFactorDefaultLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1314,7 +1229,7 @@ func TestCommandSide_AddMultiFactorDefaultLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeU2FWithPIN, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -1390,7 +1305,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1406,7 +1321,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeU2FWithPIN, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1435,7 +1350,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeU2FWithPIN, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_policy_mail_template.go b/internal/command/instance_policy_mail_template.go index 78ee0ec273..4bef54f936 100644 --- a/internal/command/instance_policy_mail_template.go +++ b/internal/command/instance_policy_mail_template.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) { @@ -32,14 +32,14 @@ func (c *Commands) AddDefaultMailTemplate(ctx context.Context, policy *domain.Ma func (c *Commands) addDefaultMailTemplate(ctx context.Context, instanceAgg *eventstore.Aggregate, addedPolicy *InstanceMailTemplateWriteModel, policy *domain.MailTemplate) (eventstore.Command, error) { if !policy.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-fm9sd", "Errors.IAM.MailTemplate.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-fm9sd", "Errors.IAM.MailTemplate.Invalid") } err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-5n8fs", "Errors.IAM.MailTemplate.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-5n8fs", "Errors.IAM.MailTemplate.AlreadyExists") } return instance.NewMailTemplateAddedEvent(ctx, instanceAgg, policy.Template), nil @@ -63,7 +63,7 @@ func (c *Commands) ChangeDefaultMailTemplate(ctx context.Context, policy *domain func (c *Commands) changeDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*InstanceMailTemplateWriteModel, eventstore.Command, error) { if !policy.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-4m9ds", "Errors.IAM.MailTemplate.Invalid") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-4m9ds", "Errors.IAM.MailTemplate.Invalid") } existingPolicy, err := c.defaultMailTemplateWriteModelByID(ctx) if err != nil { @@ -71,13 +71,13 @@ func (c *Commands) changeDefaultMailTemplate(ctx context.Context, policy *domain } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, nil, caos_errs.ThrowNotFound(nil, "INSTANCE-2N8fs", "Errors.IAM.MailTemplate.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "INSTANCE-2N8fs", "Errors.IAM.MailTemplate.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.Template) if !hasChanged { - return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-3nfsG", "Errors.IAM.MailTemplate.NotChanged") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-3nfsG", "Errors.IAM.MailTemplate.NotChanged") } return existingPolicy, changedEvent, nil @@ -101,7 +101,7 @@ func prepareAddDefaultEmailTemplate( ) preparation.Validation { return func() (preparation.CreateCommands, error) { if template == nil { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-fm9sd", "Errors.Instance.MailTemplate.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-fm9sd", "Errors.Instance.MailTemplate.Invalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel := NewInstanceMailTemplateWriteModel(ctx) @@ -114,7 +114,7 @@ func prepareAddDefaultEmailTemplate( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-5n8fs", "Errors.Instance.MailTemplate.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-5n8fs", "Errors.Instance.MailTemplate.AlreadyExists") } return []eventstore.Command{ instance.NewMailTemplateAddedEvent(ctx, &a.Aggregate, diff --git a/internal/command/instance_policy_mail_template_test.go b/internal/command/instance_policy_mail_template_test.go index 3f90b1bf59..4a5d9cf9a0 100644 --- a/internal/command/instance_policy_mail_template_test.go +++ b/internal/command/instance_policy_mail_template_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) { @@ -44,7 +44,7 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) { policy: &domain.MailTemplate{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -69,7 +69,7 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -154,7 +154,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) { policy: &domain.MailTemplate{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -172,7 +172,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -197,7 +197,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_notification.go b/internal/command/instance_policy_notification.go index c3a6574357..3d9f271499 100644 --- a/internal/command/instance_policy_notification.go +++ b/internal/command/instance_policy_notification.go @@ -5,9 +5,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultNotificationPolicy(ctx context.Context, resourceOwner string, passwordChange bool) (*domain.ObjectDetails, error) { @@ -52,7 +52,7 @@ func prepareAddDefaultNotificationPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-xpo1bj", "Errors.Instance.NotificationPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-xpo1bj", "Errors.Instance.NotificationPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewNotificationPolicyAddedEvent(ctx, &a.Aggregate, passwordChange), @@ -78,11 +78,11 @@ func prepareChangeDefaultNotificationPolicy( } if writeModel.State == domain.PolicyStateUnspecified || writeModel.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-x891na", "Errors.IAM.NotificationPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-x891na", "Errors.IAM.NotificationPolicy.NotFound") } change, hasChanged := writeModel.NewChangedEvent(ctx, &a.Aggregate, passwordChange) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-29x02n", "Errors.IAM.NotificationPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-29x02n", "Errors.IAM.NotificationPolicy.NotChanged") } return []eventstore.Command{ change, diff --git a/internal/command/instance_policy_notification_test.go b/internal/command/instance_policy_notification_test.go index 339e28fd6e..f864e42751 100644 --- a/internal/command/instance_policy_notification_test.go +++ b/internal/command/instance_policy_notification_test.go @@ -7,10 +7,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultNotificationPolicy(t *testing.T) { @@ -53,7 +53,7 @@ func TestCommandSide_AddDefaultNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -159,7 +159,7 @@ func TestCommandSide_ChangeDefaultNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -183,7 +183,7 @@ func TestCommandSide_ChangeDefaultNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_password_age.go b/internal/command/instance_policy_password_age.go index e1044c269c..400d003bb3 100644 --- a/internal/command/instance_policy_password_age.go +++ b/internal/command/instance_policy_password_age.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultPasswordAgePolicy(ctx context.Context, expireWarnDays, maxAgeDays uint64) (*domain.ObjectDetails, error) { @@ -31,13 +31,13 @@ func (c *Commands) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *d return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.ExpireWarnDays, policy.MaxAgeDays) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-180sf", "Errors.IAM.PasswordAgePolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-180sf", "Errors.IAM.PasswordAgePolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -81,7 +81,7 @@ func prepareAddDefaultPasswordAgePolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.PasswordAgePolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.PasswordAgePolicy.AlreadyExists") } return []eventstore.Command{ instance.NewPasswordAgePolicyAddedEvent(ctx, &a.Aggregate, diff --git a/internal/command/instance_policy_password_age_test.go b/internal/command/instance_policy_password_age_test.go index e1850fc353..6380325edd 100644 --- a/internal/command/instance_policy_password_age_test.go +++ b/internal/command/instance_policy_password_age_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) { @@ -56,7 +56,7 @@ func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) { expireWarnDays: 10, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -139,7 +139,7 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -166,7 +166,7 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_password_complexity.go b/internal/command/instance_policy_password_complexity.go index c2af1064b5..cad220eae0 100644 --- a/internal/command/instance_policy_password_complexity.go +++ b/internal/command/instance_policy_password_complexity.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultPasswordComplexityPolicy(ctx context.Context, minLength uint64, hasLowercase, hasUppercase, hasNumber, hasSymbol bool) (*domain.ObjectDetails, error) { @@ -35,13 +35,13 @@ func (c *Commands) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, po return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordComplexityPolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jlsf", "Errors.IAM.PasswordComplexityPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-9jlsf", "Errors.IAM.PasswordComplexityPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -64,7 +64,7 @@ func prepareAddDefaultPasswordComplexityPolicy( ) preparation.Validation { return func() (preparation.CreateCommands, error) { if minLength == 0 || minLength > 72 { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-Lsp0e", "Errors.Instance.PasswordComplexityPolicy.MinLengthNotAllowed") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-Lsp0e", "Errors.Instance.PasswordComplexityPolicy.MinLengthNotAllowed") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel := NewInstancePasswordComplexityPolicyWriteModel(ctx) @@ -77,7 +77,7 @@ func prepareAddDefaultPasswordComplexityPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.PasswordComplexityPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.Instance.PasswordComplexityPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewPasswordComplexityPolicyAddedEvent(ctx, &a.Aggregate, @@ -99,7 +99,7 @@ func (c *Commands) getDefaultPasswordComplexityPolicy(ctx context.Context) (*dom return nil, err } if !policyWriteModel.State.Exists() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-M0gsf", "Errors.IAM.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-M0gsf", "Errors.IAM.PasswordComplexityPolicy.NotFound") } policy := writeModelToPasswordComplexityPolicy(&policyWriteModel.PasswordComplexityPolicyWriteModel) policy.Default = true diff --git a/internal/command/instance_policy_password_complexity_test.go b/internal/command/instance_policy_password_complexity_test.go index f696341f2d..0c10c0c7f7 100644 --- a/internal/command/instance_policy_password_complexity_test.go +++ b/internal/command/instance_policy_password_complexity_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) { @@ -53,7 +53,7 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) { hasSymbol: true, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -81,7 +81,7 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) { hasSymbol: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -169,7 +169,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -191,7 +191,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -221,7 +221,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_password_lockout.go b/internal/command/instance_policy_password_lockout.go index 5b0b95949f..2ed88b997f 100644 --- a/internal/command/instance_policy_password_lockout.go +++ b/internal/command/instance_policy_password_lockout.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultLockoutPolicy(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) (*domain.ObjectDetails, error) { @@ -31,13 +31,13 @@ func (c *Commands) ChangeDefaultLockoutPolicy(ctx context.Context, policy *domai return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.LockoutPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.LockoutPolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LockoutPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.MaxPasswordAttempts, policy.ShowLockOutFailures) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-0psjF", "Errors.IAM.LockoutPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-0psjF", "Errors.IAM.LockoutPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -80,7 +80,7 @@ func prepareAddDefaultLockoutPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-0olDf", "Errors.Instance.LockoutPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-0olDf", "Errors.Instance.LockoutPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewLockoutPolicyAddedEvent(ctx, &a.Aggregate, maxAttempts, showLockoutFailure), diff --git a/internal/command/instance_policy_password_lockout_test.go b/internal/command/instance_policy_password_lockout_test.go index 1eb0a651ab..02d5ab488d 100644 --- a/internal/command/instance_policy_password_lockout_test.go +++ b/internal/command/instance_policy_password_lockout_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) { @@ -56,7 +56,7 @@ func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) { showLockOutFailures: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -139,7 +139,7 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -166,7 +166,7 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/instance_policy_privacy.go b/internal/command/instance_policy_privacy.go index 5768108475..f239bad144 100644 --- a/internal/command/instance_policy_privacy.go +++ b/internal/command/instance_policy_privacy.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddDefaultPrivacyPolicy(ctx context.Context, tosLink, privacyLink, helpLink string, supportEmail domain.EmailAddress) (*domain.ObjectDetails, error) { @@ -38,13 +38,13 @@ func (c *Commands) ChangeDefaultPrivacyPolicy(ctx context.Context, policy *domai return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PrivacyPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PrivacyPolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PrivacyPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.TOSLink, policy.PrivacyLink, policy.HelpLink, policy.SupportEmail) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jJfs", "Errors.IAM.PrivacyPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "INSTANCE-9jJfs", "Errors.IAM.PrivacyPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -76,7 +76,7 @@ func (c *Commands) getDefaultPrivacyPolicy(ctx context.Context) (*domain.Privacy return nil, err } if !policyWriteModel.State.Exists() { - return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PrivacyPolicy.NotFound") + return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PrivacyPolicy.NotFound") } policy := writeModelToPrivacyPolicy(&policyWriteModel.PrivacyPolicyWriteModel) policy.Default = true @@ -108,7 +108,7 @@ func prepareAddDefaultPrivacyPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-M00rJ", "Errors.Instance.PrivacyPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INSTANCE-M00rJ", "Errors.Instance.PrivacyPolicy.AlreadyExists") } return []eventstore.Command{ instance.NewPrivacyPolicyAddedEvent(ctx, &a.Aggregate, tosLink, privacyLink, helpLink, supportEmail), diff --git a/internal/command/instance_policy_privacy_test.go b/internal/command/instance_policy_privacy_test.go index ad7bbfb15c..a5b8932b38 100644 --- a/internal/command/instance_policy_privacy_test.go +++ b/internal/command/instance_policy_privacy_test.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) { @@ -62,7 +62,7 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) { supportEmail: "support@example.com", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -110,7 +110,7 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) { supportEmail: "wrong email", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -199,7 +199,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -230,7 +230,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -250,7 +250,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/instance_settings.go b/internal/command/instance_settings.go index 497bc99e14..93bbdc8314 100644 --- a/internal/command/instance_settings.go +++ b/internal/command/instance_settings.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddSecretGeneratorConfig(ctx context.Context, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) { @@ -33,10 +33,10 @@ func (c *Commands) AddSecretGeneratorConfig(ctx context.Context, typ domain.Secr func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) preparation.Validation { return func() (preparation.CreateCommands, error) { if !typ.Valid() { - return nil, errors.ThrowInvalidArgument(nil, "V2-FGqVj", "Errors.InvalidArgument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-FGqVj", "Errors.InvalidArgument") } if config.Length < 1 { - return nil, errors.ThrowInvalidArgument(nil, "V2-jEqCt", "Errors.InvalidArgument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-jEqCt", "Errors.InvalidArgument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ) @@ -50,7 +50,7 @@ func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGen } if writeModel.State == domain.SecretGeneratorStateActive { - return nil, errors.ThrowAlreadyExists(nil, "V2-6CqKo", "Errors.SecretGenerator.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "V2-6CqKo", "Errors.SecretGenerator.AlreadyExists") } return []eventstore.Command{ @@ -72,7 +72,7 @@ func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGen func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) { if generatorType == domain.SecretGeneratorTypeUnspecified { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing") } generatorWriteModel, err := c.getSecretConfig(ctx, generatorType) @@ -114,7 +114,7 @@ func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorTyp return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound") } if err = c.pushAppendAndReduce(ctx, generatorWriteModel, changedEvent); err != nil { return nil, err @@ -124,7 +124,7 @@ func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorTyp func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (*domain.ObjectDetails, error) { if generatorType == domain.SecretGeneratorTypeUnspecified { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing") } generatorWriteModel, err := c.getSecretConfig(ctx, generatorType) @@ -132,7 +132,7 @@ func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorTyp return nil, err } if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewSecretGeneratorRemovedEvent(ctx, instanceAgg, generatorType)) diff --git a/internal/command/instance_settings_test.go b/internal/command/instance_settings_test.go index 19ca9c5d43..ddb82f709b 100644 --- a/internal/command/instance_settings_test.go +++ b/internal/command/instance_settings_test.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddSecretGenerator(t *testing.T) { @@ -47,7 +47,7 @@ func TestCommandSide_AddSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -84,7 +84,7 @@ func TestCommandSide_AddSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeInitCode, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -177,7 +177,7 @@ func TestCommandSide_ChangeSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -309,7 +309,7 @@ func TestCommandSide_ChangeSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeInitCode, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -413,7 +413,7 @@ func TestCommandSide_RemoveSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -429,7 +429,7 @@ func TestCommandSide_RemoveSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeInitCode, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -464,7 +464,7 @@ func TestCommandSide_RemoveSecretGenerator(t *testing.T) { generatorType: domain.SecretGeneratorTypeInitCode, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/instance_test.go b/internal/command/instance_test.go index 18007637d9..8f4f5b68e3 100644 --- a/internal/command/instance_test.go +++ b/internal/command/instance_test.go @@ -8,9 +8,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_UpdateInstance(t *testing.T) { @@ -43,7 +43,7 @@ func TestCommandSide_UpdateInstance(t *testing.T) { name: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -59,7 +59,7 @@ func TestCommandSide_UpdateInstance(t *testing.T) { name: "INSTANCE_CHANGED", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -90,7 +90,7 @@ func TestCommandSide_UpdateInstance(t *testing.T) { name: "INSTANCE_CHANGED", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -114,7 +114,7 @@ func TestCommandSide_UpdateInstance(t *testing.T) { name: "INSTANCE", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -200,7 +200,7 @@ func TestCommandSide_RemoveInstance(t *testing.T) { instanceID: "INSTANCE", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -231,7 +231,7 @@ func TestCommandSide_RemoveInstance(t *testing.T) { instanceID: "INSTANCE", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/limits.go b/internal/command/limits.go index ca4fb0be49..2bfa90dc8a 100644 --- a/internal/command/limits.go +++ b/internal/command/limits.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/limits" + "github.com/zitadel/zitadel/internal/zerrors" ) type SetLimits struct { @@ -62,7 +62,7 @@ func (c *Commands) ResetLimits(ctx context.Context, resourceOwner string) (*doma return nil, err } if wm.AggregateID == "" { - return nil, errors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound") } aggregate := limits.NewAggregate(wm.AggregateID, instanceId, resourceOwner) events := []eventstore.Command{limits.NewResetEvent(ctx, &aggregate.Aggregate)} @@ -85,7 +85,7 @@ func (c *Commands) getLimitsWriteModel(ctx context.Context, instanceId, resource func (c *Commands) SetLimitsCommand(a *limits.Aggregate, wm *limitsWriteModel, setLimits *SetLimits) preparation.Validation { return func() (preparation.CreateCommands, error) { if setLimits == nil || setLimits.AuditLogRetention == nil { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4M9vs", "Errors.Limits.NoneSpecified") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4M9vs", "Errors.Limits.NoneSpecified") } return func(ctx context.Context, _ preparation.FilterToQueryReducer) ([]eventstore.Command, error) { changes := wm.NewChanges(setLimits) diff --git a/internal/command/limits_test.go b/internal/command/limits_test.go index 1b315ca130..56ef181d70 100644 --- a/internal/command/limits_test.go +++ b/internal/command/limits_test.go @@ -11,11 +11,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/limits" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLimits_SetLimits(t *testing.T) { @@ -217,7 +217,7 @@ func TestLimits_ResetLimits(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound")) }, }, }, @@ -251,7 +251,7 @@ func TestLimits_ResetLimits(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-9JToT", "Errors.Limits.NotFound")) }, }, }, diff --git a/internal/command/main_test.go b/internal/command/main_test.go index 6c34dfa1e9..649a0085d9 100644 --- a/internal/command/main_test.go +++ b/internal/command/main_test.go @@ -14,12 +14,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/repository" "github.com/zitadel/zitadel/internal/eventstore/repository/mock" action_repo "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/repository/deviceauth" "github.com/zitadel/zitadel/internal/repository/feature" "github.com/zitadel/zitadel/internal/repository/idpintent" iam_repo "github.com/zitadel/zitadel/internal/repository/instance" @@ -33,6 +33,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/session" usr_repo "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) type expect func(mockRepository *mock.MockRepository) @@ -63,6 +64,7 @@ func eventstoreExpect(t *testing.T, expects ...expect) *eventstore.Eventstore { limits.RegisterEventMappers(es) restrictions.RegisterEventMappers(es) feature.RegisterEventMappers(es) + deviceauth.RegisterEventMappers(es) return es } @@ -95,7 +97,13 @@ func eventPusherToEvents(eventsPushes ...eventstore.Command) []*repository.Event func expectPush(commands ...eventstore.Command) expect { return func(m *mock.MockRepository) { - m.ExpectPush(commands) + m.ExpectPush(commands, 0) + } +} + +func expectPushSlow(sleep time.Duration, commands ...eventstore.Command) expect { + return func(m *mock.MockRepository) { + m.ExpectPush(commands, sleep) } } @@ -212,7 +220,7 @@ func (m *mockInstance) ConsoleApplicationID() string { } func (m *mockInstance) DefaultLanguage() language.Tag { - return language.English + return AllowedLanguage } func (m *mockInstance) DefaultOrganisationID() string { @@ -239,7 +247,7 @@ func newMockPermissionCheckAllowed() domain.PermissionCheck { func newMockPermissionCheckNotAllowed() domain.PermissionCheck { return func(ctx context.Context, permission, orgID, resourceID string) (err error) { - return errors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied") + return zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied") } } @@ -250,7 +258,7 @@ func newMockTokenVerifierValid() func(ctx context.Context, sessionToken, session } func newMockTokenVerifierInvalid() func(ctx context.Context, sessionToken, sessionID, tokenID string) (err error) { return func(ctx context.Context, sessionToken, sessionID, tokenID string) (err error) { - return errors.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid") + return zerrors.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid") } } diff --git a/internal/command/oidc_session.go b/internal/command/oidc_session.go index 5854423110..afc4c5b5ae 100644 --- a/internal/command/oidc_session.go +++ b/internal/command/oidc_session.go @@ -11,12 +11,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/authrequest" "github.com/zitadel/zitadel/internal/repository/oidcsession" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -88,7 +88,7 @@ func (c *Commands) OIDCSessionByRefreshToken(ctx context.Context, refreshToken s writeModel := NewOIDCSessionWriteModel(oidcSessionID, "") err = c.eventstore.FilterToQueryReducer(ctx, writeModel) if err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "OIDCS-SAF31", "Errors.OIDCSession.RefreshTokenInvalid") + return nil, zerrors.ThrowPreconditionFailed(err, "OIDCS-SAF31", "Errors.OIDCSession.RefreshTokenInvalid") } if err = writeModel.CheckRefreshToken(refreshTokenID); err != nil { return nil, err @@ -99,7 +99,7 @@ func (c *Commands) OIDCSessionByRefreshToken(ctx context.Context, refreshToken s func oidcSessionTokenIDsFromToken(token string) (oidcSessionID, refreshTokenID, accessTokenID string, err error) { split := strings.Split(token, TokenDelimiter) if len(split) != 2 { - return "", "", "", caos_errs.ThrowPreconditionFailed(nil, "OIDCS-S87kl", "Errors.OIDCSession.Token.Invalid") + return "", "", "", zerrors.ThrowPreconditionFailed(nil, "OIDCS-S87kl", "Errors.OIDCSession.Token.Invalid") } if strings.HasPrefix(split[1], RefreshTokenPrefix) { return split[0], split[1], "", nil @@ -107,7 +107,7 @@ func oidcSessionTokenIDsFromToken(token string) (oidcSessionID, refreshTokenID, if strings.HasPrefix(split[1], AccessTokenPrefix) { return split[0], "", split[1], nil } - return "", "", "", caos_errs.ThrowPreconditionFailed(nil, "OIDCS-S87kl", "Errors.OIDCSession.Token.Invalid") + return "", "", "", zerrors.ThrowPreconditionFailed(nil, "OIDCS-S87kl", "Errors.OIDCSession.Token.Invalid") } // RevokeOIDCSessionToken revokes an access_token or refresh_token @@ -124,7 +124,7 @@ func (c *Commands) RevokeOIDCSessionToken(ctx context.Context, token, clientID s writeModel := NewOIDCSessionWriteModel(oidcSessionID, "") err = c.eventstore.FilterToQueryReducer(ctx, writeModel) if err != nil { - return caos_errs.ThrowInternal(err, "OIDCS-NB3t2", "Errors.Internal") + return zerrors.ThrowInternal(err, "OIDCS-NB3t2", "Errors.Internal") } if err = writeModel.CheckClient(clientID); err != nil { return err @@ -198,7 +198,7 @@ func (c *Commands) getResourceOwnerOfSessionUser(ctx context.Context, userID, in AggregateIDs(userID). Builder()) if err != nil || len(events) != 1 { - return "", caos_errs.ThrowInternal(err, "OIDCS-sferh", "Errors.Internal") + return "", zerrors.ThrowInternal(err, "OIDCS-sferh", "Errors.Internal") } return events[0].Aggregate().ResourceOwner, nil } @@ -219,7 +219,7 @@ func (c *Commands) decryptRefreshToken(refreshToken string) (refreshTokenID stri func parseRefreshToken(refreshToken string) (oidcSessionID, refreshTokenID string, err error) { split := strings.Split(refreshToken, TokenDelimiter) if len(split) < 2 || !strings.HasPrefix(split[1], RefreshTokenPrefix) { - return "", "", caos_errs.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid") + return "", "", zerrors.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid") } // the oidc library requires that every token has the format of : // the V2 tokens don't use the userID anymore, so let's just remove it diff --git a/internal/command/oidc_session_model.go b/internal/command/oidc_session_model.go index 94725d933e..64f9d5490f 100644 --- a/internal/command/oidc_session_model.go +++ b/internal/command/oidc_session_model.go @@ -4,9 +4,9 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/oidcsession" + "github.com/zitadel/zitadel/internal/zerrors" ) type OIDCSessionWriteModel struct { @@ -128,27 +128,27 @@ func (wm *OIDCSessionWriteModel) reduceRefreshTokenRevoked(e *oidcsession.Refres func (wm *OIDCSessionWriteModel) CheckRefreshToken(refreshTokenID string) error { if wm.State != domain.OIDCSessionStateActive { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid") } if wm.RefreshTokenID != refreshTokenID { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid") } now := time.Now() if wm.RefreshTokenExpiration.Before(now) || wm.RefreshTokenIdleExpiration.Before(now) { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid") } return nil } func (wm *OIDCSessionWriteModel) CheckAccessToken(accessTokenID string) error { if wm.State != domain.OIDCSessionStateActive { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-KL2pk", "Errors.OIDCSession.Token.Invalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-KL2pk", "Errors.OIDCSession.Token.Invalid") } if wm.AccessTokenID != accessTokenID { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-JLKW2", "Errors.OIDCSession.Token.Invalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-JLKW2", "Errors.OIDCSession.Token.Invalid") } if wm.AccessTokenExpiration.Before(time.Now()) { - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-3j3md", "Errors.OIDCSession.Token.Invalid") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-3j3md", "Errors.OIDCSession.Token.Invalid") } return nil } @@ -159,7 +159,7 @@ func (wm *OIDCSessionWriteModel) CheckClient(clientID string) error { return nil } } - return caos_errs.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient") + return zerrors.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient") } func (wm *OIDCSessionWriteModel) OIDCRefreshTokenID(refreshTokenID string) string { diff --git a/internal/command/oidc_session_test.go b/internal/command/oidc_session_test.go index 68d97dbdf3..d43aab0d8e 100644 --- a/internal/command/oidc_session_test.go +++ b/internal/command/oidc_session_test.go @@ -16,7 +16,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" @@ -24,6 +23,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/oidcsession" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -67,7 +67,7 @@ func TestCommands_AddOIDCSessionAccessToken(t *testing.T) { authRequestID: "V2_authRequestID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated"), + err: zerrors.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated"), }, }, { @@ -119,7 +119,7 @@ func TestCommands_AddOIDCSessionAccessToken(t *testing.T) { authRequestID: "V2_authRequestID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), }, }, { @@ -268,7 +268,7 @@ func TestCommands_AddOIDCSessionRefreshAndAccessToken(t *testing.T) { authRequestID: "V2_authRequestID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated"), + err: zerrors.ThrowPreconditionFailed(nil, "AUTHR-SF2r2", "Errors.AuthRequest.NotAuthenticated"), }, }, { @@ -320,7 +320,7 @@ func TestCommands_AddOIDCSessionRefreshAndAccessToken(t *testing.T) { authRequestID: "V2_authRequestID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"), }, }, { @@ -478,7 +478,7 @@ func TestCommands_ExchangeOIDCSessionRefreshAndAccessToken(t *testing.T) { refreshToken: "aW52YWxpZA", // invalid }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -495,7 +495,7 @@ func TestCommands_ExchangeOIDCSessionRefreshAndAccessToken(t *testing.T) { refreshToken: "VjJfb2lkY1Nlc3Npb25JRC1ydF9yZWZyZXNoVG9rZW5JRDp1c2VySUQ", //V2_oidcSessionID:rt_refreshTokenID:userID }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -521,7 +521,7 @@ func TestCommands_ExchangeOIDCSessionRefreshAndAccessToken(t *testing.T) { refreshToken: "VjJfb2lkY1Nlc3Npb25JRC1ydF9yZWZyZXNoVG9rZW5JRDp1c2VySUQ", //V2_oidcSessionID:rt_refreshTokenID:userID }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -551,7 +551,7 @@ func TestCommands_ExchangeOIDCSessionRefreshAndAccessToken(t *testing.T) { refreshToken: "VjJfb2lkY1Nlc3Npb25JRC1ydF9yZWZyZXNoVG9rZW5JRDp1c2VySUQ", //V2_oidcSessionID:rt_refreshTokenID:userID }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -652,7 +652,7 @@ func TestCommands_OIDCSessionByRefreshToken(t *testing.T) { refreshToken: "invalid", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-JOI23", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -668,7 +668,7 @@ func TestCommands_OIDCSessionByRefreshToken(t *testing.T) { refreshToken: "V2_oidcSessionID-rt_refreshTokenID:userID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-s3hjk", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -693,7 +693,7 @@ func TestCommands_OIDCSessionByRefreshToken(t *testing.T) { refreshToken: "V2_oidcSessionID-rt_refreshTokenID:userID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-28ubl", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -722,7 +722,7 @@ func TestCommands_OIDCSessionByRefreshToken(t *testing.T) { refreshToken: "V2_oidcSessionID-rt_refreshTokenID:userID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-3jt2w", "Errors.OIDCSession.RefreshTokenInvalid"), }, }, { @@ -878,7 +878,7 @@ func TestCommands_RevokeOIDCSessionToken(t *testing.T) { clientID: "clientID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient"), }, }, { @@ -955,7 +955,7 @@ func TestCommands_RevokeOIDCSessionToken(t *testing.T) { clientID: "clientID", }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient"), + err: zerrors.ThrowPreconditionFailed(nil, "OIDCS-SKjl3", "Errors.OIDCSession.InvalidClient"), }, }, { diff --git a/internal/command/org.go b/internal/command/org.go index 137b1a65cd..5f997183af 100644 --- a/internal/command/org.go +++ b/internal/command/org.go @@ -7,11 +7,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // InstanceOrgSetup is used for the first organisation in the instance setup. @@ -236,7 +236,7 @@ func (c *Commands) SetUpOrg(ctx context.Context, o *OrgSetup, allowInitialMail b func AddOrgCommand(ctx context.Context, a *org.Aggregate, name string, userIDs ...string) preparation.Validation { return func() (preparation.CreateCommands, error) { if name = strings.TrimSpace(name); name == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument") } defaultDomain, err := domain.NewIAMDomainName(name, authz.GetInstance(ctx).RequestedDomain()) if err != nil { @@ -259,7 +259,7 @@ func (c *Commands) getOrg(ctx context.Context, orgID string) (*domain.Org, error return nil, err } if !isOrgStateExists(writeModel.State) { - return nil, errors.ThrowInternal(err, "COMMAND-4M9sf", "Errors.Org.NotFound") + return nil, zerrors.ThrowInternal(err, "COMMAND-4M9sf", "Errors.Org.NotFound") } return orgWriteModelToOrg(writeModel), nil } @@ -270,7 +270,7 @@ func (c *Commands) checkOrgExists(ctx context.Context, orgID string) error { return err } if !isOrgStateExists(orgWriteModel.State) { - return errors.ThrowPreconditionFailed(nil, "COMMAND-QXPGs", "Errors.Org.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-QXPGs", "Errors.Org.NotFound") } return nil } @@ -281,7 +281,7 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner return nil, err } if existingOrg.State != domain.OrgStateUnspecified { - return nil, errors.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting") } return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs) @@ -289,12 +289,12 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner func (c *Commands) AddOrg(ctx context.Context, name, userID, resourceOwner string, claimedUserIDs []string) (*domain.Org, error) { if name = strings.TrimSpace(name); name == "" { - return nil, errors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid") } orgID, err := c.idGenerator.Next() if err != nil { - return nil, errors.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal") } return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs) @@ -329,7 +329,7 @@ func (c *Commands) addOrgWithIDAndMember(ctx context.Context, name, userID, reso func (c *Commands) ChangeOrg(ctx context.Context, orgID, name string) (*domain.ObjectDetails, error) { name = strings.TrimSpace(name) if orgID == "" || name == "" { - return nil, errors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid") } orgWriteModel, err := c.getOrgWriteModelByID(ctx, orgID) @@ -337,10 +337,10 @@ func (c *Commands) ChangeOrg(ctx context.Context, orgID, name string) (*domain.O return nil, err } if !isOrgStateExists(orgWriteModel.State) { - return nil, errors.ThrowNotFound(nil, "ORG-1MRds", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-1MRds", "Errors.Org.NotFound") } if orgWriteModel.Name == name { - return nil, errors.ThrowPreconditionFailed(nil, "ORG-4VSdf", "Errors.Org.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-4VSdf", "Errors.Org.NotChanged") } orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) events := make([]eventstore.Command, 0) @@ -369,10 +369,10 @@ func (c *Commands) DeactivateOrg(ctx context.Context, orgID string) (*domain.Obj return nil, err } if !isOrgStateExists(orgWriteModel.State) { - return nil, errors.ThrowNotFound(nil, "ORG-oL9nT", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-oL9nT", "Errors.Org.NotFound") } if orgWriteModel.State == domain.OrgStateInactive { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated") } orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewOrgDeactivatedEvent(ctx, orgAgg)) @@ -392,10 +392,10 @@ func (c *Commands) ReactivateOrg(ctx context.Context, orgID string) (*domain.Obj return nil, err } if !isOrgStateExists(orgWriteModel.State) { - return nil, errors.ThrowNotFound(nil, "ORG-Dgf3g", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dgf3g", "Errors.Org.NotFound") } if orgWriteModel.State == domain.OrgStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive") } orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewOrgReactivatedEvent(ctx, orgAgg)) @@ -434,26 +434,26 @@ func (c *Commands) prepareRemoveOrg(a *org.Aggregate) preparation.Validation { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { instance := authz.GetInstance(ctx) if a.ID == instance.DefaultOrganisationID() { - return nil, errors.ThrowPreconditionFailed(nil, "COMMA-wG9p1", "Errors.Org.DefaultOrgNotDeletable") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMA-wG9p1", "Errors.Org.DefaultOrgNotDeletable") } err := c.checkProjectExists(ctx, instance.ProjectID(), a.ID) // if there is no error, the ZITADEL project was found on the org to be deleted if err == nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMA-AF3JW", "Errors.Org.ZitadelOrgNotDeletable") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMA-AF3JW", "Errors.Org.ZitadelOrgNotDeletable") } // "precondition failed" error means the project does not exist, return other errors - if !errors.IsPreconditionFailed(err) { + if !zerrors.IsPreconditionFailed(err) { return nil, err } writeModel, err := c.getOrgWriteModelByID(ctx, a.ID) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMA-wG9p1", "Errors.Org.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMA-wG9p1", "Errors.Org.NotFound") } if !isOrgStateExists(writeModel.State) { - return nil, errors.ThrowNotFound(nil, "COMMA-aps2n", "Errors.Org.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMA-aps2n", "Errors.Org.NotFound") } - domainPolicy, err := c.getOrgDomainPolicy(ctx, a.ID) + domainPolicy, err := c.domainPolicyWriteModel(ctx, a.ID) if err != nil { return nil, err } @@ -696,7 +696,7 @@ func ExistsOrg(ctx context.Context, filter preparation.FilterToQueryReducer, id func (c *Commands) addOrgWithID(ctx context.Context, organisation *domain.Org, orgID string, claimedUserIDs []string) (_ *eventstore.Aggregate, _ *OrgWriteModel, _ []eventstore.Command, err error) { if !organisation.IsValid() { - return nil, nil, nil, errors.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid") + return nil, nil, nil, zerrors.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid") } organisation.AggregateID = orgID diff --git a/internal/command/org_action.go b/internal/command/org_action.go index 45cf13acfa..945fd929de 100644 --- a/internal/command/org_action.go +++ b/internal/command/org_action.go @@ -5,10 +5,10 @@ import ( "sort" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddActionWithID(ctx context.Context, addAction *domain.Action, resourceOwner, actionID string) (_ string, _ *domain.ObjectDetails, err error) { @@ -17,7 +17,7 @@ func (c *Commands) AddActionWithID(ctx context.Context, addAction *domain.Action return "", nil, err } if existingAction.State != domain.ActionStateUnspecified { - return "", nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-nau2k", "Errors.Action.AlreadyExisting") + return "", nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-nau2k", "Errors.Action.AlreadyExisting") } return c.addActionWithID(ctx, addAction, resourceOwner, actionID) @@ -25,7 +25,7 @@ func (c *Commands) AddActionWithID(ctx context.Context, addAction *domain.Action func (c *Commands) AddAction(ctx context.Context, addAction *domain.Action, resourceOwner string) (_ string, _ *domain.ObjectDetails, err error) { if !addAction.IsValid() { - return "", nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-eg2gf", "Errors.Action.Invalid") + return "", nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-eg2gf", "Errors.Action.Invalid") } actionID, err := c.idGenerator.Next() @@ -61,7 +61,7 @@ func (c *Commands) addActionWithID(ctx context.Context, addAction *domain.Action func (c *Commands) ChangeAction(ctx context.Context, actionChange *domain.Action, resourceOwner string) (*domain.ObjectDetails, error) { if !actionChange.IsValid() || actionChange.AggregateID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Df2f3", "Errors.Action.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Df2f3", "Errors.Action.Invalid") } existingAction, err := c.getActionWriteModelByID(ctx, actionChange.AggregateID, resourceOwner) @@ -69,7 +69,7 @@ func (c *Commands) ChangeAction(ctx context.Context, actionChange *domain.Action return nil, err } if !existingAction.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Sfg2t", "Errors.Action.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Sfg2t", "Errors.Action.NotFound") } actionAgg := ActionAggregateFromWriteModel(&existingAction.WriteModel) @@ -96,7 +96,7 @@ func (c *Commands) ChangeAction(ctx context.Context, actionChange *domain.Action func (c *Commands) DeactivateAction(ctx context.Context, actionID string, resourceOwner string) (*domain.ObjectDetails, error) { if actionID == "" || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-DAhk5", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-DAhk5", "Errors.IDMissing") } existingAction, err := c.getActionWriteModelByID(ctx, actionID, resourceOwner) @@ -104,10 +104,10 @@ func (c *Commands) DeactivateAction(ctx context.Context, actionID string, resour return nil, err } if !existingAction.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-NRmhu", "Errors.Action.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-NRmhu", "Errors.Action.NotFound") } if existingAction.State != domain.ActionStateActive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Dgj92", "Errors.Action.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Dgj92", "Errors.Action.NotActive") } actionAgg := ActionAggregateFromWriteModel(&existingAction.WriteModel) events := []eventstore.Command{ @@ -126,7 +126,7 @@ func (c *Commands) DeactivateAction(ctx context.Context, actionID string, resour func (c *Commands) ReactivateAction(ctx context.Context, actionID string, resourceOwner string) (*domain.ObjectDetails, error) { if actionID == "" || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-BNm56", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-BNm56", "Errors.IDMissing") } existingAction, err := c.getActionWriteModelByID(ctx, actionID, resourceOwner) @@ -134,10 +134,10 @@ func (c *Commands) ReactivateAction(ctx context.Context, actionID string, resour return nil, err } if !existingAction.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Aa22g", "Errors.Action.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Aa22g", "Errors.Action.NotFound") } if existingAction.State != domain.ActionStateInactive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J53zh", "Errors.Action.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-J53zh", "Errors.Action.NotInactive") } actionAgg := ActionAggregateFromWriteModel(&existingAction.WriteModel) @@ -157,7 +157,7 @@ func (c *Commands) ReactivateAction(ctx context.Context, actionID string, resour func (c *Commands) DeleteAction(ctx context.Context, actionID, resourceOwner string, flowTypes ...domain.FlowType) (*domain.ObjectDetails, error) { if actionID == "" || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Gfg3g", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Gfg3g", "Errors.IDMissing") } existingAction, err := c.getActionWriteModelByID(ctx, actionID, resourceOwner) @@ -165,7 +165,7 @@ func (c *Commands) DeleteAction(ctx context.Context, actionID, resourceOwner str return nil, err } if !existingAction.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Dgh4h", "Errors.Action.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Dgh4h", "Errors.Action.NotFound") } actionAgg := ActionAggregateFromWriteModel(&existingAction.WriteModel) events := []eventstore.Command{ diff --git a/internal/command/org_action_test.go b/internal/command/org_action_test.go index 58d5d1bf6d..e3f1a8afc8 100644 --- a/internal/command/org_action_test.go +++ b/internal/command/org_action_test.go @@ -7,13 +7,13 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddAction(t *testing.T) { @@ -50,7 +50,7 @@ func TestCommands_AddAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -58,7 +58,7 @@ func TestCommands_AddAction(t *testing.T) { fields{ eventstore: eventstoreExpect(t, expectPushFailed( - errors.ThrowPreconditionFailed(nil, "id", "name already exists"), + zerrors.ThrowPreconditionFailed(nil, "id", "name already exists"), action.NewAddedEvent(context.Background(), &action.NewAggregate("id1", "org1").Aggregate, "name", @@ -79,7 +79,7 @@ func TestCommands_AddAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -168,7 +168,7 @@ func TestCommands_ChangeAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -190,7 +190,7 @@ func TestCommands_ChangeAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -222,7 +222,7 @@ func TestCommands_ChangeAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -241,7 +241,7 @@ func TestCommands_ChangeAction(t *testing.T) { ), ), expectPushFailed( - errors.ThrowPreconditionFailed(nil, "id", "name already exists"), + zerrors.ThrowPreconditionFailed(nil, "id", "name already exists"), func() *action.ChangedEvent { event, _ := action.NewChangedEvent(context.Background(), &action.NewAggregate("id1", "org1").Aggregate, @@ -267,7 +267,7 @@ func TestCommands_ChangeAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -366,7 +366,7 @@ func TestCommands_DeactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -382,7 +382,7 @@ func TestCommands_DeactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -413,7 +413,7 @@ func TestCommands_DeactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -499,7 +499,7 @@ func TestCommands_ReactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -515,7 +515,7 @@ func TestCommands_ReactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -541,7 +541,7 @@ func TestCommands_ReactivateAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -633,7 +633,7 @@ func TestCommands_DeleteAction(t *testing.T) { resourceOwner: "", }, res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -649,7 +649,7 @@ func TestCommands_DeleteAction(t *testing.T) { resourceOwner: "org1", }, res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_custom_login_text.go b/internal/command/org_custom_login_text.go index 83a846d247..b3d52c669a 100644 --- a/internal/command/org_custom_login_text.go +++ b/internal/command/org_custom_login_text.go @@ -6,14 +6,17 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) +// SetOrgLoginText only validates if the language is supported, not if it is allowed. +// This enables setting texts before allowing a language func (c *Commands) SetOrgLoginText(ctx context.Context, resourceOwner string, loginText *domain.CustomLoginText) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-m29rF", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-m29rF", "Errors.ResourceOwnerMissing") } iamAgg := org.NewAggregate(resourceOwner) events, existingLoginText, err := c.setOrgLoginText(ctx, &iamAgg.Aggregate, loginText) @@ -32,10 +35,9 @@ func (c *Commands) SetOrgLoginText(ctx context.Context, resourceOwner string, lo } func (c *Commands) setOrgLoginText(ctx context.Context, orgAgg *eventstore.Aggregate, loginText *domain.CustomLoginText) ([]eventstore.Command, *OrgCustomLoginTextReadModel, error) { - if !loginText.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "ORG-PPo2w", "Errors.CustomText.Invalid") + if err := loginText.IsValid(i18n.SupportedLanguages()); err != nil { + return nil, nil, err } - existingLoginText, err := c.orgCustomLoginTextWriteModelByID(ctx, orgAgg.ID, loginText.Language) if err != nil { return nil, nil, err @@ -46,17 +48,17 @@ func (c *Commands) setOrgLoginText(ctx context.Context, orgAgg *eventstore.Aggre func (c *Commands) RemoveOrgLoginTexts(ctx context.Context, resourceOwner string, lang language.Tag) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-1B8dw", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-1B8dw", "Errors.ResourceOwnerMissing") } if lang == language.Und { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-5ZZmo", "Errors.CustomText.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-5ZZmo", "Errors.CustomText.Invalid") } customText, err := c.orgCustomLoginTextWriteModelByID(ctx, resourceOwner, lang) if err != nil { return nil, err } if customText.State == domain.PolicyStateUnspecified || customText.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-9ru44", "Errors.CustomText.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-9ru44", "Errors.CustomText.NotFound") } orgAgg := OrgAggregateFromWriteModel(&customText.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewCustomTextTemplateRemovedEvent(ctx, orgAgg, domain.LoginCustomText, lang)) diff --git a/internal/command/org_custom_login_text_test.go b/internal/command/org_custom_login_text_test.go index 19ddb189cf..ede20ef5c0 100644 --- a/internal/command/org_custom_login_text_test.go +++ b/internal/command/org_custom_login_text_test.go @@ -7,10 +7,11 @@ import ( "github.com/stretchr/testify/assert" "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetCustomOrgLoginText(t *testing.T) { @@ -40,27 +41,65 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) { ), }, args: args{ - ctx: context.Background(), - config: &domain.CustomLoginText{}, + ctx: authz.WithInstanceID(context.Background(), "org1"), + config: &domain.CustomLoginText{ + Language: AllowedLanguage, + }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { - name: "invalid custom login text, error", + name: "empty custom login text, success", fields: fields{ eventstore: eventstoreExpect( t, + expectFilter(), + expectPush(), ), }, args: args{ - ctx: context.Background(), + ctx: authz.WithInstanceID(context.Background(), "org1"), + resourceOwner: "org1", + config: &domain.CustomLoginText{ + Language: AllowedLanguage, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "undefined language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "org1"), resourceOwner: "org1", config: &domain.CustomLoginText{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "unsupported language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "org1"), + resourceOwner: "org1", + config: &domain.CustomLoginText{ + Language: UnsupportedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/org_custom_message_text.go b/internal/command/org_custom_message_text.go index 7aacd6a35a..cd9fc2da9c 100644 --- a/internal/command/org_custom_message_text.go +++ b/internal/command/org_custom_message_text.go @@ -6,14 +6,17 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) +// SetOrgMessageText only validates if the language is supported, not if it is allowed. +// This enables setting texts before allowing a language func (c *Commands) SetOrgMessageText(ctx context.Context, resourceOwner string, messageText *domain.CustomMessageText) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-2biiR", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-2biiR", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) events, existingMessageText, err := c.setOrgMessageText(ctx, &orgAgg.Aggregate, messageText) @@ -32,10 +35,9 @@ func (c *Commands) SetOrgMessageText(ctx context.Context, resourceOwner string, } func (c *Commands) setOrgMessageText(ctx context.Context, orgAgg *eventstore.Aggregate, message *domain.CustomMessageText) ([]eventstore.Command, *OrgCustomMessageTextReadModel, error) { - if !message.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "ORG-2jfsf", "Errors.CustomText.Invalid") + if err := message.IsValid(i18n.SupportedLanguages()); err != nil { + return nil, nil, err } - existingMessageText, err := c.orgCustomMessageTextWriteModelByID(ctx, orgAgg.ID, message.MessageTextType, message.Language) if err != nil { return nil, nil, err @@ -95,17 +97,17 @@ func (c *Commands) setOrgMessageText(ctx context.Context, orgAgg *eventstore.Agg func (c *Commands) RemoveOrgMessageTexts(ctx context.Context, resourceOwner, messageTextType string, lang language.Tag) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-3mfsf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-3mfsf", "Errors.ResourceOwnerMissing") } if messageTextType == "" || lang == language.Und { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-j59f", "Errors.CustomMessageText.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-j59f", "Errors.CustomMessageText.Invalid") } customText, err := c.orgCustomMessageTextWriteModelByID(ctx, resourceOwner, messageTextType, lang) if err != nil { return nil, err } if customText.State == domain.PolicyStateUnspecified || customText.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.CustomMessageText.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-3b8Jf", "Errors.CustomMessageText.NotFound") } orgAgg := OrgAggregateFromWriteModel(&customText.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewCustomTextTemplateRemovedEvent(ctx, orgAgg, messageTextType, lang)) diff --git a/internal/command/org_custom_message_text_test.go b/internal/command/org_custom_message_text_test.go index 61a562e456..424a887794 100644 --- a/internal/command/org_custom_message_text_test.go +++ b/internal/command/org_custom_message_text_test.go @@ -8,9 +8,9 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetCustomMessageText(t *testing.T) { @@ -35,32 +35,83 @@ func TestCommandSide_SetCustomMessageText(t *testing.T) { { name: "no resource owner, error", fields: fields{ - eventstore: eventstoreExpect( - t, - ), + eventstore: eventstoreExpect(t), }, args: args{ ctx: context.Background(), config: &domain.CustomMessageText{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { - name: "invalid custom text, error", + name: "empty message type, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: context.Background(), + resourceOwner: "org1", + config: &domain.CustomMessageText{ + Language: AllowedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "empty custom message text, success", fields: fields{ eventstore: eventstoreExpect( t, + expectFilter(), + expectPush(), ), }, + args: args{ + ctx: context.Background(), + resourceOwner: "org1", + config: &domain.CustomMessageText{ + MessageTextType: "Some type", // TODO: check the type! + Language: AllowedLanguage, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "undefined language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, args: args{ ctx: context.Background(), resourceOwner: "org1", config: &domain.CustomMessageText{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "unsupported language, error", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + ctx: context.Background(), + resourceOwner: "org1", + config: &domain.CustomMessageText{ + Language: UnsupportedLanguage, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -345,7 +396,7 @@ func TestCommandSide_RemoveCustomMessageText(t *testing.T) { lang: language.English, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -361,7 +412,7 @@ func TestCommandSide_RemoveCustomMessageText(t *testing.T) { lang: language.English, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -377,7 +428,7 @@ func TestCommandSide_RemoveCustomMessageText(t *testing.T) { mailTextType: "Template", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -471,6 +522,43 @@ func TestCommandSide_RemoveCustomMessageText(t *testing.T) { }, }, }, + { + name: "remove unsupported language ok, especially because we never validated whether a language is supported in previous ZITADEL versions", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewCustomTextSetEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "Template", + domain.MessageGreeting, + "Greeting", + UnsupportedLanguage, + ), + ), + ), + expectPush( + org.NewCustomTextTemplateRemovedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "Template", + UnsupportedLanguage, + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + resourceOwner: "org1", + mailTextType: "Template", + lang: UnsupportedLanguage, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/command/org_domain.go b/internal/command/org_domain.go index 6ae30baeb2..98519bfc5d 100644 --- a/internal/command/org_domain.go +++ b/internal/command/org_domain.go @@ -2,7 +2,7 @@ package command import ( "context" - errs "errors" + "errors" "strings" "github.com/zitadel/logging" @@ -12,23 +12,23 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) prepareAddOrgDomain(a *org.Aggregate, addDomain string, userIDs []string) preparation.Validation { return func() (preparation.CreateCommands, error) { if addDomain = strings.TrimSpace(addDomain); addDomain == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-r3h4J", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-r3h4J", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { existing, err := orgDomain(ctx, filter, a.ID, addDomain) - if err != nil && !errs.Is(err, errors.ThrowNotFound(nil, "", "")) { + if err != nil && !errors.Is(err, zerrors.ThrowNotFound(nil, "", "")) { return nil, err } if existing != nil && existing.State == domain.OrgDomainStateActive { - return nil, errors.ThrowAlreadyExists(nil, "V2-e1wse", "Errors.Already.Exists") + return nil, zerrors.ThrowAlreadyExists(nil, "V2-e1wse", "Errors.Already.Exists") } domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ID) if err != nil { @@ -54,7 +54,7 @@ func (c *Commands) prepareAddOrgDomain(a *org.Aggregate, addDomain string, userI func verifyOrgDomain(a *org.Aggregate, domain string) preparation.Validation { return func() (preparation.CreateCommands, error) { if domain = strings.TrimSpace(domain); domain == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-yqlVQ", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-yqlVQ", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { // no checks required because unique constraints handle it @@ -66,18 +66,18 @@ func verifyOrgDomain(a *org.Aggregate, domain string) preparation.Validation { func setPrimaryOrgDomain(a *org.Aggregate, domain string) preparation.Validation { return func() (preparation.CreateCommands, error) { if domain = strings.TrimSpace(domain); domain == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-gmNqY", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-gmNqY", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { existing, err := orgDomain(ctx, filter, a.ID, domain) if err != nil { - return nil, errors.ThrowAlreadyExists(err, "V2-d0Gyw", "Errors.Already.Exists") + return nil, zerrors.ThrowAlreadyExists(err, "V2-d0Gyw", "Errors.Already.Exists") } if existing.Primary { - return nil, errors.ThrowPreconditionFailed(nil, "COMMA-FfoZO", "Errors.Org.DomainAlreadyPrimary") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMA-FfoZO", "Errors.Org.DomainAlreadyPrimary") } if !existing.Verified { - return nil, errors.ThrowPreconditionFailed(nil, "COMMA-yKA80", "Errors.Org.DomainNotVerified") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMA-yKA80", "Errors.Org.DomainNotVerified") } return []eventstore.Command{org.NewDomainPrimarySetEvent(ctx, &a.Aggregate, domain)}, nil }, nil @@ -91,7 +91,7 @@ func orgDomain(ctx context.Context, filter preparation.FilterToQueryReducer, org return nil, err } if len(events) == 0 { - return nil, errors.ThrowNotFound(nil, "COMMA-kFHpQ", "Errors.Org.DomainNotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMA-kFHpQ", "Errors.Org.DomainNotFound") } wm.AppendEvents(events...) if err = wm.Reduce(); err != nil { @@ -129,21 +129,21 @@ func (c *Commands) AddOrgDomain(ctx context.Context, orgID, domain string, claim func (c *Commands) GenerateOrgDomainValidation(ctx context.Context, orgDomain *domain.OrgDomain) (token, url string, err error) { if orgDomain == nil || !orgDomain.IsValid() || orgDomain.AggregateID == "" { - return "", "", errors.ThrowInvalidArgument(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") + return "", "", zerrors.ThrowInvalidArgument(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") } checkType, ok := orgDomain.ValidationType.CheckType() if !ok { - return "", "", errors.ThrowInvalidArgument(nil, "ORG-Gsw31", "Errors.Org.DomainVerificationTypeInvalid") + return "", "", zerrors.ThrowInvalidArgument(nil, "ORG-Gsw31", "Errors.Org.DomainVerificationTypeInvalid") } domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) if err != nil { return "", "", err } if domainWriteModel.State != domain.OrgDomainStateActive { - return "", "", errors.ThrowNotFound(nil, "ORG-AGD31", "Errors.Org.DomainNotOnOrg") + return "", "", zerrors.ThrowNotFound(nil, "ORG-AGD31", "Errors.Org.DomainNotOnOrg") } if domainWriteModel.Verified { - return "", "", errors.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified") + return "", "", zerrors.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified") } token, err = orgDomain.GenerateVerificationCode(c.domainVerificationGenerator) if err != nil { @@ -151,7 +151,7 @@ func (c *Commands) GenerateOrgDomainValidation(ctx context.Context, orgDomain *d } url, err = http_utils.TokenUrl(orgDomain.Domain, token, checkType) if err != nil { - return "", "", errors.ThrowPreconditionFailed(err, "ORG-Bae21", "Errors.Org.DomainVerificationTypeInvalid") + return "", "", zerrors.ThrowPreconditionFailed(err, "ORG-Bae21", "Errors.Org.DomainVerificationTypeInvalid") } orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) @@ -167,20 +167,20 @@ func (c *Commands) GenerateOrgDomainValidation(ctx context.Context, orgDomain *d func (c *Commands) ValidateOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain, claimedUserIDs []string) (*domain.ObjectDetails, error) { if orgDomain == nil || !orgDomain.IsValid() || orgDomain.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") } domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) if err != nil { return nil, err } if domainWriteModel.State != domain.OrgDomainStateActive { - return nil, errors.ThrowNotFound(nil, "ORG-Sjdi3", "Errors.Org.DomainNotOnOrg") + return nil, zerrors.ThrowNotFound(nil, "ORG-Sjdi3", "Errors.Org.DomainNotOnOrg") } if domainWriteModel.Verified { - return nil, errors.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified") } if domainWriteModel.ValidationCode == nil || domainWriteModel.ValidationType == domain.OrgDomainValidationTypeUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "ORG-SFBB3", "Errors.Org.DomainVerificationMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-SFBB3", "Errors.Org.DomainVerificationMissing") } validationCode, err := crypto.DecryptString(domainWriteModel.ValidationCode, c.domainVerificationAlg) @@ -222,17 +222,17 @@ func (c *Commands) ValidateOrgDomain(ctx context.Context, orgDomain *domain.OrgD func (c *Commands) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.ObjectDetails, error) { if orgDomain == nil || !orgDomain.IsValid() || orgDomain.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-SsDG2", "Errors.Org.InvalidDomain") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SsDG2", "Errors.Org.InvalidDomain") } domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) if err != nil { return nil, err } if domainWriteModel.State != domain.OrgDomainStateActive { - return nil, errors.ThrowNotFound(nil, "ORG-GDfA3", "Errors.Org.DomainNotOnOrg") + return nil, zerrors.ThrowNotFound(nil, "ORG-GDfA3", "Errors.Org.DomainNotOnOrg") } if !domainWriteModel.Verified { - return nil, errors.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified") } orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewDomainPrimarySetEvent(ctx, orgAgg, orgDomain.Domain)) @@ -248,17 +248,17 @@ func (c *Commands) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain.Or func (c *Commands) RemoveOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.ObjectDetails, error) { if orgDomain == nil || !orgDomain.IsValid() || orgDomain.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-SJsK3", "Errors.Org.InvalidDomain") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SJsK3", "Errors.Org.InvalidDomain") } domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) if err != nil { return nil, err } if domainWriteModel.State != domain.OrgDomainStateActive { - return nil, errors.ThrowNotFound(nil, "ORG-GDfA3", "Errors.Org.DomainNotOnOrg") + return nil, zerrors.ThrowNotFound(nil, "ORG-GDfA3", "Errors.Org.DomainNotOnOrg") } if domainWriteModel.Primary { - return nil, errors.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable") } orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewDomainRemovedEvent(ctx, orgAgg, orgDomain.Domain, domainWriteModel.Verified)) @@ -278,7 +278,7 @@ func (c *Commands) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggregat return nil, err } if addedDomain.State == domain.OrgDomainStateActive { - return nil, errors.ThrowAlreadyExists(nil, "COMMA-Bd2jj", "Errors.Org.Domain.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMA-Bd2jj", "Errors.Org.Domain.AlreadyExists") } events := []eventstore.Command{ diff --git a/internal/command/org_domain_test.go b/internal/command/org_domain_test.go index acbb35d648..8af38098c5 100644 --- a/internal/command/org_domain_test.go +++ b/internal/command/org_domain_test.go @@ -13,13 +13,13 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAddDomain(t *testing.T) { @@ -45,7 +45,7 @@ func TestAddDomain(t *testing.T) { domain: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "ORG-r3h4J", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-r3h4J", "Errors.Invalid.Argument"), }, }, { @@ -124,7 +124,7 @@ func TestAddDomain(t *testing.T) { }, }, want: Want{ - CreateErr: errors.ThrowAlreadyExists(nil, "", ""), + CreateErr: zerrors.ThrowAlreadyExists(nil, "", ""), }, }, } @@ -159,7 +159,7 @@ func TestVerifyDomain(t *testing.T) { domain: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "ORG-yqlVQ", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-yqlVQ", "Errors.Invalid.Argument"), }, }, { @@ -203,7 +203,7 @@ func TestSetDomainPrimary(t *testing.T) { domain: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "ORG-gmNqY", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-gmNqY", "Errors.Invalid.Argument"), }, }, { @@ -216,7 +216,7 @@ func TestSetDomainPrimary(t *testing.T) { }, }, want: Want{ - CreateErr: errors.ThrowNotFound(nil, "", ""), + CreateErr: zerrors.ThrowNotFound(nil, "", ""), }, }, { @@ -229,7 +229,7 @@ func TestSetDomainPrimary(t *testing.T) { }, }, want: Want{ - CreateErr: errors.ThrowPreconditionFailed(nil, "", ""), + CreateErr: zerrors.ThrowPreconditionFailed(nil, "", ""), }, }, { @@ -247,7 +247,7 @@ func TestSetDomainPrimary(t *testing.T) { }, }, want: Want{ - CreateErr: errors.ThrowPreconditionFailed(nil, "", ""), + CreateErr: zerrors.ThrowPreconditionFailed(nil, "", ""), }, }, { @@ -308,7 +308,7 @@ func TestCommandSide_AddOrgDomain(t *testing.T) { ctx: context.Background(), }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -338,7 +338,7 @@ func TestCommandSide_AddOrgDomain(t *testing.T) { domain: "domain.ch", }, res: res{ - err: errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -439,7 +439,7 @@ func TestCommandSide_GenerateOrgDomainValidation(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -456,7 +456,7 @@ func TestCommandSide_GenerateOrgDomainValidation(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -476,7 +476,7 @@ func TestCommandSide_GenerateOrgDomainValidation(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -505,7 +505,7 @@ func TestCommandSide_GenerateOrgDomainValidation(t *testing.T) { }, }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -546,7 +546,7 @@ func TestCommandSide_GenerateOrgDomainValidation(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -710,7 +710,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -727,7 +727,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -756,7 +756,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -797,7 +797,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -832,7 +832,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -888,7 +888,7 @@ func TestCommandSide_ValidateOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1154,7 +1154,7 @@ func TestCommandSide_SetPrimaryDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1171,7 +1171,7 @@ func TestCommandSide_SetPrimaryDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1200,7 +1200,7 @@ func TestCommandSide_SetPrimaryDomain(t *testing.T) { }, }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1234,7 +1234,7 @@ func TestCommandSide_SetPrimaryDomain(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1339,7 +1339,7 @@ func TestCommandSide_RemoveOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1356,7 +1356,7 @@ func TestCommandSide_RemoveOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1385,7 +1385,7 @@ func TestCommandSide_RemoveOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1431,7 +1431,7 @@ func TestCommandSide_RemoveOrgDomain(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1545,7 +1545,7 @@ func TestCommandSide_RemoveOrgDomain(t *testing.T) { } func invalidDomainVerification(domain, token, verifier string, checkType http.CheckType) error { - return errors.ThrowInvalidArgument(nil, "HTTP-GH422", "Errors.Internal") + return zerrors.ThrowInvalidArgument(nil, "HTTP-GH422", "Errors.Internal") } func validDomainVerification(domain, token, verifier string, checkType http.CheckType) error { diff --git a/internal/command/org_flow.go b/internal/command/org_flow.go index e127517ca0..9a9d47c966 100644 --- a/internal/command/org_flow.go +++ b/internal/command/org_flow.go @@ -5,20 +5,20 @@ import ( "reflect" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ClearFlow(ctx context.Context, flowType domain.FlowType, resourceOwner string) (*domain.ObjectDetails, error) { if !flowType.Valid() || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dfw2h", "Errors.Flow.FlowTypeMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Dfw2h", "Errors.Flow.FlowTypeMissing") } existingFlow, err := c.getOrgFlowWriteModelByType(ctx, flowType, resourceOwner) if err != nil { return nil, err } if len(existingFlow.Triggers) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-DgGh3", "Errors.Flow.Empty") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-DgGh3", "Errors.Flow.Empty") } orgAgg := OrgAggregateFromWriteModel(&existingFlow.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewFlowClearedEvent(ctx, orgAgg, flowType)) @@ -34,17 +34,17 @@ func (c *Commands) ClearFlow(ctx context.Context, flowType domain.FlowType, reso func (c *Commands) SetTriggerActions(ctx context.Context, flowType domain.FlowType, triggerType domain.TriggerType, actionIDs []string, resourceOwner string) (*domain.ObjectDetails, error) { if !flowType.Valid() || !triggerType.Valid() || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dfhj5", "Errors.Flow.FlowTypeMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Dfhj5", "Errors.Flow.FlowTypeMissing") } if !flowType.HasTrigger(triggerType) { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dfgh6", "Errors.Flow.WrongTriggerType") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Dfgh6", "Errors.Flow.WrongTriggerType") } existingFlow, err := c.getOrgFlowWriteModelByType(ctx, flowType, resourceOwner) if err != nil { return nil, err } if reflect.DeepEqual(existingFlow.Triggers[triggerType], actionIDs) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Nfh52", "Errors.Flow.NoChanges") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Nfh52", "Errors.Flow.NoChanges") } if len(actionIDs) > 0 { exists, err := c.actionsIDsExist(ctx, actionIDs, resourceOwner) @@ -52,7 +52,7 @@ func (c *Commands) SetTriggerActions(ctx context.Context, flowType domain.FlowTy return nil, err } if !exists { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dg422", "Errors.Flow.ActionIDsNotExist") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-dg422", "Errors.Flow.ActionIDsNotExist") } } orgAgg := OrgAggregateFromWriteModel(&existingFlow.WriteModel) diff --git a/internal/command/org_flow_test.go b/internal/command/org_flow_test.go index 178cfd44ad..36961bc6e5 100644 --- a/internal/command/org_flow_test.go +++ b/internal/command/org_flow_test.go @@ -7,10 +7,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_ClearFlow(t *testing.T) { @@ -44,7 +44,7 @@ func TestCommands_ClearFlow(t *testing.T) { }, res{ details: nil, - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -61,7 +61,7 @@ func TestCommands_ClearFlow(t *testing.T) { }, res{ details: nil, - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -153,7 +153,7 @@ func TestCommands_SetTriggerActions(t *testing.T) { }, res{ details: nil, - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, //TODO: combination not possible at the moment, add when more flow types available @@ -199,7 +199,7 @@ func TestCommands_SetTriggerActions(t *testing.T) { }, res{ details: nil, - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -219,7 +219,7 @@ func TestCommands_SetTriggerActions(t *testing.T) { }, res{ details: nil, - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/org_idp.go b/internal/command/org_idp.go index 22479465c1..f9d83ff9c5 100644 --- a/internal/command/org_idp.go +++ b/internal/command/org_idp.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddOrgGenericOAuthProvider(ctx context.Context, resourceOwner string, provider GenericOAuthProvider) (string, *domain.ObjectDetails, error) { @@ -113,7 +113,7 @@ func (c *Commands) migrateOrgGenericOIDC(ctx context.Context, resourceOwner, id case GoogleProvider: validation = c.prepareMigrateOrgOIDCToGoogleProvider(orgAgg, writeModel, p) default: - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-s9s2919", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-s9s2919", "Errors.IDPConfig.NotExisting") } cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation) @@ -581,25 +581,25 @@ func ExistsOrgIDP(ctx context.Context, filter preparation.FilterToQueryReducer, func (c *Commands) prepareAddOrgOAuthProvider(a *org.Aggregate, writeModel *OrgOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D32ef", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D32ef", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dbgzf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-DF4ga", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-DF4ga", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-B23bs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-B23bs", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D2gj8", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D2gj8", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Fb8jk", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "Errors.Invalid.Argument") } if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sadf3d", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sadf3d", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -637,25 +637,25 @@ func (c *Commands) prepareAddOrgOAuthProvider(a *org.Aggregate, writeModel *OrgO func (c *Commands) prepareUpdateOrgOAuthProvider(a *org.Aggregate, writeModel *OrgOAuthIDPWriteModel, provider GenericOAuthProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-asfsa", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-asfsa", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D32ef", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D32ef", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dbgzf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-B23bs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-B23bs", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D2gj8", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D2gj8", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Fb8jk", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "Errors.Invalid.Argument") } if provider.IDAttribute = strings.TrimSpace(provider.IDAttribute); provider.IDAttribute == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAe4gh", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAe4gh", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -667,7 +667,7 @@ func (c *Commands) prepareUpdateOrgOAuthProvider(a *org.Aggregate, writeModel *O return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-JNsd3", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-JNsd3", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -695,16 +695,16 @@ func (c *Commands) prepareUpdateOrgOAuthProvider(a *org.Aggregate, writeModel *O func (c *Commands) prepareAddOrgOIDCProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sgtj5", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Sgtj5", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Hz6zj", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Hz6zj", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-fb5jm", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-fb5jm", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sfdf4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Sfdf4", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -740,16 +740,16 @@ func (c *Commands) prepareAddOrgOIDCProvider(a *org.Aggregate, writeModel *OrgOI func (c *Commands) prepareUpdateOrgOIDCProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAfd3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAfd3", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dvf4f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dvf4f", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-BDfr3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-BDfr3", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Db3bs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Db3bs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -761,7 +761,7 @@ func (c *Commands) prepareUpdateOrgOIDCProvider(a *org.Aggregate, writeModel *Or return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dg331", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dg331", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -787,13 +787,13 @@ func (c *Commands) prepareUpdateOrgOIDCProvider(a *org.Aggregate, writeModel *Or func (c *Commands) prepareMigrateOrgOIDCToAzureADProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdf3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdf3g", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Fhbr2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dzh3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -805,7 +805,7 @@ func (c *Commands) prepareMigrateOrgOIDCToAzureADProvider(a *org.Aggregate, writ return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-Dg239201", "Errors.Instance.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-Dg239201", "Errors.Instance.IDPConfig.NotExisting") } secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption) if err != nil { @@ -832,10 +832,10 @@ func (c *Commands) prepareMigrateOrgOIDCToAzureADProvider(a *org.Aggregate, writ func (c *Commands) prepareMigrateOrgOIDCToGoogleProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D3fvs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D3fvs", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-W2vqs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-W2vqs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -847,7 +847,7 @@ func (c *Commands) prepareMigrateOrgOIDCToGoogleProvider(a *org.Aggregate, write return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "INST-x09981", "Errors.Instance.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "INST-x09981", "Errors.Instance.IDPConfig.NotExisting") } secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption) if err != nil { @@ -872,19 +872,19 @@ func (c *Commands) prepareMigrateOrgOIDCToGoogleProvider(a *org.Aggregate, write func (c *Commands) prepareAddOrgJWTProvider(a *org.Aggregate, writeModel *OrgJWTIDPWriteModel, provider JWTProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JLKef", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-JLKef", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-WNJK3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-WNJK3", "Errors.Invalid.Argument") } if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKSD", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-NJKSD", "Errors.Invalid.Argument") } if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKE3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-NJKE3", "Errors.Invalid.Argument") } if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-2rlks", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-2rlks", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -915,22 +915,22 @@ func (c *Commands) prepareAddOrgJWTProvider(a *org.Aggregate, writeModel *OrgJWT func (c *Commands) prepareUpdateOrgJWTProvider(a *org.Aggregate, writeModel *OrgJWTIDPWriteModel, provider JWTProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-HUe3q", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-HUe3q", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JKLS2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-JKLS2", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JKs3f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-JKs3f", "Errors.Invalid.Argument") } if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKS2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-NJKS2", "Errors.Invalid.Argument") } if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SJk2d", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SJk2d", "Errors.Invalid.Argument") } if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SJK2f", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SJK2f", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -942,7 +942,7 @@ func (c *Commands) prepareUpdateOrgJWTProvider(a *org.Aggregate, writeModel *Org return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Bhju5", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-Bhju5", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -966,13 +966,13 @@ func (c *Commands) prepareUpdateOrgJWTProvider(a *org.Aggregate, writeModel *Org func (c *Commands) prepareAddOrgAzureADProvider(a *org.Aggregate, writeModel *OrgAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdf3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdf3g", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Fhbr2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dzh3g", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1008,13 +1008,13 @@ func (c *Commands) prepareAddOrgAzureADProvider(a *org.Aggregate, writeModel *Or func (c *Commands) prepareUpdateOrgAzureADProvider(a *org.Aggregate, writeModel *OrgAzureADIDPWriteModel, provider AzureADProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAgh2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAgh2", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-fh3h1", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-fh3h1", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-dmitg", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-dmitg", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1026,7 +1026,7 @@ func (c *Commands) prepareUpdateOrgAzureADProvider(a *org.Aggregate, writeModel return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-BHz3q", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-BHz3q", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1052,10 +1052,10 @@ func (c *Commands) prepareUpdateOrgAzureADProvider(a *org.Aggregate, writeModel func (c *Commands) prepareAddOrgGitHubProvider(a *org.Aggregate, writeModel *OrgGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Jdsgf", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Jdsgf", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-dsgz3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-dsgz3", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1089,10 +1089,10 @@ func (c *Commands) prepareAddOrgGitHubProvider(a *org.Aggregate, writeModel *Org func (c *Commands) prepareUpdateOrgGitHubProvider(a *org.Aggregate, writeModel *OrgGitHubIDPWriteModel, provider GitHubProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdf4h", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdf4h", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-fdh5z", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-fdh5z", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1104,7 +1104,7 @@ func (c *Commands) prepareUpdateOrgGitHubProvider(a *org.Aggregate, writeModel * return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dr1gs", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dr1gs", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1131,22 +1131,22 @@ func (c *Commands) prepareUpdateOrgGitHubProvider(a *org.Aggregate, writeModel * func (c *Commands) prepareAddOrgGitHubEnterpriseProvider(a *org.Aggregate, writeModel *OrgGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dg4td", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dg4td", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-dgj53", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-dgj53", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Ghjjs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Ghjjs", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sani2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sani2", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-agj42", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-agj42", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sd5hn", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sd5hn", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1183,22 +1183,22 @@ func (c *Commands) prepareAddOrgGitHubEnterpriseProvider(a *org.Aggregate, write func (c *Commands) prepareUpdateOrgGitHubEnterpriseProvider(a *org.Aggregate, writeModel *OrgGitHubEnterpriseIDPWriteModel, provider GitHubEnterpriseProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdfh3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdfh3", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-shj42", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-shj42", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdh73", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdh73", "Errors.Invalid.Argument") } if provider.AuthorizationEndpoint = strings.TrimSpace(provider.AuthorizationEndpoint); provider.AuthorizationEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-acx2w", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-acx2w", "Errors.Invalid.Argument") } if provider.TokenEndpoint = strings.TrimSpace(provider.TokenEndpoint); provider.TokenEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-dgj6q", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-dgj6q", "Errors.Invalid.Argument") } if provider.UserEndpoint = strings.TrimSpace(provider.UserEndpoint); provider.UserEndpoint == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-ybj62", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-ybj62", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1210,7 +1210,7 @@ func (c *Commands) prepareUpdateOrgGitHubEnterpriseProvider(a *org.Aggregate, wr return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-GBr42", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-GBr42", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1240,10 +1240,10 @@ func (c *Commands) prepareUpdateOrgGitHubEnterpriseProvider(a *org.Aggregate, wr func (c *Commands) prepareAddOrgGitLabProvider(a *org.Aggregate, writeModel *OrgGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-adsg2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-adsg2", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-GD1j2", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-GD1j2", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1277,10 +1277,10 @@ func (c *Commands) prepareAddOrgGitLabProvider(a *org.Aggregate, writeModel *Org func (c *Commands) prepareUpdateOrgGitLabProvider(a *org.Aggregate, writeModel *OrgGitLabIDPWriteModel, provider GitLabProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-HJK91", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-HJK91", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D12t6", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D12t6", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1292,7 +1292,7 @@ func (c *Commands) prepareUpdateOrgGitLabProvider(a *org.Aggregate, writeModel * return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-HBReq", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-HBReq", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1319,16 +1319,16 @@ func (c *Commands) prepareUpdateOrgGitLabProvider(a *org.Aggregate, writeModel * func (c *Commands) prepareAddOrgGitLabSelfHostedProvider(a *org.Aggregate, writeModel *OrgGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-jw4ZT", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-jw4ZT", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-AST4S", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-AST4S", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-DBZHJ", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-DBZHJ", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SDGJ4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SDGJ4", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1363,16 +1363,16 @@ func (c *Commands) prepareAddOrgGitLabSelfHostedProvider(a *org.Aggregate, write func (c *Commands) prepareUpdateOrgGitLabSelfHostedProvider(a *org.Aggregate, writeModel *OrgGitLabSelfHostedIDPWriteModel, provider GitLabSelfHostedProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAFG4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAFG4", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-DG4H", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-DG4H", "Errors.Invalid.Argument") } if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SD4eb", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SD4eb", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-GHWE3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-GHWE3", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1384,7 +1384,7 @@ func (c *Commands) prepareUpdateOrgGitLabSelfHostedProvider(a *org.Aggregate, wr return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-D2tg1", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-D2tg1", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1412,10 +1412,10 @@ func (c *Commands) prepareUpdateOrgGitLabSelfHostedProvider(a *org.Aggregate, wr func (c *Commands) prepareAddOrgGoogleProvider(a *org.Aggregate, writeModel *OrgGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-D3fvs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-D3fvs", "Errors.Invalid.Argument") } if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-W2vqs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-W2vqs", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1449,10 +1449,10 @@ func (c *Commands) prepareAddOrgGoogleProvider(a *org.Aggregate, writeModel *Org func (c *Commands) prepareUpdateOrgGoogleProvider(a *org.Aggregate, writeModel *OrgGoogleIDPWriteModel, provider GoogleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-S32t1", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-S32t1", "Errors.Invalid.Argument") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-ds432", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-ds432", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1464,7 +1464,7 @@ func (c *Commands) prepareUpdateOrgGoogleProvider(a *org.Aggregate, writeModel * return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dqrg1", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dqrg1", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1488,28 +1488,28 @@ func (c *Commands) prepareUpdateOrgGoogleProvider(a *org.Aggregate, writeModel * func (c *Commands) prepareAddOrgLDAPProvider(a *org.Aggregate, writeModel *OrgLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAfdd", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAfdd", "Errors.Invalid.Argument") } if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sv31s", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sv31s", "Errors.Invalid.Argument") } if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-sdgf4", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-sdgf4", "Errors.Invalid.Argument") } if provider.BindPassword = strings.TrimSpace(provider.BindPassword); provider.BindPassword == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-AEG2w", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-AEG2w", "Errors.Invalid.Argument") } if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAD5n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAD5n", "Errors.Invalid.Argument") } if len(provider.Servers) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAy945n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SAy945n", "Errors.Invalid.Argument") } if len(provider.UserObjectClasses) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-S1x705n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-S1x705n", "Errors.Invalid.Argument") } if len(provider.UserFilters) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1550,28 +1550,28 @@ func (c *Commands) prepareAddOrgLDAPProvider(a *org.Aggregate, writeModel *OrgLD func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *OrgLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dgdbs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Dgdbs", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sffgd", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Sffgd", "Errors.Invalid.Argument") } if provider.BaseDN = strings.TrimSpace(provider.BaseDN); provider.BaseDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-vb3ss", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vb3ss", "Errors.Invalid.Argument") } if provider.BindDN = strings.TrimSpace(provider.BindDN); provider.BindDN == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-hbere", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-hbere", "Errors.Invalid.Argument") } if provider.UserBase = strings.TrimSpace(provider.UserBase); provider.UserBase == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-DG45z", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-DG45z", "Errors.Invalid.Argument") } if len(provider.Servers) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sxx945n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Sxx945n", "Errors.Invalid.Argument") } if len(provider.UserObjectClasses) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-S1p605n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-S1p605n", "Errors.Invalid.Argument") } if len(provider.UserFilters) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-aBx901n", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aBx901n", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1583,7 +1583,7 @@ func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *Or return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-ASF3F", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-ASF3F", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1614,16 +1614,16 @@ func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *Or func (c *Commands) prepareAddOrgAppleProvider(a *org.Aggregate, writeModel *OrgAppleIDPWriteModel, provider AppleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-jkn3w", "Errors.IDP.ClientIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-jkn3w", "Errors.IDP.ClientIDMissing") } if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Ffg32", "Errors.IDP.TeamIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Ffg32", "Errors.IDP.TeamIDMissing") } if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-GDjm5", "Errors.IDP.KeyIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-GDjm5", "Errors.IDP.KeyIDMissing") } if len(provider.PrivateKey) == 0 { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-GVD4n", "Errors.IDP.PrivateKeyMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-GVD4n", "Errors.IDP.PrivateKeyMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1659,16 +1659,16 @@ func (c *Commands) prepareAddOrgAppleProvider(a *org.Aggregate, writeModel *OrgA func (c *Commands) prepareUpdateOrgAppleProvider(a *org.Aggregate, writeModel *OrgAppleIDPWriteModel, provider AppleProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-FRHBH", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-FRHBH", "Errors.IDMissing") } if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SFm4l", "Errors.IDP.ClientIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SFm4l", "Errors.IDP.ClientIDMissing") } if provider.TeamID = strings.TrimSpace(provider.TeamID); provider.TeamID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SG34t", "Errors.IDP.TeamIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-SG34t", "Errors.IDP.TeamIDMissing") } if provider.KeyID = strings.TrimSpace(provider.KeyID); provider.KeyID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Gh4z2", "Errors.IDP.KeyIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Gh4z2", "Errors.IDP.KeyIDMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1680,7 +1680,7 @@ func (c *Commands) prepareUpdateOrgAppleProvider(a *org.Aggregate, writeModel *O return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-SG3bh", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-SG3bh", "Errors.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1706,15 +1706,15 @@ func (c *Commands) prepareUpdateOrgAppleProvider(a *org.Aggregate, writeModel *O func (c *Commands) prepareAddOrgSAMLProvider(a *org.Aggregate, writeModel *OrgSAMLIDPWriteModel, provider SAMLProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-957lr0f8u3", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-957lr0f8u3", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-78isv6m53a", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-78isv6m53a", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "ORG-ipzxvf3cv2", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "ORG-ipzxvf3cv2", "Errors.Project.App.SAMLMetadataMissing") } provider.Metadata = data } @@ -1756,20 +1756,20 @@ func (c *Commands) prepareAddOrgSAMLProvider(a *org.Aggregate, writeModel *OrgSA func (c *Commands) prepareUpdateOrgSAMLProvider(a *org.Aggregate, writeModel *OrgSAMLIDPWriteModel, provider SAMLProvider) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-wwdwdlaya0", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-wwdwdlaya0", "Errors.Invalid.Argument") } if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-egixaofgyl", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-egixaofgyl", "Errors.Invalid.Argument") } if provider.Metadata == nil && provider.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, provider.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "ORG-bkaiyd3rfo", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "ORG-bkaiyd3rfo", "Errors.Project.App.SAMLMetadataMissing") } provider.Metadata = data } if provider.Metadata == nil { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-j6spncd74m", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-j6spncd74m", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1781,7 +1781,7 @@ func (c *Commands) prepareUpdateOrgSAMLProvider(a *org.Aggregate, writeModel *Or return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-z82dddndql", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-z82dddndql", "Errors.Org.IDPConfig.NotExisting") } event, err := writeModel.NewChangedEvent( ctx, @@ -1807,7 +1807,7 @@ func (c *Commands) prepareUpdateOrgSAMLProvider(a *org.Aggregate, writeModel *Or func (c *Commands) prepareRegenerateOrgSAMLProviderCertificate(a *org.Aggregate, writeModel *OrgSAMLIDPWriteModel) preparation.Validation { return func() (preparation.CreateCommands, error) { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-arv4vdrb6c", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-arv4vdrb6c", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { events, err := filter(ctx, writeModel.Query()) @@ -1819,7 +1819,7 @@ func (c *Commands) prepareRegenerateOrgSAMLProviderCertificate(a *org.Aggregate, return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-4dw21ch9o9", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-4dw21ch9o9", "Errors.Org.IDPConfig.NotExisting") } key, cert, err := c.samlCertificateAndKeyGenerator(writeModel.ID) @@ -1860,7 +1860,7 @@ func (c *Commands) prepareDeleteOrgProvider(a *org.Aggregate, resourceOwner, id return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Se3tg", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-Se3tg", "Errors.Org.IDPConfig.NotExisting") } return []eventstore.Command{org.NewIDPRemovedEvent(ctx, &a.Aggregate, id)}, nil }, nil diff --git a/internal/command/org_idp_config.go b/internal/command/org_idp_config.go index f135a4109a..8b4954c015 100644 --- a/internal/command/org_idp_config.go +++ b/internal/command/org_idp_config.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" org_repo "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ImportIDPConfig(ctx context.Context, config *domain.IDPConfig, idpConfigID, resourceOwner string) (*domain.IDPConfig, error) { @@ -17,17 +17,17 @@ func (c *Commands) ImportIDPConfig(ctx context.Context, config *domain.IDPConfig return nil, err } if existingIDP.State != domain.IDPConfigStateRemoved && existingIDP.State != domain.IDPConfigStateUnspecified { - return nil, errors.ThrowNotFound(nil, "Org-1J8fs", "Errors.Org.IDPConfig.AlreadyExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-1J8fs", "Errors.Org.IDPConfig.AlreadyExisting") } return c.addIDPConfig(ctx, config, idpConfigID, resourceOwner) } func (c *Commands) AddIDPConfig(ctx context.Context, config *domain.IDPConfig, resourceOwner string) (*domain.IDPConfig, error) { if resourceOwner == "" { - return nil, errors.ThrowInvalidArgument(nil, "Org-0j8gs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-0j8gs", "Errors.ResourceOwnerMissing") } if config.OIDCConfig == nil && config.JWTConfig == nil { - return nil, errors.ThrowInvalidArgument(nil, "Org-eUpQU", "Errors.idp.config.notset") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-eUpQU", "Errors.idp.config.notset") } idpConfigID, err := c.idGenerator.Next() if err != nil { @@ -94,14 +94,14 @@ func (c *Commands) addIDPConfig(ctx context.Context, config *domain.IDPConfig, i func (c *Commands) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig, resourceOwner string) (*domain.IDPConfig, error) { if resourceOwner == "" { - return nil, errors.ThrowInvalidArgument(nil, "Org-Gh8ds", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Gh8ds", "Errors.ResourceOwnerMissing") } existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, config.IDPConfigID, resourceOwner) if err != nil { return nil, err } if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified { - return nil, errors.ThrowNotFound(nil, "Org-1J9fs", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-1J9fs", "Errors.Org.IDPConfig.NotExisting") } orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) @@ -114,7 +114,7 @@ func (c *Commands) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig config.AutoRegister) if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "Org-jf9w", "Errors.Org.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-jf9w", "Errors.Org.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -133,7 +133,7 @@ func (c *Commands) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) return nil, err } if existingIDP.State != domain.IDPConfigStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "Org-BBmd0", "Errors.Org.IDPConfig.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-BBmd0", "Errors.Org.IDPConfig.NotActive") } orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID)) @@ -153,7 +153,7 @@ func (c *Commands) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) return nil, err } if existingIDP.State != domain.IDPConfigStateInactive { - return nil, errors.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") } orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID)) @@ -189,7 +189,7 @@ func (c *Commands) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cas func (c *Commands) removeIDPConfig(ctx context.Context, existingIDP *OrgIDPConfigWriteModel, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.UserIDPLink) ([]eventstore.Command, error) { if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified { - return nil, errors.ThrowNotFound(nil, "Org-Yx9vd", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-Yx9vd", "Errors.Org.IDPConfig.NotExisting") } orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) @@ -210,7 +210,7 @@ func (c *Commands) getOrgIDPConfigByID(ctx context.Context, idpID, orgID string) return nil, err } if !config.State.Exists() { - return nil, errors.ThrowNotFound(nil, "ORG-2m90f", "Errors.Org.IDPConfig.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "ORG-2m90f", "Errors.Org.IDPConfig.NotExisting") } return writeModelToIDPConfig(&config.IDPConfigWriteModel), nil } diff --git a/internal/command/org_idp_config_test.go b/internal/command/org_idp_config_test.go index 3da55353aa..2897997695 100644 --- a/internal/command/org_idp_config_test.go +++ b/internal/command/org_idp_config_test.go @@ -10,7 +10,6 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -18,6 +17,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddIDPConfig(t *testing.T) { @@ -65,7 +65,7 @@ func TestCommandSide_AddIDPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -81,7 +81,7 @@ func TestCommandSide_AddIDPConfig(t *testing.T) { config: &domain.IDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -261,7 +261,7 @@ func TestCommandSide_ChangeIDPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -276,7 +276,7 @@ func TestCommandSide_ChangeIDPConfig(t *testing.T) { config: &domain.IDPConfig{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -295,7 +295,7 @@ func TestCommandSide_ChangeIDPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -433,7 +433,7 @@ func TestCommands_RemoveIDPConfig(t *testing.T) { }, res{ nil, - caos_errs.IsNotFound, + zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_idp_jwt_config.go b/internal/command/org_idp_jwt_config.go index 94626420e5..c12ad8ec54 100644 --- a/internal/command/org_idp_jwt_config.go +++ b/internal/command/org_idp_jwt_config.go @@ -4,15 +4,15 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeIDPJWTConfig(ctx context.Context, config *domain.JWTIDPConfig, resourceOwner string) (*domain.JWTIDPConfig, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-ff8NF", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-ff8NF", "Errors.ResourceOwnerMissing") } if config.IDPConfigID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-2n99f", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-2n99f", "Errors.IDMissing") } existingConfig := NewOrgIDPJWTConfigWriteModel(config.IDPConfigID, resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig) @@ -21,7 +21,7 @@ func (c *Commands) ChangeIDPJWTConfig(ctx context.Context, config *domain.JWTIDP } if existingConfig.State == domain.IDPConfigStateRemoved || existingConfig.State == domain.IDPConfigStateUnspecified { - return nil, caos_errs.ThrowNotFound(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") + return nil, zerrors.ThrowNotFound(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&existingConfig.WriteModel) @@ -37,7 +37,7 @@ func (c *Commands) ChangeIDPJWTConfig(ctx context.Context, config *domain.JWTIDP return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-2k9fs", "Errors.Org.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-2k9fs", "Errors.Org.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/org_idp_jwt_config_test.go b/internal/command/org_idp_jwt_config_test.go index 4000f42100..9368cf9892 100644 --- a/internal/command/org_idp_jwt_config_test.go +++ b/internal/command/org_idp_jwt_config_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { @@ -52,7 +52,7 @@ func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -68,7 +68,7 @@ func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -87,7 +87,7 @@ func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -134,7 +134,7 @@ func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -179,7 +179,7 @@ func TestCommandSide_ChangeIDPJWTConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/org_idp_oidc_config.go b/internal/command/org_idp_oidc_config.go index b712fa9a13..ed0add4ea8 100644 --- a/internal/command/org_idp_oidc_config.go +++ b/internal/command/org_idp_oidc_config.go @@ -4,15 +4,15 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig, resourceOwner string) (*domain.OIDCIDPConfig, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-4n8f2", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4n8f2", "Errors.ResourceOwnerMissing") } if config.IDPConfigID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-66Qwj", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-66Qwj", "Errors.IDMissing") } existingConfig := NewOrgIDPOIDCConfigWriteModel(config.IDPConfigID, resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig) @@ -21,7 +21,7 @@ func (c *Commands) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCI } if existingConfig.State == domain.IDPConfigStateRemoved || existingConfig.State == domain.IDPConfigStateUnspecified { - return nil, caos_errs.ThrowNotFound(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") + return nil, zerrors.ThrowNotFound(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&existingConfig.WriteModel) @@ -42,7 +42,7 @@ func (c *Commands) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCI return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-10ods", "Errors.Org.IDPConfig.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-10ods", "Errors.Org.IDPConfig.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/org_idp_oidc_config_test.go b/internal/command/org_idp_oidc_config_test.go index fb68f7fac0..b448fb36bd 100644 --- a/internal/command/org_idp_oidc_config_test.go +++ b/internal/command/org_idp_oidc_config_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { @@ -52,7 +52,7 @@ func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -68,7 +68,7 @@ func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -87,7 +87,7 @@ func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -143,7 +143,7 @@ func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -200,7 +200,7 @@ func TestCommandSide_ChangeIDPOIDCConfig(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/org_idp_test.go b/internal/command/org_idp_test.go index a740aa54a0..ebb8682125 100644 --- a/internal/command/org_idp_test.go +++ b/internal/command/org_idp_test.go @@ -12,12 +12,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { @@ -55,7 +55,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D32ef", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D32ef", "")) }, }, }, @@ -74,7 +74,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "")) }, }, }, @@ -94,7 +94,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-DF4ga", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-DF4ga", "")) }, }, }, @@ -115,7 +115,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-B23bs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-B23bs", "")) }, }, }, @@ -137,7 +137,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D2gj8", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D2gj8", "")) }, }, }, @@ -160,7 +160,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "")) }, }, }, @@ -184,7 +184,7 @@ func TestCommandSide_AddOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sadf3d", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sadf3d", "")) }, }, }, @@ -348,7 +348,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-asfsa", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-asfsa", "")) }, }, }, @@ -365,7 +365,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D32ef", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D32ef", "")) }, }, }, @@ -384,7 +384,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dbgzf", "")) }, }, }, @@ -404,7 +404,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-B23bs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-B23bs", "")) }, }, }, @@ -425,7 +425,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D2gj8", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D2gj8", "")) }, }, }, @@ -447,7 +447,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Fb8jk", "")) }, }, }, @@ -470,7 +470,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAe4gh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAe4gh", "")) }, }, }, @@ -495,7 +495,7 @@ func TestCommandSide_UpdateOrgGenericOAuthIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -679,7 +679,7 @@ func TestCommandSide_AddOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Sgtj5", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Sgtj5", "")) }, }, }, @@ -698,7 +698,7 @@ func TestCommandSide_AddOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Hz6zj", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Hz6zj", "")) }, }, }, @@ -718,7 +718,7 @@ func TestCommandSide_AddOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-fb5jm", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-fb5jm", "")) }, }, }, @@ -739,7 +739,7 @@ func TestCommandSide_AddOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Sfdf4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Sfdf4", "")) }, }, }, @@ -894,7 +894,7 @@ func TestCommandSide_UpdateOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAfd3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAfd3", "")) }, }, }, @@ -911,7 +911,7 @@ func TestCommandSide_UpdateOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dvf4f", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dvf4f", "")) }, }, }, @@ -930,7 +930,7 @@ func TestCommandSide_UpdateOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-BDfr3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-BDfr3", "")) }, }, }, @@ -950,7 +950,7 @@ func TestCommandSide_UpdateOrgGenericOIDCIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Db3bs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Db3bs", "")) }, }, }, @@ -972,7 +972,7 @@ func TestCommandSide_UpdateOrgGenericOIDCIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1143,7 +1143,7 @@ func TestCommandSide_MigrateOrgGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdf3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdf3g", "")) }, }, }, @@ -1161,7 +1161,7 @@ func TestCommandSide_MigrateOrgGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "")) }, }, }, @@ -1180,7 +1180,7 @@ func TestCommandSide_MigrateOrgGenericOIDCToAzureADProvider(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "")) }, }, }, @@ -1202,7 +1202,7 @@ func TestCommandSide_MigrateOrgGenericOIDCToAzureADProvider(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1389,7 +1389,7 @@ func TestCommandSide_MigrateOrgOIDCToGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D3fvs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D3fvs", "")) }, }, }, @@ -1408,7 +1408,7 @@ func TestCommandSide_MigrateOrgOIDCToGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-W2vqs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-W2vqs", "")) }, }, }, @@ -1429,7 +1429,7 @@ func TestCommandSide_MigrateOrgOIDCToGoogleIDP(t *testing.T) { }, }, res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1606,7 +1606,7 @@ func TestCommandSide_AddOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdf3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdf3g", "")) }, }, }, @@ -1625,7 +1625,7 @@ func TestCommandSide_AddOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Fhbr2", "")) }, }, }, @@ -1645,7 +1645,7 @@ func TestCommandSide_AddOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dzh3g", "")) }, }, }, @@ -1799,7 +1799,7 @@ func TestCommandSide_UpdateOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAgh2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAgh2", "")) }, }, }, @@ -1816,7 +1816,7 @@ func TestCommandSide_UpdateOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-fh3h1", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-fh3h1", "")) }, }, }, @@ -1835,7 +1835,7 @@ func TestCommandSide_UpdateOrgAzureADIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-dmitg", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-dmitg", "")) }, }, }, @@ -1856,7 +1856,7 @@ func TestCommandSide_UpdateOrgAzureADIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2028,7 +2028,7 @@ func TestCommandSide_AddOrgGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Jdsgf", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Jdsgf", "")) }, }, }, @@ -2047,7 +2047,7 @@ func TestCommandSide_AddOrgGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-dsgz3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-dsgz3", "")) }, }, }, @@ -2194,7 +2194,7 @@ func TestCommandSide_UpdateOrgGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdf4h", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdf4h", "")) }, }, }, @@ -2211,7 +2211,7 @@ func TestCommandSide_UpdateOrgGitHubIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-fdh5z", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-fdh5z", "")) }, }, }, @@ -2231,7 +2231,7 @@ func TestCommandSide_UpdateOrgGitHubIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2394,7 +2394,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dg4td", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dg4td", "")) }, }, }, @@ -2413,7 +2413,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-dgj53", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-dgj53", "")) }, }, }, @@ -2433,7 +2433,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Ghjjs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Ghjjs", "")) }, }, }, @@ -2454,7 +2454,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sani2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sani2", "")) }, }, }, @@ -2476,7 +2476,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-agj42", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-agj42", "")) }, }, }, @@ -2499,7 +2499,7 @@ func TestCommandSide_AddOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sd5hn", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sd5hn", "")) }, }, }, @@ -2659,7 +2659,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdfh3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdfh3", "")) }, }, }, @@ -2676,7 +2676,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-shj42", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-shj42", "")) }, }, }, @@ -2695,7 +2695,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdh73", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdh73", "")) }, }, }, @@ -2715,7 +2715,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-acx2w", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-acx2w", "")) }, }, }, @@ -2736,7 +2736,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-dgj6q", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-dgj6q", "")) }, }, }, @@ -2758,7 +2758,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-ybj62", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-ybj62", "")) }, }, }, @@ -2782,7 +2782,7 @@ func TestCommandSide_UpdateOrgGitHubEnterpriseIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2961,7 +2961,7 @@ func TestCommandSide_AddOrgGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-adsg2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-adsg2", "")) }, }, }, @@ -2980,7 +2980,7 @@ func TestCommandSide_AddOrgGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-GD1j2", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-GD1j2", "")) }, }, }, @@ -3126,7 +3126,7 @@ func TestCommandSide_UpdateOrgGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-HJK91", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-HJK91", "")) }, }, }, @@ -3143,7 +3143,7 @@ func TestCommandSide_UpdateOrgGitLabIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D12t6", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D12t6", "")) }, }, }, @@ -3163,7 +3163,7 @@ func TestCommandSide_UpdateOrgGitLabIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -3324,7 +3324,7 @@ func TestCommandSide_AddOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-jw4ZT", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-jw4ZT", "")) }, }, }, @@ -3343,7 +3343,7 @@ func TestCommandSide_AddOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-AST4S", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-AST4S", "")) }, }, }, @@ -3363,7 +3363,7 @@ func TestCommandSide_AddOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-DBZHJ", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-DBZHJ", "")) }, }, }, @@ -3384,7 +3384,7 @@ func TestCommandSide_AddOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SDGJ4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SDGJ4", "")) }, }, }, @@ -3536,7 +3536,7 @@ func TestCommandSide_UpdateOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAFG4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAFG4", "")) }, }, }, @@ -3553,7 +3553,7 @@ func TestCommandSide_UpdateOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-DG4H", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-DG4H", "")) }, }, }, @@ -3572,7 +3572,7 @@ func TestCommandSide_UpdateOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SD4eb", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SD4eb", "")) }, }, }, @@ -3592,7 +3592,7 @@ func TestCommandSide_UpdateOrgGitLabSelfHostedIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-GHWE3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-GHWE3", "")) }, }, }, @@ -3614,7 +3614,7 @@ func TestCommandSide_UpdateOrgGitLabSelfHostedIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -3783,7 +3783,7 @@ func TestCommandSide_AddOrgGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-D3fvs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-D3fvs", "")) }, }, }, @@ -3802,7 +3802,7 @@ func TestCommandSide_AddOrgGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-W2vqs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-W2vqs", "")) }, }, }, @@ -3948,7 +3948,7 @@ func TestCommandSide_UpdateOrgGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-S32t1", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-S32t1", "")) }, }, }, @@ -3965,7 +3965,7 @@ func TestCommandSide_UpdateOrgGoogleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-ds432", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-ds432", "")) }, }, }, @@ -3985,7 +3985,7 @@ func TestCommandSide_UpdateOrgGoogleIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -4146,7 +4146,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAfdd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAfdd", "")) }, }, }, @@ -4165,7 +4165,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sv31s", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sv31s", "")) }, }, }, @@ -4185,7 +4185,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-sdgf4", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-sdgf4", "")) }, }, }, @@ -4206,7 +4206,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-AEG2w", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-AEG2w", "")) }, }, }, @@ -4228,7 +4228,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAD5n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAD5n", "")) }, }, }, @@ -4251,7 +4251,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SAy945n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SAy945n", "")) }, }, }, @@ -4275,7 +4275,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-S1x705n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-S1x705n", "")) }, }, }, @@ -4300,7 +4300,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "")) }, }, }, @@ -4504,7 +4504,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Dgdbs", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Dgdbs", "")) }, }, }, @@ -4521,7 +4521,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Sffgd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Sffgd", "")) }, }, }, @@ -4540,7 +4540,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-vb3ss", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-vb3ss", "")) }, }, }, @@ -4560,7 +4560,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-hbere", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-hbere", "")) }, }, }, @@ -4581,7 +4581,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-DG45z", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-DG45z", "")) }, }, }, @@ -4603,7 +4603,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Sxx945n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Sxx945n", "")) }, }, }, @@ -4626,7 +4626,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-S1p605n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-S1p605n", "")) }, }, }, @@ -4650,7 +4650,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-aBx901n", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-aBx901n", "")) }, }, }, @@ -4678,7 +4678,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "ORG-ASF3F", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "ORG-ASF3F", "")) }, }, }, @@ -4905,7 +4905,7 @@ func TestCommandSide_AddOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-jkn3w", "Errors.IDP.ClientIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-jkn3w", "Errors.IDP.ClientIDMissing")) }, }, }, @@ -4924,7 +4924,7 @@ func TestCommandSide_AddOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Ffg32", "Errors.IDP.TeamIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Ffg32", "Errors.IDP.TeamIDMissing")) }, }, }, @@ -4944,7 +4944,7 @@ func TestCommandSide_AddOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-GDjm5", "Errors.IDP.KeyIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-GDjm5", "Errors.IDP.KeyIDMissing")) }, }, }, @@ -4965,7 +4965,7 @@ func TestCommandSide_AddOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-GVD4n", "Errors.IDP.PrivateKeyMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-GVD4n", "Errors.IDP.PrivateKeyMissing")) }, }, }, @@ -5119,7 +5119,7 @@ func TestCommandSide_UpdateOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-FRHBH", "Errors.IDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-FRHBH", "Errors.IDMissing")) }, }, }, @@ -5136,7 +5136,7 @@ func TestCommandSide_UpdateOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SFm4l", "Errors.IDP.ClientIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SFm4l", "Errors.IDP.ClientIDMissing")) }, }, }, @@ -5155,7 +5155,7 @@ func TestCommandSide_UpdateOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-SG34t", "Errors.IDP.TeamIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-SG34t", "Errors.IDP.TeamIDMissing")) }, }, }, @@ -5175,7 +5175,7 @@ func TestCommandSide_UpdateOrgAppleIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-Gh4z2", "Errors.IDP.KeyIDMissing")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-Gh4z2", "Errors.IDP.KeyIDMissing")) }, }, }, @@ -5197,7 +5197,7 @@ func TestCommandSide_UpdateOrgAppleIDP(t *testing.T) { }, }, res: res{ - err: caos_errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -5373,7 +5373,7 @@ func TestCommandSide_AddOrgSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-957lr0f8u3", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-957lr0f8u3", "")) }, }, }, @@ -5392,7 +5392,7 @@ func TestCommandSide_AddOrgSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-78isv6m53a", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-78isv6m53a", "")) }, }, }, @@ -5545,7 +5545,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-wwdwdlaya0", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-wwdwdlaya0", "")) }, }, }, @@ -5562,7 +5562,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-egixaofgyl", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-egixaofgyl", "")) }, }, }, @@ -5581,7 +5581,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-j6spncd74m", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-j6spncd74m", "")) }, }, }, @@ -5603,7 +5603,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "ORG-z82dddndql", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "ORG-z82dddndql", "")) }, }, }, @@ -5764,7 +5764,7 @@ func TestCommandSide_RegenerateOrgSAMLProviderCertificate(t *testing.T) { }, res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "ORG-arv4vdrb6c", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-arv4vdrb6c", "")) }, }, }, @@ -5782,7 +5782,7 @@ func TestCommandSide_RegenerateOrgSAMLProviderCertificate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "ORG-4dw21ch9o9", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "ORG-4dw21ch9o9", "")) }, }, }, diff --git a/internal/command/org_member.go b/internal/command/org_member.go index 3ead7a0685..9ba7ecbfff 100644 --- a/internal/command/org_member.go +++ b/internal/command/org_member.go @@ -6,30 +6,30 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddOrgMemberCommand(a *org.Aggregate, userID string, roles ...string) preparation.Validation { return func() (preparation.CreateCommands, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "ORG-4Mlfs", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "ORG-4Mlfs", "Errors.Invalid.Argument") } if len(roles) == 0 { - return nil, errors.ThrowInvalidArgument(nil, "V2-PfYhb", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-PfYhb", "Errors.Invalid.Argument") } if len(domain.CheckForInvalidRoles(roles, domain.OrgRolePrefix, c.zitadelRoles)) > 0 && len(domain.CheckForInvalidRoles(roles, domain.RoleSelfManagementGlobal, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "Org-4N8es", "Errors.Org.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4N8es", "Errors.Org.MemberInvalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { if exists, err := ExistsUser(ctx, filter, userID, ""); err != nil || !exists { - return nil, errors.ThrowPreconditionFailed(err, "ORG-GoXOn", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "ORG-GoXOn", "Errors.User.NotFound") } if isMember, err := IsOrgMember(ctx, filter, a.ID, userID); err != nil || isMember { - return nil, errors.ThrowAlreadyExists(err, "ORG-poWwe", "Errors.Org.Member.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(err, "ORG-poWwe", "Errors.Org.Member.AlreadyExists") } return []eventstore.Command{org.NewMemberAddedEvent(ctx, &a.Aggregate, userID, roles...)}, nil }, @@ -93,17 +93,17 @@ func (c *Commands) AddOrgMember(ctx context.Context, orgID, userID string, roles func (c *Commands) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregate, addedMember *OrgMemberWriteModel, member *domain.Member) (eventstore.Command, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "Org-W8m4l", "Errors.Org.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-W8m4l", "Errors.Org.MemberInvalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.OrgRolePrefix, c.zitadelRoles)) > 0 && len(domain.CheckForInvalidRoles(member.Roles, domain.RoleSelfManagementGlobal, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "Org-4N8es", "Errors.Org.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4N8es", "Errors.Org.MemberInvalid") } err := c.eventstore.FilterToQueryReducer(ctx, addedMember) if err != nil { return nil, err } if addedMember.State == domain.MemberStateActive { - return nil, errors.ThrowAlreadyExists(nil, "Org-PtXi1", "Errors.Org.Member.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-PtXi1", "Errors.Org.Member.AlreadyExists") } return org.NewMemberAddedEvent(ctx, orgAgg, member.UserID, member.Roles...), nil @@ -112,10 +112,10 @@ func (c *Commands) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregat // ChangeOrgMember updates an existing member func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "Org-LiaZi", "Errors.Org.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-LiaZi", "Errors.Org.MemberInvalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.OrgRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "IAM-m9fG8", "Errors.Org.MemberInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "IAM-m9fG8", "Errors.Org.MemberInvalid") } existingMember, err := c.orgMemberWriteModelByID(ctx, member.AggregateID, member.UserID) @@ -124,7 +124,7 @@ func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) ( } if reflect.DeepEqual(existingMember.Roles, member.Roles) { - return nil, errors.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged") } orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewMemberChangedEvent(ctx, orgAgg, member.UserID, member.Roles...)) @@ -141,10 +141,10 @@ func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) ( func (c *Commands) RemoveOrgMember(ctx context.Context, orgID, userID string) (*domain.ObjectDetails, error) { m, err := c.orgMemberWriteModelByID(ctx, orgID, userID) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { // empty response because we have no data that match the request return &domain.ObjectDetails{}, nil } @@ -184,7 +184,7 @@ func (c *Commands) orgMemberWriteModelByID(ctx context.Context, orgID, userID st } if writeModel.State == domain.MemberStateUnspecified || writeModel.State == domain.MemberStateRemoved { - return nil, errors.ThrowNotFound(nil, "Org-D8JxR", "Errors.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-D8JxR", "Errors.NotFound") } return writeModel, nil diff --git a/internal/command/org_member_test.go b/internal/command/org_member_test.go index db2b9038a2..2c49f3bd73 100644 --- a/internal/command/org_member_test.go +++ b/internal/command/org_member_test.go @@ -10,12 +10,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAddMember(t *testing.T) { @@ -42,7 +42,7 @@ func TestAddMember(t *testing.T) { userID: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "ORG-4Mlfs", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-4Mlfs", "Errors.Invalid.Argument"), }, }, { @@ -52,7 +52,7 @@ func TestAddMember(t *testing.T) { userID: "12342", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "V2-PfYhb", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "V2-PfYhb", "Errors.Invalid.Argument"), }, }, { @@ -63,7 +63,7 @@ func TestAddMember(t *testing.T) { roles: []string{"ORG_OWNER"}, }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "Org-4N8es", ""), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "Org-4N8es", ""), }, }, { @@ -83,7 +83,7 @@ func TestAddMember(t *testing.T) { }).Filter(), }, want: Want{ - CreateErr: errors.ThrowPreconditionFailed(nil, "ORG-GoXOn", "Errors.User.NotFound"), + CreateErr: zerrors.ThrowPreconditionFailed(nil, "ORG-GoXOn", "Errors.User.NotFound"), }, }, { @@ -123,7 +123,7 @@ func TestAddMember(t *testing.T) { Filter(), }, want: Want{ - CreateErr: errors.ThrowAlreadyExists(nil, "ORG-poWwe", "Errors.Org.Member.AlreadyExists"), + CreateErr: zerrors.ThrowAlreadyExists(nil, "ORG-poWwe", "Errors.Org.Member.AlreadyExists"), }, }, { @@ -262,7 +262,7 @@ func TestIsMember(t *testing.T) { name: "error durring filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "PROJE-Op26p", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "PROJE-Op26p", "Errors.Internal") }, orgID: "orgID", userID: "userID", @@ -318,7 +318,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -335,7 +335,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { roles: []string{"ORG_OWNER"}, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -358,7 +358,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { roles: []string{domain.RoleOrgOwner}, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -404,7 +404,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { roles: []string{"ORG_OWNER"}, }, res: res{ - err: errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -429,7 +429,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { ), ), expectFilter(), - expectPushFailed(errors.ThrowAlreadyExists(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internal"), org.NewMemberAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "user1", @@ -450,7 +450,7 @@ func TestCommandSide_AddOrgMember(t *testing.T) { roles: []string{"ORG_OWNER"}, }, res: res{ - err: errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -562,7 +562,7 @@ func TestCommandSide_ChangeOrgMember(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -583,7 +583,7 @@ func TestCommandSide_ChangeOrgMember(t *testing.T) { }, }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -610,7 +610,7 @@ func TestCommandSide_ChangeOrgMember(t *testing.T) { }, }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -645,7 +645,7 @@ func TestCommandSide_ChangeOrgMember(t *testing.T) { }, }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -755,7 +755,7 @@ func TestCommandSide_RemoveOrgMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -772,7 +772,7 @@ func TestCommandSide_RemoveOrgMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/org_metadata.go b/internal/command/org_metadata.go index c1a3784472..e564bb264e 100644 --- a/internal/command/org_metadata.go +++ b/internal/command/org_metadata.go @@ -4,9 +4,9 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) SetOrgMetadata(ctx context.Context, orgID string, metadata *domain.Metadata) (_ *domain.Metadata, err error) { @@ -34,7 +34,7 @@ func (c *Commands) SetOrgMetadata(ctx context.Context, orgID string, metadata *d func (c *Commands) BulkSetOrgMetadata(ctx context.Context, orgID string, metadatas ...*domain.Metadata) (_ *domain.ObjectDetails, err error) { if len(metadatas) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") + return nil, zerrors.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") } err = c.checkOrgExists(ctx, orgID) if err != nil { @@ -66,7 +66,7 @@ func (c *Commands) BulkSetOrgMetadata(ctx context.Context, orgID string, metadat func (c *Commands) setOrgMetadata(ctx context.Context, orgAgg *eventstore.Aggregate, metadata *domain.Metadata) (command eventstore.Command, err error) { if !metadata.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "META-2ml0f", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "META-2ml0f", "Errors.Metadata.Invalid") } return org.NewMetadataSetEvent( ctx, @@ -78,7 +78,7 @@ func (c *Commands) setOrgMetadata(ctx context.Context, orgAgg *eventstore.Aggreg func (c *Commands) RemoveOrgMetadata(ctx context.Context, orgID, metadataKey string) (_ *domain.ObjectDetails, err error) { if metadataKey == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "META-2n0f1", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "META-2n0f1", "Errors.Metadata.Invalid") } err = c.checkOrgExists(ctx, orgID) if err != nil { @@ -89,7 +89,7 @@ func (c *Commands) RemoveOrgMetadata(ctx context.Context, orgID, metadataKey str return nil, err } if !removeMetadata.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "META-mcnw3", "Errors.Metadata.NotFound") + return nil, zerrors.ThrowNotFound(nil, "META-mcnw3", "Errors.Metadata.NotFound") } orgAgg := OrgAggregateFromWriteModel(&removeMetadata.WriteModel) event, err := c.removeOrgMetadata(ctx, orgAgg, metadataKey) @@ -110,7 +110,7 @@ func (c *Commands) RemoveOrgMetadata(ctx context.Context, orgID, metadataKey str func (c *Commands) BulkRemoveOrgMetadata(ctx context.Context, orgID string, metadataKeys ...string) (_ *domain.ObjectDetails, err error) { if len(metadataKeys) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "META-9mw2d", "Errors.Metadata.NoData") + return nil, zerrors.ThrowPreconditionFailed(nil, "META-9mw2d", "Errors.Metadata.NoData") } err = c.checkOrgExists(ctx, orgID) if err != nil { @@ -125,10 +125,10 @@ func (c *Commands) BulkRemoveOrgMetadata(ctx context.Context, orgID string, meta orgAgg := OrgAggregateFromWriteModel(&removeMetadata.WriteModel) for i, key := range metadataKeys { if key == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-m19ds", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-m19ds", "Errors.Metadata.Invalid") } if _, found := removeMetadata.metadataList[key]; !found { - return nil, caos_errs.ThrowNotFound(nil, "META-2npds", "Errors.Metadata.KeyNotExisting") + return nil, zerrors.ThrowNotFound(nil, "META-2npds", "Errors.Metadata.KeyNotExisting") } event, err := c.removeOrgMetadata(ctx, orgAgg, key) if err != nil { diff --git a/internal/command/org_metadata_test.go b/internal/command/org_metadata_test.go index 2f20d12c6f..e52f2480b6 100644 --- a/internal/command/org_metadata_test.go +++ b/internal/command/org_metadata_test.go @@ -7,10 +7,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetOrgMetadata(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_SetOrgMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -77,7 +77,7 @@ func TestCommandSide_SetOrgMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -175,7 +175,7 @@ func TestCommandSide_BulkSetOrgMetadata(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -195,7 +195,7 @@ func TestCommandSide_BulkSetOrgMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -222,7 +222,7 @@ func TestCommandSide_BulkSetOrgMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -321,7 +321,7 @@ func TestCommandSide_OrgRemoveMetadata(t *testing.T) { metadataKey: "key", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -337,7 +337,7 @@ func TestCommandSide_OrgRemoveMetadata(t *testing.T) { metadataKey: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -362,7 +362,7 @@ func TestCommandSide_OrgRemoveMetadata(t *testing.T) { metadataKey: "key", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -459,7 +459,7 @@ func TestCommandSide_BulkRemoveOrgMetadata(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -476,7 +476,7 @@ func TestCommandSide_BulkRemoveOrgMetadata(t *testing.T) { metadataList: []string{"key", "key1"}, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -509,7 +509,7 @@ func TestCommandSide_BulkRemoveOrgMetadata(t *testing.T) { metadataList: []string{"key", "key1"}, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -549,7 +549,7 @@ func TestCommandSide_BulkRemoveOrgMetadata(t *testing.T) { metadataList: []string{""}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/org_policy_domain.go b/internal/command/org_policy_domain.go index 167b51af6c..f4e4b59a93 100644 --- a/internal/command/org_policy_domain.go +++ b/internal/command/org_policy_domain.go @@ -5,15 +5,15 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddOrgDomainPolicy(ctx context.Context, resourceOwner string, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-4Jfsf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4Jfsf", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddOrgDomainPolicy(orgAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain)) @@ -29,7 +29,7 @@ func (c *Commands) AddOrgDomainPolicy(ctx context.Context, resourceOwner string, func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner string, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain bool) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-5H8fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-5H8fs", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareChangeOrgDomainPolicy(orgAgg, userLoginMustBeDomain, validateOrgDomains, smtpSenderAddressMatchesInstanceDomain)) @@ -45,7 +45,7 @@ func (c *Commands) ChangeOrgDomainPolicy(ctx context.Context, resourceOwner stri func (c *Commands) RemoveOrgDomainPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-3H8fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-3H8fs", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(orgID) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareRemoveOrgDomainPolicy(orgAgg)) @@ -59,18 +59,19 @@ func (c *Commands) RemoveOrgDomainPolicy(ctx context.Context, orgID string) (*do return pushedEventsToObjectDetails(pushedEvents), nil } +// Deprecated: Use commands.domainPolicyWriteModel directly, to remove the domain.DomainPolicy struct func (c *Commands) getOrgDomainPolicy(ctx context.Context, orgID string) (*domain.DomainPolicy, error) { - policy, err := c.orgDomainPolicyWriteModelByID(ctx, orgID) + policy, err := c.orgDomainPolicyWriteModel(ctx, orgID) if err != nil { return nil, err } - if policy.State == domain.PolicyStateActive { + if policy.State.Exists() { return orgWriteModelToDomainPolicy(policy), nil } return c.getDefaultDomainPolicy(ctx) } -func (c *Commands) orgDomainPolicyWriteModelByID(ctx context.Context, orgID string) (policy *OrgDomainPolicyWriteModel, err error) { +func (c *Commands) orgDomainPolicyWriteModel(ctx context.Context, orgID string) (policy *OrgDomainPolicyWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() @@ -95,7 +96,7 @@ func prepareAddOrgDomainPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.DomainPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.DomainPolicy.AlreadyExists") } cmds := []eventstore.Command{ org.NewDomainPolicyAddedEvent(ctx, &a.Aggregate, @@ -138,7 +139,7 @@ func prepareChangeOrgDomainPolicy( return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-2N9sd", "Errors.Org.DomainPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-2N9sd", "Errors.Org.DomainPolicy.NotFound") } changedEvent, usernameChange, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, userLoginMustBeDomain, @@ -174,7 +175,7 @@ func prepareRemoveOrgDomainPolicy( return nil, err } if !writeModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dvsh3", "Errors.Org.DomainPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dvsh3", "Errors.Org.DomainPolicy.NotFound") } instancePolicy, err := instanceDomainPolicy(ctx, filter) if err != nil { diff --git a/internal/command/org_policy_domain_model.go b/internal/command/org_policy_domain_model.go index 328041ba00..a689835f14 100644 --- a/internal/command/org_policy_domain_model.go +++ b/internal/command/org_policy_domain_model.go @@ -3,11 +3,10 @@ package command import ( "context" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) type OrgDomainPolicyWriteModel struct { @@ -72,7 +71,7 @@ func (wm *OrgDomainPolicyWriteModel) NewChangedEvent( changes = append(changes, policy.ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain)) } if len(changes) == 0 { - return nil, false, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged") + return nil, false, zerrors.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged") } changedEvent, err = org.NewDomainPolicyChangedEvent(ctx, aggregate, changes) return changedEvent, usernameChange, err diff --git a/internal/command/org_policy_domain_test.go b/internal/command/org_policy_domain_test.go index c431612a56..1cb4c080a6 100644 --- a/internal/command/org_policy_domain_test.go +++ b/internal/command/org_policy_domain_test.go @@ -8,12 +8,12 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddDomainPolicy(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -79,7 +79,7 @@ func TestCommandSide_AddDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -288,7 +288,7 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -307,7 +307,7 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -335,7 +335,7 @@ func TestCommandSide_ChangeDomainPolicy(t *testing.T) { smtpSenderAddressMatchesInstanceDomain: true, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -496,7 +496,7 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -512,7 +512,7 @@ func TestCommandSide_RemoveDomainPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_label.go b/internal/command/org_policy_label.go index 6698baff61..4a1fff05d4 100644 --- a/internal/command/org_policy_label.go +++ b/internal/command/org_policy_label.go @@ -4,14 +4,14 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-Fn8ds", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Fn8ds", "Errors.ResourceOwnerMissing") } if err := policy.IsValid(); err != nil { return nil, err @@ -22,7 +22,7 @@ func (c *Commands) AddLabelPolicy(ctx context.Context, resourceOwner string, pol return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LabelPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LabelPolicy.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel) @@ -53,7 +53,7 @@ func (c *Commands) AddLabelPolicy(ctx context.Context, resourceOwner string, pol func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-3N9fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-3N9fs", "Errors.ResourceOwnerMissing") } if err := policy.IsValid(); err != nil { return nil, err @@ -64,7 +64,7 @@ func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string, return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-0K9dq", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-0K9dq", "Errors.Org.LabelPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) @@ -84,7 +84,7 @@ func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string, policy.DisableWatermark, policy.ThemeMode) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-8nfSr", "Errors.Org.LabelPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-8nfSr", "Errors.Org.LabelPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -100,7 +100,7 @@ func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string, func (c *Commands) ActivateLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-KKd4X", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-KKd4X", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -108,7 +108,7 @@ func (c *Commands) ActivateLabelPolicy(ctx context.Context, orgID string) (*doma } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-34mSE", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-34mSE", "Errors.Org.LabelPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyActivatedEvent(ctx, orgAgg)) @@ -124,7 +124,7 @@ func (c *Commands) ActivateLabelPolicy(ctx context.Context, orgID string) (*doma func (c *Commands) AddLogoLabelPolicy(ctx context.Context, orgID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-KKd4X", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-KKd4X", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -132,11 +132,11 @@ func (c *Commands) AddLogoLabelPolicy(ctx context.Context, orgID string, upload } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-23BMs", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-23BMs", "Errors.Org.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "IAM-4N3nf", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "IAM-4N3nf", "Errors.Assets.Object.PutFailed") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyLogoAddedEvent(ctx, orgAgg, asset.Name)) @@ -152,7 +152,7 @@ func (c *Commands) AddLogoLabelPolicy(ctx context.Context, orgID string, upload func (c *Commands) RemoveLogoLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-2FN8s", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-2FN8s", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -160,7 +160,7 @@ func (c *Commands) RemoveLogoLabelPolicy(ctx context.Context, orgID string) (*do } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-4MVsf", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-4MVsf", "Errors.Org.LabelPolicy.NotFound") } err = c.removeAsset(ctx, orgID, existingPolicy.LogoKey) if err != nil { @@ -180,7 +180,7 @@ func (c *Commands) RemoveLogoLabelPolicy(ctx context.Context, orgID string) (*do func (c *Commands) AddIconLabelPolicy(ctx context.Context, orgID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-hMDs3", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-hMDs3", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -188,11 +188,11 @@ func (c *Commands) AddIconLabelPolicy(ctx context.Context, orgID string, upload } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-4nq2f", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-4nq2f", "Errors.Org.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "IAM-4BS7f", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "IAM-4BS7f", "Errors.Assets.Object.PutFailed") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyIconAddedEvent(ctx, orgAgg, asset.Name)) @@ -208,7 +208,7 @@ func (c *Commands) AddIconLabelPolicy(ctx context.Context, orgID string, upload func (c *Commands) RemoveIconLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-1nd0d", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-1nd0d", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -216,7 +216,7 @@ func (c *Commands) RemoveIconLabelPolicy(ctx context.Context, orgID string) (*do } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-1nd9f", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-1nd9f", "Errors.Org.LabelPolicy.NotFound") } err = c.removeAsset(ctx, orgID, existingPolicy.IconKey) @@ -237,7 +237,7 @@ func (c *Commands) RemoveIconLabelPolicy(ctx context.Context, orgID string) (*do func (c *Commands) AddLogoDarkLabelPolicy(ctx context.Context, orgID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-67Ms2", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-67Ms2", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -245,11 +245,11 @@ func (c *Commands) AddLogoDarkLabelPolicy(ctx context.Context, orgID string, upl } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-QSqcd", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-QSqcd", "Errors.Org.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "IAM-3S7fN", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "IAM-3S7fN", "Errors.Assets.Object.PutFailed") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyLogoDarkAddedEvent(ctx, orgAgg, asset.Name)) @@ -265,7 +265,7 @@ func (c *Commands) AddLogoDarkLabelPolicy(ctx context.Context, orgID string, upl func (c *Commands) RemoveLogoDarkLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-4NF0d", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4NF0d", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -273,7 +273,7 @@ func (c *Commands) RemoveLogoDarkLabelPolicy(ctx context.Context, orgID string) } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-0peQw", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-0peQw", "Errors.Org.LabelPolicy.NotFound") } err = c.removeAsset(ctx, orgID, existingPolicy.LogoDarkKey) if err != nil { @@ -293,7 +293,7 @@ func (c *Commands) RemoveLogoDarkLabelPolicy(ctx context.Context, orgID string) func (c *Commands) AddIconDarkLabelPolicy(ctx context.Context, orgID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-tzBfs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-tzBfs", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -301,11 +301,11 @@ func (c *Commands) AddIconDarkLabelPolicy(ctx context.Context, orgID string, upl } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-4Nf8s", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-4Nf8s", "Errors.Org.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "IAM-4B7cs", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "IAM-4B7cs", "Errors.Assets.Object.PutFailed") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyIconDarkAddedEvent(ctx, orgAgg, asset.Name)) @@ -321,7 +321,7 @@ func (c *Commands) AddIconDarkLabelPolicy(ctx context.Context, orgID string, upl func (c *Commands) RemoveIconDarkLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-Mv9ds", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Mv9ds", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -329,7 +329,7 @@ func (c *Commands) RemoveIconDarkLabelPolicy(ctx context.Context, orgID string) } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-3NFos", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-3NFos", "Errors.Org.LabelPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyIconDarkRemovedEvent(ctx, orgAgg, existingPolicy.IconDarkKey)) @@ -345,7 +345,7 @@ func (c *Commands) RemoveIconDarkLabelPolicy(ctx context.Context, orgID string) func (c *Commands) AddFontLabelPolicy(ctx context.Context, orgID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-1Nf9s", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-1Nf9s", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -353,11 +353,11 @@ func (c *Commands) AddFontLabelPolicy(ctx context.Context, orgID string, upload } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-2M9fs", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-2M9fs", "Errors.Org.LabelPolicy.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "ORG-2f9fw", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "ORG-2f9fw", "Errors.Assets.Object.PutFailed") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyFontAddedEvent(ctx, orgAgg, asset.Name)) @@ -373,7 +373,7 @@ func (c *Commands) AddFontLabelPolicy(ctx context.Context, orgID string, upload func (c *Commands) RemoveFontLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-2n0fW", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-2n0fW", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLabelPolicyWriteModelByID(ctx, orgID) if err != nil { @@ -381,7 +381,7 @@ func (c *Commands) RemoveFontLabelPolicy(ctx context.Context, orgID string) (*do } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-4n9SD", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-4n9SD", "Errors.Org.LabelPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLabelPolicyFontRemovedEvent(ctx, orgAgg, existingPolicy.FontKey)) @@ -397,7 +397,7 @@ func (c *Commands) RemoveFontLabelPolicy(ctx context.Context, orgID string) (*do func (c *Commands) RemoveLabelPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-Mf9sf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Mf9sf", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgLabelPolicyWriteModel(orgID) removeEvent, err := c.removeLabelPolicy(ctx, existingPolicy) @@ -421,7 +421,7 @@ func (c *Commands) removeLabelPolicy(ctx context.Context, existingPolicy *OrgLab return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound") } err = c.removeAssetsFolder(ctx, existingPolicy.AggregateID, static.ObjectTypeStyling) diff --git a/internal/command/org_policy_label_test.go b/internal/command/org_policy_label_test.go index 0a1dbc85f2..8fee5e8909 100644 --- a/internal/command/org_policy_label_test.go +++ b/internal/command/org_policy_label_test.go @@ -9,13 +9,13 @@ import ( "go.uber.org/mock/gomock" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" "github.com/zitadel/zitadel/internal/static" "github.com/zitadel/zitadel/internal/static/mock" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddLabelPolicy(t *testing.T) { @@ -52,7 +52,7 @@ func TestCommandSide_AddLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -99,7 +99,7 @@ func TestCommandSide_AddLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -220,7 +220,7 @@ func TestCommandSide_ChangeLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -241,7 +241,7 @@ func TestCommandSide_ChangeLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -289,7 +289,7 @@ func TestCommandSide_ChangeLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -422,7 +422,7 @@ func TestCommandSide_ActivateLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -438,7 +438,7 @@ func TestCommandSide_ActivateLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -523,7 +523,7 @@ func TestCommandSide_RemoveLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -539,7 +539,7 @@ func TestCommandSide_RemoveLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -637,7 +637,7 @@ func TestCommandSide_AddLogoLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -661,7 +661,7 @@ func TestCommandSide_AddLogoLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -704,7 +704,7 @@ func TestCommandSide_AddLogoLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -811,7 +811,7 @@ func TestCommandSide_RemoveLogoLabelPolicy(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -828,7 +828,7 @@ func TestCommandSide_RemoveLogoLabelPolicy(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -942,7 +942,7 @@ func TestCommandSide_AddIconLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -966,7 +966,7 @@ func TestCommandSide_AddIconLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1009,7 +1009,7 @@ func TestCommandSide_AddIconLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1115,7 +1115,7 @@ func TestCommandSide_RemoveIconLabelPolicy(t *testing.T) { orgID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1131,7 +1131,7 @@ func TestCommandSide_RemoveIconLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1244,7 +1244,7 @@ func TestCommandSide_AddLogoDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1268,7 +1268,7 @@ func TestCommandSide_AddLogoDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1311,7 +1311,7 @@ func TestCommandSide_AddLogoDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1418,7 +1418,7 @@ func TestCommandSide_RemoveLogoDarkLabelPolicy(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1435,7 +1435,7 @@ func TestCommandSide_RemoveLogoDarkLabelPolicy(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1549,7 +1549,7 @@ func TestCommandSide_AddIconDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1573,7 +1573,7 @@ func TestCommandSide_AddIconDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1616,7 +1616,7 @@ func TestCommandSide_AddIconDarkLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1721,7 +1721,7 @@ func TestCommandSide_RemoveIconDarkLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1737,7 +1737,7 @@ func TestCommandSide_RemoveIconDarkLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1849,7 +1849,7 @@ func TestCommandSide_AddFontLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1865,7 +1865,7 @@ func TestCommandSide_AddFontLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1908,7 +1908,7 @@ func TestCommandSide_AddFontLabelPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -2013,7 +2013,7 @@ func TestCommandSide_RemoveFontLabelPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2029,7 +2029,7 @@ func TestCommandSide_RemoveFontLabelPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_lockout.go b/internal/command/org_policy_lockout.go index 72dd286156..47f98d9770 100644 --- a/internal/command/org_policy_lockout.go +++ b/internal/command/org_policy_lockout.go @@ -4,20 +4,20 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.LockoutPolicy) (*domain.LockoutPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-8fJif", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-8fJif", "Errors.ResourceOwnerMissing") } addedPolicy, err := c.orgLockoutPolicyWriteModelByID(ctx, resourceOwner) if err != nil { return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-0olDf", "Errors.ORG.LockoutPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "ORG-0olDf", "Errors.ORG.LockoutPolicy.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) @@ -34,20 +34,20 @@ func (c *Commands) AddLockoutPolicy(ctx context.Context, resourceOwner string, p func (c *Commands) ChangeLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.LockoutPolicy) (*domain.LockoutPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-3J9fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-3J9fs", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLockoutPolicyWriteModelByID(ctx, resourceOwner) if err != nil { return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-ADfs1", "Errors.Org.LockoutPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-ADfs1", "Errors.Org.LockoutPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LockoutPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.MaxPasswordAttempts, policy.ShowLockOutFailures) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-0JFSr", "Errors.Org.LockoutPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-0JFSr", "Errors.Org.LockoutPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -63,14 +63,14 @@ func (c *Commands) ChangeLockoutPolicy(ctx context.Context, resourceOwner string func (c *Commands) RemoveLockoutPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-4J9fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-4J9fs", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgLockoutPolicyWriteModelByID(ctx, orgID) if err != nil { return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-D4zuz", "Errors.Org.LockoutPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-D4zuz", "Errors.Org.LockoutPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) diff --git a/internal/command/org_policy_lockout_test.go b/internal/command/org_policy_lockout_test.go index 0cb7c056de..1eda5f348c 100644 --- a/internal/command/org_policy_lockout_test.go +++ b/internal/command/org_policy_lockout_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddPasswordLockoutPolicy(t *testing.T) { @@ -48,7 +48,7 @@ func TestCommandSide_AddPasswordLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -76,7 +76,7 @@ func TestCommandSide_AddPasswordLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -167,7 +167,7 @@ func TestCommandSide_ChangePasswordLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -187,7 +187,7 @@ func TestCommandSide_ChangePasswordLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -215,7 +215,7 @@ func TestCommandSide_ChangePasswordLockoutPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -305,7 +305,7 @@ func TestCommandSide_RemovePasswordLockoutPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -321,7 +321,7 @@ func TestCommandSide_RemovePasswordLockoutPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_login.go b/internal/command/org_policy_login.go index 2c7ccbf93f..96251ad565 100644 --- a/internal/command/org_policy_login.go +++ b/internal/command/org_policy_login.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type AddLoginPolicy struct { @@ -111,7 +111,7 @@ func (c *Commands) ChangeLoginPolicy(ctx context.Context, resourceOwner string, func (c *Commands) RemoveLoginPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-55Mg9", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-55Mg9", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgLoginPolicyWriteModel(orgID) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy) @@ -119,7 +119,7 @@ func (c *Commands) RemoveLoginPolicy(ctx context.Context, orgID string) (*domain return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewLoginPolicyRemovedEvent(ctx, orgAgg)) @@ -135,17 +135,17 @@ func (c *Commands) RemoveLoginPolicy(ctx context.Context, orgID string) (*domain func (c *Commands) AddIDPToLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") } if !idpProvider.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-9nf88", "Errors.Org.LoginPolicy.IDP.") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-9nf88", "Errors.Org.LoginPolicy.IDP.") } existingPolicy, err := c.orgLoginPolicyWriteModelByID(ctx, resourceOwner) if err != nil { return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-Ffgw2", "Errors.Org.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-Ffgw2", "Errors.Org.LoginPolicy.NotFound") } var exists bool @@ -155,7 +155,7 @@ func (c *Commands) AddIDPToLoginPolicy(ctx context.Context, resourceOwner string exists, err = ExistsInstanceIDP(ctx, c.eventstore.Filter, idpProvider.IDPConfigID) } if !exists || err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "Org-3N9fs", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "Org-3N9fs", "Errors.IDPConfig.NotExisting") } idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID) err = c.eventstore.FilterToQueryReducer(ctx, idpModel) @@ -163,7 +163,7 @@ func (c *Commands) AddIDPToLoginPolicy(ctx context.Context, resourceOwner string return nil, err } if idpModel.State == domain.IdentityProviderStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.IDP.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.IDP.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&idpModel.WriteModel) @@ -178,19 +178,19 @@ func (c *Commands) AddIDPToLoginPolicy(ctx context.Context, resourceOwner string return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil } -func (c *Commands) RemoveIDPFromLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.UserIDPLink) (*domain.ObjectDetails, error) { +func (c *Commands) RemoveIDPFromLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") } if !idpProvider.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-66m9s", "Errors.Org.LoginPolicy.IDP.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-66m9s", "Errors.Org.LoginPolicy.IDP.Invalid") } existingPolicy, err := c.orgLoginPolicyWriteModelByID(ctx, resourceOwner) if err != nil { return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-GVDfe", "Errors.Org.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-GVDfe", "Errors.Org.LoginPolicy.NotFound") } idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID) @@ -199,11 +199,11 @@ func (c *Commands) RemoveIDPFromLoginPolicy(ctx context.Context, resourceOwner s return nil, err } if idpModel.State == domain.IdentityProviderStateUnspecified || idpModel.State == domain.IdentityProviderStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-39fjs", "Errors.Org.LoginPolicy.IDP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-39fjs", "Errors.Org.LoginPolicy.IDP.NotExisting") } orgAgg := OrgAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel) - events := c.removeIDPFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false, cascadeExternalIDPs...) + events := c.removeIDPFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false) pushedEvents, err := c.eventstore.Push(ctx, events...) if err != nil { @@ -237,10 +237,10 @@ func (c *Commands) removeIDPFromLoginPolicy(ctx context.Context, orgAgg *eventst func (c *Commands) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, *domain.ObjectDetails, error) { if orgID == "" { - return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") + return domain.SecondFactorTypeUnspecified, nil, zerrors.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing") } if !secondFactor.Valid() { - return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") + return domain.SecondFactorTypeUnspecified, nil, zerrors.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") } secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor) addedEvent, err := c.addSecondFactorToLoginPolicy(ctx, secondFactorModel, secondFactor) @@ -267,7 +267,7 @@ func (c *Commands) addSecondFactorToLoginPolicy(ctx context.Context, secondFacto } if secondFactorModel.State == domain.FactorStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.MFA.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.MFA.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) @@ -276,10 +276,10 @@ func (c *Commands) addSecondFactorToLoginPolicy(ctx context.Context, secondFacto func (c *Commands) RemoveSecondFactorFromLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-fM0gs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-fM0gs", "Errors.ResourceOwnerMissing") } if !secondFactor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-55n8s", "Errors.Org.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-55n8s", "Errors.Org.LoginPolicy.MFA.Unspecified") } secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor) removedEvent, err := c.removeSecondFactorFromLoginPolicy(ctx, secondFactorModel, secondFactor) @@ -304,7 +304,7 @@ func (c *Commands) removeSecondFactorFromLoginPolicy(ctx context.Context, second return nil, err } if secondFactorModel.State == domain.FactorStateUnspecified || secondFactorModel.State == domain.FactorStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting") } orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) return org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor), nil @@ -312,10 +312,10 @@ func (c *Commands) removeSecondFactorFromLoginPolicy(ctx context.Context, second func (c *Commands) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, *domain.ObjectDetails, error) { if orgID == "" { - return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing") + return domain.MultiFactorTypeUnspecified, nil, zerrors.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing") } if !multiFactor.Valid() { - return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") + return domain.MultiFactorTypeUnspecified, nil, zerrors.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") } multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor) addedEvent, err := c.addMultiFactorToLoginPolicy(ctx, multiFactorModel, multiFactor) @@ -340,7 +340,7 @@ func (c *Commands) addMultiFactorToLoginPolicy(ctx context.Context, multiFactorM return nil, err } if multiFactorModel.State == domain.FactorStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel) @@ -349,10 +349,10 @@ func (c *Commands) addMultiFactorToLoginPolicy(ctx context.Context, multiFactorM func (c *Commands) RemoveMultiFactorFromLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing") } if !multiFactor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified") } multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor) removedEvent, err := c.removeMultiFactorFromLoginPolicy(ctx, multiFactorModel, multiFactor) @@ -377,7 +377,7 @@ func (c *Commands) removeMultiFactorFromLoginPolicy(ctx context.Context, multiFa return nil, err } if multiFactorModel.State == domain.FactorStateUnspecified || multiFactorModel.State == domain.FactorStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting") } orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactorWriteModel.WriteModel) @@ -399,26 +399,26 @@ func (c *Commands) orgLoginPolicyAuthFactorsWriteModel(ctx context.Context, orgI func prepareAddLoginPolicy(a *org.Aggregate, policy *AddLoginPolicy) preparation.Validation { return func() (preparation.CreateCommands, error) { if ok := domain.ValidateDefaultRedirectURI(policy.DefaultRedirectURI); !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-WSfdq", "Errors.Org.LoginPolicy.RedirectURIInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-WSfdq", "Errors.Org.LoginPolicy.RedirectURIInvalid") } for _, factor := range policy.SecondFactors { if !factor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-SFeea", "Errors.Org.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-SFeea", "Errors.Org.LoginPolicy.MFA.Unspecified") } } for _, factor := range policy.MultiFactors { if !factor.Valid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-WSfrg", "Errors.Org.LoginPolicy.MFA.Unspecified") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-WSfrg", "Errors.Org.LoginPolicy.MFA.Unspecified") } } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { if exists, err := exists(ctx, filter, NewOrgLoginPolicyWriteModel(a.ID)); exists || err != nil { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-Dgfb2", "Errors.Org.LoginPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-Dgfb2", "Errors.Org.LoginPolicy.AlreadyExists") } for _, idp := range policy.IDPProviders { exists, err := idpExists(ctx, filter, idp) if !exists || err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "Org-FEd32", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "Org-FEd32", "Errors.IDPConfig.NotExisting") } } cmds := make([]eventstore.Command, 0, len(policy.SecondFactors)+len(policy.MultiFactors)+len(policy.IDPProviders)+1) @@ -458,7 +458,7 @@ func prepareAddLoginPolicy(a *org.Aggregate, policy *AddLoginPolicy) preparation func prepareChangeLoginPolicy(a *org.Aggregate, policy *ChangeLoginPolicy) preparation.Validation { return func() (preparation.CreateCommands, error) { if ok := domain.ValidateDefaultRedirectURI(policy.DefaultRedirectURI); !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-Sfd21", "Errors.Org.LoginPolicy.RedirectURIInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Sfd21", "Errors.Org.LoginPolicy.RedirectURIInvalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { wm := NewOrgLoginPolicyWriteModel(a.ID) @@ -466,7 +466,7 @@ func prepareChangeLoginPolicy(a *org.Aggregate, policy *ChangeLoginPolicy) prepa return nil, err } if !wm.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "Org-M0sif", "Errors.Org.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-M0sif", "Errors.Org.LoginPolicy.NotFound") } changedEvent, hasChanged := wm.NewChangedEvent(ctx, &a.Aggregate, policy.AllowUsernamePassword, @@ -487,7 +487,7 @@ func prepareChangeLoginPolicy(a *org.Aggregate, policy *ChangeLoginPolicy) prepa policy.SecondFactorCheckLifetime, policy.MultiFactorCheckLifetime) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged") } return []eventstore.Command{changedEvent}, nil }, nil diff --git a/internal/command/org_policy_login_test.go b/internal/command/org_policy_login_test.go index c04e5a7090..38026f72dc 100644 --- a/internal/command/org_policy_login_test.go +++ b/internal/command/org_policy_login_test.go @@ -8,13 +8,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" - "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -96,7 +95,7 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -190,7 +189,7 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -301,7 +300,7 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -451,7 +450,7 @@ func TestCommandSide_ChangeLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -509,7 +508,7 @@ func TestCommandSide_ChangeLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -642,7 +641,7 @@ func TestCommandSide_RemoveLoginPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -658,7 +657,7 @@ func TestCommandSide_RemoveLoginPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -761,7 +760,7 @@ func TestCommandSide_AddIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -777,7 +776,7 @@ func TestCommandSide_AddIDPProviderLoginPolicy(t *testing.T) { provider: &domain.IDPProvider{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -798,7 +797,7 @@ func TestCommandSide_AddIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -843,7 +842,7 @@ func TestCommandSide_AddIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -908,7 +907,7 @@ func TestCommandSide_AddIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -1006,10 +1005,9 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { eventstore *eventstore.Eventstore } type args struct { - ctx context.Context - resourceOwner string - provider *domain.IDPProvider - cascadeExternalIDPs []*domain.UserIDPLink + ctx context.Context + resourceOwner string + provider *domain.IDPProvider } type res struct { want *domain.ObjectDetails @@ -1037,7 +1035,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1053,7 +1051,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { provider: &domain.IDPProvider{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1072,7 +1070,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1117,7 +1115,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1174,7 +1172,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1238,7 +1236,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { }, }, { - name: "remove provider external idp not found, ok", + name: "remove provider from login policy, ok", fields: fields{ eventstore: eventstoreExpect( t, @@ -1290,93 +1288,6 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { Name: "name", Type: domain.IdentityProviderTypeOrg, }, - cascadeExternalIDPs: []*domain.UserIDPLink{ - { - ObjectRoot: models.ObjectRoot{ - AggregateID: "user1", - }, - IDPConfigID: "config1", - }, - }, - }, - res: res{ - want: &domain.ObjectDetails{ - ResourceOwner: "org1", - }, - }, - }, - { - name: "remove provider with external idps, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewLoginPolicyAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - true, - true, - true, - true, - true, - true, - true, - true, - true, - true, - domain.PasswordlessTypeAllowed, - "", - time.Hour*1, - time.Hour*2, - time.Hour*3, - time.Hour*4, - time.Hour*5, - ), - ), - ), - expectFilter( - eventFromEventPusher( - org.NewIdentityProviderAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "config1", - domain.IdentityProviderTypeOrg, - ), - ), - ), - expectFilter( - eventFromEventPusher( - user.NewUserIDPLinkAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "config1", "", "externaluser1"), - ), - ), - expectPush( - org.NewIdentityProviderRemovedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "config1", - ), - user.NewUserIDPLinkCascadeRemovedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "config1", "externaluser1", - ), - ), - ), - }, - args: args{ - ctx: context.Background(), - resourceOwner: "org1", - provider: &domain.IDPProvider{ - IDPConfigID: "config1", - }, - cascadeExternalIDPs: []*domain.UserIDPLink{ - { - ObjectRoot: models.ObjectRoot{ - AggregateID: "user1", - }, - IDPConfigID: "config1", - ExternalUserID: "externaluser1", - }, - }, }, res: res{ want: &domain.ObjectDetails{ @@ -1390,7 +1301,7 @@ func TestCommandSide_RemoveIDPProviderLoginPolicy(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } - got, err := r.RemoveIDPFromLoginPolicy(tt.args.ctx, tt.args.resourceOwner, tt.args.provider, tt.args.cascadeExternalIDPs...) + got, err := r.RemoveIDPFromLoginPolicy(tt.args.ctx, tt.args.resourceOwner, tt.args.provider) if tt.res.err == nil { assert.NoError(t, err) } @@ -1435,7 +1346,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeU2F, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1450,7 +1361,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { factor: domain.SecondFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1474,7 +1385,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -1623,7 +1534,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { factor: domain.SecondFactorTypeTOTP, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1638,7 +1549,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { factor: domain.SecondFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1655,7 +1566,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1685,7 +1596,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1715,7 +1626,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1745,7 +1656,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1889,7 +1800,7 @@ func TestCommandSide_AddMultiFactorLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeU2FWithPIN, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1904,7 +1815,7 @@ func TestCommandSide_AddMultiFactorLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1928,7 +1839,7 @@ func TestCommandSide_AddMultiFactorLoginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -2004,7 +1915,7 @@ func TestCommandSide_RemoveMultiFactorLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeU2FWithPIN, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2019,7 +1930,7 @@ func TestCommandSide_RemoveMultiFactorLoginPolicy(t *testing.T) { factor: domain.MultiFactorTypeUnspecified, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2036,7 +1947,7 @@ func TestCommandSide_RemoveMultiFactorLoginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -2066,7 +1977,7 @@ func TestCommandSide_RemoveMultiFactorLoginPolicy(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_mail_template.go b/internal/command/org_policy_mail_template.go index 28bc3a382d..9a7fa86e7a 100644 --- a/internal/command/org_policy_mail_template.go +++ b/internal/command/org_policy_mail_template.go @@ -4,16 +4,16 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M8dfs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M8dfs", "Errors.ResourceOwnerMissing") } if !policy.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3m9fs", "Errors.Org.MailTemplate.Invalid") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-3m9fs", "Errors.Org.MailTemplate.Invalid") } addedPolicy := NewOrgMailTemplateWriteModel(resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy) @@ -21,7 +21,7 @@ func (c *Commands) AddMailTemplate(ctx context.Context, resourceOwner string, po return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-9kufs", "Errors.Org.MailTemplate.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-9kufs", "Errors.Org.MailTemplate.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel) @@ -38,10 +38,10 @@ func (c *Commands) AddMailTemplate(ctx context.Context, resourceOwner string, po func (c *Commands) ChangeMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M9fFs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M9fFs", "Errors.ResourceOwnerMissing") } if !policy.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-9f9ds", "Errors.Org.MailTemplate.Invalid") + return nil, zerrors.ThrowPreconditionFailed(nil, "ORG-9f9ds", "Errors.Org.MailTemplate.Invalid") } existingPolicy := NewOrgMailTemplateWriteModel(resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy) @@ -49,13 +49,13 @@ func (c *Commands) ChangeMailTemplate(ctx context.Context, resourceOwner string, return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "Org-5m9ie", "Errors.Org.MailTemplate.NotFound") + return nil, zerrors.ThrowNotFound(nil, "Org-5m9ie", "Errors.Org.MailTemplate.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.Template) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-49hfj", "Errors.Org.MailTemplate.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-49hfj", "Errors.Org.MailTemplate.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -71,7 +71,7 @@ func (c *Commands) ChangeMailTemplate(ctx context.Context, resourceOwner string, func (c *Commands) RemoveMailTemplate(ctx context.Context, orgID string) error { if orgID == "" { - return caos_errs.ThrowInvalidArgument(nil, "Org-5Jgis", "Errors.ResourceOwnerMissing") + return zerrors.ThrowInvalidArgument(nil, "Org-5Jgis", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgMailTemplateWriteModel(orgID) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy) @@ -79,7 +79,7 @@ func (c *Commands) RemoveMailTemplate(ctx context.Context, orgID string) error { return err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailTemplate.NotFound") + return zerrors.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailTemplate.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) diff --git a/internal/command/org_policy_mail_template_test.go b/internal/command/org_policy_mail_template_test.go index ab4d1b1b9a..a7e0e2aab4 100644 --- a/internal/command/org_policy_mail_template_test.go +++ b/internal/command/org_policy_mail_template_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddMailTemplate(t *testing.T) { @@ -47,7 +47,7 @@ func TestCommandSide_AddMailTemplate(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -73,7 +73,7 @@ func TestCommandSide_AddMailTemplate(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -160,7 +160,7 @@ func TestCommandSide_ChangeMailTemplate(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -179,7 +179,7 @@ func TestCommandSide_ChangeMailTemplate(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -205,7 +205,7 @@ func TestCommandSide_ChangeMailTemplate(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -292,7 +292,7 @@ func TestCommandSide_RemoveMailTemplate(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -308,7 +308,7 @@ func TestCommandSide_RemoveMailTemplate(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_notification.go b/internal/command/org_policy_notification.go index 34613d486e..88228a7ed2 100644 --- a/internal/command/org_policy_notification.go +++ b/internal/command/org_policy_notification.go @@ -5,14 +5,14 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddNotificationPolicy(ctx context.Context, resourceOwner string, passwordChange bool) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-x801sk2i", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-x801sk2i", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddNotificationPolicy(orgAgg, passwordChange)) @@ -42,7 +42,7 @@ func prepareAddNotificationPolicy( return nil, err } if writeModel.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-xa08n2", "Errors.Org.NotificationPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-xa08n2", "Errors.Org.NotificationPolicy.AlreadyExists") } return []eventstore.Command{ org.NewNotificationPolicyAddedEvent(ctx, &a.Aggregate, passwordChange), @@ -53,7 +53,7 @@ func prepareAddNotificationPolicy( func (c *Commands) ChangeNotificationPolicy(ctx context.Context, resourceOwner string, passwordChange bool) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-x091n1g", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-x091n1g", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareChangeNotificationPolicy(orgAgg, passwordChange)) @@ -84,11 +84,11 @@ func prepareChangeNotificationPolicy( } if writeModel.State == domain.PolicyStateUnspecified || writeModel.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-x029n3", "Errors.Org.NotificationPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-x029n3", "Errors.Org.NotificationPolicy.NotFound") } change, hasChanged := writeModel.NewChangedEvent(ctx, &a.Aggregate, passwordChange) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-ioqnxz", "Errors.Org.NotificationPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-ioqnxz", "Errors.Org.NotificationPolicy.NotChanged") } return []eventstore.Command{ change, @@ -99,7 +99,7 @@ func prepareChangeNotificationPolicy( func (c *Commands) RemoveNotificationPolicy(ctx context.Context, resourceOwner string) (*domain.ObjectDetails, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-x89ns2", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-x89ns2", "Errors.ResourceOwnerMissing") } orgAgg := org.NewAggregate(resourceOwner) cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareRemoveNotificationPolicy(orgAgg)) @@ -129,7 +129,7 @@ func prepareRemoveNotificationPolicy( } if writeModel.State == domain.PolicyStateUnspecified || writeModel.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-x029n1s", "Errors.Org.NotificationPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-x029n1s", "Errors.Org.NotificationPolicy.NotFound") } return []eventstore.Command{ org.NewNotificationPolicyRemovedEvent(ctx, &a.Aggregate), diff --git a/internal/command/org_policy_notification_test.go b/internal/command/org_policy_notification_test.go index 5b780b892a..5f8f4f49c4 100644 --- a/internal/command/org_policy_notification_test.go +++ b/internal/command/org_policy_notification_test.go @@ -7,10 +7,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddNotificationPolicy(t *testing.T) { @@ -45,7 +45,7 @@ func TestCommandSide_AddNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -69,7 +69,7 @@ func TestCommandSide_AddNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -173,7 +173,7 @@ func TestCommandSide_ChangeNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -190,7 +190,7 @@ func TestCommandSide_ChangeNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -214,7 +214,7 @@ func TestCommandSide_ChangeNotificationPolicy(t *testing.T) { passwordChange: true, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -295,7 +295,7 @@ func TestCommandSide_RemoveNotificationPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -311,7 +311,7 @@ func TestCommandSide_RemoveNotificationPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_password_age.go b/internal/command/org_policy_password_age.go index b390f309a5..cc139cc79f 100644 --- a/internal/command/org_policy_password_age.go +++ b/internal/command/org_policy_password_age.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddPasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M9fsd", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M9fsd", "Errors.ResourceOwnerMissing") } addedPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy) @@ -18,7 +18,7 @@ func (c *Commands) AddPasswordAgePolicy(ctx context.Context, resourceOwner strin return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-Lk0dS", "Errors.Org.PasswordAgePolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "ORG-Lk0dS", "Errors.Org.PasswordAgePolicy.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) @@ -35,7 +35,7 @@ func (c *Commands) AddPasswordAgePolicy(ctx context.Context, resourceOwner strin func (c *Commands) ChangePasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-57tGs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-57tGs", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy) @@ -43,13 +43,13 @@ func (c *Commands) ChangePasswordAgePolicy(ctx context.Context, resourceOwner st return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-0oPew", "Errors.Org.PasswordAgePolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-0oPew", "Errors.Org.PasswordAgePolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.ExpireWarnDays, policy.MaxAgeDays) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -65,7 +65,7 @@ func (c *Commands) ChangePasswordAgePolicy(ctx context.Context, resourceOwner st func (c *Commands) RemovePasswordAgePolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M58wd", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-M58wd", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgPasswordAgePolicyWriteModel(orgID) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy) @@ -73,7 +73,7 @@ func (c *Commands) RemovePasswordAgePolicy(ctx context.Context, orgID string) (* return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, org.NewPasswordAgePolicyRemovedEvent(ctx, orgAgg)) diff --git a/internal/command/org_policy_password_age_test.go b/internal/command/org_policy_password_age_test.go index 79b703a992..6100533871 100644 --- a/internal/command/org_policy_password_age_test.go +++ b/internal/command/org_policy_password_age_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddPasswordAgePolicy(t *testing.T) { @@ -48,7 +48,7 @@ func TestCommandSide_AddPasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -76,7 +76,7 @@ func TestCommandSide_AddPasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -167,7 +167,7 @@ func TestCommandSide_ChangePasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -187,7 +187,7 @@ func TestCommandSide_ChangePasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -215,7 +215,7 @@ func TestCommandSide_ChangePasswordAgePolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -305,7 +305,7 @@ func TestCommandSide_RemovePasswordAgePolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -321,7 +321,7 @@ func TestCommandSide_RemovePasswordAgePolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_password_complexity.go b/internal/command/org_policy_password_complexity.go index 4c7b7df3f1..932b598afc 100644 --- a/internal/command/org_policy_password_complexity.go +++ b/internal/command/org_policy_password_complexity.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) getOrgPasswordComplexityPolicy(ctx context.Context, orgID string) (*domain.PasswordComplexityPolicy, error) { @@ -30,7 +30,7 @@ func (c *Commands) orgPasswordComplexityPolicyWriteModelByID(ctx context.Context func (c *Commands) AddPasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-7ufEs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-7ufEs", "Errors.ResourceOwnerMissing") } if err := policy.IsValid(); err != nil { return nil, err @@ -41,7 +41,7 @@ func (c *Commands) AddPasswordComplexityPolicy(ctx context.Context, resourceOwne return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-LdhbS", "Errors.Org.PasswordComplexityPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-LdhbS", "Errors.Org.PasswordComplexityPolicy.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) @@ -67,7 +67,7 @@ func (c *Commands) AddPasswordComplexityPolicy(ctx context.Context, resourceOwne func (c *Commands) ChangePasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-3J8fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-3J8fs", "Errors.ResourceOwnerMissing") } if err := policy.IsValid(); err != nil { return nil, err @@ -79,13 +79,13 @@ func (c *Commands) ChangePasswordComplexityPolicy(ctx context.Context, resourceO return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Dgs3g", "Errors.Org.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Dgs3g", "Errors.Org.PasswordComplexityPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -101,7 +101,7 @@ func (c *Commands) ChangePasswordComplexityPolicy(ctx context.Context, resourceO func (c *Commands) RemovePasswordComplexityPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-J8fsf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-J8fsf", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgPasswordComplexityPolicyWriteModel(orgID) event, err := c.removePasswordComplexityPolicy(ctx, existingPolicy) @@ -125,7 +125,7 @@ func (c *Commands) removePasswordComplexityPolicy(ctx context.Context, existingP return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) return org.NewPasswordComplexityPolicyRemovedEvent(ctx, orgAgg), nil diff --git a/internal/command/org_policy_password_complexity_test.go b/internal/command/org_policy_password_complexity_test.go index 93b73170eb..955b3bedf6 100644 --- a/internal/command/org_policy_password_complexity_test.go +++ b/internal/command/org_policy_password_complexity_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddPasswordComplexityPolicy(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_AddPasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -82,7 +82,7 @@ func TestCommandSide_AddPasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -182,7 +182,7 @@ func TestCommandSide_ChangePasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -205,7 +205,7 @@ func TestCommandSide_ChangePasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -236,7 +236,7 @@ func TestCommandSide_ChangePasswordComplexityPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -332,7 +332,7 @@ func TestCommandSide_RemovePasswordComplexityPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -348,7 +348,7 @@ func TestCommandSide_RemovePasswordComplexityPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_policy_privacy.go b/internal/command/org_policy_privacy.go index 04f730f8f1..c4cf6f4591 100644 --- a/internal/command/org_policy_privacy.go +++ b/internal/command/org_policy_privacy.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) getOrgPrivacyPolicy(ctx context.Context, orgID string) (*domain.PrivacyPolicy, error) { @@ -38,7 +38,7 @@ func (c *Commands) AddPrivacyPolicy(ctx context.Context, resourceOwner string, p } if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-MMk9fs", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-MMk9fs", "Errors.ResourceOwnerMissing") } addedPolicy := NewOrgPrivacyPolicyWriteModel(resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy) @@ -46,7 +46,7 @@ func (c *Commands) AddPrivacyPolicy(ctx context.Context, resourceOwner string, p return nil, err } if addedPolicy.State == domain.PolicyStateActive { - return nil, caos_errs.ThrowAlreadyExists(nil, "Org-0oLpd", "Errors.Org.PrivacyPolicy.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "Org-0oLpd", "Errors.Org.PrivacyPolicy.AlreadyExists") } orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) @@ -79,7 +79,7 @@ func (c *Commands) ChangePrivacyPolicy(ctx context.Context, resourceOwner string } if resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-22N89f", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-22N89f", "Errors.ResourceOwnerMissing") } existingPolicy, err := c.orgPrivacyPolicyWriteModelByID(ctx, resourceOwner) @@ -87,13 +87,13 @@ func (c *Commands) ChangePrivacyPolicy(ctx context.Context, resourceOwner string return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Ng8sf", "Errors.Org.PrivacyPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Ng8sf", "Errors.Org.PrivacyPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PrivacyPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.TOSLink, policy.PrivacyLink, policy.HelpLink, policy.SupportEmail) if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4N9fs", "Errors.Org.PrivacyPolicy.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "Org-4N9fs", "Errors.Org.PrivacyPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -109,7 +109,7 @@ func (c *Commands) ChangePrivacyPolicy(ctx context.Context, resourceOwner string func (c *Commands) RemovePrivacyPolicy(ctx context.Context, orgID string) (*domain.ObjectDetails, error) { if orgID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "Org-Nf9sf", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "Org-Nf9sf", "Errors.ResourceOwnerMissing") } existingPolicy := NewOrgPrivacyPolicyWriteModel(orgID) event, err := c.removePrivacyPolicy(ctx, existingPolicy) @@ -133,7 +133,7 @@ func (c *Commands) removePrivacyPolicy(ctx context.Context, existingPolicy *OrgP return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "ORG-Ze9gs", "Errors.Org.PrivacyPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "ORG-Ze9gs", "Errors.Org.PrivacyPolicy.NotFound") } orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) return org.NewPrivacyPolicyRemovedEvent(ctx, orgAgg), nil diff --git a/internal/command/org_policy_privacy_test.go b/internal/command/org_policy_privacy_test.go index bc5e448850..3b251326d8 100644 --- a/internal/command/org_policy_privacy_test.go +++ b/internal/command/org_policy_privacy_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddPrivacyPolicy(t *testing.T) { @@ -50,7 +50,7 @@ func TestCommandSide_AddPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -82,7 +82,7 @@ func TestCommandSide_AddPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -143,7 +143,7 @@ func TestCommandSide_AddPrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -242,7 +242,7 @@ func TestCommandSide_ChangePrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -264,7 +264,7 @@ func TestCommandSide_ChangePrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -296,7 +296,7 @@ func TestCommandSide_ChangePrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -312,7 +312,7 @@ func TestCommandSide_ChangePrivacyPolicy(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -452,7 +452,7 @@ func TestCommandSide_RemovePrivacyPolicy(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -468,7 +468,7 @@ func TestCommandSide_RemovePrivacyPolicy(t *testing.T) { orgID: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/org_test.go b/internal/command/org_test.go index abaeb8d351..12199a998f 100644 --- a/internal/command/org_test.go +++ b/internal/command/org_test.go @@ -13,7 +13,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -21,6 +20,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAddOrg(t *testing.T) { @@ -44,7 +44,7 @@ func TestAddOrg(t *testing.T) { name: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"), }, }, { @@ -106,7 +106,7 @@ func TestCommandSide_AddOrg(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -123,7 +123,7 @@ func TestCommandSide_AddOrg(t *testing.T) { name: " ", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -141,7 +141,7 @@ func TestCommandSide_AddOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", true, @@ -167,7 +167,7 @@ func TestCommandSide_AddOrg(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -185,7 +185,7 @@ func TestCommandSide_AddOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", true, @@ -193,7 +193,7 @@ func TestCommandSide_AddOrg(t *testing.T) { ), ), expectFilterOrgMemberNotFound(), - expectPushFailed(errors.ThrowAlreadyExists(nil, "id", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "id", "internal"), org.NewOrgAddedEvent( context.Background(), &org.NewAggregate("org2").Aggregate, @@ -235,7 +235,7 @@ func TestCommandSide_AddOrg(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -253,7 +253,7 @@ func TestCommandSide_AddOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", true, @@ -261,7 +261,7 @@ func TestCommandSide_AddOrg(t *testing.T) { ), ), expectFilterOrgMemberNotFound(), - expectPushFailed(errors.ThrowInternal(nil, "id", "internal"), + expectPushFailed(zerrors.ThrowInternal(nil, "id", "internal"), org.NewOrgAddedEvent( context.Background(), &org.NewAggregate("org2").Aggregate, @@ -303,7 +303,7 @@ func TestCommandSide_AddOrg(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -321,7 +321,7 @@ func TestCommandSide_AddOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", true, @@ -392,7 +392,7 @@ func TestCommandSide_AddOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", true, @@ -500,7 +500,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -516,7 +516,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { name: " ", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -533,7 +533,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { name: "org", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -556,7 +556,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { name: " org ", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -573,7 +573,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { ), expectFilter(), expectPushFailed( - errors.ThrowInternal(nil, "id", "message"), + zerrors.ThrowInternal(nil, "id", "message"), org.NewOrgChangedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "org", "neworg", ), @@ -586,7 +586,7 @@ func TestCommandSide_ChangeOrg(t *testing.T) { name: "neworg", }, res: res{ - err: errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -751,7 +751,7 @@ func TestCommandSide_DeactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -777,7 +777,7 @@ func TestCommandSide_DeactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -793,7 +793,7 @@ func TestCommandSide_DeactivateOrg(t *testing.T) { ), ), expectPushFailed( - errors.ThrowInternal(nil, "id", "message"), + zerrors.ThrowInternal(nil, "id", "message"), org.NewOrgDeactivatedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, ), @@ -805,7 +805,7 @@ func TestCommandSide_DeactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -884,7 +884,7 @@ func TestCommandSide_ReactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -906,7 +906,7 @@ func TestCommandSide_ReactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -927,7 +927,7 @@ func TestCommandSide_ReactivateOrg(t *testing.T) { ), ), expectPushFailed( - errors.ThrowInternal(nil, "id", "message"), + zerrors.ThrowInternal(nil, "id", "message"), org.NewOrgReactivatedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, ), @@ -939,7 +939,7 @@ func TestCommandSide_ReactivateOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1019,7 +1019,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { orgID: "defaultOrgID", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1045,7 +1045,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1062,7 +1062,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1093,7 +1093,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { expectFilter(), expectFilter(), expectPushFailed( - errors.ThrowInternal(nil, "id", "message"), + zerrors.ThrowInternal(nil, "id", "message"), org.NewOrgRemovedEvent( context.Background(), &org.NewAggregate("org1").Aggregate, "org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{}, ), @@ -1105,7 +1105,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { orgID: "org1", }, res: res{ - err: errors.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -1181,7 +1181,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) { "lastname1", "nickname1", "displayname1", - language.German, + language.English, domain.GenderMale, "email1", false, @@ -1292,7 +1292,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) { }, }, res: res{ - err: errors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"), + err: zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"), }, }, { @@ -1315,7 +1315,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) { }, }, res: res{ - err: errors.ThrowPreconditionFailed(nil, "ORG-GoXOn", "Errors.User.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "ORG-GoXOn", "Errors.User.NotFound"), }, }, { @@ -1346,7 +1346,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) { allowInitialMail: true, }, res: res{ - err: errors.ThrowInvalidArgument(nil, "V2-zzad3", "Errors.Invalid.Argument"), + err: zerrors.ThrowInvalidArgument(nil, "V2-zzad3", "Errors.Invalid.Argument"), }, }, { diff --git a/internal/command/phone_test.go b/internal/command/phone_test.go index 0dda258913..521068d1b4 100644 --- a/internal/command/phone_test.go +++ b/internal/command/phone_test.go @@ -4,7 +4,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestFormatPhoneNumber(t *testing.T) { @@ -22,7 +22,7 @@ func TestFormatPhoneNumber(t *testing.T) { args: args{ number: "PhoneNumber", }, - errFunc: errors.IsErrorInvalidArgument, + errFunc: zerrors.IsErrorInvalidArgument, }, { name: "format phone +4171 xxx xx xx", diff --git a/internal/command/policy_password_complexity_model.go b/internal/command/policy_password_complexity_model.go index 197ae7ac7c..ad8c3b11ec 100644 --- a/internal/command/policy_password_complexity_model.go +++ b/internal/command/policy_password_complexity_model.go @@ -4,9 +4,9 @@ import ( "regexp" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -62,23 +62,23 @@ func (wm *PasswordComplexityPolicyWriteModel) Reduce() error { func (wm *PasswordComplexityPolicyWriteModel) Validate(password string) error { if wm.MinLength != 0 && uint64(len(password)) < wm.MinLength { - return errors.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") + return zerrors.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") } if wm.HasLowercase && !hasStringLowerCase(password) { - return errors.ThrowInvalidArgument(nil, "COMMA-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") + return zerrors.ThrowInvalidArgument(nil, "COMMA-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") } if wm.HasUppercase && !hasStringUpperCase(password) { - return errors.ThrowInvalidArgument(nil, "COMMA-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") + return zerrors.ThrowInvalidArgument(nil, "COMMA-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") } if wm.HasNumber && !hasNumber(password) { - return errors.ThrowInvalidArgument(nil, "COMMA-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") + return zerrors.ThrowInvalidArgument(nil, "COMMA-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") } if wm.HasSymbol && !hasSymbol(password) { - return errors.ThrowInvalidArgument(nil, "COMMA-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") + return zerrors.ThrowInvalidArgument(nil, "COMMA-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") } return nil } diff --git a/internal/command/preparation/command.go b/internal/command/preparation/command.go index ce383cb8df..f407ca6f8b 100644 --- a/internal/command/preparation/command.go +++ b/internal/command/preparation/command.go @@ -3,8 +3,8 @@ package preparation import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) // Validation of the input values of the command and if correct returns @@ -21,7 +21,7 @@ type FilterToQueryReducer func(ctx context.Context, queryFactory *eventstore.Sea var ( //ErrNotExecutable is thrown if no command creator was created - ErrNotExecutable = errors.ThrowInvalidArgument(nil, "PREPA-pH70n", "Errors.Internal") + ErrNotExecutable = zerrors.ThrowInvalidArgument(nil, "PREPA-pH70n", "Errors.Internal") ) // PrepareCommands checks the passed validations and if ok creates the commands diff --git a/internal/command/project.go b/internal/command/project.go index a561daa90a..6837fabd90 100644 --- a/internal/command/project.go +++ b/internal/command/project.go @@ -8,9 +8,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddProjectWithID(ctx context.Context, project *domain.Project, resourceOwner, projectID string) (_ *domain.Project, err error) { @@ -19,14 +19,14 @@ func (c *Commands) AddProjectWithID(ctx context.Context, project *domain.Project return nil, err } if existingProject.State != domain.ProjectStateUnspecified { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting") } return c.addProjectWithID(ctx, project, resourceOwner, projectID) } func (c *Commands) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) { if !project.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") } projectID, err := c.idGenerator.Next() @@ -66,7 +66,7 @@ func (c *Commands) addProjectWithID(ctx context.Context, projectAdd *domain.Proj func (c *Commands) addProjectWithIDWithOwner(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID, projectID string) (_ *domain.Project, err error) { if !projectAdd.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") } projectAdd.AggregateID = projectID addedProject := NewProjectWriteModel(projectAdd.AggregateID, resourceOwner) @@ -107,13 +107,13 @@ func AddProjectCommand( ) preparation.Validation { return func() (preparation.CreateCommands, error) { if name = strings.TrimSpace(name); name == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-C01yo", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-C01yo", "Errors.Invalid.Argument") } if !privateLabelingSetting.Valid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-AO52V", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-AO52V", "Errors.Invalid.Argument") } if owner == "" { - return nil, errors.ThrowPreconditionFailed(nil, "PROJE-hzxwo", "Errors.Invalid.Argument") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJE-hzxwo", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return []eventstore.Command{ @@ -153,7 +153,7 @@ func (c *Commands) getProjectByID(ctx context.Context, projectID, resourceOwner return nil, err } if projectWriteModel.State == domain.ProjectStateUnspecified || projectWriteModel.State == domain.ProjectStateRemoved { - return nil, errors.ThrowNotFound(nil, "PROJECT-Gd2hh", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "PROJECT-Gd2hh", "Errors.Project.NotFound") } return projectWriteModelToProject(projectWriteModel), nil } @@ -164,14 +164,14 @@ func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOw return err } if projectWriteModel.State == domain.ProjectStateUnspecified || projectWriteModel.State == domain.ProjectStateRemoved { - return errors.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound") } return nil } func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Project, resourceOwner string) (*domain.Project, error) { if !projectChange.IsValid() || projectChange.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid") } existingProject, err := c.getProjectWriteModelByID(ctx, projectChange.AggregateID, resourceOwner) @@ -179,7 +179,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj return nil, err } if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") } projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) @@ -195,7 +195,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -210,7 +210,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj func (c *Commands) DeactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || resourceOwner == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing") } existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner) @@ -218,10 +218,10 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso return nil, err } if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-112M9", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-112M9", "Errors.Project.NotFound") } if existingProject.State != domain.ProjectStateActive { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive") } projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) @@ -238,7 +238,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso func (c *Commands) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || resourceOwner == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing") } existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner) @@ -246,10 +246,10 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso return nil, err } if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") } if existingProject.State != domain.ProjectStateInactive { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive") } projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) @@ -266,7 +266,7 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) (*domain.ObjectDetails, error) { if projectID == "" || resourceOwner == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing") } existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner) @@ -274,7 +274,7 @@ func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner s return nil, err } if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") } samlEntityIDsAgg, err := c.getSAMLEntityIdsWriteModelByProjectID(ctx, projectID, resourceOwner) diff --git a/internal/command/project_application.go b/internal/command/project_application.go index 3929be9e74..700f3f68eb 100644 --- a/internal/command/project_application.go +++ b/internal/command/project_application.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) type AddApp struct { @@ -22,7 +22,7 @@ func (c *Commands) newAppClientSecret(ctx context.Context, filter preparation.Fi func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || appChange.GetAppID() == "" || appChange.GetApplicationName() == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.App.Invalid") } existingApp, err := c.getApplicationWriteModel(ctx, projectID, appChange.GetAppID(), resourceOwner) @@ -30,10 +30,10 @@ func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appC return nil, err } if existingApp.State == domain.AppStateUnspecified || existingApp.State == domain.AppStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-28di9", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-28di9", "Errors.Project.App.NotExisting") } if existingApp.Name == appChange.GetApplicationName() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound") } projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) pushedEvents, err := c.eventstore.Push( @@ -51,7 +51,7 @@ func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appC func (c *Commands) DeactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || appID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-88fi0", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-88fi0", "Errors.IDMissing") } existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) @@ -59,10 +59,10 @@ func (c *Commands) DeactivateApplication(ctx context.Context, projectID, appID, return nil, err } if existingApp.State == domain.AppStateUnspecified || existingApp.State == domain.AppStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ov9d3", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ov9d3", "Errors.Project.App.NotExisting") } if existingApp.State != domain.AppStateActive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive") } projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, project.NewApplicationDeactivatedEvent(ctx, projectAgg, appID)) @@ -78,7 +78,7 @@ func (c *Commands) DeactivateApplication(ctx context.Context, projectID, appID, func (c *Commands) ReactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || appID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-983dF", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-983dF", "Errors.IDMissing") } existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) @@ -86,10 +86,10 @@ func (c *Commands) ReactivateApplication(ctx context.Context, projectID, appID, return nil, err } if existingApp.State == domain.AppStateUnspecified || existingApp.State == domain.AppStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ov9d3", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ov9d3", "Errors.Project.App.NotExisting") } if existingApp.State != domain.AppStateInactive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1n8cM", "Errors.Project.App.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1n8cM", "Errors.Project.App.NotInactive") } projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) @@ -106,7 +106,7 @@ func (c *Commands) ReactivateApplication(ctx context.Context, projectID, appID, func (c *Commands) RemoveApplication(ctx context.Context, projectID, appID, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || appID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-1b7Jf", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-1b7Jf", "Errors.IDMissing") } existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) @@ -114,7 +114,7 @@ func (c *Commands) RemoveApplication(ctx context.Context, projectID, appID, reso return nil, err } if existingApp.State == domain.AppStateUnspecified || existingApp.State == domain.AppStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-0po9s", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-0po9s", "Errors.Project.App.NotExisting") } projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) diff --git a/internal/command/project_application_api.go b/internal/command/project_application_api.go index 16ff044db9..cbbfb87ea3 100644 --- a/internal/command/project_application_api.go +++ b/internal/command/project_application_api.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" project_repo "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type addAPIApp struct { @@ -27,20 +27,20 @@ type addAPIApp struct { func (c *Commands) AddAPIAppCommand(app *addAPIApp, clientSecretAlg crypto.HashAlgorithm) preparation.Validation { return func() (preparation.CreateCommands, error) { if app.ID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-XHsKt", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-XHsKt", "Errors.Invalid.Argument") } if app.Name = strings.TrimSpace(app.Name); app.Name == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-F7g21", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-F7g21", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { project, err := projectWriteModel(ctx, filter, app.Aggregate.ID, app.Aggregate.ResourceOwner) if err != nil || !project.State.Valid() { - return nil, errors.ThrowNotFound(err, "PROJE-Sf2gb", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(err, "PROJE-Sf2gb", "Errors.Project.NotFound") } app.ClientID, err = domain.NewClientID(c.idGenerator, project.Name) if err != nil { - return nil, errors.ThrowInternal(err, "V2-f0pgP", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V2-f0pgP", "Errors.Internal") } if app.AuthMethodType == domain.APIAuthMethodTypeBasic { @@ -77,11 +77,11 @@ func (c *Commands) AddAPIApplicationWithID(ctx context.Context, apiApp *domain.A return nil, err } if existingAPI.State != domain.AppStateUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-mabu12", "Errors.Project.App.AlreadyExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-mabu12", "Errors.Project.App.AlreadyExisting") } project, err := c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "PROJECT-9fnsa", "Errors.Project.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-9fnsa", "Errors.Project.NotFound") } return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, project, appID, appSecretGenerator) @@ -89,15 +89,15 @@ func (c *Commands) AddAPIApplicationWithID(ctx context.Context, apiApp *domain.A func (c *Commands) AddAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string, appSecretGenerator crypto.Generator) (_ *domain.APIApp, err error) { if apiApp == nil || apiApp.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-5m9E", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-5m9E", "Errors.Project.App.Invalid") } project, err := c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "PROJECT-9fnsf", "Errors.Project.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-9fnsf", "Errors.Project.NotFound") } if !apiApp.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-Bff2g", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-Bff2g", "Errors.Project.App.Invalid") } appID, err := c.idGenerator.Next() @@ -150,7 +150,7 @@ func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.A func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (*domain.APIApp, error) { if apiApp.AppID == "" || apiApp.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-1m900", "Errors.Project.App.APIConfigInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-1m900", "Errors.Project.App.APIConfigInvalid") } existingAPI, err := c.getAPIAppWriteModel(ctx, apiApp.AggregateID, apiApp.AppID, resourceOwner) @@ -158,10 +158,10 @@ func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIA return nil, err } if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") } if !existingAPI.IsAPI() { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Gnwt3", "Errors.Project.App.IsNotAPI") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Gnwt3", "Errors.Project.App.IsNotAPI") } projectAgg := ProjectAggregateFromWriteModel(&existingAPI.WriteModel) changedEvent, hasChanged, err := existingAPI.NewChangedEvent( @@ -173,7 +173,7 @@ func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIA return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -190,7 +190,7 @@ func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIA func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string, appSecretGenerator crypto.Generator) (*domain.APIApp, error) { if projectID == "" || appID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing") } existingAPI, err := c.getAPIAppWriteModel(ctx, projectID, appID, resourceOwner) @@ -198,10 +198,10 @@ func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, ap return nil, err } if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") } if !existingAPI.IsAPI() { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-aeH4", "Errors.Project.App.IsNotAPI") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-aeH4", "Errors.Project.App.IsNotAPI") } cryptoSecret, stringPW, err := domain.NewClientSecret(appSecretGenerator) if err != nil { @@ -233,13 +233,13 @@ func (c *Commands) VerifyAPIClientSecret(ctx context.Context, projectID, appID, return err } if !app.State.Exists() { - return errors.ThrowPreconditionFailed(nil, "COMMAND-DFnbf", "Errors.Project.App.NoExisting") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-DFnbf", "Errors.Project.App.NoExisting") } if !app.IsAPI() { - return errors.ThrowInvalidArgument(nil, "COMMAND-Bf3fw", "Errors.Project.App.IsNotAPI") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Bf3fw", "Errors.Project.App.IsNotAPI") } if app.ClientSecret == nil { - return errors.ThrowPreconditionFailed(nil, "COMMAND-D3t5g", "Errors.Project.App.APIConfigInvalid") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D3t5g", "Errors.Project.App.APIConfigInvalid") } projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel) @@ -252,7 +252,7 @@ func (c *Commands) VerifyAPIClientSecret(ctx context.Context, projectID, appID, } _, err = c.eventstore.Push(ctx, project_repo.NewAPIConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID)) logging.Log("COMMAND-g3f12").OnError(err).Error("could not push event APIClientSecretCheckFailed") - return errors.ThrowInvalidArgument(nil, "COMMAND-SADfg", "Errors.Project.App.ClientSecretInvalid") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-SADfg", "Errors.Project.App.ClientSecretInvalid") } func (c *Commands) getAPIAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*APIApplicationWriteModel, error) { diff --git a/internal/command/project_application_api_test.go b/internal/command/project_application_api_test.go index 06cfa449c9..f5d8fb7836 100644 --- a/internal/command/project_application_api_test.go +++ b/internal/command/project_application_api_test.go @@ -9,12 +9,12 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAddAPIConfig(t *testing.T) { @@ -46,7 +46,7 @@ func TestAddAPIConfig(t *testing.T) { name: "name", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-XHsKt", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-XHsKt", "Errors.Invalid.Argument"), }, }, { @@ -58,7 +58,7 @@ func TestAddAPIConfig(t *testing.T) { name: "", }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-F7g21", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-F7g21", "Errors.Invalid.Argument"), }, }, { @@ -75,7 +75,7 @@ func TestAddAPIConfig(t *testing.T) { Filter(), }, want: Want{ - CreateErr: errors.ThrowNotFound(nil, "PROJE-Sf2gb", "Errors.Project.NotFound"), + CreateErr: zerrors.ThrowNotFound(nil, "PROJE-Sf2gb", "Errors.Project.NotFound"), }, }, { @@ -177,7 +177,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -200,7 +200,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -230,7 +230,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -408,7 +408,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -431,7 +431,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -454,7 +454,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -494,7 +494,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -613,7 +613,7 @@ func TestCommandSide_ChangeAPIApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -630,7 +630,7 @@ func TestCommandSide_ChangeAPIApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -648,7 +648,7 @@ func TestCommandSide_ChangeAPIApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_application_key.go b/internal/command/project_application_key.go index 81fad14e00..1b791c2670 100644 --- a/internal/command/project_application_key.go +++ b/internal/command/project_application_key.go @@ -4,9 +4,9 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddApplicationKeyWithID(ctx context.Context, key *domain.ApplicationKey, resourceOwner string) (_ *domain.ApplicationKey, err error) { @@ -15,28 +15,28 @@ func (c *Commands) AddApplicationKeyWithID(ctx context.Context, key *domain.Appl return nil, err } if writeModel.State != domain.AppStateUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-so20alo", "Errors.Project.App.Key.AlreadyExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-so20alo", "Errors.Project.App.Key.AlreadyExisting") } application, err := c.getApplicationWriteModel(ctx, key.AggregateID, key.ApplicationID, resourceOwner) if err != nil { return nil, err } if !application.State.Exists() { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-sak24", "Errors.Project.App.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-sak24", "Errors.Project.App.NotFound") } return c.addApplicationKey(ctx, key, resourceOwner) } func (c *Commands) AddApplicationKey(ctx context.Context, key *domain.ApplicationKey, resourceOwner string) (_ *domain.ApplicationKey, err error) { if key.AggregateID == "" || key.ApplicationID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-55m9fs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-55m9fs", "Errors.IDMissing") } application, err := c.getApplicationWriteModel(ctx, key.AggregateID, key.ApplicationID, resourceOwner) if err != nil { return nil, err } if !application.State.Exists() { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-sak25", "Errors.Project.App.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-sak25", "Errors.Project.App.NotFound") } key.KeyID, err = c.idGenerator.Next() if err != nil { @@ -55,7 +55,7 @@ func (c *Commands) addApplicationKey(ctx context.Context, key *domain.Applicatio } if !keyWriteModel.KeysAllowed { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-Dff54", "Errors.Project.App.AuthMethodNoPrivateKeyJWT") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Dff54", "Errors.Project.App.AuthMethodNoPrivateKeyJWT") } if err := domain.EnsureValidExpirationDate(key); err != nil { @@ -102,7 +102,7 @@ func (c *Commands) RemoveApplicationKey(ctx context.Context, projectID, applicat return nil, err } if !keyWriteModel.State.Exists() { - return nil, errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.Project.App.Key.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.Project.App.Key.NotFound") } pushedEvents, err := c.eventstore.Push(ctx, project.NewApplicationKeyRemovedEvent(ctx, ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID)) @@ -118,7 +118,7 @@ func (c *Commands) RemoveApplicationKey(ctx context.Context, projectID, applicat func (c *Commands) applicationKeyWriteModelByID(ctx context.Context, projectID, appID, keyID, resourceOwner string) (writeModel *ApplicationKeyWriteModel, err error) { if appID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-029sn", "Errors.Project.App.NotFound") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-029sn", "Errors.Project.App.NotFound") } ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() diff --git a/internal/command/project_application_key_test.go b/internal/command/project_application_key_test.go index 12aab721f5..907b352a7a 100644 --- a/internal/command/project_application_key_test.go +++ b/internal/command/project_application_key_test.go @@ -7,12 +7,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddAPIApplicationKey(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -71,7 +71,7 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -93,7 +93,7 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -139,7 +139,7 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -186,7 +186,7 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, } diff --git a/internal/command/project_application_oidc.go b/internal/command/project_application_oidc.go index 2d14ecf3ad..32989e0a58 100644 --- a/internal/command/project_application_oidc.go +++ b/internal/command/project_application_oidc.go @@ -11,10 +11,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" project_repo "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type addOIDCApp struct { @@ -44,36 +44,36 @@ type addOIDCApp struct { func (c *Commands) AddOIDCAppCommand(app *addOIDCApp, clientSecretAlg crypto.HashAlgorithm) preparation.Validation { return func() (preparation.CreateCommands, error) { if app.ID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-NnavI", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-NnavI", "Errors.Invalid.Argument") } if app.Name = strings.TrimSpace(app.Name); app.Name == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJE-Fef31", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJE-Fef31", "Errors.Invalid.Argument") } if app.ClockSkew > time.Second*5 || app.ClockSkew < 0 { - return nil, errors.ThrowInvalidArgument(nil, "V2-PnCMS", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-PnCMS", "Errors.Invalid.Argument") } for _, origin := range app.AdditionalOrigins { if !http_util.IsOrigin(origin) { - return nil, errors.ThrowInvalidArgument(nil, "V2-DqWPX", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-DqWPX", "Errors.Invalid.Argument") } } if !domain.ContainsRequiredGrantTypes(app.ResponseTypes, app.GrantTypes) { - return nil, errors.ThrowInvalidArgument(nil, "V2-sLpW1", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-sLpW1", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) (_ []eventstore.Command, err error) { project, err := projectWriteModel(ctx, filter, app.Aggregate.ID, app.Aggregate.ResourceOwner) if err != nil || !project.State.Valid() { - return nil, errors.ThrowNotFound(err, "PROJE-6swVG", "Errors.Project.NotFound") + return nil, zerrors.ThrowNotFound(err, "PROJE-6swVG", "Errors.Project.NotFound") } app.ClientID, err = domain.NewClientID(c.idGenerator, project.Name) if err != nil { - return nil, errors.ThrowInternal(err, "V2-VMSQ1", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V2-VMSQ1", "Errors.Internal") } if app.AuthMethodType == domain.OIDCAuthMethodTypeBasic || app.AuthMethodType == domain.OIDCAuthMethodTypePost { @@ -124,12 +124,12 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain return nil, err } if existingApp.State != domain.AppStateUnspecified { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting") } project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "PROJECT-3m9s2", "Errors.Project.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-3m9s2", "Errors.Project.NotFound") } return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, project, appID, appSecretGenerator) @@ -137,15 +137,15 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner string, appSecretGenerator crypto.Generator) (_ *domain.OIDCApp, err error) { if oidcApp == nil || oidcApp.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid") } project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "PROJECT-3m9ss", "Errors.Project.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-3m9ss", "Errors.Project.NotFound") } if oidcApp.AppName == "" || !oidcApp.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-1n8df", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1n8df", "Errors.Project.App.Invalid") } appID, err := c.idGenerator.Next() @@ -215,7 +215,7 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) { if !oidc.IsValid() || oidc.AppID == "" || oidc.AggregateID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-5m9fs", "Errors.Project.App.OIDCConfigInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5m9fs", "Errors.Project.App.OIDCConfigInvalid") } existingOIDC, err := c.getOIDCAppWriteModel(ctx, oidc.AggregateID, oidc.AppID, resourceOwner) @@ -223,10 +223,10 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA return nil, err } if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") } if !existingOIDC.IsOIDC() { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC") } projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel) changedEvent, hasChanged, err := existingOIDC.NewChangedEvent( @@ -253,7 +253,7 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) @@ -272,7 +272,7 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string, appSecretGenerator crypto.Generator) (*domain.OIDCApp, error) { if projectID == "" || appID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing") } existingOIDC, err := c.getOIDCAppWriteModel(ctx, projectID, appID, resourceOwner) @@ -280,10 +280,10 @@ func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, a return nil, err } if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved { - return nil, errors.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") } if !existingOIDC.IsOIDC() { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC") } cryptoSecret, stringPW, err := domain.NewClientSecret(appSecretGenerator) if err != nil { @@ -315,13 +315,13 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, return err } if !app.State.Exists() { - return errors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NotExisting") } if !app.IsOIDC() { - return errors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC") } if app.ClientSecret == nil { - return errors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid") } projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel) @@ -334,7 +334,7 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, } _, err = c.eventstore.Push(ctx, project_repo.NewOIDCConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID)) logging.OnError(err).Error("could not push event OIDCClientSecretCheckFailed") - return errors.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid") } func (c *Commands) getOIDCAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*OIDCApplicationWriteModel, error) { diff --git a/internal/command/project_application_oidc_test.go b/internal/command/project_application_oidc_test.go index 85cdf5d5b1..8efdd8c256 100644 --- a/internal/command/project_application_oidc_test.go +++ b/internal/command/project_application_oidc_test.go @@ -10,12 +10,12 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAddOIDCApp(t *testing.T) { @@ -56,7 +56,7 @@ func TestAddOIDCApp(t *testing.T) { }, }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-NnavI", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-NnavI", "Errors.Invalid.Argument"), }, }, { @@ -78,7 +78,7 @@ func TestAddOIDCApp(t *testing.T) { }, }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-Fef31", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-Fef31", "Errors.Invalid.Argument"), }, }, { @@ -105,7 +105,7 @@ func TestAddOIDCApp(t *testing.T) { Filter(), }, want: Want{ - CreateErr: errors.ThrowNotFound(nil, "PROJE-6swVG", ""), + CreateErr: zerrors.ThrowNotFound(nil, "PROJE-6swVG", ""), }, }, { @@ -223,7 +223,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -246,7 +246,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -276,7 +276,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -442,7 +442,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -466,7 +466,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -490,7 +490,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -515,7 +515,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -589,7 +589,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -751,7 +751,7 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -768,7 +768,7 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -786,7 +786,7 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_application_saml.go b/internal/command/project_application_saml.go index e28e9c635a..d6b3679a32 100644 --- a/internal/command/project_application_saml.go +++ b/internal/command/project_application_saml.go @@ -6,19 +6,19 @@ import ( "github.com/zitadel/saml/pkg/provider/xml" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddSAMLApplication(ctx context.Context, application *domain.SAMLApp, resourceOwner string) (_ *domain.SAMLApp, err error) { if application == nil || application.AggregateID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-35Fn0", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-35Fn0", "Errors.Project.App.Invalid") } _, err = c.getProjectByID(ctx, application.AggregateID, resourceOwner) if err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "PROJECT-3p9ss", "Errors.Project.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-3p9ss", "Errors.Project.NotFound") } addedApplication := NewSAMLApplicationWriteModel(application.AggregateID, resourceOwner) @@ -43,24 +43,24 @@ func (c *Commands) AddSAMLApplication(ctx context.Context, application *domain.S func (c *Commands) addSAMLApplication(ctx context.Context, projectAgg *eventstore.Aggregate, samlApp *domain.SAMLApp) (events []eventstore.Command, err error) { if samlApp.AppName == "" || !samlApp.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-1n9df", "Errors.Project.App.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1n9df", "Errors.Project.App.Invalid") } if samlApp.Metadata == nil && samlApp.MetadataURL == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "SAML-podix9", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "SAML-podix9", "Errors.Project.App.SAMLMetadataMissing") } if samlApp.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, samlApp.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "SAML-wmqlo1", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "SAML-wmqlo1", "Errors.Project.App.SAMLMetadataMissing") } samlApp.Metadata = data } entity, err := xml.ParseMetadataXmlIntoStruct(samlApp.Metadata) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "SAML-bquso", "Errors.Project.App.SAMLMetadataFormat") + return nil, zerrors.ThrowInvalidArgument(err, "SAML-bquso", "Errors.Project.App.SAMLMetadataFormat") } samlApp.AppID, err = c.idGenerator.Next() @@ -82,7 +82,7 @@ func (c *Commands) addSAMLApplication(ctx context.Context, projectAgg *eventstor func (c *Commands) ChangeSAMLApplication(ctx context.Context, samlApp *domain.SAMLApp, resourceOwner string) (*domain.SAMLApp, error) { if !samlApp.IsValid() || samlApp.AppID == "" || samlApp.AggregateID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5n9fs", "Errors.Project.App.SAMLConfigInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5n9fs", "Errors.Project.App.SAMLConfigInvalid") } existingSAML, err := c.getSAMLAppWriteModel(ctx, samlApp.AggregateID, samlApp.AppID, resourceOwner) @@ -90,24 +90,24 @@ func (c *Commands) ChangeSAMLApplication(ctx context.Context, samlApp *domain.SA return nil, err } if existingSAML.State == domain.AppStateUnspecified || existingSAML.State == domain.AppStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") } if !existingSAML.IsSAML() { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-GBr35", "Errors.Project.App.IsNotSAML") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GBr35", "Errors.Project.App.IsNotSAML") } projectAgg := ProjectAggregateFromWriteModel(&existingSAML.WriteModel) if samlApp.MetadataURL != "" { data, err := xml.ReadMetadataFromURL(c.httpClient, samlApp.MetadataURL) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "SAML-J3kg3", "Errors.Project.App.SAMLMetadataMissing") + return nil, zerrors.ThrowInvalidArgument(err, "SAML-J3kg3", "Errors.Project.App.SAMLMetadataMissing") } samlApp.Metadata = data } entity, err := xml.ParseMetadataXmlIntoStruct(samlApp.Metadata) if err != nil { - return nil, caos_errs.ThrowInvalidArgument(err, "SAML-3fk2b", "Errors.Project.App.SAMLMetadataFormat") + return nil, zerrors.ThrowInvalidArgument(err, "SAML-3fk2b", "Errors.Project.App.SAMLMetadataFormat") } changedEvent, hasChanged, err := existingSAML.NewChangedEvent( @@ -121,7 +121,7 @@ func (c *Commands) ChangeSAMLApplication(ctx context.Context, samlApp *domain.SA return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/project_application_saml_test.go b/internal/command/project_application_saml_test.go index a9b74a99e3..978e1ed013 100644 --- a/internal/command/project_application_saml_test.go +++ b/internal/command/project_application_saml_test.go @@ -10,12 +10,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) var testMetadata = []byte(` @@ -81,7 +81,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -104,7 +104,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -134,7 +134,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -167,7 +167,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -318,7 +318,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, } @@ -383,7 +383,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -405,7 +405,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -427,7 +427,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -450,7 +450,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -495,7 +495,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -540,7 +540,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/project_application_test.go b/internal/command/project_application_test.go index 95e808dd5d..66671a5a51 100644 --- a/internal/command/project_application_test.go +++ b/internal/command/project_application_test.go @@ -7,9 +7,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeApplication(t *testing.T) { @@ -49,7 +49,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -68,7 +68,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -88,7 +88,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -109,7 +109,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -136,7 +136,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -230,7 +230,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -247,7 +247,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -265,7 +265,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -293,7 +293,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -382,7 +382,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -399,7 +399,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -417,7 +417,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -441,7 +441,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -534,7 +534,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -551,7 +551,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -569,7 +569,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_grant.go b/internal/command/project_grant.go index 21b9e61cea..c53e5252df 100644 --- a/internal/command/project_grant.go +++ b/internal/command/project_grant.go @@ -7,19 +7,19 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddProjectGrantWithID(ctx context.Context, grant *domain.ProjectGrant, grantID string, resourceOwner string) (_ *domain.ProjectGrant, err error) { existingMember, err := c.projectGrantWriteModelByID(ctx, grantID, grant.AggregateID, resourceOwner) - if err != nil && !caos_errs.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } if existingMember != nil && existingMember.State != domain.ProjectGrantStateUnspecified { - return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-2b8fs", "Errors.Project.Grant.AlreadyExisting") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-2b8fs", "Errors.Project.Grant.AlreadyExisting") } return c.addProjectGrantWithID(ctx, grant, grantID, resourceOwner) @@ -27,7 +27,7 @@ func (c *Commands) AddProjectGrantWithID(ctx context.Context, grant *domain.Proj func (c *Commands) AddProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string) (_ *domain.ProjectGrant, err error) { if !grant.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-3b8fs", "Errors.Project.Grant.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-3b8fs", "Errors.Project.Grant.Invalid") } err = c.checkProjectGrantPreCondition(ctx, grant) if err != nil { @@ -62,7 +62,7 @@ func (c *Commands) addProjectGrantWithID(ctx context.Context, grant *domain.Proj func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string, cascadeUserGrantIDs ...string) (_ *domain.ProjectGrant, err error) { if grant.GrantID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-1j83s", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1j83s", "Errors.IDMissing") } existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, resourceOwner) if err != nil { @@ -76,7 +76,7 @@ func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.Project projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) if reflect.DeepEqual(existingGrant.RoleKeys, grant.RoleKeys) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc") } events := []eventstore.Command{ @@ -120,7 +120,7 @@ func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *e return nil, nil, err } if existingProjectGrant.State == domain.ProjectGrantStateUnspecified || existingProjectGrant.State == domain.ProjectGrantStateRemoved { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound") } keyExists := false for i, key := range existingProjectGrant.RoleKeys { @@ -133,7 +133,7 @@ func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *e } } if !keyExists { - return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound") } changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, existingProjectGrant.ResourceOwner) @@ -146,7 +146,7 @@ func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *e func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) { if grantID == "" || projectID == "" { - return details, caos_errs.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing") + return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing") } err = c.checkProjectExists(ctx, projectID, resourceOwner) if err != nil { @@ -157,7 +157,7 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI return details, err } if existingGrant.State != domain.ProjectGrantStateActive { - return details, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotActive") + return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotActive") } projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) @@ -174,7 +174,7 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) { if grantID == "" || projectID == "" { - return details, caos_errs.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing") + return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing") } err = c.checkProjectExists(ctx, projectID, resourceOwner) if err != nil { @@ -185,7 +185,7 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI return details, err } if existingGrant.State != domain.ProjectGrantStateInactive { - return details, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive") + return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive") } projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID)) @@ -201,11 +201,11 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) { if grantID == "" || projectID == "" { - return details, caos_errs.ThrowInvalidArgument(nil, "PROJECT-1m9fJ", "Errors.IDMissing") + return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-1m9fJ", "Errors.IDMissing") } err = c.checkProjectExists(ctx, projectID, resourceOwner) if err != nil { - return details, caos_errs.ThrowPreconditionFailed(err, "PROJECT-6mf9s", "Errors.Project.NotFound") + return details, zerrors.ThrowPreconditionFailed(err, "PROJECT-6mf9s", "Errors.Project.NotFound") } existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner) if err != nil { @@ -245,7 +245,7 @@ func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, proj } if writeModel.State == domain.ProjectGrantStateUnspecified || writeModel.State == domain.ProjectGrantStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound") + return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound") } return writeModel, nil @@ -258,13 +258,13 @@ func (c *Commands) checkProjectGrantPreCondition(ctx context.Context, projectGra return err } if !preConditions.ProjectExists { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound") } if !preConditions.GrantedOrgExists { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound") } if projectGrant.HasInvalidRoles(preConditions.ExistingRoleKeys) { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound") } return nil } diff --git a/internal/command/project_grant_member.go b/internal/command/project_grant_member.go index ad43f81f18..096851fb42 100644 --- a/internal/command/project_grant_member.go +++ b/internal/command/project_grant_member.go @@ -5,18 +5,18 @@ import ( "reflect" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember) (*domain.ProjectGrantMember, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-8fi7G", "Errors.Project.Grant.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-8fi7G", "Errors.Project.Grant.Member.Invalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.ProjectGrantRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-m9gKK", "Errors.Project.Grant.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-m9gKK", "Errors.Project.Grant.Member.Invalid") } err := c.checkUserExists(ctx, member.UserID, "") if err != nil { @@ -28,7 +28,7 @@ func (c *Commands) AddProjectGrantMember(ctx context.Context, member *domain.Pro return nil, err } if addedMember.State == domain.MemberStateActive { - return nil, errors.ThrowAlreadyExists(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists") } projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel) pushedEvents, err := c.eventstore.Push( @@ -48,10 +48,10 @@ func (c *Commands) AddProjectGrantMember(ctx context.Context, member *domain.Pro // ChangeProjectGrantMember updates an existing member func (c *Commands) ChangeProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember) (*domain.ProjectGrantMember, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-109fs", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-109fs", "Errors.Project.Member.Invalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.ProjectGrantRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-m0sDf", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-m0sDf", "Errors.Project.Member.Invalid") } existingMember, err := c.projectGrantMemberWriteModelByID(ctx, member.AggregateID, member.UserID, member.GrantID) @@ -60,7 +60,7 @@ func (c *Commands) ChangeProjectGrantMember(ctx context.Context, member *domain. } if reflect.DeepEqual(existingMember.Roles, member.Roles) { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged") } projectAgg := ProjectAggregateFromWriteModel(&existingMember.WriteModel) pushedEvents, err := c.eventstore.Push( @@ -79,7 +79,7 @@ func (c *Commands) ChangeProjectGrantMember(ctx context.Context, member *domain. func (c *Commands) RemoveProjectGrantMember(ctx context.Context, projectID, userID, grantID string) (*domain.ObjectDetails, error) { if projectID == "" || userID == "" || grantID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-66mHd", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-66mHd", "Errors.Project.Member.Invalid") } m, err := c.projectGrantMemberWriteModelByID(ctx, projectID, userID, grantID) if err != nil { @@ -122,7 +122,7 @@ func (c *Commands) projectGrantMemberWriteModelByID(ctx context.Context, project } if writeModel.State == domain.MemberStateUnspecified || writeModel.State == domain.MemberStateRemoved { - return nil, errors.ThrowNotFound(nil, "PROJECT-37fug", "Errors.NotFound") + return nil, zerrors.ThrowNotFound(nil, "PROJECT-37fug", "Errors.NotFound") } return writeModel, nil diff --git a/internal/command/project_grant_member_test.go b/internal/command/project_grant_member_test.go index da00b8ccd5..2c52eace28 100644 --- a/internal/command/project_grant_member_test.go +++ b/internal/command/project_grant_member_test.go @@ -5,14 +5,15 @@ import ( "testing" "github.com/stretchr/testify/assert" + "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" - "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddProjectGrantMember(t *testing.T) { @@ -50,7 +51,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -72,7 +73,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -100,7 +101,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -152,7 +153,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -177,7 +178,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { ), ), expectFilter(), - expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internal"), project.NewProjectGrantMemberAddedEvent(context.Background(), &project.NewAggregate("project1", "").Aggregate, "user1", @@ -204,7 +205,7 @@ func TestCommandSide_AddProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -322,7 +323,7 @@ func TestCommandSide_ChangeProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -344,7 +345,7 @@ func TestCommandSide_ChangeProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -372,7 +373,7 @@ func TestCommandSide_ChangeProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -409,7 +410,7 @@ func TestCommandSide_ChangeProjectGrantMember(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -523,7 +524,7 @@ func TestCommandSide_RemoveProjectGrantMember(t *testing.T) { grantID: "projectgrant1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -540,7 +541,7 @@ func TestCommandSide_RemoveProjectGrantMember(t *testing.T) { grantID: "projectgrant1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -557,7 +558,7 @@ func TestCommandSide_RemoveProjectGrantMember(t *testing.T) { grantID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -575,7 +576,7 @@ func TestCommandSide_RemoveProjectGrantMember(t *testing.T) { grantID: "projectgrant1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_grant_test.go b/internal/command/project_grant_test.go index af74c8db0f..7450723185 100644 --- a/internal/command/project_grant_test.go +++ b/internal/command/project_grant_test.go @@ -7,7 +7,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -15,6 +14,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddProjectGrant(t *testing.T) { @@ -54,7 +54,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -76,7 +76,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -106,7 +106,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -143,7 +143,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -267,7 +267,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -291,7 +291,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -322,7 +322,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -361,7 +361,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -407,7 +407,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -461,7 +461,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -768,7 +768,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -784,7 +784,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -802,7 +802,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -829,7 +829,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -867,7 +867,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -965,7 +965,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -981,7 +981,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -999,7 +999,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1026,7 +1026,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1060,7 +1060,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1163,7 +1163,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1179,7 +1179,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1197,7 +1197,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1224,7 +1224,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_member.go b/internal/command/project_member.go index ed9f35146f..e47a4c85ee 100644 --- a/internal/command/project_member.go +++ b/internal/command/project_member.go @@ -5,10 +5,10 @@ import ( "reflect" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) { @@ -33,10 +33,10 @@ func (c *Commands) AddProjectMember(ctx context.Context, member *domain.Member, func (c *Commands) addProjectMember(ctx context.Context, projectAgg *eventstore.Aggregate, addedMember *ProjectMemberWriteModel, member *domain.Member) (eventstore.Command, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.ProjectRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-3m9ds", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-3m9ds", "Errors.Project.Member.Invalid") } err := c.checkUserExists(ctx, addedMember.UserID, "") @@ -48,7 +48,7 @@ func (c *Commands) addProjectMember(ctx context.Context, projectAgg *eventstore. return nil, err } if addedMember.State == domain.MemberStateActive { - return nil, errors.ThrowAlreadyExists(nil, "PROJECT-PtXi1", "Errors.Project.Member.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "PROJECT-PtXi1", "Errors.Project.Member.AlreadyExists") } return project.NewProjectMemberAddedEvent(ctx, projectAgg, member.UserID, member.Roles...), nil @@ -57,10 +57,10 @@ func (c *Commands) addProjectMember(ctx context.Context, projectAgg *eventstore. // ChangeProjectMember updates an existing member func (c *Commands) ChangeProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) { if !member.IsValid() { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-LiaZi", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-LiaZi", "Errors.Project.Member.Invalid") } if len(domain.CheckForInvalidRoles(member.Roles, domain.ProjectRolePrefix, c.zitadelRoles)) > 0 { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-3m9d", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-3m9d", "Errors.Project.Member.Invalid") } existingMember, err := c.projectMemberWriteModelByID(ctx, member.AggregateID, member.UserID, resourceOwner) @@ -69,7 +69,7 @@ func (c *Commands) ChangeProjectMember(ctx context.Context, member *domain.Membe } if reflect.DeepEqual(existingMember.Roles, member.Roles) { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged") } projectAgg := ProjectAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, project.NewProjectMemberChangedEvent(ctx, projectAgg, member.UserID, member.Roles...)) @@ -87,13 +87,13 @@ func (c *Commands) ChangeProjectMember(ctx context.Context, member *domain.Membe func (c *Commands) RemoveProjectMember(ctx context.Context, projectID, userID, resourceOwner string) (*domain.ObjectDetails, error) { if projectID == "" || userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "PROJECT-66mHd", "Errors.Project.Member.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-66mHd", "Errors.Project.Member.Invalid") } m, err := c.projectMemberWriteModelByID(ctx, projectID, userID, resourceOwner) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { // empty response because we have no data that match the request return &domain.ObjectDetails{}, nil } @@ -133,7 +133,7 @@ func (c *Commands) projectMemberWriteModelByID(ctx context.Context, projectID, u } if writeModel.State == domain.MemberStateUnspecified || writeModel.State == domain.MemberStateRemoved { - return nil, errors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.NotFound") + return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.NotFound") } return writeModel, nil diff --git a/internal/command/project_member_test.go b/internal/command/project_member_test.go index fd6a4105e2..358ee4382f 100644 --- a/internal/command/project_member_test.go +++ b/internal/command/project_member_test.go @@ -5,14 +5,15 @@ import ( "testing" "github.com/stretchr/testify/assert" + "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" - "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddProjectMember(t *testing.T) { @@ -52,7 +53,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -74,7 +75,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -102,7 +103,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -153,7 +154,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -178,7 +179,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { ), ), expectFilter(), - expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internal"), project.NewProjectMemberAddedEvent(context.Background(), &project.NewAggregate("project1", "org1").Aggregate, "user1", @@ -204,7 +205,7 @@ func TestCommandSide_AddProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -323,7 +324,7 @@ func TestCommandSide_ChangeProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -345,7 +346,7 @@ func TestCommandSide_ChangeProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -373,7 +374,7 @@ func TestCommandSide_ChangeProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -409,7 +410,7 @@ func TestCommandSide_ChangeProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -520,7 +521,7 @@ func TestCommandSide_RemoveProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -537,7 +538,7 @@ func TestCommandSide_RemoveProjectMember(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/project_role.go b/internal/command/project_role.go index c52f170d8c..065d784efc 100644 --- a/internal/command/project_role.go +++ b/internal/command/project_role.go @@ -4,10 +4,11 @@ import ( "context" "github.com/zitadel/logging" + "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) { @@ -62,7 +63,7 @@ func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.A for _, projectRole := range projectRoles { projectRole.AggregateID = projectAgg.ID if !projectRole.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid") } events = append(events, project.NewRoleAddedEvent( ctx, @@ -78,7 +79,7 @@ func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.A func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) { if !projectRole.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2ilfW", "Errors.Project.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2ilfW", "Errors.Project.Invalid") } err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner) if err != nil { @@ -90,7 +91,7 @@ func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.Pr return nil, err } if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-vv8M9", "Errors.Project.Role.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-vv8M9", "Errors.Project.Role.NotExisting") } projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel) @@ -100,7 +101,7 @@ func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.Pr return nil, err } if !changed { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changeEvent) @@ -116,14 +117,14 @@ func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.Pr func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resourceOwner string, cascadingProjectGrantIds []string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) { if projectID == "" || key == "" { - return details, caos_errs.ThrowInvalidArgument(nil, "COMMAND-fl9eF", "Errors.Project.Role.Invalid") + return details, zerrors.ThrowInvalidArgument(nil, "COMMAND-fl9eF", "Errors.Project.Role.Invalid") } existingRole, err := c.getProjectRoleWriteModelByID(ctx, key, projectID, resourceOwner) if err != nil { return details, err } if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved { - return details, caos_errs.ThrowNotFound(nil, "COMMAND-m9vMf", "Errors.Project.Role.NotExisting") + return details, zerrors.ThrowNotFound(nil, "COMMAND-m9vMf", "Errors.Project.Role.NotExisting") } projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel) events := []eventstore.Command{ diff --git a/internal/command/project_role_test.go b/internal/command/project_role_test.go index 2d40cdc913..bd8c85aef7 100644 --- a/internal/command/project_role_test.go +++ b/internal/command/project_role_test.go @@ -7,11 +7,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddProjectRole(t *testing.T) { @@ -67,7 +67,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -96,7 +96,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -113,7 +113,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) { ), ), ), - expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "id", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "id", "internal"), project.NewRoleAddedEvent( context.Background(), &project.NewAggregate("project1", "org1").Aggregate, @@ -137,7 +137,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -265,7 +265,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -298,7 +298,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -315,7 +315,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) { ), ), ), - expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "id", "internal"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "id", "internal"), project.NewRoleAddedEvent( context.Background(), &project.NewAggregate("project1", "org1").Aggregate, @@ -351,7 +351,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -465,7 +465,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -502,7 +502,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -550,7 +550,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -592,7 +592,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -703,7 +703,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -720,7 +720,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -738,7 +738,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -771,7 +771,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/project_test.go b/internal/command/project_test.go index 715b82f080..ca8d2b2ddf 100644 --- a/internal/command/project_test.go +++ b/internal/command/project_test.go @@ -7,12 +7,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddProject(t *testing.T) { @@ -49,7 +49,7 @@ func TestCommandSide_AddProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -57,7 +57,7 @@ func TestCommandSide_AddProject(t *testing.T) { fields: fields{ eventstore: eventstoreExpect( t, - expectPushFailed(errors.ThrowAlreadyExists(nil, "ERROR", "internl"), + expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internl"), project.NewProjectAddedEvent( context.Background(), &project.NewAggregate("project1", "org1").Aggregate, @@ -87,7 +87,7 @@ func TestCommandSide_AddProject(t *testing.T) { ownerID: "user1", }, res: res{ - err: errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -195,7 +195,7 @@ func TestCommandSide_ChangeProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -213,7 +213,7 @@ func TestCommandSide_ChangeProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -235,7 +235,7 @@ func TestCommandSide_ChangeProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -270,7 +270,7 @@ func TestCommandSide_ChangeProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -303,7 +303,7 @@ func TestCommandSide_ChangeProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -468,7 +468,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -484,7 +484,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) { resourceOwner: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -501,7 +501,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -531,7 +531,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -559,7 +559,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -644,7 +644,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -660,7 +660,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) { resourceOwner: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -677,7 +677,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -707,7 +707,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -731,7 +731,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -820,7 +820,7 @@ func TestCommandSide_RemoveProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -836,7 +836,7 @@ func TestCommandSide_RemoveProject(t *testing.T) { resourceOwner: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -853,7 +853,7 @@ func TestCommandSide_RemoveProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -883,7 +883,7 @@ func TestCommandSide_RemoveProject(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1115,7 +1115,7 @@ func TestAddProject(t *testing.T) { privateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy, }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-C01yo", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-C01yo", "Errors.Invalid.Argument"), }, }, { @@ -1127,7 +1127,7 @@ func TestAddProject(t *testing.T) { privateLabelingSetting: -1, }, want: Want{ - ValidationErr: errors.ThrowInvalidArgument(nil, "PROJE-AO52V", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "PROJE-AO52V", "Errors.Invalid.Argument"), }, }, { @@ -1139,7 +1139,7 @@ func TestAddProject(t *testing.T) { privateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy, }, want: Want{ - ValidationErr: errors.ThrowPreconditionFailed(nil, "PROJE-hzxwo", "Errors.Invalid.Argument"), + ValidationErr: zerrors.ThrowPreconditionFailed(nil, "PROJE-hzxwo", "Errors.Invalid.Argument"), }, }, { diff --git a/internal/command/quota.go b/internal/command/quota.go index d3b1ab7e89..5112394826 100644 --- a/internal/command/quota.go +++ b/internal/command/quota.go @@ -8,9 +8,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) type QuotaUnit string @@ -43,7 +43,7 @@ func (c *Commands) AddQuota( return nil, err } if wm.AggregateID != "" { - return nil, errors.ThrowAlreadyExists(nil, "COMMAND-WDfFf", "Errors.Quota.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-WDfFf", "Errors.Quota.AlreadyExists") } aggregateId, err := c.idGenerator.Next() if err != nil { @@ -106,7 +106,7 @@ func (c *Commands) RemoveQuota(ctx context.Context, unit QuotaUnit) (*domain.Obj return nil, err } if wm.AggregateID == "" { - return nil, errors.ThrowNotFound(nil, "COMMAND-WDfFf", "Errors.Quota.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-WDfFf", "Errors.Quota.NotFound") } aggregate := quota.NewAggregate(wm.AggregateID, instanceId) events := []eventstore.Command{quota.NewRemovedEvent(ctx, &aggregate.Aggregate, unit.Enum())} @@ -147,13 +147,13 @@ type QuotaNotifications []*QuotaNotification func (q *QuotaNotification) validate() error { u, err := url.Parse(q.CallURL) if err != nil { - return errors.ThrowInvalidArgument(err, "QUOTA-bZ0Fj", "Errors.Quota.Invalid.CallURL") + return zerrors.ThrowInvalidArgument(err, "QUOTA-bZ0Fj", "Errors.Quota.Invalid.CallURL") } if !u.IsAbs() || u.Host == "" { - return errors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "Errors.Quota.Invalid.CallURL") + return zerrors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "Errors.Quota.Invalid.CallURL") } if q.Percent < 1 { - return errors.ThrowInvalidArgument(nil, "QUOTA-pBfjq", "Errors.Quota.Invalid.Percent") + return zerrors.ThrowInvalidArgument(nil, "QUOTA-pBfjq", "Errors.Quota.Invalid.Percent") } return nil } @@ -165,10 +165,10 @@ func (q *SetQuota) validate() error { } } if q.Unit.Enum() == quota.Unimplemented { - return errors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "Errors.Quota.Invalid.Unimplemented") + return zerrors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "Errors.Quota.Invalid.Unimplemented") } if q.ResetInterval < time.Minute { - return errors.ThrowInvalidArgument(nil, "QUOTA-R5otd", "Errors.Quota.Invalid.ResetInterval") + return zerrors.ThrowInvalidArgument(nil, "QUOTA-R5otd", "Errors.Quota.Invalid.ResetInterval") } return nil } diff --git a/internal/command/quota_model.go b/internal/command/quota_model.go index 8c2efa7dfe..7b4cbac9bd 100644 --- a/internal/command/quota_model.go +++ b/internal/command/quota_model.go @@ -6,10 +6,10 @@ import ( "slices" "time" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) type quotaWriteModel struct { @@ -168,12 +168,12 @@ func (q QuotaNotifications) newSetEventNotifications(idGenerator id.Generator) ( func sortSetEventNotifications(notifications []*quota.SetEventNotification) (err error) { slices.SortFunc(notifications, func(i, j *quota.SetEventNotification) int { if i == nil || j == nil { - err = zitadel_errors.ThrowInternal(errors.New("sorting slices of *quota.SetEventNotification with nil pointers is not supported"), "QUOTA-8YXPk", "Errors.Internal") + err = zerrors.ThrowInternal(errors.New("sorting slices of *quota.SetEventNotification with nil pointers is not supported"), "QUOTA-8YXPk", "Errors.Internal") return 0 } if i.Percent == j.Percent && i.CallURL == j.CallURL && i.Repeat == j.Repeat { // TODO: translate - err = zitadel_errors.ThrowInternal(fmt.Errorf("%+v", i), "QUOTA-Pty2n", "Errors.Quota.Notifications.Duplicate") + err = zerrors.ThrowInternal(fmt.Errorf("%+v", i), "QUOTA-Pty2n", "Errors.Quota.Notifications.Duplicate") return 0 } if i.Percent < j.Percent || diff --git a/internal/command/quota_model_test.go b/internal/command/quota_model_test.go index 3ba9847200..37815056e5 100644 --- a/internal/command/quota_model_test.go +++ b/internal/command/quota_model_test.go @@ -9,11 +9,11 @@ import ( "github.com/stretchr/testify/assert" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestQuotaWriteModel_NewChanges(t *testing.T) { @@ -277,7 +277,7 @@ func TestQuotaWriteModel_NewChanges(t *testing.T) { idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "notification1", "notification2"), }, wantErr: func(t assert.TestingT, err error, i ...interface{}) bool { - return zitadel_errors.IsErrorInvalidArgument(err) + return zerrors.IsErrorInvalidArgument(err) }, }, { name: "deduplicate existing notifications", diff --git a/internal/command/quota_test.go b/internal/command/quota_test.go index 5b28f3e610..14d5d50794 100644 --- a/internal/command/quota_test.go +++ b/internal/command/quota_test.go @@ -10,11 +10,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestQuota_AddQuota(t *testing.T) { @@ -71,7 +71,7 @@ func TestQuota_AddQuota(t *testing.T) { }, }, res: res{ - err: caos_errors.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -96,7 +96,7 @@ func TestQuota_AddQuota(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) }, }, }, @@ -362,7 +362,7 @@ func TestQuota_SetQuota(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) }, }, }, @@ -579,7 +579,7 @@ func TestQuota_RemoveQuota(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "COMMAND-WDfFf", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-WDfFf", "")) }, }, }, @@ -620,7 +620,7 @@ func TestQuota_RemoveQuota(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowNotFound(nil, "COMMAND-WDfFf", "")) + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-WDfFf", "")) }, }, }, @@ -707,7 +707,7 @@ func TestQuota_QuotaNotification_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-bZ0Fj", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-bZ0Fj", "")) }, }, }, @@ -722,7 +722,7 @@ func TestQuota_QuotaNotification_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "")) }, }, }, @@ -737,7 +737,7 @@ func TestQuota_QuotaNotification_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "")) }, }, }, @@ -752,7 +752,7 @@ func TestQuota_QuotaNotification_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-pBfjq", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-pBfjq", "")) }, }, }, @@ -815,7 +815,7 @@ func TestQuota_SetQuota_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-bZ0Fj", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-bZ0Fj", "")) }, }, }, @@ -833,7 +833,7 @@ func TestQuota_SetQuota_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "")) }, }, }, @@ -851,7 +851,7 @@ func TestQuota_SetQuota_validate(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errors.ThrowInvalidArgument(nil, "QUOTA-R5otd", "")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "QUOTA-R5otd", "")) }, }, }, diff --git a/internal/command/resource_ower_model.go b/internal/command/resource_ower_model.go new file mode 100644 index 0000000000..e5e047c273 --- /dev/null +++ b/internal/command/resource_ower_model.go @@ -0,0 +1,41 @@ +package command + +import ( + "github.com/zitadel/zitadel/internal/eventstore" +) + +// resourceOwnerModel can be used to retrieve the resourceOwner of an aggregate +// by checking the first event it. +type resourceOwnerModel struct { + instanceID string + aggregateType eventstore.AggregateType + aggregateID string + + resourceOwner string +} + +func NewResourceOwnerModel(instanceID string, aggregateType eventstore.AggregateType, aggregateID string) *resourceOwnerModel { + return &resourceOwnerModel{ + instanceID: instanceID, + aggregateType: aggregateType, + aggregateID: aggregateID, + } +} + +func (r *resourceOwnerModel) Reduce() error { + return nil +} +func (r *resourceOwnerModel) AppendEvents(events ...eventstore.Event) { + if len(events) == 1 { + r.resourceOwner = events[0].Aggregate().ResourceOwner + } +} +func (r *resourceOwnerModel) Query() *eventstore.SearchQueryBuilder { + return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + InstanceID(r.instanceID). + AddQuery(). + AggregateTypes(r.aggregateType). + AggregateIDs(r.aggregateID). + Builder(). + Limit(1) +} diff --git a/internal/command/restrictions.go b/internal/command/restrictions.go index 1658c99592..e47a0e8c02 100644 --- a/internal/command/restrictions.go +++ b/internal/command/restrictions.go @@ -3,16 +3,38 @@ package command import ( "context" + "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/repository/restrictions" + "github.com/zitadel/zitadel/internal/zerrors" ) type SetRestrictions struct { DisallowPublicOrgRegistration *bool + AllowedLanguages []language.Tag +} + +func (s *SetRestrictions) Validate(defaultLanguage language.Tag) error { + if s == nil || (s.DisallowPublicOrgRegistration == nil && s.AllowedLanguages == nil) { + return zerrors.ThrowInvalidArgument(nil, "COMMAND-oASwj", "Errors.Restrictions.NoneSpecified") + } + if s.AllowedLanguages != nil { + if err := domain.LanguagesHaveDuplicates(s.AllowedLanguages); err != nil { + return err + } + if err := domain.LanguagesAreSupported(i18n.SupportedLanguages(), s.AllowedLanguages...); err != nil { + return err + } + if err := domain.LanguageIsAllowed(false, s.AllowedLanguages, defaultLanguage); err != nil { + return zerrors.ThrowPreconditionFailedf(err, "COMMAND-L0m2u", "Errors.Restrictions.DefaultLanguageMustBeAllowed") + } + } + return nil } // SetRestrictions creates new restrictions or updates existing restrictions. @@ -60,10 +82,10 @@ func (c *Commands) getRestrictionsWriteModel(ctx context.Context, instanceId, re func (c *Commands) SetRestrictionsCommand(a *restrictions.Aggregate, wm *restrictionsWriteModel, setRestrictions *SetRestrictions) preparation.Validation { return func() (preparation.CreateCommands, error) { - if setRestrictions == nil || setRestrictions.DisallowPublicOrgRegistration == nil { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-oASwj", "Errors.Restrictions.NoneSpecified") - } return func(ctx context.Context, _ preparation.FilterToQueryReducer) ([]eventstore.Command, error) { + if err := setRestrictions.Validate(authz.GetInstance(ctx).DefaultLanguage()); err != nil { + return nil, err + } changes := wm.NewChanges(setRestrictions) if len(changes) == 0 { return nil, nil diff --git a/internal/command/restrictions_model.go b/internal/command/restrictions_model.go index cabf1981ac..81ada1f4f1 100644 --- a/internal/command/restrictions_model.go +++ b/internal/command/restrictions_model.go @@ -1,13 +1,17 @@ package command import ( + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/restrictions" ) type restrictionsWriteModel struct { eventstore.WriteModel - disallowPublicOrgRegistrations bool + disallowPublicOrgRegistration bool + allowedLanguages []language.Tag } // newRestrictionsWriteModel aggregateId is filled by reducing unit matching events @@ -34,8 +38,15 @@ func (wm *restrictionsWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *restrictionsWriteModel) Reduce() error { for _, event := range wm.Events { wm.ChangeDate = event.CreatedAt() - if e, ok := event.(*restrictions.SetEvent); ok && e.DisallowPublicOrgRegistrations != nil { - wm.disallowPublicOrgRegistrations = *e.DisallowPublicOrgRegistrations + e, ok := event.(*restrictions.SetEvent) + if !ok { + continue + } + if e.DisallowPublicOrgRegistration != nil { + wm.disallowPublicOrgRegistration = *e.DisallowPublicOrgRegistration + } + if e.AllowedLanguages != nil { + wm.allowedLanguages = *e.AllowedLanguages } } return wm.WriteModel.Reduce() @@ -48,8 +59,11 @@ func (wm *restrictionsWriteModel) NewChanges(setRestrictions *SetRestrictions) ( return nil } changes = make([]restrictions.RestrictionsChange, 0, 1) - if setRestrictions.DisallowPublicOrgRegistration != nil && (wm.disallowPublicOrgRegistrations != *setRestrictions.DisallowPublicOrgRegistration) { - changes = append(changes, restrictions.ChangePublicOrgRegistrations(*setRestrictions.DisallowPublicOrgRegistration)) + if setRestrictions.DisallowPublicOrgRegistration != nil && (wm.disallowPublicOrgRegistration != *setRestrictions.DisallowPublicOrgRegistration) { + changes = append(changes, restrictions.ChangeDisallowPublicOrgRegistration(*setRestrictions.DisallowPublicOrgRegistration)) + } + if setRestrictions.AllowedLanguages != nil && domain.LanguagesDiffer(wm.allowedLanguages, setRestrictions.AllowedLanguages) { + changes = append(changes, restrictions.ChangeAllowedLanguages(setRestrictions.AllowedLanguages)) } return changes } diff --git a/internal/command/restrictions_test.go b/internal/command/restrictions_test.go index 1fcefb8065..4dcbc479ed 100644 --- a/internal/command/restrictions_test.go +++ b/internal/command/restrictions_test.go @@ -6,20 +6,20 @@ import ( "github.com/muhlemmer/gu" "github.com/stretchr/testify/assert" + "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - zitadel_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/restrictions" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSetRestrictions(t *testing.T) { type fields func(*testing.T) (*eventstore.Eventstore, id.Generator) type args struct { - ctx context.Context setRestrictions *SetRestrictions } type res struct { @@ -40,14 +40,14 @@ func TestSetRestrictions(t *testing.T) { expectFilter(), expectPush( eventFromEventPusherWithInstanceID( - "instance1", + "INSTANCE", restrictions.NewSetEvent( eventstore.NewBaseEventForPush( context.Background(), - &restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate, + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, restrictions.SetEventType, ), - restrictions.ChangePublicOrgRegistrations(true), + restrictions.ChangeDisallowPublicOrgRegistration(true), ), ), ), @@ -55,14 +55,13 @@ func TestSetRestrictions(t *testing.T) { id_mock.NewIDGeneratorExpectIDs(t, "restrictions1") }, args: args{ - ctx: authz.WithInstanceID(context.Background(), "instance1"), setRestrictions: &SetRestrictions{ DisallowPublicOrgRegistration: gu.Ptr(true), }, }, res: res{ want: &domain.ObjectDetails{ - ResourceOwner: "instance1", + ResourceOwner: "INSTANCE", }, }, }, @@ -76,23 +75,23 @@ func TestSetRestrictions(t *testing.T) { restrictions.NewSetEvent( eventstore.NewBaseEventForPush( context.Background(), - &restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate, + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, restrictions.SetEventType, ), - restrictions.ChangePublicOrgRegistrations(true), + restrictions.ChangeDisallowPublicOrgRegistration(true), ), ), ), expectPush( eventFromEventPusherWithInstanceID( - "instance1", + "INSTANCE", restrictions.NewSetEvent( eventstore.NewBaseEventForPush( context.Background(), - &restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate, + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, restrictions.SetEventType, ), - restrictions.ChangePublicOrgRegistrations(false), + restrictions.ChangeDisallowPublicOrgRegistration(false), ), ), ), @@ -100,14 +99,13 @@ func TestSetRestrictions(t *testing.T) { nil }, args: args{ - ctx: authz.WithInstanceID(context.Background(), "instance1"), setRestrictions: &SetRestrictions{ DisallowPublicOrgRegistration: gu.Ptr(false), }, }, res: res{ want: &domain.ObjectDetails{ - ResourceOwner: "instance1", + ResourceOwner: "INSTANCE", }, }, }, @@ -121,10 +119,10 @@ func TestSetRestrictions(t *testing.T) { restrictions.NewSetEvent( eventstore.NewBaseEventForPush( context.Background(), - &restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate, + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, restrictions.SetEventType, ), - restrictions.ChangePublicOrgRegistrations(true), + restrictions.ChangeDisallowPublicOrgRegistration(true), ), ), ), @@ -132,14 +130,13 @@ func TestSetRestrictions(t *testing.T) { nil }, args: args{ - ctx: authz.WithInstanceID(context.Background(), "instance1"), setRestrictions: &SetRestrictions{ DisallowPublicOrgRegistration: gu.Ptr(true), }, }, res: res{ want: &domain.ObjectDetails{ - ResourceOwner: "instance1", + ResourceOwner: "INSTANCE", }, }, }, @@ -152,21 +149,74 @@ func TestSetRestrictions(t *testing.T) { restrictions.NewSetEvent( eventstore.NewBaseEventForPush( context.Background(), - &restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate, + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, restrictions.SetEventType, ), - restrictions.ChangePublicOrgRegistrations(true), + restrictions.ChangeDisallowPublicOrgRegistration(true), ), ), ), ), nil }, args: args{ - ctx: authz.WithInstanceID(context.Background(), "instance1"), setRestrictions: &SetRestrictions{}, }, res: res{ - err: zitadel_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "unsupported language restricted", + fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) { + return eventstoreExpect(t, + expectFilter( + eventFromEventPusher( + restrictions.NewSetEvent( + eventstore.NewBaseEventForPush( + context.Background(), + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, + restrictions.SetEventType, + ), + restrictions.ChangeAllowedLanguages(SupportedLanguages), + ), + ), + ), + ), nil + }, + args: args{ + setRestrictions: &SetRestrictions{ + AllowedLanguages: []language.Tag{AllowedLanguage, UnsupportedLanguage}, + }, + }, + res: res{ + err: zerrors.IsErrorInvalidArgument, + }, + }, + { + name: "default language not allowed", + fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) { + return eventstoreExpect(t, + expectFilter( + eventFromEventPusher( + restrictions.NewSetEvent( + eventstore.NewBaseEventForPush( + context.Background(), + &restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate, + restrictions.SetEventType, + ), + restrictions.ChangeAllowedLanguages(OnlyAllowedLanguages), + ), + ), + ), + ), nil + }, + args: args{ + setRestrictions: &SetRestrictions{ + AllowedLanguages: []language.Tag{DisallowedLanguage}, + }, + }, + res: res{ + err: zerrors.IsPreconditionFailed, }, }, } @@ -174,7 +224,7 @@ func TestSetRestrictions(t *testing.T) { t.Run(tt.name, func(t *testing.T) { r := new(Commands) r.eventstore, r.idGenerator = tt.fields(t) - got, err := r.SetInstanceRestrictions(tt.args.ctx, tt.args.setRestrictions) + got, err := r.SetInstanceRestrictions(authz.WithInstance(context.Background(), &mockInstance{}), tt.args.setRestrictions) if tt.res.err == nil { assert.NoError(t, err) } diff --git a/internal/command/session.go b/internal/command/session.go index fefb24ddda..147921b550 100644 --- a/internal/command/session.go +++ b/internal/command/session.go @@ -11,12 +11,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type SessionCommand func(ctx context.Context, cmd *SessionCommands) error @@ -59,7 +59,7 @@ func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWri func CheckUser(id string, resourceOwner string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) error { if cmd.sessionWriteModel.UserID != "" && id != "" && cmd.sessionWriteModel.UserID != id { - return caos_errs.ThrowInvalidArgument(nil, "", "user change not possible") + return zerrors.ThrowInvalidArgument(nil, "", "user change not possible") } return cmd.UserChecked(ctx, id, resourceOwner, cmd.now()) } @@ -69,7 +69,7 @@ func CheckUser(id string, resourceOwner string) SessionCommand { func CheckPassword(password string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) error { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfw3f", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfw3f", "Errors.User.UserIDMissing") } cmd.passwordWriteModel = NewHumanPasswordWriteModel(cmd.sessionWriteModel.UserID, "") err := cmd.eventstore.FilterToQueryReducer(ctx, cmd.passwordWriteModel) @@ -77,18 +77,18 @@ func CheckPassword(password string) SessionCommand { return err } if cmd.passwordWriteModel.UserState == domain.UserStateUnspecified || cmd.passwordWriteModel.UserState == domain.UserStateDeleted { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound") } if cmd.passwordWriteModel.EncodedHash == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-WEf3t", "Errors.User.Password.NotSet") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-WEf3t", "Errors.User.Password.NotSet") } ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "passwap.Verify") updated, err := cmd.hasher.Verify(cmd.passwordWriteModel.EncodedHash, password) spanPasswordComparison.EndWithError(err) if err != nil { //TODO: maybe we want to reset the session in the future https://github.com/zitadel/zitadel/issues/5807 - return caos_errs.ThrowInvalidArgument(err, "COMMAND-SAF3g", "Errors.User.Password.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-SAF3g", "Errors.User.Password.Invalid") } if updated != "" { cmd.eventCommands = append(cmd.eventCommands, user.NewHumanPasswordHashUpdatedEvent(ctx, UserAggregateFromWriteModel(&cmd.passwordWriteModel.WriteModel), updated)) @@ -103,7 +103,7 @@ func CheckPassword(password string) SessionCommand { func CheckIntent(intentID, token string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) error { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfw3r", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfw3r", "Errors.User.UserIDMissing") } if err := crypto.CheckToken(cmd.intentAlg, token, intentID); err != nil { return err @@ -114,11 +114,11 @@ func CheckIntent(intentID, token string) SessionCommand { return err } if cmd.intentWriteModel.State != domain.IDPIntentStateSucceeded { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded") } if cmd.intentWriteModel.UserID != "" { if cmd.intentWriteModel.UserID != cmd.sessionWriteModel.UserID { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser") } } else { linkWriteModel := NewUserIDPLinkWriteModel(cmd.sessionWriteModel.UserID, cmd.intentWriteModel.IDPID, cmd.intentWriteModel.IDPUserID, cmd.intentWriteModel.ResourceOwner) @@ -127,7 +127,7 @@ func CheckIntent(intentID, token string) SessionCommand { return err } if linkWriteModel.State != domain.UserIDPLinkStateActive { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser") } } cmd.IntentChecked(ctx, cmd.now()) @@ -138,7 +138,7 @@ func CheckIntent(intentID, token string) SessionCommand { func CheckTOTP(code string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) (err error) { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Neil7", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Neil7", "Errors.User.UserIDMissing") } cmd.totpWriteModel = NewHumanTOTPWriteModel(cmd.sessionWriteModel.UserID, "") err = cmd.eventstore.FilterToQueryReducer(ctx, cmd.totpWriteModel) @@ -146,7 +146,7 @@ func CheckTOTP(code string) SessionCommand { return err } if cmd.totpWriteModel.State != domain.MFAStateReady { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-eej1U", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-eej1U", "Errors.User.MFA.OTP.NotReady") } err = domain.VerifyTOTP(code, cmd.totpWriteModel.Secret, cmd.totpAlg) if err != nil { @@ -258,7 +258,7 @@ func (s *SessionCommands) ChangeMetadata(ctx context.Context, metadata map[strin func (s *SessionCommands) SetLifetime(ctx context.Context, lifetime time.Duration) error { if lifetime < 0 { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime") } if lifetime == 0 { return nil @@ -269,7 +269,7 @@ func (s *SessionCommands) SetLifetime(ctx context.Context, lifetime time.Duratio func (s *SessionCommands) gethumanWriteModel(ctx context.Context) (*HumanWriteModel, error) { if s.sessionWriteModel.UserID == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing") } humanWriteModel := NewHumanWriteModel(s.sessionWriteModel.UserID, s.sessionWriteModel.UserResourceOwner) err := s.eventstore.FilterToQueryReducer(ctx, humanWriteModel) @@ -277,7 +277,7 @@ func (s *SessionCommands) gethumanWriteModel(ctx context.Context) (*HumanWriteMo return nil, err } if humanWriteModel.UserState != domain.UserStateActive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound") } return humanWriteModel, nil } @@ -400,7 +400,27 @@ func (c *Commands) checkSessionTerminationPermission(ctx context.Context, model if model.UserID != "" && model.UserID == authz.GetCtxData(ctx).UserID { return nil } - return c.checkPermission(ctx, domain.PermissionSessionDelete, model.UserResourceOwner, model.UserID) + userResourceOwner, err := c.sessionUserResourceOwner(ctx, model) + if err != nil { + return err + } + return c.checkPermission(ctx, domain.PermissionSessionDelete, userResourceOwner, model.UserID) +} + +// sessionUserResourceOwner will return the resourceOwner of the session form the [SessionWriteModel] or by additionally calling the eventstore, +// because before 2.42.0, the resourceOwner of a session used to be the organisation of the creator. +// Further the (checked) users organisation id was not stored. +// To be able to check the permission, we need to get the user's resourceOwner in this case. +func (c *Commands) sessionUserResourceOwner(ctx context.Context, model *SessionWriteModel) (string, error) { + if model.UserID == "" || model.UserResourceOwner != "" { + return model.UserResourceOwner, nil + } + r := NewResourceOwnerModel(authz.GetInstance(ctx).InstanceID(), user.AggregateType, model.UserID) + err := c.eventstore.FilterToQueryReducer(ctx, r) + if err != nil { + return "", err + } + return r.resourceOwner, nil } func sessionTokenCreator(idGenerator id.Generator, sessionAlg crypto.EncryptionAlgorithm) func(sessionID string) (id string, token string, err error) { diff --git a/internal/command/session_model.go b/internal/command/session_model.go index 4929904576..6076461f5a 100644 --- a/internal/command/session_model.go +++ b/internal/command/session_model.go @@ -5,9 +5,9 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/session" + "github.com/zitadel/zitadel/internal/zerrors" ) type WebAuthNChallengeModel struct { @@ -62,8 +62,7 @@ type SessionWriteModel struct { func NewSessionWriteModel(sessionID string, instanceID string) *SessionWriteModel { return &SessionWriteModel{ WriteModel: eventstore.WriteModel{ - AggregateID: sessionID, - ResourceOwner: instanceID, + AggregateID: sessionID, }, Metadata: make(map[string][]byte), aggregate: &session.NewAggregate(sessionID, instanceID).Aggregate, @@ -261,10 +260,10 @@ func (wm *SessionWriteModel) AuthMethodTypes() []domain.UserAuthMethodType { // or automatically (expired). func (wm *SessionWriteModel) CheckNotInvalidated() error { if wm.State == domain.SessionStateTerminated { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Hewfq", "Errors.Session.Terminated") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Hewfq", "Errors.Session.Terminated") } if !wm.Expiration.IsZero() && wm.Expiration.Before(time.Now()) { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Hkl3d", "Errors.Session.Expired") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Hkl3d", "Errors.Session.Expired") } return nil } @@ -272,7 +271,7 @@ func (wm *SessionWriteModel) CheckNotInvalidated() error { // CheckIsActive checks that the session was not invalidated ([CheckNotInvalidated]) and actually already exists. func (wm *SessionWriteModel) CheckIsActive() error { if wm.State == domain.SessionStateUnspecified { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting") } return wm.CheckNotInvalidated() } diff --git a/internal/command/session_otp.go b/internal/command/session_otp.go index eecf47f90b..8afee5d2d1 100644 --- a/internal/command/session_otp.go +++ b/internal/command/session_otp.go @@ -8,8 +8,8 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/session" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) CreateOTPSMSChallengeReturnCode(dst *string) SessionCommand { @@ -23,14 +23,14 @@ func (c *Commands) CreateOTPSMSChallenge() SessionCommand { func (c *Commands) createOTPSMSChallenge(returnCode bool, dst *string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) error { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing") } writeModel := NewHumanOTPSMSWriteModel(cmd.sessionWriteModel.UserID, "") if err := cmd.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil { return err } if !writeModel.OTPAdded() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady") } code, err := cmd.createCode(ctx, cmd.eventstore.Filter, domain.SecretGeneratorTypeOTPSMS, cmd.otpAlg, c.defaultSecretGenerators.OTPSMS) if err != nil { @@ -51,7 +51,7 @@ func (c *Commands) OTPSMSSent(ctx context.Context, sessionID, resourceOwner stri return err } if sessionWriteModel.OTPSMSCodeChallenge == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-G3t31", "Errors.User.Code.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-G3t31", "Errors.User.Code.NotFound") } return c.pushAppendAndReduce(ctx, sessionWriteModel, session.NewOTPSMSSentEvent(ctx, &session.NewAggregate(sessionID, sessionWriteModel.ResourceOwner).Aggregate), @@ -76,14 +76,14 @@ func (c *Commands) CreateOTPEmailChallenge() SessionCommand { func (c *Commands) createOTPEmailChallenge(returnCode bool, urlTmpl string, dst *string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) error { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing") } writeModel := NewHumanOTPEmailWriteModel(cmd.sessionWriteModel.UserID, "") if err := cmd.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil { return err } if !writeModel.OTPAdded() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady") } code, err := cmd.createCode(ctx, cmd.eventstore.Filter, domain.SecretGeneratorTypeOTPEmail, cmd.otpAlg, c.defaultSecretGenerators.OTPEmail) if err != nil { @@ -104,7 +104,7 @@ func (c *Commands) OTPEmailSent(ctx context.Context, sessionID, resourceOwner st return err } if sessionWriteModel.OTPEmailCodeChallenge == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SLr02", "Errors.User.Code.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SLr02", "Errors.User.Code.NotFound") } return c.pushAppendAndReduce(ctx, sessionWriteModel, session.NewOTPEmailSentEvent(ctx, &session.NewAggregate(sessionID, sessionWriteModel.ResourceOwner).Aggregate), @@ -114,11 +114,11 @@ func (c *Commands) OTPEmailSent(ctx context.Context, sessionID, resourceOwner st func CheckOTPSMS(code string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) (err error) { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-VDrh3", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-VDrh3", "Errors.User.UserIDMissing") } challenge := cmd.sessionWriteModel.OTPSMSCodeChallenge if challenge == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SF3tv", "Errors.User.Code.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SF3tv", "Errors.User.Code.NotFound") } err = crypto.VerifyCodeWithAlgorithm(challenge.CreationDate, challenge.Expiry, challenge.Code, code, cmd.otpAlg) if err != nil { @@ -132,11 +132,11 @@ func CheckOTPSMS(code string) SessionCommand { func CheckOTPEmail(code string) SessionCommand { return func(ctx context.Context, cmd *SessionCommands) (err error) { if cmd.sessionWriteModel.UserID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-ejo2w", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-ejo2w", "Errors.User.UserIDMissing") } challenge := cmd.sessionWriteModel.OTPEmailCodeChallenge if challenge == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-zF3g3", "Errors.User.Code.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-zF3g3", "Errors.User.Code.NotFound") } err = crypto.VerifyCodeWithAlgorithm(challenge.CreationDate, challenge.Expiry, challenge.Code, code, cmd.otpAlg) if err != nil { diff --git a/internal/command/session_otp_test.go b/internal/command/session_otp_test.go index 10801d79b2..f4db8241ce 100644 --- a/internal/command/session_otp_test.go +++ b/internal/command/session_otp_test.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_CreateOTPSMSChallengeReturnCode(t *testing.T) { @@ -39,7 +39,7 @@ func TestCommands_CreateOTPSMSChallengeReturnCode(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing"), }, }, { @@ -51,7 +51,7 @@ func TestCommands_CreateOTPSMSChallengeReturnCode(t *testing.T) { ), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -140,7 +140,7 @@ func TestCommands_CreateOTPSMSChallenge(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKL3g", "Errors.User.UserIDMissing"), }, }, { @@ -152,7 +152,7 @@ func TestCommands_CreateOTPSMSChallenge(t *testing.T) { ), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-BJ2g3", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -244,7 +244,7 @@ func TestCommands_OTPSMSSent(t *testing.T) { sessionID: "sessionID", resourceOwner: "instanceID", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-G3t31", "Errors.User.Code.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-G3t31", "Errors.User.Code.NotFound"), }, { name: "challenged and sent", @@ -317,7 +317,7 @@ func TestCommands_CreateOTPEmailChallengeURLTemplate(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - templateError: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), + templateError: zerrors.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), }, }, { @@ -329,7 +329,7 @@ func TestCommands_CreateOTPEmailChallengeURLTemplate(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), }, }, { @@ -344,7 +344,7 @@ func TestCommands_CreateOTPEmailChallengeURLTemplate(t *testing.T) { ), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -439,7 +439,7 @@ func TestCommands_CreateOTPEmailChallengeReturnCode(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), }, }, { @@ -451,7 +451,7 @@ func TestCommands_CreateOTPEmailChallengeReturnCode(t *testing.T) { ), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -540,7 +540,7 @@ func TestCommands_CreateOTPEmailChallenge(t *testing.T) { eventstore: expectEventstore(), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JK3gp", "Errors.User.UserIDMissing"), }, }, { @@ -552,7 +552,7 @@ func TestCommands_CreateOTPEmailChallenge(t *testing.T) { ), }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-JKLJ3", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -645,7 +645,7 @@ func TestCommands_OTPEmailSent(t *testing.T) { sessionID: "sessionID", resourceOwner: "instanceID", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SLr02", "Errors.User.Code.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SLr02", "Errors.User.Code.NotFound"), }, { name: "challenged and sent", @@ -720,7 +720,7 @@ func TestCheckOTPSMS(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-VDrh3", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-VDrh3", "Errors.User.UserIDMissing"), }, }, { @@ -734,7 +734,7 @@ func TestCheckOTPSMS(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SF3tv", "Errors.User.Code.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SF3tv", "Errors.User.Code.NotFound"), }, }, { @@ -758,7 +758,7 @@ func TestCheckOTPSMS(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired"), + err: zerrors.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired"), }, }, { @@ -848,7 +848,7 @@ func TestCheckOTPEmail(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-ejo2w", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-ejo2w", "Errors.User.UserIDMissing"), }, }, { @@ -862,7 +862,7 @@ func TestCheckOTPEmail(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-zF3g3", "Errors.User.Code.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-zF3g3", "Errors.User.Code.NotFound"), }, }, { @@ -886,7 +886,7 @@ func TestCheckOTPEmail(t *testing.T) { code: "code", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired"), + err: zerrors.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired"), }, }, { diff --git a/internal/command/session_test.go b/internal/command/session_test.go index b4f6c8123e..16308432b3 100644 --- a/internal/command/session_test.go +++ b/internal/command/session_test.go @@ -18,13 +18,13 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/idpintent" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSessionCommands_getHumanWriteModel(t *testing.T) { @@ -51,7 +51,7 @@ func TestSessionCommands_getHumanWriteModel(t *testing.T) { }, res: res{ want: nil, - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing"), }, }, { @@ -95,7 +95,7 @@ func TestSessionCommands_getHumanWriteModel(t *testing.T) { }, res: res{ want: nil, - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4b3", "Errors.User.NotFound"), }, }, { @@ -168,14 +168,14 @@ func TestCommands_CreateSession(t *testing.T) { { "id generator fails", fields{ - idGenerator: mock.NewIDGeneratorExpectError(t, caos_errs.ThrowInternal(nil, "id", "generator failed")), + idGenerator: mock.NewIDGeneratorExpectError(t, zerrors.ThrowInternal(nil, "id", "generator failed")), }, args{ ctx: context.Background(), }, []expect{}, res{ - err: caos_errs.ThrowInternal(nil, "id", "generator failed"), + err: zerrors.ThrowInternal(nil, "id", "generator failed"), }, }, { @@ -187,10 +187,10 @@ func TestCommands_CreateSession(t *testing.T) { ctx: context.Background(), }, []expect{ - expectFilterError(caos_errs.ThrowInternal(nil, "id", "filter failed")), + expectFilterError(zerrors.ThrowInternal(nil, "id", "filter failed")), }, res{ - err: caos_errs.ThrowInternal(nil, "id", "filter failed"), + err: zerrors.ThrowInternal(nil, "id", "filter failed"), }, }, { @@ -217,7 +217,7 @@ func TestCommands_CreateSession(t *testing.T) { expectFilter(), }, res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime"), }, }, { @@ -309,14 +309,14 @@ func TestCommands_UpdateSession(t *testing.T) { "eventstore failed", fields{ eventstore: eventstoreExpect(t, - expectFilterError(caos_errs.ThrowInternal(nil, "id", "filter failed")), + expectFilterError(zerrors.ThrowInternal(nil, "id", "filter failed")), ), }, args{ ctx: context.Background(), }, res{ - err: caos_errs.ThrowInternal(nil, "id", "filter failed"), + err: zerrors.ThrowInternal(nil, "id", "filter failed"), }, }, { @@ -347,7 +347,7 @@ func TestCommands_UpdateSession(t *testing.T) { sessionToken: "invalid", }, res{ - err: caos_errs.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), + err: zerrors.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), }, }, { @@ -450,7 +450,7 @@ func TestCommands_updateSession(t *testing.T) { }, }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Hewfq", "Errors.Session.Terminated"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Hewfq", "Errors.Session.Terminated"), }, }, { @@ -464,13 +464,13 @@ func TestCommands_updateSession(t *testing.T) { sessionWriteModel: NewSessionWriteModel("sessionID", "instance1"), sessionCommands: []SessionCommand{ func(ctx context.Context, cmd *SessionCommands) error { - return caos_errs.ThrowInternal(nil, "id", "check failed") + return zerrors.ThrowInternal(nil, "id", "check failed") }, }, }, }, res{ - err: caos_errs.ThrowInternal(nil, "id", "check failed"), + err: zerrors.ThrowInternal(nil, "id", "check failed"), }, }, { @@ -487,11 +487,9 @@ func TestCommands_updateSession(t *testing.T) { }, res{ want: &SessionChanged{ - ObjectDetails: &domain.ObjectDetails{ - ResourceOwner: "instance1", - }, - ID: "sessionID", - NewToken: "", + ObjectDetails: &domain.ObjectDetails{}, + ID: "sessionID", + NewToken: "", }, }, }, @@ -518,7 +516,7 @@ func TestCommands_updateSession(t *testing.T) { lifetime: -10 * time.Minute, }, res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-asEG4", "Errors.Session.PositiveLifetime"), }, }, { @@ -662,7 +660,7 @@ func TestCommands_updateSession(t *testing.T) { }, }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded"), }, }, { @@ -711,7 +709,7 @@ func TestCommands_updateSession(t *testing.T) { }, }, res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser"), }, }, { @@ -743,7 +741,7 @@ func TestCommands_updateSession(t *testing.T) { }, }, res{ - err: caos_errs.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken"), + err: zerrors.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken"), }, }, { @@ -859,7 +857,7 @@ func TestCheckTOTP(t *testing.T) { }, eventstore: expectEventstore(), }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Neil7", "Errors.User.UserIDMissing"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Neil7", "Errors.User.UserIDMissing"), }, { name: "filter error", @@ -893,7 +891,7 @@ func TestCheckTOTP(t *testing.T) { ), ), }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-eej1U", "Errors.User.MFA.OTP.NotReady"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-eej1U", "Errors.User.MFA.OTP.NotReady"), }, { name: "otp verify error", @@ -915,7 +913,7 @@ func TestCheckTOTP(t *testing.T) { ), ), }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode"), }, { name: "ok", @@ -982,14 +980,14 @@ func TestCommands_TerminateSession(t *testing.T) { "eventstore failed", fields{ eventstore: expectEventstore( - expectFilterError(caos_errs.ThrowInternal(nil, "id", "filter failed")), + expectFilterError(zerrors.ThrowInternal(nil, "id", "filter failed")), ), }, args{ ctx: context.Background(), }, res{ - err: caos_errs.ThrowInternal(nil, "id", "filter failed"), + err: zerrors.ThrowInternal(nil, "id", "filter failed"), }, }, { @@ -1020,7 +1018,7 @@ func TestCommands_TerminateSession(t *testing.T) { sessionToken: "invalid", }, res{ - err: caos_errs.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), + err: zerrors.ThrowPermissionDenied(nil, "COMMAND-sGr42", "Errors.Session.Token.Invalid"), }, }, { @@ -1051,7 +1049,7 @@ func TestCommands_TerminateSession(t *testing.T) { sessionToken: "", }, res{ - err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + err: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, }, { @@ -1112,7 +1110,7 @@ func TestCommands_TerminateSession(t *testing.T) { ), ), expectPushFailed( - caos_errs.ThrowInternal(nil, "id", "pushed failed"), + zerrors.ThrowInternal(nil, "id", "pushed failed"), session.NewTerminateEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate), ), ), @@ -1126,7 +1124,7 @@ func TestCommands_TerminateSession(t *testing.T) { sessionToken: "token", }, res{ - err: caos_errs.ThrowInternal(nil, "id", "pushed failed"), + err: zerrors.ThrowInternal(nil, "id", "pushed failed"), }, }, { @@ -1251,6 +1249,52 @@ func TestCommands_TerminateSession(t *testing.T) { }, }, }, + { + "terminate session owned by org with permission", + fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + session.NewAddedEvent(context.Background(), + &session.NewAggregate("sessionID", "instance1").Aggregate, + &domain.UserAgent{ + FingerprintID: gu.Ptr("fp1"), + IP: net.ParseIP("1.2.3.4"), + Description: gu.Ptr("firefox"), + Header: http.Header{"foo": []string{"bar"}}, + }, + ), + ), + eventFromEventPusher( + session.NewUserCheckedEvent(context.Background(), &session.NewAggregate("sessionID", "org2").Aggregate, + "userID", "", testNow), + ), + eventFromEventPusher( + session.NewTokenSetEvent(context.Background(), &session.NewAggregate("sessionID", "org2").Aggregate, + "tokenID"), + ), + ), + expectFilter( + user.NewHumanAddedEvent(context.Background(), &user.NewAggregate("userID", "org1").Aggregate, + "username", "firstname", "lastname", "nickname", "displayname", language.English, domain.GenderUnspecified, "email", false), + ), + expectPush( + session.NewTerminateEvent(authz.NewMockContext("instance1", "org1", "admin1"), &session.NewAggregate("sessionID", "instance1").Aggregate), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args{ + ctx: authz.NewMockContext("instance1", "org1", "admin1"), + sessionID: "sessionID", + sessionToken: "", + }, + res{ + want: &domain.ObjectDetails{ + ResourceOwner: "instance1", + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/command/session_webauhtn.go b/internal/command/session_webauhtn.go index 991a519886..680b641a55 100644 --- a/internal/command/session_webauhtn.go +++ b/internal/command/session_webauhtn.go @@ -5,7 +5,7 @@ import ( "encoding/json" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type humanWebAuthNTokens struct { @@ -51,7 +51,7 @@ func (c *Commands) CreateWebAuthNChallenge(userVerification domain.UserVerificat return err } if err = json.Unmarshal(webAuthNLogin.CredentialAssertionData, dst); err != nil { - return caos_errs.ThrowInternal(err, "COMMAND-Yah6A", "Errors.Internal") + return zerrors.ThrowInternal(err, "COMMAND-Yah6A", "Errors.Internal") } cmd.WebAuthNChallenged(ctx, webAuthNLogin.Challenge, webAuthNLogin.AllowedCredentialIDs, webAuthNLogin.UserVerification, rpid) @@ -63,11 +63,11 @@ func (c *Commands) CheckWebAuthN(credentialAssertionData json.Marshaler) Session return func(ctx context.Context, cmd *SessionCommands) error { credentialAssertionData, err := json.Marshal(credentialAssertionData) if err != nil { - return caos_errs.ThrowInternal(err, "COMMAND-ohG2o", "Errors.Internal") + return zerrors.ThrowInternal(err, "COMMAND-ohG2o", "Errors.Internal") } challenge := cmd.sessionWriteModel.WebAuthNChallenge if challenge == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Ioqu5", "Errors.Session.WebAuthN.NoChallenge") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Ioqu5", "Errors.Session.WebAuthN.NoChallenge") } webAuthNTokens, err := cmd.getHumanWebAuthNTokens(ctx, challenge.UserVerification) if err != nil { @@ -81,7 +81,7 @@ func (c *Commands) CheckWebAuthN(credentialAssertionData json.Marshaler) Session } _, token := domain.GetTokenByKeyID(webAuthNTokens.tokens, credential.ID) if token == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Aej7i", "Errors.User.WebAuthN.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Aej7i", "Errors.User.WebAuthN.NotFound") } cmd.WebAuthNChecked(ctx, cmd.now(), token.WebAuthNTokenID, credential.Authenticator.SignCount, credential.Flags.UserVerified) return nil diff --git a/internal/command/session_webauthn_test.go b/internal/command/session_webauthn_test.go index 3352286eb2..e649cb6c37 100644 --- a/internal/command/session_webauthn_test.go +++ b/internal/command/session_webauthn_test.go @@ -10,11 +10,11 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSessionCommands_getHumanWebAuthNTokens(t *testing.T) { @@ -48,7 +48,7 @@ func TestSessionCommands_getHumanWebAuthNTokens(t *testing.T) { }, res: res{ want: nil, - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-eeR2e", "Errors.User.UserIDMissing"), }, }, { diff --git a/internal/command/sms_config.go b/internal/command/sms_config.go index 0d37d2b12f..cd5e38e518 100644 --- a/internal/command/sms_config.go +++ b/internal/command/sms_config.go @@ -5,9 +5,9 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels/twilio" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddSMSConfigTwilio(ctx context.Context, instanceID string, config *twilio.Config) (string, *domain.ObjectDetails, error) { @@ -48,14 +48,14 @@ func (c *Commands) AddSMSConfigTwilio(ctx context.Context, instanceID string, co func (c *Commands) ChangeSMSConfigTwilio(ctx context.Context, instanceID, id string, config *twilio.Config) (*domain.ObjectDetails, error) { if id == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "SMS-e9jwf", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "SMS-e9jwf", "Errors.IDMissing") } smsConfigWriteModel, err := c.getSMSConfig(ctx, instanceID, id) if err != nil { return nil, err } if !smsConfigWriteModel.State.Exists() || smsConfigWriteModel.Twilio == nil { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2m9fw", "Errors.SMSConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2m9fw", "Errors.SMSConfig.NotFound") } iamAgg := InstanceAggregateFromWriteModel(&smsConfigWriteModel.WriteModel) @@ -69,7 +69,7 @@ func (c *Commands) ChangeSMSConfigTwilio(ctx context.Context, instanceID, id str return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-jf9wk", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-jf9wk", "Errors.NoChangesFound") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { @@ -88,7 +88,7 @@ func (c *Commands) ChangeSMSConfigTwilioToken(ctx context.Context, instanceID, i return nil, err } if !smsConfigWriteModel.State.Exists() || smsConfigWriteModel.Twilio == nil { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-fj9wf", "Errors.SMSConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-fj9wf", "Errors.SMSConfig.NotFound") } iamAgg := InstanceAggregateFromWriteModel(&smsConfigWriteModel.WriteModel) newtoken, err := crypto.Encrypt([]byte(token), c.smsEncryption) @@ -112,7 +112,7 @@ func (c *Commands) ChangeSMSConfigTwilioToken(ctx context.Context, instanceID, i func (c *Commands) ActivateSMSConfig(ctx context.Context, instanceID, id string) (*domain.ObjectDetails, error) { if id == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "SMS-dn93n", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "SMS-dn93n", "Errors.IDMissing") } smsConfigWriteModel, err := c.getSMSConfig(ctx, instanceID, id) if err != nil { @@ -120,10 +120,10 @@ func (c *Commands) ActivateSMSConfig(ctx context.Context, instanceID, id string) } if !smsConfigWriteModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.NotFound") } if smsConfigWriteModel.State == domain.SMSConfigStateActive { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.AlreadyActive") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.AlreadyActive") } iamAgg := InstanceAggregateFromWriteModel(&smsConfigWriteModel.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMSConfigTwilioActivatedEvent( @@ -142,17 +142,17 @@ func (c *Commands) ActivateSMSConfig(ctx context.Context, instanceID, id string) func (c *Commands) DeactivateSMSConfig(ctx context.Context, instanceID, id string) (*domain.ObjectDetails, error) { if id == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "SMS-frkwf", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "SMS-frkwf", "Errors.IDMissing") } smsConfigWriteModel, err := c.getSMSConfig(ctx, instanceID, id) if err != nil { return nil, err } if !smsConfigWriteModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-s39Kg", "Errors.SMSConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-s39Kg", "Errors.SMSConfig.NotFound") } if smsConfigWriteModel.State == domain.SMSConfigStateInactive { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-dm9e3", "Errors.SMSConfig.AlreadyDeactivated") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-dm9e3", "Errors.SMSConfig.AlreadyDeactivated") } iamAgg := InstanceAggregateFromWriteModel(&smsConfigWriteModel.WriteModel) @@ -172,14 +172,14 @@ func (c *Commands) DeactivateSMSConfig(ctx context.Context, instanceID, id strin func (c *Commands) RemoveSMSConfig(ctx context.Context, instanceID, id string) (*domain.ObjectDetails, error) { if id == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "SMS-3j9fs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "SMS-3j9fs", "Errors.IDMissing") } smsConfigWriteModel, err := c.getSMSConfig(ctx, instanceID, id) if err != nil { return nil, err } if !smsConfigWriteModel.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-sn9we", "Errors.SMSConfig.NotFound") } iamAgg := InstanceAggregateFromWriteModel(&smsConfigWriteModel.WriteModel) diff --git a/internal/command/sms_config_test.go b/internal/command/sms_config_test.go index 49a476d1da..b79ab25519 100644 --- a/internal/command/sms_config_test.go +++ b/internal/command/sms_config_test.go @@ -9,12 +9,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/notification/channels/twilio" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddSMSConfigTwilio(t *testing.T) { @@ -132,7 +132,7 @@ func TestCommandSide_ChangeSMSConfigTwilio(t *testing.T) { sms: &twilio.Config{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -150,7 +150,7 @@ func TestCommandSide_ChangeSMSConfigTwilio(t *testing.T) { id: "id", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -188,7 +188,7 @@ func TestCommandSide_ChangeSMSConfigTwilio(t *testing.T) { id: "providerid", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -289,7 +289,7 @@ func TestCommandSide_ActivateSMSConfigTwilio(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -306,7 +306,7 @@ func TestCommandSide_ActivateSMSConfigTwilio(t *testing.T) { id: "id", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -396,7 +396,7 @@ func TestCommandSide_DeactivateSMSConfigTwilio(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -413,7 +413,7 @@ func TestCommandSide_DeactivateSMSConfigTwilio(t *testing.T) { id: "id", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -510,7 +510,7 @@ func TestCommandSide_RemoveSMSConfig(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -527,7 +527,7 @@ func TestCommandSide_RemoveSMSConfig(t *testing.T) { id: "id", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/smtp.go b/internal/command/smtp.go index 2f7ea95f22..c52dd98f0c 100644 --- a/internal/command/smtp.go +++ b/internal/command/smtp.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/smtp" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddSMTPConfig(ctx context.Context, config *smtp.Config) (*domain.ObjectDetails, error) { @@ -58,7 +58,7 @@ func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string return nil, err } if smtpConfigWriteModel.State != domain.SMTPConfigStateActive { - return nil, errors.ThrowNotFound(nil, "COMMAND-3n9ls", "Errors.SMTPConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3n9ls", "Errors.SMTPConfig.NotFound") } var smtpPassword *crypto.CryptoValue if password != "" { @@ -102,14 +102,14 @@ func (c *Commands) RemoveSMTPConfig(ctx context.Context) (*domain.ObjectDetails, func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation { return func() (preparation.CreateCommands, error) { if from = strings.TrimSpace(from); from == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument") } replyTo = strings.TrimSpace(replyTo) hostAndPort = strings.TrimSpace(hostAndPort) if _, _, err := net.SplitHostPort(hostAndPort); err != nil { - return nil, errors.ThrowInvalidArgument(nil, "INST-9JdRe", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-9JdRe", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { fromSplitted := strings.Split(from, "@") @@ -119,7 +119,7 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, reply return nil, err } if writeModel.State == domain.SMTPConfigStateActive { - return nil, errors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "INST-W3VS2", "Errors.SMTPConfig.AlreadyExists") } err = checkSenderAddress(writeModel) if err != nil { @@ -152,13 +152,13 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, reply func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, replyTo, hostAndPort, user string, tls bool) preparation.Validation { return func() (preparation.CreateCommands, error) { if from = strings.TrimSpace(from); from == "" { - return nil, errors.ThrowInvalidArgument(nil, "INST-ASv2d", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-ASv2d", "Errors.Invalid.Argument") } replyTo = strings.TrimSpace(replyTo) hostAndPort = strings.TrimSpace(hostAndPort) if _, _, err := net.SplitHostPort(hostAndPort); err != nil { - return nil, errors.ThrowInvalidArgument(nil, "INST-Kv875", "Errors.Invalid.Argument") + return nil, zerrors.ThrowInvalidArgument(nil, "INST-Kv875", "Errors.Invalid.Argument") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { fromSplitted := strings.Split(from, "@") @@ -168,7 +168,7 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, re return nil, err } if writeModel.State != domain.SMTPConfigStateActive { - return nil, errors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound") } err = checkSenderAddress(writeModel) if err != nil { @@ -188,7 +188,7 @@ func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, re return nil, err } if !hasChanged { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound") } return []eventstore.Command{ changedEvent, @@ -205,7 +205,7 @@ func (c *Commands) prepareRemoveSMTPConfig(a *instance.Aggregate) preparation.Va return nil, err } if writeModel.State != domain.SMTPConfigStateActive { - return nil, errors.ThrowNotFound(nil, "INST-Sfefg", "Errors.SMTPConfig.NotFound") + return nil, zerrors.ThrowNotFound(nil, "INST-Sfefg", "Errors.SMTPConfig.NotFound") } return []eventstore.Command{ instance.NewSMTPConfigRemovedEvent(ctx, &a.Aggregate), @@ -219,7 +219,7 @@ func checkSenderAddress(writeModel *InstanceSMTPConfigWriteModel) error { return nil } if !writeModel.domainState.Exists() { - return errors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain") + return zerrors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain") } return nil } diff --git a/internal/command/smtp_test.go b/internal/command/smtp_test.go index 10a7aff441..bb46968da6 100644 --- a/internal/command/smtp_test.go +++ b/internal/command/smtp_test.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/channels/smtp" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddSMTPConfig(t *testing.T) { @@ -66,7 +66,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -118,7 +118,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, { @@ -261,7 +261,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -283,7 +283,7 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -397,7 +397,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { smtp: &smtp.Config{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -421,7 +421,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -472,7 +472,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -523,7 +523,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -610,7 +610,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -632,7 +632,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -752,7 +752,7 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) { password: "", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -851,7 +851,7 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/unique_constraints_model.go b/internal/command/unique_constraints_model.go index 9b71b0e7a1..d70b621b27 100644 --- a/internal/command/unique_constraints_model.go +++ b/internal/command/unique_constraints_model.go @@ -2,303 +2,8 @@ package command import ( "context" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/repository/idpconfig" - "github.com/zitadel/zitadel/internal/repository/instance" - "github.com/zitadel/zitadel/internal/repository/member" - "github.com/zitadel/zitadel/internal/repository/org" - "github.com/zitadel/zitadel/internal/repository/policy" - "github.com/zitadel/zitadel/internal/repository/project" - "github.com/zitadel/zitadel/internal/repository/user" - "github.com/zitadel/zitadel/internal/repository/usergrant" ) -type UniqueConstraintReadModel struct { - eventstore.WriteModel - - UniqueConstraints []*domain.UniqueConstraintMigration - commandProvider commandProvider - ctx context.Context -} - type commandProvider interface { - getOrgDomainPolicy(ctx context.Context, orgID string) (*domain.DomainPolicy, error) -} - -func NewUniqueConstraintReadModel(ctx context.Context, provider commandProvider) *UniqueConstraintReadModel { - return &UniqueConstraintReadModel{ - ctx: ctx, - commandProvider: provider, - } -} - -func (rm *UniqueConstraintReadModel) AppendEvents(events ...eventstore.Event) { - rm.WriteModel.AppendEvents(events...) -} - -func (rm *UniqueConstraintReadModel) Reduce() error { - for _, event := range rm.Events { - switch e := event.(type) { - case *org.OrgAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgNameUniqueConstraint(e.Name)) - case *org.OrgChangedEvent: - rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgNameUniqueConstraint(e.Name)) - case *org.DomainVerifiedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgDomainUniqueConstraint(e.Domain)) - case *org.DomainRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.UniqueOrgDomain) - case *instance.IDPConfigAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner)) - case *instance.IDPConfigChangedEvent: - if e.Name == nil { - continue - } - rm.changeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner)) - case *instance.IDPConfigRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.UniqueIDPConfigNameType) - case *org.IDPConfigAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner)) - case *org.IDPConfigChangedEvent: - if e.Name == nil { - continue - } - rm.changeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner)) - case *org.IDPConfigRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.UniqueIDPConfigNameType) - case *instance.MailTextAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.Aggregate().ID, e.MailTextType, e.Language)) - case *org.MailTextAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.Aggregate().ID, e.MailTextType, e.Language)) - case *org.MailTextRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.UniqueMailText) - case *project.ProjectAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.NewAddProjectNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner)) - case *project.ProjectChangeEvent: - if e.Name == nil { - continue - } - rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.NewAddProjectNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner)) - case *project.ProjectRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.UniqueProjectnameType) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, project.UniqueAppNameType) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, member.UniqueMember) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, project.UniqueRoleType) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, project.UniqueGrantType) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, project.UniqueProjectGrantMemberType) - case *project.ApplicationAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.Aggregate().ID)) - case *project.ApplicationChangedEvent: - rm.changeUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.Aggregate().ID)) - case *project.SAMLConfigAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewAddSAMLConfigEntityIDUniqueConstraint(e.EntityID)) - case *project.SAMLConfigChangedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewRemoveSAMLConfigEntityIDUniqueConstraint(e.EntityID)) - case *project.ApplicationRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.AppID, project.UniqueAppNameType) - case *project.GrantAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.GrantID, project.NewAddProjectGrantUniqueConstraint(e.GrantedOrgID, e.Aggregate().ID)) - case *project.GrantRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.GrantID, project.UniqueGrantType) - case *project.GrantMemberAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.GrantID+e.UserID, project.NewAddProjectGrantMemberUniqueConstraint(e.Aggregate().ID, e.UserID, e.GrantID)) - case *project.GrantMemberRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.GrantID+e.UserID, project.UniqueProjectGrantMemberType) - case *project.GrantMemberCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.GrantID+e.UserID, project.UniqueProjectGrantMemberType) - case *project.RoleAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.Key, project.NewAddProjectRoleUniqueConstraint(e.Key, e.Aggregate().ID)) - case *project.RoleRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Key, project.UniqueRoleType) - case *user.HumanAddedEvent: - policy, err := rm.commandProvider.getOrgDomainPolicy(rm.ctx, e.Aggregate().ResourceOwner) - if err != nil { - logging.Log("COMMAND-0k9Gs").WithError(err).Error("could not read policy for human added event unique constraint") - continue - } - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain)) - case *user.HumanRegisteredEvent: - policy, err := rm.commandProvider.getOrgDomainPolicy(rm.ctx, e.Aggregate().ResourceOwner) - if err != nil { - logging.Log("COMMAND-m9fod").WithError(err).Error("could not read policy for human registered event unique constraint") - continue - } - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain)) - case *user.MachineAddedEvent: - policy, err := rm.commandProvider.getOrgDomainPolicy(rm.ctx, e.Aggregate().ResourceOwner) - if err != nil { - logging.Log("COMMAND-2n8vs").WithError(err).Error("could not read policy for machine added event unique constraint") - continue - } - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain)) - case *user.UserRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.UniqueUsername) - rm.listRemoveUniqueConstraint(e.Aggregate().ID, user.UniqueUserIDPLinkType) - case *user.UsernameChangedEvent: - policy, err := rm.commandProvider.getOrgDomainPolicy(rm.ctx, e.Aggregate().ResourceOwner) - if err != nil { - logging.Log("COMMAND-5n8gk").WithError(err).Error("could not read policy for username changed event unique constraint") - continue - } - rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain)) - case *user.DomainClaimedEvent: - policy, err := rm.commandProvider.getOrgDomainPolicy(rm.ctx, e.Aggregate().ResourceOwner) - if err != nil { - logging.Log("COMMAND-xb8uf").WithError(err).Error("could not read policy for domain claimed event unique constraint") - continue - } - rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain)) - case *user.UserIDPLinkAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.NewAddUserIDPLinkUniqueConstraint(e.IDPConfigID, e.ExternalUserID)) - case *user.UserIDPLinkRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.UniqueUserIDPLinkType) - case *user.UserIDPLinkCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.UniqueUserIDPLinkType) - case *usergrant.UserGrantAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.NewAddUserGrantUniqueConstraint(e.Aggregate().ResourceOwner, e.UserID, e.ProjectID, e.ProjectGrantID)) - case *usergrant.UserGrantRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.UniqueUserGrant) - case *usergrant.UserGrantCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.UniqueUserGrant) - case *instance.MemberAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID)) - case *instance.MemberRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - case *instance.MemberCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - case *org.MemberAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID)) - case *org.MemberRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - case *org.MemberCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - case *project.MemberAddedEvent: - rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID)) - case *project.MemberRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - case *project.MemberCascadeRemovedEvent: - rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember) - } - } - return rm.WriteModel.Reduce() -} - -func (rm *UniqueConstraintReadModel) Query() *eventstore.SearchQueryBuilder { - return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). - AddQuery().AggregateTypes( - instance.AggregateType, - org.AggregateType, - project.AggregateType, - user.AggregateType, - usergrant.AggregateType). - EventTypes( - org.OrgAddedEventType, - org.OrgChangedEventType, - org.OrgDomainVerifiedEventType, - org.OrgDomainRemovedEventType, - instance.IDPConfigAddedEventType, - instance.IDPConfigChangedEventType, - instance.IDPConfigRemovedEventType, - org.IDPConfigAddedEventType, - org.IDPConfigChangedEventType, - org.IDPConfigRemovedEventType, - instance.MailTextAddedEventType, - org.MailTextAddedEventType, - org.MailTextRemovedEventType, - project.ProjectAddedType, - project.ProjectChangedType, - project.ProjectRemovedType, - project.ApplicationAddedType, - project.ApplicationChangedType, - project.ApplicationRemovedType, - project.GrantAddedType, - project.GrantRemovedType, - project.GrantMemberAddedType, - project.GrantMemberRemovedType, - project.GrantMemberCascadeRemovedType, - project.RoleAddedType, - project.RoleRemovedType, - user.UserV1AddedType, - user.UserV1RegisteredType, - user.HumanAddedType, - user.HumanRegisteredType, - user.MachineAddedEventType, - user.UserUserNameChangedType, - user.UserDomainClaimedType, - user.UserRemovedType, - user.UserIDPLinkAddedType, - user.UserIDPLinkRemovedType, - user.UserIDPLinkCascadeRemovedType, - usergrant.UserGrantAddedType, - usergrant.UserGrantRemovedType, - usergrant.UserGrantCascadeRemovedType, - instance.MemberAddedEventType, - instance.MemberRemovedEventType, - instance.MemberCascadeRemovedEventType, - org.MemberAddedEventType, - org.MemberRemovedEventType, - org.MemberCascadeRemovedEventType, - project.MemberAddedType, - project.MemberRemovedType, - project.MemberCascadeRemovedType). - Builder() -} - -func (rm *UniqueConstraintReadModel) getUniqueConstraint(aggregateID, objectID, constraintType string) *domain.UniqueConstraintMigration { - for _, uniqueConstraint := range rm.UniqueConstraints { - if uniqueConstraint.AggregateID == aggregateID && uniqueConstraint.ObjectID == objectID && uniqueConstraint.UniqueType == constraintType { - return uniqueConstraint - } - } - return nil -} - -func (rm *UniqueConstraintReadModel) addUniqueConstraint(aggregateID, objectID string, constraint *eventstore.UniqueConstraint) { - migrateUniqueConstraint := &domain.UniqueConstraintMigration{ - AggregateID: aggregateID, - ObjectID: objectID, - UniqueType: constraint.UniqueType, - UniqueField: constraint.UniqueField, - ErrorMessage: constraint.ErrorMessage, - } - rm.UniqueConstraints = append(rm.UniqueConstraints, migrateUniqueConstraint) -} - -func (rm *UniqueConstraintReadModel) changeUniqueConstraint(aggregateID, objectID string, constraint *eventstore.UniqueConstraint) { - for i, uniqueConstraint := range rm.UniqueConstraints { - if uniqueConstraint.AggregateID == aggregateID && uniqueConstraint.ObjectID == objectID && uniqueConstraint.UniqueType == constraint.UniqueType { - rm.UniqueConstraints[i] = &domain.UniqueConstraintMigration{ - AggregateID: aggregateID, - ObjectID: objectID, - UniqueType: constraint.UniqueType, - UniqueField: constraint.UniqueField, - ErrorMessage: constraint.ErrorMessage, - } - return - } - } -} - -func (rm *UniqueConstraintReadModel) removeUniqueConstraint(aggregateID, objectID, constraintType string) { - for i, uniqueConstraint := range rm.UniqueConstraints { - if uniqueConstraint.AggregateID == aggregateID && uniqueConstraint.ObjectID == objectID && uniqueConstraint.UniqueType == constraintType { - copy(rm.UniqueConstraints[i:], rm.UniqueConstraints[i+1:]) - rm.UniqueConstraints[len(rm.UniqueConstraints)-1] = nil - rm.UniqueConstraints = rm.UniqueConstraints[:len(rm.UniqueConstraints)-1] - return - } - } -} - -func (rm *UniqueConstraintReadModel) listRemoveUniqueConstraint(aggregateID, constraintType string) { - for i := len(rm.UniqueConstraints) - 1; i >= 0; i-- { - if rm.UniqueConstraints[i].AggregateID == aggregateID && rm.UniqueConstraints[i].UniqueType == constraintType { - copy(rm.UniqueConstraints[i:], rm.UniqueConstraints[i+1:]) - rm.UniqueConstraints[len(rm.UniqueConstraints)-1] = nil - rm.UniqueConstraints = rm.UniqueConstraints[:len(rm.UniqueConstraints)-1] - } - } + domainPolicyWriteModel(ctx context.Context, orgID string) (*PolicyDomainWriteModel, error) } diff --git a/internal/command/user.go b/internal/command/user.go index 15631a9609..19047cf2bc 100644 --- a/internal/command/user.go +++ b/internal/command/user.go @@ -12,17 +12,17 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName string) (*domain.ObjectDetails, error) { userName = strings.TrimSpace(userName) if orgID == "" || userID == "" || userName == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2N9fs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2N9fs", "Errors.IDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, orgID) @@ -31,16 +31,16 @@ func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName s } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound") } if existingUser.UserName == userName { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged") } - domainPolicy, err := c.getOrgDomainPolicy(ctx, orgID) + domainPolicy, err := c.domainPolicyWriteModel(ctx, orgID) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-38fnu", "Errors.Org.DomainPolicy.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-38fnu", "Errors.Org.DomainPolicy.NotExisting") } if !domainPolicy.UserLoginMustBeDomain { index := strings.LastIndex(userName, "@") @@ -50,7 +50,7 @@ func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName s return nil, err } if domainCheck.Verified && domainCheck.ResourceOwner != orgID { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Di2ei", "Errors.User.DomainNotAllowedAsUsername") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Di2ei", "Errors.User.DomainNotAllowedAsUsername") } } } @@ -70,7 +70,7 @@ func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName s func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner) @@ -78,13 +78,13 @@ func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner str return nil, err } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound") } if isUserStateInitial(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-ke0fw", "Errors.User.CantDeactivateInitial") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ke0fw", "Errors.User.CantDeactivateInitial") } if isUserStateInactive(existingUser.UserState) { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive") } pushedEvents, err := c.eventstore.Push(ctx, @@ -101,7 +101,7 @@ func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner str func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner) @@ -109,10 +109,10 @@ func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner str return nil, err } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound") } if !isUserStateInactive(existingUser.UserState) { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive") } pushedEvents, err := c.eventstore.Push(ctx, @@ -129,7 +129,7 @@ func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner str func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner) @@ -137,10 +137,10 @@ func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) ( return nil, err } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound") } if !hasUserState(existingUser.UserState, domain.UserStateActive, domain.UserStateInitial) { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial") } pushedEvents, err := c.eventstore.Push(ctx, @@ -157,7 +157,7 @@ func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) ( func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner) @@ -165,10 +165,10 @@ func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string) return nil, err } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound") } if !hasUserState(existingUser.UserState, domain.UserStateLocked) { - return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked") } pushedEvents, err := c.eventstore.Push(ctx, @@ -185,7 +185,7 @@ func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string) func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingUserMemberships []*CascadingMembership, cascadingGrantIDs ...string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner) @@ -193,12 +193,12 @@ func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string, return nil, err } if !isUserStateExists(existingUser.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-m9od", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-m9od", "Errors.User.NotFound") } - domainPolicy, err := c.getOrgDomainPolicy(ctx, existingUser.ResourceOwner) + domainPolicy, err := c.domainPolicyWriteModel(ctx, existingUser.ResourceOwner) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotExisting") } var events []eventstore.Command userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) @@ -234,7 +234,7 @@ func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string, func (c *Commands) AddUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) { if userID == "" { //do not check for empty orgID (JWT Profile requests won't provide it, so service user requests fail) - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Dbge4", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Dbge4", "Errors.IDMissing") } userWriteModel := NewUserWriteModel(userID, orgID) event, accessToken, err := c.addUserToken(ctx, userWriteModel, agentID, clientID, "", audience, scopes, lifetime) @@ -270,7 +270,7 @@ func (c *Commands) addUserToken(ctx context.Context, userWriteModel *UserWriteMo return nil, nil, err } if userWriteModel.UserState != domain.UserStateActive { - return nil, nil, errors.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound") } audience = domain.AddAudScopeToAudience(ctx, audience, scopes) @@ -305,7 +305,7 @@ func (c *Commands) addUserToken(ctx context.Context, userWriteModel *UserWriteMo func (c *Commands) removeAccessToken(ctx context.Context, userID, orgID, tokenID string) (*user.UserTokenRemovedEvent, *UserAccessTokenWriteModel, error) { if userID == "" || orgID == "" || tokenID == "" { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-Dng42", "Errors.IDMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Dng42", "Errors.IDMissing") } refreshTokenWriteModel := NewUserAccessTokenWriteModel(userID, orgID, tokenID) err := c.eventstore.FilterToQueryReducer(ctx, refreshTokenWriteModel) @@ -313,7 +313,7 @@ func (c *Commands) removeAccessToken(ctx context.Context, userID, orgID, tokenID return nil, nil, err } if refreshTokenWriteModel.UserState != domain.UserStateActive { - return nil, nil, errors.ThrowNotFound(nil, "COMMAND-BF4hd", "Errors.User.AccessToken.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-BF4hd", "Errors.User.AccessToken.NotFound") } userAgg := UserAggregateFromWriteModel(&refreshTokenWriteModel.WriteModel) return user.NewUserTokenRemovedEvent(ctx, userAgg, tokenID), refreshTokenWriteModel, nil @@ -325,12 +325,12 @@ func (c *Commands) userDomainClaimed(ctx context.Context, userID string) (events return nil, nil, err } if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { - return nil, nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound") } changedUserGrant := NewUserWriteModel(userID, existingUser.ResourceOwner) userAgg := UserAggregateFromWriteModel(&changedUserGrant.WriteModel) - domainPolicy, err := c.getOrgDomainPolicy(ctx, existingUser.ResourceOwner) + domainPolicy, err := c.domainPolicyWriteModel(ctx, existingUser.ResourceOwner) if err != nil { return nil, nil, err } @@ -355,7 +355,7 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat return nil, err } if !userWriteModel.UserState.Exists() { - return nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound") } domainPolicy, err := domainPolicyWriteModel(ctx, filter, userWriteModel.ResourceOwner) if err != nil { @@ -378,14 +378,14 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat func (c *Commands) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-5m0fs", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-5m0fs", "Errors.IDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, orgID) if err != nil { return err } if !isUserStateExists(existingUser.UserState) { - return errors.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound") } _, err = c.eventstore.Push(ctx, @@ -399,7 +399,7 @@ func (c *Commands) checkUserExists(ctx context.Context, userID, resourceOwner st return err } if !isUserStateExists(existingUser.UserState) { - return errors.ThrowPreconditionFailed(nil, "COMMAND-uXHNj", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-uXHNj", "Errors.User.NotFound") } return nil } diff --git a/internal/command/user_domain_policy.go b/internal/command/user_domain_policy.go index ca8f68e1cd..2226608ff1 100644 --- a/internal/command/user_domain_policy.go +++ b/internal/command/user_domain_policy.go @@ -4,9 +4,10 @@ import ( "context" "github.com/zitadel/zitadel/internal/command/preparation" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) +// Deprecated: User commands.domainPolicyWriteModel directly, to remove use of eventstore.Filter function func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*PolicyDomainWriteModel, error) { wm, err := orgDomainPolicy(ctx, filter, orgID) if err != nil { @@ -22,9 +23,28 @@ func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQuer if instanceWriteModel != nil && instanceWriteModel.State.Exists() { return &instanceWriteModel.PolicyDomainWriteModel, err } - return nil, errors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal") } +func (c *Commands) domainPolicyWriteModel(ctx context.Context, orgID string) (*PolicyDomainWriteModel, error) { + wm, err := c.orgDomainPolicyWriteModel(ctx, orgID) + if err != nil { + return nil, err + } + if wm != nil && wm.State.Exists() { + return &wm.PolicyDomainWriteModel, err + } + instanceWriteModel, err := c.instanceDomainPolicyWriteModel(ctx) + if err != nil { + return nil, err + } + if instanceWriteModel != nil && instanceWriteModel.State.Exists() { + return &instanceWriteModel.PolicyDomainWriteModel, err + } + return nil, zerrors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal") +} + +// Deprecated: Use commands.orgDomainPolicyWriteModel directly, to remove use of eventstore.Filter function func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*OrgDomainPolicyWriteModel, error) { policy := NewOrgDomainPolicyWriteModel(orgID) events, err := filter(ctx, policy.Query()) @@ -39,6 +59,7 @@ func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReduce return policy, err } +// Deprecated: Use commands.instanceDomainPolicyWriteModel directly, to remove use of eventstore.Filter function func instanceDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer) (*InstanceDomainPolicyWriteModel, error) { policy := NewInstanceDomainPolicyWriteModel(ctx) events, err := filter(ctx, policy.Query()) diff --git a/internal/command/user_domain_policy_test.go b/internal/command/user_domain_policy_test.go index bfc458b930..a4813a3717 100644 --- a/internal/command/user_domain_policy_test.go +++ b/internal/command/user_domain_policy_test.go @@ -8,10 +8,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_customDomainPolicy(t *testing.T) { @@ -29,7 +29,7 @@ func Test_customDomainPolicy(t *testing.T) { name: "err from filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, orgID: "id", }, @@ -115,7 +115,7 @@ func Test_defaultDomainPolicy(t *testing.T) { name: "err from filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, }, want: nil, @@ -200,7 +200,7 @@ func Test_DomainPolicy(t *testing.T) { name: "err from filter custom", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, orgID: "id", }, @@ -244,7 +244,7 @@ func Test_DomainPolicy(t *testing.T) { return nil, nil }). Append(func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal") }). Filter(), orgID: "id", diff --git a/internal/command/user_grant.go b/internal/command/user_grant.go index 9acc79dc76..bc22e1af1f 100644 --- a/internal/command/user_grant.go +++ b/internal/command/user_grant.go @@ -5,9 +5,9 @@ import ( "reflect" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/usergrant" "github.com/zitadel/zitadel/internal/telemetry/tracing" ) @@ -31,7 +31,7 @@ func (c *Commands) AddUserGrant(ctx context.Context, usergrant *domain.UserGrant func (c *Commands) addUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (command eventstore.Command, _ *UserGrantWriteModel, err error) { if !userGrant.IsValid() { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-kVfMa", "Errors.UserGrant.Invalid") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-kVfMa", "Errors.UserGrant.Invalid") } err = c.checkUserGrantPreCondition(ctx, userGrant, resourceOwner) if err != nil { @@ -73,7 +73,7 @@ func (c *Commands) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGr func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.Command, _ *UserGrantWriteModel, err error) { if userGrant.AggregateID == "" { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid") } existingUserGrant, err := c.userGrantWriteModelByID(ctx, userGrant.AggregateID, userGrant.ResourceOwner) if err != nil { @@ -84,10 +84,10 @@ func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGr return nil, nil, err } if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") } if reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) { - return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged") } userGrant.ProjectID = existingUserGrant.ProjectID userGrant.ProjectGrantID = existingUserGrant.ProjectGrantID @@ -111,7 +111,7 @@ func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID stri return nil, err } if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") } keyExists := false for i, key := range existingUserGrant.RoleKeys { @@ -126,7 +126,7 @@ func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID stri } } if !keyExists { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.UserGrant.RoleKeyNotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.UserGrant.RoleKeyNotFound") } changedUserGrant := NewUserGrantWriteModel(userGrantID, existingUserGrant.ResourceOwner) userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel) @@ -140,7 +140,7 @@ func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID stri func (c *Commands) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (objectDetails *domain.ObjectDetails, err error) { if grantID == "" || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-N2OhG", "Errors.UserGrant.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-N2OhG", "Errors.UserGrant.IDMissing") } existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner) @@ -148,10 +148,10 @@ func (c *Commands) DeactivateUserGrant(ctx context.Context, grantID, resourceOwn return nil, err } if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") } if existingUserGrant.State != domain.UserGrantStateActive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1S9gx", "Errors.UserGrant.NotActive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1S9gx", "Errors.UserGrant.NotActive") } err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID) if err != nil { @@ -173,7 +173,7 @@ func (c *Commands) DeactivateUserGrant(ctx context.Context, grantID, resourceOwn func (c *Commands) ReactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (objectDetails *domain.ObjectDetails, err error) { if grantID == "" || resourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Qxy8v", "Errors.UserGrant.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Qxy8v", "Errors.UserGrant.IDMissing") } existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner) @@ -181,10 +181,10 @@ func (c *Commands) ReactivateUserGrant(ctx context.Context, grantID, resourceOwn return nil, err } if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Lp0gs", "Errors.UserGrant.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Lp0gs", "Errors.UserGrant.NotFound") } if existingUserGrant.State != domain.UserGrantStateInactive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1ML0v", "Errors.UserGrant.NotInactive") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1ML0v", "Errors.UserGrant.NotInactive") } err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID) if err != nil { @@ -222,7 +222,7 @@ func (c *Commands) RemoveUserGrant(ctx context.Context, grantID, resourceOwner s func (c *Commands) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, resourceOwner string) (err error) { if len(grantIDs) == 0 { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.UserGrant.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.UserGrant.IDMissing") } events := make([]eventstore.Command, len(grantIDs)) for i, grantID := range grantIDs { @@ -238,7 +238,7 @@ func (c *Commands) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, r func (c *Commands) removeUserGrant(ctx context.Context, grantID, resourceOwner string, cascade bool) (_ eventstore.Command, writeModel *UserGrantWriteModel, err error) { if grantID == "" { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing") } existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner) @@ -246,7 +246,7 @@ func (c *Commands) removeUserGrant(ctx context.Context, grantID, resourceOwner s return nil, nil, err } if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1My0t", "Errors.UserGrant.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-1My0t", "Errors.UserGrant.NotFound") } if !cascade { err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID) @@ -292,16 +292,16 @@ func (c *Commands) checkUserGrantPreCondition(ctx context.Context, usergrant *do return err } if !preConditions.UserExists { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-4f8sg", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-4f8sg", "Errors.User.NotFound") } if usergrant.ProjectGrantID == "" && !preConditions.ProjectExists { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-3n77S", "Errors.Project.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-3n77S", "Errors.Project.NotFound") } if usergrant.ProjectGrantID != "" && !preConditions.ProjectGrantExists { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-4m9ff", "Errors.Project.Grant.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-4m9ff", "Errors.Project.Grant.NotFound") } if usergrant.HasInvalidRoles(preConditions.ExistingRoleKeys) { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-mm9F4", "Errors.Project.Role.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-mm9F4", "Errors.Project.Role.NotFound") } return nil } diff --git a/internal/command/user_grant_test.go b/internal/command/user_grant_test.go index 340c98dc29..a073c94e19 100644 --- a/internal/command/user_grant_test.go +++ b/internal/command/user_grant_test.go @@ -9,7 +9,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -17,6 +16,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddUserGrant(t *testing.T) { @@ -54,7 +54,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -98,7 +98,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -147,7 +147,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -189,7 +189,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org2", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -232,7 +232,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -276,7 +276,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -336,7 +336,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -396,7 +396,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) { resourceOwner: "org2", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -604,7 +604,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -634,7 +634,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPermissionDenied, + err: zerrors.IsPermissionDenied, }, }, { @@ -658,7 +658,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -682,7 +682,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -714,7 +714,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -770,7 +770,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -831,7 +831,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -886,7 +886,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -942,7 +942,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1014,7 +1014,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1250,7 +1250,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1265,7 +1265,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { userGrantID: "usergrant1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1282,7 +1282,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1314,7 +1314,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1339,7 +1339,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPermissionDenied, + err: zerrors.IsPermissionDenied, }, }, { @@ -1368,7 +1368,7 @@ func TestCommandSide_DeactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1454,7 +1454,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1469,7 +1469,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { userGrantID: "usergrant1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1486,7 +1486,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1518,7 +1518,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1547,7 +1547,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPermissionDenied, + err: zerrors.IsPermissionDenied, }, }, { @@ -1572,7 +1572,7 @@ func TestCommandSide_ReactivateUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1662,7 +1662,7 @@ func TestCommandSide_RemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1679,7 +1679,7 @@ func TestCommandSide_RemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1711,7 +1711,7 @@ func TestCommandSide_RemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1740,7 +1740,7 @@ func TestCommandSide_RemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPermissionDenied, + err: zerrors.IsPermissionDenied, }, }, { @@ -1864,7 +1864,7 @@ func TestCommandSide_BulkRemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1881,7 +1881,7 @@ func TestCommandSide_BulkRemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1913,7 +1913,7 @@ func TestCommandSide_BulkRemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1938,7 +1938,7 @@ func TestCommandSide_BulkRemoveUserGrant(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPermissionDenied, + err: zerrors.IsPermissionDenied, }, }, { diff --git a/internal/command/user_human.go b/internal/command/user_human.go index 13a553dbb7..f8993ae6b4 100644 --- a/internal/command/user_human.go +++ b/internal/command/user_human.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) { @@ -21,7 +21,7 @@ func (c *Commands) getHuman(ctx context.Context, userID, resourceowner string) ( return nil, err } if !isUserStateExists(human.UserState) { - return nil, errors.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound") } return writeModelToHuman(human), nil } @@ -82,14 +82,14 @@ func (h *AddHuman) Validate(hasher *crypto.PasswordHasher) (err error) { return err } if h.Username = strings.TrimSpace(h.Username); h.Username == "" { - return errors.ThrowInvalidArgument(nil, "V2-zzad3", "Errors.Invalid.Argument") + return zerrors.ThrowInvalidArgument(nil, "V2-zzad3", "Errors.Invalid.Argument") } if h.FirstName = strings.TrimSpace(h.FirstName); h.FirstName == "" { - return errors.ThrowInvalidArgument(nil, "USER-UCej2", "Errors.User.Profile.FirstNameEmpty") + return zerrors.ThrowInvalidArgument(nil, "USER-UCej2", "Errors.User.Profile.FirstNameEmpty") } if h.LastName = strings.TrimSpace(h.LastName); h.LastName == "" { - return errors.ThrowInvalidArgument(nil, "USER-4hB7d", "Errors.User.Profile.LastNameEmpty") + return zerrors.ThrowInvalidArgument(nil, "USER-4hB7d", "Errors.User.Profile.LastNameEmpty") } h.ensureDisplayName() @@ -106,7 +106,7 @@ func (h *AddHuman) Validate(hasher *crypto.PasswordHasher) (err error) { } if h.EncodedPasswordHash != "" { if !hasher.EncodingSupported(h.EncodedPasswordHash) { - return errors.ThrowInvalidArgument(nil, "USER-JDk4t", "Errors.User.Password.NotSupported") + return zerrors.ThrowInvalidArgument(nil, "USER-JDk4t", "Errors.User.Password.NotSupported") } } return nil @@ -119,17 +119,18 @@ type AddMetadataEntry struct { func (m *AddMetadataEntry) Valid() error { if m.Key = strings.TrimSpace(m.Key); m.Key == "" { - return errors.ThrowInvalidArgument(nil, "USER-Drght", "Errors.User.Metadata.KeyEmpty") + return zerrors.ThrowInvalidArgument(nil, "USER-Drght", "Errors.User.Metadata.KeyEmpty") } if len(m.Value) == 0 { - return errors.ThrowInvalidArgument(nil, "USER-Dbgth", "Errors.User.Metadata.ValueEmpty") + return zerrors.ThrowInvalidArgument(nil, "USER-Dbgth", "Errors.User.Metadata.ValueEmpty") } return nil } +// Deprecated: use commands.AddUserHuman func (c *Commands) AddHuman(ctx context.Context, resourceOwner string, human *AddHuman, allowInitMail bool) (err error) { if resourceOwner == "" { - return errors.ThrowInvalidArgument(nil, "COMMA-5Ky74", "Errors.Internal") + return zerrors.ThrowInvalidArgument(nil, "COMMA-5Ky74", "Errors.Internal") } cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.AddHumanCommand( @@ -180,7 +181,7 @@ func (c *Commands) AddHumanCommand(human *AddHuman, orgID string, hasher *crypto return nil, err } - if err = userValidateDomain(ctx, a, human.Username, domainPolicy.UserLoginMustBeDomain, filter); err != nil { + if err = c.userValidateDomain(ctx, a.ResourceOwner, human.Username, domainPolicy.UserLoginMustBeDomain); err != nil { return nil, err } @@ -288,7 +289,7 @@ func (c *Commands) addHumanCommandEmail(ctx context.Context, filter preparation. func addLink(ctx context.Context, filter preparation.FilterToQueryReducer, a *user.Aggregate, link *AddLink) (eventstore.Command, error) { exists, err := ExistsIDP(ctx, filter, link.IDPID, a.ResourceOwner) if !exists || err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-39nf2", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-39nf2", "Errors.IDPConfig.NotExisting") } return user.NewUserIDPLinkAddedEvent(ctx, &a.Aggregate, link.IDPID, link.DisplayName, link.IDPExternalID), nil } @@ -310,6 +311,7 @@ func (c *Commands) addHumanCommandPhone(ctx context.Context, filter preparation. return append(cmds, user.NewHumanPhoneCodeAddedEventV2(ctx, &a.Aggregate, phoneCode.Crypted, phoneCode.Expiry, human.Phone.ReturnCode)), nil } +// Deprecated: use commands.NewUserHumanWriteModel, to remove deprecated eventstore.Filter func (c *Commands) addHumanCommandCheckID(ctx context.Context, filter preparation.FilterToQueryReducer, human *AddHuman, orgID string) (err error) { if human.ID == "" { human.ID, err = c.idGenerator.Next() @@ -322,7 +324,7 @@ func (c *Commands) addHumanCommandCheckID(ctx context.Context, filter preparatio return err } if isUserStateExists(existingHuman.UserState) { - return errors.ThrowPreconditionFailed(nil, "COMMAND-k2unb", "Errors.User.AlreadyExisting") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-k2unb", "Errors.User.AlreadyExisting") } return nil } @@ -347,7 +349,7 @@ func addHumanCommandPassword(ctx context.Context, filter preparation.FilterToQue return nil } -func userValidateDomain(ctx context.Context, a *user.Aggregate, username string, mustBeDomain bool, filter preparation.FilterToQueryReducer) error { +func (c *Commands) userValidateDomain(ctx context.Context, resourceOwner string, username string, mustBeDomain bool) error { if mustBeDomain { return nil } @@ -357,18 +359,13 @@ func userValidateDomain(ctx context.Context, a *user.Aggregate, username string, return nil } - domainCheck := NewOrgDomainVerifiedWriteModel(username[index+1:]) - events, err := filter(ctx, domainCheck.Query()) + domainCheck, err := c.orgDomainVerifiedWriteModel(ctx, username[index+1:]) if err != nil { return err } - domainCheck.AppendEvents(events...) - if err = domainCheck.Reduce(); err != nil { - return err - } - if domainCheck.Verified && domainCheck.ResourceOwner != a.ResourceOwner { - return errors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername") + if domainCheck.Verified && domainCheck.ResourceOwner != resourceOwner { + return zerrors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername") } return nil @@ -411,17 +408,18 @@ func (h *AddHuman) shouldAddInitCode() bool { h.Password == "" } +// Deprecated: use commands.AddUserHuman func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, links []*domain.UserIDPLink, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) { if orgID == "" { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-5N8fs", "Errors.ResourceOwnerMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5N8fs", "Errors.ResourceOwnerMissing") } domainPolicy, err := c.getOrgDomainPolicy(ctx, orgID) if err != nil { - return nil, nil, errors.ThrowPreconditionFailed(err, "COMMAND-2N9fs", "Errors.Org.DomainPolicy.NotFound") + return nil, nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-2N9fs", "Errors.Org.DomainPolicy.NotFound") } pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID) if err != nil { - return nil, nil, errors.ThrowPreconditionFailed(err, "COMMAND-4N8gs", "Errors.Org.PasswordComplexityPolicy.NotFound") + return nil, nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-4N8gs", "Errors.Org.PasswordComplexityPolicy.NotFound") } if human.AggregateID != "" { @@ -431,7 +429,7 @@ func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain. } if existing.UserState != domain.UserStateUnspecified { - return nil, nil, errors.ThrowPreconditionFailed(nil, "COMMAND-ziuna", "Errors.User.AlreadyExisting") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-ziuna", "Errors.User.AlreadyExisting") } } @@ -459,25 +457,26 @@ func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain. return writeModelToHuman(addedHuman), passwordlessCode, nil } +// Deprecated: use commands.AddUserHuman func (c *Commands) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, link *domain.UserIDPLink, orgMemberRoles []string, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator crypto.Generator) (*domain.Human, error) { if orgID == "" { - return nil, errors.ThrowInvalidArgument(nil, "COMMAND-GEdf2", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GEdf2", "Errors.ResourceOwnerMissing") } domainPolicy, err := c.getOrgDomainPolicy(ctx, orgID) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-33M9f", "Errors.Org.DomainPolicy.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-33M9f", "Errors.Org.DomainPolicy.NotFound") } pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-M5Fsd", "Errors.Org.PasswordComplexityPolicy.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-M5Fsd", "Errors.Org.PasswordComplexityPolicy.NotFound") } loginPolicy, err := c.getOrgLoginPolicy(ctx, orgID) if err != nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-Dfg3g", "Errors.Org.LoginPolicy.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-Dfg3g", "Errors.Org.LoginPolicy.NotFound") } // check only if local registration is allowed, the idp will be checked separately if !loginPolicy.AllowRegister && link == nil { - return nil, errors.ThrowPreconditionFailed(err, "COMMAND-SAbr3", "Errors.Org.LoginPolicy.RegistrationNotAllowed") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-SAbr3", "Errors.Org.LoginPolicy.RegistrationNotAllowed") } userEvents, registeredHuman, err := c.registerHuman(ctx, orgID, human, link, domainPolicy, pwPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator) if err != nil { @@ -515,7 +514,7 @@ func (c *Commands) RegisterHuman(ctx context.Context, orgID string, human *domai func (c *Commands) importHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, links []*domain.UserIDPLink, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (events []eventstore.Command, humanWriteModel *HumanWriteModel, passwordlessCodeWriteModel *HumanPasswordlessInitCodeWriteModel, code string, err error) { if orgID == "" { - return nil, nil, nil, "", errors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.Org.Empty") + return nil, nil, nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.Org.Empty") } if err := human.Normalize(); err != nil { return nil, nil, nil, "", err @@ -537,19 +536,19 @@ func (c *Commands) importHuman(ctx context.Context, orgID string, human *domain. func (c *Commands) registerHuman(ctx context.Context, orgID string, human *domain.Human, link *domain.UserIDPLink, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator crypto.Generator) ([]eventstore.Command, *HumanWriteModel, error) { if human == nil { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-JKefw", "Errors.User.Invalid") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-JKefw", "Errors.User.Invalid") } if human.Username = strings.TrimSpace(human.Username); human.Username == "" { human.Username = string(human.EmailAddress) } if orgID == "" { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-hYsVH", "Errors.Org.Empty") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-hYsVH", "Errors.Org.Empty") } if err := human.Normalize(); err != nil { return nil, nil, err } if link == nil && (human.Password == nil || human.Password.SecretString == "") { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-X23na", "Errors.User.Password.Empty") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-X23na", "Errors.User.Password.Empty") } if human.Password != nil && human.Password.SecretString != "" { human.Password.ChangeRequired = false @@ -575,7 +574,7 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain. return nil, nil, err } if domainCheck.Verified && domainCheck.ResourceOwner != orgID { - return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername") } } } @@ -646,7 +645,7 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain. func (c *Commands) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) { if userID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing") } existingHuman, err := c.getHumanWriteModelByID(ctx, userID, resourceowner) @@ -654,7 +653,7 @@ func (c *Commands) HumanSkipMFAInit(ctx context.Context, userID, resourceowner s return err } if !isUserStateExists(existingHuman.UserState) { - return errors.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound") } _, err = c.eventstore.Push(ctx, @@ -733,10 +732,10 @@ func createRegisterHumanEvent(ctx context.Context, aggregate *eventstore.Aggrega func (c *Commands) HumansSignOut(ctx context.Context, agentID string, userIDs []string) error { if agentID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") } if len(userIDs) == 0 { - return errors.ThrowInvalidArgument(nil, "COMMAND-M0od3", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-M0od3", "Errors.User.UserIDMissing") } events := make([]eventstore.Command, 0) for _, userID := range userIDs { diff --git a/internal/command/user_human_address.go b/internal/command/user_human_address.go index 61c92a806e..2e1931567b 100644 --- a/internal/command/user_human_address.go +++ b/internal/command/user_human_address.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeHumanAddress(ctx context.Context, address *domain.Address) (*domain.Address, error) { @@ -14,7 +14,7 @@ func (c *Commands) ChangeHumanAddress(ctx context.Context, address *domain.Addre return nil, err } if existingAddress.State == domain.AddressStateUnspecified || existingAddress.State == domain.AddressStateRemoved { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0pLdo", "Errors.User.Address.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-0pLdo", "Errors.User.Address.NotFound") } userAgg := UserAggregateFromWriteModel(&existingAddress.WriteModel) changedEvent, hasChanged, err := existingAddress.NewChangedEvent(ctx, userAgg, address.Country, address.Locality, address.PostalCode, address.Region, address.StreetAddress) @@ -22,7 +22,7 @@ func (c *Commands) ChangeHumanAddress(ctx context.Context, address *domain.Addre return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { diff --git a/internal/command/user_human_adress_test.go b/internal/command/user_human_adress_test.go index d3b3176e3a..24a5397c8b 100644 --- a/internal/command/user_human_adress_test.go +++ b/internal/command/user_human_adress_test.go @@ -8,10 +8,10 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeHumanAddress(t *testing.T) { @@ -54,7 +54,7 @@ func TestCommandSide_ChangeHumanAddress(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -105,7 +105,7 @@ func TestCommandSide_ChangeHumanAddress(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/user_human_avatar.go b/internal/command/user_human_avatar.go index 8994bda945..2a1f67e6a7 100644 --- a/internal/command/user_human_avatar.go +++ b/internal/command/user_human_avatar.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddHumanAvatar(ctx context.Context, orgID, userID string, upload *AssetUpload) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "USER-Ba5Ds", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "USER-Ba5Ds", "Errors.IDMissing") } existingUser, err := c.userWriteModelByID(ctx, userID, orgID) if err != nil { @@ -18,11 +18,11 @@ func (c *Commands) AddHumanAvatar(ctx context.Context, orgID, userID string, upl } if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "USER-vJ3fS", "Errors.Users.NotFound") + return nil, zerrors.ThrowNotFound(nil, "USER-vJ3fS", "Errors.Users.NotFound") } asset, err := c.uploadAsset(ctx, upload) if err != nil { - return nil, caos_errs.ThrowInternal(err, "USER-1Xyud", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "USER-1Xyud", "Errors.Assets.Object.PutFailed") } userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, user.NewHumanAvatarAddedEvent(ctx, userAgg, asset.VersionedName())) @@ -38,14 +38,14 @@ func (c *Commands) AddHumanAvatar(ctx context.Context, orgID, userID string, upl func (c *Commands) RemoveHumanAvatar(ctx context.Context, orgID, userID string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "USER-1B8sd", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "USER-1B8sd", "Errors.IDMissing") } existingUser, err := c.getHumanWriteModelByID(ctx, userID, orgID) if err != nil { return nil, err } if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "USER-35N8f", "Errors.Users.NotFound") + return nil, zerrors.ThrowNotFound(nil, "USER-35N8f", "Errors.Users.NotFound") } err = c.removeAsset(ctx, orgID, existingUser.Avatar) if err != nil { diff --git a/internal/command/user_human_avatar_test.go b/internal/command/user_human_avatar_test.go index bac6659ae4..70552e7e50 100644 --- a/internal/command/user_human_avatar_test.go +++ b/internal/command/user_human_avatar_test.go @@ -10,11 +10,11 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/static" "github.com/zitadel/zitadel/internal/static/mock" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddHumanAvatar(t *testing.T) { @@ -59,7 +59,7 @@ func TestCommandSide_AddHumanAvatar(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -84,7 +84,7 @@ func TestCommandSide_AddHumanAvatar(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -125,7 +125,7 @@ func TestCommandSide_AddHumanAvatar(t *testing.T) { }, }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -231,7 +231,7 @@ func TestCommandSide_RemoveHumanAvatar(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -249,7 +249,7 @@ func TestCommandSide_RemoveHumanAvatar(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -289,7 +289,7 @@ func TestCommandSide_RemoveHumanAvatar(t *testing.T) { storageKey: "key", }, res: res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { diff --git a/internal/command/user_human_email.go b/internal/command/user_human_email.go index cdc737a00e..c98b396dbf 100644 --- a/internal/command/user_human_email.go +++ b/internal/command/user_human_email.go @@ -7,15 +7,15 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email, emailCodeGenerator crypto.Generator) (*domain.Email, error) { if email.AggregateID == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing") } if err := email.Validate(); err != nil { return nil, err @@ -26,17 +26,17 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email, em return nil, err } if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound") } if existingEmail.UserState == domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised") } userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress) // only continue if there were changes or there were no changes and the email should be set to verified if !hasChanged && !(email.IsEmailVerified && existingEmail.IsEmailVerified != email.IsEmailVerified) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2b7fM", "Errors.User.Email.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2b7fM", "Errors.User.Email.NotChanged") } events := make([]eventstore.Command, 0) @@ -66,10 +66,10 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email, em func (c *Commands) VerifyHumanEmail(ctx context.Context, userID, code, resourceowner string, emailCodeGenerator crypto.Generator) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") } if code == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-çm0ds", "Errors.User.Code.Empty") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-çm0ds", "Errors.User.Code.Empty") } existingCode, err := c.emailWriteModel(ctx, userID, resourceowner) @@ -77,7 +77,7 @@ func (c *Commands) VerifyHumanEmail(ctx context.Context, userID, code, resourceo return nil, err } if existingCode.Code == nil || existingCode.UserState == domain.UserStateUnspecified || existingCode.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3n8ud", "Errors.User.Code.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3n8ud", "Errors.User.Code.NotFound") } userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) @@ -96,12 +96,12 @@ func (c *Commands) VerifyHumanEmail(ctx context.Context, userID, code, resourceo _, err = c.eventstore.Push(ctx, user.NewHumanEmailVerificationFailedEvent(ctx, userAgg)) logging.LogWithFields("COMMAND-Dg2z5", "userID", userAgg.ID).OnError(err).Error("NewHumanEmailVerificationFailedEvent push failed") - return nil, caos_errs.ThrowInvalidArgument(err, "COMMAND-Gdsgs", "Errors.User.Code.Invalid") + return nil, zerrors.ThrowInvalidArgument(err, "COMMAND-Gdsgs", "Errors.User.Code.Invalid") } func (c *Commands) CreateHumanEmailVerificationCode(ctx context.Context, userID, resourceOwner string, emailCodeGenerator crypto.Generator) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") } existingEmail, err := c.emailWriteModel(ctx, userID, resourceOwner) @@ -109,13 +109,13 @@ func (c *Commands) CreateHumanEmailVerificationCode(ctx context.Context, userID, return nil, err } if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound") } if existingEmail.UserState == domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-E3fbw", "Errors.User.NotInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-E3fbw", "Errors.User.NotInitialised") } if existingEmail.IsEmailVerified { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.User.Email.AlreadyVerified") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.User.Email.AlreadyVerified") } userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) emailCode, _, err := domain.NewEmailCode(emailCodeGenerator) @@ -135,14 +135,14 @@ func (c *Commands) CreateHumanEmailVerificationCode(ctx context.Context, userID, func (c *Commands) HumanEmailVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9fs", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9fs", "Errors.IDMissing") } existingEmail, err := c.emailWriteModel(ctx, userID, orgID) if err != nil { return err } if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted { - return caos_errs.ThrowNotFound(nil, "COMMAND-6n8uH", "Errors.User.Email.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-6n8uH", "Errors.User.Email.NotFound") } userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) _, err = c.eventstore.Push(ctx, user.NewHumanEmailCodeSentEvent(ctx, userAgg)) diff --git a/internal/command/user_human_email_test.go b/internal/command/user_human_email_test.go index d2861d90f3..7abd65efec 100644 --- a/internal/command/user_human_email_test.go +++ b/internal/command/user_human_email_test.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeHumanEmail(t *testing.T) { @@ -53,7 +53,7 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -75,7 +75,7 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -118,7 +118,7 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -155,7 +155,7 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -426,7 +426,7 @@ func TestCommandSide_VerifyHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -442,7 +442,7 @@ func TestCommandSide_VerifyHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -460,7 +460,7 @@ func TestCommandSide_VerifyHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -493,7 +493,7 @@ func TestCommandSide_VerifyHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -544,7 +544,7 @@ func TestCommandSide_VerifyHumanEmail(t *testing.T) { secretGenerator: GetMockSecretGenerator(t), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -652,7 +652,7 @@ func TestCommandSide_CreateVerificationCodeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -669,7 +669,7 @@ func TestCommandSide_CreateVerificationCodeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -707,7 +707,7 @@ func TestCommandSide_CreateVerificationCodeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -744,7 +744,7 @@ func TestCommandSide_CreateVerificationCodeHumanEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -855,7 +855,7 @@ func TestCommandSide_EmailVerificationCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -872,7 +872,7 @@ func TestCommandSide_EmailVerificationCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/user_human_init.go b/internal/command/user_human_init.go index 5af8eb9a53..4770332704 100644 --- a/internal/command/user_human_init.go +++ b/internal/command/user_human_init.go @@ -7,15 +7,15 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // ResendInitialMail resend initial mail and changes email if provided func (c *Commands) ResendInitialMail(ctx context.Context, userID string, email domain.EmailAddress, resourceOwner string, initCodeGenerator crypto.Generator) (objectDetails *domain.ObjectDetails, err error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing") } existingCode, err := c.getHumanInitWriteModelByID(ctx, userID, resourceOwner) @@ -23,10 +23,10 @@ func (c *Commands) ResendInitialMail(ctx context.Context, userID string, email d return nil, err } if existingCode.UserState == domain.UserStateUnspecified || existingCode.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2M9df", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2M9df", "Errors.User.NotFound") } if existingCode.UserState != domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.AlreadyInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.AlreadyInitialised") } var events []eventstore.Command userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) @@ -52,10 +52,10 @@ func (c *Commands) ResendInitialMail(ctx context.Context, userID string, email d func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwner, code, password string, initCodeGenerator crypto.Generator) error { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-mkM9f", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-mkM9f", "Errors.User.UserIDMissing") } if code == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-44G8s", "Errors.User.Code.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-44G8s", "Errors.User.Code.Empty") } existingCode, err := c.getHumanInitWriteModelByID(ctx, userID, resourceOwner) @@ -63,7 +63,7 @@ func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwne return err } if existingCode.Code == nil || existingCode.UserState == domain.UserStateUnspecified || existingCode.UserState == domain.UserStateDeleted { - return caos_errs.ThrowNotFound(nil, "COMMAND-mmn5f", "Errors.User.Code.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-mmn5f", "Errors.User.Code.NotFound") } userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) @@ -71,7 +71,7 @@ func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwne if err != nil { _, err = c.eventstore.Push(ctx, user.NewHumanInitializedCheckFailedEvent(ctx, userAgg)) logging.WithFields("userID", userAgg.ID).OnError(err).Error("NewHumanInitializedCheckFailedEvent push failed") - return caos_errs.ThrowInvalidArgument(err, "COMMAND-11v6G", "Errors.User.Code.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-11v6G", "Errors.User.Code.Invalid") } commands := []eventstore.Command{ user.NewHumanInitializedCheckSucceededEvent(ctx, userAgg), @@ -80,9 +80,7 @@ func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwne commands = append(commands, user.NewHumanEmailVerifiedEvent(ctx, userAgg)) } if password != "" { - passwordWriteModel := NewHumanPasswordWriteModel(userID, existingCode.ResourceOwner) - passwordWriteModel.UserState = domain.UserStateActive - passwordCommand, err := c.setPasswordCommand(ctx, passwordWriteModel, password, false) + passwordCommand, err := c.setPasswordCommand(ctx, userAgg, domain.UserStateActive, password, false, false) if err != nil { return err } @@ -94,14 +92,14 @@ func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwne func (c *Commands) HumanInitCodeSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9fs", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-3M9fs", "Errors.IDMissing") } existingInitCode, err := c.getHumanInitWriteModelByID(ctx, userID, orgID) if err != nil { return err } if existingInitCode.UserState == domain.UserStateUnspecified || existingInitCode.UserState == domain.UserStateDeleted { - return caos_errs.ThrowNotFound(nil, "COMMAND-556zg", "Errors.User.Code.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-556zg", "Errors.User.Code.NotFound") } userAgg := UserAggregateFromWriteModel(&existingInitCode.WriteModel) _, err = c.eventstore.Push(ctx, user.NewHumanInitialCodeSentEvent(ctx, userAgg)) diff --git a/internal/command/user_human_init_test.go b/internal/command/user_human_init_test.go index e221b86658..cc9dc21b0a 100644 --- a/internal/command/user_human_init_test.go +++ b/internal/command/user_human_init_test.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ResendInitialMail(t *testing.T) { @@ -49,7 +49,7 @@ func TestCommandSide_ResendInitialMail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -66,7 +66,7 @@ func TestCommandSide_ResendInitialMail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -101,7 +101,7 @@ func TestCommandSide_ResendInitialMail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -325,7 +325,7 @@ func TestCommandSide_VerifyInitCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -341,7 +341,7 @@ func TestCommandSide_VerifyInitCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -359,7 +359,7 @@ func TestCommandSide_VerifyInitCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -392,7 +392,7 @@ func TestCommandSide_VerifyInitCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -443,7 +443,7 @@ func TestCommandSide_VerifyInitCode(t *testing.T) { secretGenerator: GetMockSecretGenerator(t), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -626,7 +626,7 @@ func TestCommandSide_InitCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -643,7 +643,7 @@ func TestCommandSide_InitCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/user_human_otp.go b/internal/command/user_human_otp.go index 103899e58c..38f360649d 100644 --- a/internal/command/user_human_otp.go +++ b/internal/command/user_human_otp.go @@ -10,10 +10,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ImportHumanTOTP(ctx context.Context, userID, userAgentID, resourceOwner string, key string) error { @@ -30,7 +30,7 @@ func (c *Commands) ImportHumanTOTP(ctx context.Context, userID, userAgentID, res return err } if otpWriteModel.State == domain.MFAStateReady { - return caos_errs.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady") + return zerrors.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady") } userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) @@ -43,7 +43,7 @@ func (c *Commands) ImportHumanTOTP(ctx context.Context, userID, userAgentID, res func (c *Commands) AddHumanTOTP(ctx context.Context, userID, resourceOwner string) (*domain.TOTP, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") } prep, err := c.createHumanTOTP(ctx, userID, resourceOwner) if err != nil { @@ -71,17 +71,17 @@ func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner st human, err := c.getHuman(ctx, userID, resourceOwner) if err != nil { logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get human for loginname") - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-SqyJz", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-SqyJz", "Errors.User.NotFound") } org, err := c.getOrg(ctx, human.ResourceOwner) if err != nil { logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org for loginname") - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-55M9f", "Errors.Org.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-55M9f", "Errors.Org.NotFound") } - orgPolicy, err := c.getOrgDomainPolicy(ctx, org.AggregateID) + orgPolicy, err := c.domainPolicyWriteModel(ctx, org.AggregateID) if err != nil { logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname") - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound") } otpWriteModel, err := c.totpWriteModelByID(ctx, userID, resourceOwner) @@ -89,7 +89,7 @@ func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner st return nil, err } if otpWriteModel.State == domain.MFAStateReady { - return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady") } userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) @@ -117,7 +117,7 @@ func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner st func (c *Commands) HumanCheckMFATOTPSetup(ctx context.Context, userID, code, userAgentID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") } existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceOwner) @@ -125,10 +125,10 @@ func (c *Commands) HumanCheckMFATOTPSetup(ctx context.Context, userID, code, use return nil, err } if existingOTP.State == domain.MFAStateUnspecified || existingOTP.State == domain.MFAStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotExisting") } if existingOTP.State == domain.MFAStateReady { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady") } if err := domain.VerifyTOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA); err != nil { return nil, err @@ -148,14 +148,14 @@ func (c *Commands) HumanCheckMFATOTPSetup(ctx context.Context, userID, code, use func (c *Commands) HumanCheckMFATOTP(ctx context.Context, userID, code, resourceOwner string, authRequest *domain.AuthRequest) error { if userID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") } existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceOwner) if err != nil { return err } if existingOTP.State != domain.MFAStateReady { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotReady") } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) err = domain.VerifyTOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA) @@ -170,7 +170,7 @@ func (c *Commands) HumanCheckMFATOTP(ctx context.Context, userID, code, resource func (c *Commands) HumanRemoveTOTP(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") } existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceOwner) @@ -178,7 +178,7 @@ func (c *Commands) HumanRemoveTOTP(ctx context.Context, userID, resourceOwner st return nil, err } if existingOTP.State == domain.MFAStateUnspecified || existingOTP.State == domain.MFAStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Hd9sd", "Errors.User.MFA.OTP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Hd9sd", "Errors.User.MFA.OTP.NotExisting") } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) pushedEvents, err := c.eventstore.Push(ctx, user.NewHumanOTPRemovedEvent(ctx, userAgg)) @@ -213,7 +213,7 @@ func (c *Commands) AddHumanOTPSMSWithCheckSucceeded(ctx context.Context, userID, func (c *Commands) addHumanOTPSMS(ctx context.Context, userID, resourceOwner string, events ...eventCallback) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing") } if err := authz.UserIDInCTX(ctx, userID); err != nil { return nil, err @@ -223,10 +223,10 @@ func (c *Commands) addHumanOTPSMS(ctx context.Context, userID, resourceOwner str return nil, err } if otpWriteModel.otpAdded { - return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady") } if !otpWriteModel.phoneVerified { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady") } userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) cmds := make([]eventstore.Command, len(events)+1) @@ -242,7 +242,7 @@ func (c *Commands) addHumanOTPSMS(ctx context.Context, userID, resourceOwner str func (c *Commands) RemoveHumanOTPSMS(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing") } existingOTP, err := c.otpSMSWriteModelByID(ctx, userID, resourceOwner) @@ -255,7 +255,7 @@ func (c *Commands) RemoveHumanOTPSMS(ctx context.Context, userID, resourceOwner } } if !existingOTP.otpAdded { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting") } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) if err = c.pushAppendAndReduce(ctx, existingOTP, user.NewHumanOTPSMSRemovedEvent(ctx, userAgg)); err != nil { @@ -336,17 +336,17 @@ func (c *Commands) AddHumanOTPEmailWithCheckSucceeded(ctx context.Context, userI func (c *Commands) addHumanOTPEmail(ctx context.Context, userID, resourceOwner string, events ...eventCallback) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing") } otpWriteModel, err := c.otpEmailWriteModelByID(ctx, userID, resourceOwner) if err != nil { return nil, err } if otpWriteModel.otpAdded { - return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady") } if !otpWriteModel.emailVerified { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady") } userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) cmds := make([]eventstore.Command, len(events)+1) @@ -362,7 +362,7 @@ func (c *Commands) addHumanOTPEmail(ctx context.Context, userID, resourceOwner s func (c *Commands) RemoveHumanOTPEmail(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing") } existingOTP, err := c.otpEmailWriteModelByID(ctx, userID, resourceOwner) @@ -375,7 +375,7 @@ func (c *Commands) RemoveHumanOTPEmail(ctx context.Context, userID, resourceOwne } } if !existingOTP.otpAdded { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting") } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) if err = c.pushAppendAndReduce(ctx, existingOTP, user.NewHumanOTPEmailRemovedEvent(ctx, userAgg)); err != nil { @@ -446,14 +446,14 @@ func (c *Commands) sendHumanOTP( codeAddedEvent func(ctx context.Context, aggregate *eventstore.Aggregate, code *crypto.CryptoValue, expiry time.Duration, info *user.AuthRequestInfo) eventstore.Command, ) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing") } existingOTP, err := writeModelByID(ctx, userID, resourceOwner) if err != nil { return err } if !existingOTP.OTPAdded() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady") } config, err := secretGeneratorConfigWithDefault(ctx, c.eventstore.Filter, secretGeneratorType, defaultSecretGenerator) if err != nil { @@ -476,14 +476,14 @@ func (c *Commands) humanOTPSent( codeSentEvent func(ctx context.Context, aggregate *eventstore.Aggregate) eventstore.Command, ) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing") } existingOTP, err := writeModelByID(ctx, userID, resourceOwner) if err != nil { return err } if !existingOTP.OTPAdded() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady") } userAgg := &user.NewAggregate(userID, resourceOwner).Aggregate _, err = c.eventstore.Push(ctx, codeSentEvent(ctx, userAgg)) @@ -499,20 +499,20 @@ func (c *Commands) humanCheckOTP( checkFailedEvent func(ctx context.Context, aggregate *eventstore.Aggregate, info *user.AuthRequestInfo) eventstore.Command, ) error { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing") } if code == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty") } existingOTP, err := writeModelByID(ctx, userID, resourceOwner) if err != nil { return err } if !existingOTP.OTPAdded() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady") } if existingOTP.Code() == nil { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound") } userAgg := &user.NewAggregate(userID, existingOTP.ResourceOwner()).Aggregate err = crypto.VerifyCodeWithAlgorithm(existingOTP.CodeCreationDate(), existingOTP.CodeExpiry(), existingOTP.Code(), code, c.userEncryption) diff --git a/internal/command/user_human_otp_test.go b/internal/command/user_human_otp_test.go index 080e9cb86a..490751610d 100644 --- a/internal/command/user_human_otp_test.go +++ b/internal/command/user_human_otp_test.go @@ -16,11 +16,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddHumanTOTP(t *testing.T) { @@ -57,7 +57,7 @@ func TestCommandSide_AddHumanTOTP(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -74,7 +74,7 @@ func TestCommandSide_AddHumanTOTP(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -105,7 +105,7 @@ func TestCommandSide_AddHumanTOTP(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -143,7 +143,7 @@ func TestCommandSide_AddHumanTOTP(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -202,7 +202,7 @@ func TestCommandSide_AddHumanTOTP(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsErrorAlreadyExists, + err: zerrors.IsErrorAlreadyExists, }, }, } @@ -254,7 +254,7 @@ func TestCommands_createHumanTOTP(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SqyJz", "Errors.User.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SqyJz", "Errors.User.NotFound"), }, { name: "org not existing, not found error", @@ -285,7 +285,7 @@ func TestCommands_createHumanTOTP(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-55M9f", "Errors.Org.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-55M9f", "Errors.Org.NotFound"), }, { name: "org iam policy not existing, not found error", @@ -325,7 +325,7 @@ func TestCommands_createHumanTOTP(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound"), }, { name: "otp already exists, already exists error", @@ -389,7 +389,7 @@ func TestCommands_createHumanTOTP(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady"), + wantErr: zerrors.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady"), }, { name: "issuer not in context", @@ -438,7 +438,7 @@ func TestCommands_createHumanTOTP(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowInternal(nil, "TOTP-ieY3o", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(nil, "TOTP-ieY3o", "Errors.Internal"), }, { name: "success", @@ -544,7 +544,7 @@ func TestCommands_HumanCheckMFATOTPSetup(t *testing.T) { { name: "missing user id", args: args{}, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing"), }, { name: "filter error", @@ -578,7 +578,7 @@ func TestCommands_HumanCheckMFATOTPSetup(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotExisting"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotExisting"), }, { name: "otp already ready error", @@ -602,7 +602,7 @@ func TestCommands_HumanCheckMFATOTPSetup(t *testing.T) { resourceOwner: "org1", userID: "user1", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady"), }, { name: "wrong code", @@ -621,7 +621,7 @@ func TestCommands_HumanCheckMFATOTPSetup(t *testing.T) { code: "wrong", userID: "user1", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode"), }, { name: "push error", @@ -727,7 +727,7 @@ func TestCommandSide_RemoveHumanTOTP(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -744,7 +744,7 @@ func TestCommandSide_RemoveHumanTOTP(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -831,7 +831,7 @@ func TestCommandSide_AddHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing"), }, }, { @@ -845,7 +845,7 @@ func TestCommandSide_AddHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + err: zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, }, { @@ -867,7 +867,7 @@ func TestCommandSide_AddHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady"), + err: zerrors.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady"), }, }, { @@ -883,7 +883,7 @@ func TestCommandSide_AddHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -916,7 +916,7 @@ func TestCommandSide_AddHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -1128,7 +1128,7 @@ func TestCommandSide_RemoveHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing"), }, }, { @@ -1145,7 +1145,7 @@ func TestCommandSide_RemoveHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + err: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, }, { @@ -1162,7 +1162,7 @@ func TestCommandSide_RemoveHumanOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting"), + err: zerrors.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting"), }, }, { @@ -1256,7 +1256,7 @@ func TestCommandSide_HumanSendOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing"), }, }, { @@ -1273,7 +1273,7 @@ func TestCommandSide_HumanSendOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -1484,7 +1484,7 @@ func TestCommandSide_HumanOTPSMSCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing"), }, }, { @@ -1500,7 +1500,7 @@ func TestCommandSide_HumanOTPSMSCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -1581,7 +1581,7 @@ func TestCommandSide_HumanCheckOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing"), }, }, { @@ -1596,7 +1596,7 @@ func TestCommandSide_HumanCheckOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty"), }, }, { @@ -1613,7 +1613,7 @@ func TestCommandSide_HumanCheckOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -1636,7 +1636,7 @@ func TestCommandSide_HumanCheckOTPSMS(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound"), }, }, { @@ -1704,7 +1704,7 @@ func TestCommandSide_HumanCheckOTPSMS(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid"), + err: zerrors.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid"), }, }, { @@ -1823,7 +1823,7 @@ func TestCommandSide_AddHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing"), }, }, { @@ -1845,7 +1845,7 @@ func TestCommandSide_AddHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady"), + err: zerrors.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady"), }, }, { @@ -1861,7 +1861,7 @@ func TestCommandSide_AddHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -2073,7 +2073,7 @@ func TestCommandSide_RemoveHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing"), }, }, { @@ -2090,7 +2090,7 @@ func TestCommandSide_RemoveHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + err: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, }, { @@ -2107,7 +2107,7 @@ func TestCommandSide_RemoveHumanOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting"), + err: zerrors.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting"), }, }, { @@ -2201,7 +2201,7 @@ func TestCommandSide_HumanSendOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S3SF1", "Errors.User.UserIDMissing"), }, }, { @@ -2218,7 +2218,7 @@ func TestCommandSide_HumanSendOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFD52", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -2429,7 +2429,7 @@ func TestCommandSide_HumanOTPEmailCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-AE2h2", "Errors.User.UserIDMissing"), }, }, { @@ -2445,7 +2445,7 @@ func TestCommandSide_HumanOTPEmailCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SD3gh", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -2526,7 +2526,7 @@ func TestCommandSide_HumanCheckOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-S453v", "Errors.User.UserIDMissing"), }, }, { @@ -2541,7 +2541,7 @@ func TestCommandSide_HumanCheckOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-SJl2g", "Errors.User.Code.Empty"), }, }, { @@ -2558,7 +2558,7 @@ func TestCommandSide_HumanCheckOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-d2r52", "Errors.User.MFA.OTP.NotReady"), }, }, { @@ -2581,7 +2581,7 @@ func TestCommandSide_HumanCheckOTPEmail(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-S34gh", "Errors.User.Code.NotFound"), }, }, { @@ -2649,7 +2649,7 @@ func TestCommandSide_HumanCheckOTPEmail(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid"), + err: zerrors.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid"), }, }, { diff --git a/internal/command/user_human_password.go b/internal/command/user_human_password.go index fa87770a5f..251ffe83fb 100644 --- a/internal/command/user_human_password.go +++ b/internal/command/user_human_password.go @@ -9,24 +9,24 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) SetPassword(ctx context.Context, orgID, userID, password string, oneTime bool) (objectDetails *domain.ObjectDetails, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.IDMissing") } wm, err := c.passwordWriteModel(ctx, userID, orgID) if err != nil { return nil, err } if !wm.UserState.Exists() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0fs", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M0fs", "Errors.User.NotFound") } if err = c.checkPermission(ctx, domain.PermissionUserWrite, wm.ResourceOwner, userID); err != nil { return nil, err @@ -34,15 +34,15 @@ func (c *Commands) SetPassword(ctx context.Context, orgID, userID, password stri return c.setPassword(ctx, wm, password, oneTime) } -func (c *Commands) SetPasswordWithVerifyCode(ctx context.Context, orgID, userID, code, password, userAgentID string) (objectDetails *domain.ObjectDetails, err error) { +func (c *Commands) SetPasswordWithVerifyCode(ctx context.Context, orgID, userID, code, password string) (objectDetails *domain.ObjectDetails, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9fs", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M9fs", "Errors.IDMissing") } if password == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Mf0sd", "Errors.User.Password.Empty") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Mf0sd", "Errors.User.Password.Empty") } wm, err := c.passwordWriteModel(ctx, userID, orgID) if err != nil { @@ -50,7 +50,7 @@ func (c *Commands) SetPasswordWithVerifyCode(ctx context.Context, orgID, userID, } if wm.Code == nil || wm.UserState == domain.UserStateUnspecified || wm.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9fs", "Errors.User.Code.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M9fs", "Errors.User.Code.NotFound") } err = crypto.VerifyCodeWithAlgorithm(wm.CodeCreationDate, wm.CodeExpiry, wm.Code, code, c.userEncryption) @@ -61,8 +61,10 @@ func (c *Commands) SetPasswordWithVerifyCode(ctx context.Context, orgID, userID, return c.setPassword(ctx, wm, password, false) } -func (c *Commands) setPassword(ctx context.Context, wm *HumanPasswordWriteModel, password string, changeRequired bool) (objectDetails *domain.ObjectDetails, err error) { - command, err := c.setPasswordCommand(ctx, wm, password, changeRequired) +// setEncodedPassword add change event from already encoded password to HumanPasswordWriteModel and return the necessary object details for response +func (c *Commands) setEncodedPassword(ctx context.Context, wm *HumanPasswordWriteModel, password string, changeRequired bool) (objectDetails *domain.ObjectDetails, err error) { + agg := user.NewAggregate(wm.AggregateID, wm.ResourceOwner) + command, err := c.setPasswordCommand(ctx, &agg.Aggregate, wm.UserState, password, changeRequired, true) if err != nil { return nil, err } @@ -73,65 +75,85 @@ func (c *Commands) setPassword(ctx context.Context, wm *HumanPasswordWriteModel, return writeModelToObjectDetails(&wm.WriteModel), nil } -func (c *Commands) setPasswordCommand(ctx context.Context, wm *HumanPasswordWriteModel, password string, changeRequired bool) (_ eventstore.Command, err error) { - if err = c.canUpdatePassword(ctx, password, wm); err != nil { - return nil, err - } - ctx, span := tracing.NewNamedSpan(ctx, "passwap.Hash") - encoded, err := c.userPasswordHasher.Hash(password) - span.EndWithError(err) - if err = convertPasswapErr(err); err != nil { - return nil, err - } - return user.NewHumanPasswordChangedEvent(ctx, UserAggregateFromWriteModel(&wm.WriteModel), encoded, changeRequired, ""), nil -} - -func (c *Commands) ChangePassword(ctx context.Context, orgID, userID, oldPassword, newPassword, userAgentID string) (objectDetails *domain.ObjectDetails, err error) { - ctx, span := tracing.NewSpan(ctx) - defer func() { span.EndWithError(err) }() - - if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.IDMissing") - } - if oldPassword == "" || newPassword == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.User.Password.Empty") - } - wm, err := c.passwordWriteModel(ctx, userID, orgID) +// setPassword add change event to HumanPasswordWriteModel and return the necessary object details for response +func (c *Commands) setPassword(ctx context.Context, wm *HumanPasswordWriteModel, password string, changeRequired bool) (objectDetails *domain.ObjectDetails, err error) { + agg := user.NewAggregate(wm.AggregateID, wm.ResourceOwner) + command, err := c.setPasswordCommand(ctx, &agg.Aggregate, wm.UserState, password, changeRequired, false) if err != nil { return nil, err } - if wm.EncodedHash == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Fds3s", "Errors.User.Password.Empty") - } - if err = c.canUpdatePassword(ctx, newPassword, wm); err != nil { - return nil, err - } - - ctx, spanPasswap := tracing.NewNamedSpan(ctx, "passwap.VerifyAndUpdate") - updated, err := c.userPasswordHasher.VerifyAndUpdate(wm.EncodedHash, oldPassword, newPassword) - spanPasswap.EndWithError(err) - if err = convertPasswapErr(err); err != nil { - return nil, err - } - err = c.pushAppendAndReduce(ctx, wm, - user.NewHumanPasswordChangedEvent(ctx, UserAggregateFromWriteModel(&wm.WriteModel), updated, false, userAgentID)) + err = c.pushAppendAndReduce(ctx, wm, command) if err != nil { return nil, err } return writeModelToObjectDetails(&wm.WriteModel), nil } -func (c *Commands) canUpdatePassword(ctx context.Context, newPassword string, wm *HumanPasswordWriteModel) (err error) { +func (c *Commands) setPasswordCommand(ctx context.Context, agg *eventstore.Aggregate, userState domain.UserState, password string, changeRequired, encoded bool) (_ eventstore.Command, err error) { + if err = c.canUpdatePassword(ctx, password, agg.ResourceOwner, userState); err != nil { + return nil, err + } + + if !encoded { + ctx, span := tracing.NewNamedSpan(ctx, "passwap.Hash") + encodedPassword, err := c.userPasswordHasher.Hash(password) + span.EndWithError(err) + if err = convertPasswapErr(err); err != nil { + return nil, err + } + return user.NewHumanPasswordChangedEvent(ctx, agg, encodedPassword, changeRequired, ""), nil + } + return user.NewHumanPasswordChangedEvent(ctx, agg, password, changeRequired, ""), nil +} + +// ChangePassword change password of existing user +func (c *Commands) ChangePassword(ctx context.Context, orgID, userID, oldPassword, newPassword string) (objectDetails *domain.ObjectDetails, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - if wm.UserState == domain.UserStateUnspecified || wm.UserState == domain.UserStateDeleted { - return caos_errs.ThrowNotFound(nil, "COMMAND-G8dh3", "Errors.User.Password.NotFound") + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.IDMissing") } - if wm.UserState == domain.UserStateInitial { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M9dse", "Errors.User.NotInitialised") + if oldPassword == "" || newPassword == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.User.Password.Empty") } - policy, err := c.getOrgPasswordComplexityPolicy(ctx, wm.ResourceOwner) + wm, err := c.passwordWriteModel(ctx, userID, orgID) + if err != nil { + return nil, err + } + + newPasswordHash, err := c.verifyAndUpdatePassword(ctx, wm.EncodedHash, oldPassword, newPassword) + if err != nil { + return nil, err + } + return c.setEncodedPassword(ctx, wm, newPasswordHash, false) +} + +// verifyAndUpdatePassword verify if the old password is correct with the encoded hash and +// returns the hash of the new password if so +func (c *Commands) verifyAndUpdatePassword(ctx context.Context, encodedHash, oldPassword, newPassword string) (string, error) { + if encodedHash == "" { + return "", zerrors.ThrowPreconditionFailed(nil, "COMMAND-Fds3s", "Errors.User.Password.NotSet") + } + + _, spanPasswap := tracing.NewNamedSpan(ctx, "passwap.Verify") + updated, err := c.userPasswordHasher.VerifyAndUpdate(encodedHash, oldPassword, newPassword) + spanPasswap.EndWithError(err) + return updated, convertPasswapErr(err) +} + +// canUpdatePassword checks uf the given password can be used to be the password of a user +func (c *Commands) canUpdatePassword(ctx context.Context, newPassword string, resourceOwner string, state domain.UserState) (err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + if !isUserStateExists(state) { + return zerrors.ThrowNotFound(nil, "COMMAND-G8dh3", "Errors.User.Password.NotFound") + } + if state == domain.UserStateInitial { + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-M9dse", "Errors.User.NotInitialised") + } + policy, err := c.getOrgPasswordComplexityPolicy(ctx, resourceOwner) if err != nil { return err } @@ -142,20 +164,21 @@ func (c *Commands) canUpdatePassword(ctx context.Context, newPassword string, wm return nil } +// RequestSetPassword generate and send out new code to change password for a specific user func (c *Commands) RequestSetPassword(ctx context.Context, userID, resourceOwner string, notifyType domain.NotificationType, passwordVerificationCode crypto.Generator) (objectDetails *domain.ObjectDetails, err error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-M00oL", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-M00oL", "Errors.User.UserIDMissing") } existingHuman, err := c.userWriteModelByID(ctx, userID, resourceOwner) if err != nil { return nil, err } - if existingHuman.UserState == domain.UserStateUnspecified || existingHuman.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Hj9ds", "Errors.User.NotFound") + if !isUserStateExists(existingHuman.UserState) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Hj9ds", "Errors.User.NotFound") } if existingHuman.UserState == domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.NotInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.NotInitialised") } userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel) passwordCode, err := domain.NewPasswordCode(passwordVerificationCode) @@ -173,9 +196,10 @@ func (c *Commands) RequestSetPassword(ctx context.Context, userID, resourceOwner return writeModelToObjectDetails(&existingHuman.WriteModel), nil } +// PasswordCodeSent notification send with code to change password func (c *Commands) PasswordCodeSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-meEfe", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-meEfe", "Errors.User.UserIDMissing") } existingPassword, err := c.passwordWriteModel(ctx, userID, orgID) @@ -183,16 +207,17 @@ func (c *Commands) PasswordCodeSent(ctx context.Context, orgID, userID string) ( return err } if existingPassword.UserState == domain.UserStateUnspecified || existingPassword.UserState == domain.UserStateDeleted { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3n77z", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-3n77z", "Errors.User.NotFound") } userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) _, err = c.eventstore.Push(ctx, user.NewHumanPasswordCodeSentEvent(ctx, userAgg)) return err } +// PasswordChangeSent notification sent that user changed his password func (c *Commands) PasswordChangeSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-pqlm2n", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-pqlm2n", "Errors.User.UserIDMissing") } existingPassword, err := c.passwordWriteModel(ctx, userID, orgID) @@ -200,45 +225,46 @@ func (c *Commands) PasswordChangeSent(ctx context.Context, orgID, userID string) return err } if existingPassword.UserState == domain.UserStateUnspecified || existingPassword.UserState == domain.UserStateDeleted { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-x902b2v", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-x902b2v", "Errors.User.NotFound") } userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) _, err = c.eventstore.Push(ctx, user.NewHumanPasswordChangeSentEvent(ctx, userAgg)) return err } +// HumanCheckPassword check password for user with additional informations from authRequest func (c *Commands) HumanCheckPassword(ctx context.Context, orgID, userID, password string, authRequest *domain.AuthRequest, lockoutPolicy *domain.LockoutPolicy) (err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-4Mfsf", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-4Mfsf", "Errors.User.UserIDMissing") } if password == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-3n8fs", "Errors.User.Password.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-3n8fs", "Errors.User.Password.Empty") } loginPolicy, err := c.getOrgLoginPolicy(ctx, orgID) if err != nil { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-Edf3g", "Errors.Org.LoginPolicy.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-Edf3g", "Errors.Org.LoginPolicy.NotFound") } if !loginPolicy.AllowUsernamePassword { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-Dft32", "Errors.Org.LoginPolicy.UsernamePasswordNotAllowed") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-Dft32", "Errors.Org.LoginPolicy.UsernamePasswordNotAllowed") } wm, err := c.passwordWriteModel(ctx, userID, orgID) if err != nil { return err } - if wm.UserState == domain.UserStateUnspecified || wm.UserState == domain.UserStateDeleted { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3n77z", "Errors.User.NotFound") + + if !isUserStateExists(wm.UserState) { + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-3n77z", "Errors.User.NotFound") } if wm.UserState == domain.UserStateLocked { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-JLK35", "Errors.User.Locked") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-JLK35", "Errors.User.Locked") } - if wm.EncodedHash == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3nJ4t", "Errors.User.Password.NotSet") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-3nJ4t", "Errors.User.Password.NotSet") } userAgg := UserAggregateFromWriteModel(&wm.WriteModel) @@ -254,7 +280,7 @@ func (c *Commands) HumanCheckPassword(ctx context.Context, orgID, userID, passwo return recheckErr } if wm.UserState == domain.UserStateLocked { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SFA3t", "Errors.User.Locked") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SFA3t", "Errors.User.Locked") } if err == nil { @@ -294,10 +320,10 @@ func convertPasswapErr(err error) error { return nil } if errors.Is(err, passwap.ErrPasswordMismatch) { - return caos_errs.ThrowInvalidArgument(err, "COMMAND-3M0fs", "Errors.User.Password.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-3M0fs", "Errors.User.Password.Invalid") } if errors.Is(err, passwap.ErrPasswordNoChange) { - return caos_errs.ThrowPreconditionFailed(err, "COMMAND-Aesh5", "Errors.User.Password.NotChanged") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-Aesh5", "Errors.User.Password.NotChanged") } - return caos_errs.ThrowInternal(err, "COMMAND-CahN2", "Errors.Internal") + return zerrors.ThrowInternal(err, "COMMAND-CahN2", "Errors.Internal") } diff --git a/internal/command/user_human_password_test.go b/internal/command/user_human_password_test.go index 3b72e85bf2..0bb9e613ae 100644 --- a/internal/command/user_human_password_test.go +++ b/internal/command/user_human_password_test.go @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetOneTimePassword(t *testing.T) { @@ -55,7 +55,7 @@ func TestCommandSide_SetOneTimePassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -72,7 +72,7 @@ func TestCommandSide_SetOneTimePassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -114,7 +114,7 @@ func TestCommandSide_SetOneTimePassword(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) }, }, }, @@ -278,7 +278,6 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { code string resourceOwner string password string - agentID string } type res struct { want *domain.ObjectDetails @@ -302,7 +301,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -318,7 +317,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -336,7 +335,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -370,7 +369,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { password: "string", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -418,7 +417,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -505,7 +504,7 @@ func TestCommandSide_SetPasswordWithVerifyCode(t *testing.T) { userPasswordHasher: tt.fields.userPasswordHasher, userEncryption: tt.fields.userEncryption, } - got, err := r.SetPasswordWithVerifyCode(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.code, tt.args.password, tt.args.agentID) + got, err := r.SetPasswordWithVerifyCode(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.code, tt.args.password) if tt.res.err == nil { assert.NoError(t, err) } @@ -529,7 +528,6 @@ func TestCommandSide_ChangePassword(t *testing.T) { resourceOwner string oldPassword string newPassword string - agentID string } type res struct { want *domain.ObjectDetails @@ -553,7 +551,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { }, expect: []expect{}, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -567,7 +565,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { }, expect: []expect{}, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -581,7 +579,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { }, expect: []expect{}, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -598,7 +596,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { expectFilter(), }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -632,7 +630,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { ), }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -675,21 +673,9 @@ func TestCommandSide_ChangePassword(t *testing.T) { false, "")), ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -766,7 +752,7 @@ func TestCommandSide_ChangePassword(t *testing.T) { eventstore: eventstoreExpect(t, tt.expect...), userPasswordHasher: tt.fields.userPasswordHasher, } - got, err := r.ChangePassword(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.oldPassword, tt.args.newPassword, tt.args.agentID) + got, err := r.ChangePassword(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.oldPassword, tt.args.newPassword) if tt.res.err == nil { assert.NoError(t, err) } @@ -813,7 +799,7 @@ func TestCommandSide_RequestSetPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -830,7 +816,7 @@ func TestCommandSide_RequestSetPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -879,7 +865,7 @@ func TestCommandSide_RequestSetPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -988,7 +974,7 @@ func TestCommandSide_PasswordCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1005,7 +991,7 @@ func TestCommandSide_PasswordCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1101,7 +1087,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1117,7 +1103,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1136,7 +1122,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1177,7 +1163,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1219,7 +1205,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1281,7 +1267,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { password: "password", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1339,7 +1325,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1423,7 +1409,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { lockoutPolicy: &domain.LockoutPolicy{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1513,7 +1499,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1760,7 +1746,7 @@ func TestCommandSide_CheckPassword(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1893,17 +1879,17 @@ func Test_convertPasswapErr(t *testing.T) { { name: "mismatch", args: args{passwap.ErrPasswordMismatch}, - wantErr: caos_errs.ThrowInvalidArgument(passwap.ErrPasswordMismatch, "COMMAND-3M0fs", "Errors.User.Password.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(passwap.ErrPasswordMismatch, "COMMAND-3M0fs", "Errors.User.Password.Invalid"), }, { name: "no change", args: args{passwap.ErrPasswordNoChange}, - wantErr: caos_errs.ThrowPreconditionFailed(passwap.ErrPasswordNoChange, "COMMAND-Aesh5", "Errors.User.Password.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(passwap.ErrPasswordNoChange, "COMMAND-Aesh5", "Errors.User.Password.NotChanged"), }, { name: "other", args: args{io.ErrClosedPipe}, - wantErr: caos_errs.ThrowInternal(io.ErrClosedPipe, "COMMAND-CahN2", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(io.ErrClosedPipe, "COMMAND-CahN2", "Errors.Internal"), }, } for _, tt := range tests { diff --git a/internal/command/user_human_phone.go b/internal/command/user_human_phone.go index 43395acd15..67a25f9bcf 100644 --- a/internal/command/user_human_phone.go +++ b/internal/command/user_human_phone.go @@ -3,15 +3,14 @@ package command import ( "context" - "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeHumanPhone(ctx context.Context, phone *domain.Phone, resourceOwner string, phoneCodeGenerator crypto.Generator) (*domain.Phone, error) { @@ -23,7 +22,7 @@ func (c *Commands) ChangeHumanPhone(ctx context.Context, phone *domain.Phone, re return nil, err } if !existingPhone.UserState.Exists() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0fs", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M0fs", "Errors.User.NotFound") } userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) @@ -31,7 +30,7 @@ func (c *Commands) ChangeHumanPhone(ctx context.Context, phone *domain.Phone, re // only continue if there were changes or there were no changes and the phone should be set to verified if !hasChanged && !(phone.IsPhoneVerified && existingPhone.IsPhoneVerified != phone.IsPhoneVerified) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-wF94r", "Errors.User.Phone.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-wF94r", "Errors.User.Phone.NotChanged") } events := make([]eventstore.Command, 0) @@ -62,10 +61,10 @@ func (c *Commands) ChangeHumanPhone(ctx context.Context, phone *domain.Phone, re func (c *Commands) VerifyHumanPhone(ctx context.Context, userID, code, resourceowner string, phoneCodeGenerator crypto.Generator) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Km9ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Km9ds", "Errors.User.UserIDMissing") } if code == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-wMe9f", "Errors.User.Code.Empty") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-wMe9f", "Errors.User.Code.Empty") } existingCode, err := c.phoneWriteModelByID(ctx, userID, resourceowner) @@ -73,10 +72,10 @@ func (c *Commands) VerifyHumanPhone(ctx context.Context, userID, code, resourceo return nil, err } if !existingCode.UserState.Exists() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rsj8c", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Rsj8c", "Errors.User.NotFound") } if !existingCode.State.Exists() || existingCode.Code == nil { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Rsj8c", "Errors.User.Code.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Rsj8c", "Errors.User.Code.NotFound") } userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) @@ -94,12 +93,12 @@ func (c *Commands) VerifyHumanPhone(ctx context.Context, userID, code, resourceo } _, err = c.eventstore.Push(ctx, user.NewHumanPhoneVerificationFailedEvent(ctx, userAgg)) logging.LogWithFields("COMMAND-5M9ds", "userID", userAgg.ID).OnError(err).Error("NewHumanPhoneVerificationFailedEvent push failed") - return nil, caos_errs.ThrowInvalidArgument(err, "COMMAND-sM0cs", "Errors.User.Code.Invalid") + return nil, zerrors.ThrowInvalidArgument(err, "COMMAND-sM0cs", "Errors.User.Code.Invalid") } func (c *Commands) CreateHumanPhoneVerificationCode(ctx context.Context, userID, resourceowner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") } existingPhone, err := c.phoneWriteModelByID(ctx, userID, resourceowner) @@ -108,13 +107,13 @@ func (c *Commands) CreateHumanPhoneVerificationCode(ctx context.Context, userID, } if !existingPhone.UserState.Exists() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.NotFound") } if !existingPhone.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2b7Hf", "Errors.User.Phone.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-2b7Hf", "Errors.User.Phone.NotFound") } if existingPhone.IsPhoneVerified { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sf", "Errors.User.Phone.AlreadyVerified") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M9sf", "Errors.User.Phone.AlreadyVerified") } config, err := secretGeneratorConfig(ctx, c.eventstore.Filter, domain.SecretGeneratorTypeVerifyPhoneCode) if err != nil { @@ -134,7 +133,7 @@ func (c *Commands) CreateHumanPhoneVerificationCode(ctx context.Context, userID, func (c *Commands) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-3m9Fs", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-3m9Fs", "Errors.User.UserIDMissing") } existingPhone, err := c.phoneWriteModelByID(ctx, userID, orgID) @@ -142,10 +141,10 @@ func (c *Commands) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, us return err } if !existingPhone.UserState.Exists() { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9fs", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M9fs", "Errors.User.NotFound") } if !existingPhone.State.Exists() { - return caos_errs.ThrowNotFound(nil, "COMMAND-66n8J", "Errors.User.Phone.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-66n8J", "Errors.User.Phone.NotFound") } userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) @@ -155,7 +154,7 @@ func (c *Commands) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, us func (c *Commands) RemoveHumanPhone(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-6M0ds", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-6M0ds", "Errors.User.UserIDMissing") } existingPhone, err := c.phoneWriteModelByID(ctx, userID, resourceOwner) @@ -163,10 +162,10 @@ func (c *Commands) RemoveHumanPhone(ctx context.Context, userID, resourceOwner s return nil, err } if !existingPhone.UserState.Exists() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9fs", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M9fs", "Errors.User.NotFound") } if !existingPhone.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-p6rsc", "Errors.User.Phone.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-p6rsc", "Errors.User.Phone.NotFound") } userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) diff --git a/internal/command/user_human_phone_test.go b/internal/command/user_human_phone_test.go index 4755b479be..ae9784cc0c 100644 --- a/internal/command/user_human_phone_test.go +++ b/internal/command/user_human_phone_test.go @@ -11,11 +11,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeHumanPhone(t *testing.T) { @@ -55,7 +55,7 @@ func TestCommandSide_ChangeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -77,7 +77,7 @@ func TestCommandSide_ChangeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -120,7 +120,7 @@ func TestCommandSide_ChangeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -409,7 +409,7 @@ func TestCommandSide_VerifyHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -425,7 +425,7 @@ func TestCommandSide_VerifyHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -443,7 +443,7 @@ func TestCommandSide_VerifyHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -476,7 +476,7 @@ func TestCommandSide_VerifyHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -533,7 +533,7 @@ func TestCommandSide_VerifyHumanPhone(t *testing.T) { secretGenerator: GetMockSecretGenerator(t), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -647,7 +647,7 @@ func TestCommandSide_CreateVerificationCodeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -664,7 +664,7 @@ func TestCommandSide_CreateVerificationCodeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -707,7 +707,7 @@ func TestCommandSide_CreateVerificationCodeHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -827,7 +827,7 @@ func TestCommandSide_PhoneVerificationCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -844,7 +844,7 @@ func TestCommandSide_PhoneVerificationCodeSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -936,7 +936,7 @@ func TestCommandSide_RemoveHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -953,7 +953,7 @@ func TestCommandSide_RemoveHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -985,7 +985,7 @@ func TestCommandSide_RemoveHumanPhone(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/user_human_profile.go b/internal/command/user_human_profile.go index e77f3288bc..d518c2f14d 100644 --- a/internal/command/user_human_profile.go +++ b/internal/command/user_human_profile.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) ChangeHumanProfile(ctx context.Context, profile *domain.Profile) (*domain.Profile, error) { if profile.AggregateID == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-AwbEB", "Errors.User.Profile.IDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-AwbEB", "Errors.User.Profile.IDMissing") } if err := profile.Validate(); err != nil { return nil, err @@ -20,7 +20,7 @@ func (c *Commands) ChangeHumanProfile(ctx context.Context, profile *domain.Profi return nil, err } if existingProfile.UserState == domain.UserStateUnspecified || existingProfile.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9sd", "Errors.User.Profile.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M9sd", "Errors.User.Profile.NotFound") } userAgg := UserAggregateFromWriteModel(&existingProfile.WriteModel) changedEvent, hasChanged, err := existingProfile.NewChangedEvent(ctx, userAgg, profile.FirstName, profile.LastName, profile.NickName, profile.DisplayName, profile.PreferredLanguage, profile.Gender) @@ -28,7 +28,7 @@ func (c *Commands) ChangeHumanProfile(ctx context.Context, profile *domain.Profi return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.Profile.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.Profile.NotChanged") } events, err := c.eventstore.Push(ctx, changedEvent) diff --git a/internal/command/user_human_profile_test.go b/internal/command/user_human_profile_test.go index aea3ef562e..65075743de 100644 --- a/internal/command/user_human_profile_test.go +++ b/internal/command/user_human_profile_test.go @@ -8,10 +8,10 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_ChangeHumanProfile(t *testing.T) { @@ -36,8 +36,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { { name: "user not existing, precondition error", fields: fields{ - eventstore: eventstoreExpect( - t, + eventstore: eventstoreExpect(t, expectFilter(), ), }, @@ -51,13 +50,13 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { LastName: "lastname", NickName: "nickname", DisplayName: "displayname", - PreferredLanguage: language.German, + PreferredLanguage: AllowedLanguage, Gender: domain.GenderFemale, }, resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -74,7 +73,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + AllowedLanguage, domain.GenderFemale, "email", true, @@ -93,13 +92,13 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { LastName: "lastname", NickName: "nickname", DisplayName: "displayname", - PreferredLanguage: language.German, + PreferredLanguage: AllowedLanguage, Gender: domain.GenderFemale, }, resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -116,7 +115,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + DisallowedLanguage, domain.GenderUnspecified, "email", true, @@ -130,7 +129,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { "lastname2", "nickname2", "displayname2", - language.English, + AllowedLanguage, domain.GenderMale, ), ), @@ -146,7 +145,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { LastName: "lastname2", NickName: "nickname2", DisplayName: "displayname2", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, Gender: domain.GenderMale, }, resourceOwner: "org1", @@ -161,7 +160,133 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) { LastName: "lastname2", NickName: "nickname2", DisplayName: "displayname2", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, + Gender: domain.GenderMale, + }, + }, + }, + { + name: "undefined preferred language, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + DisallowedLanguage, + domain.GenderUnspecified, + "email", + true, + ), + ), + ), + expectPush( + newProfileChangedEvent(context.Background(), + "user1", "org1", + "firstname2", + "lastname2", + "nickname2", + "displayname2", + language.Und, + domain.GenderMale, + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + address: &domain.Profile{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + }, + FirstName: "firstname2", + LastName: "lastname2", + NickName: "nickname2", + DisplayName: "displayname2", + Gender: domain.GenderMale, + }, + resourceOwner: "org1", + }, + res: res{ + want: &domain.Profile{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + FirstName: "firstname2", + LastName: "lastname2", + NickName: "nickname2", + DisplayName: "displayname2", + PreferredLanguage: language.Und, + Gender: domain.GenderMale, + }, + }, + }, { + name: "unsupported preferred language, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + DisallowedLanguage, + domain.GenderUnspecified, + "email", + true, + ), + ), + ), + expectPush( + newProfileChangedEvent(context.Background(), + "user1", "org1", + "firstname2", + "lastname2", + "nickname2", + "displayname2", + UnsupportedLanguage, + domain.GenderMale, + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + address: &domain.Profile{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + }, + FirstName: "firstname2", + LastName: "lastname2", + NickName: "nickname2", + DisplayName: "displayname2", + PreferredLanguage: UnsupportedLanguage, + Gender: domain.GenderMale, + }, + resourceOwner: "org1", + }, + res: res{ + want: &domain.Profile{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + FirstName: "firstname2", + LastName: "lastname2", + NickName: "nickname2", + DisplayName: "displayname2", + PreferredLanguage: UnsupportedLanguage, Gender: domain.GenderMale, }, }, diff --git a/internal/command/user_human_refresh_token.go b/internal/command/user_human_refresh_token.go index de7995d70a..5416cc76d0 100644 --- a/internal/command/user_human_refresh_token.go +++ b/internal/command/user_human_refresh_token.go @@ -5,9 +5,9 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddAccessAndRefreshToken( @@ -45,8 +45,8 @@ func (c *Commands) AddNewRefreshTokenAndAccessToken( refreshIdleExpiration time.Duration, authTime time.Time, ) (accessToken *domain.Token, newRefreshToken string, err error) { - if userID == "" || agentID == "" || clientID == "" { - return nil, "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-adg4r", "Errors.IDMissing") + if userID == "" || clientID == "" { + return nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-adg4r", "Errors.IDMissing") } userWriteModel := NewUserWriteModel(userID, orgID) refreshTokenID, err := c.idGenerator.Next() @@ -114,7 +114,7 @@ func (c *Commands) RevokeRefreshToken(ctx context.Context, userID, orgID, tokenI func (c *Commands) RevokeRefreshTokens(ctx context.Context, userID, orgID string, tokenIDs []string) (err error) { if len(tokenIDs) == 0 { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Gfj42", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Gfj42", "Errors.IDMissing") } events := make([]eventstore.Command, len(tokenIDs)) for i, tokenID := range tokenIDs { @@ -142,15 +142,15 @@ func (c *Commands) addRefreshToken(ctx context.Context, accessToken *domain.Toke func (c *Commands) renewRefreshToken(ctx context.Context, userID, orgID, refreshToken string, idleExpiration time.Duration) (event *user.HumanRefreshTokenRenewedEvent, refreshTokenID, newRefreshToken string, err error) { if refreshToken == "" { - return nil, "", "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-DHrr3", "Errors.IDMissing") + return nil, "", "", zerrors.ThrowInvalidArgument(nil, "COMMAND-DHrr3", "Errors.IDMissing") } tokenUserID, tokenID, token, err := domain.FromRefreshToken(refreshToken, c.keyAlgorithm) if err != nil { - return nil, "", "", caos_errs.ThrowInvalidArgument(err, "COMMAND-Dbfe4", "Errors.User.RefreshToken.Invalid") + return nil, "", "", zerrors.ThrowInvalidArgument(err, "COMMAND-Dbfe4", "Errors.User.RefreshToken.Invalid") } if tokenUserID != userID { - return nil, "", "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ht2g2", "Errors.User.RefreshToken.Invalid") + return nil, "", "", zerrors.ThrowInvalidArgument(nil, "COMMAND-Ht2g2", "Errors.User.RefreshToken.Invalid") } refreshTokenWriteModel := NewHumanRefreshTokenWriteModel(userID, orgID, tokenID) err = c.eventstore.FilterToQueryReducer(ctx, refreshTokenWriteModel) @@ -158,12 +158,12 @@ func (c *Commands) renewRefreshToken(ctx context.Context, userID, orgID, refresh return nil, "", "", err } if refreshTokenWriteModel.UserState != domain.UserStateActive { - return nil, "", "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-BHnhs", "Errors.User.RefreshToken.Invalid") + return nil, "", "", zerrors.ThrowInvalidArgument(nil, "COMMAND-BHnhs", "Errors.User.RefreshToken.Invalid") } if refreshTokenWriteModel.RefreshToken != token || refreshTokenWriteModel.IdleExpiration.Before(time.Now()) || refreshTokenWriteModel.Expiration.Before(time.Now()) { - return nil, "", "", caos_errs.ThrowInvalidArgument(nil, "COMMAND-Vr43e", "Errors.User.RefreshToken.Invalid") + return nil, "", "", zerrors.ThrowInvalidArgument(nil, "COMMAND-Vr43e", "Errors.User.RefreshToken.Invalid") } newToken, err := c.idGenerator.Next() @@ -180,7 +180,7 @@ func (c *Commands) renewRefreshToken(ctx context.Context, userID, orgID, refresh func (c *Commands) removeRefreshToken(ctx context.Context, userID, orgID, tokenID string) (*user.HumanRefreshTokenRemovedEvent, *HumanRefreshTokenWriteModel, error) { if userID == "" || orgID == "" || tokenID == "" { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-GVDgf", "Errors.IDMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GVDgf", "Errors.IDMissing") } refreshTokenWriteModel := NewHumanRefreshTokenWriteModel(userID, orgID, tokenID) err := c.eventstore.FilterToQueryReducer(ctx, refreshTokenWriteModel) @@ -188,7 +188,7 @@ func (c *Commands) removeRefreshToken(ctx context.Context, userID, orgID, tokenI return nil, nil, err } if refreshTokenWriteModel.UserState != domain.UserStateActive { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-BHt2w", "Errors.User.RefreshToken.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-BHt2w", "Errors.User.RefreshToken.NotFound") } userAgg := UserAggregateFromWriteModel(&refreshTokenWriteModel.WriteModel) return user.NewHumanRefreshTokenRemovedEvent(ctx, userAgg, tokenID), refreshTokenWriteModel, nil diff --git a/internal/command/user_human_refresh_token_test.go b/internal/command/user_human_refresh_token_test.go index cee99c5183..d3c310db7a 100644 --- a/internal/command/user_human_refresh_token_test.go +++ b/internal/command/user_human_refresh_token_test.go @@ -12,12 +12,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddAccessAndRefreshToken(t *testing.T) { @@ -59,7 +59,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { }, args: args{}, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -84,7 +84,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { clientID: "clientID", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -98,7 +98,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { refreshToken: "invalid", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -114,7 +114,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID2:tokenID:token")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -152,7 +152,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID:tokenID:token")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -185,7 +185,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID:tokenID:tokenID")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, //fails because of timestamp equality @@ -240,7 +240,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { // )), // ), // expectPushFailed( - // caos_errs.ThrowInternal(nil, "ERROR", "internal"), + // zerrors.ThrowInternal(nil, "ERROR", "internal"), // []*repository.Event{ // eventFromEventPusher(user.NewUserTokenAddedEvent( // context.Background(), @@ -280,7 +280,7 @@ func TestCommands_AddAccessAndRefreshToken(t *testing.T) { // authTime: time.Now(), // }, // res: res{ - // err: caos_errs.IsInternal, + // err: zerrors.IsInternal, // }, //}, } @@ -334,7 +334,7 @@ func TestCommands_RevokeRefreshToken(t *testing.T) { }, args{}, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -351,7 +351,7 @@ func TestCommands_RevokeRefreshToken(t *testing.T) { "tokenID", }, res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -374,7 +374,7 @@ func TestCommands_RevokeRefreshToken(t *testing.T) { 10*time.Hour, )), ), - expectPushFailed(caos_errs.ThrowInternal(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowInternal(nil, "ERROR", "internal"), user.NewHumanRefreshTokenRemovedEvent( context.Background(), &user.NewAggregate("userID", "orgID").Aggregate, @@ -390,7 +390,7 @@ func TestCommands_RevokeRefreshToken(t *testing.T) { "tokenID", }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -485,7 +485,7 @@ func TestCommands_RevokeRefreshTokens(t *testing.T) { nil, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -518,7 +518,7 @@ func TestCommands_RevokeRefreshTokens(t *testing.T) { []string{"tokenID", "tokenID2"}, }, res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -557,7 +557,7 @@ func TestCommands_RevokeRefreshTokens(t *testing.T) { 10*time.Hour, )), ), - expectPushFailed(caos_errs.ThrowInternal(nil, "ERROR", "internal"), + expectPushFailed(zerrors.ThrowInternal(nil, "ERROR", "internal"), user.NewHumanRefreshTokenRemovedEvent( context.Background(), &user.NewAggregate("userID", "orgID").Aggregate, @@ -578,7 +578,7 @@ func TestCommands_RevokeRefreshTokens(t *testing.T) { []string{"tokenID", "tokenID2"}, }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -670,7 +670,7 @@ func refreshTokenEncryptionAlgorithm(ctrl *gomock.Controller) crypto.EncryptionA mCrypto.EXPECT().Decrypt(gomock.Any(), gomock.Any()).AnyTimes().DoAndReturn( func(refrehToken []byte, keyID string) ([]byte, error) { if keyID != "id" { - return nil, caos_errs.ThrowInternal(nil, "id", "invalid key id") + return nil, zerrors.ThrowInternal(nil, "id", "invalid key id") } return refrehToken, nil }, @@ -805,7 +805,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { ctx: context.Background(), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -819,7 +819,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { refreshToken: "invalid", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -835,7 +835,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID2:tokenID:token")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -873,7 +873,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID:tokenID:token")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -906,7 +906,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { refreshToken: base64.RawURLEncoding.EncodeToString([]byte("userID:tokenID:tokenID")), }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -946,7 +946,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { idleExpiration: 1 * time.Hour, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -987,7 +987,7 @@ func TestCommands_renewRefreshToken(t *testing.T) { idleExpiration: 1 * time.Hour, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go index 6e630f8885..009c0ec994 100644 --- a/internal/command/user_human_test.go +++ b/internal/command/user_human_test.go @@ -14,7 +14,6 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" @@ -22,6 +21,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddHuman(t *testing.T) { @@ -74,7 +74,7 @@ func TestCommandSide_AddHuman(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowInvalidArgument(nil, "COMMA-5Ky74", "Errors.Internal")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMA-5Ky74", "Errors.Internal")) }, }, }, @@ -94,7 +94,7 @@ func TestCommandSide_AddHuman(t *testing.T) { }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")) }, }, }, @@ -104,7 +104,7 @@ func TestCommandSide_AddHuman(t *testing.T) { eventstore: expectEventstore( expectFilter( eventFromEventPusher( - newAddHumanEvent("$plain$x$password", true, true, ""), + newAddHumanEvent("$plain$x$password", true, true, "", AllowedLanguage), ), ), ), @@ -120,18 +120,19 @@ func TestCommandSide_AddHuman(t *testing.T) { Email: Email{ Address: "email@test.ch", }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, allowInitMail: true, }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-k2unb", "Errors.User.AlreadyExisting")) + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-k2unb", "Errors.User.AlreadyExisting")) }, }, }, { name: "domain policy not found, precondition error", + fields: fields{ idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), eventstore: expectEventstore( @@ -150,13 +151,13 @@ func TestCommandSide_AddHuman(t *testing.T) { Email: Email{ Address: "email@test.ch", }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, allowInitMail: true, }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal")) + return errors.Is(err, zerrors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal")) }, }, }, @@ -192,18 +193,18 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, allowInitMail: true, }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowInternal(nil, "USER-uQ96e", "Errors.Internal")) + return errors.Is(err, zerrors.ThrowInternal(nil, "USER-uQ96e", "Errors.Internal")) }, }, }, { - name: "add human (with initial code), ok", + name: "add human with undefined preferred language, ok", fields: fields{ eventstore: expectEventstore( expectFilter(), @@ -225,7 +226,7 @@ func TestCommandSide_AddHuman(t *testing.T) { "lastname", "", "firstname lastname", - language.English, + language.Und, domain.GenderUnspecified, "email@test.ch", true, @@ -256,7 +257,142 @@ func TestCommandSide_AddHuman(t *testing.T) { Email: Email{ Address: "email@test.ch", }, - PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human with unsupported preferred language, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewHumanAddedEvent(context.Background(), + &userAgg.Aggregate, + "username", + "firstname", + "lastname", + "", + "firstname lastname", + UnsupportedLanguage, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + time.Hour*1, + ), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: UnsupportedLanguage, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with initial code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewHumanAddedEvent(context.Background(), + &userAgg.Aggregate, + "username", + "firstname", + "lastname", + "", + "firstname lastname", + AllowedLanguage, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + time.Hour*1, + ), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -298,7 +434,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", false, true, ""), + newAddHumanEvent("$plain$x$password", false, true, "", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -327,7 +463,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Email: Email{ Address: "email@test.ch", }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -367,7 +503,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", false, true, ""), + newAddHumanEvent("$plain$x$password", false, true, "", AllowedLanguage), user.NewHumanEmailCodeAddedEventV2(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -399,7 +535,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", URLTemplate: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}", }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: false, @@ -439,7 +575,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", false, true, ""), + newAddHumanEvent("$plain$x$password", false, true, "", AllowedLanguage), user.NewHumanEmailCodeAddedEventV2(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -471,7 +607,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", ReturnCode: true, }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: false, @@ -512,7 +648,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", true, true, ""), + newAddHumanEvent("$plain$x$password", true, true, "", AllowedLanguage), user.NewHumanEmailVerifiedEvent(context.Background(), &userAgg.Aggregate, ), @@ -534,8 +670,8 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, PasswordChangeRequired: true, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -575,7 +711,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", true, true, ""), + newAddHumanEvent("$plain$x$password", true, true, "", AllowedLanguage), user.NewHumanEmailVerifiedEvent(context.Background(), &userAgg.Aggregate, ), @@ -597,8 +733,8 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, PasswordChangeRequired: true, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -638,7 +774,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", true, false, ""), + newAddHumanEvent("$plain$x$password", true, false, "", AllowedLanguage), user.NewHumanEmailVerifiedEvent(context.Background(), &userAgg.Aggregate, ), @@ -660,8 +796,8 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, PasswordChangeRequired: true, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -713,15 +849,15 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, PasswordChangeRequired: true, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, }, res: res{ err: func(err error) bool { - return errors.Is(err, caos_errs.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername")) + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername")) }, }, }, @@ -769,7 +905,7 @@ func TestCommandSide_AddHuman(t *testing.T) { "lastname", "", "firstname lastname", - language.English, + AllowedLanguage, domain.GenderUnspecified, "email@test.ch", false, @@ -798,8 +934,8 @@ func TestCommandSide_AddHuman(t *testing.T) { Address: "email@test.ch", Verified: true, }, - PreferredLanguage: language.English, PasswordChangeRequired: true, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -840,7 +976,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", false, true, "+41711234567"), + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", AllowedLanguage), user.NewHumanEmailVerifiedEvent( context.Background(), &userAgg.Aggregate, @@ -877,7 +1013,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Phone: Phone{ Number: "+41711234567", }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -905,7 +1041,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("", false, true, "+41711234567"), + newAddHumanEvent("", false, true, "+41711234567", AllowedLanguage), user.NewHumanInitialCodeAddedEvent( context.Background(), &userAgg.Aggregate, @@ -941,7 +1077,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Number: "+41711234567", Verified: true, }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -980,7 +1116,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("$plain$x$password", false, true, "+41711234567"), + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", AllowedLanguage), user.NewHumanEmailVerifiedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate), user.NewHumanPhoneCodeAddedEventV2( @@ -1018,7 +1154,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Number: "+41711234567", ReturnCode: true, }, - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -1046,7 +1182,7 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), expectPush( - newAddHumanEvent("", false, true, ""), + newAddHumanEvent("", false, true, "", AllowedLanguage), user.NewHumanInitialCodeAddedEvent( context.Background(), &userAgg.Aggregate, @@ -1080,13 +1216,13 @@ func TestCommandSide_AddHuman(t *testing.T) { Email: Email{ Address: "email@test.ch", }, - PreferredLanguage: language.English, Metadata: []*AddMetadataEntry{ { Key: "testKey", Value: []byte("testValue"), }, }, + PreferredLanguage: AllowedLanguage, }, secretGenerator: GetMockSecretGenerator(t), allowInitMail: true, @@ -1147,206 +1283,218 @@ func TestCommandSide_ImportHuman(t *testing.T) { err func(error) bool } tests := []struct { - name string - fields fields - args args - res res + name string + given func(t *testing.T) (fields, args) + res res }{ { name: "orgid missing, invalid argument error", - fields: fields{ - eventstore: eventstoreExpect( - t, - ), - }, - args: args{ - ctx: context.Background(), - orgID: "", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + ), }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - }, + args{ + ctx: context.Background(), + orgID: "", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + } }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { name: "org policy not found, precondition error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter(), - expectFilter(), - ), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectFilter(), + ), }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + } }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { name: "password policy not found, precondition error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), ), + expectFilter(), + expectFilter(), ), - ), - expectFilter(), - expectFilter(), - ), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + } }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { name: "user invalid, invalid argument error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - ), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", }, - }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + PreferredLanguage: AllowedLanguage, + }, + }, + } }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, - }, - { + }, { name: "add human (with password and initial code), ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", true, true, "", AllowedLanguage), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectPush( - newAddHumanEvent("$plain$x$password", true, true, ""), - user.NewHumanInitialCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: true, }, - time.Hour*1, - ), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Password: &domain.Password{ - SecretString: "password", - ChangeRequired: true, - }, - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - }, - secretGenerator: GetMockSecretGenerator(t), + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1359,7 +1507,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1370,61 +1518,63 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human email verified password change not required, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", AllowedLanguage), + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectPush( - newAddHumanEvent("$plain$x$password", false, true, ""), - user.NewHumanEmailVerifiedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - ), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Password: &domain.Password{ - SecretString: "password", - ChangeRequired: false, + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), }, - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - IsEmailVerified: true, - }, - }, - secretGenerator: GetMockSecretGenerator(t), + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, + }, + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + IsEmailVerified: true, + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1437,7 +1587,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1449,70 +1599,72 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human email verified passwordless only, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter(), + expectPush( + newAddHumanEvent("", false, true, "", AllowedLanguage), + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + user.NewHumanPasswordlessInitCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "code1", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour, + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectFilter(), - expectPush( - newAddHumanEvent("", false, true, ""), - user.NewHumanEmailVerifiedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate), - user.NewHumanPasswordlessInitCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "code1", - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1", "code1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, - time.Hour, - ), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1", "code1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - IsEmailVerified: true, - }, - }, - passwordless: true, - secretGenerator: GetMockSecretGenerator(t), - passwordlessInitCode: GetMockSecretGenerator(t), + Email: &domain.Email{ + EmailAddress: "email@test.ch", + IsEmailVerified: true, + }, + }, + passwordless: true, + secretGenerator: GetMockSecretGenerator(t), + passwordlessInitCode: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1525,7 +1677,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1547,74 +1699,76 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human email verified passwordless and password change not required, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter(), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", AllowedLanguage), + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + user.NewHumanPasswordlessInitCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "code1", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour, + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectFilter(), - expectPush( - newAddHumanEvent("$plain$x$password", false, true, ""), - user.NewHumanEmailVerifiedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate), - user.NewHumanPasswordlessInitCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "code1", - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1", "code1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, }, - time.Hour, - ), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1", "code1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Password: &domain.Password{ - SecretString: "password", - ChangeRequired: false, - }, - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - IsEmailVerified: true, - }, - }, - passwordless: true, - secretGenerator: GetMockSecretGenerator(t), - passwordlessInitCode: GetMockSecretGenerator(t), + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + IsEmailVerified: true, + }, + }, + passwordless: true, + secretGenerator: GetMockSecretGenerator(t), + passwordlessInitCode: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1627,7 +1781,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1649,79 +1803,81 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human (with phone), ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", AllowedLanguage), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + user.NewHumanPhoneCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectPush( - newAddHumanEvent("$plain$x$password", false, true, "+41711234567"), - user.NewHumanInitialCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, - time.Hour*1, - ), - user.NewHumanPhoneCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, }, - time.Hour*1), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Password: &domain.Password{ - SecretString: "password", - ChangeRequired: false, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - Phone: &domain.Phone{ - PhoneNumber: "+41711234567", - }, - }, - secretGenerator: GetMockSecretGenerator(t), + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + Phone: &domain.Phone{ + PhoneNumber: "+41711234567", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1734,7 +1890,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1748,73 +1904,75 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human (with verified phone), ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", AllowedLanguage), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + user.NewHumanPhoneVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectPush( - newAddHumanEvent("$plain$x$password", false, true, "+41711234567"), - user.NewHumanInitialCodeAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte("a"), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, - time.Hour*1, - ), - user.NewHumanPhoneVerifiedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, - }, - Password: &domain.Password{ - SecretString: "password", - ChangeRequired: false, - }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - }, - Phone: &domain.Phone{ - PhoneNumber: "+41711234567", - IsPhoneVerified: true, - }, - }, - secretGenerator: GetMockSecretGenerator(t), + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + Phone: &domain.Phone{ + PhoneNumber: "+41711234567", + IsPhoneVerified: true, + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1827,7 +1985,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1840,127 +1998,69 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, }, { - name: "add human (with idp), ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + name: "add human (with undefined preferred language), ok", + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", language.Und), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectFilter( - eventFromEventPusher( - org.NewIDPConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - "name", - domain.IDPConfigTypeOIDC, - domain.IDPConfigStylingTypeUnspecified, - false, - ), - ), - eventFromEventPusher( - org.NewIDPOIDCConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "clientID", - "idpID", - "issuer", - "authEndpoint", - "tokenEndpoint", - nil, - domain.OIDCMappingFieldUnspecified, - domain.OIDCMappingFieldUnspecified, - ), - ), - ), - expectFilter( - eventFromEventPusher( - org.NewIDPConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - "name", - domain.IDPConfigTypeOIDC, - domain.IDPConfigStylingTypeUnspecified, - false, - ), - ), - eventFromEventPusher( - org.NewIDPOIDCConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "clientID", - "idpID", - "issuer", - "authEndpoint", - "tokenEndpoint", - nil, - domain.OIDCMappingFieldUnspecified, - domain.OIDCMappingFieldUnspecified, - ), - ), - eventFromEventPusher( - org.NewIdentityProviderAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - domain.IdentityProviderTypeOrg, - ), - ), - ), - expectPush( - newAddHumanEvent("", false, true, ""), - user.NewUserIDPLinkAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "idpID", - "name", - "externalID", - ), - user.NewHumanEmailVerifiedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - IsEmailVerified: true, - }, - }, - links: []*domain.UserIDPLink{ - { - IDPConfigID: "idpID", - ExternalUserID: "externalID", - DisplayName: "name", - }, - }, - secretGenerator: GetMockSecretGenerator(t), + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + }, + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ wantHuman: &domain.Human{ @@ -1973,7 +2073,238 @@ func TestCommandSide_ImportHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.English, + PreferredLanguage: language.Und, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + State: domain.UserStateInitial, + }, + }, + }, + { + name: "add human (with unsupported preferred language), ok", + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", UnsupportedLanguage), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: UnsupportedLanguage, + }, + Password: &domain.Password{ + SecretString: "password", + ChangeRequired: false, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } + }, + res: res{ + wantHuman: &domain.Human{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: UnsupportedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + State: domain.UserStateInitial, + }, + }, + }, + { + name: "add human (with idp), ok", + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewIDPConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "name", + domain.IDPConfigTypeOIDC, + domain.IDPConfigStylingTypeUnspecified, + false, + ), + ), + eventFromEventPusher( + org.NewIDPOIDCConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "clientID", + "idpID", + "issuer", + "authEndpoint", + "tokenEndpoint", + nil, + domain.OIDCMappingFieldUnspecified, + domain.OIDCMappingFieldUnspecified, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewIDPConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "name", + domain.IDPConfigTypeOIDC, + domain.IDPConfigStylingTypeUnspecified, + false, + ), + ), + eventFromEventPusher( + org.NewIDPOIDCConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "clientID", + "idpID", + "issuer", + "authEndpoint", + "tokenEndpoint", + nil, + domain.OIDCMappingFieldUnspecified, + domain.OIDCMappingFieldUnspecified, + ), + ), + eventFromEventPusher( + org.NewIdentityProviderAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + domain.IdentityProviderTypeOrg, + ), + ), + ), + expectPush( + newAddHumanEvent("", false, true, "", AllowedLanguage), + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpID", + "name", + "externalID", + ), + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + IsEmailVerified: true, + }, + }, + links: []*domain.UserIDPLink{ + { + IDPConfigID: "idpID", + ExternalUserID: "externalID", + DisplayName: "name", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } + }, + res: res{ + wantHuman: &domain.Human{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -1985,153 +2316,155 @@ func TestCommandSide_ImportHuman(t *testing.T) { }, { name: "add human (with idp, creation not allowed), precondition error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - org.NewDomainPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - true, - true, - true, + given: func(t *testing.T) (fields, args) { + return fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewIDPConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "name", + domain.IDPConfigTypeOIDC, + domain.IDPConfigStylingTypeUnspecified, + false, + ), + ), + eventFromEventPusher( + org.NewIDPOIDCConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "clientID", + "idpID", + "issuer", + "authEndpoint", + "tokenEndpoint", + nil, + domain.OIDCMappingFieldUnspecified, + domain.OIDCMappingFieldUnspecified, + ), + ), + eventFromEventPusher( + func() eventstore.Command { + e, _ := org.NewOIDCIDPChangedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "config1", + []idp.OIDCIDPChanges{ + idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}), + }, + ) + return e + }(), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewIDPConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "name", + domain.IDPConfigTypeOIDC, + domain.IDPConfigStylingTypeUnspecified, + false, + ), + ), + eventFromEventPusher( + org.NewIDPOIDCConfigAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "clientID", + "idpID", + "issuer", + "authEndpoint", + "tokenEndpoint", + nil, + domain.OIDCMappingFieldUnspecified, + domain.OIDCMappingFieldUnspecified, + ), + ), + eventFromEventPusher( + func() eventstore.Command { + e, _ := org.NewOIDCIDPChangedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "config1", + []idp.OIDCIDPChanges{ + idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}), + }, + ) + return e + }(), + ), + eventFromEventPusher( + org.NewIdentityProviderAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + domain.IdentityProviderTypeOrg, + ), + ), ), ), - ), - expectFilter( - eventFromEventPusher( - org.NewPasswordComplexityPolicyAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - 1, - false, - false, - false, - false, - ), - ), - ), - expectFilter( - eventFromEventPusher( - org.NewIDPConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - "name", - domain.IDPConfigTypeOIDC, - domain.IDPConfigStylingTypeUnspecified, - false, - ), - ), - eventFromEventPusher( - org.NewIDPOIDCConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "clientID", - "idpID", - "issuer", - "authEndpoint", - "tokenEndpoint", - nil, - domain.OIDCMappingFieldUnspecified, - domain.OIDCMappingFieldUnspecified, - ), - ), - eventFromEventPusher( - func() eventstore.Command { - e, _ := org.NewOIDCIDPChangedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "config1", - []idp.OIDCIDPChanges{ - idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}), - }, - ) - return e - }(), - ), - ), - expectFilter( - eventFromEventPusher( - org.NewIDPConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - "name", - domain.IDPConfigTypeOIDC, - domain.IDPConfigStylingTypeUnspecified, - false, - ), - ), - eventFromEventPusher( - org.NewIDPOIDCConfigAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "clientID", - "idpID", - "issuer", - "authEndpoint", - "tokenEndpoint", - nil, - domain.OIDCMappingFieldUnspecified, - domain.OIDCMappingFieldUnspecified, - ), - ), - eventFromEventPusher( - func() eventstore.Command { - e, _ := org.NewOIDCIDPChangedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "config1", - []idp.OIDCIDPChanges{ - idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}), - }, - ) - return e - }(), - ), - eventFromEventPusher( - org.NewIdentityProviderAddedEvent(context.Background(), - &org.NewAggregate("org1").Aggregate, - "idpID", - domain.IdentityProviderTypeOrg, - ), - ), - ), - ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - userPasswordHasher: mockPasswordHasher("x"), - }, - args: args{ - ctx: context.Background(), - orgID: "org1", - human: &domain.Human{ - Username: "username", - Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", - PreferredLanguage: language.English, + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), }, - Email: &domain.Email{ - EmailAddress: "email@test.ch", - IsEmailVerified: true, - }, - }, - links: []*domain.UserIDPLink{ - { - IDPConfigID: "idpID", - ExternalUserID: "externalID", - DisplayName: "name", - }, - }, - secretGenerator: GetMockSecretGenerator(t), + args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + IsEmailVerified: true, + }, + }, + links: []*domain.UserIDPLink{ + { + IDPConfigID: "idpID", + ExternalUserID: "externalID", + DisplayName: "name", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + } }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + f, a := tt.given(t) r := &Commands{ - eventstore: tt.fields.eventstore, - idGenerator: tt.fields.idGenerator, - userPasswordHasher: tt.fields.userPasswordHasher, + eventstore: f.eventstore, + idGenerator: f.idGenerator, + userPasswordHasher: f.userPasswordHasher, } - gotHuman, gotCode, err := r.ImportHuman(tt.args.ctx, tt.args.orgID, tt.args.human, tt.args.passwordless, tt.args.links, tt.args.secretGenerator, tt.args.secretGenerator, tt.args.secretGenerator, tt.args.secretGenerator) + gotHuman, gotCode, err := r.ImportHuman(a.ctx, a.orgID, a.human, a.passwordless, a.links, a.secretGenerator, a.secretGenerator, a.secretGenerator, a.secretGenerator) if tt.res.err == nil { assert.NoError(t, err) } @@ -2139,7 +2472,7 @@ func TestCommandSide_ImportHuman(t *testing.T) { t.Errorf("got wrong err: %v ", err) } if tt.res.err == nil { - assert.Equal(t, tt.res.wantHuman, gotHuman) + assert.Equal(t, tt.res.wantHuman.PreferredLanguage, gotHuman.PreferredLanguage) assert.Equal(t, tt.res.wantCode, gotCode) } }) @@ -2192,7 +2525,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2222,7 +2555,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -2262,7 +2595,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -2310,7 +2643,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -2380,7 +2713,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -2450,7 +2783,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2537,7 +2870,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -2625,7 +2958,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("email@test.ch", "$plain$x$password", false, false, ""), + newRegisterHumanEvent("email@test.ch", "$plain$x$password", false, false, "", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -2649,8 +2982,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { SecretString: "password", }, Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2669,7 +3003,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2730,7 +3064,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, false, ""), + newRegisterHumanEvent("username", "$plain$x$password", false, false, "", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -2754,8 +3088,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { SecretString: "password", }, Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2775,7 +3110,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2836,7 +3171,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, true, ""), + newRegisterHumanEvent("username", "$plain$x$password", false, true, "", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -2861,8 +3196,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { SecretString: "password", }, Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2881,7 +3217,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2942,7 +3278,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, true, ""), + newRegisterHumanEvent("username", "$plain$x$password", false, true, "", AllowedLanguage), user.NewHumanEmailVerifiedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate), ), @@ -2959,8 +3295,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { SecretString: "password", }, Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -2980,7 +3317,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3042,7 +3379,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, true, "+41711234567"), + newRegisterHumanEvent("username", "$plain$x$password", false, true, "+41711234567", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -3074,8 +3411,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { human: &domain.Human{ Username: "username", Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3100,7 +3438,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3164,7 +3502,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, true, "+41711234567"), + newRegisterHumanEvent("username", "$plain$x$password", false, true, "+41711234567", AllowedLanguage), user.NewHumanInitialCodeAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, &crypto.CryptoValue{ @@ -3189,8 +3527,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { human: &domain.Human{ Username: "username", Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3216,7 +3555,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3228,6 +3567,218 @@ func TestCommandSide_RegisterHuman(t *testing.T) { }, }, }, + { + name: "add human (with unsupported preferred language), ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewLoginPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + false, + true, + false, + false, + false, + false, + false, + false, + false, + false, + domain.PasswordlessTypeNotAllowed, + "", + time.Hour*1, + time.Hour*2, + time.Hour*3, + time.Hour*4, + time.Hour*5, + ), + ), + ), + expectPush( + newRegisterHumanEvent("username", "$plain$x$password", false, true, "", UnsupportedLanguage), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: UnsupportedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + Password: &domain.Password{ + SecretString: "password", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + }, + res: res{ + want: &domain.Human{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: UnsupportedLanguage, + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + State: domain.UserStateInitial, + }, + }, + }, + { + name: "add human (with undefined preferred language), ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewLoginPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + false, + true, + false, + false, + false, + false, + false, + false, + false, + false, + domain.PasswordlessTypeNotAllowed, + "", + time.Hour*1, + time.Hour*2, + time.Hour*3, + time.Hour*4, + time.Hour*5, + ), + ), + ), + expectPush( + newRegisterHumanEvent("username", "$plain$x$password", false, true, "", language.Und), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &domain.Human{ + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + Password: &domain.Password{ + SecretString: "password", + }, + }, + secretGenerator: GetMockSecretGenerator(t), + }, + res: res{ + want: &domain.Human{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + Username: "username", + Profile: &domain.Profile{ + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + }, + Email: &domain.Email{ + EmailAddress: "email@test.ch", + }, + State: domain.UserStateInitial, + }, + }, + }, { name: "add with idp link, email verified, ok", fields: fields{ @@ -3337,7 +3888,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { ), ), expectPush( - newRegisterHumanEvent("username", "$plain$x$password", false, true, ""), + newRegisterHumanEvent("username", "$plain$x$password", false, true, "", AllowedLanguage), user.NewUserIDPLinkAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, "idpID", @@ -3361,8 +3912,9 @@ func TestCommandSide_RegisterHuman(t *testing.T) { SecretString: "password", }, Profile: &domain.Profile{ - FirstName: "firstname", - LastName: "lastname", + FirstName: "firstname", + LastName: "lastname", + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3387,7 +3939,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) { FirstName: "firstname", LastName: "lastname", DisplayName: "firstname lastname", - PreferredLanguage: language.Und, + PreferredLanguage: AllowedLanguage, }, Email: &domain.Email{ EmailAddress: "email@test.ch", @@ -3453,7 +4005,7 @@ func TestCommandSide_HumanMFASkip(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -3470,7 +4022,7 @@ func TestCommandSide_HumanMFASkip(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -3487,7 +4039,7 @@ func TestCommandSide_HumanMFASkip(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + AllowedLanguage, domain.GenderUnspecified, "email@test.ch", true, @@ -3563,7 +4115,7 @@ func TestCommandSide_HumanSignOut(t *testing.T) { userIDs: []string{"user1"}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -3579,7 +4131,7 @@ func TestCommandSide_HumanSignOut(t *testing.T) { userIDs: []string{}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -3611,7 +4163,7 @@ func TestCommandSide_HumanSignOut(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + AllowedLanguage, domain.GenderUnspecified, "email@test.ch", true, @@ -3651,7 +4203,7 @@ func TestCommandSide_HumanSignOut(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + AllowedLanguage, domain.GenderUnspecified, "email@test.ch", true, @@ -3667,7 +4219,7 @@ func TestCommandSide_HumanSignOut(t *testing.T) { "lastname", "nickname", "displayname", - language.German, + AllowedLanguage, domain.GenderUnspecified, "email@test.ch", true, @@ -3714,7 +4266,18 @@ func TestCommandSide_HumanSignOut(t *testing.T) { } } -func newAddHumanEvent(password string, changeRequired, userLoginMustBeDomain bool, phone string) *user.HumanAddedEvent { +func newAddMachineEvent(userLoginMustBeDomain bool, accessTokenType domain.OIDCTokenType) *user.MachineAddedEvent { + return user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + userLoginMustBeDomain, + accessTokenType, + ) +} + +func newAddHumanEvent(password string, changeRequired, userLoginMustBeDomain bool, phone string, preferredLanguage language.Tag) *user.HumanAddedEvent { event := user.NewHumanAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, "username", @@ -3722,7 +4285,7 @@ func newAddHumanEvent(password string, changeRequired, userLoginMustBeDomain boo "lastname", "", "firstname lastname", - language.English, + preferredLanguage, domain.GenderUnspecified, "email@test.ch", userLoginMustBeDomain, @@ -3736,7 +4299,7 @@ func newAddHumanEvent(password string, changeRequired, userLoginMustBeDomain boo return event } -func newRegisterHumanEvent(username, password string, changeRequired, userLoginMustBeUnique bool, phone string) *user.HumanRegisteredEvent { +func newRegisterHumanEvent(username, password string, changeRequired, userLoginMustBeUnique bool, phone string, preferredLanguage language.Tag) *user.HumanRegisteredEvent { event := user.NewHumanRegisteredEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, username, @@ -3744,7 +4307,7 @@ func newRegisterHumanEvent(username, password string, changeRequired, userLoginM "lastname", "", "firstname lastname", - language.Und, + preferredLanguage, domain.GenderUnspecified, "email@test.ch", userLoginMustBeUnique, @@ -3784,27 +4347,28 @@ func TestAddHumanCommand(t *testing.T) { Email: Email{ Address: "invalid", }, + PreferredLanguage: AllowedLanguage, }, orgID: "ro", }, want: Want{ - ValidationErr: caos_errs.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid"), }, }, { name: "invalid first name", args: args{ human: &AddHuman{ - Username: "username", - PreferredLanguage: language.English, + Username: "username", Email: Email{ Address: "support@zitadel.com", }, + PreferredLanguage: AllowedLanguage, }, orgID: "ro", }, want: Want{ - ValidationErr: caos_errs.ThrowInvalidArgument(nil, "USER-UCej2", "Errors.User.Profile.FirstNameEmpty"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "USER-UCej2", "Errors.User.Profile.FirstNameEmpty"), }, }, { @@ -3812,14 +4376,14 @@ func TestAddHumanCommand(t *testing.T) { args: args{ human: &AddHuman{ Username: "username", - PreferredLanguage: language.English, FirstName: "hurst", Email: Email{Address: "support@zitadel.com"}, + PreferredLanguage: AllowedLanguage, }, orgID: "ro", }, want: Want{ - ValidationErr: caos_errs.ThrowInvalidArgument(nil, "USER-4hB7d", "Errors.User.Profile.LastNameEmpty"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "USER-4hB7d", "Errors.User.Profile.LastNameEmpty"), }, }, { @@ -3827,17 +4391,17 @@ func TestAddHumanCommand(t *testing.T) { args: args{ human: &AddHuman{ Email: Email{Address: "support@zitadel.com", Verified: true}, - PreferredLanguage: language.English, FirstName: "gigi", LastName: "giraffe", EncodedPasswordHash: "$foo$x$password", Username: "username", + PreferredLanguage: AllowedLanguage, }, orgID: "ro", hasher: mockPasswordHasher("x"), }, want: Want{ - ValidationErr: caos_errs.ThrowInvalidArgument(nil, "USER-JDk4t", "Errors.User.Password.NotSupported"), + ValidationErr: zerrors.ThrowInvalidArgument(nil, "USER-JDk4t", "Errors.User.Password.NotSupported"), }, }, { @@ -3848,11 +4412,11 @@ func TestAddHumanCommand(t *testing.T) { args: args{ human: &AddHuman{ Email: Email{Address: "support@zitadel.com"}, - PreferredLanguage: language.English, FirstName: "gigi", LastName: "giraffe", Password: "short", Username: "username", + PreferredLanguage: AllowedLanguage, }, orgID: "ro", filter: NewMultiFilter().Append( @@ -3888,7 +4452,7 @@ func TestAddHumanCommand(t *testing.T) { Filter(), }, want: Want{ - CreateErr: caos_errs.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength"), + CreateErr: zerrors.ThrowInvalidArgument(nil, "COMMA-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength"), }, }, { @@ -3899,11 +4463,11 @@ func TestAddHumanCommand(t *testing.T) { args: args{ human: &AddHuman{ Email: Email{Address: "support@zitadel.com", Verified: true}, - PreferredLanguage: language.English, FirstName: "gigi", LastName: "giraffe", Password: "password", Username: "username", + PreferredLanguage: AllowedLanguage, }, orgID: "ro", hasher: mockPasswordHasher("x"), @@ -3951,7 +4515,150 @@ func TestAddHumanCommand(t *testing.T) { "giraffe", "", "gigi giraffe", - language.English, + AllowedLanguage, + 0, + "support@zitadel.com", + true, + ) + event.AddPasswordData("$plain$x$password", false) + return event + }(), + user.NewHumanEmailVerifiedEvent(context.Background(), &agg.Aggregate), + }, + }, + }, + { + name: "undefined preferred language, ok", + fields: fields{ + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "id"), + }, + args: args{ + human: &AddHuman{ + Email: Email{Address: "support@zitadel.com", Verified: true}, + FirstName: "gigi", + LastName: "giraffe", + Password: "password", + Username: "username", + }, + orgID: "ro", + hasher: mockPasswordHasher("x"), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + filter: NewMultiFilter().Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{}, nil + }). + Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{ + org.NewDomainPolicyAddedEvent( + ctx, + &org.NewAggregate("id").Aggregate, + true, + true, + true, + ), + }, nil + }). + Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{ + org.NewPasswordComplexityPolicyAddedEvent( + ctx, + &org.NewAggregate("id").Aggregate, + 2, + false, + false, + false, + false, + ), + }, nil + }). + Filter(), + }, + want: Want{ + Commands: []eventstore.Command{ + func() *user.HumanAddedEvent { + event := user.NewHumanAddedEvent( + context.Background(), + &agg.Aggregate, + "username", + "gigi", + "giraffe", + "", + "gigi giraffe", + language.Und, + 0, + "support@zitadel.com", + true, + ) + event.AddPasswordData("$plain$x$password", false) + return event + }(), + user.NewHumanEmailVerifiedEvent(context.Background(), &agg.Aggregate), + }, + }, + }, + { + name: "unsupported preferred language, ok", + fields: fields{ + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "id"), + }, + args: args{ + human: &AddHuman{ + Email: Email{Address: "support@zitadel.com", Verified: true}, + FirstName: "gigi", + LastName: "giraffe", + Password: "password", + Username: "username", + PreferredLanguage: UnsupportedLanguage, + }, + orgID: "ro", + hasher: mockPasswordHasher("x"), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + filter: NewMultiFilter().Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{}, nil + }). + Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{ + org.NewDomainPolicyAddedEvent( + ctx, + &org.NewAggregate("id").Aggregate, + true, + true, + true, + ), + }, nil + }). + Append( + func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{ + org.NewPasswordComplexityPolicyAddedEvent( + ctx, + &org.NewAggregate("id").Aggregate, + 2, + false, + false, + false, + false, + ), + }, nil + }). + Filter(), + }, + want: Want{ + Commands: []eventstore.Command{ + func() *user.HumanAddedEvent { + event := user.NewHumanAddedEvent( + context.Background(), + &agg.Aggregate, + "username", + "gigi", + "giraffe", + "", + "gigi giraffe", + UnsupportedLanguage, 0, "support@zitadel.com", true, @@ -3971,11 +4678,11 @@ func TestAddHumanCommand(t *testing.T) { args: args{ human: &AddHuman{ Email: Email{Address: "support@zitadel.com", Verified: true}, - PreferredLanguage: language.English, FirstName: "gigi", LastName: "giraffe", EncodedPasswordHash: "$plain$x$password", Username: "username", + PreferredLanguage: AllowedLanguage, }, orgID: "ro", hasher: mockPasswordHasher("x"), @@ -4023,7 +4730,7 @@ func TestAddHumanCommand(t *testing.T) { "giraffe", "", "gigi giraffe", - language.English, + AllowedLanguage, 0, "support@zitadel.com", true, diff --git a/internal/command/user_human_webauthn.go b/internal/command/user_human_webauthn.go index 70c012884b..3328e95455 100644 --- a/internal/command/user_human_webauthn.go +++ b/internal/command/user_human_webauthn.go @@ -8,11 +8,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" usr_repo "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) getHumanU2FTokens(ctx context.Context, userID, resourceowner string) ([]*domain.WebAuthNToken, error) { @@ -22,7 +22,7 @@ func (c *Commands) getHumanU2FTokens(ctx context.Context, userID, resourceowner return nil, err } if tokenReadModel.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-4M0ds", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-4M0ds", "Errors.User.NotFound") } return readModelToWebAuthNTokens(tokenReadModel), nil } @@ -34,7 +34,7 @@ func (c *Commands) getHumanPasswordlessTokens(ctx context.Context, userID, resou return nil, err } if tokenReadModel.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Mv9sd", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-Mv9sd", "Errors.User.NotFound") } return readModelToWebAuthNTokens(tokenReadModel), nil } @@ -46,7 +46,7 @@ func (c *Commands) getHumanU2FLogin(ctx context.Context, userID, authReqID, reso return nil, err } if tokenReadModel.State == domain.UserStateUnspecified || tokenReadModel.State == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5m88U", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-5m88U", "Errors.User.NotFound") } return &domain.WebAuthNLogin{ ObjectRoot: models.ObjectRoot{ @@ -65,7 +65,7 @@ func (c *Commands) getHumanPasswordlessLogin(ctx context.Context, userID, authRe return nil, err } if tokenReadModel.State == domain.UserStateUnspecified || tokenReadModel.State == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-fm84R", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-fm84R", "Errors.User.NotFound") } return &domain.WebAuthNLogin{ ObjectRoot: models.ObjectRoot{ @@ -139,7 +139,7 @@ func (c *Commands) HumanAddPasswordlessSetupInitCode(ctx context.Context, userID func (c *Commands) addHumanWebAuthN(ctx context.Context, userID, resourceowner, rpID string, tokens []*domain.WebAuthNToken, authenticatorPlatform domain.AuthenticatorAttachment, userVerification domain.UserVerificationRequirement) (*HumanWebAuthNWriteModel, *eventstore.Aggregate, *domain.WebAuthNToken, error) { if userID == "" { - return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") + return nil, nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") } user, err := c.getHuman(ctx, userID, resourceowner) if err != nil { @@ -149,7 +149,7 @@ func (c *Commands) addHumanWebAuthN(ctx context.Context, userID, resourceowner, if err != nil { return nil, nil, nil, err } - orgPolicy, err := c.getOrgDomainPolicy(ctx, org.AggregateID) + orgPolicy, err := c.domainPolicyWriteModel(ctx, org.AggregateID) if err != nil { return nil, nil, nil, err } @@ -265,7 +265,7 @@ func (c *Commands) humanHumanPasswordlessSetup(ctx context.Context, userID, reso func (c *Commands) verifyHumanWebAuthN(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte, tokens []*domain.WebAuthNToken) (*eventstore.Aggregate, *domain.WebAuthNToken, *HumanWebAuthNWriteModel, error) { if userID == "" { - return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") + return nil, nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") } user, err := c.getHuman(ctx, userID, resourceowner) if err != nil { @@ -336,7 +336,7 @@ func (c *Commands) HumanBeginPasswordlessLogin(ctx context.Context, userID, reso func (c *Commands) beginWebAuthNLogin(ctx context.Context, userID, resourceOwner string, tokens []*domain.WebAuthNToken, userVerification domain.UserVerificationRequirement) (*eventstore.Aggregate, *domain.WebAuthNLogin, error) { if userID == "" { - return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") } human, err := c.getHuman(ctx, userID, resourceOwner) @@ -447,7 +447,7 @@ func (c *Commands) HumanFinishPasswordlessLogin(ctx context.Context, userID, res func (c *Commands) finishWebAuthNLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, webAuthN *domain.WebAuthNLogin, tokens []*domain.WebAuthNToken) (*eventstore.Aggregate, *domain.WebAuthNToken, uint32, error) { if userID == "" { - return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") + return nil, nil, 0, zerrors.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") } human, err := c.getHuman(ctx, userID, resourceOwner) @@ -461,7 +461,7 @@ func (c *Commands) finishWebAuthNLogin(ctx context.Context, userID, resourceOwne _, token := domain.GetTokenByKeyID(tokens, credential.ID) if token == nil { - return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3b7zs", "Errors.User.WebAuthN.NotFound") + return nil, nil, 0, zerrors.ThrowPreconditionFailed(nil, "COMMAND-3b7zs", "Errors.User.WebAuthN.NotFound") } writeModel, err := c.webauthNWriteModelByID(ctx, userID, "", resourceOwner) @@ -517,7 +517,7 @@ func (c *Commands) HumanSendPasswordlessInitCode(ctx context.Context, userID, re func (c *Commands) humanAddPasswordlessInitCode(ctx context.Context, userID, resourceOwner string, direct bool, passwordlessCodeGenerator crypto.Generator) (eventstore.Command, *HumanPasswordlessInitCodeWriteModel, string, error) { if userID == "" { - return nil, nil, "", caos_errs.ThrowPreconditionFailed(nil, "COMMAND-GVfg3", "Errors.IDMissing") + return nil, nil, "", zerrors.ThrowPreconditionFailed(nil, "COMMAND-GVfg3", "Errors.IDMissing") } codeID, err := c.idGenerator.Next() @@ -548,7 +548,7 @@ func (c *Commands) humanAddPasswordlessInitCode(ctx context.Context, userID, res func (c *Commands) HumanPasswordlessInitCodeSent(ctx context.Context, userID, resourceOwner, codeID string) error { if userID == "" || codeID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-ADggh", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-ADggh", "Errors.IDMissing") } initCode := NewHumanPasswordlessInitCodeWriteModel(userID, codeID, resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, initCode) @@ -557,7 +557,7 @@ func (c *Commands) HumanPasswordlessInitCodeSent(ctx context.Context, userID, re } if initCode.State != domain.PasswordlessInitCodeStateRequested { - return caos_errs.ThrowNotFound(nil, "COMMAND-Gdfg3", "Errors.User.Code.NotFound") + return zerrors.ThrowNotFound(nil, "COMMAND-Gdfg3", "Errors.User.Code.NotFound") } _, err = c.eventstore.Push(ctx, @@ -568,7 +568,7 @@ func (c *Commands) HumanPasswordlessInitCodeSent(ctx context.Context, userID, re func (c *Commands) humanVerifyPasswordlessInitCode(ctx context.Context, userID, resourceOwner, codeID, verificationCode string, passwordlessCodeGenerator crypto.Generator) error { if userID == "" || codeID == "" { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-GVfg3", "Errors.IDMissing") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-GVfg3", "Errors.IDMissing") } initCode := NewHumanPasswordlessInitCodeWriteModel(userID, codeID, resourceOwner) err := c.eventstore.FilterToQueryReducer(ctx, initCode) @@ -580,14 +580,14 @@ func (c *Commands) humanVerifyPasswordlessInitCode(ctx context.Context, userID, userAgg := UserAggregateFromWriteModel(&initCode.WriteModel) _, err = c.eventstore.Push(ctx, usr_repo.NewHumanPasswordlessInitCodeCheckFailedEvent(ctx, userAgg, codeID)) logging.WithFields("userID", userAgg.ID).OnError(err).Error("NewHumanPasswordlessInitCodeCheckFailedEvent push failed") - return caos_errs.ThrowInvalidArgument(err, "COMMAND-Dhz8i", "Errors.User.Code.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-Dhz8i", "Errors.User.Code.Invalid") } return nil } func (c *Commands) removeHumanWebAuthN(ctx context.Context, userID, webAuthNID, resourceOwner string, preparedEvent func(*eventstore.Aggregate) eventstore.Command) (*domain.ObjectDetails, error) { if userID == "" || webAuthNID == "" { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M9de", "Errors.IDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-6M9de", "Errors.IDMissing") } existingWebAuthN, err := c.webauthNWriteModelByID(ctx, userID, webAuthNID, resourceOwner) @@ -595,7 +595,7 @@ func (c *Commands) removeHumanWebAuthN(ctx context.Context, userID, webAuthNID, return nil, err } if existingWebAuthN.State == domain.MFAStateUnspecified || existingWebAuthN.State == domain.MFAStateRemoved { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-DAfb2", "Errors.User.WebAuthN.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-DAfb2", "Errors.User.WebAuthN.NotFound") } userAgg := UserAggregateFromWriteModel(&existingWebAuthN.WriteModel) diff --git a/internal/command/user_idp_link.go b/internal/command/user_idp_link.go index a66140ec79..afbdb47cdc 100644 --- a/internal/command/user_idp_link.go +++ b/internal/command/user_idp_link.go @@ -5,15 +5,15 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) AddUserIDPLink(ctx context.Context, userID, resourceOwner string, link *AddLink) (_ *domain.ObjectDetails, err error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing") } if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil { return nil, err @@ -41,10 +41,10 @@ func (c *Commands) AddUserIDPLink(ctx context.Context, userID, resourceOwner str func (c *Commands) BulkAddedUserIDPLinks(ctx context.Context, userID, resourceOwner string, links []*domain.UserIDPLink) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing") } if len(links) == 0 { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded") } if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil { @@ -68,22 +68,22 @@ func (c *Commands) BulkAddedUserIDPLinks(ctx context.Context, userID, resourceOw func (c *Commands) addUserIDPLink(ctx context.Context, human *eventstore.Aggregate, link *domain.UserIDPLink, linkToExistingUser bool) (eventstore.Command, error) { if link.AggregateID != "" && human.ID != link.AggregateID { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing") } if !link.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid") } idpWriteModel, err := IDPProviderWriteModel(ctx, c.eventstore.Filter, link.IDPConfigID) if err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-39nfs", "Errors.IDPConfig.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-39nfs", "Errors.IDPConfig.NotExisting") } // IDP user will either be linked or created on a new user // Therefore we need to either check if linking is allowed or creation: if linkToExistingUser && !idpWriteModel.GetProviderOptions().IsLinkingAllowed { - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-Sfee2", "Errors.ExternalIDP.LinkingNotAllowed") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-Sfee2", "Errors.ExternalIDP.LinkingNotAllowed") } if !linkToExistingUser && !idpWriteModel.GetProviderOptions().IsCreationAllowed { - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-SJI3g", "Errors.ExternalIDP.CreationNotAllowed") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-SJI3g", "Errors.ExternalIDP.CreationNotAllowed") } return user.NewUserIDPLinkAddedEvent(ctx, human, link.IDPConfigID, link.DisplayName, link.ExternalUserID), nil @@ -107,7 +107,7 @@ func (c *Commands) RemoveUserIDPLink(ctx context.Context, link *domain.UserIDPLi func (c *Commands) removeUserIDPLink(ctx context.Context, link *domain.UserIDPLink, cascade bool) (eventstore.Command, *UserIDPLinkWriteModel, error) { if !link.IsValid() || link.AggregateID == "" { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9ds", "Errors.IDMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M9ds", "Errors.IDMissing") } existingLink, err := c.userIDPLinkWriteModelByID(ctx, link.AggregateID, link.IDPConfigID, link.ExternalUserID, link.ResourceOwner) @@ -115,7 +115,7 @@ func (c *Commands) removeUserIDPLink(ctx context.Context, link *domain.UserIDPLi return nil, nil, err } if existingLink.State == domain.UserIDPLinkStateUnspecified || existingLink.State == domain.UserIDPLinkStateRemoved { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1M9xR", "Errors.User.ExternalIDP.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-1M9xR", "Errors.User.ExternalIDP.NotFound") } userAgg := UserAggregateFromWriteModel(&existingLink.WriteModel) if cascade { @@ -126,7 +126,7 @@ func (c *Commands) removeUserIDPLink(ctx context.Context, link *domain.UserIDPLi func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string, authRequest *domain.AuthRequest) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5n8sM", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-5n8sM", "Errors.IDMissing") } existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID) @@ -134,7 +134,7 @@ func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string return err } if existingHuman.UserState == domain.UserStateUnspecified || existingHuman.UserState == domain.UserStateDeleted { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dn88J", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-dn88J", "Errors.User.NotFound") } userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel) @@ -144,7 +144,7 @@ func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string func (c *Commands) MigrateUserIDP(ctx context.Context, userID, orgID, idpConfigID, previousID, newID string) (err error) { if userID == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing") } writeModel, err := c.userIDPLinkWriteModelByID(ctx, userID, idpConfigID, previousID, orgID) @@ -152,7 +152,7 @@ func (c *Commands) MigrateUserIDP(ctx context.Context, userID, orgID, idpConfigI return err } if writeModel.State != domain.UserIDPLinkStateActive { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound") } userAgg := UserAggregateFromWriteModel(&writeModel.WriteModel) @@ -160,6 +160,27 @@ func (c *Commands) MigrateUserIDP(ctx context.Context, userID, orgID, idpConfigI return err } +func (c *Commands) UpdateUserIDPLinkUsername(ctx context.Context, userID, orgID, idpConfigID, externalID, newUsername string) (err error) { + if userID == "" { + return zerrors.ThrowInvalidArgument(nil, "COMMAND-SFegz", "Errors.IDMissing") + } + + writeModel, err := c.userIDPLinkWriteModelByID(ctx, userID, idpConfigID, externalID, orgID) + if err != nil { + return err + } + if writeModel.State != domain.UserIDPLinkStateActive { + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-DGhre", "Errors.User.ExternalIDP.NotFound") + } + if writeModel.DisplayName == newUsername { + return nil + } + + userAgg := UserAggregateFromWriteModel(&writeModel.WriteModel) //nolint:contextcheck + _, err = c.eventstore.Push(ctx, user.NewUserIDPExternalUsernameEvent(ctx, userAgg, idpConfigID, externalID, newUsername)) + return err +} + func (c *Commands) userIDPLinkWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *UserIDPLinkWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() diff --git a/internal/command/user_idp_link_test.go b/internal/command/user_idp_link_test.go index f86ab12db9..f1f7929686 100644 --- a/internal/command/user_idp_link_test.go +++ b/internal/command/user_idp_link_test.go @@ -9,13 +9,13 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { @@ -56,7 +56,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing"), }, }, { @@ -72,7 +72,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded"), }, }, { @@ -114,7 +114,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing"), }, }, { @@ -156,7 +156,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid"), }, }, { @@ -199,7 +199,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-as02jin", "Errors.IDPConfig.NotExisting"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-as02jin", "Errors.IDPConfig.NotExisting"), }, }, { @@ -304,7 +304,7 @@ func TestCommandSide_BulkAddUserIDPLinks(t *testing.T) { }, }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfee2", "Errors.ExternalIDP.LinkingNotAllowed"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfee2", "Errors.ExternalIDP.LinkingNotAllowed"), }, }, { @@ -553,7 +553,7 @@ func TestCommandSide_RemoveUserIDPLink(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -571,7 +571,7 @@ func TestCommandSide_RemoveUserIDPLink(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -610,7 +610,7 @@ func TestCommandSide_RemoveUserIDPLink(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -632,7 +632,7 @@ func TestCommandSide_RemoveUserIDPLink(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -727,7 +727,7 @@ func TestCommandSide_ExternalLoginCheck(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -761,7 +761,7 @@ func TestCommandSide_ExternalLoginCheck(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -861,7 +861,7 @@ func TestCommandSide_MigrateUserIDP(t *testing.T) { newID: "newID", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing"), }, }, { @@ -889,7 +889,7 @@ func TestCommandSide_MigrateUserIDP(t *testing.T) { newID: "newID", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound"), }, }, { @@ -937,3 +937,141 @@ func TestCommandSide_MigrateUserIDP(t *testing.T) { }) } } + +func TestCommandSide_UpdateUserIDPLinkUsername(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + orgID string + idpConfigID string + externalUserID string + newUsername string + } + type res struct { + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: context.Background(), + userID: "", + orgID: "org1", + idpConfigID: "idpConfig1", + externalUserID: "externalUserID", + newUsername: "newUsername", + }, + res: res{ + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-SFegz", "Errors.IDMissing"), + }, + }, + { + name: "idp link not active, precondition failed error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "displayName", + "externalUserID", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + orgID: "org1", + idpConfigID: "idpConfig1", + externalUserID: "otherID", + newUsername: "newUsername", + }, + res: res{ + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-DGhre", "Errors.User.ExternalIDP.NotFound"), + }, + }, + { + name: "external username not changed, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "displayName", + "externalUserID", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + orgID: "org1", + idpConfigID: "idpConfig1", + externalUserID: "externalUserID", + newUsername: "displayName", + }, + res: res{}, + }, + { + name: "external username update, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "displayName", + "externalUserID", + ), + ), + ), + expectPush( + user.NewUserIDPExternalUsernameEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "externalUserID", + "newUsername", + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + orgID: "org1", + idpConfigID: "idpConfig1", + externalUserID: "externalUserID", + newUsername: "newUsername", + }, + res: res{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + err := r.UpdateUserIDPLinkUsername(tt.args.ctx, tt.args.userID, tt.args.orgID, tt.args.idpConfigID, tt.args.externalUserID, tt.args.newUsername) + assert.ErrorIs(t, err, tt.res.err) + }) + } +} diff --git a/internal/command/user_machine.go b/internal/command/user_machine.go index 700964f6b7..77953010d3 100644 --- a/internal/command/user_machine.go +++ b/internal/command/user_machine.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type AddMachine struct { @@ -33,16 +33,16 @@ func (m *Machine) IsZero() bool { func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validation { return func() (_ preparation.CreateCommands, err error) { if a.ResourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-xiown2", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xiown2", "Errors.ResourceOwnerMissing") } if a.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-p0p2mi", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-p0p2mi", "Errors.User.UserIDMissing") } if machine.Name == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bs9Ds", "Errors.User.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bs9Ds", "Errors.User.Invalid") } if machine.Username == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bm9Ds", "Errors.User.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bm9Ds", "Errors.User.Invalid") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter) @@ -50,11 +50,11 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati return nil, err } if isUserStateExists(writeModel.UserState) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-k2una", "Errors.User.AlreadyExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-k2una", "Errors.User.AlreadyExisting") } domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ResourceOwner) if err != nil { - return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound") + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound") } return []eventstore.Command{ user.NewMachineAddedEvent(ctx, &a.Aggregate, machine.Username, machine.Name, machine.Description, domainPolicy.UserLoginMustBeDomain, machine.AccessTokenType), @@ -112,10 +112,10 @@ func (c *Commands) ChangeMachine(ctx context.Context, machine *Machine) (*domain func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validation { return func() (_ preparation.CreateCommands, err error) { if a.ResourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-xiown3", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xiown3", "Errors.ResourceOwnerMissing") } if a.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-p0p3mi", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-p0p3mi", "Errors.User.UserIDMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter) @@ -123,14 +123,14 @@ func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Valid return nil, err } if !isUserStateExists(writeModel.UserState) { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound") } changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description, machine.AccessTokenType) if err != nil { return nil, err } if !hasChanged { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.NotChanged") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.NotChanged") } return []eventstore.Command{ diff --git a/internal/command/user_machine_key.go b/internal/command/user_machine_key.go index a3535770d7..1e6ca56f24 100644 --- a/internal/command/user_machine_key.go +++ b/internal/command/user_machine_key.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type AddMachineKey struct { @@ -53,23 +53,23 @@ func (key *MachineKey) SetExpirationDate(t time.Time) { func (key *MachineKey) Detail() ([]byte, error) { if len(key.PrivateKey) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "KEY-sp2l2m", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-sp2l2m", "Errors.Internal") } if key.Type == domain.AuthNKeyTypeJSON { return domain.MachineKeyMarshalJSON(key.KeyID, key.PrivateKey, key.AggregateID) } - return nil, errors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") } func (key *MachineKey) content() error { if key.ResourceOwner == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-kqpoix", "Errors.ResourceOwnerMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-kqpoix", "Errors.ResourceOwnerMissing") } if key.AggregateID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-xuiwk2", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-xuiwk2", "Errors.User.UserIDMissing") } if key.KeyID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-0p2m1h", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-0p2m1h", "Errors.IDMissing") } return nil } @@ -84,7 +84,7 @@ func (key *MachineKey) valid() (err error) { func (key *MachineKey) checkAggregate(ctx context.Context, filter preparation.FilterToQueryReducer) error { if exists, err := ExistsUser(ctx, filter, key.AggregateID, key.ResourceOwner); err != nil || !exists { - return errors.ThrowPreconditionFailed(err, "COMMAND-bnipwm1", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(err, "COMMAND-bnipwm1", "Errors.User.NotFound") } return nil } @@ -133,7 +133,7 @@ func prepareAddUserMachineKey(machineKey *MachineKey, keySize int) preparation.V return nil, err } if writeModel.Exists() { - return nil, errors.ThrowAlreadyExists(nil, "COMMAND-091mops", "Errors.User.Machine.Key.AlreadyExists") + return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-091mops", "Errors.User.Machine.Key.AlreadyExists") } return []eventstore.Command{ user.NewMachineKeyAddedEvent( @@ -177,7 +177,7 @@ func prepareRemoveUserMachineKey(machineKey *MachineKey) preparation.Validation return nil, err } if !writeModel.Exists() { - return nil, errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.Machine.Key.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.Machine.Key.NotFound") } return []eventstore.Command{ user.NewMachineKeyRemovedEvent( diff --git a/internal/command/user_machine_key_test.go b/internal/command/user_machine_key_test.go index ffb9747302..7e4a0f069a 100644 --- a/internal/command/user_machine_key_test.go +++ b/internal/command/user_machine_key_test.go @@ -10,12 +10,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddMachineKey(t *testing.T) { @@ -59,7 +59,7 @@ func TestCommands_AddMachineKey(t *testing.T) { }, }, res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -79,7 +79,7 @@ func TestCommands_AddMachineKey(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -99,7 +99,7 @@ func TestCommands_AddMachineKey(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -119,7 +119,7 @@ func TestCommands_AddMachineKey(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/user_machine_secret.go b/internal/command/user_machine_secret.go index ebec62d85f..fbfd63441f 100644 --- a/internal/command/user_machine_secret.go +++ b/internal/command/user_machine_secret.go @@ -3,14 +3,12 @@ package command import ( "context" - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type GenerateMachineSecret struct { @@ -39,10 +37,10 @@ func (c *Commands) GenerateMachineSecret(ctx context.Context, userID string, res func prepareGenerateMachineSecret(a *user.Aggregate, generator crypto.Generator, set *GenerateMachineSecret) preparation.Validation { return func() (_ preparation.CreateCommands, err error) { if a.ResourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-x0992n", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x0992n", "Errors.ResourceOwnerMissing") } if a.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bzoqjs", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bzoqjs", "Errors.User.UserIDMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter) @@ -50,7 +48,7 @@ func prepareGenerateMachineSecret(a *user.Aggregate, generator crypto.Generator, return nil, err } if !isUserStateExists(writeModel.UserState) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-x8910n", "Errors.User.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-x8910n", "Errors.User.NotExisting") } clientSecret, secretString, err := domain.NewMachineClientSecret(generator) @@ -88,10 +86,10 @@ func (c *Commands) RemoveMachineSecret(ctx context.Context, userID string, resou func prepareRemoveMachineSecret(a *user.Aggregate) preparation.Validation { return func() (_ preparation.CreateCommands, err error) { if a.ResourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-0qp2hus", "Errors.ResourceOwnerMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-0qp2hus", "Errors.ResourceOwnerMissing") } if a.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bzosjs", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bzosjs", "Errors.User.UserIDMissing") } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter) @@ -99,10 +97,10 @@ func prepareRemoveMachineSecret(a *user.Aggregate) preparation.Validation { return nil, err } if !isUserStateExists(writeModel.UserState) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-x7s802", "Errors.User.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-x7s802", "Errors.User.NotExisting") } if writeModel.ClientSecret == nil { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-coi82n", "Errors.User.Machine.Secret.NotExisting") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-coi82n", "Errors.User.Machine.Secret.NotExisting") } return []eventstore.Command{ user.NewMachineSecretRemovedEvent(ctx, &a.Aggregate), @@ -111,59 +109,12 @@ func prepareRemoveMachineSecret(a *user.Aggregate) preparation.Validation { } } -func (c *Commands) VerifyMachineSecret(ctx context.Context, userID string, resourceOwner string, secret string) (*domain.ObjectDetails, error) { +func (c *Commands) MachineSecretCheckSucceeded(ctx context.Context, userID, resourceOwner string) { agg := user.NewAggregate(userID, resourceOwner) - cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareVerifyMachineSecret(agg, secret, c.codeAlg)) - if err != nil { - return nil, err - } - - events, err := c.eventstore.Push(ctx, cmds...) - for _, cmd := range cmds { - if cmd.Type() == user.MachineSecretCheckFailedType { - logging.OnError(err).Error("could not push event MachineSecretCheckFailed") - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3kjh", "Errors.User.Machine.Secret.Invalid") - } - } - if err != nil { - return nil, err - } - - return &domain.ObjectDetails{ - Sequence: events[len(events)-1].Sequence(), - EventDate: events[len(events)-1].CreatedAt(), - ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner, - }, nil + c.asyncPush(ctx, user.NewMachineSecretCheckSucceededEvent(ctx, &agg.Aggregate)) } -func prepareVerifyMachineSecret(a *user.Aggregate, secret string, algorithm crypto.HashAlgorithm) preparation.Validation { - return func() (_ preparation.CreateCommands, err error) { - if a.ResourceOwner == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-0qp2hus", "Errors.ResourceOwnerMissing") - } - if a.ID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bzosjs", "Errors.User.UserIDMissing") - } - return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { - writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter) - if err != nil { - return nil, err - } - if !isUserStateExists(writeModel.UserState) { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-569sh2o", "Errors.User.NotExisting") - } - if writeModel.ClientSecret == nil { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-x8910n", "Errors.User.Machine.Secret.NotExisting") - } - err = crypto.CompareHash(writeModel.ClientSecret, []byte(secret), algorithm) - if err == nil { - return []eventstore.Command{ - user.NewMachineSecretCheckSucceededEvent(ctx, &a.Aggregate), - }, nil - } - return []eventstore.Command{ - user.NewMachineSecretCheckFailedEvent(ctx, &a.Aggregate), - }, nil - }, nil - } +func (c *Commands) MachineSecretCheckFailed(ctx context.Context, userID, resourceOwner string) { + agg := user.NewAggregate(userID, resourceOwner) + c.asyncPush(ctx, user.NewMachineSecretCheckFailedEvent(ctx, &agg.Aggregate)) } diff --git a/internal/command/user_machine_secret_test.go b/internal/command/user_machine_secret_test.go index 77343c8fb0..ee3d869391 100644 --- a/internal/command/user_machine_secret_test.go +++ b/internal/command/user_machine_secret_test.go @@ -3,14 +3,16 @@ package command import ( "context" "testing" + "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_GenerateMachineSecret(t *testing.T) { @@ -50,7 +52,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) { set: nil, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -68,7 +70,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) { set: nil, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -87,7 +89,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) { set: nil, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -189,7 +191,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -205,7 +207,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) { resourceOwner: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -222,7 +224,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -250,7 +252,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -319,212 +321,34 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) { } } -func TestCommandSide_VerifyMachineSecret(t *testing.T) { - type fields struct { - eventstore *eventstore.Eventstore - } - type args struct { - ctx context.Context - userID string - resourceOwner string - secret string - } - type res struct { - want *domain.ObjectDetails - err func(error) bool - } - tests := []struct { - name string - fields fields - args args - res res - }{ - { - name: "user invalid, invalid argument error userID", - fields: fields{ - eventstore: eventstoreExpect( - t, - ), - }, - args: args{ - ctx: context.Background(), - userID: "", - resourceOwner: "org1", - }, - res: res{ - err: caos_errs.IsErrorInvalidArgument, - }, - }, - { - name: "user invalid, invalid argument error resourceowner", - fields: fields{ - eventstore: eventstoreExpect( - t, - ), - }, - args: args{ - ctx: context.Background(), - userID: "user1", - resourceOwner: "", - }, - res: res{ - err: caos_errs.IsErrorInvalidArgument, - }, - }, - { - name: "user not existing, precondition error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter(), - ), - }, - args: args{ - ctx: context.Background(), - userID: "user1", - resourceOwner: "org1", - }, - res: res{ - err: caos_errs.IsPreconditionFailed, - }, - }, - { - name: "user existing without secret, precondition error", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - user.NewMachineAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "user1", - "username", - "user", - false, - domain.OIDCTokenTypeBearer, - ), - ), - ), - ), - }, - args: args{ - ctx: context.Background(), - userID: "user1", - resourceOwner: "org1", - }, - res: res{ - err: caos_errs.IsPreconditionFailed, - }, - }, - { - name: "verify machine secret, ok", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - user.NewMachineAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "user1", - "username", - "user", - false, - domain.OIDCTokenTypeBearer, - ), - ), - eventFromEventPusher( - user.NewMachineSecretSetEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "bcrypt", - KeyID: "id", - Crypted: []byte("$2a$14$HxC7TAXMeowdqHdSBUfsjOUc0IGajYeApxdYl9lAYC0duZmSkgFia"), - }, - ), - ), - ), - expectPush( - user.NewMachineSecretCheckSucceededEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - ), - ), - ), - }, - args: args{ - ctx: context.Background(), - userID: "user1", - resourceOwner: "org1", - secret: "test", - }, - res: res{ - want: &domain.ObjectDetails{ - ResourceOwner: "org1", - }, - }, - }, - { - name: "verify machine secret, failed", - fields: fields{ - eventstore: eventstoreExpect( - t, - expectFilter( - eventFromEventPusher( - user.NewMachineAddedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - "user1", - "username", - "user", - false, - domain.OIDCTokenTypeBearer, - ), - ), - eventFromEventPusher( - user.NewMachineSecretSetEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "bcrypt", - KeyID: "id", - Crypted: []byte("$2a$14$HxC7TAXMeowdqHdSBUfsjOUc0IGajYeApxdYl9lAYC0duZmSkgFia"), - }, - ), - ), - ), - expectPush( - user.NewMachineSecretCheckFailedEvent(context.Background(), - &user.NewAggregate("user1", "org1").Aggregate, - ), - ), - ), - }, - args: args{ - ctx: context.Background(), - userID: "user1", - resourceOwner: "org1", - secret: "wrong", - }, - res: res{ - err: caos_errs.IsErrorInvalidArgument, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - r := &Commands{ - eventstore: tt.fields.eventstore, - codeAlg: crypto.NewBCrypt(14), - } - got, err := r.VerifyMachineSecret(tt.args.ctx, tt.args.userID, tt.args.resourceOwner, tt.args.secret) - if tt.res.err == nil { - assert.NoError(t, err) - } - if tt.res.err != nil && !tt.res.err(err) { - t.Errorf("got wrong err: %v ", err) - } - if tt.res.err == nil { - assert.Equal(t, tt.res.want, got) - } - }) +func TestCommands_MachineSecretCheckSucceeded(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + agg := user.NewAggregate("userID", "orgID") + cmd := user.NewMachineSecretCheckSucceededEvent(ctx, &agg.Aggregate) + + c := &Commands{ + eventstore: eventstoreExpect(t, + expectPushSlow(time.Second/100, cmd), + ), } + c.MachineSecretCheckSucceeded(ctx, "userID", "orgID") + require.NoError(t, c.Close(ctx)) +} + +func TestCommands_MachineSecretCheckFailed(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + agg := user.NewAggregate("userID", "orgID") + cmd := user.NewMachineSecretCheckFailedEvent(ctx, &agg.Aggregate) + + c := &Commands{ + eventstore: eventstoreExpect(t, + expectPushSlow(time.Second/100, cmd), + ), + } + c.MachineSecretCheckFailed(ctx, "userID", "orgID") + require.NoError(t, c.Close(ctx)) } diff --git a/internal/command/user_machine_test.go b/internal/command/user_machine_test.go index 9c91c17cc5..e047c0b47f 100644 --- a/internal/command/user_machine_test.go +++ b/internal/command/user_machine_test.go @@ -7,13 +7,13 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_AddMachine(t *testing.T) { @@ -53,7 +53,7 @@ func TestCommandSide_AddMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -74,7 +74,7 @@ func TestCommandSide_AddMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -99,7 +99,7 @@ func TestCommandSide_AddMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -204,7 +204,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -224,7 +224,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -247,7 +247,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -282,7 +282,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { diff --git a/internal/command/user_metadata.go b/internal/command/user_metadata.go index dcc0c3cf99..e33da532cd 100644 --- a/internal/command/user_metadata.go +++ b/internal/command/user_metadata.go @@ -4,9 +4,9 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func (c *Commands) SetUserMetadata(ctx context.Context, metadata *domain.Metadata, userID, resourceOwner string) (_ *domain.Metadata, err error) { @@ -34,7 +34,7 @@ func (c *Commands) SetUserMetadata(ctx context.Context, metadata *domain.Metadat func (c *Commands) BulkSetUserMetadata(ctx context.Context, userID, resourceOwner string, metadatas ...*domain.Metadata) (_ *domain.ObjectDetails, err error) { if len(metadatas) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") + return nil, zerrors.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") } err = c.checkUserExists(ctx, userID, resourceOwner) if err != nil { @@ -66,7 +66,7 @@ func (c *Commands) BulkSetUserMetadata(ctx context.Context, userID, resourceOwne func (c *Commands) setUserMetadata(ctx context.Context, userAgg *eventstore.Aggregate, metadata *domain.Metadata) (command eventstore.Command, err error) { if !metadata.IsValid() { - return nil, caos_errs.ThrowInvalidArgument(nil, "META-2m00f", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "META-2m00f", "Errors.Metadata.Invalid") } return user.NewMetadataSetEvent( ctx, @@ -78,7 +78,7 @@ func (c *Commands) setUserMetadata(ctx context.Context, userAgg *eventstore.Aggr func (c *Commands) RemoveUserMetadata(ctx context.Context, metadataKey, userID, resourceOwner string) (_ *domain.ObjectDetails, err error) { if metadataKey == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "META-2n0fs", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "META-2n0fs", "Errors.Metadata.Invalid") } err = c.checkUserExists(ctx, userID, resourceOwner) if err != nil { @@ -89,7 +89,7 @@ func (c *Commands) RemoveUserMetadata(ctx context.Context, metadataKey, userID, return nil, err } if !removeMetadata.State.Exists() { - return nil, caos_errs.ThrowNotFound(nil, "META-ncnw3", "Errors.Metadata.NotFound") + return nil, zerrors.ThrowNotFound(nil, "META-ncnw3", "Errors.Metadata.NotFound") } userAgg := UserAggregateFromWriteModel(&removeMetadata.WriteModel) event, err := c.removeUserMetadata(ctx, userAgg, metadataKey) @@ -110,7 +110,7 @@ func (c *Commands) RemoveUserMetadata(ctx context.Context, metadataKey, userID, func (c *Commands) BulkRemoveUserMetadata(ctx context.Context, userID, resourceOwner string, metadataKeys ...string) (_ *domain.ObjectDetails, err error) { if len(metadataKeys) == 0 { - return nil, caos_errs.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") + return nil, zerrors.ThrowPreconditionFailed(nil, "META-9mm2d", "Errors.Metadata.NoData") } err = c.checkUserExists(ctx, userID, resourceOwner) if err != nil { @@ -125,10 +125,10 @@ func (c *Commands) BulkRemoveUserMetadata(ctx context.Context, userID, resourceO userAgg := UserAggregateFromWriteModel(&removeMetadata.WriteModel) for i, key := range metadataKeys { if key == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-m29ds", "Errors.Metadata.Invalid") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-m29ds", "Errors.Metadata.Invalid") } if _, found := removeMetadata.metadataList[key]; !found { - return nil, caos_errs.ThrowNotFound(nil, "META-2nnds", "Errors.Metadata.KeyNotExisting") + return nil, zerrors.ThrowNotFound(nil, "META-2nnds", "Errors.Metadata.KeyNotExisting") } event, err := c.removeUserMetadata(ctx, userAgg, key) if err != nil { diff --git a/internal/command/user_metadata_test.go b/internal/command/user_metadata_test.go index f2ef90cf6b..812ef529da 100644 --- a/internal/command/user_metadata_test.go +++ b/internal/command/user_metadata_test.go @@ -8,10 +8,10 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_SetUserMetadata(t *testing.T) { @@ -54,7 +54,7 @@ func TestCommandSide_SetUserMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -89,7 +89,7 @@ func TestCommandSide_SetUserMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -198,7 +198,7 @@ func TestCommandSide_BulkSetUserMetadata(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -219,7 +219,7 @@ func TestCommandSide_BulkSetUserMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -255,7 +255,7 @@ func TestCommandSide_BulkSetUserMetadata(t *testing.T) { }, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -365,7 +365,7 @@ func TestCommandSide_UserRemoveMetadata(t *testing.T) { metadataKey: "key", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -382,7 +382,7 @@ func TestCommandSide_UserRemoveMetadata(t *testing.T) { metadataKey: "", }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -416,7 +416,7 @@ func TestCommandSide_UserRemoveMetadata(t *testing.T) { metadataKey: "key", }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -524,7 +524,7 @@ func TestCommandSide_BulkRemoveUserMetadata(t *testing.T) { userID: "user1", }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -542,7 +542,7 @@ func TestCommandSide_BulkRemoveUserMetadata(t *testing.T) { metadataList: []string{"key", "key1"}, }, res: res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -584,7 +584,7 @@ func TestCommandSide_BulkRemoveUserMetadata(t *testing.T) { metadataList: []string{"key", "key1"}, }, res: res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -633,7 +633,7 @@ func TestCommandSide_BulkRemoveUserMetadata(t *testing.T) { metadataList: []string{""}, }, res: res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { diff --git a/internal/command/user_password_complexity_policy.go b/internal/command/user_password_complexity_policy.go index 9b3d22dc66..877421a9a7 100644 --- a/internal/command/user_password_complexity_policy.go +++ b/internal/command/user_password_complexity_policy.go @@ -5,7 +5,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func passwordComplexityPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (*PasswordComplexityPolicyWriteModel, error) { @@ -17,7 +17,7 @@ func passwordComplexityPolicyWriteModel(ctx context.Context, filter preparation. if err != nil || wm != nil { return wm, err } - return nil, errors.ThrowInternal(nil, "USER-uQ96e", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-uQ96e", "Errors.Internal") } func customPasswordComplexityPolicy(ctx context.Context, filter preparation.FilterToQueryReducer) (*PasswordComplexityPolicyWriteModel, error) { diff --git a/internal/command/user_password_complexity_policy_test.go b/internal/command/user_password_complexity_policy_test.go index e4d79ab746..92dc18f5d6 100644 --- a/internal/command/user_password_complexity_policy_test.go +++ b/internal/command/user_password_complexity_policy_test.go @@ -8,10 +8,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_customPasswordComplexityPolicy(t *testing.T) { @@ -28,7 +28,7 @@ func Test_customPasswordComplexityPolicy(t *testing.T) { name: "err from filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, }, want: nil, @@ -105,7 +105,7 @@ func Test_defaultPasswordComplexityPolicy(t *testing.T) { name: "err from filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, }, want: nil, @@ -183,7 +183,7 @@ func Test_passwordComplexityPolicy(t *testing.T) { name: "err from filter custom", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, }, want: nil, @@ -229,7 +229,7 @@ func Test_passwordComplexityPolicy(t *testing.T) { return nil, nil }). Append(func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal") }). Filter(), }, diff --git a/internal/command/user_personal_access_token.go b/internal/command/user_personal_access_token.go index fb8d01c828..0faf85d5eb 100644 --- a/internal/command/user_personal_access_token.go +++ b/internal/command/user_personal_access_token.go @@ -8,10 +8,10 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type AddPat struct { @@ -44,13 +44,13 @@ func NewPersonalAccessToken(resourceOwner string, userID string, expirationDate func (pat *PersonalAccessToken) content() error { if pat.ResourceOwner == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-xs0k2n", "Errors.ResourceOwnerMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-xs0k2n", "Errors.ResourceOwnerMissing") } if pat.AggregateID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-0pzb1", "Errors.User.UserIDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-0pzb1", "Errors.User.UserIDMissing") } if pat.TokenID == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-68xm2o", "Errors.IDMissing") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-68xm2o", "Errors.IDMissing") } return nil } @@ -69,10 +69,10 @@ func (pat *PersonalAccessToken) checkAggregate(ctx context.Context, filter prepa return err } if !isUserStateExists(userWriteModel.UserState) { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Dggw2", "Errors.User.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Dggw2", "Errors.User.NotFound") } if pat.AllowedUserType != domain.UserTypeUnspecified && userWriteModel.UserType != pat.AllowedUserType { - return errors.ThrowPreconditionFailed(nil, "COMMAND-Df2f1", "Errors.User.WrongType") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df2f1", "Errors.User.WrongType") } return nil } @@ -160,7 +160,7 @@ func prepareRemovePersonalAccessToken(pat *PersonalAccessToken) preparation.Vali return nil, err } if !writeModel.Exists() { - return nil, errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.PAT.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.PAT.NotFound") } return []eventstore.Command{ user.NewPersonalAccessTokenRemovedEvent( diff --git a/internal/command/user_personal_access_token_test.go b/internal/command/user_personal_access_token_test.go index b8748ca417..335a59e701 100644 --- a/internal/command/user_personal_access_token_test.go +++ b/internal/command/user_personal_access_token_test.go @@ -11,12 +11,12 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddPersonalAccessToken(t *testing.T) { @@ -60,7 +60,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -95,7 +95,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -115,7 +115,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -135,7 +135,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -155,7 +155,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -313,7 +313,7 @@ func TestCommands_RemovePersonalAccessToken(t *testing.T) { }, }, res{ - err: caos_errs.IsNotFound, + err: zerrors.IsNotFound, }, }, { diff --git a/internal/command/user_test.go b/internal/command/user_test.go index 7073071cf4..9f2244a458 100644 --- a/internal/command/user_test.go +++ b/internal/command/user_test.go @@ -10,13 +10,13 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommandSide_UsernameChange(t *testing.T) { @@ -53,7 +53,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -68,7 +68,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -83,7 +83,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -98,7 +98,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: " ", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -115,7 +115,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -147,7 +147,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -179,7 +179,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username ", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -211,7 +211,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "username", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -262,7 +262,7 @@ func TestCommandSide_UsernameChange(t *testing.T) { username: "test@test.ch", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -539,7 +539,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -556,7 +556,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -593,7 +593,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -689,7 +689,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -706,7 +706,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -738,7 +738,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -838,7 +838,7 @@ func TestCommandSide_LockUser(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -855,7 +855,7 @@ func TestCommandSide_LockUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -892,7 +892,7 @@ func TestCommandSide_LockUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -988,7 +988,7 @@ func TestCommandSide_UnlockUser(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1005,7 +1005,7 @@ func TestCommandSide_UnlockUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1037,7 +1037,7 @@ func TestCommandSide_UnlockUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1140,7 +1140,7 @@ func TestCommandSide_RemoveUser(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1157,7 +1157,7 @@ func TestCommandSide_RemoveUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1191,7 +1191,7 @@ func TestCommandSide_RemoveUser(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsPreconditionFailed, + err: zerrors.IsPreconditionFailed, }, }, { @@ -1473,7 +1473,7 @@ func TestCommandSide_AddUserToken(t *testing.T) { userID: "", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1490,7 +1490,7 @@ func TestCommandSide_AddUserToken(t *testing.T) { userID: "user1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, } @@ -1547,7 +1547,7 @@ func TestCommands_RevokeAccessToken(t *testing.T) { }, res{ nil, - errors.IsErrorInvalidArgument, + zerrors.IsErrorInvalidArgument, }, }, { @@ -1579,7 +1579,7 @@ func TestCommands_RevokeAccessToken(t *testing.T) { }, res{ nil, - errors.IsNotFound, + zerrors.IsNotFound, }, }, { @@ -1672,7 +1672,7 @@ func TestCommandSide_UserDomainClaimedSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, { @@ -1689,7 +1689,7 @@ func TestCommandSide_UserDomainClaimedSent(t *testing.T) { resourceOwner: "org1", }, res: res{ - err: errors.IsNotFound, + err: zerrors.IsNotFound, }, }, { @@ -1875,7 +1875,7 @@ func TestExistsUser(t *testing.T) { name: "error durring filter", args: args{ filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { - return nil, errors.ThrowInternal(nil, "USER-Drebn", "Errors.Internal") + return nil, zerrors.ThrowInternal(nil, "USER-Drebn", "Errors.Internal") }, id: "id", resourceOwner: "ro", diff --git a/internal/command/user_v2.go b/internal/command/user_v2.go new file mode 100644 index 0000000000..032ac0b8f7 --- /dev/null +++ b/internal/command/user_v2.go @@ -0,0 +1,213 @@ +package command + +import ( + "context" + + "github.com/zitadel/logging" + + "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" +) + +func (c *Commands) LockUserV2(ctx context.Context, userID string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-agz3eczifm", "Errors.User.UserIDMissing") + } + + existingHuman, err := c.userStateWriteModel(ctx, userID) + if err != nil { + return nil, err + } + if !isUserStateExists(existingHuman.UserState) { + return nil, zerrors.ThrowNotFound(nil, "COMMAND-450yxuqrh1", "Errors.User.NotFound") + } + if !hasUserState(existingHuman.UserState, domain.UserStateActive, domain.UserStateInitial) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-lgws8wtsqf", "Errors.User.ShouldBeActiveOrInitial") + } + + if err := c.checkPermissionUpdateUser(ctx, existingHuman.ResourceOwner, existingHuman.AggregateID); err != nil { + return nil, err + } + + if err := c.pushAppendAndReduce(ctx, existingHuman, user.NewUserLockedEvent(ctx, &existingHuman.Aggregate().Aggregate)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingHuman.WriteModel), nil +} + +func (c *Commands) UnlockUserV2(ctx context.Context, userID string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-a9ld4xckax", "Errors.User.UserIDMissing") + } + + existingHuman, err := c.userStateWriteModel(ctx, userID) + if err != nil { + return nil, err + } + if !isUserStateExists(existingHuman.UserState) { + return nil, zerrors.ThrowNotFound(nil, "COMMAND-x377t913pw", "Errors.User.NotFound") + } + if !hasUserState(existingHuman.UserState, domain.UserStateLocked) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-olb9vb0oca", "Errors.User.NotLocked") + } + if err := c.checkPermissionUpdateUser(ctx, existingHuman.ResourceOwner, existingHuman.AggregateID); err != nil { + return nil, err + } + + if err := c.pushAppendAndReduce(ctx, existingHuman, user.NewUserUnlockedEvent(ctx, &existingHuman.Aggregate().Aggregate)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingHuman.WriteModel), nil +} + +func (c *Commands) DeactivateUserV2(ctx context.Context, userID string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-78iiirat8y", "Errors.User.UserIDMissing") + } + + existingHuman, err := c.userStateWriteModel(ctx, userID) + if err != nil { + return nil, err + } + if !isUserStateExists(existingHuman.UserState) { + return nil, zerrors.ThrowNotFound(nil, "COMMAND-5gp2p62iin", "Errors.User.NotFound") + } + if isUserStateInitial(existingHuman.UserState) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-gvx4kct9r2", "Errors.User.CantDeactivateInitial") + } + if isUserStateInactive(existingHuman.UserState) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5gunjw0cd7", "Errors.User.AlreadyInactive") + } + if err := c.checkPermissionUpdateUser(ctx, existingHuman.ResourceOwner, existingHuman.AggregateID); err != nil { + return nil, err + } + + if err := c.pushAppendAndReduce(ctx, existingHuman, user.NewUserDeactivatedEvent(ctx, &existingHuman.Aggregate().Aggregate)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingHuman.WriteModel), nil +} + +func (c *Commands) ReactivateUserV2(ctx context.Context, userID string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-0nx1ie38fw", "Errors.User.UserIDMissing") + } + + existingHuman, err := c.userStateWriteModel(ctx, userID) + if err != nil { + return nil, err + } + if !isUserStateExists(existingHuman.UserState) { + return nil, zerrors.ThrowNotFound(nil, "COMMAND-9hy5kzbuk6", "Errors.User.NotFound") + } + if !isUserStateInactive(existingHuman.UserState) { + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-s5qqcz97hf", "Errors.User.NotInactive") + } + if err := c.checkPermissionUpdateUser(ctx, existingHuman.ResourceOwner, existingHuman.AggregateID); err != nil { + return nil, err + } + + if err := c.pushAppendAndReduce(ctx, existingHuman, user.NewUserReactivatedEvent(ctx, &existingHuman.Aggregate().Aggregate)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingHuman.WriteModel), nil +} + +func (c *Commands) checkPermissionUpdateUser(ctx context.Context, resourceOwner, userID string) error { + if userID != "" && userID == authz.GetCtxData(ctx).UserID { + return nil + } + if err := c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, userID); err != nil { + return err + } + return nil +} + +func (c *Commands) checkPermissionDeleteUser(ctx context.Context, resourceOwner, userID string) error { + if userID != "" && userID == authz.GetCtxData(ctx).UserID { + return nil + } + if err := c.checkPermission(ctx, domain.PermissionUserDelete, resourceOwner, userID); err != nil { + return err + } + return nil +} + +func (c *Commands) userStateWriteModel(ctx context.Context, userID string) (writeModel *UserV2WriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewUserStateWriteModel(userID, "") + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} + +func (c *Commands) RemoveUserV2(ctx context.Context, userID string, cascadingUserMemberships []*CascadingMembership, cascadingGrantIDs ...string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-vaipl7s13l", "Errors.User.UserIDMissing") + } + + existingUser, err := c.userRemoveWriteModel(ctx, userID) + if err != nil { + return nil, err + } + if !isUserStateExists(existingUser.UserState) { + return nil, zerrors.ThrowNotFound(nil, "COMMAND-bd4ir1mblj", "Errors.User.NotFound") + } + if err := c.checkPermissionDeleteUser(ctx, existingUser.ResourceOwner, existingUser.AggregateID); err != nil { + return nil, err + } + + domainPolicy, err := c.domainPolicyWriteModel(ctx, existingUser.ResourceOwner) + if err != nil { + return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-l40ykb3xh2", "Errors.Org.DomainPolicy.NotExisting") + } + var events []eventstore.Command + events = append(events, user.NewUserRemovedEvent(ctx, &existingUser.Aggregate().Aggregate, existingUser.UserName, existingUser.IDPLinks, domainPolicy.UserLoginMustBeDomain)) + + for _, grantID := range cascadingGrantIDs { + removeEvent, _, err := c.removeUserGrant(ctx, grantID, "", true) + if err != nil { + logging.WithFields("usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant") + continue + } + events = append(events, removeEvent) + } + + if len(cascadingUserMemberships) > 0 { + membershipEvents, err := c.removeUserMemberships(ctx, cascadingUserMemberships) + if err != nil { + return nil, err + } + events = append(events, membershipEvents...) + } + + pushedEvents, err := c.eventstore.Push(ctx, events...) + if err != nil { + return nil, err + } + err = AppendAndReduce(existingUser, pushedEvents...) + if err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingUser.WriteModel), nil +} + +func (c *Commands) userRemoveWriteModel(ctx context.Context, userID string) (writeModel *UserV2WriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewUserRemoveWriteModel(userID, "") + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} diff --git a/internal/command/user_v2_email.go b/internal/command/user_v2_email.go index d00eb0f040..3f1b4439e9 100644 --- a/internal/command/user_v2_email.go +++ b/internal/command/user_v2_email.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // ChangeUserEmail sets a user's email address, generates a code @@ -67,6 +67,14 @@ func (c *Commands) changeUserEmailWithCode(ctx context.Context, userID, resource // When the plain text code is returned, no notification e-mail will be send to the user. // urlTmpl allows changing the target URL that is used by the e-mail and should be a validated Go template, if used. func (c *Commands) changeUserEmailWithGenerator(ctx context.Context, userID, resourceOwner, email string, gen crypto.Generator, returnCode bool, urlTmpl string) (*domain.Email, error) { + cmd, err := c.changeUserEmailWithGeneratorEvents(ctx, userID, resourceOwner, email, gen, returnCode, urlTmpl) + if err != nil { + return nil, err + } + return cmd.Push(ctx) +} + +func (c *Commands) changeUserEmailWithGeneratorEvents(ctx context.Context, userID, resourceOwner, email string, gen crypto.Generator, returnCode bool, urlTmpl string) (*UserEmailEvents, error) { cmd, err := c.NewUserEmailEvents(ctx, userID, resourceOwner) if err != nil { return nil, err @@ -82,7 +90,7 @@ func (c *Commands) changeUserEmailWithGenerator(ctx context.Context, userID, res if err = cmd.AddGeneratedCode(ctx, gen, urlTmpl, returnCode); err != nil { return nil, err } - return cmd.Push(ctx) + return cmd, nil } func (c *Commands) VerifyUserEmail(ctx context.Context, userID, resourceOwner, code string, alg crypto.EncryptionAlgorithm) (*domain.ObjectDetails, error) { @@ -125,7 +133,7 @@ type UserEmailEvents struct { // If a model cannot be found, or it's state is invalid and error is returned. func (c *Commands) NewUserEmailEvents(ctx context.Context, userID, resourceOwner string) (*UserEmailEvents, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing") } model, err := c.emailWriteModel(ctx, userID, resourceOwner) @@ -133,10 +141,10 @@ func (c *Commands) NewUserEmailEvents(ctx context.Context, userID, resourceOwner return nil, err } if model.UserState == domain.UserStateUnspecified || model.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Email.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Email.NotFound") } if model.UserState == domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised") } return &UserEmailEvents{ eventstore: c.eventstore, @@ -153,7 +161,7 @@ func (c *UserEmailEvents) Change(ctx context.Context, email domain.EmailAddress) } event, hasChanged := c.model.NewChangedEvent(ctx, c.aggregate, email) if !hasChanged { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged") } c.events = append(c.events, event) return nil @@ -167,21 +175,33 @@ func (c *UserEmailEvents) SetVerified(ctx context.Context) { // AddGeneratedCode generates a new encrypted code and sets it to the email address. // When returnCode a plain text of the code will be returned from Push. func (c *UserEmailEvents) AddGeneratedCode(ctx context.Context, gen crypto.Generator, urlTmpl string, returnCode bool) error { - value, plain, err := crypto.NewCode(gen) + cmd, code, err := generateCodeCommand(ctx, c.aggregate, gen, urlTmpl, returnCode) if err != nil { return err } - - c.events = append(c.events, user.NewHumanEmailCodeAddedEventV2(ctx, c.aggregate, value, gen.Expiry(), urlTmpl, returnCode)) + c.events = append(c.events, cmd) if returnCode { - c.plainCode = &plain + c.plainCode = &code } return nil } +func generateCodeCommand(ctx context.Context, agg *eventstore.Aggregate, gen crypto.Generator, urlTmpl string, returnCode bool) (eventstore.Command, string, error) { + value, plain, err := crypto.NewCode(gen) + if err != nil { + return nil, "", err + } + + cmd := user.NewHumanEmailCodeAddedEventV2(ctx, agg, value, gen.Expiry(), urlTmpl, returnCode) + if returnCode { + return cmd, plain, nil + } + return cmd, "", nil +} + func (c *UserEmailEvents) VerifyCode(ctx context.Context, code string, gen crypto.Generator) error { if code == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty") } err := crypto.VerifyCode(c.model.CodeCreationDate, c.model.CodeExpiry, c.model.Code, code, gen) @@ -191,7 +211,7 @@ func (c *UserEmailEvents) VerifyCode(ctx context.Context, code string, gen crypt } _, err = c.eventstore.Push(ctx, user.NewHumanEmailVerificationFailedEvent(ctx, c.aggregate)) logging.WithFields("id", "COMMAND-Zoo6b", "userID", c.aggregate.ID).OnError(err).Error("NewHumanEmailVerificationFailedEvent push failed") - return caos_errs.ThrowInvalidArgument(err, "COMMAND-eis9R", "Errors.User.Code.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-eis9R", "Errors.User.Code.Invalid") } // Push all events to the eventstore and Reduce them into the Model. diff --git a/internal/command/user_v2_email_test.go b/internal/command/user_v2_email_test.go index e768f68c93..262e672d00 100644 --- a/internal/command/user_v2_email_test.go +++ b/internal/command/user_v2_email_test.go @@ -13,11 +13,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_ChangeUserEmail(t *testing.T) { @@ -74,7 +74,7 @@ func TestCommands_ChangeUserEmail(t *testing.T) { resourceOwner: "org1", email: "", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing email", @@ -114,7 +114,7 @@ func TestCommands_ChangeUserEmail(t *testing.T) { resourceOwner: "org1", email: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), }, { name: "not changed", @@ -154,7 +154,7 @@ func TestCommands_ChangeUserEmail(t *testing.T) { resourceOwner: "org1", email: "email@test.ch", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), }, } for _, tt := range tests { @@ -198,7 +198,7 @@ func TestCommands_ChangeUserEmailURLTemplate(t *testing.T) { email: "email-changed@test.ch", urlTmpl: "{{", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "permission missing", @@ -239,7 +239,7 @@ func TestCommands_ChangeUserEmailURLTemplate(t *testing.T) { email: "email@test.ch", urlTmpl: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "not changed", @@ -280,7 +280,7 @@ func TestCommands_ChangeUserEmailURLTemplate(t *testing.T) { email: "email@test.ch", urlTmpl: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), }, } for _, tt := range tests { @@ -350,7 +350,7 @@ func TestCommands_ChangeUserEmailReturnCode(t *testing.T) { resourceOwner: "org1", email: "email@test.ch", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing email", @@ -390,7 +390,7 @@ func TestCommands_ChangeUserEmailReturnCode(t *testing.T) { resourceOwner: "org1", email: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), }, } for _, tt := range tests { @@ -434,7 +434,7 @@ func TestCommands_ChangeUserEmailVerified(t *testing.T) { resourceOwner: "org1", email: "email@test.ch", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), }, { name: "missing permission", @@ -465,7 +465,7 @@ func TestCommands_ChangeUserEmailVerified(t *testing.T) { resourceOwner: "org1", email: "email-changed@test.ch", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing email", @@ -496,7 +496,7 @@ func TestCommands_ChangeUserEmailVerified(t *testing.T) { resourceOwner: "org1", email: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), }, { name: "email changed", @@ -590,7 +590,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { returnCode: false, urlTmpl: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), }, { name: "missing permission", @@ -623,7 +623,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { returnCode: false, urlTmpl: "", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing email", @@ -656,7 +656,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { returnCode: false, urlTmpl: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty"), }, { name: "not changed", @@ -689,7 +689,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { returnCode: false, urlTmpl: "", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Email.NotChanged"), }, { name: "email changed", @@ -913,7 +913,7 @@ func TestCommands_VerifyUserEmail(t *testing.T) { resourceOwner: "org1", code: "a", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), }, { name: "missing code", @@ -952,7 +952,7 @@ func TestCommands_VerifyUserEmail(t *testing.T) { resourceOwner: "org1", code: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty"), }, { name: "wrong code", @@ -1009,7 +1009,7 @@ func TestCommands_VerifyUserEmail(t *testing.T) { resourceOwner: "org1", code: "wrong", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-eis9R", "Errors.User.Code.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-eis9R", "Errors.User.Code.Invalid"), }, } for _, tt := range tests { @@ -1050,7 +1050,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) { resourceOwner: "org1", code: "a", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), }, { name: "missing code", @@ -1080,7 +1080,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) { resourceOwner: "org1", code: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty"), }, { name: "good code", @@ -1128,7 +1128,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) { resourceOwner: "org1", code: "wrong", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-eis9R", "Errors.User.Code.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-eis9R", "Errors.User.Code.Invalid"), }, { name: "wrong code", @@ -1216,7 +1216,7 @@ func TestCommands_NewUserEmailEvents(t *testing.T) { userID: "", resourceOwner: "org1", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-0Gzs3", "Errors.User.Email.IDMissing"), }, { name: "not found", @@ -1227,7 +1227,7 @@ func TestCommands_NewUserEmailEvents(t *testing.T) { userID: "user1", resourceOwner: "org1", }, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Email.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Email.NotFound"), }, { name: "user not initialized", @@ -1262,7 +1262,7 @@ func TestCommands_NewUserEmailEvents(t *testing.T) { userID: "user1", resourceOwner: "org1", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised"), }, } for _, tt := range tests { diff --git a/internal/command/user_v2_human.go b/internal/command/user_v2_human.go new file mode 100644 index 0000000000..c0a61b5a30 --- /dev/null +++ b/internal/command/user_v2_human.go @@ -0,0 +1,457 @@ +package command + +import ( + "context" + + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" +) + +type ChangeHuman struct { + ID string + Username *string + Profile *Profile + Email *Email + Phone *Phone + + Password *Password + + // Details are set after a successful execution of the command + Details *domain.ObjectDetails + + // EmailCode is set by the command + EmailCode *string + + // PhoneCode is set by the command + PhoneCode *string +} + +type Profile struct { + FirstName *string + LastName *string + NickName *string + DisplayName *string + PreferredLanguage *language.Tag + Gender *domain.Gender +} + +type Password struct { + // Either you have to have permission, a password code or the old password to change + PasswordCode *string + OldPassword *string + Password *string + EncodedPasswordHash *string + + ChangeRequired bool +} + +func (h *ChangeHuman) Validate(hasher *crypto.PasswordHasher) (err error) { + if h.Email != nil && h.Email.Address != "" { + if err := h.Email.Validate(); err != nil { + return err + } + } + + if h.Phone != nil && h.Phone.Number != "" { + if h.Phone.Number, err = h.Phone.Number.Normalize(); err != nil { + return err + } + } + + if h.Password != nil { + if err := h.Password.Validate(hasher); err != nil { + return err + } + } + return nil +} + +func (p *Password) Validate(hasher *crypto.PasswordHasher) error { + if p.EncodedPasswordHash != nil { + if !hasher.EncodingSupported(*p.EncodedPasswordHash) { + return zerrors.ThrowInvalidArgument(nil, "USER-oz74onzvqr", "Errors.User.Password.NotSupported") + } + } + if p.Password == nil && p.EncodedPasswordHash == nil { + return zerrors.ThrowInvalidArgument(nil, "COMMAND-3klek4sbns", "Errors.User.Password.Empty") + } + return nil +} + +func (h *ChangeHuman) Changed() bool { + if h.Username != nil { + return true + } + if h.Profile != nil { + return true + } + if h.Email != nil { + return true + } + if h.Phone != nil { + return true + } + if h.Password != nil { + return true + } + return false +} + +func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human *AddHuman, allowInitMail bool, alg crypto.EncryptionAlgorithm) (err error) { + if resourceOwner == "" { + return zerrors.ThrowInvalidArgument(nil, "COMMA-095xh8fll1", "Errors.Internal") + } + + if err := human.Validate(c.userPasswordHasher); err != nil { + return err + } + + if human.ID == "" { + human.ID, err = c.idGenerator.Next() + if err != nil { + return err + } + } + + // only check if user is already existing + existingHuman, err := c.userExistsWriteModel( + ctx, + human.ID, + ) + if err != nil { + return err + } + if isUserStateExists(existingHuman.UserState) { + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-7yiox1isql", "Errors.User.AlreadyExisting") + } + // check for permission to create user on resourceOwner + if err := c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, human.ID); err != nil { + return err + } + // add resourceowner for the events with the aggregate + existingHuman.ResourceOwner = resourceOwner + + domainPolicy, err := c.domainPolicyWriteModel(ctx, resourceOwner) + if err != nil { + return err + } + + if err = c.userValidateDomain(ctx, resourceOwner, human.Username, domainPolicy.UserLoginMustBeDomain); err != nil { + return err + } + var createCmd humanCreationCommand + if human.Register { + createCmd = user.NewHumanRegisteredEvent( + ctx, + &existingHuman.Aggregate().Aggregate, + human.Username, + human.FirstName, + human.LastName, + human.NickName, + human.DisplayName, + human.PreferredLanguage, + human.Gender, + human.Email.Address, + domainPolicy.UserLoginMustBeDomain, + ) + } else { + createCmd = user.NewHumanAddedEvent( + ctx, + &existingHuman.Aggregate().Aggregate, + human.Username, + human.FirstName, + human.LastName, + human.NickName, + human.DisplayName, + human.PreferredLanguage, + human.Gender, + human.Email.Address, + domainPolicy.UserLoginMustBeDomain, + ) + } + + if human.Phone.Number != "" { + createCmd.AddPhoneData(human.Phone.Number) + } + + // separated to change when old user logic is not used anymore + filter := c.eventstore.Filter //nolint:staticcheck + if err := addHumanCommandPassword(ctx, filter, createCmd, human, c.userPasswordHasher); err != nil { + return err + } + + cmds := make([]eventstore.Command, 0, 3) + cmds = append(cmds, createCmd) + + cmds, err = c.addHumanCommandEmail(ctx, filter, cmds, existingHuman.Aggregate(), human, alg, allowInitMail) + if err != nil { + return err + } + + cmds, err = c.addHumanCommandPhone(ctx, filter, cmds, existingHuman.Aggregate(), human, alg) + if err != nil { + return err + } + + for _, metadataEntry := range human.Metadata { + cmds = append(cmds, user.NewMetadataSetEvent( + ctx, + &existingHuman.Aggregate().Aggregate, + metadataEntry.Key, + metadataEntry.Value, + )) + } + for _, link := range human.Links { + cmd, err := addLink(ctx, filter, existingHuman.Aggregate(), link) + if err != nil { + return err + } + cmds = append(cmds, cmd) + } + + if len(cmds) == 0 { + human.Details = writeModelToObjectDetails(&existingHuman.WriteModel) + return nil + } + + err = c.pushAppendAndReduce(ctx, existingHuman, cmds...) + if err != nil { + return err + } + human.Details = writeModelToObjectDetails(&existingHuman.WriteModel) + return nil +} + +func (c *Commands) ChangeUserHuman(ctx context.Context, human *ChangeHuman, alg crypto.EncryptionAlgorithm) (err error) { + if err := human.Validate(c.userPasswordHasher); err != nil { + return err + } + + existingHuman, err := c.userHumanWriteModel( + ctx, + human.ID, + human.Profile != nil, + human.Email != nil, + human.Phone != nil, + human.Password != nil, + false, // avatar not updateable + false, // IDPLinks not updateable + ) + if err != nil { + return err + } + if !isUserStateExists(existingHuman.UserState) { + return zerrors.ThrowNotFound(nil, "COMMAND-ugjs0upun6", "Errors.User.NotFound") + } + + if human.Changed() { + if err := c.checkPermissionUpdateUser(ctx, existingHuman.ResourceOwner, existingHuman.AggregateID); err != nil { + return err + } + } + + cmds := make([]eventstore.Command, 0) + if human.Username != nil { + cmds, err = c.changeUsername(ctx, cmds, existingHuman, *human.Username) + if err != nil { + return err + } + } + if human.Profile != nil { + cmds, err = changeUserProfile(ctx, cmds, existingHuman, human.Profile) + if err != nil { + return err + } + } + if human.Email != nil { + cmds, human.EmailCode, err = c.changeUserEmail(ctx, cmds, existingHuman, human.Email, alg) + if err != nil { + return err + } + } + if human.Phone != nil { + cmds, human.PhoneCode, err = c.changeUserPhone(ctx, cmds, existingHuman, human.Phone, alg) + if err != nil { + return err + } + } + if human.Password != nil { + cmds, err = c.changeUserPassword(ctx, cmds, existingHuman, human.Password, alg) + if err != nil { + return err + } + } + + if len(cmds) == 0 { + human.Details = writeModelToObjectDetails(&existingHuman.WriteModel) + return nil + } + err = c.pushAppendAndReduce(ctx, existingHuman, cmds...) + if err != nil { + return err + } + human.Details = writeModelToObjectDetails(&existingHuman.WriteModel) + return nil +} + +func (c *Commands) changeUserEmail(ctx context.Context, cmds []eventstore.Command, wm *UserV2WriteModel, email *Email, alg crypto.EncryptionAlgorithm) (_ []eventstore.Command, code *string, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.End() }() + + if email.Address != "" && email.Address != wm.Email { + cmds = append(cmds, user.NewHumanEmailChangedEvent(ctx, &wm.Aggregate().Aggregate, email.Address)) + + if email.Verified { + return append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &wm.Aggregate().Aggregate)), code, nil + } else { + cryptoCode, err := c.newEmailCode(ctx, c.eventstore.Filter, alg) //nolint:staticcheck + if err != nil { + return cmds, code, err + } + cmds = append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, email.URLTemplate, email.ReturnCode)) + if email.ReturnCode { + code = &cryptoCode.Plain + } + return cmds, code, nil + } + } + // only create separate event of verified if email was not changed + if email.Verified && wm.IsEmailVerified != email.Verified { + return append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &wm.Aggregate().Aggregate)), nil, nil + } + return cmds, code, nil +} + +func (c *Commands) changeUserPhone(ctx context.Context, cmds []eventstore.Command, wm *UserV2WriteModel, phone *Phone, alg crypto.EncryptionAlgorithm) (_ []eventstore.Command, code *string, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.End() }() + + if phone.Number != "" && phone.Number != wm.Phone { + cmds = append(cmds, user.NewHumanPhoneChangedEvent(ctx, &wm.Aggregate().Aggregate, phone.Number)) + + if phone.Verified { + return append(cmds, user.NewHumanPhoneVerifiedEvent(ctx, &wm.Aggregate().Aggregate)), code, nil + } else { + cryptoCode, err := c.newPhoneCode(ctx, c.eventstore.Filter, alg) //nolint:staticcheck + if err != nil { + return cmds, code, err + } + cmds = append(cmds, user.NewHumanPhoneCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, phone.ReturnCode)) + if phone.ReturnCode { + code = &cryptoCode.Plain + } + return cmds, code, nil + } + } + // only create separate event of verified if email was not changed + if phone.Verified && wm.IsPhoneVerified != phone.Verified { + return append(cmds, user.NewHumanPhoneVerifiedEvent(ctx, &wm.Aggregate().Aggregate)), code, nil + } + return cmds, code, nil +} + +func changeUserProfile(ctx context.Context, cmds []eventstore.Command, wm *UserV2WriteModel, profile *Profile) ([]eventstore.Command, error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.End() }() + + cmd, err := wm.NewProfileChangedEvent(ctx, profile.FirstName, profile.LastName, profile.NickName, profile.DisplayName, profile.PreferredLanguage, profile.Gender) + if cmd != nil { + return append(cmds, cmd), err + } + return cmds, err +} + +func (c *Commands) changeUserPassword(ctx context.Context, cmds []eventstore.Command, wm *UserV2WriteModel, password *Password, alg crypto.EncryptionAlgorithm) ([]eventstore.Command, error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.End() }() + + // Either have a code to set the password + if password.PasswordCode != nil { + if err := crypto.VerifyCodeWithAlgorithm(wm.PasswordCodeCreationDate, wm.PasswordCodeExpiry, wm.PasswordCode, *password.PasswordCode, alg); err != nil { + return cmds, err + } + } + var encodedPassword string + // or have the old password to change it + if password.OldPassword != nil { + // newly encode old password if no new and already encoded password is set + pw := *password.OldPassword + if password.Password != nil { + pw = *password.Password + } + alreadyEncodedPassword, err := c.verifyAndUpdatePassword(ctx, wm.PasswordEncodedHash, *password.OldPassword, pw) + if err != nil { + return cmds, err + } + encodedPassword = alreadyEncodedPassword + } + + // password already hashed in request + if password.EncodedPasswordHash != nil { + cmd, err := c.setPasswordCommand(ctx, &wm.Aggregate().Aggregate, wm.UserState, *password.EncodedPasswordHash, password.ChangeRequired, true) + if cmd != nil { + return append(cmds, cmd), err + } + return cmds, err + } + // password already hashed in verify + if encodedPassword != "" { + cmd, err := c.setPasswordCommand(ctx, &wm.Aggregate().Aggregate, wm.UserState, encodedPassword, password.ChangeRequired, true) + if cmd != nil { + return append(cmds, cmd), err + } + return cmds, err + } + // password still to be hashed + if password.Password != nil { + cmd, err := c.setPasswordCommand(ctx, &wm.Aggregate().Aggregate, wm.UserState, *password.Password, password.ChangeRequired, false) + if cmd != nil { + return append(cmds, cmd), err + } + return cmds, err + } + // no password changes necessary + return cmds, nil +} + +func (c *Commands) userExistsWriteModel(ctx context.Context, userID string) (writeModel *UserV2WriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewUserExistsWriteModel(userID, "") + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} + +func (c *Commands) userHumanWriteModel(ctx context.Context, userID string, profileWM, emailWM, phoneWM, passwordWM, avatarWM, idpLinksWM bool) (writeModel *UserV2WriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewUserHumanWriteModel(userID, "", profileWM, emailWM, phoneWM, passwordWM, avatarWM, idpLinksWM) + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} + +func (c *Commands) orgDomainVerifiedWriteModel(ctx context.Context, domain string) (writeModel *OrgDomainVerifiedWriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewOrgDomainVerifiedWriteModel(domain) + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} diff --git a/internal/command/user_v2_human_test.go b/internal/command/user_v2_human_test.go new file mode 100644 index 0000000000..e0f99034bb --- /dev/null +++ b/internal/command/user_v2_human_test.go @@ -0,0 +1,2568 @@ +package command + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/muhlemmer/gu" + "github.com/stretchr/testify/assert" + "go.uber.org/mock/gomock" + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/id" + id_mock "github.com/zitadel/zitadel/internal/id/mock" + "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestCommandSide_AddUserHuman(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + idGenerator id.Generator + userPasswordHasher *crypto.PasswordHasher + newCode cryptoCodeFunc + checkPermission domain.PermissionCheck + } + type args struct { + ctx context.Context + orgID string + human *AddHuman + secretGenerator crypto.Generator + allowInitMail bool + codeAlg crypto.EncryptionAlgorithm + } + type res struct { + want *domain.ObjectDetails + wantID string + wantEmailCode string + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "orgid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + }, + allowInitMail: true, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMA-095xh8fll1", "Errors.Internal")) + }, + }, + }, + { + name: "user invalid, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + }, + allowInitMail: true, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")) + }, + }, + }, + { + name: "with id, already exists, precondition error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + ID: "user1", + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + }, + allowInitMail: true, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-7yiox1isql", "Errors.User.AlreadyExisting")) + }, + }, + }, + { + name: "domain policy not found, precondition error", + fields: fields{ + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + eventstore: expectEventstore( + expectFilter(), + expectFilter(), + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + }, + allowInitMail: true, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal")) + }, + }, + }, + { + name: "password policy not found, precondition error", + fields: fields{ + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter(), + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Password: "pass", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + }, + allowInitMail: true, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInternal(nil, "USER-uQ96e", "Errors.Internal")) + }, + }, + }, + { + name: "register human (with initial code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewHumanRegisteredEvent(context.Background(), + &userAgg.Aggregate, + "username", + "firstname", + "lastname", + "", + "firstname lastname", + language.English, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + time.Hour*1, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + Register: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with initial code), no permission", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "add human (with initial code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewHumanAddedEvent(context.Background(), + &userAgg.Aggregate, + "username", + "firstname", + "lastname", + "", + "firstname lastname", + language.English, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + time.Hour*1, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with password and initial code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", language.English), + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + 1*time.Hour, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with password and email code custom template), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", language.English), + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("emailCode"), + }, + 1*time.Hour, + "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}", + false, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + newCode: mockCode("emailCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + URLTemplate: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}", + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: false, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with password and return email code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "", language.English), + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("emailCode"), + }, + 1*time.Hour, + "", + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + newCode: mockCode("emailCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + ReturnCode: true, + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: false, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + wantEmailCode: "emailCode", + }, + }, + { + name: "add human email verified, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + PasswordChangeRequired: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human email verified, trim spaces, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: " username ", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + PasswordChangeRequired: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human, email verified, userLoginMustBeDomain false, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + false, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", true, false, "", language.English), + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + PasswordChangeRequired: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human claimed domain, userLoginMustBeDomain false, error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + false, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewDomainVerifiedEvent(context.Background(), + &org.NewAggregate("org2").Aggregate, + "test.ch", + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username@test.ch", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + PasswordChangeRequired: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-SFd21", "Errors.User.DomainNotAllowedAsUsername")) + }, + }, + }, + { + name: "add human domain, userLoginMustBeDomain false, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + false, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewDomainVerifiedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "test.ch", + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username@test.ch", + "firstname", + "lastname", + "", + "firstname lastname", + language.English, + domain.GenderUnspecified, + "email@test.ch", + false, + ) + event.AddPasswordData("$plain$x$password", true) + return event + }(), + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username@test.ch", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + PasswordChangeRequired: true, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with phone), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", language.English), + user.NewHumanEmailVerifiedEvent( + context.Background(), + &userAgg.Aggregate, + ), + user.NewHumanPhoneCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("phonecode"), + }, + time.Hour*1, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + newCode: mockCode("phonecode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Password: "password", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + Phone: Phone{ + Number: "+41711234567", + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human (with verified phone), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + newAddHumanEvent("", false, true, "+41711234567", language.English), + user.NewHumanInitialCodeAddedEvent( + context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + 1*time.Hour, + ), + user.NewHumanPhoneVerifiedEvent( + context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + Phone: Phone{ + Number: "+41711234567", + Verified: true, + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, { + name: "add human (with return code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + newAddHumanEvent("$plain$x$password", false, true, "+41711234567", language.English), + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + user.NewHumanPhoneCodeAddedEventV2( + context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("phoneCode"), + }, + 1*time.Hour, + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + newCode: mockCode("phoneCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + Phone: Phone{ + Number: "+41711234567", + ReturnCode: true, + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "add human with metadata, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + newAddHumanEvent("", false, true, "", language.English), + user.NewHumanInitialCodeAddedEvent( + context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("userinit"), + }, + 1*time.Hour, + ), + user.NewMetadataSetEvent( + context.Background(), + &userAgg.Aggregate, + "testKey", + []byte("testValue"), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockCode("userinit", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + Metadata: []*AddMetadataEntry{ + { + Key: "testKey", + Value: []byte("testValue"), + }, + }, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + userPasswordHasher: tt.fields.userPasswordHasher, + idGenerator: tt.fields.idGenerator, + newCode: tt.fields.newCode, + checkPermission: tt.fields.checkPermission, + } + err := r.AddUserHuman(tt.args.ctx, tt.args.orgID, tt.args.human, tt.args.allowInitMail, tt.args.codeAlg) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, tt.args.human.Details) + assert.Equal(t, tt.res.wantID, tt.args.human.ID) + assert.Equal(t, tt.res.wantEmailCode, gu.Value(tt.args.human.EmailCode)) + } + }) + } +} + +func TestCommandSide_ChangeUserHuman(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + userPasswordHasher *crypto.PasswordHasher + newCode cryptoCodeFunc + checkPermission domain.PermissionCheck + } + type args struct { + ctx context.Context + orgID string + human *ChangeHuman + codeAlg crypto.EncryptionAlgorithm + } + type res struct { + want *domain.ObjectDetails + wantEmailCode *string + wantPhoneCode *string + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "domain policy not found, precondition error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectFilter(), + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Username: gu.Ptr("changed"), + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-79pv6e1q62", "Errors.Org.DomainPolicy.NotExisting")) + }, + }, + }, + { + name: "change human username, no permission", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Username: gu.Ptr("changed"), + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "change human username, not found", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Username: gu.Ptr("changed"), + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-ugjs0upun6", "Errors.User.NotFound")) + }, + }, + }, + { + name: "change human username, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewUsernameChangedEvent(context.Background(), + &userAgg.Aggregate, + "username", + "changed", + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Username: gu.Ptr("changed"), + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human username, no change", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Username: gu.Ptr("username"), + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human profile, no permission", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Profile: &Profile{ + FirstName: gu.Ptr("changedfn"), + LastName: gu.Ptr("changedln"), + NickName: gu.Ptr("changednn"), + DisplayName: gu.Ptr("changeddn"), + PreferredLanguage: gu.Ptr(language.Afrikaans), + Gender: gu.Ptr(domain.GenderDiverse), + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "change human profile, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + func() eventstore.Command { + cmd, _ := user.NewHumanProfileChangedEvent(context.Background(), + &userAgg.Aggregate, + []user.ProfileChanges{ + user.ChangeFirstName("changedfn"), + user.ChangeLastName("changedln"), + user.ChangeNickName("changednn"), + user.ChangeDisplayName("changeddn"), + user.ChangePreferredLanguage(language.Afrikaans), + user.ChangeGender(domain.GenderDiverse), + }, + ) + return cmd + }(), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Profile: &Profile{ + FirstName: gu.Ptr("changedfn"), + LastName: gu.Ptr("changedln"), + NickName: gu.Ptr("changednn"), + DisplayName: gu.Ptr("changeddn"), + PreferredLanguage: gu.Ptr(language.Afrikaans), + Gender: gu.Ptr(domain.GenderDiverse), + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human profile, no change", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Profile: &Profile{ + FirstName: gu.Ptr("firstname"), + LastName: gu.Ptr("lastname"), + NickName: gu.Ptr(""), + DisplayName: gu.Ptr("firstname lastname"), + PreferredLanguage: gu.Ptr(language.English), + Gender: gu.Ptr(domain.GenderUnspecified), + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human email, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanEmailChangedEvent(context.Background(), + &userAgg.Aggregate, + "changed@example.com", + ), + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("emailCode"), + }, + time.Hour, + "", + false, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + newCode: mockCode("emailCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Address: "changed@example.com", + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human email, no change", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Address: "email@test.ch", + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human email verified, not allowed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Address: "changed@example.com", + Verified: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "change human email verified, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanEmailChangedEvent(context.Background(), + &userAgg.Aggregate, + "changed@example.com", + ), + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Address: "changed@example.com", + Verified: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human email isVerified, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Verified: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human email returnCode, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanEmailChangedEvent(context.Background(), + &userAgg.Aggregate, + "changed@test.com", + ), + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("emailCode"), + }, + time.Hour, + "", + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + newCode: mockCode("emailCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Email: &Email{ + Address: "changed@test.com", + ReturnCode: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantEmailCode: gu.Ptr("emailCode"), + }, + }, + { + name: "change human phone, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("phoneCode"), + }, + time.Hour, + false, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + newCode: mockCode("phoneCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Phone: &Phone{ + Number: "+41791234567", + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, { + name: "change human phone verified, not allowed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Phone: &Phone{ + Number: "+41791234567", + Verified: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "change human phone verified, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + user.NewHumanPhoneVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Phone: &Phone{ + Number: "+41791234567", + Verified: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human phone isVerified, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanPhoneVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Phone: &Phone{ + Verified: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human phone returnCode, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + expectPush( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("phoneCode"), + }, + time.Hour, + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + newCode: mockCode("phoneCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Phone: &Phone{ + Number: "+41791234567", + ReturnCode: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + wantPhoneCode: gu.Ptr("phoneCode"), + }, + }, + { + name: "password change, no password, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{}, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-3klek4sbns", "Errors.User.Password.Empty")) + }, + }, + }, + { + name: "change human password, not initialized", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + nil, time.Hour*1, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + OldPassword: gu.Ptr("password"), + ChangeRequired: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-M9dse", "Errors.User.NotInitialised")) + }, + }, + }, + { + name: "change human password, not in complexity", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + true, + false, + false, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + OldPassword: gu.Ptr("password"), + ChangeRequired: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "DOMAIN-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")) + }, + }, + }, + { + name: "change human password, empty", + fields: fields{ + eventstore: expectEventstore(), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + OldPassword: gu.Ptr("password"), + ChangeRequired: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-3klek4sbns", "Errors.User.Password.Empty")) + }, + }, + }, + { + name: "change human password, not allowed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + userPasswordHasher: mockPasswordHasher("x"), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + ChangeRequired: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "change human password, permission, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "$plain$x$password2", + true, + "", + ), + ), + ), + userPasswordHasher: mockPasswordHasher("x"), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + ChangeRequired: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human password, old password, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "$plain$x$password2", + true, + "", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + OldPassword: gu.Ptr("password"), + ChangeRequired: true, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human password, old password, failed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + OldPassword: gu.Ptr("wrong"), + ChangeRequired: true, + }, + }, + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-3M0fs", "Errors.User.Password.Invalid")) + }, + }, + }, + { + name: "change human password, password code, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusherWithCreationDateNow( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("code"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "$plain$x$password2", + true, + "", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + PasswordCode: gu.Ptr("code"), + ChangeRequired: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human password, password code, wrong code", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusherWithCreationDateNow( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("code"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("password2"), + PasswordCode: gu.Ptr("wrong"), + ChangeRequired: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid")) + }, + }, + }, + { + name: "change human password encoded, password code, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusherWithCreationDateNow( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("code"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "$plain$x$password2", + true, + "", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + EncodedPasswordHash: gu.Ptr("$plain$x$password2"), + PasswordCode: gu.Ptr("code"), + ChangeRequired: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + { + name: "change human password and password encoded, password code, encoded used", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusherWithCreationDateNow( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("code"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "$plain$x$password2", + true, + "", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + userPasswordHasher: mockPasswordHasher("x"), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &ChangeHuman{ + Password: &Password{ + Password: gu.Ptr("passwordnotused"), + EncodedPasswordHash: gu.Ptr("$plain$x$password2"), + PasswordCode: gu.Ptr("code"), + ChangeRequired: true, + }, + }, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + Sequence: 0, + EventDate: time.Time{}, + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + userPasswordHasher: tt.fields.userPasswordHasher, + newCode: tt.fields.newCode, + checkPermission: tt.fields.checkPermission, + } + err := r.ChangeUserHuman(tt.args.ctx, tt.args.human, tt.args.codeAlg) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, tt.args.human.Details) + assert.Equal(t, tt.res.wantEmailCode, tt.args.human.EmailCode) + assert.Equal(t, tt.res.wantPhoneCode, tt.args.human.PhoneCode) + } + }) + } +} diff --git a/internal/command/user_v2_model.go b/internal/command/user_v2_model.go new file mode 100644 index 0000000000..381a463884 --- /dev/null +++ b/internal/command/user_v2_model.go @@ -0,0 +1,558 @@ +package command + +import ( + "context" + "time" + + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" +) + +type UserV2WriteModel struct { + eventstore.WriteModel + + UserName string + + MachineWriteModel bool + Name string + Description string + AccessTokenType domain.OIDCTokenType + + MachineSecretWriteModel bool + ClientSecret *crypto.CryptoValue + + ProfileWriteModel bool + FirstName string + LastName string + NickName string + DisplayName string + PreferredLanguage language.Tag + Gender domain.Gender + + AvatarWriteModel bool + Avatar string + + HumanWriteModel bool + InitCode *crypto.CryptoValue + InitCodeCreationDate time.Time + InitCodeExpiry time.Duration + InitCheckFailedCount uint64 + + PasswordWriteModel bool + PasswordEncodedHash string + PasswordChangeRequired bool + PasswordCode *crypto.CryptoValue + PasswordCodeCreationDate time.Time + PasswordCodeExpiry time.Duration + PasswordCheckFailedCount uint64 + + EmailWriteModel bool + Email domain.EmailAddress + IsEmailVerified bool + EmailCode *crypto.CryptoValue + EmailCodeCreationDate time.Time + EmailCodeExpiry time.Duration + EmailCheckFailedCount uint64 + + PhoneWriteModel bool + Phone domain.PhoneNumber + IsPhoneVerified bool + PhoneCode *crypto.CryptoValue + PhoneCodeCreationDate time.Time + PhoneCodeExpiry time.Duration + PhoneCheckFailedCount uint64 + + StateWriteModel bool + UserState domain.UserState + + IDPLinkWriteModel bool + IDPLinks []*domain.UserIDPLink +} + +func NewUserExistsWriteModel(userID, resourceOwner string) *UserV2WriteModel { + return newUserV2WriteModel(userID, resourceOwner, WithHuman(), WithMachine()) +} + +func NewUserStateWriteModel(userID, resourceOwner string) *UserV2WriteModel { + return newUserV2WriteModel(userID, resourceOwner, WithHuman(), WithMachine(), WithState()) +} + +func NewUserRemoveWriteModel(userID, resourceOwner string) *UserV2WriteModel { + return newUserV2WriteModel(userID, resourceOwner, WithHuman(), WithMachine(), WithState(), WithIDPLinks()) +} + +func NewUserHumanWriteModel(userID, resourceOwner string, profileWM, emailWM, phoneWM, passwordWM, avatarWM, idpLinks bool) *UserV2WriteModel { + opts := []UserV2WMOption{WithHuman(), WithState()} + if profileWM { + opts = append(opts, WithProfile()) + } + if emailWM { + opts = append(opts, WithEmail()) + } + if phoneWM { + opts = append(opts, WithPhone()) + } + if passwordWM { + opts = append(opts, WithPassword()) + } + if avatarWM { + opts = append(opts, WithAvatar()) + } + if idpLinks { + opts = append(opts, WithIDPLinks()) + } + return newUserV2WriteModel(userID, resourceOwner, opts...) +} + +func newUserV2WriteModel(userID, resourceOwner string, opts ...UserV2WMOption) *UserV2WriteModel { + wm := &UserV2WriteModel{ + WriteModel: eventstore.WriteModel{ + AggregateID: userID, + ResourceOwner: resourceOwner, + }, + } + + for _, optFunc := range opts { + optFunc(wm) + } + return wm +} + +type UserV2WMOption func(o *UserV2WriteModel) + +func WithHuman() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.HumanWriteModel = true + } +} +func WithMachine() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.MachineWriteModel = true + } +} +func WithProfile() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.ProfileWriteModel = true + } +} +func WithEmail() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.EmailWriteModel = true + } +} +func WithPhone() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.PhoneWriteModel = true + } +} +func WithPassword() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.PasswordWriteModel = true + } +} +func WithState() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.StateWriteModel = true + } +} +func WithAvatar() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.AvatarWriteModel = true + } +} +func WithIDPLinks() UserV2WMOption { + return func(o *UserV2WriteModel) { + o.IDPLinkWriteModel = true + } +} + +func (wm *UserV2WriteModel) Reduce() error { + for _, event := range wm.Events { + switch e := event.(type) { + case *user.HumanAddedEvent: + wm.reduceHumanAddedEvent(e) + case *user.HumanRegisteredEvent: + wm.reduceHumanRegisteredEvent(e) + + case *user.HumanInitialCodeAddedEvent: + wm.UserState = domain.UserStateInitial + wm.SetInitCode(e.Code, e.Expiry, e.CreationDate()) + case *user.HumanInitializedCheckSucceededEvent: + wm.UserState = domain.UserStateActive + wm.EmptyInitCode() + case *user.HumanInitializedCheckFailedEvent: + wm.InitCheckFailedCount += 1 + + case *user.UsernameChangedEvent: + wm.UserName = e.UserName + case *user.HumanProfileChangedEvent: + wm.reduceHumanProfileChangedEvent(e) + + case *user.MachineChangedEvent: + if e.Name != nil { + wm.Name = *e.Name + } + if e.Description != nil { + wm.Description = *e.Description + } + if e.AccessTokenType != nil { + wm.AccessTokenType = *e.AccessTokenType + } + + case *user.MachineAddedEvent: + wm.UserName = e.UserName + wm.Name = e.Name + wm.Description = e.Description + wm.AccessTokenType = e.AccessTokenType + wm.UserState = domain.UserStateActive + + case *user.HumanEmailChangedEvent: + wm.Email = e.EmailAddress + wm.IsEmailVerified = false + wm.EmptyEmailCode() + case *user.HumanEmailCodeAddedEvent: + wm.IsEmailVerified = false + wm.SetEMailCode(e.Code, e.Expiry, e.CreationDate()) + case *user.HumanEmailVerifiedEvent: + wm.IsEmailVerified = true + wm.EmptyEmailCode() + case *user.HumanEmailVerificationFailedEvent: + wm.EmailCheckFailedCount += 1 + + case *user.HumanPhoneChangedEvent: + wm.IsPhoneVerified = false + wm.Phone = e.PhoneNumber + wm.EmptyPhoneCode() + case *user.HumanPhoneCodeAddedEvent: + wm.IsPhoneVerified = false + wm.SetPhoneCode(e.Code, e.Expiry, e.CreationDate()) + case *user.HumanPhoneVerifiedEvent: + wm.IsPhoneVerified = true + wm.EmptyPhoneCode() + case *user.HumanPhoneVerificationFailedEvent: + wm.PhoneCheckFailedCount += 1 + case *user.HumanPhoneRemovedEvent: + wm.EmptyPhoneCode() + wm.Phone = "" + wm.IsPhoneVerified = false + + case *user.HumanAvatarAddedEvent: + wm.Avatar = e.StoreKey + case *user.HumanAvatarRemovedEvent: + wm.Avatar = "" + + case *user.UserLockedEvent: + wm.UserState = domain.UserStateLocked + case *user.UserUnlockedEvent: + wm.PasswordCheckFailedCount = 0 + wm.UserState = domain.UserStateActive + + case *user.UserDeactivatedEvent: + wm.UserState = domain.UserStateInactive + case *user.UserReactivatedEvent: + wm.UserState = domain.UserStateActive + + case *user.UserRemovedEvent: + wm.UserState = domain.UserStateDeleted + + case *user.HumanPasswordHashUpdatedEvent: + wm.PasswordEncodedHash = e.EncodedHash + case *user.HumanPasswordCheckFailedEvent: + wm.PasswordCheckFailedCount += 1 + case *user.HumanPasswordCheckSucceededEvent: + wm.PasswordCheckFailedCount = 0 + case *user.HumanPasswordChangedEvent: + wm.PasswordEncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash) + wm.PasswordChangeRequired = e.ChangeRequired + wm.EmptyPasswordCode() + case *user.HumanPasswordCodeAddedEvent: + wm.SetPasswordCode(e.Code, e.Expiry, e.CreationDate()) + case *user.UserIDPLinkAddedEvent: + wm.AddIDPLink(e.IDPConfigID, e.DisplayName, e.ExternalUserID) + case *user.UserIDPLinkRemovedEvent: + wm.RemoveIDPLink(e.IDPConfigID, e.ExternalUserID) + case *user.UserIDPLinkCascadeRemovedEvent: + wm.RemoveIDPLink(e.IDPConfigID, e.ExternalUserID) + } + } + return wm.WriteModel.Reduce() +} + +func (wm *UserV2WriteModel) AddIDPLink(configID, displayName, externalUserID string) { + wm.IDPLinks = append(wm.IDPLinks, &domain.UserIDPLink{IDPConfigID: configID, DisplayName: displayName, ExternalUserID: externalUserID}) +} + +func (wm *UserV2WriteModel) RemoveIDPLink(configID, externalUserID string) { + idx, _ := wm.IDPLinkByID(configID, externalUserID) + if idx < 0 { + return + } + copy(wm.IDPLinks[idx:], wm.IDPLinks[idx+1:]) + wm.IDPLinks[len(wm.IDPLinks)-1] = nil + wm.IDPLinks = wm.IDPLinks[:len(wm.IDPLinks)-1] +} + +func (wm *UserV2WriteModel) EmptyInitCode() { + wm.InitCode = nil + wm.InitCodeExpiry = 0 + wm.InitCodeCreationDate = time.Time{} + wm.InitCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) SetInitCode(code *crypto.CryptoValue, expiry time.Duration, creationDate time.Time) { + wm.InitCode = code + wm.InitCodeExpiry = expiry + wm.InitCodeCreationDate = creationDate + wm.InitCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) EmptyEmailCode() { + wm.EmailCode = nil + wm.EmailCodeExpiry = 0 + wm.EmailCodeCreationDate = time.Time{} + wm.EmailCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) SetEMailCode(code *crypto.CryptoValue, expiry time.Duration, creationDate time.Time) { + wm.EmailCode = code + wm.EmailCodeExpiry = expiry + wm.EmailCodeCreationDate = creationDate + wm.EmailCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) EmptyPhoneCode() { + wm.PhoneCode = nil + wm.PhoneCodeExpiry = 0 + wm.PhoneCodeCreationDate = time.Time{} + wm.PhoneCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) SetPhoneCode(code *crypto.CryptoValue, expiry time.Duration, creationDate time.Time) { + wm.PhoneCode = code + wm.PhoneCodeExpiry = expiry + wm.PhoneCodeCreationDate = creationDate + wm.PhoneCheckFailedCount = 0 +} +func (wm *UserV2WriteModel) EmptyPasswordCode() { + wm.PasswordCode = nil + wm.PasswordCodeExpiry = 0 + wm.PasswordCodeCreationDate = time.Time{} +} +func (wm *UserV2WriteModel) SetPasswordCode(code *crypto.CryptoValue, expiry time.Duration, creationDate time.Time) { + wm.PasswordCode = code + wm.PasswordCodeExpiry = expiry + wm.PasswordCodeCreationDate = creationDate +} + +func (wm *UserV2WriteModel) Query() *eventstore.SearchQueryBuilder { + // remove events are always processed + // and username is based for machine and human + eventTypes := []eventstore.EventType{ + user.UserRemovedType, + user.UserUserNameChangedType, + } + + if wm.HumanWriteModel { + eventTypes = append(eventTypes, + user.UserV1AddedType, + user.HumanAddedType, + user.UserV1RegisteredType, + user.HumanRegisteredType, + ) + } + + if wm.MachineWriteModel { + eventTypes = append(eventTypes, + user.MachineChangedEventType, + user.MachineAddedEventType, + ) + } + + if wm.EmailWriteModel { + eventTypes = append(eventTypes, + user.UserV1EmailChangedType, + user.HumanEmailChangedType, + user.UserV1EmailCodeAddedType, + user.HumanEmailCodeAddedType, + + user.UserV1EmailVerifiedType, + user.HumanEmailVerifiedType, + user.HumanEmailVerificationFailedType, + user.UserV1EmailVerificationFailedType, + ) + } + if wm.PhoneWriteModel { + eventTypes = append(eventTypes, + user.UserV1PhoneChangedType, + user.HumanPhoneChangedType, + user.UserV1PhoneCodeAddedType, + user.HumanPhoneCodeAddedType, + + user.UserV1PhoneVerifiedType, + user.HumanPhoneVerifiedType, + user.HumanPhoneVerificationFailedType, + user.UserV1PhoneVerificationFailedType, + + user.UserV1PhoneRemovedType, + user.HumanPhoneRemovedType, + ) + } + if wm.ProfileWriteModel { + eventTypes = append(eventTypes, + user.UserV1ProfileChangedType, + user.HumanProfileChangedType, + ) + } + if wm.StateWriteModel { + eventTypes = append(eventTypes, + user.UserV1InitialCodeAddedType, + user.HumanInitialCodeAddedType, + + user.UserV1InitializedCheckSucceededType, + user.HumanInitializedCheckSucceededType, + user.HumanInitializedCheckFailedType, + user.UserV1InitializedCheckFailedType, + + user.UserLockedType, + user.UserUnlockedType, + user.UserDeactivatedType, + user.UserReactivatedType, + ) + } + if wm.AvatarWriteModel { + eventTypes = append(eventTypes, + user.HumanAvatarAddedType, + user.HumanAvatarRemovedType, + ) + } + if wm.PasswordWriteModel { + eventTypes = append(eventTypes, + user.HumanPasswordHashUpdatedType, + + user.HumanPasswordChangedType, + user.UserV1PasswordChangedType, + user.HumanPasswordCodeAddedType, + user.UserV1PasswordCodeAddedType, + + user.HumanPasswordCheckFailedType, + user.UserV1PasswordCheckFailedType, + user.HumanPasswordCheckSucceededType, + user.UserV1PasswordCheckSucceededType, + ) + } + if wm.IDPLinkWriteModel { + eventTypes = append(eventTypes, + user.UserIDPLinkAddedType, + user.UserIDPLinkRemovedType, + user.UserIDPLinkCascadeRemovedType, + ) + } + + query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + AddQuery(). + AggregateTypes(user.AggregateType). + AggregateIDs(wm.AggregateID). + EventTypes(eventTypes...). + Builder() + if wm.ResourceOwner != "" { + query.ResourceOwner(wm.ResourceOwner) + } + return query +} + +func (wm *UserV2WriteModel) reduceHumanAddedEvent(e *user.HumanAddedEvent) { + wm.UserName = e.UserName + wm.FirstName = e.FirstName + wm.LastName = e.LastName + wm.NickName = e.NickName + wm.DisplayName = e.DisplayName + wm.PreferredLanguage = e.PreferredLanguage + wm.Gender = e.Gender + wm.Email = e.EmailAddress + wm.Phone = e.PhoneNumber + wm.UserState = domain.UserStateActive + wm.PasswordEncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash) + wm.PasswordChangeRequired = e.ChangeRequired +} + +func (wm *UserV2WriteModel) reduceHumanRegisteredEvent(e *user.HumanRegisteredEvent) { + wm.UserName = e.UserName + wm.FirstName = e.FirstName + wm.LastName = e.LastName + wm.NickName = e.NickName + wm.DisplayName = e.DisplayName + wm.PreferredLanguage = e.PreferredLanguage + wm.Gender = e.Gender + wm.Email = e.EmailAddress + wm.Phone = e.PhoneNumber + wm.UserState = domain.UserStateActive + wm.PasswordEncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash) + wm.PasswordChangeRequired = e.ChangeRequired +} + +func (wm *UserV2WriteModel) reduceHumanProfileChangedEvent(e *user.HumanProfileChangedEvent) { + if e.FirstName != "" { + wm.FirstName = e.FirstName + } + if e.LastName != "" { + wm.LastName = e.LastName + } + if e.NickName != nil { + wm.NickName = *e.NickName + } + if e.DisplayName != nil { + wm.DisplayName = *e.DisplayName + } + if e.PreferredLanguage != nil { + wm.PreferredLanguage = *e.PreferredLanguage + } + if e.Gender != nil { + wm.Gender = *e.Gender + } +} + +func (wm *UserV2WriteModel) Aggregate() *user.Aggregate { + return user.NewAggregate(wm.AggregateID, wm.ResourceOwner) +} + +func (wm *UserV2WriteModel) NewProfileChangedEvent( + ctx context.Context, + firstName, + lastName, + nickName, + displayName *string, + preferredLanguage *language.Tag, + gender *domain.Gender, +) (*user.HumanProfileChangedEvent, error) { + changes := make([]user.ProfileChanges, 0) + if firstName != nil && wm.FirstName != *firstName { + changes = append(changes, user.ChangeFirstName(*firstName)) + } + if lastName != nil && wm.LastName != *lastName { + changes = append(changes, user.ChangeLastName(*lastName)) + } + if nickName != nil && wm.NickName != *nickName { + changes = append(changes, user.ChangeNickName(*nickName)) + } + if displayName != nil && wm.DisplayName != *displayName { + changes = append(changes, user.ChangeDisplayName(*displayName)) + } + if preferredLanguage != nil && wm.PreferredLanguage != *preferredLanguage { + changes = append(changes, user.ChangePreferredLanguage(*preferredLanguage)) + } + if gender != nil && wm.Gender != *gender { + changes = append(changes, user.ChangeGender(*gender)) + } + if len(changes) == 0 { + return nil, nil + } + return user.NewHumanProfileChangedEvent(ctx, &wm.Aggregate().Aggregate, changes) +} + +func (wm *UserV2WriteModel) IDPLinkByID(idpID, externalUserID string) (idx int, idp *domain.UserIDPLink) { + for idx, idp = range wm.IDPLinks { + if idp.IDPConfigID == idpID && idp.ExternalUserID == externalUserID { + return idx, idp + } + } + return -1, nil +} diff --git a/internal/command/user_v2_model_test.go b/internal/command/user_v2_model_test.go new file mode 100644 index 0000000000..7c77e491fd --- /dev/null +++ b/internal/command/user_v2_model_test.go @@ -0,0 +1,2386 @@ +package command + +import ( + "context" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" +) + +func TestCommandSide_userExistsWriteModel(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + InitCode: nil, + InitCodeCreationDate: time.Time{}, + InitCodeExpiry: 0, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user registered", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + InitCode: nil, + InitCodeCreationDate: time.Time{}, + InitCodeExpiry: 0, + PreferredLanguage: language.English, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user machine added", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddMachineEvent(true, domain.OIDCTokenTypeBearer), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + Name: "name", + Description: "description", + AccessTokenType: domain.OIDCTokenTypeBearer, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with init code", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + InitCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + InitCodeCreationDate: time.Time{}, + InitCodeExpiry: time.Hour * 1, + UserState: domain.UserStateInitial, + }, + }, + }, + { + name: "user added with initialized", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with initialized failed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitialCodeAddedEvent(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + ), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + InitCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + InitCodeCreationDate: time.Time{}, + InitCodeExpiry: time.Hour * 1, + InitCheckFailedCount: 1, + UserState: domain.UserStateInitial, + }, + }, + }, + { + name: "user added with username changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUsernameChangedEvent(context.Background(), + &userAgg.Aggregate, + "username", + "changed", + true, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "changed", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user removed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserRemovedEvent(context.Background(), + &userAgg.Aggregate, + "username", + []*domain.UserIDPLink{}, + true, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateDeleted, + }, + }, + }, + { + name: "user machine removed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddMachineEvent(true, domain.OIDCTokenTypeBearer), + ), + eventFromEventPusher( + user.NewUserRemovedEvent(context.Background(), + &userAgg.Aggregate, + "username", + []*domain.UserIDPLink{}, + true, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + Name: "name", + Description: "description", + AccessTokenType: domain.OIDCTokenTypeBearer, + UserState: domain.UserStateDeleted, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userExistsWriteModel(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_profile(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added with profile changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + func() eventstore.Command { + cmd, _ := user.NewHumanProfileChangedEvent(context.Background(), + &userAgg.Aggregate, + []user.ProfileChanges{ + user.ChangeFirstName("changedfn"), + user.ChangeLastName("changedln"), + user.ChangeNickName("changednn"), + user.ChangeDisplayName("changeddn"), + user.ChangePreferredLanguage(language.Afrikaans), + user.ChangeGender(domain.GenderDiverse), + }, + ) + return cmd + }(), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + ProfileWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "changedfn", + LastName: "changedln", + DisplayName: "changeddn", + NickName: "changednn", + PreferredLanguage: language.Afrikaans, + Gender: domain.GenderDiverse, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userHumanWriteModel(tt.args.ctx, tt.args.userID, true, false, false, false, false, false) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_email(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added email changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanEmailChangedEvent(context.Background(), + &userAgg.Aggregate, + "changed@test.com", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + EmailWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "changed@test.com", + IsEmailVerified: false, + InitCode: nil, + InitCodeCreationDate: time.Time{}, + InitCodeExpiry: 0, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with email code", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + "", + false, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + EmailWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + EmailCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + EmailCodeCreationDate: time.Time{}, + EmailCodeExpiry: time.Hour * 1, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with email code verified", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + "", + false, + ), + ), + eventFromEventPusher( + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + EmailWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: true, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with email code verified failed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + "", + false, + ), + ), + eventFromEventPusher( + user.NewHumanEmailVerificationFailedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + EmailWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + EmailCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + EmailCodeCreationDate: time.Time{}, + EmailCodeExpiry: time.Hour * 1, + EmailCheckFailedCount: 1, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with email code verified, then changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanEmailCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + "", + false, + ), + ), + eventFromEventPusher( + user.NewHumanEmailVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusher( + user.NewHumanEmailChangedEvent(context.Background(), + &userAgg.Aggregate, + "changed@test.com", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + EmailWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "changed@test.com", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userHumanWriteModel(tt.args.ctx, tt.args.userID, false, true, false, false, false, false) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_phone(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added phone changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PhoneWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + Phone: "+41791234567", + IsPhoneVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with phone code", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + false, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PhoneWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + Phone: "+41791234567", + IsPhoneVerified: false, + PhoneCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + PhoneCodeCreationDate: time.Time{}, + PhoneCodeExpiry: time.Hour * 1, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with phone code verified", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + false, + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PhoneWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + Phone: "+41791234567", + IsPhoneVerified: true, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with phone code verified failed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + false, + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerificationFailedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PhoneWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + Phone: "+41791234567", + IsPhoneVerified: false, + PhoneCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + PhoneCodeCreationDate: time.Time{}, + PhoneCodeExpiry: time.Hour * 1, + PhoneCheckFailedCount: 1, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with email code verified, then changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41791234567", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + false, + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerifiedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &userAgg.Aggregate, + "+41797654321", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PhoneWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + Phone: "+41797654321", + IsPhoneVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userHumanWriteModel(tt.args.ctx, tt.args.userID, false, false, true, false, false, false) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_password(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added password hashchanged", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordHashUpdatedEvent(context.Background(), + &userAgg.Aggregate, + "hash", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PasswordWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "hash", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added password changed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "hash", + false, + "", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PasswordWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "hash", + PasswordChangeRequired: false, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with password code", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PasswordWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + PasswordCode: &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + PasswordCodeCreationDate: time.Time{}, + PasswordCodeExpiry: time.Hour * 1, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added with password code and then change", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordCodeAddedEventV2(context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + domain.NotificationTypeEmail, + "", + false, + ), + ), + eventFromEventPusher( + user.NewHumanPasswordChangedEvent(context.Background(), + &userAgg.Aggregate, + "hash", + true, + "", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + PasswordWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "hash", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userHumanWriteModel(tt.args.ctx, tt.args.userID, false, false, false, true, false, false) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userStateWriteModel(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + PasswordCheckFailedCount: 0, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added initialized", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + PasswordCheckFailedCount: 0, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user machine added", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddMachineEvent(true, domain.OIDCTokenTypeBearer), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + Name: "name", + Description: "description", + AccessTokenType: domain.OIDCTokenTypeBearer, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added locked", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + PasswordCheckFailedCount: 3, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateLocked, + }, + }, + }, + { + name: "user added locked and unlocked", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewHumanPasswordCheckFailedEvent(context.Background(), + &userAgg.Aggregate, + nil, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusher( + user.NewUserUnlockedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + PasswordCheckFailedCount: 0, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + { + name: "user added deactivated", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateInactive, + }, + }, + }, + { + name: "user added deactivated and reactived", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newRegisterHumanEvent("username", "$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + eventFromEventPusher( + user.NewUserReactivatedEvent(context.Background(), + &userAgg.Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userStateWriteModel(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_avatar(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added with avatar", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanAvatarAddedEvent(context.Background(), + &userAgg.Aggregate, + "key", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + AvatarWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + Avatar: "key", + }, + }, + }, + + { + name: "user added with avatar and then removed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewHumanAvatarAddedEvent(context.Background(), + &userAgg.Aggregate, + "key", + ), + ), + eventFromEventPusher( + user.NewHumanAvatarRemovedEvent(context.Background(), + &userAgg.Aggregate, + "key", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + AvatarWriteModel: true, + StateWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userHumanWriteModel(tt.args.ctx, tt.args.userID, false, false, false, false, true, false) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} + +func TestCommandSide_userHumanWriteModel_idpLinks(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + } + type res struct { + want *UserV2WriteModel + err func(error) bool + } + + userAgg := user.NewAggregate("user1", "org1") + + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "user added with idp link", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp", + "name", + "externalID", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + IDPLinkWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + IDPLinks: []*domain.UserIDPLink{ + {IDPConfigID: "idp", DisplayName: "name", ExternalUserID: "externalID"}, + }, + }, + }, + }, + { + name: "user added with idp links", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp1", + "name1", + "externalID1", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp2", + "name2", + "externalID2", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp3", + "name3", + "externalID3", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + IDPLinkWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + IDPLinks: []*domain.UserIDPLink{ + {IDPConfigID: "idp1", DisplayName: "name1", ExternalUserID: "externalID1"}, + {IDPConfigID: "idp2", DisplayName: "name2", ExternalUserID: "externalID2"}, + {IDPConfigID: "idp3", DisplayName: "name3", ExternalUserID: "externalID3"}, + }, + }, + }, + }, + { + name: "user added with idp links and removed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp1", + "name1", + "externalID1", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp2", + "name2", + "externalID2", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp3", + "name3", + "externalID3", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkCascadeRemovedEvent(context.Background(), + &userAgg.Aggregate, + "idp2", + "externalID2", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkRemovedEvent(context.Background(), + &userAgg.Aggregate, + "idp3", + "externalID3", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp4", + "name4", + "externalID4", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + IDPLinkWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + IDPLinks: []*domain.UserIDPLink{ + {IDPConfigID: "idp1", DisplayName: "name1", ExternalUserID: "externalID1"}, + {IDPConfigID: "idp4", DisplayName: "name4", ExternalUserID: "externalID4"}, + }, + }, + }, + }, + { + name: "user added with idp link and removed", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", true, true, "", language.English), + ), + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &userAgg.Aggregate, + "idp", + "name", + "externalID", + ), + ), + eventFromEventPusher( + user.NewUserIDPLinkRemovedEvent(context.Background(), + &userAgg.Aggregate, + "idp", + "externalID", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &UserV2WriteModel{ + HumanWriteModel: true, + MachineWriteModel: true, + StateWriteModel: true, + IDPLinkWriteModel: true, + WriteModel: eventstore.WriteModel{ + AggregateID: "user1", + Events: []eventstore.Event{}, + ProcessedSequence: 0, + ResourceOwner: "org1", + }, + UserName: "username", + FirstName: "firstname", + LastName: "lastname", + DisplayName: "firstname lastname", + PreferredLanguage: language.English, + PasswordEncodedHash: "$plain$x$password", + PasswordChangeRequired: true, + Email: "email@test.ch", + IsEmailVerified: false, + UserState: domain.UserStateActive, + IDPLinks: []*domain.UserIDPLink{}, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + wm, err := r.userRemoveWriteModel(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + if !assert.NoError(t, err) { + t.FailNow() + } + } else if !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + return + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, wm) + } + }) + } +} diff --git a/internal/command/user_v2_passkey.go b/internal/command/user_v2_passkey.go index 47af8c134e..698b805d76 100644 --- a/internal/command/user_v2_passkey.go +++ b/internal/command/user_v2_passkey.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // RegisterUserPasskey creates a passkey registration for the current authenticated user. @@ -51,7 +51,7 @@ func (c *Commands) verifyUserPasskeyCode(ctx context.Context, userID, resourceOw err = verifyCryptoCode(ctx, c.eventstore.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg, wm.ChangeDate, wm.Expiration, wm.CryptoCode, code) if err != nil || wm.State != domain.PasswordlessInitCodeStateActive { c.verifyUserPasskeyCodeFailed(ctx, wm) - return nil, caos_errs.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid") + return nil, zerrors.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid") } return func(ctx context.Context, userAgg *eventstore.Aggregate) eventstore.Command { return user.NewHumanPasswordlessInitCodeCheckSucceededEvent(ctx, userAgg, codeID) diff --git a/internal/command/user_v2_passkey_test.go b/internal/command/user_v2_passkey_test.go index 52c5fea7fe..1e972bbfd6 100644 --- a/internal/command/user_v2_passkey_test.go +++ b/internal/command/user_v2_passkey_test.go @@ -14,13 +14,13 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" webauthn_helper "github.com/zitadel/zitadel/internal/webauthn" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_RegisterUserPasskey(t *testing.T) { @@ -56,7 +56,7 @@ func TestCommands_RegisterUserPasskey(t *testing.T) { resourceOwner: "org1", authenticator: domain.AuthenticatorAttachmentCrossPlattform, }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "get human passwordless error", @@ -186,7 +186,7 @@ func TestCommands_RegisterUserPasskeyWithCode(t *testing.T) { codeID: "123", code: "wrong", }, - wantErr: caos_errs.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid"), }, { name: "code verification ok, get human passwordless error", @@ -296,7 +296,7 @@ func TestCommands_verifyUserPasskeyCode(t *testing.T) { codeID: "123", code: "wrong", }, - wantErr: caos_errs.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid"), + wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-Eeb2a", "Errors.User.Code.Invalid"), }, { name: "success", @@ -573,7 +573,7 @@ func TestCommands_AddUserPasskeyCodeURLTemplate(t *testing.T) { resourceOwner: "org1", urlTmpl: "{{", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "id generator error", diff --git a/internal/command/user_v2_password.go b/internal/command/user_v2_password.go index 53b25c5e4a..d94bc0286c 100644 --- a/internal/command/user_v2_password.go +++ b/internal/command/user_v2_password.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // RequestPasswordReset generates a code @@ -38,17 +38,17 @@ func (c *Commands) RequestPasswordResetReturnCode(ctx context.Context, userID st // urlTmpl allows changing the target URL that is used by the e-mail and should be a validated Go template, if used. func (c *Commands) requestPasswordReset(ctx context.Context, userID string, returnCode bool, urlTmpl string, notificationType domain.NotificationType) (_ *domain.ObjectDetails, plainCode *string, err error) { if userID == "" { - return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing") } model, err := c.getHumanWriteModelByID(ctx, userID, "") if err != nil { return nil, nil, err } if !model.UserState.Exists() { - return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound") + return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound") } if model.UserState == domain.UserStateInitial { - return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised") + return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised") } if authz.GetCtxData(ctx).UserID != userID { if err = c.checkPermission(ctx, domain.PermissionUserWrite, model.ResourceOwner, userID); err != nil { diff --git a/internal/command/user_v2_password_test.go b/internal/command/user_v2_password_test.go index 2465c240f3..0b72c49220 100644 --- a/internal/command/user_v2_password_test.go +++ b/internal/command/user_v2_password_test.go @@ -5,16 +5,16 @@ import ( "testing" "time" + "golang.org/x/text/language" + "github.com/muhlemmer/gu" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_RequestPasswordReset(t *testing.T) { @@ -42,7 +42,7 @@ func TestCommands_RequestPasswordReset(t *testing.T) { ctx: context.Background(), userID: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), }, { name: "user not existing", @@ -55,7 +55,7 @@ func TestCommands_RequestPasswordReset(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), }, { name: "user not initialized", @@ -78,7 +78,7 @@ func TestCommands_RequestPasswordReset(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), }, { name: "missing permission", @@ -98,7 +98,7 @@ func TestCommands_RequestPasswordReset(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, } for _, tt := range tests { @@ -140,7 +140,7 @@ func TestCommands_RequestPasswordResetReturnCode(t *testing.T) { ctx: context.Background(), userID: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), }, { name: "user not existing", @@ -153,7 +153,7 @@ func TestCommands_RequestPasswordResetReturnCode(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), }, { name: "user not initialized", @@ -176,7 +176,7 @@ func TestCommands_RequestPasswordResetReturnCode(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), }, { name: "missing permission", @@ -196,7 +196,7 @@ func TestCommands_RequestPasswordResetReturnCode(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, } for _, tt := range tests { @@ -240,7 +240,7 @@ func TestCommands_RequestPasswordResetURLTemplate(t *testing.T) { userID: "user1", urlTmpl: "{{", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { @@ -252,7 +252,7 @@ func TestCommands_RequestPasswordResetURLTemplate(t *testing.T) { ctx: context.Background(), userID: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), }, { name: "user not existing", @@ -265,7 +265,7 @@ func TestCommands_RequestPasswordResetURLTemplate(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), }, { name: "user not initialized", @@ -288,7 +288,7 @@ func TestCommands_RequestPasswordResetURLTemplate(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), }, { name: "missing permission", @@ -308,7 +308,7 @@ func TestCommands_RequestPasswordResetURLTemplate(t *testing.T) { ctx: context.Background(), userID: "userID", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, } for _, tt := range tests { @@ -360,7 +360,7 @@ func TestCommands_requestPasswordReset(t *testing.T) { userID: "", }, res: res{ - err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), + err: zerrors.ThrowInvalidArgument(nil, "COMMAND-SAFdda", "Errors.User.IDMissing"), }, }, { @@ -375,7 +375,7 @@ func TestCommands_requestPasswordReset(t *testing.T) { userID: "userID", }, res: res{ - err: caos_errs.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), + err: zerrors.ThrowNotFound(nil, "COMMAND-SAF4f", "Errors.User.NotFound"), }, }, { @@ -400,7 +400,7 @@ func TestCommands_requestPasswordReset(t *testing.T) { userID: "userID", }, res: res{ - err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), + err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Sfe4g", "Errors.User.NotInitialised"), }, }, { @@ -422,7 +422,7 @@ func TestCommands_requestPasswordReset(t *testing.T) { userID: "userID", }, res: res{ - err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + err: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, }, { diff --git a/internal/command/user_v2_phone.go b/internal/command/user_v2_phone.go index b8e1174690..e501b3e3f1 100644 --- a/internal/command/user_v2_phone.go +++ b/internal/command/user_v2_phone.go @@ -8,9 +8,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) // ChangeUserPhone sets a user's phone number, generates a code @@ -113,7 +113,7 @@ type UserPhoneEvents struct { // If a model cannot be found, or it's state is invalid and error is returned. func (c *Commands) NewUserPhoneEvents(ctx context.Context, userID, resourceOwner string) (*UserPhoneEvents, error) { if userID == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing") + return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing") } model, err := c.phoneWriteModelByID(ctx, userID, resourceOwner) @@ -121,10 +121,10 @@ func (c *Commands) NewUserPhoneEvents(ctx context.Context, userID, resourceOwner return nil, err } if model.UserState == domain.UserStateUnspecified || model.UserState == domain.UserStateDeleted { - return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Phone.NotFound") + return nil, zerrors.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Phone.NotFound") } if model.UserState == domain.UserStateInitial { - return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised") + return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised") } return &UserPhoneEvents{ eventstore: c.eventstore, @@ -142,7 +142,7 @@ func (c *UserPhoneEvents) Change(ctx context.Context, phone domain.PhoneNumber) } event, hasChanged := c.model.NewChangedEvent(ctx, c.aggregate, phone) if !hasChanged { - return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged") + return zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged") } c.events = append(c.events, event) return nil @@ -170,7 +170,7 @@ func (c *UserPhoneEvents) AddGeneratedCode(ctx context.Context, gen crypto.Gener func (c *UserPhoneEvents) VerifyCode(ctx context.Context, code string, gen crypto.Generator) error { if code == "" { - return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty") } err := crypto.VerifyCode(c.model.CodeCreationDate, c.model.CodeExpiry, c.model.Code, code, gen) @@ -180,7 +180,7 @@ func (c *UserPhoneEvents) VerifyCode(ctx context.Context, code string, gen crypt } _, err = c.eventstore.Push(ctx, user.NewHumanPhoneVerificationFailedEvent(ctx, c.aggregate)) logging.WithFields("id", "COMMAND-Zoo6b", "userID", c.aggregate.ID).OnError(err).Error("NewHumanPhoneVerificationFailedEvent push failed") - return caos_errs.ThrowInvalidArgument(err, "COMMAND-eis9R", "Errors.User.Code.Invalid") + return zerrors.ThrowInvalidArgument(err, "COMMAND-eis9R", "Errors.User.Code.Invalid") } // Push all events to the eventstore and Reduce them into the Model. diff --git a/internal/command/user_v2_phone_test.go b/internal/command/user_v2_phone_test.go index 5e8ac63a9c..fe0c9f636f 100644 --- a/internal/command/user_v2_phone_test.go +++ b/internal/command/user_v2_phone_test.go @@ -13,11 +13,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_ChangeUserPhone(t *testing.T) { @@ -78,7 +78,7 @@ func TestCommands_ChangeUserPhone(t *testing.T) { resourceOwner: "org1", phone: "", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing phone", @@ -122,7 +122,7 @@ func TestCommands_ChangeUserPhone(t *testing.T) { resourceOwner: "org1", phone: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), }, { name: "not changed", @@ -166,7 +166,7 @@ func TestCommands_ChangeUserPhone(t *testing.T) { resourceOwner: "org1", phone: "+41791234567", }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), }, } for _, tt := range tests { @@ -240,7 +240,7 @@ func TestCommands_ChangeUserPhoneReturnCode(t *testing.T) { resourceOwner: "org1", phone: "+41791234567", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing phone", @@ -284,7 +284,7 @@ func TestCommands_ChangeUserPhoneReturnCode(t *testing.T) { resourceOwner: "org1", phone: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), }, } for _, tt := range tests { @@ -328,7 +328,7 @@ func TestCommands_ChangeUserPhoneVerified(t *testing.T) { resourceOwner: "org1", phone: "+41791234567", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), }, { name: "missing permission", @@ -363,7 +363,7 @@ func TestCommands_ChangeUserPhoneVerified(t *testing.T) { resourceOwner: "org1", phone: "+41791234567", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing phone", @@ -398,7 +398,7 @@ func TestCommands_ChangeUserPhoneVerified(t *testing.T) { resourceOwner: "org1", phone: "", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), }, { name: "phone changed", @@ -494,7 +494,7 @@ func TestCommands_changeUserPhoneWithGenerator(t *testing.T) { phone: "+41791234567", returnCode: false, }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), + wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), }, { name: "missing permission", @@ -530,7 +530,7 @@ func TestCommands_changeUserPhoneWithGenerator(t *testing.T) { phone: "+41791234567", returnCode: false, }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), }, { name: "missing phone", @@ -566,7 +566,7 @@ func TestCommands_changeUserPhoneWithGenerator(t *testing.T) { phone: "", returnCode: false, }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + wantErr: zerrors.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), }, { name: "not changed", @@ -602,7 +602,7 @@ func TestCommands_changeUserPhoneWithGenerator(t *testing.T) { phone: "+41791234567", returnCode: false, }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), }, { name: "phone changed", diff --git a/internal/command/user_v2_test.go b/internal/command/user_v2_test.go new file mode 100644 index 0000000000..15597b7dd7 --- /dev/null +++ b/internal/command/user_v2_test.go @@ -0,0 +1,1413 @@ +package command + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestCommandSide_LockUserV2(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + } + ) + type res struct { + want *domain.ObjectDetails + err func(error) bool + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-agz3eczifm", "Errors.User.UserIDMissing")) + }, + }, + }, + { + name: "user not existing, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-450yxuqrh1", "Errors.User.NotFound")) + }, + }, + }, + { + name: "user already locked, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-lgws8wtsqf", "Errors.User.ShouldBeActiveOrInitial")) + }, + }, + }, + { + name: "user already locked, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-lgws8wtsqf", "Errors.User.ShouldBeActiveOrInitial")) + }, + }, + }, + { + name: "lock user, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + expectPush( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "lock user, no permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "lock user machine, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + ), + expectPush( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := r.LockUserV2(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + assert.NoError(t, err) + } + if tt.res.err != nil && !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, got) + } + }) + } +} + +func TestCommandSide_UnlockUserV2(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + } + ) + type res struct { + want *domain.ObjectDetails + err func(error) bool + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-a9ld4xckax", "Errors.User.UserIDMissing")) + }, + }, + }, + { + name: "user not existing, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-x377t913pw", "Errors.User.NotFound")) + }, + }, + }, + { + name: "user already active, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-olb9vb0oca", "Errors.User.NotLocked")) + }, + }, + }, + { + name: "user already active, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-olb9vb0oca", "Errors.User.NotLocked")) + }, + }, + }, + { + name: "unlock user, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + expectPush( + user.NewUserUnlockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "unlock user, no permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "unlock user machine, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + eventFromEventPusher( + user.NewUserLockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + expectPush( + user.NewUserUnlockedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := r.UnlockUserV2(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + assert.NoError(t, err) + } + if tt.res.err != nil && !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, got) + } + }) + } +} + +func TestCommandSide_DeactivateUserV2(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + } + ) + type res struct { + want *domain.ObjectDetails + err func(error) bool + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-78iiirat8y", "Errors.User.UserIDMissing")) + }, + }, + }, + { + name: "user not existing, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-5gp2p62iin", "Errors.User.NotFound")) + }, + }, + }, + { + name: "user initial, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewHumanInitialCodeAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + nil, time.Hour*1, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-gvx4kct9r2", "Errors.User.CantDeactivateInitial")) + }, + }, + }, + { + name: "user already inactive, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5gunjw0cd7", "Errors.User.AlreadyInactive")) + }, + }, + }, + { + name: "deactivate user, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + expectPush( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "deactivate user, no permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "user machine already inactive, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5gunjw0cd7", "Errors.User.AlreadyInactive")) + }, + }, + }, + { + name: "deactivate user machine, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + ), + expectPush( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := r.DeactivateUserV2(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + assert.NoError(t, err) + } + if tt.res.err != nil && !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, got) + } + }) + } +} + +func TestCommandSide_ReactivateUserV2(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + } + ) + type res struct { + want *domain.ObjectDetails + err func(error) bool + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-0nx1ie38fw", "Errors.User.UserIDMissing")) + }, + }, + }, + { + name: "user not existing, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-9hy5kzbuk6", "Errors.User.NotFound")) + }, + }, + }, + { + name: "user already active, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-s5qqcz97hf", "Errors.User.NotInactive")) + }, + }, + }, + { + name: "user machine already active, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-s5qqcz97hf", "Errors.User.NotInactive")) + }, + }, + }, + { + name: "reactivate user, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + expectPush( + user.NewUserReactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "reactivate user, no permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "reactivate user machine, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + eventFromEventPusher( + user.NewUserDeactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + ), + expectPush( + user.NewUserReactivatedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := r.ReactivateUserV2(tt.args.ctx, tt.args.userID) + if tt.res.err == nil { + assert.NoError(t, err) + } + if tt.res.err != nil && !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, got) + } + }) + } +} + +func TestCommandSide_RemoveUserV2(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + cascadingMemberships []*CascadingMembership + grantIDs []string + } + ) + type res struct { + want *domain.ObjectDetails + err func(error) bool + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-vaipl7s13l", "Errors.User.UserIDMissing")) + }, + }, + }, + { + name: "user not existing, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-bd4ir1mblj", "Errors.User.NotFound")) + }, + }, + }, + { + name: "user removed, notfound error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewUserRemovedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + nil, + true, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-bd4ir1mblj", "Errors.User.NotFound")) + }, + }, + }, + { + name: "remove user, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewUserRemovedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + nil, + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "remove user, no permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + eventFromEventPusher( + user.NewHumanInitializedCheckSucceededEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied")) + }, + }, + }, + { + name: "user machine already removed, notfound error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + eventFromEventPusher( + user.NewUserRemovedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + nil, + true, + ), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + err: func(err error) bool { + return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-bd4ir1mblj", "Errors.User.NotFound")) + }, + }, + }, + { + name: "remove user machine, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewMachineAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "name", + "description", + true, + domain.OIDCTokenTypeBearer, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectPush( + user.NewUserRemovedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + nil, + true, + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := r.RemoveUserV2(tt.args.ctx, tt.args.userID, tt.args.cascadingMemberships, tt.args.grantIDs...) + if tt.res.err == nil { + assert.NoError(t, err) + } + if tt.res.err != nil && !tt.res.err(err) { + t.Errorf("got wrong err: %v ", err) + } + if tt.res.err == nil { + assert.Equal(t, tt.res.want, got) + } + }) + } +} diff --git a/internal/command/user_v2_totp_test.go b/internal/command/user_v2_totp_test.go index 206686d42d..4e1df191d5 100644 --- a/internal/command/user_v2_totp_test.go +++ b/internal/command/user_v2_totp_test.go @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_AddUserTOTP(t *testing.T) { @@ -44,7 +44,7 @@ func TestCommands_AddUserTOTP(t *testing.T) { userID: "foo", resourceowner: "org1", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "create otp error", @@ -58,7 +58,7 @@ func TestCommands_AddUserTOTP(t *testing.T) { expectFilter(), ), }, - wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-SqyJz", "Errors.User.NotFound"), + wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SqyJz", "Errors.User.NotFound"), }, { name: "push error", @@ -217,7 +217,7 @@ func TestCommands_CheckUserTOTP(t *testing.T) { args: args{ userID: "foo", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "success", diff --git a/internal/command/user_v2_u2f_test.go b/internal/command/user_v2_u2f_test.go index 9eb850004a..a69dac062e 100644 --- a/internal/command/user_v2_u2f_test.go +++ b/internal/command/user_v2_u2f_test.go @@ -11,13 +11,13 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" webauthn_helper "github.com/zitadel/zitadel/internal/webauthn" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCommands_RegisterUserU2F(t *testing.T) { @@ -51,7 +51,7 @@ func TestCommands_RegisterUserU2F(t *testing.T) { userID: "foo", resourceOwner: "org1", }, - wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: zerrors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "get human passwordless error", diff --git a/internal/command/user_v2_username.go b/internal/command/user_v2_username.go new file mode 100644 index 0000000000..8dd6af7b36 --- /dev/null +++ b/internal/command/user_v2_username.go @@ -0,0 +1,37 @@ +package command + +import ( + "context" + "strings" + + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" +) + +func (c *Commands) changeUsername(ctx context.Context, cmds []eventstore.Command, wm *UserV2WriteModel, userName string) ([]eventstore.Command, error) { + if wm.UserName == userName { + return cmds, nil + } + orgID := wm.ResourceOwner + + domainPolicy, err := c.domainPolicyWriteModel(ctx, orgID) + if err != nil { + return cmds, zerrors.ThrowPreconditionFailed(err, "COMMAND-79pv6e1q62", "Errors.Org.DomainPolicy.NotExisting") + } + if !domainPolicy.UserLoginMustBeDomain { + index := strings.LastIndex(userName, "@") + if index > 1 { + domainCheck := NewOrgDomainVerifiedWriteModel(userName[index+1:]) + if err := c.eventstore.FilterToQueryReducer(ctx, domainCheck); err != nil { + return cmds, err + } + if domainCheck.Verified && domainCheck.ResourceOwner != orgID { + return cmds, zerrors.ThrowInvalidArgument(nil, "COMMAND-Di2ei", "Errors.User.DomainNotAllowedAsUsername") + } + } + } + return append(cmds, + user.NewUsernameChangedEvent(ctx, &wm.Aggregate().Aggregate, wm.UserName, userName, domainPolicy.UserLoginMustBeDomain), + ), nil +} diff --git a/internal/config/config.go b/internal/config/config.go index 0f60aa227c..b454cea41f 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -9,7 +9,7 @@ import ( "github.com/BurntSushi/toml" "sigs.k8s.io/yaml" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type ValidatableConfiguration interface { @@ -52,13 +52,13 @@ func readConfigFile(readerFunc ReaderFunc, configFile string, obj interface{}) e configStr, err := ioutil.ReadFile(configFile) if err != nil { - return errors.ThrowInternalf(err, "CONFI-nJk2a", "failed to read config file %s", configFile) + return zerrors.ThrowInternalf(err, "CONFI-nJk2a", "failed to read config file %s", configFile) } configStr = []byte(os.ExpandEnv(string(configStr))) if err := readerFunc(configStr, obj); err != nil { - return errors.ThrowInternalf(err, "CONFI-2Mc3c", "error parse config file %s", configFile) + return zerrors.ThrowInternalf(err, "CONFI-2Mc3c", "error parse config file %s", configFile) } return nil @@ -74,5 +74,5 @@ func readerFuncForFile(configFile string) (ReaderFunc, error) { case ".toml": return TOMLReader, nil } - return nil, errors.ThrowUnimplementedf(nil, "CONFI-ZLk4u", "file extension (%s) not supported", ext) + return nil, zerrors.ThrowUnimplementedf(nil, "CONFI-ZLk4u", "file extension (%s) not supported", ext) } diff --git a/internal/config/hook/tag_to_language.go b/internal/config/hook/tag_to_language.go index b8ac8c4f39..e7e5f3acac 100644 --- a/internal/config/hook/tag_to_language.go +++ b/internal/config/hook/tag_to_language.go @@ -5,6 +5,8 @@ import ( "github.com/mitchellh/mapstructure" "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/domain" ) func TagToLanguageHookFunc() mapstructure.DecodeHookFuncType { @@ -21,6 +23,7 @@ func TagToLanguageHookFunc() mapstructure.DecodeHookFuncType { return data, nil } - return language.Parse(data.(string)) + lang, err := domain.ParseLanguage(data.(string)) + return lang[0], err } } diff --git a/internal/crypto/aes.go b/internal/crypto/aes.go index 15c89e7f94..e943c2ca8e 100644 --- a/internal/crypto/aes.go +++ b/internal/crypto/aes.go @@ -7,7 +7,7 @@ import ( "encoding/base64" "io" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ EncryptionAlgorithm = (*AESCrypto)(nil) @@ -73,7 +73,7 @@ func (a *AESCrypto) encryptionKey() string { func (a *AESCrypto) decryptionKey(keyID string) (string, error) { key, ok := a.keys[keyID] if !ok { - return "", errors.ThrowNotFound(nil, "CRYPT-nkj1s", "unknown key id") + return "", zerrors.ThrowNotFound(nil, "CRYPT-nkj1s", "unknown key id") } return key, nil } @@ -94,7 +94,7 @@ func EncryptAES(plainText []byte, key string) ([]byte, error) { maxSize := 64 * 1024 * 1024 if len(plainText) > maxSize { - return nil, errors.ThrowPreconditionFailedf(nil, "CRYPT-AGg4t3", "data too large, max bytes: %v", maxSize) + return nil, zerrors.ThrowPreconditionFailedf(nil, "CRYPT-AGg4t3", "data too large, max bytes: %v", maxSize) } cipherText := make([]byte, aes.BlockSize+len(plainText)) iv := cipherText[:aes.BlockSize] @@ -130,7 +130,7 @@ func DecryptAES(text []byte, key string) ([]byte, error) { } if len(cipherText) < aes.BlockSize { - err = errors.ThrowPreconditionFailed(nil, "CRYPT-23kH1", "cipher text block too short") + err = zerrors.ThrowPreconditionFailed(nil, "CRYPT-23kH1", "cipher text block too short") return nil, err } iv := cipherText[:aes.BlockSize] diff --git a/internal/crypto/code.go b/internal/crypto/code.go index 60d1496ece..2c67c39cd6 100644 --- a/internal/crypto/code.go +++ b/internal/crypto/code.go @@ -4,7 +4,7 @@ import ( "crypto/rand" "time" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -126,7 +126,7 @@ func VerifyCode(creationDate time.Time, expiry time.Duration, cryptoCode *Crypto func VerifyCodeWithAlgorithm(creationDate time.Time, expiry time.Duration, cryptoCode *CryptoValue, verificationCode string, algorithm Crypto) error { if IsCodeExpired(creationDate, expiry) { - return errors.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired") + return zerrors.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "Errors.User.Code.Expired") } switch alg := algorithm.(type) { case EncryptionAlgorithm: @@ -134,7 +134,7 @@ func VerifyCodeWithAlgorithm(creationDate time.Time, expiry time.Duration, crypt case HashAlgorithm: return verifyHashedCode(cryptoCode, verificationCode, alg) } - return errors.ThrowInvalidArgument(nil, "CODE-fW2gNa", "Errors.User.Code.GeneratorAlgNotSupported") + return zerrors.ThrowInvalidArgument(nil, "CODE-fW2gNa", "Errors.User.Code.GeneratorAlgNotSupported") } func GenerateRandomString(length uint, chars []rune) (string, error) { @@ -161,7 +161,7 @@ func GenerateRandomString(length uint, chars []rune) (string, error) { func verifyEncryptedCode(cryptoCode *CryptoValue, verificationCode string, alg EncryptionAlgorithm) error { if cryptoCode == nil { - return errors.ThrowInvalidArgument(nil, "CRYPT-aqrFV", "Errors.User.Code.CryptoCodeNil") + return zerrors.ThrowInvalidArgument(nil, "CRYPT-aqrFV", "Errors.User.Code.CryptoCodeNil") } code, err := DecryptString(cryptoCode, alg) if err != nil { @@ -169,14 +169,14 @@ func verifyEncryptedCode(cryptoCode *CryptoValue, verificationCode string, alg E } if code != verificationCode { - return errors.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid") + return zerrors.ThrowInvalidArgument(nil, "CODE-woT0xc", "Errors.User.Code.Invalid") } return nil } func verifyHashedCode(cryptoCode *CryptoValue, verificationCode string, alg HashAlgorithm) error { if cryptoCode == nil { - return errors.ThrowInvalidArgument(nil, "CRYPT-2q3r", "cryptoCode must not be nil") + return zerrors.ThrowInvalidArgument(nil, "CRYPT-2q3r", "cryptoCode must not be nil") } return CompareHash(cryptoCode, []byte(verificationCode), alg) } diff --git a/internal/crypto/code_mocker.go b/internal/crypto/code_mocker.go index 9cd208f6de..66071ccab4 100644 --- a/internal/crypto/code_mocker.go +++ b/internal/crypto/code_mocker.go @@ -5,7 +5,7 @@ import ( "go.uber.org/mock/gomock" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func CreateMockEncryptionAlg(ctrl *gomock.Controller) EncryptionAlgorithm { @@ -26,7 +26,7 @@ func CreateMockEncryptionAlgWithCode(ctrl *gomock.Controller, code string) Encry ctrl, func(c []byte) ([]byte, error) { if len(c) != len(code) { - return nil, errors.ThrowInvalidArgumentf(nil, "id", "invalid code length - expected %d, got %d", len(code), len(c)) + return nil, zerrors.ThrowInvalidArgumentf(nil, "id", "invalid code length - expected %d, got %d", len(code), len(c)) } return []byte(code), nil }, @@ -44,7 +44,7 @@ func createMockEncryptionAlgorithm(ctrl *gomock.Controller, encryptFunction func mCrypto.EXPECT().DecryptString(gomock.Any(), gomock.Any()).AnyTimes().DoAndReturn( func(code []byte, keyID string) (string, error) { if keyID != "id" { - return "", errors.ThrowInternal(nil, "id", "invalid key id") + return "", zerrors.ThrowInternal(nil, "id", "invalid key id") } return string(code), nil }, @@ -52,7 +52,7 @@ func createMockEncryptionAlgorithm(ctrl *gomock.Controller, encryptFunction func mCrypto.EXPECT().Decrypt(gomock.Any(), gomock.Any()).AnyTimes().DoAndReturn( func(code []byte, keyID string) ([]byte, error) { if keyID != "id" { - return nil, errors.ThrowInternal(nil, "id", "invalid key id") + return nil, zerrors.ThrowInternal(nil, "id", "invalid key id") } return code, nil }, @@ -71,7 +71,7 @@ func CreateMockHashAlg(ctrl *gomock.Controller) HashAlgorithm { mCrypto.EXPECT().CompareHash(gomock.Any(), gomock.Any()).AnyTimes().DoAndReturn( func(hashed, comparer []byte) error { if string(hashed) != string(comparer) { - return errors.ThrowInternal(nil, "id", "invalid") + return zerrors.ThrowInternal(nil, "id", "invalid") } return nil }, diff --git a/internal/crypto/crypto.go b/internal/crypto/crypto.go index 5cc0575907..14c249e987 100644 --- a/internal/crypto/crypto.go +++ b/internal/crypto/crypto.go @@ -5,7 +5,7 @@ import ( "encoding/base64" "encoding/json" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -66,13 +66,13 @@ func Crypt(value []byte, c Crypto) (*CryptoValue, error) { case HashAlgorithm: return Hash(value, alg) } - return nil, errors.ThrowInternal(nil, "CRYPT-r4IaHZ", "algorithm not supported") + return nil, zerrors.ThrowInternal(nil, "CRYPT-r4IaHZ", "algorithm not supported") } func Encrypt(value []byte, alg EncryptionAlgorithm) (*CryptoValue, error) { encrypted, err := alg.Encrypt(value) if err != nil { - return nil, errors.ThrowInternal(err, "CRYPT-qCD0JB", "error encrypting value") + return nil, zerrors.ThrowInternal(err, "CRYPT-qCD0JB", "error encrypting value") } return &CryptoValue{ CryptoType: TypeEncryption, @@ -98,20 +98,20 @@ func DecryptString(value *CryptoValue, alg EncryptionAlgorithm) (string, error) func checkEncryptionAlgorithm(value *CryptoValue, alg EncryptionAlgorithm) error { if value.Algorithm != alg.Algorithm() { - return errors.ThrowInvalidArgument(nil, "CRYPT-Nx7XlT", "value was encrypted with a different key") + return zerrors.ThrowInvalidArgument(nil, "CRYPT-Nx7XlT", "value was encrypted with a different key") } for _, id := range alg.DecryptionKeyIDs() { if id == value.KeyID { return nil } } - return errors.ThrowInvalidArgument(nil, "CRYPT-Kq12vn", "value was encrypted with a different key") + return zerrors.ThrowInvalidArgument(nil, "CRYPT-Kq12vn", "value was encrypted with a different key") } func Hash(value []byte, alg HashAlgorithm) (*CryptoValue, error) { hashed, err := alg.Hash(value) if err != nil { - return nil, errors.ThrowInternal(err, "CRYPT-rBVaJU", "error hashing value") + return nil, zerrors.ThrowInternal(err, "CRYPT-rBVaJU", "error hashing value") } return &CryptoValue{ CryptoType: TypeHash, @@ -122,7 +122,7 @@ func Hash(value []byte, alg HashAlgorithm) (*CryptoValue, error) { func CompareHash(value *CryptoValue, comparer []byte, alg HashAlgorithm) error { if value.Algorithm != alg.Algorithm() { - return errors.ThrowInvalidArgument(nil, "CRYPT-HF32f", "value was hashed with a different algorithm") + return zerrors.ThrowInvalidArgument(nil, "CRYPT-HF32f", "value was hashed with a different algorithm") } return alg.CompareHash(value.Crypted, comparer) } @@ -137,18 +137,18 @@ func FillHash(value []byte, alg HashAlgorithm) *CryptoValue { func CheckToken(alg EncryptionAlgorithm, token string, content string) error { if token == "" { - return errors.ThrowPermissionDenied(nil, "CRYPTO-Sfefs", "Errors.Intent.InvalidToken") + return zerrors.ThrowPermissionDenied(nil, "CRYPTO-Sfefs", "Errors.Intent.InvalidToken") } data, err := base64.RawURLEncoding.DecodeString(token) if err != nil { - return errors.ThrowPermissionDenied(err, "CRYPTO-Swg31", "Errors.Intent.InvalidToken") + return zerrors.ThrowPermissionDenied(err, "CRYPTO-Swg31", "Errors.Intent.InvalidToken") } decryptedToken, err := alg.DecryptString(data, alg.EncryptionKeyID()) if err != nil { - return errors.ThrowPermissionDenied(err, "CRYPTO-Sf4gt", "Errors.Intent.InvalidToken") + return zerrors.ThrowPermissionDenied(err, "CRYPTO-Sf4gt", "Errors.Intent.InvalidToken") } if decryptedToken != content { - return errors.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken") + return zerrors.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken") } return nil } diff --git a/internal/crypto/database/database.go b/internal/crypto/database/database.go index 7cbf46dc5b..8fac222d9d 100644 --- a/internal/crypto/database/database.go +++ b/internal/crypto/database/database.go @@ -7,7 +7,7 @@ import ( "github.com/zitadel/zitadel/internal/crypto" z_db "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type database struct { @@ -41,18 +41,18 @@ func (d *database) ReadKeys() (crypto.Keys, error) { From(EncryptionKeysTable). ToSql() if err != nil { - return nil, caos_errs.ThrowInternal(err, "", "unable to read keys") + return nil, zerrors.ThrowInternal(err, "", "unable to read keys") } err = d.client.Query(func(rows *sql.Rows) error { for rows.Next() { var id, encryptionKey string err = rows.Scan(&id, &encryptionKey) if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to read keys") + return zerrors.ThrowInternal(err, "", "unable to read keys") } key, err := d.decrypt(encryptionKey, d.masterKey) if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to decrypt key") + return zerrors.ThrowInternal(err, "", "unable to decrypt key") } keys[id] = key } @@ -60,7 +60,7 @@ func (d *database) ReadKeys() (crypto.Keys, error) { }, stmt, args...) if err != nil { - return nil, caos_errs.ThrowInternal(err, "", "unable to read keys") + return nil, zerrors.ThrowInternal(err, "", "unable to read keys") } return keys, nil @@ -73,23 +73,23 @@ func (d *database) ReadKey(id string) (_ *crypto.Key, err error) { PlaceholderFormat(sq.Dollar). ToSql() if err != nil { - return nil, caos_errs.ThrowInternal(err, "", "unable to read key") + return nil, zerrors.ThrowInternal(err, "", "unable to read key") } var key string err = d.client.QueryRow(func(row *sql.Row) error { var encryptionKey string err = row.Scan(&encryptionKey) if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to read key") + return zerrors.ThrowInternal(err, "", "unable to read key") } key, err = d.decrypt(encryptionKey, d.masterKey) if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to decrypt key") + return zerrors.ThrowInternal(err, "", "unable to decrypt key") } return nil }, stmt, args...) if err != nil { - return nil, caos_errs.ThrowInternal(err, "", "unable to read key") + return nil, zerrors.ThrowInternal(err, "", "unable to read key") } return &crypto.Key{ @@ -104,33 +104,33 @@ func (d *database) CreateKeys(keys ...*crypto.Key) error { for _, key := range keys { encryptionKey, err := d.encrypt(key.Value, d.masterKey) if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to encrypt key") + return zerrors.ThrowInternal(err, "", "unable to encrypt key") } insert = insert.Values(key.ID, encryptionKey) } stmt, args, err := insert.ToSql() if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to insert new keys") + return zerrors.ThrowInternal(err, "", "unable to insert new keys") } tx, err := d.client.Begin() if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to insert new keys") + return zerrors.ThrowInternal(err, "", "unable to insert new keys") } _, err = tx.Exec(stmt, args...) if err != nil { tx.Rollback() - return caos_errs.ThrowInternal(err, "", "unable to insert new keys") + return zerrors.ThrowInternal(err, "", "unable to insert new keys") } err = tx.Commit() if err != nil { - return caos_errs.ThrowInternal(err, "", "unable to insert new keys") + return zerrors.ThrowInternal(err, "", "unable to insert new keys") } return nil } func checkMasterKeyLength(masterKey string) error { if length := len([]byte(masterKey)); length != 32 { - return caos_errs.ThrowInternalf(nil, "", "masterkey must be 32 bytes, but is %d", length) + return zerrors.ThrowInternalf(nil, "", "masterkey must be 32 bytes, but is %d", length) } return nil } diff --git a/internal/crypto/database/database_test.go b/internal/crypto/database/database_test.go index 62a089ab31..f7c8313355 100644 --- a/internal/crypto/database/database_test.go +++ b/internal/crypto/database/database_test.go @@ -13,7 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/crypto" z_db "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_database_ReadKeys(t *testing.T) { @@ -62,7 +62,7 @@ func Test_database_ReadKeys(t *testing.T) { }, }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -187,7 +187,7 @@ func Test_database_ReadKey(t *testing.T) { id: "id1", }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -212,7 +212,7 @@ func Test_database_ReadKey(t *testing.T) { id: "id1", }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -303,7 +303,7 @@ func Test_database_CreateKeys(t *testing.T) { }, }, res{ - err: caos_errs.IsInternal, + err: zerrors.IsInternal, }, }, { @@ -422,7 +422,7 @@ func Test_checkMasterKeyLength(t *testing.T) { args{ masterKey: "", }, - caos_errs.IsInternal, + zerrors.IsInternal, }, { "valid length", diff --git a/internal/crypto/key.go b/internal/crypto/key.go index 8730f4ed20..5b4a22f696 100644 --- a/internal/crypto/key.go +++ b/internal/crypto/key.go @@ -5,7 +5,7 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type KeyConfig struct { @@ -41,7 +41,7 @@ func LoadKey(id string, keyStorage KeyStorage) (string, error) { func LoadKeys(config *KeyConfig, keyStorage KeyStorage) (Keys, []string, error) { if config == nil { - return nil, nil, errors.ThrowInvalidArgument(nil, "CRYPT-dJK8s", "config must not be nil") + return nil, nil, zerrors.ThrowInvalidArgument(nil, "CRYPT-dJK8s", "config must not be nil") } readKeys, err := keyStorage.ReadKeys() if err != nil { @@ -52,7 +52,7 @@ func LoadKeys(config *KeyConfig, keyStorage KeyStorage) (Keys, []string, error) if config.EncryptionKeyID != "" { key, ok := readKeys[config.EncryptionKeyID] if !ok { - return nil, nil, errors.ThrowInternalf(nil, "CRYPT-v2Kas", "encryption key %s not found", config.EncryptionKeyID) + return nil, nil, zerrors.ThrowInternalf(nil, "CRYPT-v2Kas", "encryption key %s not found", config.EncryptionKeyID) } keys[config.EncryptionKeyID] = key ids = append(ids, config.EncryptionKeyID) diff --git a/internal/crypto/passwap.go b/internal/crypto/passwap.go index 479d5731e4..280fbe4d86 100644 --- a/internal/crypto/passwap.go +++ b/internal/crypto/passwap.go @@ -13,7 +13,7 @@ import ( "github.com/zitadel/passwap/scrypt" "github.com/zitadel/passwap/verifier" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type PasswordHasher struct { @@ -62,11 +62,11 @@ type PasswordHashConfig struct { func (c *PasswordHashConfig) PasswordHasher() (*PasswordHasher, error) { verifiers, vPrefixes, err := c.buildVerifiers() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "CRYPT-sahW9", "password hash config invalid") + return nil, zerrors.ThrowInvalidArgument(err, "CRYPT-sahW9", "password hash config invalid") } hasher, hPrefixes, err := c.Hasher.buildHasher() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "CRYPT-Que4r", "password hash config invalid") + return nil, zerrors.ThrowInvalidArgument(err, "CRYPT-Que4r", "password hash config invalid") } return &PasswordHasher{ Swapper: passwap.NewSwapper(hasher, verifiers...), @@ -145,11 +145,15 @@ func (c *HasherConfig) buildHasher() (hasher passwap.Hasher, prefixes []string, } } +// decodeParams uses a mapstructure decoder from the Params map to dst. +// The decoder fails when there are unused fields in dst. +// It uses weak input typing, to allow conversion of env strings to ints. func (c *HasherConfig) decodeParams(dst any) error { decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ - ErrorUnused: false, - ErrorUnset: true, - Result: dst, + ErrorUnused: false, + ErrorUnset: true, + WeaklyTypedInput: true, + Result: dst, }) if err != nil { return err diff --git a/internal/crypto/passwap_test.go b/internal/crypto/passwap_test.go index 0538ac631a..38ca0d5d3d 100644 --- a/internal/crypto/passwap_test.go +++ b/internal/crypto/passwap_test.go @@ -397,7 +397,11 @@ func TestHasherConfig_decodeParams(t *testing.T) { "a": 1, "b": "2", }, - wantErr: true, + want: dst{ + A: 1, + B: 2, + }, + wantErr: false, // https://github.com/zitadel/zitadel/issues/6913 }, { name: "ok", diff --git a/internal/database/database.go b/internal/database/database.go index ea27ef55f2..cd72d6d242 100644 --- a/internal/database/database.go +++ b/internal/database/database.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "reflect" + "strings" "github.com/mitchellh/mapstructure" "github.com/zitadel/logging" @@ -13,7 +14,7 @@ import ( _ "github.com/zitadel/zitadel/internal/database/cockroach" "github.com/zitadel/zitadel/internal/database/dialect" _ "github.com/zitadel/zitadel/internal/database/postgres" - zerrors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -84,6 +85,7 @@ func (db *DB) QueryRowContext(ctx context.Context, scan func(row *sql.Row) error }() row := tx.QueryRowContext(ctx, query, args...) + logging.OnError(row.Err()).Error("unexpected query error") err = scan(row) if err != nil { @@ -170,3 +172,9 @@ func (c Config) Password() string { func (c Config) Type() string { return c.connector.Type() } + +func EscapeLikeWildcards(value string) string { + value = strings.ReplaceAll(value, "%", "\\%") + value = strings.ReplaceAll(value, "_", "\\_") + return value +} diff --git a/internal/database/database_test.go b/internal/database/database_test.go new file mode 100644 index 0000000000..38c76e698a --- /dev/null +++ b/internal/database/database_test.go @@ -0,0 +1,92 @@ +package database + +import ( + "context" + "database/sql" + "database/sql/driver" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/zitadel/zitadel/internal/database/mock" + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestQueryJSONObject(t *testing.T) { + type dst struct { + A int `json:"a,omitempty"` + } + const ( + query = `select $1;` + arg = 1 + ) + + tests := []struct { + name string + mock func(*testing.T) *mock.SQLMock + want *dst + wantErr error + }{ + { + name: "tx error", + mock: func(t *testing.T) *mock.SQLMock { + return mock.NewSQLMock(t, mock.ExpectBegin(sql.ErrConnDone)) + }, + wantErr: zerrors.ThrowInternal(sql.ErrConnDone, "DATAB-Oath6", "Errors.Internal"), + }, + { + name: "no rows", + mock: func(t *testing.T) *mock.SQLMock { + return mock.NewSQLMock(t, + mock.ExpectBegin(nil), + mock.ExpectQuery(query, + mock.WithQueryArgs(arg), + mock.WithQueryResult([]string{"json"}, [][]driver.Value{}), + ), + ) + }, + wantErr: sql.ErrNoRows, + }, + { + name: "unmarshal error", + mock: func(t *testing.T) *mock.SQLMock { + return mock.NewSQLMock(t, + mock.ExpectBegin(nil), + mock.ExpectQuery(query, + mock.WithQueryArgs(arg), + mock.WithQueryResult([]string{"json"}, [][]driver.Value{{`~~~`}}), + ), + mock.ExpectCommit(nil), + ) + }, + wantErr: zerrors.ThrowInternal(nil, "DATAB-Vohs6", "Errors.Internal"), + }, + { + name: "success", + mock: func(t *testing.T) *mock.SQLMock { + return mock.NewSQLMock(t, + mock.ExpectBegin(nil), + mock.ExpectQuery(query, + mock.WithQueryArgs(arg), + mock.WithQueryResult([]string{"json"}, [][]driver.Value{{`{"a":1}`}}), + ), + mock.ExpectCommit(nil), + ) + }, + want: &dst{A: 1}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + mock := tt.mock(t) + defer mock.Assert(t) + db := &DB{ + DB: mock.DB, + } + got, err := QueryJSONObject[dst](context.Background(), db, query, arg) + require.ErrorIs(t, err, tt.wantErr) + assert.Equal(t, tt.want, got) + }) + } +} diff --git a/internal/database/mock/sql_mock.go b/internal/database/mock/sql_mock.go index 07d74151e0..e05b188afc 100644 --- a/internal/database/mock/sql_mock.go +++ b/internal/database/mock/sql_mock.go @@ -53,6 +53,15 @@ func ExpectBegin(err error) expectation { } } +func ExpectCommit(err error) expectation { + return func(m sqlmock.Sqlmock) { + e := m.ExpectCommit() + if err != nil { + e.WillReturnError(err) + } + } +} + type ExecOpt func(e *sqlmock.ExpectedExec) *sqlmock.ExpectedExec func WithExecArgs(args ...driver.Value) ExecOpt { diff --git a/internal/domain/application_key.go b/internal/domain/application_key.go index 7d6407ee5f..329c3ab1a1 100644 --- a/internal/domain/application_key.go +++ b/internal/domain/application_key.go @@ -4,8 +4,8 @@ import ( "encoding/json" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type ApplicationKey struct { @@ -40,7 +40,7 @@ func (k *ApplicationKey) Detail() ([]byte, error) { if k.Type == AuthNKeyTypeJSON { return k.MarshalJSON() } - return nil, errors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") } func (k *ApplicationKey) MarshalJSON() ([]byte, error) { diff --git a/internal/domain/application_oauth.go b/internal/domain/application_oauth.go index 9bcb675d1c..816eba4fda 100644 --- a/internal/domain/application_oauth.go +++ b/internal/domain/application_oauth.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/id" + "github.com/zitadel/zitadel/internal/zerrors" ) type oAuthApplication interface { @@ -17,7 +17,7 @@ type oAuthApplication interface { requiresClientSecret() bool } -//ClientID random_number@projectname (eg. 495894098234@zitadel) +// ClientID random_number@projectname (eg. 495894098234@zitadel) func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Project) error { clientID, err := NewClientID(idGenerator, project.Name) if err != nil { @@ -53,7 +53,7 @@ func NewClientSecret(generator crypto.Generator) (*crypto.CryptoValue, string, e cryptoValue, stringSecret, err := crypto.NewCode(generator) if err != nil { logging.Log("MODEL-UpnTI").OnError(err).Error("unable to create client secret") - return nil, "", errors.ThrowInternal(err, "MODEL-gH2Wl", "Errors.Project.CouldNotGenerateClientSecret") + return nil, "", zerrors.ThrowInternal(err, "MODEL-gH2Wl", "Errors.Project.CouldNotGenerateClientSecret") } return cryptoValue, stringSecret, nil } diff --git a/internal/domain/auth_request.go b/internal/domain/auth_request.go index 7d776b6d30..cf406c7625 100644 --- a/internal/domain/auth_request.go +++ b/internal/domain/auth_request.go @@ -6,7 +6,7 @@ import ( "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequest struct { @@ -110,6 +110,23 @@ const ( MFATypeOTPEmail ) +func (m MFAType) UserAuthMethodType() UserAuthMethodType { + switch m { + case MFATypeTOTP: + return UserAuthMethodTypeTOTP + case MFATypeU2F: + return UserAuthMethodTypeU2F + case MFATypeU2FUserVerification: + return UserAuthMethodTypePasswordless + case MFATypeOTPSMS: + return UserAuthMethodTypeOTPSMS + case MFATypeOTPEmail: + return UserAuthMethodTypeOTPEmail + default: + return UserAuthMethodTypeUnspecified + } +} + type MFALevel int const ( @@ -139,7 +156,7 @@ func NewAuthRequestFromType(requestType AuthRequestType) (*AuthRequest, error) { case AuthRequestTypeDevice: return &AuthRequest{Request: &AuthRequestDevice{}}, nil } - return nil, errors.ThrowInvalidArgument(nil, "DOMAIN-ds2kl", "invalid request type") + return nil, zerrors.ThrowInvalidArgument(nil, "DOMAIN-ds2kl", "invalid request type") } func (a *AuthRequest) WithCurrentInfo(info *BrowserInfo) *AuthRequest { @@ -223,3 +240,14 @@ func (a *AuthRequest) PrivateLabelingOrgID(defaultID string) string { } return defaultID } + +func (a *AuthRequest) UserAuthMethodTypes() []UserAuthMethodType { + list := make([]UserAuthMethodType, 0, len(a.MFAsVerified)+1) + if a.PasswordVerified { + list = append(list, UserAuthMethodTypePassword) + } + for _, mfa := range a.MFAsVerified { + list = append(list, mfa.UserAuthMethodType()) + } + return list +} diff --git a/internal/domain/auth_request_test.go b/internal/domain/auth_request_test.go new file mode 100644 index 0000000000..0a37e8f9e8 --- /dev/null +++ b/internal/domain/auth_request_test.go @@ -0,0 +1,108 @@ +package domain + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestMFAType_UserAuthMethodType(t *testing.T) { + tests := []struct { + name string + m MFAType + want UserAuthMethodType + }{ + { + name: "totp", + m: MFATypeTOTP, + want: UserAuthMethodTypeTOTP, + }, + { + name: "u2f", + m: MFATypeU2F, + want: UserAuthMethodTypeU2F, + }, + { + name: "passwordless", + m: MFATypeU2FUserVerification, + want: UserAuthMethodTypePasswordless, + }, + { + name: "otp sms", + m: MFATypeOTPSMS, + want: UserAuthMethodTypeOTPSMS, + }, + { + name: "otp email", + m: MFATypeOTPEmail, + want: UserAuthMethodTypeOTPEmail, + }, + { + name: "unspecified", + m: 99, + want: UserAuthMethodTypeUnspecified, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := tt.m.UserAuthMethodType() + assert.Equal(t, tt.want, got) + }) + } +} + +func TestAuthRequest_UserAuthMethodTypes(t *testing.T) { + type fields struct { + PasswordVerified bool + MFAsVerified []MFAType + } + tests := []struct { + name string + fields fields + want []UserAuthMethodType + }{ + { + name: "no auth methods", + fields: fields{ + PasswordVerified: false, + MFAsVerified: nil, + }, + want: []UserAuthMethodType{}, + }, + { + name: "only password", + fields: fields{ + PasswordVerified: true, + MFAsVerified: nil, + }, + want: []UserAuthMethodType{ + UserAuthMethodTypePassword, + }, + }, + { + name: "password, with mfa", + fields: fields{ + PasswordVerified: true, + MFAsVerified: []MFAType{ + MFATypeTOTP, + MFATypeU2F, + }, + }, + want: []UserAuthMethodType{ + UserAuthMethodTypePassword, + UserAuthMethodTypeTOTP, + UserAuthMethodTypeU2F, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + a := &AuthRequest{ + PasswordVerified: tt.fields.PasswordVerified, + MFAsVerified: tt.fields.MFAsVerified, + } + got := a.UserAuthMethodTypes() + assert.Equal(t, tt.want, got) + }) + } +} diff --git a/internal/domain/authn_key.go b/internal/domain/authn_key.go index eb45e359ef..6e0f113d3d 100644 --- a/internal/domain/authn_key.go +++ b/internal/domain/authn_key.go @@ -4,7 +4,7 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type authNKey interface { @@ -53,12 +53,12 @@ func NewAuthNKeyPair(keySize int) (privateKey, publicKey []byte, err error) { private, public, err := crypto.GenerateKeyPair(keySize) if err != nil { logging.Log("AUTHN-Ud51I").WithError(err).Error("unable to create authn key pair") - return nil, nil, errors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret") + return nil, nil, zerrors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret") } publicKey, err = crypto.PublicKeyToBytes(public) if err != nil { logging.Log("AUTHN-Dbb35").WithError(err).Error("unable to convert public key") - return nil, nil, errors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret") + return nil, nil, zerrors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret") } privateKey = crypto.PrivateKeyToBytes(private) return privateKey, publicKey, nil diff --git a/internal/domain/custom_login_text.go b/internal/domain/custom_login_text.go index 18d999ce93..63a5599eb8 100644 --- a/internal/domain/custom_login_text.go +++ b/internal/domain/custom_login_text.go @@ -343,8 +343,11 @@ type CustomLoginText struct { Footer FooterText } -func (m *CustomLoginText) IsValid() bool { - return m.Language != language.Und +func (m *CustomLoginText) IsValid(supportedLanguages []language.Tag) error { + if err := LanguageIsDefined(m.Language); err != nil { + return err + } + return LanguagesAreSupported(supportedLanguages, m.Language) } type SelectAccountScreenText struct { diff --git a/internal/domain/custom_message_text.go b/internal/domain/custom_message_text.go index 263cd57794..4ae0a3925a 100644 --- a/internal/domain/custom_message_text.go +++ b/internal/domain/custom_message_text.go @@ -4,6 +4,7 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -51,8 +52,14 @@ type CustomMessageText struct { FooterText string } -func (m *CustomMessageText) IsValid() bool { - return m.MessageTextType != "" && m.Language != language.Und +func (m *CustomMessageText) IsValid(supportedLanguages []language.Tag) error { + if m.MessageTextType == "" { + return zerrors.ThrowInvalidArgument(nil, "INSTANCE-kd9fs", "Errors.CustomMessageText.Invalid") + } + if err := LanguageIsDefined(m.Language); err != nil { + return err + } + return LanguagesAreSupported(supportedLanguages, m.Language) } func IsMessageTextType(textType string) bool { diff --git a/internal/domain/device_auth.go b/internal/domain/device_auth.go index da076663aa..d8e4bb3870 100644 --- a/internal/domain/device_auth.go +++ b/internal/domain/device_auth.go @@ -2,28 +2,11 @@ package domain import ( "strconv" - "time" - - "github.com/zitadel/zitadel/internal/eventstore/v1/models" ) -// DeviceAuth describes a Device Authorization request. -// It is used as input and output model in the command and query packages. -type DeviceAuth struct { - models.ObjectRoot - - ClientID string - DeviceCode string - UserCode string - Expires time.Time - Scopes []string - Subject string - State DeviceAuthState -} - // DeviceAuthState describes the step the // the device authorization process is in. -// We generate the Stringer implemntation for pretier +// We generate the Stringer implementation for prettier // log output. // //go:generate stringer -type=DeviceAuthState -linecomment @@ -35,13 +18,14 @@ const ( DeviceAuthStateApproved // approved DeviceAuthStateDenied // denied DeviceAuthStateExpired // expired - DeviceAuthStateRemoved // removed + + deviceAuthStateCount // invalid ) // Exists returns true when not Undefined and -// any status lower than Removed. +// any status lower than deviceAuthStateCount. func (s DeviceAuthState) Exists() bool { - return s > DeviceAuthStateUndefined && s < DeviceAuthStateRemoved + return s > DeviceAuthStateUndefined && s < deviceAuthStateCount } // Done returns true when DeviceAuthState is Approved. diff --git a/internal/domain/device_auth_test.go b/internal/domain/device_auth_test.go index c3fcf359da..bd0bf925eb 100644 --- a/internal/domain/device_auth_test.go +++ b/internal/domain/device_auth_test.go @@ -30,7 +30,7 @@ func TestDeviceAuthState_Exists(t *testing.T) { want: true, }, { - s: DeviceAuthStateRemoved, + s: deviceAuthStateCount, want: false, }, } @@ -68,10 +68,6 @@ func TestDeviceAuthState_Done(t *testing.T) { s: DeviceAuthStateExpired, want: false, }, - { - s: DeviceAuthStateRemoved, - want: false, - }, } for _, tt := range tests { t.Run(tt.s.String(), func(t *testing.T) { @@ -108,10 +104,6 @@ func TestDeviceAuthState_Denied(t *testing.T) { s: DeviceAuthStateExpired, want: true, }, - { - s: DeviceAuthStateRemoved, - want: true, - }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/domain/deviceauthstate_string.go b/internal/domain/deviceauthstate_string.go index b47a6bc7e8..0381287c71 100644 --- a/internal/domain/deviceauthstate_string.go +++ b/internal/domain/deviceauthstate_string.go @@ -13,10 +13,10 @@ func _() { _ = x[DeviceAuthStateApproved-2] _ = x[DeviceAuthStateDenied-3] _ = x[DeviceAuthStateExpired-4] - _ = x[DeviceAuthStateRemoved-5] + _ = x[deviceAuthStateCount-5] } -const _DeviceAuthState_name = "undefinedinitiatedapproveddeniedexpiredremoved" +const _DeviceAuthState_name = "undefinedinitiatedapproveddeniedexpiredinvalid" var _DeviceAuthState_index = [...]uint8{0, 9, 18, 26, 32, 39, 46} diff --git a/internal/domain/expiration.go b/internal/domain/expiration.go index 9b74702d16..bea1b5df8d 100644 --- a/internal/domain/expiration.go +++ b/internal/domain/expiration.go @@ -3,7 +3,7 @@ package domain import ( "time" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -30,7 +30,7 @@ func ValidateExpirationDate(date time.Time) (time.Time, error) { return defaultExpDate, nil } if date.Before(time.Now()) { - return time.Time{}, errors.ThrowInvalidArgument(nil, "DOMAIN-dv3t5", "Errors.AuthNKey.ExpireBeforeNow") + return time.Time{}, zerrors.ThrowInvalidArgument(nil, "DOMAIN-dv3t5", "Errors.AuthNKey.ExpireBeforeNow") } return date, nil } diff --git a/internal/domain/human.go b/internal/domain/human.go index 0454a36651..6c2ec4daa0 100644 --- a/internal/domain/human.go +++ b/internal/domain/human.go @@ -5,9 +5,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" - caos_errors "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Human struct { @@ -59,7 +58,7 @@ func (f Gender) Specified() bool { func (u *Human) Normalize() error { if u.Username == "" { - return errors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.User.Username.Empty") + return zerrors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.User.Username.Empty") } if err := u.Profile.Validate(); err != nil { return err @@ -77,7 +76,7 @@ func (u *Human) Normalize() error { func (u *Human) CheckDomainPolicy(policy *DomainPolicy) error { if policy == nil { - return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.DomainPolicyNil") + return zerrors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.DomainPolicyNil") } if !policy.UserLoginMustBeDomain && u.Profile != nil && u.Username == "" && u.Email != nil { u.Username = string(u.EmailAddress) diff --git a/internal/domain/human_email.go b/internal/domain/human_email.go index 86fd2f9e1c..489787c6c9 100644 --- a/internal/domain/human_email.go +++ b/internal/domain/human_email.go @@ -7,8 +7,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -19,10 +19,10 @@ type EmailAddress string func (e EmailAddress) Validate() error { if e == "" { - return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty") + return zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty") } if !emailRegex.MatchString(string(e)) { - return errors.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid") + return zerrors.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid") } return nil } @@ -49,7 +49,7 @@ type EmailCode struct { func (e *Email) Validate() error { if e == nil { - return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty") + return zerrors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty") } return e.EmailAddress.Validate() } diff --git a/internal/domain/human_email_test.go b/internal/domain/human_email_test.go index 4b30dd667f..42aa77fd78 100644 --- a/internal/domain/human_email_test.go +++ b/internal/domain/human_email_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestEmailValid(t *testing.T) { @@ -100,7 +100,7 @@ func TestRenderConfirmURLTemplate(t *testing.T) { code: "123", orgID: "org1", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "execution error", @@ -110,7 +110,7 @@ func TestRenderConfirmURLTemplate(t *testing.T) { code: "123", orgID: "org1", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), }, { name: "success", diff --git a/internal/domain/human_otp.go b/internal/domain/human_otp.go index 8dd9ddcb37..68b4b4ca0d 100644 --- a/internal/domain/human_otp.go +++ b/internal/domain/human_otp.go @@ -5,7 +5,7 @@ import ( "github.com/pquerna/otp/totp" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type TOTP struct { @@ -18,7 +18,7 @@ type TOTP struct { func NewTOTPKey(issuer, accountName string, cryptoAlg crypto.EncryptionAlgorithm) (*otp.Key, *crypto.CryptoValue, error) { key, err := totp.Generate(totp.GenerateOpts{Issuer: issuer, AccountName: accountName}) if err != nil { - return nil, nil, caos_errs.ThrowInternal(err, "TOTP-ieY3o", "Errors.Internal") + return nil, nil, zerrors.ThrowInternal(err, "TOTP-ieY3o", "Errors.Internal") } encryptedSecret, err := crypto.Encrypt([]byte(key.Secret()), cryptoAlg) if err != nil { @@ -35,7 +35,7 @@ func VerifyTOTP(code string, secret *crypto.CryptoValue, cryptoAlg crypto.Encryp valid := totp.Validate(code, decrypt) if !valid { - return caos_errs.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode") + return zerrors.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode") } return nil } diff --git a/internal/domain/human_password.go b/internal/domain/human_password.go index 35bcbeaf28..779ed4dba7 100644 --- a/internal/domain/human_password.go +++ b/internal/domain/human_password.go @@ -4,8 +4,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Password struct { @@ -35,7 +35,7 @@ func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, hash return nil } if policy == nil { - return caos_errs.ThrowPreconditionFailed(nil, "DOMAIN-s8ifS", "Errors.User.PasswordComplexityPolicy.NotFound") + return zerrors.ThrowPreconditionFailed(nil, "DOMAIN-s8ifS", "Errors.User.PasswordComplexityPolicy.NotFound") } if err := policy.Check(p.SecretString); err != nil { return err diff --git a/internal/domain/human_phone.go b/internal/domain/human_phone.go index 44eb5fe968..f350ea72a0 100644 --- a/internal/domain/human_phone.go +++ b/internal/domain/human_phone.go @@ -6,8 +6,8 @@ import ( "github.com/ttacon/libphonenumber" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) const defaultRegion = "CH" @@ -16,11 +16,11 @@ type PhoneNumber string func (p PhoneNumber) Normalize() (PhoneNumber, error) { if p == "" { - return p, caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty") + return p, zerrors.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty") } phoneNr, err := libphonenumber.Parse(string(p), defaultRegion) if err != nil { - return p, caos_errs.ThrowInvalidArgument(err, "PHONE-so0wa", "Errors.User.Phone.Invalid") + return p, zerrors.ThrowInvalidArgument(err, "PHONE-so0wa", "Errors.User.Phone.Invalid") } return PhoneNumber(libphonenumber.Format(phoneNr, libphonenumber.E164)), nil } @@ -43,7 +43,7 @@ type PhoneCode struct { func (p *Phone) Normalize() error { if p == nil { - return caos_errs.ThrowInvalidArgument(nil, "PHONE-YlbwO", "Errors.User.Phone.Empty") + return zerrors.ThrowInvalidArgument(nil, "PHONE-YlbwO", "Errors.User.Phone.Empty") } normalizedNumber, err := p.PhoneNumber.Normalize() if err != nil { diff --git a/internal/domain/human_phone_test.go b/internal/domain/human_phone_test.go index c16680de46..1bcd2ee87f 100644 --- a/internal/domain/human_phone_test.go +++ b/internal/domain/human_phone_test.go @@ -3,7 +3,7 @@ package domain import ( "testing" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestFormatPhoneNumber(t *testing.T) { @@ -23,7 +23,7 @@ func TestFormatPhoneNumber(t *testing.T) { PhoneNumber: "PhoneNumber", }, }, - errFunc: caos_errs.IsErrorInvalidArgument, + errFunc: zerrors.IsErrorInvalidArgument, }, { name: "format phone 071...", diff --git a/internal/domain/human_profile.go b/internal/domain/human_profile.go index ac220c7758..02b68ebe98 100644 --- a/internal/domain/human_profile.go +++ b/internal/domain/human_profile.go @@ -3,8 +3,8 @@ package domain import ( "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Profile struct { @@ -22,13 +22,13 @@ type Profile struct { func (p *Profile) Validate() error { if p == nil { - return errors.ThrowInvalidArgument(nil, "PROFILE-GPY3p", "Errors.User.Profile.Empty") + return zerrors.ThrowInvalidArgument(nil, "PROFILE-GPY3p", "Errors.User.Profile.Empty") } if p.FirstName == "" { - return errors.ThrowInvalidArgument(nil, "PROFILE-RF5z2", "Errors.User.Profile.FirstNameEmpty") + return zerrors.ThrowInvalidArgument(nil, "PROFILE-RF5z2", "Errors.User.Profile.FirstNameEmpty") } if p.LastName == "" { - return errors.ThrowInvalidArgument(nil, "PROFILE-DSUkN", "Errors.User.Profile.LastNameEmpty") + return zerrors.ThrowInvalidArgument(nil, "PROFILE-DSUkN", "Errors.User.Profile.LastNameEmpty") } return nil } diff --git a/internal/domain/language.go b/internal/domain/language.go new file mode 100644 index 0000000000..555104f50c --- /dev/null +++ b/internal/domain/language.go @@ -0,0 +1,130 @@ +package domain + +import ( + "errors" + + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func StringsToLanguages(langs []string) []language.Tag { + return GenericMapSlice(langs, language.Make) +} + +func LanguagesToStrings(langs []language.Tag) []string { + return GenericMapSlice(langs, func(lang language.Tag) string { return lang.String() }) +} + +func GenericMapSlice[T any, U any](from []T, mapTo func(T) U) []U { + if from == nil { + return nil + } + result := make([]U, len(from)) + for i, lang := range from { + result[i] = mapTo(lang) + } + return result +} + +// LanguagesDiffer returns true if the languages differ. +func LanguagesDiffer(left, right []language.Tag) bool { + if left == nil && right == nil { + return false + } + if left == nil || right == nil || len(left) != len(right) { + return true + } + return !languagesAreContained(left, right) +} + +func LanguageIsAllowed(allowUndefined bool, allowedLanguages []language.Tag, lang language.Tag) error { + err := LanguageIsDefined(lang) + if err != nil && allowUndefined { + return nil + } + if err != nil { + return err + } + if len(allowedLanguages) > 0 && !languageIsContained(allowedLanguages, lang) { + return zerrors.ThrowPreconditionFailed(nil, "LANG-2M9fs", "Errors.Language.NotAllowed") + } + return nil +} + +func LanguagesAreSupported(supportedLanguages []language.Tag, lang ...language.Tag) error { + unsupported := make([]language.Tag, 0) + for _, l := range lang { + if l.IsRoot() { + continue + } + if !languageIsContained(supportedLanguages, l) { + unsupported = append(unsupported, l) + } + } + if len(unsupported) == 0 { + return nil + } + if len(unsupported) == 1 { + return zerrors.ThrowInvalidArgument(nil, "LANG-lg4DP", "Errors.Language.NotSupported") + } + return zerrors.ThrowInvalidArgumentf(nil, "LANG-XHiK5", "Errors.Languages.NotSupported: %s", LanguagesToStrings(unsupported)) +} + +func LanguageIsDefined(lang language.Tag) error { + if lang.IsRoot() { + return zerrors.ThrowInvalidArgument(nil, "LANG-3M9f2", "Errors.Language.Undefined") + } + return nil +} + +// LanguagesHaveDuplicates returns an error if the passed slices contains duplicates. +// The error lists the duplicates. +func LanguagesHaveDuplicates(langs []language.Tag) error { + unique := make(map[language.Tag]struct{}) + duplicates := make([]language.Tag, 0) + for _, lang := range langs { + if _, ok := unique[lang]; ok { + duplicates = append(duplicates, lang) + } + unique[lang] = struct{}{} + } + if len(duplicates) == 0 { + return nil + } + if len(duplicates) > 1 { + return zerrors.ThrowInvalidArgument(nil, "LANG-3M9f2", "Errors.Language.Duplicate") + } + return zerrors.ThrowInvalidArgumentf(nil, "LANG-XHiK5", "Errors.Languages.Duplicate: %s", LanguagesToStrings(duplicates)) +} + +func ParseLanguage(lang ...string) (tags []language.Tag, err error) { + tags = make([]language.Tag, len(lang)) + for i := range lang { + var parseErr error + tags[i], parseErr = language.Parse(lang[i]) + err = errors.Join(err, parseErr) + } + if err != nil { + err = zerrors.ThrowInvalidArgument(err, "LANG-jc8Sq", "Errors.Language.NotParsed") + } + return tags, err +} + +func languagesAreContained(languages, search []language.Tag) bool { + for _, s := range search { + if !languageIsContained(languages, s) { + return false + } + } + return true +} + +func languageIsContained(languages []language.Tag, search language.Tag) bool { + for _, lang := range languages { + if lang == search { + return true + } + } + return false +} diff --git a/internal/domain/machine_key.go b/internal/domain/machine_key.go index 43abfd83b9..ea7777d6da 100644 --- a/internal/domain/machine_key.go +++ b/internal/domain/machine_key.go @@ -4,8 +4,8 @@ import ( "encoding/json" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type MachineKey struct { @@ -38,7 +38,7 @@ func (key *MachineKey) Detail() ([]byte, error) { if key.Type == AuthNKeyTypeJSON { return key.MarshalJSON() } - return nil, errors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") + return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal") } func (key *MachineKey) MarshalJSON() ([]byte, error) { diff --git a/internal/domain/machine_secret.go b/internal/domain/machine_secret.go index d8b0633b48..ba9bfe7b99 100644 --- a/internal/domain/machine_secret.go +++ b/internal/domain/machine_secret.go @@ -2,13 +2,13 @@ package domain import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func NewMachineClientSecret(generator crypto.Generator) (*crypto.CryptoValue, string, error) { cryptoValue, stringSecret, err := crypto.NewCode(generator) if err != nil { - return nil, "", errors.ThrowInternal(err, "MODEL-57cjsiw", "Errors.User.Machine.Secret.CouldNotGenerate") + return nil, "", zerrors.ThrowInternal(err, "MODEL-57cjsiw", "Errors.User.Machine.Secret.CouldNotGenerate") } return cryptoValue, stringSecret, nil } diff --git a/internal/domain/metadata.go b/internal/domain/metadata.go index f0db03c880..357a20d236 100644 --- a/internal/domain/metadata.go +++ b/internal/domain/metadata.go @@ -3,8 +3,8 @@ package domain import ( "time" - caos_errors "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Metadata struct { @@ -66,7 +66,7 @@ type MetadataSearchResponse struct { func (r *MetadataSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-0ds32", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-0ds32", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/domain/mfa.go b/internal/domain/mfa.go index 65ad9486fd..3b408109f7 100644 --- a/internal/domain/mfa.go +++ b/internal/domain/mfa.go @@ -13,10 +13,6 @@ const ( stateCount ) -func (f MFAState) Valid() bool { - return f >= 0 && f < stateCount -} - type MultifactorConfigs struct { OTP OTPConfig } diff --git a/internal/domain/notification.go b/internal/domain/notification.go index f4af3ea515..756c400c66 100644 --- a/internal/domain/notification.go +++ b/internal/domain/notification.go @@ -9,10 +9,6 @@ const ( notificationCount ) -func (f NotificationType) Valid() bool { - return f >= 0 && f < notificationCount -} - type NotificationProviderState int32 const ( diff --git a/internal/domain/org_domain.go b/internal/domain/org_domain.go index bbd2e664e5..ff3ca4db0c 100644 --- a/internal/domain/org_domain.go +++ b/internal/domain/org_domain.go @@ -6,8 +6,8 @@ import ( http_util "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type OrgDomain struct { @@ -73,7 +73,7 @@ func NewIAMDomainName(orgName, iamDomain string) (string, error) { return strings.ToLower(label + "." + iamDomain), nil } - return "", errors.ThrowInvalidArgument(nil, "ORG-RrfXY", "Errors.Org.Domain.EmptyString") + return "", zerrors.ThrowInvalidArgument(nil, "ORG-RrfXY", "Errors.Org.Domain.EmptyString") } type OrgDomainValidationType int32 diff --git a/internal/domain/permission.go b/internal/domain/permission.go index ebd7981ab0..fd20f77cf0 100644 --- a/internal/domain/permission.go +++ b/internal/domain/permission.go @@ -29,6 +29,7 @@ type PermissionCheck func(ctx context.Context, permission, orgID, resourceID str const ( PermissionUserWrite = "user.write" PermissionUserRead = "user.read" + PermissionUserDelete = "user.delete" PermissionSessionWrite = "session.write" PermissionSessionDelete = "session.delete" ) diff --git a/internal/domain/policy.go b/internal/domain/policy.go index 457152f3c3..6efe5520d7 100644 --- a/internal/domain/policy.go +++ b/internal/domain/policy.go @@ -10,10 +10,6 @@ const ( policyStateCount ) -func (f PolicyState) Valid() bool { - return f >= 0 && f < policyStateCount -} - func (s PolicyState) Exists() bool { return s != PolicyStateUnspecified && s != PolicyStateRemoved } diff --git a/internal/domain/policy_label.go b/internal/domain/policy_label.go index b5517bc54c..b9f2560ae0 100644 --- a/internal/domain/policy_label.go +++ b/internal/domain/policy_label.go @@ -3,8 +3,8 @@ package domain import ( "regexp" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) var colorRegex = regexp.MustCompile("^$|^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$") @@ -58,36 +58,28 @@ const ( func (f LabelPolicy) IsValid() error { if !colorRegex.MatchString(f.PrimaryColor) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-391dG", "Errors.Policy.Label.Invalid.PrimaryColor") + return zerrors.ThrowInvalidArgument(nil, "POLICY-391dG", "Errors.Policy.Label.Invalid.PrimaryColor") } if !colorRegex.MatchString(f.BackgroundColor) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-502F1", "Errors.Policy.Label.Invalid.BackgroundColor") + return zerrors.ThrowInvalidArgument(nil, "POLICY-502F1", "Errors.Policy.Label.Invalid.BackgroundColor") } if !colorRegex.MatchString(f.WarnColor) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-nvw33", "Errors.Policy.Label.Invalid.WarnColor") + return zerrors.ThrowInvalidArgument(nil, "POLICY-nvw33", "Errors.Policy.Label.Invalid.WarnColor") } if !colorRegex.MatchString(f.FontColor) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-93mSf", "Errors.Policy.Label.Invalid.FontColor") + return zerrors.ThrowInvalidArgument(nil, "POLICY-93mSf", "Errors.Policy.Label.Invalid.FontColor") } if !colorRegex.MatchString(f.PrimaryColorDark) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-391dG", "Errors.Policy.Label.Invalid.PrimaryColorDark") + return zerrors.ThrowInvalidArgument(nil, "POLICY-391dG", "Errors.Policy.Label.Invalid.PrimaryColorDark") } if !colorRegex.MatchString(f.BackgroundColorDark) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-llsp2", "Errors.Policy.Label.Invalid.BackgroundColorDark") + return zerrors.ThrowInvalidArgument(nil, "POLICY-llsp2", "Errors.Policy.Label.Invalid.BackgroundColorDark") } if !colorRegex.MatchString(f.WarnColorDark) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-2b6sf", "Errors.Policy.Label.Invalid.WarnColorDark") + return zerrors.ThrowInvalidArgument(nil, "POLICY-2b6sf", "Errors.Policy.Label.Invalid.WarnColorDark") } if !colorRegex.MatchString(f.FontColorDark) { - return caos_errs.ThrowInvalidArgument(nil, "POLICY-3M0fs", "Errors.Policy.Label.Invalid.FontColorDark") + return zerrors.ThrowInvalidArgument(nil, "POLICY-3M0fs", "Errors.Policy.Label.Invalid.FontColorDark") } return nil } - -func (f LabelPolicyState) Valid() bool { - return f >= 0 && f < labelPolicyStateCount -} - -func (s LabelPolicyState) Exists() bool { - return s != LabelPolicyStateUnspecified && s != LabelPolicyStateRemoved -} diff --git a/internal/domain/policy_label_test.go b/internal/domain/policy_label_test.go index 9e84669e19..e120bbb467 100644 --- a/internal/domain/policy_label_test.go +++ b/internal/domain/policy_label_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLabelPolicyPrimaryColorValid(t *testing.T) { @@ -40,21 +40,21 @@ func TestLabelPolicyPrimaryColorValid(t *testing.T) { args: args{ policy: &LabelPolicy{PrimaryColor: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{PrimaryColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{PrimaryColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -102,21 +102,21 @@ func TestLabelPolicyBackgroundColorValid(t *testing.T) { args: args{ policy: &LabelPolicy{BackgroundColor: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{BackgroundColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{BackgroundColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -164,21 +164,21 @@ func TestLabelPolicyWarnColorValid(t *testing.T) { args: args{ policy: &LabelPolicy{WarnColor: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{WarnColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{WarnColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -226,21 +226,21 @@ func TestLabelPolicyFontColorValid(t *testing.T) { args: args{ policy: &LabelPolicy{FontColor: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{FontColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{FontColor: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -288,21 +288,21 @@ func TestLabelPolicyPrimaryColorDarkValid(t *testing.T) { args: args{ policy: &LabelPolicy{PrimaryColorDark: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{PrimaryColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{PrimaryColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -350,21 +350,21 @@ func TestLabelPolicyBackgroundColorDarkValid(t *testing.T) { args: args{ policy: &LabelPolicy{BackgroundColorDark: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{BackgroundColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{BackgroundColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -412,21 +412,21 @@ func TestLabelPolicyWarnColorDarkValid(t *testing.T) { args: args{ policy: &LabelPolicy{WarnColorDark: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{WarnColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{WarnColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { @@ -474,21 +474,21 @@ func TestLabelPolicyFontColorDarkValid(t *testing.T) { args: args{ policy: &LabelPolicy{FontColorDark: "#0f9wfm"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with wrong count of characters, invalid", args: args{ policy: &LabelPolicy{FontColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, { name: "color code with no #, invalid", args: args{ policy: &LabelPolicy{FontColorDark: "#00"}, }, - err: caos_errs.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, } for _, tt := range tests { diff --git a/internal/domain/policy_login.go b/internal/domain/policy_login.go index c898ea2544..6c4214724d 100644 --- a/internal/domain/policy_login.go +++ b/internal/domain/policy_login.go @@ -66,12 +66,6 @@ func (p IDPProvider) IsValid() bool { return p.IDPConfigID != "" } -// DisplayName returns the name or a default -// to be used when always a name must be displayed (e.g. login) -func (p IDPProvider) DisplayName() string { - return IDPName(p.Name, p.IDPType) -} - type PasswordlessType int32 const ( @@ -88,7 +82,3 @@ func (f PasswordlessType) Valid() bool { func (p *LoginPolicy) HasSecondFactors() bool { return len(p.SecondFactors) > 0 } - -func (p *LoginPolicy) HasMultiFactors() bool { - return len(p.MultiFactors) > 0 -} diff --git a/internal/domain/policy_password_complexity.go b/internal/domain/policy_password_complexity.go index 99549477c7..e5280508c5 100644 --- a/internal/domain/policy_password_complexity.go +++ b/internal/domain/policy_password_complexity.go @@ -3,8 +3,8 @@ package domain import ( "regexp" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -28,30 +28,30 @@ type PasswordComplexityPolicy struct { func (p *PasswordComplexityPolicy) IsValid() error { if p.MinLength == 0 || p.MinLength > 72 { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed") + return zerrors.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed") } return nil } func (p *PasswordComplexityPolicy) Check(password string) error { if p.MinLength != 0 && uint64(len(password)) < p.MinLength { - return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") + return zerrors.ThrowInvalidArgument(nil, "DOMAIN-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") } if p.HasLowercase && !hasStringLowerCase(password) { - return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") + return zerrors.ThrowInvalidArgument(nil, "DOMAIN-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") } if p.HasUppercase && !hasStringUpperCase(password) { - return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") + return zerrors.ThrowInvalidArgument(nil, "DOMAIN-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") } if p.HasNumber && !hasNumber(password) { - return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") + return zerrors.ThrowInvalidArgument(nil, "DOMAIN-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") } if p.HasSymbol && !hasSymbol(password) { - return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") + return zerrors.ThrowInvalidArgument(nil, "DOMAIN-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") } return nil } diff --git a/internal/domain/project_grant.go b/internal/domain/project_grant.go index 09604913a8..fecf38ec63 100644 --- a/internal/domain/project_grant.go +++ b/internal/domain/project_grant.go @@ -11,11 +11,6 @@ type ProjectGrant struct { RoleKeys []string } -type ProjectGrantIDs struct { - ProjectID string - GrantID string -} - type ProjectGrantState int32 const ( diff --git a/internal/domain/project_grant_member.go b/internal/domain/project_grant_member.go index 8c1a840437..bc3fd902fa 100644 --- a/internal/domain/project_grant_member.go +++ b/internal/domain/project_grant_member.go @@ -12,17 +12,6 @@ type ProjectGrantMember struct { Roles []string } -func NewProjectGrantMember(aggregateID, userID, grantID string, roles ...string) *ProjectGrantMember { - return &ProjectGrantMember{ - ObjectRoot: es_models.ObjectRoot{ - AggregateID: aggregateID, - }, - GrantID: grantID, - UserID: userID, - Roles: roles, - } -} - func (i *ProjectGrantMember) IsValid() bool { return i.AggregateID != "" && i.GrantID != "" && i.UserID != "" && len(i.Roles) != 0 } diff --git a/internal/domain/provider.go b/internal/domain/provider.go index b21a5e2a61..16dc2800b7 100644 --- a/internal/domain/provider.go +++ b/internal/domain/provider.go @@ -9,10 +9,6 @@ const ( identityProviderCount ) -func (f IdentityProviderType) Valid() bool { - return f >= 0 && f < identityProviderCount -} - type IdentityProviderState int32 const ( @@ -22,7 +18,3 @@ const ( idpProviderState ) - -func (s IdentityProviderState) Valid() bool { - return s >= 0 && s < idpProviderState -} diff --git a/internal/domain/refresh_token.go b/internal/domain/refresh_token.go index 84567897e2..31f342c35f 100644 --- a/internal/domain/refresh_token.go +++ b/internal/domain/refresh_token.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/zitadel/zitadel/internal/crypto" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func NewRefreshToken(userID, tokenID string, algorithm crypto.EncryptionAlgorithm) (string, error) { @@ -31,7 +31,7 @@ func FromRefreshToken(refreshToken string, algorithm crypto.EncryptionAlgorithm) } split := strings.Split(string(decrypted), ":") if len(split) != 3 { - return "", "", "", caos_errors.ThrowInternal(nil, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid") + return "", "", "", zerrors.ThrowInternal(nil, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid") } return split[0], split[1], split[2], nil } diff --git a/internal/domain/request.go b/internal/domain/request.go index 7f91463921..bbacddc757 100644 --- a/internal/domain/request.go +++ b/internal/domain/request.go @@ -59,7 +59,7 @@ func (a *AuthRequestSAML) IsValid() bool { } type AuthRequestDevice struct { - ID string + ClientID string DeviceCode string UserCode string Scopes []string @@ -70,5 +70,5 @@ func (*AuthRequestDevice) Type() AuthRequestType { } func (a *AuthRequestDevice) IsValid() bool { - return a.DeviceCode != "" && a.UserCode != "" && len(a.Scopes) > 0 + return a.DeviceCode != "" && a.UserCode != "" } diff --git a/internal/domain/step.go b/internal/domain/step.go deleted file mode 100644 index dc3641389b..0000000000 --- a/internal/domain/step.go +++ /dev/null @@ -1,29 +0,0 @@ -package domain - -type Step int - -const ( - Step1 Step = iota + 1 - Step2 - Step3 - Step4 - Step5 - Step6 - Step7 - Step8 - Step9 - Step10 - Step11 - Step12 - Step13 - Step14 - Step15 - Step16 - Step17 - Step18 - Step19 - Step20 - Step21 - //StepCount marks the the length of possible steps (StepCount-1 == last possible step) - StepCount -) diff --git a/internal/domain/unique_constraint_migration.go b/internal/domain/unique_constraint_migration.go deleted file mode 100644 index f699e68ae3..0000000000 --- a/internal/domain/unique_constraint_migration.go +++ /dev/null @@ -1,9 +0,0 @@ -package domain - -type UniqueConstraintMigration struct { - AggregateID string - ObjectID string - UniqueType string - UniqueField string - ErrorMessage string -} diff --git a/internal/domain/url_template.go b/internal/domain/url_template.go index 172de3496c..ed39a8257e 100644 --- a/internal/domain/url_template.go +++ b/internal/domain/url_template.go @@ -4,16 +4,16 @@ import ( "io" "text/template" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func renderURLTemplate(w io.Writer, tmpl string, data any) error { parsed, err := template.New("").Parse(tmpl) if err != nil { - return caos_errs.ThrowInvalidArgument(err, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate") + return zerrors.ThrowInvalidArgument(err, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate") } if err = parsed.Execute(w, data); err != nil { - return caos_errs.ThrowInvalidArgument(err, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate") + return zerrors.ThrowInvalidArgument(err, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate") } return nil } diff --git a/internal/domain/url_template_test.go b/internal/domain/url_template_test.go index 1140d14245..dbd3e19ab3 100644 --- a/internal/domain/url_template_test.go +++ b/internal/domain/url_template_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_renderURLTemplate(t *testing.T) { @@ -26,7 +26,7 @@ func Test_renderURLTemplate(t *testing.T) { args: args{ tmpl: "{{", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "execution error", @@ -34,7 +34,7 @@ func Test_renderURLTemplate(t *testing.T) { tmpl: "{{.Some}}", data: struct{ Foo int }{Foo: 1}, }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-ieYa7", "Errors.User.InvalidURLTemplate"), }, { name: "success", diff --git a/internal/domain/user.go b/internal/domain/user.go index 18fa2db9af..7450d06417 100644 --- a/internal/domain/user.go +++ b/internal/domain/user.go @@ -1,10 +1,5 @@ package domain -type User interface { - GetUsername() string - GetState() UserState -} - type UserState int32 const ( @@ -19,10 +14,6 @@ const ( userStateCount ) -func (f UserState) Valid() bool { - return f >= 0 && f < userStateCount -} - func (s UserState) Exists() bool { return s != UserStateUnspecified && s != UserStateDeleted } @@ -40,10 +31,6 @@ const ( userTypeCount ) -func (f UserType) Valid() bool { - return f >= 0 && f < userTypeCount -} - type UserAuthMethodType int32 const ( @@ -58,10 +45,6 @@ const ( userAuthMethodTypeCount ) -func (f UserAuthMethodType) Valid() bool { - return f >= 0 && f < userAuthMethodTypeCount -} - // HasMFA checks whether the user authenticated with multiple auth factors. // This can either be true if the list contains a [UserAuthMethodType] which by itself is MFA (e.g. [UserAuthMethodTypePasswordless]) // or if multiple factors were used (e.g. [UserAuthMethodTypePassword] and [UserAuthMethodTypeU2F]) diff --git a/internal/domain/user_membership.go b/internal/domain/user_membership.go deleted file mode 100644 index ae786237ea..0000000000 --- a/internal/domain/user_membership.go +++ /dev/null @@ -1,29 +0,0 @@ -package domain - -import "time" - -type UserMembership struct { - UserID string - MemberType MemberType - AggregateID string - //ObjectID differs from aggregate id if obejct is sub of an aggregate - ObjectID string - - Roles []string - DisplayName string - CreationDate time.Time - ChangeDate time.Time - ResourceOwner string - ResourceOwnerName string - Sequence uint64 -} - -type MemberType int32 - -const ( - MemberTypeUnspecified MemberType = iota - MemberTypeOrganisation - MemberTypeProject - MemberTypeProjectGrant - MemberTypeIam -) diff --git a/internal/domain/user_v2_passkey_test.go b/internal/domain/user_v2_passkey_test.go index 74cb1695e0..7eb0b289a9 100644 --- a/internal/domain/user_v2_passkey_test.go +++ b/internal/domain/user_v2_passkey_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestRenderPasskeyURLTemplate(t *testing.T) { @@ -29,7 +29,7 @@ func TestRenderPasskeyURLTemplate(t *testing.T) { args: args{ tmpl: "{{", }, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "success", diff --git a/internal/errors/already_exists_test.go b/internal/errors/already_exists_test.go deleted file mode 100644 index 549d0af0ac..0000000000 --- a/internal/errors/already_exists_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestAlreadyExistsError(t *testing.T) { - var alreadyExistsError interface{} - alreadyExistsError = new(caos_errs.AlreadyExistsError) - _, ok := alreadyExistsError.(caos_errs.AlreadyExists) - assert.True(t, ok) -} - -func TestThrowAlreadyExistsf(t *testing.T) { - err := caos_errs.ThrowAlreadyExistsf(nil, "id", "msg") - - _, ok := err.(*caos_errs.AlreadyExistsError) - assert.True(t, ok) -} - -func TestIsErrorAlreadyExists(t *testing.T) { - err := caos_errs.ThrowAlreadyExists(nil, "id", "msg") - ok := caos_errs.IsErrorAlreadyExists(err) - assert.True(t, ok) - - err = errors.New("Already Exists!") - ok = caos_errs.IsErrorAlreadyExists(err) - assert.False(t, ok) -} diff --git a/internal/errors/deadline_exceeded_test.go b/internal/errors/deadline_exceeded_test.go deleted file mode 100644 index 1a26e30992..0000000000 --- a/internal/errors/deadline_exceeded_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestDeadlineExceededError(t *testing.T) { - var err interface{} - err = new(caos_errs.DeadlineExceededError) - _, ok := err.(caos_errs.DeadlineExceeded) - assert.True(t, ok) -} - -func TestThrowDeadlineExceededf(t *testing.T) { - err := caos_errs.ThrowDeadlineExceededf(nil, "id", "msg") - _, ok := err.(*caos_errs.DeadlineExceededError) - assert.True(t, ok) -} - -func TestIsDeadlineExceeded(t *testing.T) { - err := caos_errs.ThrowDeadlineExceeded(nil, "id", "msg") - ok := caos_errs.IsDeadlineExceeded(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsDeadlineExceeded(err) - assert.False(t, ok) -} diff --git a/internal/errors/generate/error_test.go.tmpl b/internal/errors/generate/error_test.go.tmpl deleted file mode 100644 index 38a0eb2cae..0000000000 --- a/internal/errors/generate/error_test.go.tmpl +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func Test{{.ErrorName}}Error(t *testing.T) { - var err interface{} - err = new(caos_errs.{{.ErrorName}}Error) - _, ok := err.(*caos_errs.{{.ErrorName}}) - assert.True(t, ok) -} - -func TestThrow{{.ErrorName}}f(t *testing.T) { - err := caos_errs.Throw{{.ErrorName}}f(nil, "id", "msg") - _, ok := err.(*caos_errs.{{.ErrorName}}Error) - assert.True(t, ok) -} - -func TestIs{{.ErrorName}}(t *testing.T) { - err := caos_errs.Throw{{.ErrorName}}(nil, "id", "msg") - ok := caos_errs.Is{{.ErrorName}}(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.Is{{.ErrorName}}(err) - assert.False(t, ok) -} diff --git a/internal/errors/internal_test.go b/internal/errors/internal_test.go deleted file mode 100644 index d13f7def84..0000000000 --- a/internal/errors/internal_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestInternalError(t *testing.T) { - var err interface{} - err = new(caos_errs.InternalError) - _, ok := err.(caos_errs.Internal) - assert.True(t, ok) -} - -func TestThrowInternalf(t *testing.T) { - err := caos_errs.ThrowInternalf(nil, "id", "msg") - _, ok := err.(*caos_errs.InternalError) - assert.True(t, ok) -} - -func TestIsInternal(t *testing.T) { - err := caos_errs.ThrowInternal(nil, "id", "msg") - ok := caos_errs.IsInternal(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsInternal(err) - assert.False(t, ok) -} diff --git a/internal/errors/invalid_argument_test.go b/internal/errors/invalid_argument_test.go deleted file mode 100644 index 6de64b0081..0000000000 --- a/internal/errors/invalid_argument_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestInvalidArgumentError(t *testing.T) { - var invalidArgumentError interface{} - invalidArgumentError = new(caos_errs.InvalidArgumentError) - _, ok := invalidArgumentError.(caos_errs.InvalidArgument) - assert.True(t, ok) -} - -func TestThrowInvalidArgumentf(t *testing.T) { - err := caos_errs.ThrowInvalidArgumentf(nil, "id", "msg") - _, ok := err.(*caos_errs.InvalidArgumentError) - assert.True(t, ok) -} - -func TestIsErrorInvalidArgument(t *testing.T) { - err := caos_errs.ThrowInvalidArgument(nil, "id", "msg") - ok := caos_errs.IsErrorInvalidArgument(err) - assert.True(t, ok) - - err = errors.New("I am invalid!") - ok = caos_errs.IsErrorInvalidArgument(err) - assert.False(t, ok) -} diff --git a/internal/errors/not_found_test.go b/internal/errors/not_found_test.go deleted file mode 100644 index 45f0ebb0b2..0000000000 --- a/internal/errors/not_found_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestNotFoundError(t *testing.T) { - var notFoundError interface{} - notFoundError = new(caos_errs.NotFoundError) - _, ok := notFoundError.(caos_errs.NotFound) - assert.True(t, ok) -} - -func TestThrowNotFoundf(t *testing.T) { - err := caos_errs.ThrowNotFoundf(nil, "id", "msg") - _, ok := err.(*caos_errs.NotFoundError) - assert.True(t, ok) -} - -func TestIsNotFound(t *testing.T) { - err := caos_errs.ThrowNotFound(nil, "id", "msg") - ok := caos_errs.IsNotFound(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsNotFound(err) - assert.False(t, ok) -} diff --git a/internal/errors/permission_denied_test.go b/internal/errors/permission_denied_test.go deleted file mode 100644 index bf994321ac..0000000000 --- a/internal/errors/permission_denied_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestPermissionDeniedError(t *testing.T) { - var err interface{} - err = new(caos_errs.PermissionDeniedError) - _, ok := err.(caos_errs.PermissionDenied) - assert.True(t, ok) -} - -func TestThrowPermissionDeniedf(t *testing.T) { - err := caos_errs.ThrowPermissionDeniedf(nil, "id", "msg") - _, ok := err.(*caos_errs.PermissionDeniedError) - assert.True(t, ok) -} - -func TestIsPermissionDenied(t *testing.T) { - err := caos_errs.ThrowPermissionDenied(nil, "id", "msg") - ok := caos_errs.IsPermissionDenied(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsPermissionDenied(err) - assert.False(t, ok) -} diff --git a/internal/errors/precondition_failed_test.go b/internal/errors/precondition_failed_test.go deleted file mode 100644 index 2503063b71..0000000000 --- a/internal/errors/precondition_failed_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestPreconditionFailedError(t *testing.T) { - var err interface{} - err = new(caos_errs.PreconditionFailedError) - _, ok := err.(caos_errs.PreconditionFailed) - assert.True(t, ok) -} - -func TestThrowPreconditionFailedf(t *testing.T) { - err := caos_errs.ThrowPreconditionFailedf(nil, "id", "msg") - _, ok := err.(*caos_errs.PreconditionFailedError) - assert.True(t, ok) -} - -func TestIsPreconditionFailed(t *testing.T) { - err := caos_errs.ThrowPreconditionFailed(nil, "id", "msg") - ok := caos_errs.IsPreconditionFailed(err) - assert.True(t, ok) - - err = errors.New("Precondition failed!") - ok = caos_errs.IsPreconditionFailed(err) - assert.False(t, ok) -} diff --git a/internal/errors/resource_exhausted_test.go b/internal/errors/resource_exhausted_test.go deleted file mode 100644 index dd2bd7866a..0000000000 --- a/internal/errors/resource_exhausted_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestResourceExhaustedError(t *testing.T) { - var err interface{} = new(caos_errs.ResourceExhaustedError) - _, ok := err.(caos_errs.ResourceExhausted) - assert.True(t, ok) -} - -func TestThrowResourceExhaustedf(t *testing.T) { - err := caos_errs.ThrowResourceExhaustedf(nil, "id", "msg") - // TODO: refactor errors package - //nolint:errorlint - _, ok := err.(*caos_errs.ResourceExhaustedError) - assert.True(t, ok) -} - -func TestIsResourceExhausted(t *testing.T) { - err := caos_errs.ThrowResourceExhausted(nil, "id", "msg") - ok := caos_errs.IsResourceExhausted(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsResourceExhausted(err) - assert.False(t, ok) -} diff --git a/internal/errors/unauthenticated_test.go b/internal/errors/unauthenticated_test.go deleted file mode 100644 index faba8bbbc3..0000000000 --- a/internal/errors/unauthenticated_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestUnauthenticatedError(t *testing.T) { - var err interface{} - err = new(caos_errs.UnauthenticatedError) - _, ok := err.(caos_errs.Unauthenticated) - assert.True(t, ok) -} - -func TestThrowUnauthenticatedf(t *testing.T) { - err := caos_errs.ThrowUnauthenticatedf(nil, "id", "msg") - _, ok := err.(*caos_errs.UnauthenticatedError) - assert.True(t, ok) -} - -func TestIsUnauthenticated(t *testing.T) { - err := caos_errs.ThrowUnauthenticated(nil, "id", "msg") - ok := caos_errs.IsUnauthenticated(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsUnauthenticated(err) - assert.False(t, ok) -} diff --git a/internal/errors/unavailable_test.go b/internal/errors/unavailable_test.go deleted file mode 100644 index 37fd549ea4..0000000000 --- a/internal/errors/unavailable_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestUnavailableError(t *testing.T) { - var err interface{} - err = new(caos_errs.UnavailableError) - _, ok := err.(caos_errs.Unavailable) - assert.True(t, ok) -} - -func TestThrowUnavailablef(t *testing.T) { - err := caos_errs.ThrowUnavailablef(nil, "id", "msg") - _, ok := err.(*caos_errs.UnavailableError) - assert.True(t, ok) -} - -func TestIsUnavailable(t *testing.T) { - err := caos_errs.ThrowUnavailable(nil, "id", "msg") - ok := caos_errs.IsUnavailable(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsUnavailable(err) - assert.False(t, ok) -} diff --git a/internal/errors/unimplemented_test.go b/internal/errors/unimplemented_test.go deleted file mode 100644 index acaba5a424..0000000000 --- a/internal/errors/unimplemented_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestUnimplementedError(t *testing.T) { - var unimplementedError interface{} - unimplementedError = new(caos_errs.UnimplementedError) - _, ok := unimplementedError.(caos_errs.Unimplemented) - assert.True(t, ok) -} - -func TestThrowUnimplementedf(t *testing.T) { - err := caos_errs.ThrowUnimplementedf(nil, "id", "msg") - _, ok := err.(*caos_errs.UnimplementedError) - assert.True(t, ok) -} - -func TestIsUnimplemented(t *testing.T) { - err := caos_errs.ThrowUnimplemented(nil, "id", "msg") - ok := caos_errs.IsUnimplemented(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsUnimplemented(err) - assert.False(t, ok) -} diff --git a/internal/errors/unknown_test.go b/internal/errors/unknown_test.go deleted file mode 100644 index 2b21c06475..0000000000 --- a/internal/errors/unknown_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package errors_test - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" -) - -func TestUnknownError(t *testing.T) { - var err interface{} - err = new(caos_errs.UnknownError) - _, ok := err.(caos_errs.Unknown) - assert.True(t, ok) -} - -func TestThrowUnknownf(t *testing.T) { - err := caos_errs.ThrowUnknownf(nil, "id", "msg") - _, ok := err.(*caos_errs.UnknownError) - assert.True(t, ok) -} - -func TestIsUnknown(t *testing.T) { - err := caos_errs.ThrowUnknown(nil, "id", "msg") - ok := caos_errs.IsUnknown(err) - assert.True(t, ok) - - err = errors.New("I am found!") - ok = caos_errs.IsUnknown(err) - assert.False(t, ok) -} diff --git a/internal/eventstore/aggregate.go b/internal/eventstore/aggregate.go index 30053079da..9939d8335c 100644 --- a/internal/eventstore/aggregate.go +++ b/internal/eventstore/aggregate.go @@ -55,6 +55,7 @@ func AggregateFromWriteModel( version Version, ) *Aggregate { return NewAggregate( + // TODO: the linter complains if this function is called without passing a context context.Background(), wm.AggregateID, typ, diff --git a/internal/eventstore/event.go b/internal/eventstore/event.go index 4cb1d2ddc6..6c7f47b738 100644 --- a/internal/eventstore/event.go +++ b/internal/eventstore/event.go @@ -5,7 +5,7 @@ import ( "reflect" "time" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type action interface { @@ -63,7 +63,7 @@ func EventData(event Command) ([]byte, error) { if json.Valid(data) { return data, nil } - return nil, errors.ThrowInvalidArgument(nil, "V2-6SbbS", "data bytes are not json") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-6SbbS", "data bytes are not json") } dataType := reflect.TypeOf(event.Payload()) if dataType.Kind() == reflect.Ptr { @@ -72,11 +72,11 @@ func EventData(event Command) ([]byte, error) { if dataType.Kind() == reflect.Struct { dataBytes, err := json.Marshal(event.Payload()) if err != nil { - return nil, errors.ThrowInvalidArgument(err, "V2-xG87M", "could not marshal data") + return nil, zerrors.ThrowInvalidArgument(err, "V2-xG87M", "could not marshal data") } return dataBytes, nil } - return nil, errors.ThrowInvalidArgument(nil, "V2-91NRm", "wrong type of event data") + return nil, zerrors.ThrowInvalidArgument(nil, "V2-91NRm", "wrong type of event data") } type BaseEventSetter[T any] interface { @@ -91,7 +91,7 @@ func GenericEventMapper[T any, PT BaseEventSetter[T]](event Event) (Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "ES-Thai6", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "ES-Thai6", "unable to unmarshal event") } return e, nil diff --git a/internal/eventstore/eventstore_test.go b/internal/eventstore/eventstore_test.go index 8fe9fd8592..fe8400be2d 100644 --- a/internal/eventstore/eventstore_test.go +++ b/internal/eventstore/eventstore_test.go @@ -10,7 +10,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/service" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) // testEvent implements the Event interface @@ -122,7 +122,7 @@ func Test_eventstore_RegisterFilterEventMapper(t *testing.T) { eventMapper: map[EventType]eventTypeInterceptors{ "event.type": { eventMapper: func(Event) (Event, error) { - return nil, errors.ThrowUnimplemented(nil, "V2-1qPvn", "unimplemented") + return nil, zerrors.ThrowUnimplemented(nil, "V2-1qPvn", "unimplemented") }, }, }, @@ -661,7 +661,7 @@ func TestEventstore_Push(t *testing.T) { fields: fields{ pusher: &testPusher{ t: t, - err: errors.ThrowInternal(nil, "V2-qaa4S", "test err"), + err: zerrors.ThrowInternal(nil, "V2-qaa4S", "test err"), }, }, res: res{ @@ -684,7 +684,7 @@ func TestEventstore_Push(t *testing.T) { fields: fields{ pusher: &testPusher{ t: t, - err: errors.ThrowInternal(nil, "V2-qaa4S", "test err"), + err: zerrors.ThrowInternal(nil, "V2-qaa4S", "test err"), }, }, res: res{ @@ -775,7 +775,7 @@ func TestEventstore_FilterEvents(t *testing.T) { fields: fields{ repo: &testQuerier{ t: t, - err: errors.ThrowInternal(nil, "V2-RfkBa", "test err"), + err: zerrors.ThrowInternal(nil, "V2-RfkBa", "test err"), }, eventMapper: map[EventType]func(Event) (Event, error){ "test.event": func(e Event) (Event, error) { @@ -901,7 +901,7 @@ func TestEventstore_LatestSequence(t *testing.T) { fields: fields{ repo: &testQuerier{ t: t, - err: errors.ThrowInternal(nil, "V2-RfkBa", "test err"), + err: zerrors.ThrowInternal(nil, "V2-RfkBa", "test err"), }, }, res: res{ @@ -1038,7 +1038,7 @@ func TestEventstore_FilterToReducer(t *testing.T) { fields: fields{ repo: &testQuerier{ t: t, - err: errors.ThrowInternal(nil, "V2-RfkBa", "test err"), + err: zerrors.ThrowInternal(nil, "V2-RfkBa", "test err"), }, eventMapper: map[EventType]func(Event) (Event, error){ "test.event": func(e Event) (Event, error) { @@ -1100,7 +1100,7 @@ func TestEventstore_FilterToReducer(t *testing.T) { }, readModel: &testReducer{ t: t, - err: errors.ThrowInvalidArgument(nil, "V2-W06TG", "test err"), + err: zerrors.ThrowInvalidArgument(nil, "V2-W06TG", "test err"), expectedLength: 1, }, }, @@ -1212,7 +1212,7 @@ func TestEventstore_mapEvents(t *testing.T) { fields: fields{ eventMapper: map[EventType]func(Event) (Event, error){ "test.event": func(Event) (Event, error) { - return nil, errors.ThrowInternal(nil, "V2-8FbQk", "test err") + return nil, zerrors.ThrowInternal(nil, "V2-8FbQk", "test err") }, }, }, diff --git a/internal/eventstore/handler/crdb/lock.go b/internal/eventstore/handler/crdb/lock.go index e751eff2a2..ba17ba7925 100644 --- a/internal/eventstore/handler/crdb/lock.go +++ b/internal/eventstore/handler/crdb/lock.go @@ -11,8 +11,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/id" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -74,10 +74,10 @@ func (h *locker) renewLock(ctx context.Context, lockDuration time.Duration, inst lockStmt, values := h.lockStatement(lockDuration, instanceIDs) res, err := h.client.ExecContext(ctx, lockStmt, values...) if err != nil { - return errors.ThrowInternal(err, "CRDB-uaDoR", "unable to execute lock") + return zerrors.ThrowInternal(err, "CRDB-uaDoR", "unable to execute lock") } if rows, _ := res.RowsAffected(); rows == 0 { - return errors.ThrowAlreadyExists(nil, "CRDB-mmi4J", "projection already locked") + return zerrors.ThrowAlreadyExists(nil, "CRDB-mmi4J", "projection already locked") } return nil } @@ -86,7 +86,7 @@ func (h *locker) Unlock(instanceIDs ...string) error { lockStmt, values := h.lockStatement(0, instanceIDs) _, err := h.client.Exec(lockStmt, values...) if err != nil { - return errors.ThrowUnknown(err, "CRDB-JjfwO", "unlock failed") + return zerrors.ThrowUnknown(err, "CRDB-JjfwO", "unlock failed") } return nil } diff --git a/internal/eventstore/handler/crdb/lock_test.go b/internal/eventstore/handler/crdb/lock_test.go index 5ab824ee66..55d23b65bd 100644 --- a/internal/eventstore/handler/crdb/lock_test.go +++ b/internal/eventstore/handler/crdb/lock_test.go @@ -11,7 +11,7 @@ import ( "github.com/DATA-DOG/go-sqlmock" "github.com/zitadel/zitadel/internal/database" - z_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -21,7 +21,7 @@ const ( ) var ( - renewNoRowsAffectedErr = z_errs.ThrowAlreadyExists(nil, "CRDB-mmi4J", "projection already locked") + renewNoRowsAffectedErr = zerrors.ThrowAlreadyExists(nil, "CRDB-mmi4J", "projection already locked") errLock = errors.New("lock err") ) diff --git a/internal/eventstore/handler/v2/failed_event.go b/internal/eventstore/handler/v2/failed_event.go index b9630f7bc6..53457883ca 100644 --- a/internal/eventstore/handler/v2/failed_event.go +++ b/internal/eventstore/handler/v2/failed_event.go @@ -5,8 +5,8 @@ import ( _ "embed" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -69,10 +69,10 @@ func (h *Handler) failureCount(tx *sql.Tx, f *failure) (count uint8, err error) f.sequence, ) if err = row.Err(); err != nil { - return 0, errors.ThrowInternal(err, "CRDB-Unnex", "unable to update failure count") + return 0, zerrors.ThrowInternal(err, "CRDB-Unnex", "unable to update failure count") } if err = row.Scan(&count); err != nil { - return 0, errors.ThrowInternal(err, "CRDB-RwSMV", "unable to scan count") + return 0, zerrors.ThrowInternal(err, "CRDB-RwSMV", "unable to scan count") } return count, nil } @@ -89,7 +89,7 @@ func (h *Handler) setFailureCount(tx *sql.Tx, count uint8, f *failure) error { f.err.Error(), ) if err != nil { - return errors.ThrowInternal(err, "CRDB-4Ht4x", "set failure count failed") + return zerrors.ThrowInternal(err, "CRDB-4Ht4x", "set failure count failed") } return nil } diff --git a/internal/eventstore/handler/v2/init.go b/internal/eventstore/handler/v2/init.go index cca5cb995b..5ee650799f 100644 --- a/internal/eventstore/handler/v2/init.go +++ b/internal/eventstore/handler/v2/init.go @@ -9,8 +9,8 @@ import ( "github.com/jackc/pgconn" "github.com/zitadel/logging" - errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler" + "github.com/zitadel/zitadel/internal/zerrors" ) type Table struct { @@ -196,7 +196,7 @@ func (h *Handler) Init(ctx context.Context) error { } tx, err := h.client.BeginTx(ctx, nil) if err != nil { - return errs.ThrowInternal(err, "CRDB-SAdf2", "begin failed") + return zerrors.ThrowInternal(err, "CRDB-SAdf2", "begin failed") } for i, execute := range check.Init().Executes { logging.WithFields("projection", h.projection.Name(), "execute", i).Debug("executing check") @@ -274,7 +274,7 @@ func execNextIfExists(config execConfig, q query, opts []execOption, executeNext } func isErrAlreadyExists(err error) bool { - caosErr := &errs.CaosError{} + caosErr := &zerrors.ZitadelError{} if !errors.As(err, &caosErr) { return false } diff --git a/internal/eventstore/handler/v2/state.go b/internal/eventstore/handler/v2/state.go index 4506135d77..cdd9a3b9b9 100644 --- a/internal/eventstore/handler/v2/state.go +++ b/internal/eventstore/handler/v2/state.go @@ -8,8 +8,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/api/authz" - errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type state struct { @@ -19,7 +19,7 @@ type state struct { aggregateType eventstore.AggregateType aggregateID string sequence uint64 - offset uint16 + offset uint32 } var ( @@ -46,7 +46,7 @@ func (h *Handler) currentState(ctx context.Context, tx *sql.Tx, config *triggerC sequence = new(sql.NullInt64) timestamp = new(sql.NullTime) position = new(sql.NullFloat64) - offset = new(sql.NullInt16) + offset = new(sql.NullInt64) ) stateQuery := currentStateStmt @@ -76,7 +76,8 @@ func (h *Handler) currentState(ctx context.Context, tx *sql.Tx, config *triggerC currentState.sequence = uint64(sequence.Int64) currentState.eventTimestamp = timestamp.Time currentState.position = position.Float64 - currentState.offset = uint16(offset.Int16) + // psql does not provide unsigned numbers so we work around it + currentState.offset = uint32(offset.Int64) return currentState, nil } @@ -97,7 +98,7 @@ func (h *Handler) setState(tx *sql.Tx, updatedState *state) error { } if affected, err := res.RowsAffected(); affected == 0 { h.log().OnError(err).Error("unable to check if states are updated") - return errs.ThrowInternal(err, "V2-FGEKi", "unable to update state") + return zerrors.ThrowInternal(err, "V2-FGEKi", "unable to update state") } return nil } @@ -111,7 +112,7 @@ func (h *Handler) lockState(tx *sql.Tx, instanceID string) error { return err } if affected, err := res.RowsAffected(); affected == 0 || err != nil { - return errs.ThrowInternal(err, "V2-lpiK0", "projection already locked") + return zerrors.ThrowInternal(err, "V2-lpiK0", "projection already locked") } return nil } diff --git a/internal/eventstore/handler/v2/state_test.go b/internal/eventstore/handler/v2/state_test.go index 15031e66b1..5e20773947 100644 --- a/internal/eventstore/handler/v2/state_test.go +++ b/internal/eventstore/handler/v2/state_test.go @@ -14,7 +14,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database/mock" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestHandler_lockState(t *testing.T) { @@ -80,7 +80,7 @@ func TestHandler_lockState(t *testing.T) { instanceID: "instance", }, isErr: func(t *testing.T, err error) { - if !errors.Is(err, errs.ThrowInternal(nil, "V2-lpiK0", "")) { + if !errors.Is(err, zerrors.ThrowInternal(nil, "V2-lpiK0", "")) { t.Errorf("unexpected error: want internal (V2lpiK0), got: %v", err) } }, @@ -195,7 +195,7 @@ func TestHandler_updateLastUpdated(t *testing.T) { }, }, isErr: func(t *testing.T, err error) { - if !errors.Is(err, errs.ThrowInternal(nil, "V2-FGEKi", "")) { + if !errors.Is(err, zerrors.ThrowInternal(nil, "V2-FGEKi", "")) { t.Errorf("unexpected error, want: %v, got %v", sql.ErrTxDone, err) } }, diff --git a/internal/eventstore/handler/v2/statement.go b/internal/eventstore/handler/v2/statement.go index f2c915f634..0816d5b451 100644 --- a/internal/eventstore/handler/v2/statement.go +++ b/internal/eventstore/handler/v2/statement.go @@ -3,7 +3,7 @@ package handler import ( "database/sql" "encoding/json" - errs "errors" + "errors" "strconv" "strings" "time" @@ -11,8 +11,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) func (h *Handler) eventsToStatements(tx *sql.Tx, events []eventstore.Event, currentState *state) (statements []*Statement, err error) { @@ -65,7 +65,7 @@ type Statement struct { CreationDate time.Time InstanceID string - offset uint16 + offset uint32 Execute Exec } @@ -79,9 +79,9 @@ func WithTableSuffix(name string) func(*execConfig) { } var ( - ErrNoProjection = errs.New("no projection") - ErrNoValues = errs.New("no values") - ErrNoCondition = errs.New("no condition") + ErrNoProjection = errors.New("no projection") + ErrNoValues = errors.New("no values") + ErrNoCondition = errors.New("no condition") ) func NewStatement(event eventstore.Event, e Exec) *Statement { @@ -558,7 +558,7 @@ func exec(config execConfig, q query, opts []execOption) Exec { _, err = ex.Exec("SAVEPOINT stmt_exec") if err != nil { - return errors.ThrowInternal(err, "CRDB-YdOXD", "create savepoint failed") + return zerrors.ThrowInternal(err, "CRDB-YdOXD", "create savepoint failed") } defer func() { if err != nil { @@ -570,7 +570,7 @@ func exec(config execConfig, q query, opts []execOption) Exec { }() _, err = ex.Exec(q(config), config.args...) if err != nil { - return errors.ThrowInternal(err, "CRDB-pKtsr", "exec failed") + return zerrors.ThrowInternal(err, "CRDB-pKtsr", "exec failed") } return nil diff --git a/internal/eventstore/repository/mock/repository.mock.impl.go b/internal/eventstore/repository/mock/repository.mock.impl.go index bf49929c7b..6ae64ddf0f 100644 --- a/internal/eventstore/repository/mock/repository.mock.impl.go +++ b/internal/eventstore/repository/mock/repository.mock.impl.go @@ -75,11 +75,15 @@ func (m *MockRepository) ExpectInstanceIDsError(err error) *MockRepository { return m } -func (m *MockRepository) ExpectPush(expectedCommands []eventstore.Command) *MockRepository { +// ExpectPush checks if the expectedCommands are send to the Push method. +// The call will sleep at least the amount of passed duration. +func (m *MockRepository) ExpectPush(expectedCommands []eventstore.Command, sleep time.Duration) *MockRepository { m.MockPusher.EXPECT().Push(gomock.Any(), gomock.Any()).DoAndReturn( func(ctx context.Context, commands ...eventstore.Command) ([]eventstore.Event, error) { m.MockPusher.ctrl.T.Helper() + time.Sleep(sleep) + if len(expectedCommands) != len(commands) { return nil, fmt.Errorf("unexpected amount of commands: want %d, got %d", len(expectedCommands), len(commands)) } diff --git a/internal/eventstore/repository/search_query.go b/internal/eventstore/repository/search_query.go index b0c7769cb1..3d6d015772 100644 --- a/internal/eventstore/repository/search_query.go +++ b/internal/eventstore/repository/search_query.go @@ -4,8 +4,8 @@ import ( "database/sql" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) // SearchQuery defines the which and how data are queried @@ -17,7 +17,7 @@ type SearchQuery struct { AllowTimeTravel bool AwaitOpenTransactions bool Limit uint64 - Offset uint16 + Offset uint32 Desc bool InstanceID *Filter @@ -99,16 +99,16 @@ func NewFilter(field Field, value interface{}, operation Operation) *Filter { // Validate checks if the fields of the filter have valid values func (f *Filter) Validate() error { if f == nil { - return errors.ThrowPreconditionFailed(nil, "REPO-z6KcG", "filter is nil") + return zerrors.ThrowPreconditionFailed(nil, "REPO-z6KcG", "filter is nil") } if f.Field <= 0 || f.Field >= fieldCount { - return errors.ThrowPreconditionFailed(nil, "REPO-zw62U", "field not definded") + return zerrors.ThrowPreconditionFailed(nil, "REPO-zw62U", "field not definded") } if f.Value == nil { - return errors.ThrowPreconditionFailed(nil, "REPO-GJ9ct", "no value definded") + return zerrors.ThrowPreconditionFailed(nil, "REPO-GJ9ct", "no value definded") } if f.Operation <= 0 || f.Operation >= operationCount { - return errors.ThrowPreconditionFailed(nil, "REPO-RrQTy", "operation not definded") + return zerrors.ThrowPreconditionFailed(nil, "REPO-RrQTy", "operation not definded") } return nil } @@ -116,7 +116,7 @@ func (f *Filter) Validate() error { func QueryFromBuilder(builder *eventstore.SearchQueryBuilder) (*SearchQuery, error) { if builder == nil || builder.GetColumns().Validate() != nil { - return nil, errors.ThrowPreconditionFailed(nil, "MODEL-4m9gs", "builder invalid") + return nil, zerrors.ThrowPreconditionFailed(nil, "MODEL-4m9gs", "builder invalid") } query := &SearchQuery{ diff --git a/internal/eventstore/repository/sql/crdb.go b/internal/eventstore/repository/sql/crdb.go index 351587c1f4..5e53614be4 100644 --- a/internal/eventstore/repository/sql/crdb.go +++ b/internal/eventstore/repository/sql/crdb.go @@ -17,9 +17,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/database/dialect" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -190,7 +190,7 @@ func (db *CRDB) Push(ctx context.Context, commands ...eventstore.Command) (event "eventType", e.Type(), "instanceID", e.Aggregate().InstanceID, ).WithError(err).Debug("query failed") - return caos_errs.ThrowInternal(err, "SQL-SBP37", "unable to create event") + return zerrors.ThrowInternal(err, "SQL-SBP37", "unable to create event") } uniqueConstraints = append(uniqueConstraints, command.UniqueConstraints()...) @@ -199,8 +199,8 @@ func (db *CRDB) Push(ctx context.Context, commands ...eventstore.Command) (event return db.handleUniqueConstraints(ctx, tx, uniqueConstraints...) }) - if err != nil && !errors.Is(err, &caos_errs.CaosError{}) { - err = caos_errs.ThrowInternal(err, "SQL-DjgtG", "unable to store events") + if err != nil && !errors.Is(err, &zerrors.ZitadelError{}) { + err = zerrors.ThrowInternal(err, "SQL-DjgtG", "unable to store events") } return events, err @@ -223,10 +223,10 @@ func (db *CRDB) handleUniqueConstraints(ctx context.Context, tx *sql.Tx, uniqueC "unique_field", uniqueConstraint.UniqueField).WithError(err).Info("insert unique constraint failed") if db.isUniqueViolationError(err) { - return caos_errs.ThrowAlreadyExists(err, "SQL-wHcEq", uniqueConstraint.ErrorMessage) + return zerrors.ThrowAlreadyExists(err, "SQL-wHcEq", uniqueConstraint.ErrorMessage) } - return caos_errs.ThrowInternal(err, "SQL-dM9ds", "unable to create unique constraint") + return zerrors.ThrowInternal(err, "SQL-dM9ds", "unable to create unique constraint") } case eventstore.UniqueConstraintRemove: _, err := tx.ExecContext(ctx, uniqueDelete, uniqueConstraint.UniqueType, uniqueConstraint.UniqueField, authz.GetInstance(ctx).InstanceID()) @@ -234,14 +234,14 @@ func (db *CRDB) handleUniqueConstraints(ctx context.Context, tx *sql.Tx, uniqueC logging.WithFields( "unique_type", uniqueConstraint.UniqueType, "unique_field", uniqueConstraint.UniqueField).WithError(err).Info("delete unique constraint failed") - return caos_errs.ThrowInternal(err, "SQL-6n88i", "unable to remove unique constraint") + return zerrors.ThrowInternal(err, "SQL-6n88i", "unable to remove unique constraint") } case eventstore.UniqueConstraintInstanceRemove: _, err := tx.ExecContext(ctx, uniqueDeleteInstance, authz.GetInstance(ctx).InstanceID()) if err != nil { logging.WithFields( "instance_id", authz.GetInstance(ctx).InstanceID()).WithError(err).Info("delete instance unique constraints failed") - return caos_errs.ThrowInternal(err, "SQL-6n88i", "unable to remove unique constraints of instance") + return zerrors.ThrowInternal(err, "SQL-6n88i", "unable to remove unique constraints of instance") } } } diff --git a/internal/eventstore/repository/sql/query.go b/internal/eventstore/repository/sql/query.go index a2eda79d3e..6cd0672e46 100644 --- a/internal/eventstore/repository/sql/query.go +++ b/internal/eventstore/repository/sql/query.go @@ -14,9 +14,9 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/database/dialect" - z_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) type querier interface { @@ -62,7 +62,7 @@ func query(ctx context.Context, criteria querier, searchQuery *eventstore.Search query, rowScanner := prepareColumns(criteria, q.Columns, useV1) where, values := prepareConditions(criteria, q, useV1) if where == "" || query == "" { - return z_errors.ThrowInvalidArgument(nil, "SQL-rWeBw", "invalid query factory") + return zerrors.ThrowInvalidArgument(nil, "SQL-rWeBw", "invalid query factory") } if q.Tx == nil { if travel := prepareTimeTravel(ctx, criteria, q.AllowTimeTravel); travel != "" { @@ -116,7 +116,7 @@ func query(ctx context.Context, criteria querier, searchQuery *eventstore.Search }, query, values...) if err != nil { logging.New().WithError(err).Info("query failed") - return z_errors.ThrowInternal(err, "SQL-KyeAx", "unable to filter events") + return zerrors.ThrowInternal(err, "SQL-KyeAx", "unable to filter events") } return nil @@ -146,25 +146,25 @@ func prepareTimeTravel(ctx context.Context, criteria querier, allow bool) string func maxSequenceScanner(row scan, dest interface{}) (err error) { position, ok := dest.(*sql.NullFloat64) if !ok { - return z_errors.ThrowInvalidArgumentf(nil, "SQL-NBjA9", "type must be sql.NullInt64 got: %T", dest) + return zerrors.ThrowInvalidArgumentf(nil, "SQL-NBjA9", "type must be sql.NullInt64 got: %T", dest) } err = row(position) if err == nil || errors.Is(err, sql.ErrNoRows) { return nil } - return z_errors.ThrowInternal(err, "SQL-bN5xg", "something went wrong") + return zerrors.ThrowInternal(err, "SQL-bN5xg", "something went wrong") } func instanceIDsScanner(scanner scan, dest interface{}) (err error) { ids, ok := dest.(*[]string) if !ok { - return z_errors.ThrowInvalidArgument(nil, "SQL-Begh2", "type must be an array of string") + return zerrors.ThrowInvalidArgument(nil, "SQL-Begh2", "type must be an array of string") } var id string err = scanner(&id) if err != nil { logging.WithError(err).Warn("unable to scan row") - return z_errors.ThrowInternal(err, "SQL-DEFGe", "unable to scan row") + return zerrors.ThrowInternal(err, "SQL-DEFGe", "unable to scan row") } *ids = append(*ids, id) @@ -175,7 +175,7 @@ func eventsScanner(useV1 bool) func(scanner scan, dest interface{}) (err error) return func(scanner scan, dest interface{}) (err error) { reduce, ok := dest.(eventstore.Reducer) if !ok { - return z_errors.ThrowInvalidArgumentf(nil, "SQL-4GP6F", "events scanner: invalid type %T", dest) + return zerrors.ThrowInvalidArgumentf(nil, "SQL-4GP6F", "events scanner: invalid type %T", dest) } event := new(repository.Event) position := new(sql.NullFloat64) @@ -213,7 +213,7 @@ func eventsScanner(useV1 bool) func(scanner scan, dest interface{}) (err error) if err != nil { logging.New().WithError(err).Warn("unable to scan row") - return z_errors.ThrowInternal(err, "SQL-M0dsf", "unable to scan row") + return zerrors.ThrowInternal(err, "SQL-M0dsf", "unable to scan row") } event.Pos = position.Float64 return reduce(event) diff --git a/internal/eventstore/repository/sql/query_test.go b/internal/eventstore/repository/sql/query_test.go index 8d6f670384..6be560ce42 100644 --- a/internal/eventstore/repository/sql/query_test.go +++ b/internal/eventstore/repository/sql/query_test.go @@ -14,9 +14,9 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/database/cockroach" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) func Test_getCondition(t *testing.T) { @@ -142,7 +142,7 @@ func Test_prepareColumns(t *testing.T) { }, res: res{ query: `SELECT "position" FROM eventstore.events2`, - dbErr: errors.IsErrorInvalidArgument, + dbErr: zerrors.IsErrorInvalidArgument, }, }, { @@ -212,7 +212,7 @@ func Test_prepareColumns(t *testing.T) { }, res: res{ query: `SELECT creation_date, event_type, event_sequence, event_data, editor_user, resource_owner, instance_id, aggregate_type, aggregate_id, aggregate_version FROM eventstore.events`, - dbErr: errors.IsErrorInvalidArgument, + dbErr: zerrors.IsErrorInvalidArgument, }, }, { @@ -228,7 +228,7 @@ func Test_prepareColumns(t *testing.T) { }, res: res{ query: `SELECT creation_date, event_type, event_sequence, event_data, editor_user, resource_owner, instance_id, aggregate_type, aggregate_id, aggregate_version FROM eventstore.events`, - dbErr: errors.IsInternal, + dbErr: zerrors.IsInternal, }, }, } @@ -277,7 +277,7 @@ func prepareTestScan(err error, res []interface{}) scan { return err } if len(dests) != len(res) { - return errors.ThrowInvalidArgumentf(nil, "SQL-NML1q", "expected len %d got %d", len(res), len(dests)) + return zerrors.ThrowInvalidArgumentf(nil, "SQL-NML1q", "expected len %d got %d", len(res), len(dests)) } for i, r := range res { _, ok := dests[i].(*eventstore.Version) diff --git a/internal/eventstore/search_query.go b/internal/eventstore/search_query.go index 68321f9f91..65facd2c8a 100644 --- a/internal/eventstore/search_query.go +++ b/internal/eventstore/search_query.go @@ -6,7 +6,7 @@ import ( "time" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) // SearchQueryBuilder represents the builder for your filter @@ -14,7 +14,7 @@ import ( type SearchQueryBuilder struct { columns Columns limit uint64 - offset uint16 + offset uint32 desc bool resourceOwner string instanceID *string @@ -38,7 +38,7 @@ func (b *SearchQueryBuilder) GetLimit() uint64 { return b.limit } -func (b *SearchQueryBuilder) GetOffset() uint16 { +func (b *SearchQueryBuilder) GetOffset() uint32 { return b.offset } @@ -141,7 +141,7 @@ const ( func (c Columns) Validate() error { if c <= 0 || c >= columnsCount { - return errors.ThrowPreconditionFailed(nil, "REPOS-x8R35", "column out of range") + return zerrors.ThrowPreconditionFailed(nil, "REPOS-x8R35", "column out of range") } return nil } @@ -160,7 +160,7 @@ func (builder *SearchQueryBuilder) Matches(commands ...Command) []Command { if builder.limit > 0 && builder.limit <= uint64(len(matches)) { break } - if builder.offset > 0 && uint16(i) < builder.offset { + if builder.offset > 0 && uint32(i) < builder.offset { continue } @@ -213,7 +213,7 @@ func (builder *SearchQueryBuilder) Limit(limit uint64) *SearchQueryBuilder { } // Limit defines how many events are returned maximally. -func (builder *SearchQueryBuilder) Offset(offset uint16) *SearchQueryBuilder { +func (builder *SearchQueryBuilder) Offset(offset uint32) *SearchQueryBuilder { builder.offset = offset return builder } diff --git a/internal/eventstore/v1/models/event.go b/internal/eventstore/v1/models/event.go index 82f7d3f8e8..8c50d64da0 100644 --- a/internal/eventstore/v1/models/event.go +++ b/internal/eventstore/v1/models/event.go @@ -5,8 +5,8 @@ import ( "reflect" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type EventType string @@ -101,7 +101,7 @@ func eventData(i interface{}) ([]byte, error) { case map[string]interface{}: bytes, err := json.Marshal(v) if err != nil { - return nil, errors.ThrowInvalidArgument(err, "MODEL-s2fgE", "unable to marshal data") + return nil, zerrors.ThrowInvalidArgument(err, "MODEL-s2fgE", "unable to marshal data") } return bytes, nil case nil: @@ -112,11 +112,11 @@ func eventData(i interface{}) ([]byte, error) { t = t.Elem() } if t.Kind() != reflect.Struct { - return nil, errors.ThrowInvalidArgument(nil, "MODEL-rjWdN", "data is not valid") + return nil, zerrors.ThrowInvalidArgument(nil, "MODEL-rjWdN", "data is not valid") } bytes, err := json.Marshal(v) if err != nil { - return nil, errors.ThrowInvalidArgument(err, "MODEL-Y2OpM", "unable to marshal data") + return nil, zerrors.ThrowInvalidArgument(err, "MODEL-Y2OpM", "unable to marshal data") } return bytes, nil } @@ -124,29 +124,29 @@ func eventData(i interface{}) ([]byte, error) { func (e *Event) Validate() error { if e == nil { - return errors.ThrowPreconditionFailed(nil, "MODEL-oEAG4", "event is nil") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-oEAG4", "event is nil") } if string(e.Typ) == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-R2sB0", "type not defined") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-R2sB0", "type not defined") } if e.AggregateID == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-A6WwL", "aggregate id not set") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-A6WwL", "aggregate id not set") } if e.AggregateType == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-EzdyK", "aggregate type not set") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-EzdyK", "aggregate type not set") } if err := e.AggregateVersion.Validate(); err != nil { - return errors.ThrowPreconditionFailed(err, "MODEL-KO71q", "version invalid") + return zerrors.ThrowPreconditionFailed(err, "MODEL-KO71q", "version invalid") } if e.Service == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-4Yqik", "editor service not set") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-4Yqik", "editor service not set") } if e.User == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-L3NHO", "editor user not set") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-L3NHO", "editor user not set") } if e.ResourceOwner == "" { - return errors.ThrowPreconditionFailed(nil, "MODEL-omFVT", "resource ow") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-omFVT", "resource ow") } return nil } diff --git a/internal/eventstore/v3/event.go b/internal/eventstore/v3/event.go index f99e91b050..e1c95f13ff 100644 --- a/internal/eventstore/v3/event.go +++ b/internal/eventstore/v3/event.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -31,7 +31,7 @@ func commandToEvent(sequence *latestSequence, command eventstore.Command) (_ *ev payload, err = json.Marshal(command.Payload()) if err != nil { logging.WithError(err).Warn("marshal payload failed") - return nil, errors.ThrowInternal(err, "V3-MInPK", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V3-MInPK", "Errors.Internal") } } return &event{ @@ -95,7 +95,7 @@ func (e *event) Unmarshal(ptr any) error { return nil } if err := json.Unmarshal(e.payload, ptr); err != nil { - return errors.ThrowInternal(err, "V3-u8qVo", "Errors.Internal") + return zerrors.ThrowInternal(err, "V3-u8qVo", "Errors.Internal") } return nil diff --git a/internal/eventstore/v3/push.go b/internal/eventstore/v3/push.go index b954b5ca45..a86e426132 100644 --- a/internal/eventstore/v3/push.go +++ b/internal/eventstore/v3/push.go @@ -4,7 +4,7 @@ import ( "context" "database/sql" _ "embed" - errs "errors" + "errors" "fmt" "strconv" "strings" @@ -14,8 +14,8 @@ import ( "github.com/jackc/pgconn" "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) func (es *Eventstore) Push(ctx context.Context, commands ...eventstore.Command) (events []eventstore.Event, err error) { @@ -77,16 +77,16 @@ func insertEvents(ctx context.Context, tx *sql.Tx, sequences []*latestSequence, if err := rows.Err(); err != nil { pgErr := new(pgconn.PgError) - if errs.As(err, &pgErr) { + if errors.As(err, &pgErr) { // Check if push tries to write an event just written // by another transaction if pgErr.Code == "40001" { // TODO: @livio-a should we return the parent or not? - return nil, errors.ThrowInvalidArgument(err, "V3-p5xAn", "Errors.AlreadyExists") + return nil, zerrors.ThrowInvalidArgument(err, "V3-p5xAn", "Errors.AlreadyExists") } } logging.WithError(rows.Err()).Warn("failed to push events") - return nil, errors.ThrowInternal(err, "V3-VGnZY", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V3-VGnZY", "Errors.Internal") } return events, nil @@ -132,7 +132,7 @@ func mapCommands(commands []eventstore.Command, sequences []*latestSequence) (ev revision, err := strconv.Atoi(strings.TrimPrefix(string(events[i].(*event).aggregate.Version), "v")) if err != nil { - return nil, nil, nil, errors.ThrowInternal(err, "V3-JoZEp", "Errors.Internal") + return nil, nil, nil, zerrors.ThrowInternal(err, "V3-JoZEp", "Errors.Internal") } args = append(args, events[i].(*event).aggregate.InstanceID, diff --git a/internal/eventstore/v3/sequence.go b/internal/eventstore/v3/sequence.go index 3155ac3a92..8d84ef4755 100644 --- a/internal/eventstore/v3/sequence.go +++ b/internal/eventstore/v3/sequence.go @@ -10,8 +10,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type latestSequence struct { @@ -26,20 +26,20 @@ func latestSequences(ctx context.Context, tx *sql.Tx, commands []eventstore.Comm sequences := commandsToSequences(ctx, commands) conditions, args := sequencesToSql(sequences) - rows, err := tx.QueryContext(ctx, fmt.Sprintf(latestSequencesStmt, strings.Join(conditions, " OR ")), args...) + rows, err := tx.QueryContext(ctx, fmt.Sprintf(latestSequencesStmt, strings.Join(conditions, " UNION ALL ")), args...) if err != nil { - return nil, errors.ThrowInternal(err, "V3-5jU5z", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V3-5jU5z", "Errors.Internal") } defer rows.Close() for rows.Next() { if err := scanToSequence(rows, sequences); err != nil { - return nil, errors.ThrowInternal(err, "V3-Ydiwv", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "V3-Ydiwv", "Errors.Internal") } } if rows.Err() != nil { - return nil, errors.ThrowInternal(rows.Err(), "V3-XApDk", "Errors.Internal") + return nil, zerrors.ThrowInternal(rows.Err(), "V3-XApDk", "Errors.Internal") } return sequences, nil } @@ -92,7 +92,7 @@ func sequencesToSql(sequences []*latestSequence) (conditions []string, args []an conditions = make([]string, len(sequences)) for i, sequence := range sequences { - conditions[i] = fmt.Sprintf("(instance_id = $%d AND aggregate_type = $%d AND aggregate_id = $%d)", + conditions[i] = fmt.Sprintf(`(SELECT instance_id, aggregate_type, aggregate_id, "sequence" FROM eventstore.events2 WHERE instance_id = $%d AND aggregate_type = $%d AND aggregate_id = $%d ORDER BY "sequence" DESC LIMIT 1)`, i*argsPerCondition+1, i*argsPerCondition+2, i*argsPerCondition+3, @@ -110,7 +110,7 @@ func scanToSequence(rows *sql.Rows, sequences []*latestSequence) error { var resourceOwner string if err := rows.Scan(&instanceID, &resourceOwner, &aggregateType, &aggregateID, ¤tSequence); err != nil { - return errors.ThrowInternal(err, "V3-OIWqj", "Errors.Internal") + return zerrors.ThrowInternal(err, "V3-OIWqj", "Errors.Internal") } sequence := searchSequence(sequences, aggregateType, aggregateID, instanceID) diff --git a/internal/eventstore/v3/sequence_test.go b/internal/eventstore/v3/sequence_test.go index 55ee73831d..d755c0dbd2 100644 --- a/internal/eventstore/v3/sequence_test.go +++ b/internal/eventstore/v3/sequence_test.go @@ -247,7 +247,7 @@ func Test_sequencesToSql(t *testing.T) { }, }, wantConditions: []string{ - "(instance_id = $1 AND aggregate_type = $2 AND aggregate_id = $3)", + `(SELECT instance_id, aggregate_type, aggregate_id, "sequence" FROM eventstore.events2 WHERE instance_id = $1 AND aggregate_type = $2 AND aggregate_id = $3 ORDER BY "sequence" DESC LIMIT 1)`, }, wantArgs: []any{ "instance", @@ -266,8 +266,8 @@ func Test_sequencesToSql(t *testing.T) { }, }, wantConditions: []string{ - "(instance_id = $1 AND aggregate_type = $2 AND aggregate_id = $3)", - "(instance_id = $4 AND aggregate_type = $5 AND aggregate_id = $6)", + `(SELECT instance_id, aggregate_type, aggregate_id, "sequence" FROM eventstore.events2 WHERE instance_id = $1 AND aggregate_type = $2 AND aggregate_id = $3 ORDER BY "sequence" DESC LIMIT 1)`, + `(SELECT instance_id, aggregate_type, aggregate_id, "sequence" FROM eventstore.events2 WHERE instance_id = $4 AND aggregate_type = $5 AND aggregate_id = $6 ORDER BY "sequence" DESC LIMIT 1)`, }, wantArgs: []any{ "instance", diff --git a/internal/eventstore/v3/sequences_query.sql b/internal/eventstore/v3/sequences_query.sql index fb164013dc..468a275253 100644 --- a/internal/eventstore/v3/sequences_query.sql +++ b/internal/eventstore/v3/sequences_query.sql @@ -1,17 +1,5 @@ -with existing as ( - SELECT - instance_id - , aggregate_type - , aggregate_id - , MAX("sequence") "sequence" - FROM - eventstore.events2 existing - WHERE - %s - GROUP BY - instance_id - , aggregate_type - , aggregate_id +WITH existing AS ( + %s ) SELECT e.instance_id , e.owner @@ -23,8 +11,8 @@ FROM JOIN existing ON - e.instance_id = existing.instance_id - AND e.aggregate_type = existing.aggregate_type - AND e.aggregate_id = existing.aggregate_id - AND e.sequence = existing.sequence + e.instance_id = existing.instance_id + AND e.aggregate_type = existing.aggregate_type + AND e.aggregate_id = existing.aggregate_id + AND e.sequence = existing.sequence FOR UPDATE; \ No newline at end of file diff --git a/internal/eventstore/v3/unique_constraints.go b/internal/eventstore/v3/unique_constraints.go index 78a956afdb..34967e9b39 100644 --- a/internal/eventstore/v3/unique_constraints.go +++ b/internal/eventstore/v3/unique_constraints.go @@ -11,8 +11,8 @@ import ( "github.com/jackc/pgconn" "github.com/zitadel/logging" - errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -61,7 +61,7 @@ func handleUniqueConstraints(ctx context.Context, tx *sql.Tx, commands []eventst if constraint := constraintFromErr(err, deleteConstraints); constraint != nil { errMessage = constraint.ErrorMessage } - return errs.ThrowInternal(err, "V3-C8l3V", errMessage) + return zerrors.ThrowInternal(err, "V3-C8l3V", errMessage) } } if len(addPlaceholders) > 0 { @@ -72,7 +72,7 @@ func handleUniqueConstraints(ctx context.Context, tx *sql.Tx, commands []eventst if constraint := constraintFromErr(err, addConstraints); constraint != nil { errMessage = constraint.ErrorMessage } - return errs.ThrowAlreadyExists(err, "V3-DKcYh", errMessage) + return zerrors.ThrowAlreadyExists(err, "V3-DKcYh", errMessage) } } return nil diff --git a/internal/eventstore/version.go b/internal/eventstore/version.go index 518b78d155..9e9bb6b35b 100644 --- a/internal/eventstore/version.go +++ b/internal/eventstore/version.go @@ -3,7 +3,7 @@ package eventstore import ( "regexp" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type Version string @@ -12,7 +12,7 @@ var versionRegexp = regexp.MustCompile(`^v[0-9]+(\.[0-9]+){0,2}$`) func (v Version) Validate() error { if !versionRegexp.MatchString(string(v)) { - return errors.ThrowPreconditionFailed(nil, "MODEL-luDuS", "version is not semver") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-luDuS", "version is not semver") } return nil } diff --git a/internal/form/parser.go b/internal/form/parser.go index abffac10c5..63986dcc2a 100644 --- a/internal/form/parser.go +++ b/internal/form/parser.go @@ -5,7 +5,7 @@ import ( "github.com/gorilla/schema" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type Parser struct { @@ -21,7 +21,7 @@ func NewParser() *Parser { func (p *Parser) Parse(r *http.Request, data interface{}) error { err := r.ParseForm() if err != nil { - return errors.ThrowInternal(err, "FORM-lCC9zI", "Errors.Internal") + return zerrors.ThrowInternal(err, "FORM-lCC9zI", "Errors.Internal") } return p.decoder.Decode(data, r.Form) diff --git a/internal/i18n/bundle.go b/internal/i18n/bundle.go new file mode 100644 index 0000000000..822b91fa08 --- /dev/null +++ b/internal/i18n/bundle.go @@ -0,0 +1,60 @@ +package i18n + +import ( + "encoding/json" + "io" + "net/http" + "os" + "path/filepath" + "strings" + + "github.com/BurntSushi/toml" + "github.com/nicksnyder/go-i18n/v2/i18n" + "golang.org/x/text/language" + "sigs.k8s.io/yaml" + + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/zerrors" +) + +const i18nPath = "/i18n" + +func newBundle(dir http.FileSystem, defaultLanguage language.Tag, allowedLanguages []language.Tag) (*i18n.Bundle, error) { + bundle := i18n.NewBundle(defaultLanguage) + bundle.RegisterUnmarshalFunc("yaml", func(data []byte, v interface{}) error { return yaml.Unmarshal(data, v) }) + bundle.RegisterUnmarshalFunc("json", json.Unmarshal) + bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal) + i18nDir, err := dir.Open(i18nPath) + if err != nil { + return nil, zerrors.ThrowNotFound(err, "I18N-MnXRie", "path not found") + } + defer i18nDir.Close() + files, err := i18nDir.Readdir(0) + if err != nil { + return nil, zerrors.ThrowNotFound(err, "I18N-Gew23", "cannot read dir") + } + for _, file := range files { + fileLang, _ := strings.CutSuffix(file.Name(), filepath.Ext(file.Name())) + if err = domain.LanguageIsAllowed(false, allowedLanguages, language.Make(fileLang)); err != nil { + continue + } + if err := addFileFromFileSystemToBundle(dir, bundle, file); err != nil { + return nil, zerrors.ThrowNotFoundf(err, "I18N-ZS2AW", "cannot append file %s to Bundle", file.Name()) + } + } + return bundle, nil +} + +func addFileFromFileSystemToBundle(dir http.FileSystem, bundle *i18n.Bundle, file os.FileInfo) error { + f, err := dir.Open("/i18n/" + file.Name()) + if err != nil { + return err + } + defer f.Close() + content, err := io.ReadAll(f) + if err != nil { + return err + } + _, err = bundle.ParseMessageFileBytes(content, file.Name()) + return err +} diff --git a/internal/i18n/fs.go b/internal/i18n/fs.go new file mode 100644 index 0000000000..eac34ba8e6 --- /dev/null +++ b/internal/i18n/fs.go @@ -0,0 +1,48 @@ +package i18n + +import ( + "net/http" + + "github.com/rakyll/statik/fs" + "github.com/zitadel/logging" +) + +var zitadelFS, loginFS, notificationFS http.FileSystem + +type Namespace string + +const ( + ZITADEL Namespace = "zitadel" + LOGIN Namespace = "login" + NOTIFICATION Namespace = "notification" +) + +func LoadFilesystem(ns Namespace) http.FileSystem { + var err error + defer func() { + if err != nil { + logging.WithFields("namespace", ns).OnError(err).Panic("unable to get namespace") + } + }() + switch ns { + case ZITADEL: + if zitadelFS != nil { + return zitadelFS + } + zitadelFS, err = fs.NewWithNamespace(string(ns)) + return zitadelFS + case LOGIN: + if loginFS != nil { + return loginFS + } + loginFS, err = fs.NewWithNamespace(string(ns)) + return loginFS + case NOTIFICATION: + if notificationFS != nil { + return notificationFS + } + notificationFS, err = fs.NewWithNamespace(string(ns)) + return notificationFS + } + return nil +} diff --git a/internal/i18n/languages.go b/internal/i18n/languages.go new file mode 100644 index 0000000000..f3acdb4eba --- /dev/null +++ b/internal/i18n/languages.go @@ -0,0 +1,51 @@ +package i18n + +import ( + "errors" + "strings" + + "golang.org/x/text/language" +) + +var supportedLanguages []language.Tag + +func SupportedLanguages() []language.Tag { + if supportedLanguages == nil { + panic("supported languages not loaded") + } + return supportedLanguages +} + +func SupportLanguages(languages ...language.Tag) { + supportedLanguages = languages +} + +func MustLoadSupportedLanguagesFromDir() { + var err error + defer func() { + if err != nil { + panic("failed to load supported languages: " + err.Error()) + } + }() + if supportedLanguages != nil { + return + } + i18nDir, err := LoadFilesystem(LOGIN).Open(i18nPath) + if err != nil { + return + } + defer func() { + err = errors.Join(err, i18nDir.Close()) + }() + files, err := i18nDir.Readdir(0) + if err != nil { + return + } + supportedLanguages = make([]language.Tag, 0, len(files)) + for _, file := range files { + lang := language.Make(strings.TrimSuffix(file.Name(), ".yaml")) + if lang != language.Und { + supportedLanguages = append(supportedLanguages, lang) + } + } +} diff --git a/internal/i18n/i18n.go b/internal/i18n/translator.go similarity index 63% rename from internal/i18n/i18n.go rename to internal/i18n/translator.go index a399ae1fc7..a60932bd6c 100644 --- a/internal/i18n/i18n.go +++ b/internal/i18n/translator.go @@ -2,26 +2,15 @@ package i18n import ( "context" - "encoding/json" - "io/ioutil" "net/http" - "os" - "strings" - "github.com/BurntSushi/toml" "github.com/grpc-ecosystem/go-grpc-middleware/util/metautils" "github.com/nicksnyder/go-i18n/v2/i18n" "github.com/zitadel/logging" "golang.org/x/text/language" - "sigs.k8s.io/yaml" "github.com/zitadel/zitadel/internal/api/authz" http_util "github.com/zitadel/zitadel/internal/api/http" - "github.com/zitadel/zitadel/internal/errors" -) - -const ( - i18nPath = "/i18n" ) type Translator struct { @@ -29,6 +18,7 @@ type Translator struct { cookieName string cookieHandler *http_util.CookieHandler preferredLanguages []string + allowedLanguages []language.Tag } type TranslatorConfig struct { @@ -41,10 +31,27 @@ type Message struct { Text string } -func NewTranslator(dir http.FileSystem, defaultLanguage language.Tag, cookieName string) (*Translator, error) { +// NewZitadelTranslator translates to all supported languages, as the ZITADEL texts are not customizable. +func NewZitadelTranslator(defaultLanguage language.Tag) (*Translator, error) { + return newTranslator(ZITADEL, defaultLanguage, SupportedLanguages(), "") +} + +func NewNotificationTranslator(defaultLanguage language.Tag, allowedLanguages []language.Tag) (*Translator, error) { + return newTranslator(NOTIFICATION, defaultLanguage, allowedLanguages, "") +} + +func NewLoginTranslator(defaultLanguage language.Tag, allowedLanguages []language.Tag, cookieName string) (*Translator, error) { + return newTranslator(LOGIN, defaultLanguage, allowedLanguages, cookieName) +} + +func newTranslator(ns Namespace, defaultLanguage language.Tag, allowedLanguages []language.Tag, cookieName string) (*Translator, error) { t := new(Translator) var err error - t.bundle, err = newBundle(dir, defaultLanguage) + t.allowedLanguages = allowedLanguages + if len(t.allowedLanguages) == 0 { + t.allowedLanguages = SupportedLanguages() + } + t.bundle, err = newBundle(LoadFilesystem(ns), defaultLanguage, t.allowedLanguages) if err != nil { return nil, err } @@ -53,64 +60,8 @@ func NewTranslator(dir http.FileSystem, defaultLanguage language.Tag, cookieName return t, nil } -func newBundle(dir http.FileSystem, defaultLanguage language.Tag) (*i18n.Bundle, error) { - bundle := i18n.NewBundle(defaultLanguage) - bundle.RegisterUnmarshalFunc("yaml", func(data []byte, v interface{}) error { return yaml.Unmarshal(data, v) }) - bundle.RegisterUnmarshalFunc("json", json.Unmarshal) - bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal) - i18nDir, err := dir.Open(i18nPath) - if err != nil { - return nil, errors.ThrowNotFound(err, "I18N-MnXRie", "path not found") - } - defer i18nDir.Close() - files, err := i18nDir.Readdir(0) - if err != nil { - return nil, errors.ThrowNotFound(err, "I18N-Gew23", "cannot read dir") - } - for _, file := range files { - if err := addFileFromFileSystemToBundle(dir, bundle, file); err != nil { - return nil, errors.ThrowNotFoundf(err, "I18N-ZS2AW", "cannot append file %s to Bundle", file.Name()) - } - } - return bundle, nil -} - -func addFileFromFileSystemToBundle(dir http.FileSystem, bundle *i18n.Bundle, file os.FileInfo) error { - f, err := dir.Open("/i18n/" + file.Name()) - if err != nil { - return err - } - defer f.Close() - content, err := ioutil.ReadAll(f) - if err != nil { - return err - } - _, err = bundle.ParseMessageFileBytes(content, file.Name()) - return err -} - -func SupportedLanguages(dir http.FileSystem) ([]language.Tag, error) { - i18nDir, err := dir.Open("/i18n") - if err != nil { - return nil, errors.ThrowNotFound(err, "I18N-Dbt42", "cannot open dir") - } - defer i18nDir.Close() - files, err := i18nDir.Readdir(0) - if err != nil { - return nil, errors.ThrowNotFound(err, "I18N-Gh4zk", "cannot read dir") - } - languages := make([]language.Tag, 0, len(files)) - for _, file := range files { - lang := language.Make(strings.TrimSuffix(file.Name(), ".yaml")) - if lang != language.Und { - languages = append(languages, lang) - } - } - return languages, nil -} - func (t *Translator) SupportedLanguages() []language.Tag { - return t.bundle.LanguageTags() + return t.allowedLanguages } func (t *Translator) AddMessages(tag language.Tag, messages ...Message) error { @@ -144,7 +95,7 @@ func (t *Translator) LocalizeWithoutArgs(id string, langs ...string) string { } func (t *Translator) Lang(r *http.Request) language.Tag { - matcher := language.NewMatcher(t.bundle.LanguageTags()) + matcher := language.NewMatcher(t.allowedLanguages) tag, _ := language.MatchStrings(matcher, t.langsFromRequest(r)...) return tag } diff --git a/internal/iam/model/iam.go b/internal/iam/model/iam.go deleted file mode 100644 index a87276eede..0000000000 --- a/internal/iam/model/iam.go +++ /dev/null @@ -1,32 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type Step int - -const ( - Step1 Step = iota + 1 - Step2 - Step3 - Step4 - Step5 - Step6 - Step7 - Step8 - Step9 - Step10 - //StepCount marks the the length of possible steps (StepCount-1 == last possible step) - StepCount -) - -type IAM struct { - es_models.ObjectRoot - DefaultOrgID string - IAMProjectID string - SetUpDone domain.Step - SetUpStarted domain.Step - Members []*IAMMember -} diff --git a/internal/iam/model/iam_member.go b/internal/iam/model/iam_member.go deleted file mode 100644 index c808b0a3d0..0000000000 --- a/internal/iam/model/iam_member.go +++ /dev/null @@ -1,18 +0,0 @@ -package model - -import es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - -type IAMMember struct { - es_models.ObjectRoot - - UserID string - Roles []string -} - -func NewIAMMember(iamID, userID string) *IAMMember { - return &IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID} -} - -func (i *IAMMember) IsValid() bool { - return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0 -} diff --git a/internal/iam/model/idp_config.go b/internal/iam/model/idp_config.go deleted file mode 100644 index d80a039e90..0000000000 --- a/internal/iam/model/idp_config.go +++ /dev/null @@ -1,110 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/crypto" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type IDPConfig struct { - es_models.ObjectRoot - IDPConfigID string - Type IdpConfigType - Name string - StylingType IDPStylingType - State IDPConfigState - OIDCConfig *OIDCIDPConfig - JWTIDPConfig *JWTIDPConfig -} - -type OIDCIDPConfig struct { - es_models.ObjectRoot - IDPConfigID string - ClientID string - ClientSecret *crypto.CryptoValue - ClientSecretString string - Issuer string - Scopes []string - IDPDisplayNameMapping OIDCMappingField - UsernameMapping OIDCMappingField -} - -type JWTIDPConfig struct { - es_models.ObjectRoot - IDPConfigID string - JWTEndpoint string - Issuer string - KeysEndpoint string -} - -type IdpConfigType int32 - -const ( - IDPConfigTypeOIDC IdpConfigType = iota - IDPConfigTypeSAML - IDPConfigTypeJWT -) - -type IDPConfigState int32 - -const ( - IDPConfigStateActive IDPConfigState = iota - IDPConfigStateInactive - IDPConfigStateRemoved -) - -type IDPStylingType int32 - -const ( - IDPStylingTypeUnspecified IDPStylingType = iota - IDPStylingTypeGoogle -) - -type OIDCMappingField int32 - -const ( - OIDCMappingFieldUnspecified OIDCMappingField = iota - OIDCMappingFieldPreferredLoginName - OIDCMappingFieldEmail -) - -func NewIDPConfig(iamID, idpID string) *IDPConfig { - return &IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, IDPConfigID: idpID} -} - -func (idp *IDPConfig) IsValid(includeConfig bool) bool { - if idp.Name == "" || idp.AggregateID == "" { - return false - } - if !includeConfig { - return true - } - if idp.Type == IDPConfigTypeOIDC && !idp.OIDCConfig.IsValid(true) { - return false - } - return true -} - -func (oi *OIDCIDPConfig) IsValid(withSecret bool) bool { - if withSecret { - return oi.ClientID != "" && oi.Issuer != "" && oi.ClientSecretString != "" - } - return oi.ClientID != "" && oi.Issuer != "" -} - -func (oi *OIDCIDPConfig) CryptSecret(crypt crypto.Crypto) error { - cryptedSecret, err := crypto.Crypt([]byte(oi.ClientSecretString), crypt) - if err != nil { - return err - } - oi.ClientSecret = cryptedSecret - return nil -} - -func (st IDPStylingType) GetCSSClass() string { - switch st { - case IDPStylingTypeGoogle: - return "google" - default: - return "" - } -} diff --git a/internal/iam/model/idp_config_view.go b/internal/iam/model/idp_config_view.go deleted file mode 100644 index 3d3bddc461..0000000000 --- a/internal/iam/model/idp_config_view.go +++ /dev/null @@ -1,85 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type IDPConfigView struct { - AggregateID string - IDPConfigID string - Name string - StylingType IDPStylingType - AutoRegister bool - State IDPConfigState - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 - IDPProviderType IDPProviderType - - IsOIDC bool - OIDCClientID string - OIDCClientSecret *crypto.CryptoValue - OIDCIssuer string - OIDCScopes []string - OIDCIDPDisplayNameMapping OIDCMappingField - OIDCUsernameMapping OIDCMappingField - OAuthAuthorizationEndpoint string - OAuthTokenEndpoint string - JWTEndpoint string - JWTIssuer string - JWTKeysEndpoint string - JWTHeaderName string -} - -type IDPConfigSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn IDPConfigSearchKey - Asc bool - Queries []*IDPConfigSearchQuery -} - -type IDPConfigSearchKey int32 - -const ( - IDPConfigSearchKeyUnspecified IDPConfigSearchKey = iota - IDPConfigSearchKeyName - IDPConfigSearchKeyAggregateID - IDPConfigSearchKeyIdpConfigID - IDPConfigSearchKeyIdpProviderType - IDPConfigSearchKeyInstanceID - IDPConfigSearchKeyOwnerRemoved -) - -type IDPConfigSearchQuery struct { - Key IDPConfigSearchKey - Method domain.SearchMethod - Value interface{} -} - -type IDPConfigSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*IDPConfigView - Sequence uint64 - Timestamp time.Time -} - -func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-Mv9sd", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} - -func (r *IDPConfigSearchRequest) AppendMyOrgQuery(orgID, iamID string) { - r.Queries = append(r.Queries, &IDPConfigSearchQuery{Key: IDPConfigSearchKeyAggregateID, Method: domain.SearchMethodIsOneOf, Value: []string{orgID, iamID}}) -} diff --git a/internal/iam/model/idp_provider_view.go b/internal/iam/model/idp_provider_view.go deleted file mode 100644 index 562e371724..0000000000 --- a/internal/iam/model/idp_provider_view.go +++ /dev/null @@ -1,70 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type IDPProviderView struct { - AggregateID string - IDPConfigID string - IDPProviderType IDPProviderType - Name string - StylingType IDPStylingType - IDPConfigType IdpConfigType - IDPState IDPConfigState - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type IDPProviderSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn IDPProviderSearchKey - Asc bool - Queries []*IDPProviderSearchQuery -} - -type IDPProviderSearchKey int32 - -const ( - IDPProviderSearchKeyUnspecified IDPProviderSearchKey = iota - IDPProviderSearchKeyAggregateID - IDPProviderSearchKeyIdpConfigID - IDPProviderSearchKeyState - IDPProviderSearchKeyInstanceID - IDPProviderSearchKeyOwnerRemoved -) - -type IDPProviderSearchQuery struct { - Key IDPProviderSearchKey - Method domain.SearchMethod - Value interface{} -} - -type IDPProviderSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*IDPProviderView - Sequence uint64 - Timestamp time.Time -} - -func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-3n8fs", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} - -func (r *IDPProviderSearchRequest) AppendAggregateIDQuery(aggregateID string) { - r.Queries = append(r.Queries, &IDPProviderSearchQuery{Key: IDPProviderSearchKeyAggregateID, Method: domain.SearchMethodEquals, Value: aggregateID}) -} diff --git a/internal/iam/model/label_policy.go b/internal/iam/model/label_policy.go deleted file mode 100644 index bbed48334c..0000000000 --- a/internal/iam/model/label_policy.go +++ /dev/null @@ -1,25 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type LabelPolicy struct { - models.ObjectRoot - - State PolicyState - Default bool - PrimaryColor string - BackgroundColor string - FontColor string - WarnColor string - PrimaryColorDark string - BackgroundColorDark string - FontColorDark string - WarnColorDark string - HideLoginNameSuffix bool -} - -func (p *LabelPolicy) IsValid() bool { - return p.ObjectRoot.AggregateID != "" -} diff --git a/internal/iam/model/label_policy_view.go b/internal/iam/model/label_policy_view.go index cdab0b44b9..c1995658f7 100644 --- a/internal/iam/model/label_policy_view.go +++ b/internal/iam/model/label_policy_view.go @@ -1,47 +1,9 @@ package model import ( - "time" - "github.com/zitadel/zitadel/internal/domain" ) -type LabelPolicyView struct { - AggregateID string - PrimaryColor string - BackgroundColor string - WarnColor string - FontColor string - LogoURL string - IconURL string - - PrimaryColorDark string - BackgroundColorDark string - WarnColorDark string - FontColorDark string - LogoDarkURL string - IconDarkURL string - FontURL string - - HideLoginNameSuffix bool - ErrorMsgPopup bool - DisableWatermark bool - - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type LabelPolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn LabelPolicySearchKey - Asc bool - Queries []*LabelPolicySearchQuery -} - type LabelPolicySearchKey int32 const ( @@ -57,12 +19,3 @@ type LabelPolicySearchQuery struct { Method domain.SearchMethod Value interface{} } - -type LabelPolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*LabelPolicyView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/model/login_policy.go b/internal/iam/model/login_policy.go index 09f6ec1bc3..65f9d43cc1 100644 --- a/internal/iam/model/login_policy.go +++ b/internal/iam/model/login_policy.go @@ -1,90 +1,8 @@ package model -import ( - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type LoginPolicy struct { - models.ObjectRoot - - State PolicyState - Default bool - AllowUsernamePassword bool - AllowRegister bool - AllowExternalIdp bool - IDPProviders []*IDPProvider - ForceMFA bool - SecondFactors []domain.SecondFactorType - MultiFactors []domain.MultiFactorType - PasswordlessType PasswordlessType -} - -type IDPProvider struct { - models.ObjectRoot - Type IDPProviderType - IDPConfigID string -} - type PolicyState int32 const ( PolicyStateActive PolicyState = iota PolicyStateRemoved ) - -type IDPProviderType int32 - -const ( - IDPProviderTypeSystem IDPProviderType = iota - IDPProviderTypeOrg -) - -type MultiFactorType int32 - -const ( - MultiFactorTypeUnspecified MultiFactorType = iota - MultiFactorTypeU2FWithPIN -) - -type PasswordlessType int32 - -const ( - PasswordlessTypeNotAllowed PasswordlessType = iota - PasswordlessTypeAllowed -) - -func (p *LoginPolicy) IsValid() bool { - return p.ObjectRoot.AggregateID != "" -} - -func (p *IDPProvider) IsValid() bool { - return p.ObjectRoot.AggregateID != "" && p.IDPConfigID != "" -} - -func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) { - for i, m := range p.IDPProviders { - if m.IDPConfigID == id { - return i, m - } - } - return -1, nil -} - -func (p *LoginPolicy) GetSecondFactor(mfaType domain.SecondFactorType) (int, domain.SecondFactorType) { - for i, m := range p.SecondFactors { - if m == mfaType { - return i, m - } - } - return -1, 0 -} - -func (p *LoginPolicy) GetMultiFactor(mfaType domain.MultiFactorType) (int, domain.MultiFactorType) { - for i, m := range p.MultiFactors { - if m == mfaType { - return i, m - } - } - return -1, 0 -} diff --git a/internal/iam/model/login_policy_view.go b/internal/iam/model/login_policy_view.go deleted file mode 100644 index c4aaafa828..0000000000 --- a/internal/iam/model/login_policy_view.go +++ /dev/null @@ -1,129 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type LoginPolicyView struct { - AggregateID string - AllowUsernamePassword bool - AllowRegister bool - AllowExternalIDP bool - ForceMFA bool - HidePasswordReset bool - PasswordlessType PasswordlessType - SecondFactors []domain.SecondFactorType - MultiFactors []domain.MultiFactorType - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type LoginPolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn LoginPolicySearchKey - Asc bool - Queries []*LoginPolicySearchQuery -} - -type LoginPolicySearchKey int32 - -const ( - LoginPolicySearchKeyUnspecified LoginPolicySearchKey = iota - LoginPolicySearchKeyAggregateID - LoginPolicySearchKeyDefault -) - -type LoginPolicySearchQuery struct { - Key LoginPolicySearchKey - Method domain.SearchMethod - Value interface{} -} - -type LoginPolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*LoginPolicyView - Sequence uint64 - Timestamp time.Time -} - -func (p *LoginPolicyView) HasSecondFactors() bool { - if p.SecondFactors == nil || len(p.SecondFactors) == 0 { - return false - } - return true -} - -func (p *LoginPolicyView) HasMultiFactors() bool { - if p.MultiFactors == nil || len(p.MultiFactors) == 0 { - return false - } - return true -} - -func (p *LoginPolicyView) ToLoginPolicyDomain() *domain.LoginPolicy { - return &domain.LoginPolicy{ - ObjectRoot: models.ObjectRoot{ - AggregateID: p.AggregateID, - CreationDate: p.CreationDate, - ChangeDate: p.ChangeDate, - Sequence: p.Sequence, - }, - Default: p.Default, - AllowUsernamePassword: p.AllowUsernamePassword, - AllowRegister: p.AllowRegister, - AllowExternalIDP: p.AllowExternalIDP, - ForceMFA: p.ForceMFA, - HidePasswordReset: p.HidePasswordReset, - PasswordlessType: passwordLessTypeToDomain(p.PasswordlessType), - SecondFactors: secondFactorsToDomain(p.SecondFactors), - MultiFactors: multiFactorsToDomain(p.MultiFactors), - } -} - -func passwordLessTypeToDomain(passwordless PasswordlessType) domain.PasswordlessType { - switch passwordless { - case PasswordlessTypeNotAllowed: - return domain.PasswordlessTypeNotAllowed - case PasswordlessTypeAllowed: - return domain.PasswordlessTypeAllowed - default: - return domain.PasswordlessTypeNotAllowed - } -} - -func secondFactorsToDomain(types []domain.SecondFactorType) []domain.SecondFactorType { - secondfactors := make([]domain.SecondFactorType, len(types)) - for i, secondfactorType := range types { - switch secondfactorType { - case domain.SecondFactorTypeU2F: - secondfactors[i] = domain.SecondFactorTypeU2F - case domain.SecondFactorTypeTOTP: - secondfactors[i] = domain.SecondFactorTypeTOTP - case domain.SecondFactorTypeOTPEmail: - secondfactors[i] = domain.SecondFactorTypeOTPEmail - case domain.SecondFactorTypeOTPSMS: - secondfactors[i] = domain.SecondFactorTypeOTPSMS - } - } - return secondfactors -} - -func multiFactorsToDomain(types []domain.MultiFactorType) []domain.MultiFactorType { - multifactors := make([]domain.MultiFactorType, len(types)) - for i, multifactorType := range types { - switch multifactorType { - case domain.MultiFactorTypeU2FWithPIN: - multifactors[i] = domain.MultiFactorTypeU2FWithPIN - } - } - return multifactors -} diff --git a/internal/iam/model/mail_template.go b/internal/iam/model/mail_template.go deleted file mode 100644 index c1b8dc9a04..0000000000 --- a/internal/iam/model/mail_template.go +++ /dev/null @@ -1,17 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type MailTemplate struct { - models.ObjectRoot - - State PolicyState - Default bool - Template []byte -} - -func (p *MailTemplate) IsValid() bool { - return p.ObjectRoot.AggregateID != "" -} diff --git a/internal/iam/model/mail_text.go b/internal/iam/model/mail_text.go deleted file mode 100644 index 1ca22c37bb..0000000000 --- a/internal/iam/model/mail_text.go +++ /dev/null @@ -1,29 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type MailTexts struct { - Texts []*MailText - Default bool -} -type MailText struct { - models.ObjectRoot - - State PolicyState - Default bool - MailTextType string - Language string - Title string - PreHeader string - Subject string - Greeting string - Text string - ButtonText string - FooterText string -} - -func (p *MailText) IsValid() bool { - return p.ObjectRoot.AggregateID != "" -} diff --git a/internal/iam/model/message_text_view.go b/internal/iam/model/message_text_view.go deleted file mode 100644 index 496bcee21c..0000000000 --- a/internal/iam/model/message_text_view.go +++ /dev/null @@ -1,59 +0,0 @@ -package model - -import ( - "time" - - "golang.org/x/text/language" - - "github.com/zitadel/zitadel/internal/domain" -) - -type MessageTextView struct { - AggregateID string - MessageTextType string - Language language.Tag - Title string - PreHeader string - Subject string - Greeting string - Text string - ButtonText string - FooterText string - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type MessageTextSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn MessageTextSearchKey - Asc bool - Queries []*MessageTextSearchQuery -} - -type MessageTextSearchKey int32 - -const ( - MessageTextSearchKeyUnspecified MessageTextSearchKey = iota - MessageTextSearchKeyAggregateID - MessageTextSearchKeyMessageTextType - MessageTextSearchKeyLanguage -) - -type MessageTextSearchQuery struct { - Key MessageTextSearchKey - Method domain.SearchMethod - Value interface{} -} - -type MessageTextSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*MessageTextView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/model/mfa_view.go b/internal/iam/model/mfa_view.go deleted file mode 100644 index 59f3dbc3cb..0000000000 --- a/internal/iam/model/mfa_view.go +++ /dev/null @@ -1,47 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" -) - -type SecondFactorsSearchRequest struct { - Queries []*MFASearchQuery -} - -type MultiFactorsSearchRequest struct { - Offset uint64 - Limit uint64 - Asc bool - Queries []*MFASearchQuery -} - -type MFASearchQuery struct { - Key MFASearchKey - Method domain.SearchMethod - Value interface{} -} - -type MFASearchKey int32 - -const ( - MFASearchKeyUnspecified MFASearchKey = iota - MFASearchKeyAggregateID -) - -type SecondFactorsSearchResponse struct { - TotalResult uint64 - Result []domain.SecondFactorType -} - -type MultiFactorsSearchResponse struct { - TotalResult uint64 - Result []domain.MultiFactorType -} - -func (r *SecondFactorsSearchRequest) AppendAggregateIDQuery(aggregateID string) { - r.Queries = append(r.Queries, &MFASearchQuery{Key: MFASearchKeyAggregateID, Method: domain.SearchMethodEquals, Value: aggregateID}) -} - -func (r *MultiFactorsSearchRequest) AppendAggregateIDQuery(aggregateID string) { - r.Queries = append(r.Queries, &MFASearchQuery{Key: MFASearchKeyAggregateID, Method: domain.SearchMethodEquals, Value: aggregateID}) -} diff --git a/internal/iam/model/password_age_policy.go b/internal/iam/model/password_age_policy.go deleted file mode 100644 index 70bc96e0f8..0000000000 --- a/internal/iam/model/password_age_policy.go +++ /dev/null @@ -1,13 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type PasswordAgePolicy struct { - models.ObjectRoot - - State PolicyState - MaxAgeDays uint64 - ExpireWarnDays uint64 -} diff --git a/internal/iam/model/password_age_policy_view.go b/internal/iam/model/password_age_policy_view.go deleted file mode 100644 index 9d9b36dc86..0000000000 --- a/internal/iam/model/password_age_policy_view.go +++ /dev/null @@ -1,48 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/zitadel/internal/domain" -) - -type PasswordAgePolicyView struct { - AggregateID string - MaxAgeDays uint64 - ExpireWarnDays uint64 - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type PasswordAgePolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn PasswordAgePolicySearchKey - Asc bool - Queries []*PasswordAgePolicySearchQuery -} - -type PasswordAgePolicySearchKey int32 - -const ( - PasswordAgePolicySearchKeyUnspecified PasswordAgePolicySearchKey = iota - PasswordAgePolicySearchKeyAggregateID -) - -type PasswordAgePolicySearchQuery struct { - Key PasswordAgePolicySearchKey - Method domain.SearchMethod - Value interface{} -} - -type PasswordAgePolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*PasswordAgePolicyView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/model/password_complexity_policy.go b/internal/iam/model/password_complexity_policy.go deleted file mode 100644 index 9f270e8129..0000000000 --- a/internal/iam/model/password_complexity_policy.go +++ /dev/null @@ -1,58 +0,0 @@ -package model - -import ( - "regexp" - - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -var ( - hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString - hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString - hasNumber = regexp.MustCompile(`[0-9]`).MatchString - hasSymbol = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString -) - -type PasswordComplexityPolicy struct { - models.ObjectRoot - - State PolicyState - MinLength uint64 - HasLowercase bool - HasUppercase bool - HasNumber bool - HasSymbol bool - - Default bool -} - -func (p *PasswordComplexityPolicy) IsValid() error { - if p.MinLength == 0 || p.MinLength > 72 { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed") - } - return nil -} - -func (p *PasswordComplexityPolicy) Check(password string) error { - if p.MinLength != 0 && uint64(len(password)) < p.MinLength { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") - } - - if p.HasLowercase && !hasStringLowerCase(password) { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") - } - - if p.HasUppercase && !hasStringUpperCase(password) { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") - } - - if p.HasNumber && !hasNumber(password) { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") - } - - if p.HasSymbol && !hasSymbol(password) { - return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") - } - return nil -} diff --git a/internal/iam/model/password_complexity_policy_view.go b/internal/iam/model/password_complexity_policy_view.go index 6f73bc41f8..7cc1d35017 100644 --- a/internal/iam/model/password_complexity_policy_view.go +++ b/internal/iam/model/password_complexity_policy_view.go @@ -2,8 +2,6 @@ package model import ( "time" - - "github.com/zitadel/zitadel/internal/domain" ) type PasswordComplexityPolicyView struct { @@ -19,33 +17,3 @@ type PasswordComplexityPolicyView struct { ChangeDate time.Time Sequence uint64 } - -type PasswordComplexityPolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn PasswordComplexityPolicySearchKey - Asc bool - Queries []*PasswordComplexityPolicySearchQuery -} - -type PasswordComplexityPolicySearchKey int32 - -const ( - PasswordComplexityPolicySearchKeyUnspecified PasswordComplexityPolicySearchKey = iota - PasswordComplexityPolicySearchKeyAggregateID -) - -type PasswordComplexityPolicySearchQuery struct { - Key PasswordComplexityPolicySearchKey - Method domain.SearchMethod - Value interface{} -} - -type PasswordComplexityPolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*PasswordComplexityPolicyView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/model/password_lockout_policy.go b/internal/iam/model/password_lockout_policy.go deleted file mode 100644 index 6cf8f6b27e..0000000000 --- a/internal/iam/model/password_lockout_policy.go +++ /dev/null @@ -1,13 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type LockoutPolicy struct { - models.ObjectRoot - - State PolicyState - MaxPasswordAttempts uint64 - ShowLockOutFailures bool -} diff --git a/internal/iam/model/password_lockout_policy_view.go b/internal/iam/model/password_lockout_policy_view.go deleted file mode 100644 index fd3f94ab96..0000000000 --- a/internal/iam/model/password_lockout_policy_view.go +++ /dev/null @@ -1,48 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/zitadel/internal/domain" -) - -type LockoutPolicyView struct { - AggregateID string - MaxPasswordAttempts uint64 - ShowLockOutFailures bool - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type LockoutPolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn LockoutPolicySearchKey - Asc bool - Queries []*LockoutPolicySearchQuery -} - -type LockoutPolicySearchKey int32 - -const ( - LockoutPolicySearchKeyUnspecified LockoutPolicySearchKey = iota - LockoutPolicySearchKeyAggregateID -) - -type LockoutPolicySearchQuery struct { - Key LockoutPolicySearchKey - Method domain.SearchMethod - Value interface{} -} - -type LockoutPolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*LockoutPolicyView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/model/privacy_policy_view.go b/internal/iam/model/privacy_policy_view.go deleted file mode 100644 index 6d40dd3937..0000000000 --- a/internal/iam/model/privacy_policy_view.go +++ /dev/null @@ -1,49 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/zitadel/internal/domain" -) - -type PrivacyPolicyView struct { - AggregateID string - TOSLink string - PrivacyLink string - SupportEmail string - Default bool - - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type PrivacyPolicySearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn PrivacyPolicySearchKey - Asc bool - Queries []*PrivacyPolicySearchQuery -} - -type PrivacyPolicySearchKey int32 - -const ( - PrivacyPolicySearchKeyUnspecified PrivacyPolicySearchKey = iota - PrivacyPolicySearchKeyAggregateID -) - -type PrivacyPolicySearchQuery struct { - Key PrivacyPolicySearchKey - Method domain.SearchMethod - Value interface{} -} - -type PrivacyPolicySearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*PrivacyPolicyView - Sequence uint64 - Timestamp time.Time -} diff --git a/internal/iam/repository/eventsourcing/model/iam_member.go b/internal/iam/repository/eventsourcing/model/iam_member.go deleted file mode 100644 index 2f9c664595..0000000000 --- a/internal/iam/repository/eventsourcing/model/iam_member.go +++ /dev/null @@ -1,23 +0,0 @@ -package model - -import ( - "encoding/json" - - "github.com/zitadel/logging" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type IAMMember struct { - es_models.ObjectRoot - UserID string `json:"userId,omitempty"` - Roles []string `json:"roles,omitempty"` -} - -func (m *IAMMember) SetData(event *es_models.Event) error { - m.ObjectRoot.AppendEvent(event) - if err := json.Unmarshal(event.Data, m); err != nil { - logging.Log("EVEN-e4dkp").WithError(err).Error("could not unmarshal event data") - return err - } - return nil -} diff --git a/internal/iam/repository/eventsourcing/model/org_iam_policy.go b/internal/iam/repository/eventsourcing/model/org_iam_policy.go index 0ad1624659..e7cd9ed463 100644 --- a/internal/iam/repository/eventsourcing/model/org_iam_policy.go +++ b/internal/iam/repository/eventsourcing/model/org_iam_policy.go @@ -1,10 +1,10 @@ package model import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" iam_model "github.com/zitadel/zitadel/internal/iam/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type DomainPolicy struct { @@ -22,19 +22,10 @@ func DomainPolicyToModel(policy *DomainPolicy) *iam_model.DomainPolicy { } } -func (p *DomainPolicy) Changes(changed *DomainPolicy) map[string]interface{} { - changes := make(map[string]interface{}, 1) - - if p.UserLoginMustBeDomain != changed.UserLoginMustBeDomain { - changes["userLoginMustBeDomain"] = changed.UserLoginMustBeDomain - } - return changes -} - func (p *DomainPolicy) SetData(event eventstore.Event) error { err := event.Unmarshal(p) if err != nil { - return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data") + return zerrors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data") } return nil } diff --git a/internal/iam/repository/eventsourcing/model/org_iam_policy_test.go b/internal/iam/repository/eventsourcing/model/org_iam_policy_test.go deleted file mode 100644 index 42148b1e6f..0000000000 --- a/internal/iam/repository/eventsourcing/model/org_iam_policy_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package model - -import ( - "testing" -) - -func TestOrgIAMPolicyChanges(t *testing.T) { - type args struct { - existing *DomainPolicy - new *DomainPolicy - } - type res struct { - changesLen int - } - tests := []struct { - name string - args args - res res - }{ - { - name: "org iam policy all attributes change", - args: args{ - existing: &DomainPolicy{UserLoginMustBeDomain: true}, - new: &DomainPolicy{UserLoginMustBeDomain: false}, - }, - res: res{ - changesLen: 1, - }, - }, - { - name: "no changes", - args: args{ - existing: &DomainPolicy{UserLoginMustBeDomain: true}, - new: &DomainPolicy{UserLoginMustBeDomain: true}, - }, - res: res{ - changesLen: 0, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - changes := tt.args.existing.Changes(tt.args.new) - if len(changes) != tt.res.changesLen { - t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes)) - } - }) - } -} diff --git a/internal/iam/repository/view/idp_provider_view.go b/internal/iam/repository/view/idp_provider_view.go deleted file mode 100644 index 06662cb219..0000000000 --- a/internal/iam/repository/view/idp_provider_view.go +++ /dev/null @@ -1,143 +0,0 @@ -package view - -import ( - "github.com/jinzhu/gorm" - - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - iam_model "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/iam/repository/view/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -func GetIDPProviderByAggregateIDAndConfigID(db *gorm.DB, table, aggregateID, idpConfigID, instanceID string) (*model.IDPProviderView, error) { - policy := new(model.IDPProviderView) - aggIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals} - idpConfigIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyIdpConfigID, Value: idpConfigID, Method: domain.SearchMethodEquals} - instanceIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyInstanceID, Value: instanceID, Method: domain.SearchMethodEquals} - ownerRemovedQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyOwnerRemoved, Value: false, Method: domain.SearchMethodEquals} - query := repository.PrepareGetByQuery(table, aggIDQuery, idpConfigIDQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, policy) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Skvi8", "Errors.IAM.LoginPolicy.IDP.NotExisting") - } - return policy, err -} - -func IDPProvidersByIdpConfigID(db *gorm.DB, table, idpConfigID, instanceID string) ([]*model.IDPProviderView, error) { - providers := make([]*model.IDPProviderView, 0) - queries := []*iam_model.IDPProviderSearchQuery{ - { - Key: iam_model.IDPProviderSearchKeyIdpConfigID, - Value: idpConfigID, - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPProviderSearchKeyInstanceID, - Value: instanceID, - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPProviderSearchKeyOwnerRemoved, - Value: false, - Method: domain.SearchMethodEquals, - }, - } - query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries}) - _, err := query(db, &providers) - if err != nil { - return nil, err - } - return providers, nil -} - -func IDPProvidersByAggregateIDAndState(db *gorm.DB, table string, aggregateID, instanceID string, idpConfigState iam_model.IDPConfigState) ([]*model.IDPProviderView, error) { - providers := make([]*model.IDPProviderView, 0) - queries := []*iam_model.IDPProviderSearchQuery{ - { - Key: iam_model.IDPProviderSearchKeyAggregateID, - Value: aggregateID, - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPProviderSearchKeyState, - Value: int(idpConfigState), - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPProviderSearchKeyInstanceID, - Value: instanceID, - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPProviderSearchKeyOwnerRemoved, - Value: false, - Method: domain.SearchMethodEquals, - }, - } - query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries}) - _, err := query(db, &providers) - if err != nil { - return nil, err - } - return providers, nil -} - -func SearchIDPProviders(db *gorm.DB, table string, req *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) { - providers := make([]*model.IDPProviderView, 0) - query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries}) - count, err := query(db, &providers) - if err != nil { - return nil, 0, err - } - return providers, count, nil -} - -func PutIDPProvider(db *gorm.DB, table string, provider *model.IDPProviderView) error { - save := repository.PrepareSave(table) - return save(db, provider) -} - -func PutIDPProviders(db *gorm.DB, table string, providers ...*model.IDPProviderView) error { - save := repository.PrepareBulkSave(table) - p := make([]interface{}, len(providers)) - for i, provider := range providers { - p[i] = provider - } - return save(db, p...) -} - -func DeleteIDPProvider(db *gorm.DB, table, aggregateID, idpConfigID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID}, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyIdpConfigID), Value: idpConfigID}, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyInstanceID), Value: instanceID}, - ) - return delete(db) -} - -func DeleteIDPProvidersByAggregateID(db *gorm.DB, table, aggregateID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID}, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyInstanceID), Value: instanceID}, - ) - return delete(db) -} - -func DeleteInstanceIDPProviders(db *gorm.DB, table, instanceID string) error { - delete := repository.PrepareDeleteByKey(table, - model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyInstanceID), - instanceID, - ) - return delete(db) -} - -func UpdateOrgOwnerRemovedIDPProviders(db *gorm.DB, table, instanceID, aggID string) error { - update := repository.PrepareUpdateByKeys(table, - model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyOwnerRemoved), - true, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyInstanceID), Value: instanceID}, - repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggID}, - ) - return update(db) -} diff --git a/internal/iam/repository/view/idp_view.go b/internal/iam/repository/view/idp_view.go deleted file mode 100644 index da77a97cad..0000000000 --- a/internal/iam/repository/view/idp_view.go +++ /dev/null @@ -1,88 +0,0 @@ -package view - -import ( - "github.com/jinzhu/gorm" - - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - iam_model "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/iam/repository/view/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -func IDPByID(db *gorm.DB, table, idpID, instanceID string) (*model.IDPConfigView, error) { - idp := new(model.IDPConfigView) - idpIDQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyIdpConfigID, Value: idpID, Method: domain.SearchMethodEquals} - instanceIDQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyInstanceID, Value: instanceID, Method: domain.SearchMethodEquals} - ownerRemovedQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyOwnerRemoved, Value: false, Method: domain.SearchMethodEquals} - query := repository.PrepareGetByQuery(table, idpIDQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, idp) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IDP.NotExisting") - } - return idp, err -} - -func GetIDPConfigsByAggregateID(db *gorm.DB, table string, aggregateID, instanceID string) ([]*model.IDPConfigView, error) { - idps := make([]*model.IDPConfigView, 0) - queries := []*iam_model.IDPConfigSearchQuery{ - { - Key: iam_model.IDPConfigSearchKeyAggregateID, - Value: aggregateID, - Method: domain.SearchMethodEquals, - }, { - Key: iam_model.IDPConfigSearchKeyInstanceID, - Value: instanceID, - Method: domain.SearchMethodEquals, - }, - { - Key: iam_model.IDPConfigSearchKeyOwnerRemoved, - Value: false, - Method: domain.SearchMethodEquals, - }, - } - query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Queries: queries}) - _, err := query(db, &idps) - if err != nil { - return nil, err - } - return idps, nil -} - -func SearchIDPs(db *gorm.DB, table string, req *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) { - idps := make([]*model.IDPConfigView, 0) - query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries}) - count, err := query(db, &idps) - if err != nil { - return nil, 0, err - } - return idps, count, nil -} - -func PutIDP(db *gorm.DB, table string, idp *model.IDPConfigView) error { - save := repository.PrepareSave(table) - return save(db, idp) -} - -func DeleteIDP(db *gorm.DB, table, idpID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyIdpConfigID), idpID}, - repository.Key{model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyInstanceID), instanceID}, - ) - return delete(db) -} - -func UpdateOrgOwnerRemovedIDPs(db *gorm.DB, table, instanceID, aggID string) error { - update := repository.PrepareUpdateByKeys(table, - model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyOwnerRemoved), - true, - repository.Key{Key: model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyInstanceID), Value: instanceID}, - repository.Key{Key: model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyAggregateID), Value: aggID}, - ) - return update(db) -} - -func DeleteInstanceIDPs(db *gorm.DB, table, instanceID string) error { - delete := repository.PrepareDeleteByKey(table, model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyInstanceID), instanceID) - return delete(db) -} diff --git a/internal/iam/repository/view/model/idp_config.go b/internal/iam/repository/view/model/idp_config.go deleted file mode 100644 index b2c41d93cd..0000000000 --- a/internal/iam/repository/view/model/idp_config.go +++ /dev/null @@ -1,123 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/repository/instance" - "github.com/zitadel/zitadel/internal/repository/org" -) - -const ( - IDPConfigKeyIdpConfigID = "idp_config_id" - IDPConfigKeyAggregateID = "aggregate_id" - IDPConfigKeyName = "name" - IDPConfigKeyProviderType = "idp_provider_type" - IDPConfigKeyInstanceID = "instance_id" - IDPConfigKeyOwnerRemoved = "owner_removed" -) - -type IDPConfigView struct { - IDPConfigID string `json:"idpConfigId" gorm:"column:idp_config_id;primary_key"` - AggregateID string `json:"-" gorm:"column:aggregate_id"` - Name string `json:"name" gorm:"column:name"` - StylingType int32 `json:"stylingType" gorm:"column:styling_type"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - IDPState int32 `json:"-" gorm:"column:idp_state"` - IDPProviderType int32 `json:"-" gorm:"column:idp_provider_type"` - AutoRegister bool `json:"autoRegister" gorm:"column:auto_register"` - - IsOIDC bool `json:"-" gorm:"column:is_oidc"` - OIDCClientID string `json:"clientId" gorm:"column:oidc_client_id"` - OIDCClientSecret *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"` - OIDCIssuer string `json:"issuer" gorm:"column:oidc_issuer"` - OIDCScopes database.TextArray[string] `json:"scopes" gorm:"column:oidc_scopes"` - OIDCIDPDisplayNameMapping int32 `json:"idpDisplayNameMapping" gorm:"column:oidc_idp_display_name_mapping"` - OIDCUsernameMapping int32 `json:"usernameMapping" gorm:"column:oidc_idp_username_mapping"` - OAuthAuthorizationEndpoint string `json:"authorizationEndpoint" gorm:"column:oauth_authorization_endpoint"` - OAuthTokenEndpoint string `json:"tokenEndpoint" gorm:"column:oauth_token_endpoint"` - JWTEndpoint string `json:"jwtEndpoint" gorm:"jwt_endpoint"` - JWTKeysEndpoint string `json:"keysEndpoint" gorm:"jwt_keys_endpoint"` - JWTHeaderName string `json:"headerName" gorm:"jwt_header_name"` - - Sequence uint64 `json:"-" gorm:"column:sequence"` - InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"` -} - -func IDPConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView { - view := &model.IDPConfigView{ - IDPConfigID: idp.IDPConfigID, - AggregateID: idp.AggregateID, - State: model.IDPConfigState(idp.IDPState), - Name: idp.Name, - StylingType: model.IDPStylingType(idp.StylingType), - AutoRegister: idp.AutoRegister, - Sequence: idp.Sequence, - CreationDate: idp.CreationDate, - ChangeDate: idp.ChangeDate, - IDPProviderType: model.IDPProviderType(idp.IDPProviderType), - IsOIDC: idp.IsOIDC, - OIDCClientID: idp.OIDCClientID, - OIDCClientSecret: idp.OIDCClientSecret, - OIDCScopes: idp.OIDCScopes, - OIDCIDPDisplayNameMapping: model.OIDCMappingField(idp.OIDCIDPDisplayNameMapping), - OIDCUsernameMapping: model.OIDCMappingField(idp.OIDCUsernameMapping), - OAuthAuthorizationEndpoint: idp.OAuthAuthorizationEndpoint, - OAuthTokenEndpoint: idp.OAuthTokenEndpoint, - } - if idp.IsOIDC { - view.OIDCIssuer = idp.OIDCIssuer - return view - } - view.JWTEndpoint = idp.JWTEndpoint - view.JWTIssuer = idp.OIDCIssuer - view.JWTKeysEndpoint = idp.JWTKeysEndpoint - view.JWTHeaderName = idp.JWTHeaderName - return view -} - -func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event eventstore.Event) (err error) { - i.Sequence = event.Sequence() - i.ChangeDate = event.CreatedAt() - switch event.Type() { - case instance.IDPConfigAddedEventType, org.IDPConfigAddedEventType: - i.setRootData(event) - i.CreationDate = event.CreatedAt() - i.IDPProviderType = int32(providerType) - err = i.SetData(event) - case instance.IDPOIDCConfigAddedEventType, org.IDPOIDCConfigAddedEventType: - i.IsOIDC = true - err = i.SetData(event) - case instance.IDPOIDCConfigChangedEventType, org.IDPOIDCConfigChangedEventType, - instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType, - org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType, - org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType: - err = i.SetData(event) - case instance.IDPConfigDeactivatedEventType, org.IDPConfigDeactivatedEventType: - i.IDPState = int32(model.IDPConfigStateInactive) - case instance.IDPConfigReactivatedEventType, org.IDPConfigReactivatedEventType: - i.IDPState = int32(model.IDPConfigStateActive) - } - return err -} - -func (r *IDPConfigView) setRootData(event eventstore.Event) { - r.AggregateID = event.Aggregate().ID - r.InstanceID = event.Aggregate().InstanceID -} - -func (r *IDPConfigView) SetData(event eventstore.Event) error { - err := event.Unmarshal(r) - if err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data") - } - return nil -} diff --git a/internal/iam/repository/view/model/idp_config_query.go b/internal/iam/repository/view/model/idp_config_query.go deleted file mode 100644 index 5f07ecfcee..0000000000 --- a/internal/iam/repository/view/model/idp_config_query.go +++ /dev/null @@ -1,69 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - iam_model "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type IDPConfigSearchRequest iam_model.IDPConfigSearchRequest -type IDPConfigSearchQuery iam_model.IDPConfigSearchQuery -type IDPConfigSearchKey iam_model.IDPConfigSearchKey - -func (req IDPConfigSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req IDPConfigSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req IDPConfigSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == iam_model.IDPConfigSearchKeyUnspecified { - return nil - } - return IDPConfigSearchKey(req.SortingColumn) -} - -func (req IDPConfigSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req IDPConfigSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = IDPConfigSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req IDPConfigSearchQuery) GetKey() repository.ColumnKey { - return IDPConfigSearchKey(req.Key) -} - -func (req IDPConfigSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req IDPConfigSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key IDPConfigSearchKey) ToColumnName() string { - switch iam_model.IDPConfigSearchKey(key) { - case iam_model.IDPConfigSearchKeyAggregateID: - return IDPConfigKeyAggregateID - case iam_model.IDPConfigSearchKeyIdpConfigID: - return IDPConfigKeyIdpConfigID - case iam_model.IDPConfigSearchKeyName: - return IDPConfigKeyName - case iam_model.IDPConfigSearchKeyIdpProviderType: - return IDPConfigKeyProviderType - case iam_model.IDPConfigSearchKeyInstanceID: - return IDPConfigKeyInstanceID - case iam_model.IDPConfigSearchKeyOwnerRemoved: - return IDPConfigKeyOwnerRemoved - default: - return "" - } -} diff --git a/internal/iam/repository/view/model/idp_provider.go b/internal/iam/repository/view/model/idp_provider.go deleted file mode 100644 index 775c8ba25e..0000000000 --- a/internal/iam/repository/view/model/idp_provider.go +++ /dev/null @@ -1,87 +0,0 @@ -package model - -import ( - "time" - - "github.com/zitadel/logging" - - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/repository/instance" - "github.com/zitadel/zitadel/internal/repository/org" -) - -const ( - IDPProviderKeyAggregateID = "aggregate_id" - IDPProviderKeyIdpConfigID = "idp_config_id" - IDPProviderKeyState = "idp_state" - IDPProviderKeyInstanceID = "instance_id" - IDPProviderKeyOwnerRemoved = "owner_removed" -) - -type IDPProviderView struct { - AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"` - IDPConfigID string `json:"idpConfigID" gorm:"column:idp_config_id;primary_key"` - - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - - Name string `json:"-" gorm:"column:name"` - StylingType int32 `json:"-" gorm:"column:styling_type"` - IDPConfigType int32 `json:"-" gorm:"column:idp_config_type"` - IDPProviderType int32 `json:"idpProviderType" gorm:"column:idp_provider_type"` - IDPState int32 `json:"-" gorm:"column:idp_state"` - - Sequence uint64 `json:"-" gorm:"column:sequence"` - InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"` -} - -func IDPProviderViewToModel(provider *IDPProviderView) *model.IDPProviderView { - return &model.IDPProviderView{ - AggregateID: provider.AggregateID, - Sequence: provider.Sequence, - CreationDate: provider.CreationDate, - ChangeDate: provider.ChangeDate, - Name: provider.Name, - StylingType: model.IDPStylingType(provider.StylingType), - IDPConfigID: provider.IDPConfigID, - IDPConfigType: model.IdpConfigType(provider.IDPConfigType), - IDPProviderType: model.IDPProviderType(provider.IDPProviderType), - IDPState: model.IDPConfigState(provider.IDPState), - } -} - -func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderView { - result := make([]*model.IDPProviderView, len(providers)) - for i, r := range providers { - result[i] = IDPProviderViewToModel(r) - } - return result -} - -func (i *IDPProviderView) AppendEvent(event eventstore.Event) (err error) { - i.Sequence = event.Sequence() - i.ChangeDate = event.CreatedAt() - switch event.Type() { - case instance.LoginPolicyIDPProviderAddedEventType, - org.LoginPolicyIDPProviderAddedEventType: - i.setRootData(event) - i.CreationDate = event.CreatedAt() - err = i.SetData(event) - } - return err -} - -func (r *IDPProviderView) setRootData(event eventstore.Event) { - r.AggregateID = event.Aggregate().ID - r.InstanceID = event.Aggregate().InstanceID -} - -func (r *IDPProviderView) SetData(event eventstore.Event) error { - if err := event.Unmarshal(r); err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") - } - return nil -} diff --git a/internal/iam/repository/view/model/idp_provider_query.go b/internal/iam/repository/view/model/idp_provider_query.go deleted file mode 100644 index 9685507c1b..0000000000 --- a/internal/iam/repository/view/model/idp_provider_query.go +++ /dev/null @@ -1,67 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - iam_model "github.com/zitadel/zitadel/internal/iam/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type IDPProviderSearchRequest iam_model.IDPProviderSearchRequest -type IDPProviderSearchQuery iam_model.IDPProviderSearchQuery -type IDPProviderSearchKey iam_model.IDPProviderSearchKey - -func (req IDPProviderSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req IDPProviderSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req IDPProviderSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == iam_model.IDPProviderSearchKeyUnspecified { - return nil - } - return IDPProviderSearchKey(req.SortingColumn) -} - -func (req IDPProviderSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req IDPProviderSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = IDPProviderSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req IDPProviderSearchQuery) GetKey() repository.ColumnKey { - return IDPProviderSearchKey(req.Key) -} - -func (req IDPProviderSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req IDPProviderSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key IDPProviderSearchKey) ToColumnName() string { - switch iam_model.IDPProviderSearchKey(key) { - case iam_model.IDPProviderSearchKeyAggregateID: - return IDPProviderKeyAggregateID - case iam_model.IDPProviderSearchKeyIdpConfigID: - return IDPProviderKeyIdpConfigID - case iam_model.IDPProviderSearchKeyState: - return IDPProviderKeyState - case iam_model.IDPProviderSearchKeyInstanceID: - return IDPProviderKeyInstanceID - case iam_model.IDPProviderSearchKeyOwnerRemoved: - return IDPProviderKeyOwnerRemoved - default: - return "" - } -} diff --git a/internal/iam/repository/view/model/label_policy.go b/internal/iam/repository/view/model/label_policy.go index f4fad063b0..2e3966661f 100644 --- a/internal/iam/repository/view/model/label_policy.go +++ b/internal/iam/repository/view/model/label_policy.go @@ -6,11 +6,11 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -179,7 +179,7 @@ func (r *LabelPolicyView) setRootData(event eventstore.Event) { func (r *LabelPolicyView) SetData(event eventstore.Event) error { if err := event.Unmarshal(r); err != nil { logging.Log("MODEL-Flp9C").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") + return zerrors.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") } return nil } @@ -187,7 +187,7 @@ func (r *LabelPolicyView) SetData(event eventstore.Event) error { func (r *AssetView) SetData(event eventstore.Event) error { if err := event.Unmarshal(r); err != nil { logging.Log("MODEL-Ms8f2").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") + return zerrors.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") } return nil } diff --git a/internal/iam/repository/view/model/label_policy_query.go b/internal/iam/repository/view/model/label_policy_query.go index 1c21d39be1..4f8f2d069a 100644 --- a/internal/iam/repository/view/model/label_policy_query.go +++ b/internal/iam/repository/view/model/label_policy_query.go @@ -6,37 +6,9 @@ import ( "github.com/zitadel/zitadel/internal/view/repository" ) -type LabelPolicySearchRequest iam_model.LabelPolicySearchRequest type LabelPolicySearchQuery iam_model.LabelPolicySearchQuery type LabelPolicySearchKey iam_model.LabelPolicySearchKey -func (req LabelPolicySearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req LabelPolicySearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req LabelPolicySearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == iam_model.LabelPolicySearchKeyUnspecified { - return nil - } - return LabelPolicySearchKey(req.SortingColumn) -} - -func (req LabelPolicySearchRequest) GetAsc() bool { - return req.Asc -} - -func (req LabelPolicySearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = LabelPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - func (req LabelPolicySearchQuery) GetKey() repository.ColumnKey { return LabelPolicySearchKey(req.Key) } diff --git a/internal/iam/repository/view/model/password_complexity_policy.go b/internal/iam/repository/view/model/password_complexity_policy.go index 30f72acb83..3255b13079 100644 --- a/internal/iam/repository/view/model/password_complexity_policy.go +++ b/internal/iam/repository/view/model/password_complexity_policy.go @@ -1,38 +1,10 @@ package model import ( - "time" - - "github.com/zitadel/logging" - - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/iam/model" "github.com/zitadel/zitadel/internal/query" - "github.com/zitadel/zitadel/internal/repository/instance" - "github.com/zitadel/zitadel/internal/repository/org" ) -const ( - PasswordComplexityKeyAggregateID = "aggregate_id" -) - -type PasswordComplexityPolicyView struct { - AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - State int32 `json:"-" gorm:"column:complexity_policy_state"` - - MinLength uint64 `json:"minLength" gorm:"column:min_length"` - HasLowercase bool `json:"hasLowercase" gorm:"column:has_lowercase"` - HasUppercase bool `json:"hasUppercase" gorm:"column:has_uppercase"` - HasSymbol bool `json:"hasSymbol" gorm:"column:has_symbol"` - HasNumber bool `json:"hasNumber" gorm:"column:has_number"` - Default bool `json:"-" gorm:"-"` - - Sequence uint64 `json:"-" gorm:"column:sequence"` -} - func PasswordComplexityViewToModel(policy *query.PasswordComplexityPolicy) *model.PasswordComplexityPolicyView { return &model.PasswordComplexityPolicyView{ AggregateID: policy.ID, @@ -47,31 +19,3 @@ func PasswordComplexityViewToModel(policy *query.PasswordComplexityPolicy) *mode Default: policy.IsDefault, } } - -func (i *PasswordComplexityPolicyView) AppendEvent(event eventstore.Event) (err error) { - i.Sequence = event.Sequence() - i.ChangeDate = event.CreatedAt() - switch event.Type() { - case instance.PasswordComplexityPolicyAddedEventType, - org.PasswordComplexityPolicyAddedEventType: - i.setRootData(event) - i.CreationDate = event.CreatedAt() - err = i.SetData(event) - case instance.PasswordComplexityPolicyChangedEventType, - org.PasswordComplexityPolicyChangedEventType: - err = i.SetData(event) - } - return err -} - -func (r *PasswordComplexityPolicyView) setRootData(event eventstore.Event) { - r.AggregateID = event.Aggregate().ID -} - -func (r *PasswordComplexityPolicyView) SetData(event eventstore.Event) error { - if err := event.Unmarshal(r); err != nil { - logging.Log("EVEN-Dmi9g").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") - } - return nil -} diff --git a/internal/iam/repository/view/styling.go b/internal/iam/repository/view/styling.go index fe1426893a..3611483bc6 100644 --- a/internal/iam/repository/view/styling.go +++ b/internal/iam/repository/view/styling.go @@ -1,13 +1,13 @@ package view import ( + "github.com/jinzhu/gorm" + "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" iam_model "github.com/zitadel/zitadel/internal/iam/model" "github.com/zitadel/zitadel/internal/iam/repository/view/model" "github.com/zitadel/zitadel/internal/view/repository" - - "github.com/jinzhu/gorm" + "github.com/zitadel/zitadel/internal/zerrors" ) func GetStylingByAggregateIDAndState(db *gorm.DB, table, aggregateID, instanceID string, state int32) (*model.LabelPolicyView, error) { @@ -18,8 +18,8 @@ func GetStylingByAggregateIDAndState(db *gorm.DB, table, aggregateID, instanceID ownerRemovedQuery := &model.LabelPolicySearchQuery{Key: iam_model.LabelPolicySearchKeyOwnerRemoved, Value: false, Method: domain.SearchMethodEquals} query := repository.PrepareGetByQuery(table, aggregateIDQuery, stateQuery, instanceIDQuery, ownerRemovedQuery) err := query(db, policy) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-68G11", "Errors.IAM.LabelPolicy.NotExisting") + if zerrors.IsNotFound(err) { + return nil, zerrors.ThrowNotFound(nil, "VIEW-68G11", "Errors.IAM.LabelPolicy.NotExisting") } return policy, err } diff --git a/internal/idp/providers/saml/saml.go b/internal/idp/providers/saml/saml.go index 215230f724..aa816dfead 100644 --- a/internal/idp/providers/saml/saml.go +++ b/internal/idp/providers/saml/saml.go @@ -11,8 +11,8 @@ import ( "github.com/crewjam/saml" "github.com/crewjam/saml/samlsp" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/idp" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ idp.Provider = (*Provider)(nil) @@ -154,7 +154,7 @@ func (p *Provider) IsAutoUpdate() bool { func (p *Provider) GetSP() (*samlsp.Middleware, error) { sp, err := samlsp.New(*p.spOptions) if err != nil { - return nil, errors.ThrowInternal(err, "SAML-qee09ffuq5", "Errors.Intent.IDPInvalid") + return nil, zerrors.ThrowInternal(err, "SAML-qee09ffuq5", "Errors.Intent.IDPInvalid") } if p.requestTracker != nil { sp.RequestTracker = p.requestTracker diff --git a/internal/idp/providers/saml/session.go b/internal/idp/providers/saml/session.go index c795493adc..af5ec0caf7 100644 --- a/internal/idp/providers/saml/session.go +++ b/internal/idp/providers/saml/session.go @@ -9,8 +9,8 @@ import ( "github.com/crewjam/saml" "github.com/crewjam/saml/samlsp" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/idp" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ idp.Session = (*Session)(nil) @@ -48,12 +48,12 @@ func (s *Session) GetAuth(ctx context.Context) (string, bool) { // FetchUser implements the [idp.Session] interface. func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) { if s.RequestID == "" || s.Request == nil { - return nil, errors.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid") + return nil, zerrors.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid") } s.Assertion, err = s.ServiceProvider.ServiceProvider.ParseResponse(s.Request, []string{s.RequestID}) if err != nil { - return nil, errors.ThrowInvalidArgument(err, "SAML-nuo0vphhh9", "Errors.Intent.ResponseInvalid") + return nil, zerrors.ThrowInvalidArgument(err, "SAML-nuo0vphhh9", "Errors.Intent.ResponseInvalid") } userMapper := NewUser() diff --git a/internal/idp/providers/saml/session_test.go b/internal/idp/providers/saml/session_test.go index 34126ff7ff..3ab33a8558 100644 --- a/internal/idp/providers/saml/session_test.go +++ b/internal/idp/providers/saml/session_test.go @@ -13,8 +13,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/idp/providers/saml/requesttracker" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSession_FetchUser(t *testing.T) { @@ -69,7 +69,7 @@ func TestSession_FetchUser(t *testing.T) { requestID: "", }, want: want{ - err: caos_errs.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid"), + err: zerrors.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid"), }, }, { @@ -95,7 +95,7 @@ func TestSession_FetchUser(t *testing.T) { requestID: "id-b22c90db88bf01d82ffb0a7b6fe25ac9fcb2c679", }, want: want{ - err: caos_errs.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid"), + err: zerrors.ThrowInvalidArgument(nil, "SAML-d09hy0wkex", "Errors.Intent.ResponseInvalid"), }, }, { @@ -125,7 +125,7 @@ func TestSession_FetchUser(t *testing.T) { requestID: "id-b22c90db88bf01d82ffb0a7b6fe25ac9fcb2c679", }, want: want{ - err: caos_errs.ThrowInvalidArgument(nil, "SAML-nuo0vphhh9", "Errors.Intent.ResponseInvalid"), + err: zerrors.ThrowInvalidArgument(nil, "SAML-nuo0vphhh9", "Errors.Intent.ResponseInvalid"), }, }, { diff --git a/internal/integration/client.go b/internal/integration/client.go index cc4ccc75bd..6c4498344e 100644 --- a/internal/integration/client.go +++ b/internal/integration/client.go @@ -8,6 +8,7 @@ import ( crewjam_saml "github.com/crewjam/saml" "github.com/muhlemmer/gu" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/zitadel/logging" "github.com/zitadel/oidc/v3/pkg/oidc" @@ -18,6 +19,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command" + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/idp/providers/ldap" openid "github.com/zitadel/zitadel/internal/idp/providers/oidc" "github.com/zitadel/zitadel/internal/idp/providers/saml" @@ -30,6 +32,7 @@ import ( organisation "github.com/zitadel/zitadel/pkg/grpc/org/v2beta" session "github.com/zitadel/zitadel/pkg/grpc/session/v2beta" "github.com/zitadel/zitadel/pkg/grpc/system" + user_pb "github.com/zitadel/zitadel/pkg/grpc/user" user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta" ) @@ -59,8 +62,8 @@ func newClient(cc *grpc.ClientConn) Client { } } -func (t *Tester) UseIsolatedInstance(iamOwnerCtx, systemCtx context.Context) (primaryDomain, instanceId string, authenticatedIamOwnerCtx context.Context) { - primaryDomain = randString(5) + ".integration.localhost" +func (t *Tester) UseIsolatedInstance(tt *testing.T, iamOwnerCtx, systemCtx context.Context) (primaryDomain, instanceId string, authenticatedIamOwnerCtx context.Context) { + primaryDomain = RandString(5) + ".integration.localhost" instance, err := t.Client.System.CreateInstance(systemCtx, &system.CreateInstanceRequest{ InstanceName: "testinstance", CustomDomain: primaryDomain, @@ -80,13 +83,33 @@ func (t *Tester) UseIsolatedInstance(iamOwnerCtx, systemCtx context.Context) (pr t.Users.Set(instanceId, IAMOwner, &User{ Token: instance.GetPat(), }) - return primaryDomain, instanceId, t.WithInstanceAuthorization(iamOwnerCtx, IAMOwner, instanceId) + newCtx := t.WithInstanceAuthorization(iamOwnerCtx, IAMOwner, instanceId) + // the following serves two purposes: + // 1. it ensures that the instance is ready to be used + // 2. it enables a normal login with the default admin user credentials + require.EventuallyWithT(tt, func(collectT *assert.CollectT) { + _, importErr := t.Client.Mgmt.ImportHumanUser(newCtx, &mgmt.ImportHumanUserRequest{ + UserName: "zitadel-admin@zitadel.localhost", + Email: &mgmt.ImportHumanUserRequest_Email{ + Email: "zitadel-admin@zitadel.localhost", + IsEmailVerified: true, + }, + Password: "Password1!", + Profile: &mgmt.ImportHumanUserRequest_Profile{ + FirstName: "hodor", + LastName: "hodor", + NickName: "hodor", + }, + }) + assert.NoError(collectT, importErr) + }, 2*time.Minute, 100*time.Millisecond, "instance not ready") + return primaryDomain, instanceId, newCtx } func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse { resp, err := s.Client.UserV2.AddHumanUser(ctx, &user.AddHumanUserRequest{ - Organisation: &object.Organisation{ - Org: &object.Organisation_OrgId{ + Organization: &object.Organization{ + Org: &object.Organization_OrgId{ OrgId: s.Organisation.ID, }, }, @@ -113,6 +136,17 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse return resp } +func (s *Tester) CreateMachineUser(ctx context.Context) *mgmt.AddMachineUserResponse { + resp, err := s.Client.Mgmt.AddMachineUser(ctx, &mgmt.AddMachineUserRequest{ + UserName: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()), + Name: "Mickey", + Description: "Mickey Mouse", + AccessTokenType: user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER, + }) + logging.OnError(err).Fatal("create human user") + return resp +} + func (s *Tester) CreateUserIDPlink(ctx context.Context, userID, externalID, idpID, username string) *user.AddIDPLinkResponse { resp, err := s.Client.UserV2.AddIDPLink( ctx, @@ -385,3 +419,29 @@ func (s *Tester) CreatePasswordSession(t *testing.T, ctx context.Context, userID return createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetChangeDate().AsTime(), createResp.GetDetails().GetChangeDate().AsTime() } + +func (s *Tester) CreateProjectUserGrant(t *testing.T, ctx context.Context, projectID, userID string) string { + resp, err := s.Client.Mgmt.AddUserGrant(ctx, &mgmt.AddUserGrantRequest{ + UserId: userID, + ProjectId: projectID, + }) + require.NoError(t, err) + return resp.GetUserGrantId() +} + +func (s *Tester) CreateOrgMembership(t *testing.T, ctx context.Context, userID string) { + _, err := s.Client.Mgmt.AddOrgMember(ctx, &mgmt.AddOrgMemberRequest{ + UserId: userID, + Roles: []string{domain.RoleOrgOwner}, + }) + require.NoError(t, err) +} + +func (s *Tester) CreateProjectMembership(t *testing.T, ctx context.Context, projectID, userID string) { + _, err := s.Client.Mgmt.AddProjectMember(ctx, &mgmt.AddProjectMemberRequest{ + ProjectId: projectID, + UserId: userID, + Roles: []string{domain.RoleProjectOwner}, + }) + require.NoError(t, err) +} diff --git a/internal/integration/config/zitadel.yaml b/internal/integration/config/zitadel.yaml index 5bf6937af9..8768e8e513 100644 --- a/internal/integration/config/zitadel.yaml +++ b/internal/integration/config/zitadel.yaml @@ -51,3 +51,9 @@ DefaultInstance: SystemAPIUsers: - tester: KeyData: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF6aStGRlNKTDdmNXl3NEtUd3pnTQpQMzRlUEd5Y20vTStrVDBNN1Y0Q2d4NVYzRWFESXZUUUtUTGZCYUVCNDV6YjlMdGpJWHpEdzByWFJvUzJoTzZ0CmgrQ1lRQ3ozS0N2aDA5QzBJenhaaUIySVMzSC9hVCs1Qng5RUZZK3ZuQWtaamNjYnlHNVlOUnZtdE9sbnZJZUkKSDdxWjB0RXdrUGZGNUdFWk5QSlB0bXkzVUdWN2lvZmRWUVMxeFJqNzMrYU13NXJ2SDREOElkeWlBQzNWZWtJYgpwdDBWajBTVVgzRHdLdG9nMzM3QnpUaVBrM2FYUkYwc2JGaFFvcWRKUkk4TnFnWmpDd2pxOXlmSTV0eXhZc3duCitKR3pIR2RIdlczaWRPRGxtd0V0NUsycGFzaVJJV0syT0dmcSt3MEVjbHRRSGFidXFFUGdabG1oQ2tSZE5maXgKQndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" + Memberships: + - MemberType: System + Roles: + - "SYSTEM_OWNER" + - "IAM_OWNER" + - "ORG_OWNER" diff --git a/internal/integration/integration.go b/internal/integration/integration.go index 3d794a10d4..8e38ca0e3f 100644 --- a/internal/integration/integration.go +++ b/internal/integration/integration.go @@ -32,11 +32,11 @@ import ( z_oidc "github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/net" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/webauthn" + "github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/pkg/grpc/admin" ) @@ -181,7 +181,7 @@ func (s *Tester) createMachineUserOrgOwner(ctx context.Context) { ctx, user := s.createMachineUser(ctx, MachineUserOrgOwner, OrgOwner) _, err = s.Commands.AddOrgMember(ctx, user.ResourceOwner, user.ID, "ORG_OWNER") - target := new(caos_errs.AlreadyExistsError) + target := new(zerrors.AlreadyExistsError) if !errors.As(err, &target) { logging.OnError(err).Fatal("add org member") } @@ -192,7 +192,7 @@ func (s *Tester) createMachineUserInstanceOwner(ctx context.Context) { ctx, user := s.createMachineUser(ctx, MachineUserInstanceOwner, IAMOwner) _, err = s.Commands.AddInstanceMember(ctx, user.ID, "IAM_OWNER") - target := new(caos_errs.AlreadyExistsError) + target := new(zerrors.AlreadyExistsError) if !errors.As(err, &target) { logging.OnError(err).Fatal("add instance member") } diff --git a/internal/integration/oidc.go b/internal/integration/oidc.go index b6edcd3aea..16c4c90ae5 100644 --- a/internal/integration/oidc.go +++ b/internal/integration/oidc.go @@ -8,29 +8,33 @@ import ( "strings" "time" + "github.com/brianvoe/gofakeit/v6" "github.com/zitadel/oidc/v3/pkg/client" "github.com/zitadel/oidc/v3/pkg/client/rp" "github.com/zitadel/oidc/v3/pkg/client/rs" "github.com/zitadel/oidc/v3/pkg/oidc" + "google.golang.org/protobuf/types/known/timestamppb" http_util "github.com/zitadel/zitadel/internal/api/http" oidc_internal "github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/pkg/grpc/app" + "github.com/zitadel/zitadel/pkg/grpc/authn" "github.com/zitadel/zitadel/pkg/grpc/management" + "github.com/zitadel/zitadel/pkg/grpc/user" ) -func (s *Tester) CreateOIDCNativeClient(ctx context.Context, redirectURI, logoutRedirectURI, projectID string) (*management.AddOIDCAppResponse, error) { +func (s *Tester) CreateOIDCClient(ctx context.Context, redirectURI, logoutRedirectURI, projectID string, appType app.OIDCAppType, authMethod app.OIDCAuthMethodType, devMode bool) (*management.AddOIDCAppResponse, error) { return s.Client.Mgmt.AddOIDCApp(ctx, &management.AddOIDCAppRequest{ ProjectId: projectID, Name: fmt.Sprintf("app-%d", time.Now().UnixNano()), RedirectUris: []string{redirectURI}, ResponseTypes: []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE}, GrantTypes: []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE, app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN}, - AppType: app.OIDCAppType_OIDC_APP_TYPE_NATIVE, - AuthMethodType: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, + AppType: appType, + AuthMethodType: authMethod, PostLogoutRedirectUris: []string{logoutRedirectURI}, Version: app.OIDCVersion_OIDC_VERSION_1_0, - DevMode: false, + DevMode: devMode, AccessTokenType: app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT, AccessTokenRoleAssertion: false, IdTokenRoleAssertion: false, @@ -41,6 +45,46 @@ func (s *Tester) CreateOIDCNativeClient(ctx context.Context, redirectURI, logout }) } +func (s *Tester) CreateOIDCNativeClient(ctx context.Context, redirectURI, logoutRedirectURI, projectID string, devMode bool) (*management.AddOIDCAppResponse, error) { + return s.CreateOIDCClient(ctx, redirectURI, logoutRedirectURI, projectID, app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, devMode) +} + +func (s *Tester) CreateOIDCWebClientBasic(ctx context.Context, redirectURI, logoutRedirectURI, projectID string) (*management.AddOIDCAppResponse, error) { + return s.CreateOIDCClient(ctx, redirectURI, logoutRedirectURI, projectID, app.OIDCAppType_OIDC_APP_TYPE_WEB, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC, false) +} + +func (s *Tester) CreateOIDCWebClientJWT(ctx context.Context, redirectURI, logoutRedirectURI, projectID string) (client *management.AddOIDCAppResponse, keyData []byte, err error) { + client, err = s.CreateOIDCClient(ctx, redirectURI, logoutRedirectURI, projectID, app.OIDCAppType_OIDC_APP_TYPE_WEB, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT, false) + if err != nil { + return nil, nil, err + } + key, err := s.Client.Mgmt.AddAppKey(ctx, &management.AddAppKeyRequest{ + ProjectId: projectID, + AppId: client.GetAppId(), + Type: authn.KeyType_KEY_TYPE_JSON, + ExpirationDate: timestamppb.New(time.Now().Add(time.Hour)), + }) + if err != nil { + return nil, nil, err + } + return client, key.GetKeyDetails(), nil +} + +func (s *Tester) CreateOIDCInactivateClient(ctx context.Context, redirectURI, logoutRedirectURI, projectID string) (*management.AddOIDCAppResponse, error) { + client, err := s.CreateOIDCNativeClient(ctx, redirectURI, logoutRedirectURI, projectID, false) + if err != nil { + return nil, err + } + _, err = s.Client.Mgmt.DeactivateApp(ctx, &management.DeactivateAppRequest{ + ProjectId: projectID, + AppId: client.GetAppId(), + }) + if err != nil { + return nil, err + } + return client, err +} + func (s *Tester) CreateOIDCImplicitFlowClient(ctx context.Context, redirectURI string) (*management.AddOIDCAppResponse, error) { project, err := s.Client.Mgmt.AddProject(ctx, &management.AddProjectRequest{ Name: fmt.Sprintf("project-%d", time.Now().UnixNano()), @@ -75,7 +119,7 @@ func (s *Tester) CreateProject(ctx context.Context) (*management.AddProjectRespo }) } -func (s *Tester) CreateAPIClient(ctx context.Context, projectID string) (*management.AddAPIAppResponse, error) { +func (s *Tester) CreateAPIClientJWT(ctx context.Context, projectID string) (*management.AddAPIAppResponse, error) { return s.Client.Mgmt.AddAPIApp(ctx, &management.AddAPIAppRequest{ ProjectId: projectID, Name: fmt.Sprintf("api-%d", time.Now().UnixNano()), @@ -83,14 +127,22 @@ func (s *Tester) CreateAPIClient(ctx context.Context, projectID string) (*manage }) } +func (s *Tester) CreateAPIClientBasic(ctx context.Context, projectID string) (*management.AddAPIAppResponse, error) { + return s.Client.Mgmt.AddAPIApp(ctx, &management.AddAPIAppRequest{ + ProjectId: projectID, + Name: fmt.Sprintf("api-%d", time.Now().UnixNano()), + AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC, + }) +} + +const CodeVerifier = "codeVerifier" + func (s *Tester) CreateOIDCAuthRequest(ctx context.Context, clientID, loginClient, redirectURI string, scope ...string) (authRequestID string, err error) { provider, err := s.CreateRelyingParty(ctx, clientID, redirectURI, scope...) if err != nil { return "", err } - - codeVerifier := "codeVerifier" - codeChallenge := oidc.NewSHACodeChallenge(codeVerifier) + codeChallenge := oidc.NewSHACodeChallenge(CodeVerifier) authURL := rp.AuthURL("state", provider, rp.WithCodeChallenge(codeChallenge)) req, err := GetRequest(authURL, map[string]string{oidc_internal.LoginClientHeader: loginClient}) @@ -163,7 +215,7 @@ func (c *loginRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) return c.RoundTripper.RoundTrip(req) } -func (s *Tester) CreateResourceServer(ctx context.Context, keyFileData []byte) (rs.ResourceServer, error) { +func (s *Tester) CreateResourceServerJWTProfile(ctx context.Context, keyFileData []byte) (rs.ResourceServer, error) { keyFile, err := client.ConfigFromKeyFileData(keyFileData) if err != nil { return nil, err @@ -171,6 +223,10 @@ func (s *Tester) CreateResourceServer(ctx context.Context, keyFileData []byte) ( return rs.NewResourceServerJWTProfile(ctx, s.OIDCIssuer(), keyFile.ClientID, keyFile.KeyID, []byte(keyFile.Key)) } +func (s *Tester) CreateResourceServerClientCredentials(ctx context.Context, clientID, clientSecret string) (rs.ResourceServer, error) { + return rs.NewResourceServerClientCredentials(ctx, s.OIDCIssuer(), clientID, clientSecret) +} + func GetRequest(url string, headers map[string]string) (*http.Request, error) { req, err := http.NewRequest(http.MethodGet, url, nil) if err != nil { @@ -196,3 +252,22 @@ func CheckRedirect(req *http.Request) (*url.URL, error) { return resp.Location() } + +func (s *Tester) CreateOIDCCredentialsClient(ctx context.Context) (string, string, error) { + name := gofakeit.Username() + user, err := s.Client.Mgmt.AddMachineUser(ctx, &management.AddMachineUserRequest{ + Name: name, + UserName: name, + AccessTokenType: user.AccessTokenType_ACCESS_TOKEN_TYPE_JWT, + }) + if err != nil { + return "", "", err + } + secret, err := s.Client.Mgmt.GenerateMachineSecret(ctx, &management.GenerateMachineSecretRequest{ + UserId: user.GetUserId(), + }) + if err != nil { + return "", "", err + } + return secret.GetClientId(), secret.GetClientSecret(), nil +} diff --git a/internal/integration/rand.go b/internal/integration/rand.go index 4425c97c8c..d4f01b51c8 100644 --- a/internal/integration/rand.go +++ b/internal/integration/rand.go @@ -11,7 +11,7 @@ func init() { var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz") -func randString(n int) string { +func RandString(n int) string { b := make([]rune, n) for i := range b { b[i] = letterRunes[rand.Intn(len(letterRunes))] diff --git a/internal/migration/command.go b/internal/migration/command.go index 8a296edabd..5c18856697 100644 --- a/internal/migration/command.go +++ b/internal/migration/command.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/service" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) // SetupStep is the command pushed on the eventstore @@ -22,7 +22,7 @@ type SetupStep struct { func (s *SetupStep) UnmarshalJSON(data []byte) error { fields := struct { Name string `json:"name,"` - Error *errors.CaosError `json:"error"` + Error *zerrors.ZitadelError `json:"error"` LastRun map[string]interface{} `json:"lastRun,omitempty"` }{} if err := json.Unmarshal(data, &fields); err != nil { @@ -108,7 +108,7 @@ func SetupMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(step) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-hYp7M", "unable to unmarshal step") + return nil, zerrors.ThrowInternal(err, "IAM-hYp7M", "unable to unmarshal step") } return step, nil diff --git a/internal/migration/migration.go b/internal/migration/migration.go index d6e3355164..3e94ea5bbd 100644 --- a/internal/migration/migration.go +++ b/internal/migration/migration.go @@ -2,13 +2,13 @@ package migration import ( "context" - errs "errors" + "errors" "time" "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -21,7 +21,7 @@ const ( ) var ( - errMigrationAlreadyStarted = errs.New("already started") + errMigrationAlreadyStarted = errors.New("already started") ) type Migration interface { @@ -90,7 +90,7 @@ func LatestStep(ctx context.Context, es *eventstore.Eventstore) (*SetupStep, err } step, ok := events[0].(*SetupStep) if !ok { - return nil, errors.ThrowInternal(nil, "MIGRA-hppLM", "setup step is malformed") + return nil, zerrors.ThrowInternal(nil, "MIGRA-hppLM", "setup step is malformed") } return step, nil } @@ -111,7 +111,7 @@ func (m *cancelMigration) String() string { return m.name } -var errCancelStep = errors.ThrowError(nil, "MIGRA-zo86K", "migration canceled manually") +var errCancelStep = zerrors.ThrowError(nil, "MIGRA-zo86K", "migration canceled manually") func CancelStep(ctx context.Context, es *eventstore.Eventstore, step *SetupStep) error { _, err := es.Push(ctx, setupDoneCmd(ctx, &cancelMigration{name: step.Name}, errCancelStep)) @@ -125,11 +125,11 @@ func checkExec(ctx context.Context, es *eventstore.Eventstore, migration Migrati for { select { case <-ctx.Done(): - return false, errors.ThrowInternal(nil, "MIGR-as3f7", "Errors.Internal") + return false, zerrors.ThrowInternal(nil, "MIGR-as3f7", "Errors.Internal") case <-timer.C: should, err := shouldExec(ctx, es, migration) if err != nil { - if !errs.Is(err, errMigrationAlreadyStarted) { + if !errors.Is(err, errMigrationAlreadyStarted) { return false, err } logging.WithFields("migration step", migration.String()). @@ -159,7 +159,7 @@ func shouldExec(ctx context.Context, es *eventstore.Eventstore, migration Migrat for _, event := range events { e, ok := event.(*SetupStep) if !ok { - return false, errors.ThrowInternal(nil, "MIGRA-IJY3D", "Errors.Internal") + return false, zerrors.ThrowInternal(nil, "MIGRA-IJY3D", "Errors.Internal") } if e.Name != migration.String() { diff --git a/internal/notification/channels/fs/channel.go b/internal/notification/channels/fs/channel.go index 723946c246..814629a128 100644 --- a/internal/notification/channels/fs/channel.go +++ b/internal/notification/channels/fs/channel.go @@ -11,9 +11,9 @@ import ( "github.com/k3a/html2text" "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels" "github.com/zitadel/zitadel/internal/notification/messages" + "github.com/zitadel/zitadel/internal/zerrors" ) func InitFSChannel(config Config) (channels.NotificationChannel, error) { @@ -44,7 +44,7 @@ func InitFSChannel(config Config) (channels.NotificationChannel, error) { case *messages.JSON: fileName = "message.json" default: - return errors.ThrowUnimplementedf(nil, "NOTIF-6f9a1", "filesystem provider doesn't support message type %T", message) + return zerrors.ThrowUnimplementedf(nil, "NOTIF-6f9a1", "filesystem provider doesn't support message type %T", message) } return os.WriteFile(filepath.Join(config.Path, fileName), []byte(content), 0666) diff --git a/internal/notification/channels/smtp/channel.go b/internal/notification/channels/smtp/channel.go index ceea5c9dfb..2d6dc9dadd 100644 --- a/internal/notification/channels/smtp/channel.go +++ b/internal/notification/channels/smtp/channel.go @@ -2,15 +2,15 @@ package smtp import ( "crypto/tls" + "errors" "net" "net/smtp" - "github.com/pkg/errors" "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels" "github.com/zitadel/zitadel/internal/notification/messages" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ channels.NotificationChannel = (*Email)(nil) @@ -41,22 +41,22 @@ func (email *Email) HandleMessage(message channels.Message) error { defer email.smtpClient.Close() emailMsg, ok := message.(*messages.Email) if !ok { - return caos_errs.ThrowInternal(nil, "EMAIL-s8JLs", "message is not EmailMessage") + return zerrors.ThrowInternal(nil, "EMAIL-s8JLs", "message is not EmailMessage") } if emailMsg.Content == "" || emailMsg.Subject == "" || len(emailMsg.Recipients) == 0 { - return caos_errs.ThrowInternalf(nil, "EMAIL-zGemZ", "subject, recipients and content must be set but got subject %s, recipients length %d and content length %d", emailMsg.Subject, len(emailMsg.Recipients), len(emailMsg.Content)) + return zerrors.ThrowInternalf(nil, "EMAIL-zGemZ", "subject, recipients and content must be set but got subject %s, recipients length %d and content length %d", emailMsg.Subject, len(emailMsg.Recipients), len(emailMsg.Content)) } emailMsg.SenderEmail = email.senderAddress emailMsg.SenderName = email.senderName emailMsg.ReplyToAddress = email.replyToAddress // To && From if err := email.smtpClient.Mail(emailMsg.SenderEmail); err != nil { - return caos_errs.ThrowInternalf(err, "EMAIL-s3is3", "could not set sender: %v", emailMsg.SenderEmail) + return zerrors.ThrowInternalf(err, "EMAIL-s3is3", "could not set sender: %v", emailMsg.SenderEmail) } for _, recp := range append(append(emailMsg.Recipients, emailMsg.CC...), emailMsg.BCC...) { if err := email.smtpClient.Rcpt(recp); err != nil { - return caos_errs.ThrowInternalf(err, "EMAIL-s4is4", "could not set recipient: %v", recp) + return zerrors.ThrowInternalf(err, "EMAIL-s4is4", "could not set recipient: %v", recp) } } @@ -87,7 +87,7 @@ func (email *Email) HandleMessage(message channels.Message) error { func (smtpConfig SMTP) connectToSMTP(tlsRequired bool) (client *smtp.Client, err error) { host, _, err := net.SplitHostPort(smtpConfig.Host) if err != nil { - return nil, caos_errs.ThrowInternal(err, "EMAIL-spR56", "could not split host and port for connect to smtp") + return nil, zerrors.ThrowInternal(err, "EMAIL-spR56", "could not split host and port for connect to smtp") } if !tlsRequired { @@ -109,7 +109,7 @@ func (smtpConfig SMTP) connectToSMTP(tlsRequired bool) (client *smtp.Client, err func (smtpConfig SMTP) getSMPTClient() (*smtp.Client, error) { client, err := smtp.Dial(smtpConfig.Host) if err != nil { - return nil, caos_errs.ThrowInternal(err, "EMAIL-skwos", "could not make smtp dial") + return nil, zerrors.ThrowInternal(err, "EMAIL-skwos", "could not make smtp dial") } return client, nil } @@ -123,12 +123,12 @@ func (smtpConfig SMTP) getSMPTClientWithTls(host string) (*smtp.Client, error) { } if err != nil { - return nil, caos_errs.ThrowInternal(err, "EMAIL-sl39s", "could not make tls dial") + return nil, zerrors.ThrowInternal(err, "EMAIL-sl39s", "could not make tls dial") } client, err := smtp.NewClient(conn, host) if err != nil { - return nil, caos_errs.ThrowInternal(err, "EMAIL-skwi4", "could not create smtp client") + return nil, zerrors.ThrowInternal(err, "EMAIL-skwi4", "could not create smtp client") } return client, err } @@ -142,7 +142,7 @@ func (smtpConfig SMTP) getSMPTClientWithStartTls(host string) (*smtp.Client, err if err := client.StartTLS(&tls.Config{ ServerName: host, }); err != nil { - return nil, caos_errs.ThrowInternal(err, "EMAIL-guvsQ", "could not start tls") + return nil, zerrors.ThrowInternal(err, "EMAIL-guvsQ", "could not start tls") } return client, nil } @@ -157,7 +157,7 @@ func (smtpConfig SMTP) smtpAuth(client *smtp.Client, host string) error { } err := client.Auth(auth) if err != nil { - return caos_errs.ThrowInternalf(err, "EMAIL-s9kfs", "could not add smtp auth for user %s", smtpConfig.User) + return zerrors.ThrowInternalf(err, "EMAIL-s9kfs", "could not add smtp auth for user %s", smtpConfig.User) } return nil } diff --git a/internal/notification/channels/twilio/channel.go b/internal/notification/channels/twilio/channel.go index c25ceb842a..da04b20f5e 100644 --- a/internal/notification/channels/twilio/channel.go +++ b/internal/notification/channels/twilio/channel.go @@ -4,9 +4,9 @@ import ( "github.com/kevinburke/twilio-go" "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels" "github.com/zitadel/zitadel/internal/notification/messages" + "github.com/zitadel/zitadel/internal/zerrors" ) func InitChannel(config Config) channels.NotificationChannel { @@ -17,7 +17,7 @@ func InitChannel(config Config) channels.NotificationChannel { return channels.HandleMessageFunc(func(message channels.Message) error { twilioMsg, ok := message.(*messages.SMS) if !ok { - return caos_errs.ThrowInternal(nil, "TWILI-s0pLc", "message is not SMS") + return zerrors.ThrowInternal(nil, "TWILI-s0pLc", "message is not SMS") } content, err := twilioMsg.GetContent() if err != nil { @@ -25,7 +25,7 @@ func InitChannel(config Config) channels.NotificationChannel { } m, err := client.Messages.SendMessage(twilioMsg.SenderPhoneNumber, twilioMsg.RecipientPhoneNumber, content, nil) if err != nil { - return caos_errs.ThrowInternal(err, "TWILI-osk3S", "could not send message") + return zerrors.ThrowInternal(err, "TWILI-osk3S", "could not send message") } logging.WithFields("message_sid", m.Sid, "status", m.Status).Debug("sms sent") return nil diff --git a/internal/notification/channels/webhook/channel.go b/internal/notification/channels/webhook/channel.go index c587f593b0..4065767d14 100644 --- a/internal/notification/channels/webhook/channel.go +++ b/internal/notification/channels/webhook/channel.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels" "github.com/zitadel/zitadel/internal/notification/messages" + "github.com/zitadel/zitadel/internal/zerrors" ) func InitChannel(ctx context.Context, cfg Config) (channels.NotificationChannel, error) { @@ -25,7 +25,7 @@ func InitChannel(ctx context.Context, cfg Config) (channels.NotificationChannel, defer cancel() msg, ok := message.(*messages.JSON) if !ok { - return errors.ThrowInternal(nil, "WEBH-K686U", "message is not JSON") + return zerrors.ThrowInternal(nil, "WEBH-K686U", "message is not JSON") } payload, err := msg.GetContent() if err != nil { @@ -47,7 +47,7 @@ func InitChannel(ctx context.Context, cfg Config) (channels.NotificationChannel, return err } if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return errors.ThrowUnknown(fmt.Errorf("calling url %s returned %s", cfg.CallURL, resp.Status), "WEBH-LBxU0", "webhook didn't return a success status") + return zerrors.ThrowUnknown(fmt.Errorf("calling url %s returned %s", cfg.CallURL, resp.Status), "WEBH-LBxU0", "webhook didn't return a success status") } logging.WithFields("calling_url", cfg.CallURL, "method", cfg.Method).Debug("webhook called") return nil diff --git a/internal/notification/handlers/config_twilio.go b/internal/notification/handlers/config_twilio.go index 29a79415de..5391553690 100644 --- a/internal/notification/handlers/config_twilio.go +++ b/internal/notification/handlers/config_twilio.go @@ -5,9 +5,9 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/notification/channels/twilio" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) // GetTwilioConfig reads the iam Twilio provider config @@ -21,7 +21,7 @@ func (n *NotificationQueries) GetTwilioConfig(ctx context.Context) (*twilio.Conf return nil, err } if config.TwilioConfig == nil { - return nil, errors.ThrowNotFound(nil, "HANDLER-8nfow", "Errors.SMS.Twilio.NotFound") + return nil, zerrors.ThrowNotFound(nil, "HANDLER-8nfow", "Errors.SMS.Twilio.NotFound") } token, err := crypto.DecryptString(config.TwilioConfig.Token, n.SMSTokenCrypto) if err != nil { diff --git a/internal/notification/handlers/mock/queries.mock.go b/internal/notification/handlers/mock/queries.mock.go index 7c9186760b..620e8ccd59 100644 --- a/internal/notification/handlers/mock/queries.mock.go +++ b/internal/notification/handlers/mock/queries.mock.go @@ -85,6 +85,21 @@ func (mr *MockQueriesMockRecorder) GetDefaultLanguage(arg0 any) *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetDefaultLanguage", reflect.TypeOf((*MockQueries)(nil).GetDefaultLanguage), arg0) } +// GetInstanceRestrictions mocks base method. +func (m *MockQueries) GetInstanceRestrictions(arg0 context.Context) (query.Restrictions, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetInstanceRestrictions", arg0) + ret0, _ := ret[0].(query.Restrictions) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetInstanceRestrictions indicates an expected call of GetInstanceRestrictions. +func (mr *MockQueriesMockRecorder) GetInstanceRestrictions(arg0 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceRestrictions", reflect.TypeOf((*MockQueries)(nil).GetInstanceRestrictions), arg0) +} + // GetNotifyUserByID mocks base method. func (m *MockQueries) GetNotifyUserByID(arg0 context.Context, arg1 bool, arg2 string) (*query.NotifyUser, error) { m.ctrl.T.Helper() diff --git a/internal/notification/handlers/origin.go b/internal/notification/handlers/origin.go index 915e1fed1e..0d12ac3035 100644 --- a/internal/notification/handlers/origin.go +++ b/internal/notification/handlers/origin.go @@ -8,9 +8,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" http_utils "github.com/zitadel/zitadel/internal/api/http" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) type OriginEvent interface { @@ -44,7 +44,7 @@ func (n *NotificationQueries) Origin(ctx context.Context, e eventstore.Event) (c return ctx, err } if len(domains.Domains) < 1 { - return ctx, errors.ThrowInternal(nil, "NOTIF-Ef3r1", "Errors.Notification.NoDomain") + return ctx, zerrors.ThrowInternal(nil, "NOTIF-Ef3r1", "Errors.Notification.NoDomain") } return enrichCtx( ctx, diff --git a/internal/notification/handlers/queries.go b/internal/notification/handlers/queries.go index 8a852eb7b1..afaeb3419a 100644 --- a/internal/notification/handlers/queries.go +++ b/internal/notification/handlers/queries.go @@ -2,8 +2,6 @@ package handlers import ( "context" - "net/http" - "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/crypto" @@ -25,6 +23,7 @@ type Queries interface { SMSProviderConfig(ctx context.Context, queries ...query.SearchQuery) (*query.SMSConfig, error) SMTPConfigByAggregateID(ctx context.Context, aggregateID string) (*query.SMTPConfig, error) GetDefaultLanguage(ctx context.Context) language.Tag + GetInstanceRestrictions(ctx context.Context) (restrictions query.Restrictions, err error) } type NotificationQueries struct { @@ -37,7 +36,6 @@ type NotificationQueries struct { UserDataCrypto crypto.EncryptionAlgorithm SMTPPasswordCrypto crypto.EncryptionAlgorithm SMSTokenCrypto crypto.EncryptionAlgorithm - statikDir http.FileSystem } func NewNotificationQueries( @@ -50,7 +48,6 @@ func NewNotificationQueries( userDataCrypto crypto.EncryptionAlgorithm, smtpPasswordCrypto crypto.EncryptionAlgorithm, smsTokenCrypto crypto.EncryptionAlgorithm, - statikDir http.FileSystem, ) *NotificationQueries { return &NotificationQueries{ Queries: baseQueries, @@ -62,6 +59,5 @@ func NewNotificationQueries( UserDataCrypto: userDataCrypto, SMTPPasswordCrypto: smtpPasswordCrypto, SMSTokenCrypto: smsTokenCrypto, - statikDir: statikDir, } } diff --git a/internal/notification/handlers/quota_notifier.go b/internal/notification/handlers/quota_notifier.go index b149643eab..d0ed12baa2 100644 --- a/internal/notification/handlers/quota_notifier.go +++ b/internal/notification/handlers/quota_notifier.go @@ -5,13 +5,13 @@ import ( "net/http" "github.com/zitadel/zitadel/internal/command" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/notification/channels/webhook" _ "github.com/zitadel/zitadel/internal/notification/statik" "github.com/zitadel/zitadel/internal/notification/types" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -60,7 +60,7 @@ func (u *quotaNotifier) Reducers() []handler.AggregateReducer { func (u *quotaNotifier) reduceNotificationDue(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*quota.NotificationDueEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-DLxdE", "reduce.wrong.event.type %s", quota.NotificationDueEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-DLxdE", "reduce.wrong.event.type %s", quota.NotificationDueEventType) } return handler.NewStatement(event, func(ex handler.Executer, projectionName string) error { diff --git a/internal/notification/handlers/quota_notifier_test.go b/internal/notification/handlers/quota_notifier_test.go index 059d4cf041..72991019da 100644 --- a/internal/notification/handlers/quota_notifier_test.go +++ b/internal/notification/handlers/quota_notifier_test.go @@ -21,7 +21,7 @@ import ( ) func TestServer_QuotaNotification_Limit(t *testing.T) { - _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) amount := 10 percent := 50 percentAmount := amount * percent / 100 @@ -67,7 +67,7 @@ func TestServer_QuotaNotification_Limit(t *testing.T) { } func TestServer_QuotaNotification_NoLimit(t *testing.T) { - _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + _, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) amount := 10 percent := 50 percentAmount := amount * percent / 100 diff --git a/internal/notification/handlers/telemetry_pusher.go b/internal/notification/handlers/telemetry_pusher.go index b326bbc961..39a1f59454 100644 --- a/internal/notification/handlers/telemetry_pusher.go +++ b/internal/notification/handlers/telemetry_pusher.go @@ -11,7 +11,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/command" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/notification/channels/webhook" @@ -20,6 +19,7 @@ import ( "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/milestone" "github.com/zitadel/zitadel/internal/repository/pseudo" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -80,7 +80,7 @@ func (t *telemetryPusher) pushMilestones(event eventstore.Event) (*handler.State ctx := call.WithTimestamp(context.Background()) scheduledEvent, ok := event.(*pseudo.ScheduledEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-lDTs5", "reduce.wrong.event.type %s", event.Type()) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-lDTs5", "reduce.wrong.event.type %s", event.Type()) } return handler.NewStatement(event, func(ex handler.Executer, projectionName string) error { diff --git a/internal/notification/handlers/telemetry_pusher_integration_test.go b/internal/notification/handlers/telemetry_pusher_integration_test.go index f0d46b3613..9520253ade 100644 --- a/internal/notification/handlers/telemetry_pusher_integration_test.go +++ b/internal/notification/handlers/telemetry_pusher_integration_test.go @@ -13,7 +13,7 @@ import ( ) func TestServer_TelemetryPushMilestones(t *testing.T) { - primaryDomain, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(CTX, SystemCTX) + primaryDomain, instanceID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX) t.Log("testing against instance with primary domain", primaryDomain) awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "InstanceCreated") project, err := Tester.Client.Mgmt.AddProject(iamOwnerCtx, &management.AddProjectRequest{Name: "integration"}) diff --git a/internal/notification/handlers/translator.go b/internal/notification/handlers/translator.go index 627bb42a27..d805985795 100644 --- a/internal/notification/handlers/translator.go +++ b/internal/notification/handlers/translator.go @@ -10,7 +10,11 @@ import ( ) func (n *NotificationQueries) GetTranslatorWithOrgTexts(ctx context.Context, orgID, textType string) (*i18n.Translator, error) { - translator, err := i18n.NewTranslator(n.statikDir, n.GetDefaultLanguage(ctx), "") + restrictions, err := n.Queries.GetInstanceRestrictions(ctx) + if err != nil { + return nil, err + } + translator, err := i18n.NewNotificationTranslator(n.GetDefaultLanguage(ctx), restrictions.AllowedLanguages) if err != nil { return nil, err } diff --git a/internal/notification/handlers/user_notifier.go b/internal/notification/handlers/user_notifier.go index 6f15b994f9..9208fbc4b5 100644 --- a/internal/notification/handlers/user_notifier.go +++ b/internal/notification/handlers/user_notifier.go @@ -9,13 +9,13 @@ import ( "github.com/zitadel/zitadel/internal/api/ui/login" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/notification/types" "github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -127,7 +127,7 @@ func (u *userNotifier) Reducers() []handler.AggregateReducer { func (u *userNotifier) reduceInitCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanInitialCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-EFe2f", "reduce.wrong.event.type %s", user.HumanInitialCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-EFe2f", "reduce.wrong.event.type %s", user.HumanInitialCodeAddedType) } return handler.NewStatement(event, func(ex handler.Executer, projectionName string) error { @@ -180,7 +180,7 @@ func (u *userNotifier) reduceInitCodeAdded(event eventstore.Event) (*handler.Sta func (u *userNotifier) reduceEmailCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanEmailCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SWf3g", "reduce.wrong.event.type %s", user.HumanEmailCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SWf3g", "reduce.wrong.event.type %s", user.HumanEmailCodeAddedType) } if e.CodeReturned { @@ -237,7 +237,7 @@ func (u *userNotifier) reduceEmailCodeAdded(event eventstore.Event) (*handler.St func (u *userNotifier) reducePasswordCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPasswordCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Eeg3s", "reduce.wrong.event.type %s", user.HumanPasswordCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Eeg3s", "reduce.wrong.event.type %s", user.HumanPasswordCodeAddedType) } if e.CodeReturned { return handler.NewNoOpStatement(e), nil @@ -296,7 +296,7 @@ func (u *userNotifier) reducePasswordCodeAdded(event eventstore.Event) (*handler func (u *userNotifier) reduceOTPSMSCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanOTPSMSCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASF3g", "reduce.wrong.event.type %s", user.HumanOTPSMSCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASF3g", "reduce.wrong.event.type %s", user.HumanOTPSMSCodeAddedType) } return u.reduceOTPSMS( e, @@ -313,7 +313,7 @@ func (u *userNotifier) reduceOTPSMSCodeAdded(event eventstore.Event) (*handler.S func (u *userNotifier) reduceSessionOTPSMSChallenged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.OTPSMSChallengedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Sk32L", "reduce.wrong.event.type %s", session.OTPSMSChallengedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Sk32L", "reduce.wrong.event.type %s", session.OTPSMSChallengedType) } if e.CodeReturned { return handler.NewNoOpStatement(e), nil @@ -388,7 +388,7 @@ func (u *userNotifier) reduceOTPSMS( func (u *userNotifier) reduceOTPEmailCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanOTPEmailCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-JL3hw", "reduce.wrong.event.type %s", user.HumanOTPEmailCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-JL3hw", "reduce.wrong.event.type %s", user.HumanOTPEmailCodeAddedType) } var authRequestID string if e.AuthRequestInfo != nil { @@ -413,7 +413,7 @@ func (u *userNotifier) reduceOTPEmailCodeAdded(event eventstore.Event) (*handler func (u *userNotifier) reduceSessionOTPEmailChallenged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.OTPEmailChallengedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-zbsgt", "reduce.wrong.event.type %s", session.OTPEmailChallengedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-zbsgt", "reduce.wrong.event.type %s", session.OTPEmailChallengedType) } if e.ReturnCode { return handler.NewNoOpStatement(e), nil @@ -510,7 +510,7 @@ func (u *userNotifier) reduceOTPEmail( func (u *userNotifier) reduceDomainClaimed(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.DomainClaimedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Drh5w", "reduce.wrong.event.type %s", user.UserDomainClaimedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Drh5w", "reduce.wrong.event.type %s", user.UserDomainClaimedType) } return handler.NewStatement(event, func(ex handler.Executer, projectionName string) error { ctx := HandlerContext(event.Aggregate()) @@ -557,7 +557,7 @@ func (u *userNotifier) reduceDomainClaimed(event eventstore.Event) (*handler.Sta func (u *userNotifier) reducePasswordlessCodeRequested(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPasswordlessInitCodeRequestedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-EDtjd", "reduce.wrong.event.type %s", user.HumanPasswordlessInitCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-EDtjd", "reduce.wrong.event.type %s", user.HumanPasswordlessInitCodeAddedType) } if e.CodeReturned { return handler.NewNoOpStatement(e), nil @@ -611,7 +611,7 @@ func (u *userNotifier) reducePasswordlessCodeRequested(event eventstore.Event) ( func (u *userNotifier) reducePasswordChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPasswordChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Yko2z8", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Yko2z8", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) } return handler.NewStatement(event, func(ex handler.Executer, projectionName string) error { @@ -625,7 +625,7 @@ func (u *userNotifier) reducePasswordChanged(event eventstore.Event) (*handler.S } notificationPolicy, err := u.queries.NotificationPolicyByOrg(ctx, true, e.Aggregate().ResourceOwner, false) - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return nil } if err != nil { @@ -670,7 +670,7 @@ func (u *userNotifier) reducePasswordChanged(event eventstore.Event) (*handler.S func (u *userNotifier) reducePhoneCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPhoneCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-He83g", "reduce.wrong.event.type %s", user.HumanPhoneCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-He83g", "reduce.wrong.event.type %s", user.HumanPhoneCodeAddedType) } if e.CodeReturned { return handler.NewNoOpStatement(e), nil diff --git a/internal/notification/handlers/user_notifier_test.go b/internal/notification/handlers/user_notifier_test.go index 1ca10a3d15..86b843fc52 100644 --- a/internal/notification/handlers/user_notifier_test.go +++ b/internal/notification/handlers/user_notifier_test.go @@ -4,7 +4,6 @@ import ( "context" "database/sql" "fmt" - "net/http" "testing" "time" @@ -12,7 +11,6 @@ import ( "github.com/zitadel/zitadel/internal/notification/messages" - statik_fs "github.com/rakyll/statik/fs" "github.com/stretchr/testify/assert" "go.uber.org/mock/gomock" "golang.org/x/text/language" @@ -202,15 +200,13 @@ func Test_userNotifier_reduceInitCodeAdded(t *testing.T) { }, }} // TODO: Why don't we have an url template on user.HumanInitialCodeAddedEvent? - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reduceInitCodeAdded(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reduceInitCodeAdded(a.event) if w.err != nil { w.err(t, err) } else { @@ -423,15 +419,13 @@ func Test_userNotifier_reduceEmailCodeAdded(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reduceEmailCodeAdded(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reduceEmailCodeAdded(a.event) if w.err != nil { w.err(t, err) } else { @@ -644,15 +638,13 @@ func Test_userNotifier_reducePasswordCodeAdded(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reducePasswordCodeAdded(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reducePasswordCodeAdded(a.event) if w.err != nil { w.err(t, err) } else { @@ -737,15 +729,13 @@ func Test_userNotifier_reduceDomainClaimed(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reduceDomainClaimed(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reduceDomainClaimed(a.event) if w.err != nil { w.err(t, err) } else { @@ -963,15 +953,13 @@ func Test_userNotifier_reducePasswordlessCodeRequested(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reducePasswordlessCodeRequested(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reducePasswordlessCodeRequested(a.event) if w.err != nil { w.err(t, err) } else { @@ -1062,15 +1050,13 @@ func Test_userNotifier_reducePasswordChanged(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - stmt, err := newUserNotifier(t, ctrl, queries, fs, f, a, w).reducePasswordChanged(a.event) + stmt, err := newUserNotifier(t, ctrl, queries, f, a, w).reducePasswordChanged(a.event) if w.err != nil { w.err(t, err) } else { @@ -1287,15 +1273,13 @@ func Test_userNotifier_reduceOTPEmailChallenged(t *testing.T) { }, w }, }} - fs, err := statik_fs.NewWithNamespace("notification") - assert.NoError(t, err) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctrl := gomock.NewController(t) queries := mock.NewMockQueries(ctrl) commands := mock.NewMockCommands(ctrl) f, a, w := tt.test(ctrl, queries, commands) - _, err = newUserNotifier(t, ctrl, queries, fs, f, a, w).reduceSessionOTPEmailChallenged(a.event) + _, err := newUserNotifier(t, ctrl, queries, f, a, w).reduceSessionOTPEmailChallenged(a.event) if w.err != nil { w.err(t, err) } else { @@ -1320,7 +1304,7 @@ type want struct { err assert.ErrorAssertionFunc } -func newUserNotifier(t *testing.T, ctrl *gomock.Controller, queries *mock.MockQueries, fs http.FileSystem, f fields, a args, w want) *userNotifier { +func newUserNotifier(t *testing.T, ctrl *gomock.Controller, queries *mock.MockQueries, f fields, a args, w want) *userNotifier { queries.EXPECT().NotificationProviderByIDAndType(gomock.Any(), gomock.Any(), gomock.Any()).AnyTimes().Return(&query.DebugNotificationProvider{}, nil) smtpAlg, _ := cryptoValue(t, ctrl, "smtppw") channel := channel_mock.NewMockNotificationChannel(ctrl) @@ -1340,7 +1324,6 @@ func newUserNotifier(t *testing.T, ctrl *gomock.Controller, queries *mock.MockQu f.userDataCrypto, smtpAlg, f.SMSTokenCrypto, - fs, ), otpEmailTmpl: defaultOTPEmailTemplate, channels: &channels{Chain: *senders.ChainChannels(channel)}, @@ -1366,6 +1349,9 @@ func (c *channels) Webhook(context.Context, webhook.Config) (*senders.Chain, err } func expectTemplateQueries(queries *mock.MockQueries, template string) { + queries.EXPECT().GetInstanceRestrictions(gomock.Any()).Return(query.Restrictions{ + AllowedLanguages: []language.Tag{language.English}, + }, nil) queries.EXPECT().ActiveLabelPolicyByOrg(gomock.Any(), gomock.Any(), gomock.Any()).Return(&query.LabelPolicy{ ID: policyID, Light: query.Theme{ diff --git a/internal/notification/projections.go b/internal/notification/projections.go index b2630d2330..341e351461 100644 --- a/internal/notification/projections.go +++ b/internal/notification/projections.go @@ -3,9 +3,6 @@ package notification import ( "context" - statik_fs "github.com/rakyll/statik/fs" - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/eventstore" @@ -29,9 +26,7 @@ func Start( fileSystemPath string, userEncryption, smtpEncryption, smsEncryption crypto.EncryptionAlgorithm, ) { - statikFS, err := statik_fs.NewWithNamespace("notification") - logging.OnError(err).Panic("unable to start listener") - q := handlers.NewNotificationQueries(queries, es, externalDomain, externalPort, externalSecure, fileSystemPath, userEncryption, smtpEncryption, smsEncryption, statikFS) + q := handlers.NewNotificationQueries(queries, es, externalDomain, externalPort, externalSecure, fileSystemPath, userEncryption, smtpEncryption, smsEncryption) c := newChannels(q) handlers.NewUserNotifier(ctx, projection.ApplyCustomConfig(userHandlerCustomConfig), commands, q, c, otpEmailTmpl).Start(ctx) handlers.NewQuotaNotifier(ctx, projection.ApplyCustomConfig(quotaHandlerCustomConfig), commands, q, c).Start(ctx) diff --git a/internal/notification/types/email_verification_code_test.go b/internal/notification/types/email_verification_code_test.go index ab1b4e1810..38aeb987ac 100644 --- a/internal/notification/types/email_verification_code_test.go +++ b/internal/notification/types/email_verification_code_test.go @@ -9,8 +9,8 @@ import ( http_utils "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestNotify_SendEmailVerificationCode(t *testing.T) { @@ -56,7 +56,7 @@ func TestNotify_SendEmailVerificationCode(t *testing.T) { urlTmpl: "{{", }, want: ¬ifyResult{}, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "template success", diff --git a/internal/notification/types/passwordless_registration_link_test.go b/internal/notification/types/passwordless_registration_link_test.go index 489a505675..95fb75603f 100644 --- a/internal/notification/types/passwordless_registration_link_test.go +++ b/internal/notification/types/passwordless_registration_link_test.go @@ -9,8 +9,8 @@ import ( http_utils "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestNotify_SendPasswordlessRegistrationLink(t *testing.T) { @@ -58,7 +58,7 @@ func TestNotify_SendPasswordlessRegistrationLink(t *testing.T) { urlTmpl: "{{", }, want: ¬ifyResult{}, - wantErr: caos_errs.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), + wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"), }, { name: "template success", diff --git a/internal/notification/types/user_email.go b/internal/notification/types/user_email.go index 152b630769..d3c3bfdd4a 100644 --- a/internal/notification/types/user_email.go +++ b/internal/notification/types/user_email.go @@ -4,10 +4,10 @@ import ( "context" "html" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/messages" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) func generateEmail( @@ -34,7 +34,7 @@ func generateEmail( return err } if emailChannels == nil || emailChannels.Len() == 0 { - return errors.ThrowPreconditionFailed(nil, "MAIL-83nof", "Errors.Notification.Channels.NotPresent") + return zerrors.ThrowPreconditionFailed(nil, "MAIL-83nof", "Errors.Notification.Channels.NotPresent") } return emailChannels.HandleMessage(message) } diff --git a/internal/notification/types/user_phone.go b/internal/notification/types/user_phone.go index 6eb3314cda..c9adfeac83 100644 --- a/internal/notification/types/user_phone.go +++ b/internal/notification/types/user_phone.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/notification/messages" "github.com/zitadel/zitadel/internal/query" + "github.com/zitadel/zitadel/internal/zerrors" ) func generateSms( @@ -23,7 +23,7 @@ func generateSms( smsChannels, twilioConfig, err := channels.SMS(ctx) logging.OnError(err).Error("could not create sms channel") if smsChannels == nil || smsChannels.Len() == 0 { - return errors.ThrowPreconditionFailed(nil, "PHONE-w8nfow", "Errors.Notification.Channels.NotPresent") + return zerrors.ThrowPreconditionFailed(nil, "PHONE-w8nfow", "Errors.Notification.Channels.NotPresent") } if err == nil { number = twilioConfig.SenderNumber diff --git a/internal/org/model/domain.go b/internal/org/model/domain.go index c1d951b841..88c3a8b028 100644 --- a/internal/org/model/domain.go +++ b/internal/org/model/domain.go @@ -1,7 +1,6 @@ package model import ( - http_util "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" ) @@ -22,35 +21,3 @@ const ( OrgDomainValidationTypeHTTP OrgDomainValidationTypeDNS ) - -func (t OrgDomainValidationType) CheckType() (http_util.CheckType, bool) { - switch t { - case OrgDomainValidationTypeHTTP: - return http_util.CheckTypeHTTP, true - case OrgDomainValidationTypeDNS: - return http_util.CheckTypeDNS, true - default: - return -1, false - } -} - -func (t OrgDomainValidationType) IsDNS() bool { - return t == OrgDomainValidationTypeDNS -} - -func NewOrgDomain(orgID, domain string) *OrgDomain { - return &OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: orgID}, Domain: domain} -} - -func (domain *OrgDomain) IsValid() bool { - return domain.AggregateID != "" && domain.Domain != "" -} - -func (domain *OrgDomain) GenerateVerificationCode(codeGenerator crypto.Generator) (string, error) { - validationCodeCrypto, validationCode, err := crypto.NewCode(codeGenerator) - if err != nil { - return "", err - } - domain.ValidationCode = validationCodeCrypto - return validationCode, nil -} diff --git a/internal/org/model/org.go b/internal/org/model/org.go index 104931c66b..f2e8454b5c 100644 --- a/internal/org/model/org.go +++ b/internal/org/model/org.go @@ -2,9 +2,9 @@ package model import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" iam_model "github.com/zitadel/zitadel/internal/iam/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type Org struct { @@ -43,7 +43,7 @@ func (o *Org) GetPrimaryDomain() (string, error) { return d.Domain, nil } } - return "", errors.ThrowInternalf(nil, "ORG-Dertg", "no primary domain found for org: %s (instanceID: %s)", o.AggregateID, o.InstanceID) + return "", zerrors.ThrowInternalf(nil, "ORG-Dertg", "no primary domain found for org: %s (instanceID: %s)", o.AggregateID, o.InstanceID) } func (o *Org) AddIAMDomain(iamDomain string) { diff --git a/internal/org/repository/eventsourcing/model/domain.go b/internal/org/repository/eventsourcing/model/domain.go index 902805772b..212d8b499a 100644 --- a/internal/org/repository/eventsourcing/model/domain.go +++ b/internal/org/repository/eventsourcing/model/domain.go @@ -2,10 +2,10 @@ package model import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/org/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type OrgDomain struct { @@ -98,7 +98,7 @@ func (o *Org) appendVerificationDomainEvent(event eventstore.Event) error { func (m *OrgDomain) SetData(event eventstore.Event) error { err := event.Unmarshal(m) if err != nil { - return errors.ThrowInternal(err, "EVENT-Hz7Mb", "unable to unmarshal data") + return zerrors.ThrowInternal(err, "EVENT-Hz7Mb", "unable to unmarshal data") } return nil } diff --git a/internal/org/repository/eventsourcing/model/member.go b/internal/org/repository/eventsourcing/model/member.go deleted file mode 100644 index 1dad429a5e..0000000000 --- a/internal/org/repository/eventsourcing/model/member.go +++ /dev/null @@ -1,51 +0,0 @@ -package model - -import ( - "encoding/json" - "reflect" - - "github.com/zitadel/zitadel/internal/errors" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -type OrgMember struct { - es_models.ObjectRoot `json:"-"` - - UserID string `json:"userId,omitempty"` - Roles []string `json:"roles,omitempty"` -} - -func (m *OrgMember) AppendEvents(events ...*es_models.Event) error { - for _, event := range events { - err := m.AppendEvent(event) - if err != nil { - return err - } - } - return nil -} - -func (m *OrgMember) AppendEvent(event *es_models.Event) error { - m.ObjectRoot.AppendEvent(event) - - return m.SetData(event) -} - -func (m *OrgMember) SetData(event *es_models.Event) error { - err := json.Unmarshal(event.Data, m) - if err != nil { - return errors.ThrowInternal(err, "EVENT-Hz7Mb", "unable to unmarshal data") - } - return nil -} - -func (m *OrgMember) Changes(updatedMember *OrgMember) map[string]interface{} { - changes := make(map[string]interface{}, 2) - - if !reflect.DeepEqual(m.Roles, updatedMember.Roles) { - changes["roles"] = updatedMember.Roles - changes["userId"] = m.UserID - } - - return changes -} diff --git a/internal/org/repository/eventsourcing/model/org.go b/internal/org/repository/eventsourcing/model/org.go index 5de94e4998..98f47c2dbf 100644 --- a/internal/org/repository/eventsourcing/model/org.go +++ b/internal/org/repository/eventsourcing/model/org.go @@ -1,12 +1,12 @@ package model import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" iam_es_model "github.com/zitadel/zitadel/internal/iam/repository/eventsourcing/model" org_model "github.com/zitadel/zitadel/internal/org/model" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) type Org struct { @@ -93,17 +93,7 @@ func (o *Org) AppendEvent(event eventstore.Event) (err error) { func (o *Org) SetData(event eventstore.Event) error { err := event.Unmarshal(o) if err != nil { - return errors.ThrowInternal(err, "EVENT-BpbQZ", "unable to unmarshal event") + return zerrors.ThrowInternal(err, "EVENT-BpbQZ", "unable to unmarshal event") } return nil } - -func (o *Org) Changes(changed *Org) map[string]interface{} { - changes := make(map[string]interface{}, 2) - - if changed.Name != "" && changed.Name != o.Name { - changes["name"] = changed.Name - } - - return changes -} diff --git a/internal/org/repository/eventsourcing/model/org_test.go b/internal/org/repository/eventsourcing/model/org_test.go index af6cd96331..95085eb244 100644 --- a/internal/org/repository/eventsourcing/model/org_test.go +++ b/internal/org/repository/eventsourcing/model/org_test.go @@ -116,47 +116,3 @@ func TestAppendEvent(t *testing.T) { }) } } - -func TestChanges(t *testing.T) { - type args struct { - existingOrg *Org - newOrg *Org - } - type res struct { - changesLen int - } - tests := []struct { - name string - args args - res res - }{ - { - name: "org name changes", - args: args{ - existingOrg: &Org{Name: "Name"}, - newOrg: &Org{Name: "NameChanged"}, - }, - res: res{ - changesLen: 1, - }, - }, - { - name: "no changes", - args: args{ - existingOrg: &Org{Name: "Name"}, - newOrg: &Org{Name: "Name"}, - }, - res: res{ - changesLen: 0, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - changes := tt.args.existingOrg.Changes(tt.args.newOrg) - if len(changes) != tt.res.changesLen { - t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes)) - } - }) - } -} diff --git a/internal/org/repository/view/query.go b/internal/org/repository/view/query.go index 21b39a2232..d2e56eaaf6 100644 --- a/internal/org/repository/view/query.go +++ b/internal/org/repository/view/query.go @@ -1,14 +1,14 @@ package view import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func OrgByIDQuery(id, instanceID string, latestSequence uint64) (*eventstore.SearchQueryBuilder, error) { if id == "" { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dke74", "id should be filled") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-dke74", "id should be filled") } return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). InstanceID(instanceID). diff --git a/internal/project/model/api_config.go b/internal/project/model/api_config.go index 2751d601de..e2ae43f338 100644 --- a/internal/project/model/api_config.go +++ b/internal/project/model/api_config.go @@ -1,15 +1,8 @@ package model import ( - "fmt" - "strings" - - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/id" ) type APIConfig struct { @@ -27,35 +20,3 @@ const ( APIAuthMethodTypeBasic APIAuthMethodType = iota APIAuthMethodTypePrivateKeyJWT ) - -func (c *APIConfig) IsValid() bool { - return true -} - -//ClientID random_number@projectname (eg. 495894098234@zitadel) -func (c *APIConfig) GenerateNewClientID(idGenerator id.Generator, project *Project) error { - rndID, err := idGenerator.Next() - if err != nil { - return err - } - - c.ClientID = fmt.Sprintf("%v@%v", rndID, strings.ReplaceAll(strings.ToLower(project.Name), " ", "_")) - return nil -} - -func (c *APIConfig) GenerateClientSecretIfNeeded(generator crypto.Generator) (string, error) { - if c.AuthMethodType == APIAuthMethodTypeBasic { - return c.GenerateNewClientSecret(generator) - } - return "", nil -} - -func (c *APIConfig) GenerateNewClientSecret(generator crypto.Generator) (string, error) { - cryptoValue, stringSecret, err := crypto.NewCode(generator) - if err != nil { - logging.Log("MODEL-ADvd2").OnError(err).Error("unable to create client secret") - return "", errors.ThrowInternal(err, "MODEL-dsvr43", "Errors.Project.CouldNotGenerateClientSecret") - } - c.ClientSecret = cryptoValue - return stringSecret, nil -} diff --git a/internal/project/model/application.go b/internal/project/model/application.go index f38263eb72..0816511eb4 100644 --- a/internal/project/model/application.go +++ b/internal/project/model/application.go @@ -32,22 +32,3 @@ const ( AppTypeSAML AppTypeAPI ) - -func (a *Application) IsValid(includeConfig bool) bool { - if a.Name == "" || a.AggregateID == "" { - return false - } - if !includeConfig { - return true - } - if a.Type == AppTypeOIDC && !a.OIDCConfig.IsValid() { - return false - } - if a.Type == AppTypeAPI && !a.APIConfig.IsValid() { - return false - } - if a.Type == AppTypeSAML && !a.SAMLConfig.IsValid() { - return false - } - return true -} diff --git a/internal/project/model/application_test.go b/internal/project/model/application_test.go deleted file mode 100644 index 0feabf0174..0000000000 --- a/internal/project/model/application_test.go +++ /dev/null @@ -1,171 +0,0 @@ -package model - -import ( - "testing" - - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -func TestApplicationValid(t *testing.T) { - type args struct { - app *Application - } - tests := []struct { - name string - args args - result bool - }{ - { - name: "valid oidc application: responsetype code", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode}, - }, - }, - }, - result: true, - }, - { - name: "invalid oidc application: responsetype code", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeImplicit}, - }, - }, - }, - result: false, - }, - { - name: "valid oidc application: responsetype id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeIDToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeImplicit}, - }, - }, - }, - result: true, - }, - { - name: "invalid oidc application: responsetype id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeIDToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode}, - }, - }, - }, - result: false, - }, - { - name: "valid oidc application: responsetype token_id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeIDTokenToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeImplicit}, - }, - }, - }, - result: true, - }, - { - name: "invalid oidc application: responsetype token_id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeIDTokenToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode}, - }, - }, - }, - result: false, - }, - { - name: "valid oidc application: responsetype code & id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode, OIDCResponseTypeIDToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode, OIDCGrantTypeImplicit}, - }, - }, - }, - result: true, - }, - { - name: "valid oidc application: responsetype code & token_id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode, OIDCResponseTypeIDTokenToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode, OIDCGrantTypeImplicit}, - }, - }, - }, - result: true, - }, - { - name: "valid oidc application: responsetype code & id_token & token_id_token", - args: args{ - app: &Application{ - ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, - AppID: "AppID", - Name: "Name", - Type: AppTypeOIDC, - OIDCConfig: &OIDCConfig{ - ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode, OIDCResponseTypeIDToken, OIDCResponseTypeIDTokenToken}, - GrantTypes: []OIDCGrantType{OIDCGrantTypeAuthorizationCode, OIDCGrantTypeImplicit}, - }, - }, - }, - result: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := tt.args.app.IsValid(true) - if result != tt.result { - t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result, result) - } - }) - } -} diff --git a/internal/project/model/oidc_config.go b/internal/project/model/oidc_config.go index c3b0739f58..50be6c318a 100644 --- a/internal/project/model/oidc_config.go +++ b/internal/project/model/oidc_config.go @@ -1,17 +1,11 @@ package model import ( - "fmt" - "strings" "time" - "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/id" ) type OIDCConfig struct { @@ -97,49 +91,6 @@ type Token struct { Scopes []string } -func (c *OIDCConfig) IsValid() bool { - grantTypes := c.getRequiredGrantTypes() - for _, grantType := range grantTypes { - ok := containsOIDCGrantType(c.GrantTypes, grantType) - if !ok { - return false - } - } - return true -} - -//ClientID random_number@projectname (eg. 495894098234@zitadel) -func (c *OIDCConfig) GenerateNewClientID(idGenerator id.Generator, project *Project) error { - rndID, err := idGenerator.Next() - if err != nil { - return err - } - - c.ClientID = fmt.Sprintf("%v@%v", rndID, strings.ReplaceAll(strings.ToLower(project.Name), " ", "_")) - return nil -} - -func (c *OIDCConfig) GenerateClientSecretIfNeeded(generator crypto.Generator) (string, error) { - if c.AuthMethodType == OIDCAuthMethodTypeBasic || c.AuthMethodType == OIDCAuthMethodTypePost { - return c.GenerateNewClientSecret(generator) - } - return "", nil -} - -func (c *OIDCConfig) GenerateNewClientSecret(generator crypto.Generator) (string, error) { - cryptoValue, stringSecret, err := crypto.NewCode(generator) - if err != nil { - logging.Log("MODEL-UpnTI").OnError(err).Error("unable to create client secret") - return "", errors.ThrowInternal(err, "MODEL-gH2Wl", "Errors.Project.CouldNotGenerateClientSecret") - } - c.ClientSecret = cryptoValue - return stringSecret, nil -} - -func (c *OIDCConfig) FillCompliance() { - c.Compliance = GetOIDCCompliance(c.OIDCVersion, c.ApplicationType, c.GrantTypes, c.ResponseTypes, c.AuthMethodType, c.RedirectUris) -} - func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance { switch version { case OIDCVersionV1: @@ -155,29 +106,3 @@ func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTy } return nil } - -func (c *OIDCConfig) getRequiredGrantTypes() []OIDCGrantType { - grantTypes := make([]OIDCGrantType, 0) - implicit := false - for _, r := range c.ResponseTypes { - switch r { - case OIDCResponseTypeCode: - grantTypes = append(grantTypes, OIDCGrantTypeAuthorizationCode) - case OIDCResponseTypeIDToken, OIDCResponseTypeIDTokenToken: - if !implicit { - implicit = true - grantTypes = append(grantTypes, OIDCGrantTypeImplicit) - } - } - } - return grantTypes -} - -func containsOIDCGrantType(grantTypes []OIDCGrantType, grantType OIDCGrantType) bool { - for _, gt := range grantTypes { - if gt == grantType { - return true - } - } - return false -} diff --git a/internal/project/model/org_project_mapping_view.go b/internal/project/model/org_project_mapping_view.go deleted file mode 100644 index e744285533..0000000000 --- a/internal/project/model/org_project_mapping_view.go +++ /dev/null @@ -1,55 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - - "time" -) - -type OrgProjectMapping struct { - OrgID string - ProjectID string -} - -type OrgProjectMappingViewSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn OrgProjectMappingViewSearchKey - Asc bool - Queries []*OrgProjectMappingViewSearchQuery -} - -type OrgProjectMappingViewSearchKey int32 - -const ( - OrgProjectMappingSearchKeyUnspecified OrgProjectMappingViewSearchKey = iota - OrgProjectMappingSearchKeyProjectID - OrgProjectMappingSearchKeyOrgID - OrgProjectMappingSearchKeyProjectGrantID - OrgProjectMappingSearchKeyInstanceID - OrgProjectMappingSearchKeyOwnerRemoved -) - -type OrgProjectMappingViewSearchQuery struct { - Key OrgProjectMappingViewSearchKey - Method domain.SearchMethod - Value interface{} -} - -type OrgProjectMappingViewSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*OrgProjectMapping - Sequence uint64 - Timestamp time.Time -} - -func (r *OrgProjectMappingViewSearchRequest) GetSearchQuery(key OrgProjectMappingViewSearchKey) (int, *OrgProjectMappingViewSearchQuery) { - for i, q := range r.Queries { - if q.Key == key { - return i, q - } - } - return -1, nil -} diff --git a/internal/project/model/project.go b/internal/project/model/project.go index acbef86a5c..ebedf3cff2 100644 --- a/internal/project/model/project.go +++ b/internal/project/model/project.go @@ -27,68 +27,3 @@ const ( ProjectStateInactive ProjectStateRemoved ) - -func (p *Project) IsActive() bool { - return p.State == ProjectStateActive -} - -func (p *Project) IsValid() bool { - return p.Name != "" -} - -func (p *Project) ContainsRole(role *ProjectRole) bool { - for _, r := range p.Roles { - if r.Key == role.Key { - return true - } - } - return false -} - -func (p *Project) GetApp(appID string) (int, *Application) { - for i, a := range p.Applications { - if a.AppID == appID { - return i, a - } - } - return -1, nil -} - -func (p *Project) GetGrant(grantID string) (int, *ProjectGrant) { - for i, g := range p.Grants { - if g.GrantID == grantID { - return i, g - } - } - return -1, nil -} - -func (p *Project) ContainsGrantForOrg(orgID string) bool { - for _, g := range p.Grants { - if g.GrantedOrgID == orgID { - return true - } - } - return false -} - -func (p *Project) ContainsRoles(roleKeys []string) bool { - for _, r := range roleKeys { - if !p.ContainsRole(&ProjectRole{Key: r}) { - return false - } - } - return true -} - -func (p *Project) ContainsGrantMember(member *ProjectGrantMember) bool { - for _, g := range p.Grants { - if g.GrantID != member.GrantID { - continue - } - if _, m := g.GetMember(member.UserID); m != nil { - return true - } - } - return false -} diff --git a/internal/project/model/project_grant.go b/internal/project/model/project_grant.go index b90ae4059a..5ffdae989a 100644 --- a/internal/project/model/project_grant.go +++ b/internal/project/model/project_grant.go @@ -14,54 +14,9 @@ type ProjectGrant struct { Members []*ProjectGrantMember } -type ProjectGrantIDs struct { - ProjectID string - GrantID string -} - type ProjectGrantState int32 const ( ProjectGrantStateActive ProjectGrantState = iota ProjectGrantStateInactive ) - -func NewProjectGrant(projectID, grantID string) *ProjectGrant { - return &ProjectGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: projectID}, GrantID: grantID, State: ProjectGrantStateActive} -} - -func (p *ProjectGrant) IsActive() bool { - return p.State == ProjectGrantStateActive -} - -func (p *ProjectGrant) IsValid() bool { - return p.GrantedOrgID != "" -} - -func (p *ProjectGrant) GetMember(userID string) (int, *ProjectGrantMember) { - for i, m := range p.Members { - if m.UserID == userID { - return i, m - } - } - return -1, nil -} - -func (p *ProjectGrant) GetRemovedRoles(roleKeys []string) []string { - removed := make([]string, 0) - for _, role := range p.RoleKeys { - if !containsKey(roleKeys, role) { - removed = append(removed, role) - } - } - return removed -} - -func containsKey(roles []string, key string) bool { - for _, role := range roles { - if role == key { - return true - } - } - return false -} diff --git a/internal/project/model/project_grant_member.go b/internal/project/model/project_grant_member.go index ec56441c54..c0aee1af64 100644 --- a/internal/project/model/project_grant_member.go +++ b/internal/project/model/project_grant_member.go @@ -8,11 +8,3 @@ type ProjectGrantMember struct { UserID string Roles []string } - -func NewProjectGrantMember(projectID, grantID, userID string) *ProjectGrantMember { - return &ProjectGrantMember{ObjectRoot: es_models.ObjectRoot{AggregateID: projectID}, GrantID: grantID, UserID: userID} -} - -func (p *ProjectGrantMember) IsValid() bool { - return p.AggregateID != "" && p.UserID != "" && len(p.Roles) != 0 -} diff --git a/internal/project/model/project_grant_member_view.go b/internal/project/model/project_grant_member_view.go deleted file mode 100644 index 635648fe51..0000000000 --- a/internal/project/model/project_grant_member_view.go +++ /dev/null @@ -1,72 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type ProjectGrantMemberView struct { - UserID string - GrantID string - ProjectID string - UserName string - Email string - FirstName string - LastName string - DisplayName string - PreferredLoginName string - AvatarURL string - UserResourceOwner string - Roles []string - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type ProjectGrantMemberSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn ProjectGrantMemberSearchKey - Asc bool - Queries []*ProjectGrantMemberSearchQuery -} - -type ProjectGrantMemberSearchKey int32 - -const ( - ProjectGrantMemberSearchKeyUnspecified ProjectGrantMemberSearchKey = iota - ProjectGrantMemberSearchKeyUserName - ProjectGrantMemberSearchKeyEmail - ProjectGrantMemberSearchKeyFirstName - ProjectGrantMemberSearchKeyLastName - ProjectGrantMemberSearchKeyGrantID - ProjectGrantMemberSearchKeyUserID - ProjectGrantMemberSearchKeyProjectID -) - -type ProjectGrantMemberSearchQuery struct { - Key ProjectGrantMemberSearchKey - Method domain.SearchMethod - Value interface{} -} - -type ProjectGrantMemberSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*ProjectGrantMemberView - Sequence uint64 - Timestamp time.Time -} - -func (r *ProjectGrantMemberSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-ZT8df", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} diff --git a/internal/project/model/project_grant_view.go b/internal/project/model/project_grant_view.go deleted file mode 100644 index fb6dd26f3d..0000000000 --- a/internal/project/model/project_grant_view.go +++ /dev/null @@ -1,90 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type ProjectGrantView struct { - ProjectID string - Name string - CreationDate time.Time - ChangeDate time.Time - State ProjectState - ResourceOwner string - ResourceOwnerName string - OrgID string - OrgName string - OrgDomain string - Sequence uint64 - GrantID string - GrantedRoleKeys []string -} - -type ProjectGrantViewSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn ProjectGrantViewSearchKey - Asc bool - Queries []*ProjectGrantViewSearchQuery -} - -type ProjectGrantViewSearchKey int32 - -const ( - GrantedProjectSearchKeyUnspecified ProjectGrantViewSearchKey = iota - GrantedProjectSearchKeyName - GrantedProjectSearchKeyProjectID - GrantedProjectSearchKeyGrantID - GrantedProjectSearchKeyOrgID - GrantedProjectSearchKeyResourceOwner - GrantedProjectSearchKeyRoleKeys -) - -type ProjectGrantViewSearchQuery struct { - Key ProjectGrantViewSearchKey - Method domain.SearchMethod - Value interface{} -} - -type ProjectGrantViewSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*ProjectGrantView - Sequence uint64 - Timestamp time.Time -} - -func (r *ProjectGrantViewSearchRequest) GetSearchQuery(key ProjectGrantViewSearchKey) (int, *ProjectGrantViewSearchQuery) { - for i, q := range r.Queries { - if q.Key == key { - return i, q - } - } - return -1, nil -} - -func (r *ProjectGrantViewSearchRequest) AppendMyOrgQuery(orgID string) { - r.Queries = append(r.Queries, &ProjectGrantViewSearchQuery{Key: GrantedProjectSearchKeyOrgID, Method: domain.SearchMethodEquals, Value: orgID}) -} - -func (r *ProjectGrantViewSearchRequest) AppendNotMyOrgQuery(orgID string) { - r.Queries = append(r.Queries, &ProjectGrantViewSearchQuery{Key: GrantedProjectSearchKeyOrgID, Method: domain.SearchMethodNotEquals, Value: orgID}) -} - -func (r *ProjectGrantViewSearchRequest) AppendMyResourceOwnerQuery(orgID string) { - r.Queries = append(r.Queries, &ProjectGrantViewSearchQuery{Key: GrantedProjectSearchKeyResourceOwner, Method: domain.SearchMethodEquals, Value: orgID}) -} - -func (r *ProjectGrantViewSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-0fj3s", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} diff --git a/internal/project/model/project_member.go b/internal/project/model/project_member.go index a07d939c50..a5bce2386e 100644 --- a/internal/project/model/project_member.go +++ b/internal/project/model/project_member.go @@ -8,11 +8,3 @@ type ProjectMember struct { UserID string Roles []string } - -func NewProjectMember(projectID, userID string) *ProjectMember { - return &ProjectMember{ObjectRoot: es_models.ObjectRoot{AggregateID: projectID}, UserID: userID} -} - -func (p *ProjectMember) IsValid() bool { - return p.AggregateID != "" && p.UserID != "" && len(p.Roles) != 0 -} diff --git a/internal/project/model/project_member_view.go b/internal/project/model/project_member_view.go deleted file mode 100644 index c208df383a..0000000000 --- a/internal/project/model/project_member_view.go +++ /dev/null @@ -1,73 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type ProjectMemberView struct { - UserID string - ProjectID string - UserName string - Email string - FirstName string - LastName string - DisplayName string - PreferredLoginName string - AvatarURL string - UserResourceOwner string - Roles []string - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type ProjectMemberSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn ProjectMemberSearchKey - Asc bool - Queries []*ProjectMemberSearchQuery -} - -type ProjectMemberSearchKey int32 - -const ( - ProjectMemberSearchKeyUnspecified ProjectMemberSearchKey = iota - ProjectMemberSearchKeyUserName - ProjectMemberSearchKeyEmail - ProjectMemberSearchKeyFirstName - ProjectMemberSearchKeyLastName - ProjectMemberSearchKeyProjectID - ProjectMemberSearchKeyUserID -) - -type ProjectMemberSearchQuery struct { - Key ProjectMemberSearchKey - Method domain.SearchMethod - Value interface{} -} - -type ProjectMemberSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*ProjectMemberView - Sequence uint64 - Timestamp time.Time -} - -func (r *ProjectMemberSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-389Nd", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} -func (r *ProjectMemberSearchRequest) AppendProjectQuery(projectID string) { - r.Queries = append(r.Queries, &ProjectMemberSearchQuery{Key: ProjectMemberSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: projectID}) -} diff --git a/internal/project/model/project_role.go b/internal/project/model/project_role.go index 43d9f68ffb..9725570523 100644 --- a/internal/project/model/project_role.go +++ b/internal/project/model/project_role.go @@ -9,7 +9,3 @@ type ProjectRole struct { DisplayName string Group string } - -func (p *ProjectRole) IsValid() bool { - return p.AggregateID != "" && p.Key != "" -} diff --git a/internal/project/model/project_role_view.go b/internal/project/model/project_role_view.go deleted file mode 100644 index 10efc0bf4f..0000000000 --- a/internal/project/model/project_role_view.go +++ /dev/null @@ -1,75 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type ProjectRoleView struct { - ResourceOwner string - OrgID string - ProjectID string - Key string - DisplayName string - Group string - CreationDate time.Time - ChangeDate time.Time - Sequence uint64 -} - -type ProjectRoleSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn ProjectRoleSearchKey - Asc bool - Queries []*ProjectRoleSearchQuery -} - -type ProjectRoleSearchKey int32 - -const ( - ProjectRoleSearchKeyUnspecified ProjectRoleSearchKey = iota - ProjectRoleSearchKeyKey - ProjectRoleSearchKeyProjectID - ProjectRoleSearchKeyOrgID - ProjectRoleSearchKeyResourceOwner - ProjectRoleSearchKeyDisplayName -) - -type ProjectRoleSearchQuery struct { - Key ProjectRoleSearchKey - Method domain.SearchMethod - Value interface{} -} - -type ProjectRoleSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*ProjectRoleView - Sequence uint64 - Timestamp time.Time -} - -func (r *ProjectRoleSearchRequest) AppendMyOrgQuery(orgID string) { - r.Queries = append(r.Queries, &ProjectRoleSearchQuery{Key: ProjectRoleSearchKeyOrgID, Method: domain.SearchMethodEquals, Value: orgID}) -} -func (r *ProjectRoleSearchRequest) AppendProjectQuery(projectID string) { - r.Queries = append(r.Queries, &ProjectRoleSearchQuery{Key: ProjectRoleSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: projectID}) -} - -func (r *ProjectRoleSearchRequest) AppendRoleKeysQuery(keys []string) { - r.Queries = append(r.Queries, &ProjectRoleSearchQuery{Key: ProjectRoleSearchKeyKey, Method: domain.SearchMethodIsOneOf, Value: keys}) -} - -func (r *ProjectRoleSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-92hNf", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} diff --git a/internal/project/model/project_view.go b/internal/project/model/project_view.go deleted file mode 100644 index 31fa33625c..0000000000 --- a/internal/project/model/project_view.go +++ /dev/null @@ -1,77 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" - - "time" -) - -type ProjectView struct { - ProjectID string - Name string - CreationDate time.Time - ChangeDate time.Time - State ProjectState - ResourceOwner string - ProjectRoleAssertion bool - ProjectRoleCheck bool - HasProjectCheck bool - PrivateLabelingSetting domain.PrivateLabelingSetting - Sequence uint64 -} - -type ProjectViewSearchRequest struct { - Offset uint64 - Limit uint64 - SortingColumn ProjectViewSearchKey - Asc bool - Queries []*ProjectViewSearchQuery -} - -type ProjectViewSearchKey int32 - -const ( - ProjectViewSearchKeyUnspecified ProjectViewSearchKey = iota - ProjectViewSearchKeyName - ProjectViewSearchKeyProjectID - ProjectViewSearchKeyResourceOwner -) - -type ProjectViewSearchQuery struct { - Key ProjectViewSearchKey - Method domain.SearchMethod - Value interface{} -} - -type ProjectViewSearchResponse struct { - Offset uint64 - Limit uint64 - TotalResult uint64 - Result []*ProjectView - Sequence uint64 - Timestamp time.Time -} - -func (r *ProjectViewSearchRequest) GetSearchQuery(key ProjectViewSearchKey) (int, *ProjectViewSearchQuery) { - for i, q := range r.Queries { - if q.Key == key { - return i, q - } - } - return -1, nil -} - -func (r *ProjectViewSearchRequest) AppendMyResourceOwnerQuery(orgID string) { - r.Queries = append(r.Queries, &ProjectViewSearchQuery{Key: ProjectViewSearchKeyResourceOwner, Method: domain.SearchMethodEquals, Value: orgID}) -} - -func (r *ProjectViewSearchRequest) EnsureLimit(limit uint64) error { - if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-2M0ds", "Errors.Limit.ExceedsDefault") - } - if r.Limit == 0 { - r.Limit = limit - } - return nil -} diff --git a/internal/project/model/saml_config.go b/internal/project/model/saml_config.go index 2d0ca84697..0b5a9e4bf5 100644 --- a/internal/project/model/saml_config.go +++ b/internal/project/model/saml_config.go @@ -10,7 +10,3 @@ type SAMLConfig struct { Metadata []byte MetadataURL string } - -func (c *SAMLConfig) IsValid() bool { - return !(c.Metadata == nil && c.MetadataURL == "") -} diff --git a/internal/project/repository/eventsourcing/model/oidc_config.go b/internal/project/repository/eventsourcing/model/oidc_config.go index fb75374aa3..df35e27243 100644 --- a/internal/project/repository/eventsourcing/model/oidc_config.go +++ b/internal/project/repository/eventsourcing/model/oidc_config.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) type OIDCConfig struct { @@ -78,7 +78,7 @@ func (key *ClientKey) AppendEvent(event *es_models.Event) (err error) { case project.ApplicationKeyAddedEventType: err = json.Unmarshal(event.Data, key) if err != nil { - return errors.ThrowInternal(err, "MODEL-Fetg3", "Errors.Internal") + return zerrors.ThrowInternal(err, "MODEL-Fetg3", "Errors.Internal") } case project.ApplicationKeyRemovedEventType: key.ExpirationDate = event.CreationDate diff --git a/internal/project/repository/view/model/application.go b/internal/project/repository/view/model/application.go deleted file mode 100644 index 8a7dc6db63..0000000000 --- a/internal/project/repository/view/model/application.go +++ /dev/null @@ -1,231 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - http_util "github.com/zitadel/zitadel/internal/api/http" - "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -const ( - ApplicationKeyID = "id" - ApplicationKeyProjectID = "project_id" - ApplicationKeyResourceOwner = "resource_owner" - ApplicationKeyOIDCClientID = "oidc_client_id" - ApplicationKeyName = "app_name" -) - -type ApplicationView struct { - ID string `json:"appId" gorm:"column:id;primary_key"` - ProjectID string `json:"-" gorm:"column:project_id"` - Name string `json:"name" gorm:"column:app_name"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - State int32 `json:"-" gorm:"column:app_state"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"` - ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"` - HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"` - PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"` - - IsOIDC bool `json:"-" gorm:"column:is_oidc"` - OIDCVersion int32 `json:"oidcVersion" gorm:"column:oidc_version"` - OIDCClientID string `json:"clientId" gorm:"column:oidc_client_id"` - OIDCRedirectUris database.TextArray[string] `json:"redirectUris" gorm:"column:oidc_redirect_uris"` - OIDCResponseTypes database.Array[domain.OIDCResponseType] `json:"responseTypes" gorm:"column:oidc_response_types"` - OIDCGrantTypes database.Array[domain.OIDCGrantType] `json:"grantTypes" gorm:"column:oidc_grant_types"` - OIDCApplicationType int32 `json:"applicationType" gorm:"column:oidc_application_type"` - OIDCAuthMethodType int32 `json:"authMethodType" gorm:"column:oidc_auth_method_type"` - OIDCPostLogoutRedirectUris database.TextArray[string] `json:"postLogoutRedirectUris" gorm:"column:oidc_post_logout_redirect_uris"` - NoneCompliant bool `json:"-" gorm:"column:none_compliant"` - ComplianceProblems database.TextArray[string] `json:"-" gorm:"column:compliance_problems"` - DevMode bool `json:"devMode" gorm:"column:dev_mode"` - OriginAllowList database.TextArray[string] `json:"-" gorm:"column:origin_allow_list"` - AdditionalOrigins database.TextArray[string] `json:"additionalOrigins" gorm:"column:additional_origins"` - AccessTokenType int32 `json:"accessTokenType" gorm:"column:access_token_type"` - AccessTokenRoleAssertion bool `json:"accessTokenRoleAssertion" gorm:"column:access_token_role_assertion"` - IDTokenRoleAssertion bool `json:"idTokenRoleAssertion" gorm:"column:id_token_role_assertion"` - IDTokenUserinfoAssertion bool `json:"idTokenUserinfoAssertion" gorm:"column:id_token_userinfo_assertion"` - ClockSkew time.Duration `json:"clockSkew" gorm:"column:clock_skew"` - - IsSAML bool `json:"-" gorm:"column:is_saml"` - Metadata []byte `json:"metadata" gorm:"column:metadata"` - MetadataURL string `json:"metadata_url" gorm:"column:metadata_url"` - - Sequence uint64 `json:"-" gorm:"sequence"` -} - -func OIDCResponseTypesToModel(oidctypes []domain.OIDCResponseType) []model.OIDCResponseType { - result := make([]model.OIDCResponseType, len(oidctypes)) - for i, t := range oidctypes { - result[i] = model.OIDCResponseType(t) - } - return result -} - -func OIDCGrantTypesToModel(granttypes []domain.OIDCGrantType) []model.OIDCGrantType { - result := make([]model.OIDCGrantType, len(granttypes)) - for i, t := range granttypes { - result[i] = model.OIDCGrantType(t) - } - return result -} - -func (a *ApplicationView) AppendEventIfMyApp(event *models.Event) (err error) { - view := new(ApplicationView) - switch event.Type() { - case project.ApplicationAddedType: - err = view.SetData(event) - if err != nil { - return err - } - case project.ApplicationChangedType, - project.OIDCConfigAddedType, - project.OIDCConfigChangedType, - project.APIConfigAddedType, - project.APIConfigChangedType, - project.ApplicationDeactivatedType, - project.ApplicationReactivatedType, - project.SAMLConfigAddedType, - project.SAMLConfigChangedType: - err = view.SetData(event) - if err != nil { - return err - } - case project.ApplicationRemovedType: - err = view.SetData(event) - if err != nil { - return err - } - case project.ProjectChangedType: - return a.AppendEvent(event) - case project.ProjectRemovedType: - return a.AppendEvent(event) - default: - return nil - } - if view.ID == a.ID { - return a.AppendEvent(event) - } - return nil -} - -func (a *ApplicationView) AppendEvent(event *models.Event) (err error) { - a.Sequence = event.Seq - a.ChangeDate = event.CreationDate - switch event.Type() { - case project.ApplicationAddedType: - a.setRootData(event) - a.CreationDate = event.CreationDate - a.ResourceOwner = event.ResourceOwner - err = a.SetData(event) - case project.OIDCConfigAddedType: - a.IsOIDC = true - err = a.SetData(event) - if err != nil { - return err - } - a.setCompliance() - return a.setOriginAllowList() - case project.SAMLConfigAddedType: - a.IsSAML = true - return a.SetData(event) - case project.APIConfigAddedType: - a.IsOIDC = false - return a.SetData(event) - case project.ApplicationChangedType: - return a.SetData(event) - case project.OIDCConfigChangedType: - err = a.SetData(event) - if err != nil { - return err - } - a.setCompliance() - return a.setOriginAllowList() - case project.SAMLConfigChangedType: - return a.SetData(event) - case project.APIConfigChangedType: - return a.SetData(event) - case project.ProjectChangedType: - return a.setProjectChanges(event) - case project.ApplicationDeactivatedType: - a.State = int32(model.AppStateInactive) - case project.ApplicationReactivatedType: - a.State = int32(model.AppStateActive) - case project.ApplicationRemovedType, project.ProjectRemovedType: - a.State = int32(model.AppStateRemoved) - } - return err -} - -func (a *ApplicationView) setRootData(event *models.Event) { - a.ProjectID = event.AggregateID -} - -func (a *ApplicationView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, a); err != nil { - logging.Log("EVEN-lo9ds").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-8suie", "Could not unmarshal data") - } - return nil -} - -func (a *ApplicationView) setOriginAllowList() error { - allowList := make(database.TextArray[string], 0) - for _, redirect := range a.OIDCRedirectUris { - origin, err := http_util.GetOriginFromURLString(redirect) - if err != nil { - return err - } - if !http_util.IsOriginAllowed(allowList, origin) { - allowList = append(allowList, origin) - } - } - for _, origin := range a.AdditionalOrigins { - if !http_util.IsOriginAllowed(allowList, origin) { - allowList = append(allowList, origin) - } - } - a.OriginAllowList = allowList - return nil -} - -func (a *ApplicationView) setCompliance() { - compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCRedirectUris) - a.NoneCompliant = compliance.NoneCompliant - a.ComplianceProblems = compliance.Problems -} - -func (a *ApplicationView) setProjectChanges(event *models.Event) error { - changes := struct { - ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"` - ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"` - HasProjectCheck *bool `json:"hasProjectCheck,omitempty"` - PrivateLabelingSetting *domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"` - }{} - if err := json.Unmarshal(event.Data, &changes); err != nil { - logging.Log("EVEN-DFbfg").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Bw221", "Could not unmarshal data") - } - if changes.ProjectRoleAssertion != nil { - a.ProjectRoleAssertion = *changes.ProjectRoleAssertion - } - if changes.ProjectRoleCheck != nil { - a.ProjectRoleCheck = *changes.ProjectRoleCheck - } - if changes.HasProjectCheck != nil { - a.HasProjectCheck = *changes.HasProjectCheck - } - if changes.PrivateLabelingSetting != nil { - a.PrivateLabelingSetting = *changes.PrivateLabelingSetting - } - return nil -} diff --git a/internal/project/repository/view/model/application_test.go b/internal/project/repository/view/model/application_test.go deleted file mode 100644 index f37e6386b2..0000000000 --- a/internal/project/repository/view/model/application_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package model - -import ( - "encoding/json" - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -func mockAppData(app *es_model.Application) []byte { - data, _ := json.Marshal(app) - return data -} - -func mockOIDCConfigData(config *es_model.OIDCConfig) []byte { - data, _ := json.Marshal(config) - return data -} - -func TestApplicationAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - app *ApplicationView - } - tests := []struct { - name string - args args - result *ApplicationView - }{ - { - name: "append added app event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationAddedType, Data: mockAppData(&es_model.Application{Name: "AppName"})}, - app: &ApplicationView{}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateActive)}, - }, - { - name: "append changed app event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationChangedType, Data: mockAppData(&es_model.Application{Name: "AppNameChanged"})}, - app: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateActive)}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppNameChanged", State: int32(model.AppStateActive)}, - }, - { - name: "append deactivate app event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationDeactivatedType}, - app: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateActive)}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateInactive)}, - }, - { - name: "append reactivate app event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationReactivatedType}, - app: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateInactive)}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateActive)}, - }, - { - name: "append added oidc config event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: mockOIDCConfigData(&es_model.OIDCConfig{ClientID: "clientID"})}, - app: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", State: int32(model.AppStateActive)}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", IsOIDC: true, OIDCClientID: "clientID", State: int32(model.AppStateActive)}, - }, - { - name: "append changed oidc config event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: mockOIDCConfigData(&es_model.OIDCConfig{ClientID: "clientIDChanged"})}, - app: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", OIDCClientID: "clientID", State: int32(model.AppStateActive)}, - }, - result: &ApplicationView{ProjectID: "AggregateID", Name: "AppName", IsOIDC: true, OIDCClientID: "clientIDChanged", State: int32(model.AppStateActive)}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.app.AppendEvent(tt.args.event) - if tt.args.app.ProjectID != tt.result.ProjectID { - t.Errorf("got wrong result projectID: expected: %v, actual: %v ", tt.result.ProjectID, tt.args.app.ProjectID) - } - if tt.args.app.Name != tt.result.Name { - t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.result.Name, tt.args.app.Name) - } - if tt.args.app.State != tt.result.State { - t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.result.State, tt.args.app.State) - } - if tt.args.app.IsOIDC != tt.result.IsOIDC { - t.Errorf("got wrong result IsOIDC: expected: %v, actual: %v ", tt.result.IsOIDC, tt.args.app.IsOIDC) - } - if tt.args.app.OIDCClientID != tt.result.OIDCClientID { - t.Errorf("got wrong result OIDCClientID: expected: %v, actual: %v ", tt.result.OIDCClientID, tt.args.app.OIDCClientID) - } - }) - } -} diff --git a/internal/project/repository/view/model/org_project_mapping.go b/internal/project/repository/view/model/org_project_mapping.go deleted file mode 100644 index 929725cce5..0000000000 --- a/internal/project/repository/view/model/org_project_mapping.go +++ /dev/null @@ -1,16 +0,0 @@ -package model - -const ( - OrgProjectMappingKeyProjectID = "project_id" - OrgProjectMappingKeyOrgID = "org_id" - OrgProjectMappingKeyProjectGrantID = "project_grant_id" - OrgProjectMappingKeyInstanceID = "instance_id" - OrgProjectMappingOwnerRemoved = "owner_removed" -) - -type OrgProjectMapping struct { - ProjectID string `json:"-" gorm:"column:project_id;primary_key"` - OrgID string `json:"-" gorm:"column:org_id;primary_key"` - ProjectGrantID string `json:"-" gorm:"column:project_grant_id"` - InstanceID string `json:"instanceID" gorm:"column:instance_id"` -} diff --git a/internal/project/repository/view/model/org_project_mapping_query.go b/internal/project/repository/view/model/org_project_mapping_query.go deleted file mode 100644 index 9587579336..0000000000 --- a/internal/project/repository/view/model/org_project_mapping_query.go +++ /dev/null @@ -1,67 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - proj_model "github.com/zitadel/zitadel/internal/project/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type OrgProjectMappingSearchRequest proj_model.OrgProjectMappingViewSearchRequest -type OrgProjectMappingSearchQuery proj_model.OrgProjectMappingViewSearchQuery -type OrgProjectMappingSearchKey proj_model.OrgProjectMappingViewSearchKey - -func (req OrgProjectMappingSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req OrgProjectMappingSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req OrgProjectMappingSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == proj_model.OrgProjectMappingSearchKeyUnspecified { - return nil - } - return OrgProjectMappingSearchKey(req.SortingColumn) -} - -func (req OrgProjectMappingSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req OrgProjectMappingSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = OrgProjectMappingSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req OrgProjectMappingSearchQuery) GetKey() repository.ColumnKey { - return OrgProjectMappingSearchKey(req.Key) -} - -func (req OrgProjectMappingSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req OrgProjectMappingSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key OrgProjectMappingSearchKey) ToColumnName() string { - switch proj_model.OrgProjectMappingViewSearchKey(key) { - case proj_model.OrgProjectMappingSearchKeyOrgID: - return OrgProjectMappingKeyOrgID - case proj_model.OrgProjectMappingSearchKeyProjectID: - return OrgProjectMappingKeyProjectID - case proj_model.OrgProjectMappingSearchKeyProjectGrantID: - return OrgProjectMappingKeyProjectGrantID - case proj_model.OrgProjectMappingSearchKeyInstanceID: - return OrgProjectMappingKeyInstanceID - case proj_model.OrgProjectMappingSearchKeyOwnerRemoved: - return OrgProjectMappingOwnerRemoved - default: - return "" - } -} diff --git a/internal/project/repository/view/model/project.go b/internal/project/repository/view/model/project.go deleted file mode 100644 index 81ccb49298..0000000000 --- a/internal/project/repository/view/model/project.go +++ /dev/null @@ -1,81 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -const ( - ProjectKeyProjectID = "project_id" - ProjectKeyResourceOwner = "resource_owner" - ProjectKeyName = "project_name" -) - -type ProjectView struct { - ProjectID string `json:"-" gorm:"column:project_id;primary_key"` - Name string `json:"name" gorm:"column:project_name"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - State int32 `json:"-" gorm:"column:project_state"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"` - ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"` - HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"` - PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"` - Sequence uint64 `json:"-" gorm:"column:sequence"` -} - -func (p *ProjectView) AppendEvent(event *models.Event) (err error) { - p.ChangeDate = event.CreationDate - p.Sequence = event.Seq - switch event.Type() { - case project.ProjectAddedType: - p.State = int32(model.ProjectStateActive) - p.CreationDate = event.CreationDate - p.setRootData(event) - err = p.setData(event) - case project.ProjectChangedType: - err = p.setData(event) - case project.ProjectDeactivatedType: - p.State = int32(model.ProjectStateInactive) - case project.ProjectReactivatedType: - p.State = int32(model.ProjectStateActive) - case project.ProjectRemovedType: - p.State = int32(model.ProjectStateRemoved) - } - return err -} - -func (p *ProjectView) setRootData(event *models.Event) { - p.ProjectID = event.AggregateID - p.ResourceOwner = event.ResourceOwner -} - -func (p *ProjectView) setData(event *models.Event) error { - if err := json.Unmarshal(event.Data, p); err != nil { - logging.Log("EVEN-dlo92").WithError(err).Error("could not unmarshal event data") - return err - } - return nil -} - -func (p *ProjectView) setProjectData(event *models.Event) error { - project := new(ProjectView) - return project.SetData(event) -} - -func (p *ProjectView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, p); err != nil { - logging.Log("EVEN-sk9Sj").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-s9ols", "Could not unmarshal data") - } - return nil -} diff --git a/internal/project/repository/view/model/project_grant.go b/internal/project/repository/view/model/project_grant.go deleted file mode 100644 index a8a14113fe..0000000000 --- a/internal/project/repository/view/model/project_grant.go +++ /dev/null @@ -1,99 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -const ( - ProjectGrantKeyProjectID = "project_id" - ProjectGrantKeyGrantID = "grant_id" - ProjectGrantKeyOrgID = "org_id" - ProjectGrantKeyResourceOwner = "resource_owner" - ProjectGrantKeyName = "project_name" - ProjectGrantKeyRoleKeys = "granted_role_keys" -) - -type ProjectGrantView struct { - GrantID string `json:"-" gorm:"column:grant_id;primary_key"` - ProjectID string `json:"-" gorm:"column:project_id"` - OrgID string `json:"-" gorm:"column:org_id"` - Name string `json:"name" gorm:"column:project_name"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - State int32 `json:"-" gorm:"column:project_state"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - ResourceOwnerName string `json:"-" gorm:"column:resource_owner_name"` - OrgName string `json:"-" gorm:"column:org_name"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - GrantedRoleKeys database.TextArray[string] `json:"-" gorm:"column:granted_role_keys"` -} - -type ProjectGrant struct { - GrantID string `json:"grantId"` - GrantedOrgID string `json:"grantedOrgId"` - RoleKeys []string `json:"roleKeys"` - InstanceID string `json:"instanceID"` -} - -func (p *ProjectGrantView) AppendEvent(event *models.Event) (err error) { - p.ChangeDate = event.CreationDate - p.Sequence = event.Seq - switch event.Type() { - case project.GrantAddedType: - p.State = int32(model.ProjectStateActive) - p.CreationDate = event.CreationDate - p.setRootData(event) - err = p.setProjectGrantData(event) - case project.GrantChangedType, project.GrantCascadeChangedType: - err = p.setProjectGrantData(event) - case project.GrantDeactivatedType: - p.State = int32(model.ProjectStateInactive) - case project.GrantReactivatedType: - p.State = int32(model.ProjectStateActive) - } - return err -} - -func (p *ProjectGrantView) setRootData(event *models.Event) { - p.ProjectID = event.AggregateID - p.ResourceOwner = event.ResourceOwner -} - -func (p *ProjectGrantView) setData(event *models.Event) error { - if err := json.Unmarshal(event.Data, p); err != nil { - logging.Log("EVEN-dlo92").WithError(err).Error("could not unmarshal event data") - return err - } - return nil -} - -func (p *ProjectGrantView) setProjectGrantData(event *models.Event) error { - grant := new(ProjectGrant) - err := grant.SetData(event) - if err != nil { - return err - } - if grant.GrantedOrgID != "" { - p.OrgID = grant.GrantedOrgID - } - p.GrantID = grant.GrantID - p.GrantedRoleKeys = grant.RoleKeys - return nil -} - -func (p *ProjectGrant) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, p); err != nil { - logging.Log("EVEN-dlo92").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-s9ols", "Could not unmarshal data") - } - return nil -} diff --git a/internal/project/repository/view/model/project_grant_member.go b/internal/project/repository/view/model/project_grant_member.go deleted file mode 100644 index 7e52a8804a..0000000000 --- a/internal/project/repository/view/model/project_grant_member.go +++ /dev/null @@ -1,68 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/repository/project" -) - -const ( - ProjectGrantMemberKeyUserID = "user_id" - ProjectGrantMemberKeyGrantID = "grant_id" - ProjectGrantMemberKeyProjectID = "project_id" - ProjectGrantMemberKeyUserName = "user_name" - ProjectGrantMemberKeyEmail = "email" - ProjectGrantMemberKeyFirstName = "first_name" - ProjectGrantMemberKeyLastName = "last_name" -) - -type ProjectGrantMemberView struct { - UserID string `json:"userId" gorm:"column:user_id;primary_key"` - GrantID string `json:"grantId" gorm:"column:grant_id;primary_key"` - ProjectID string `json:"-" gorm:"column:project_id"` - UserName string `json:"-" gorm:"column:user_name"` - Email string `json:"-" gorm:"column:email_address"` - FirstName string `json:"-" gorm:"column:first_name"` - LastName string `json:"-" gorm:"column:last_name"` - DisplayName string `json:"-" gorm:"column:display_name"` - Roles database.TextArray[string] `json:"roles" gorm:"column:roles"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - PreferredLoginName string `json:"-" gorm:"column:preferred_login_name"` - AvatarKey string `json:"-" gorm:"column:avatar_key"` - UserResourceOwner string `json:"-" gorm:"column:user_resource_owner"` - - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` -} - -func (r *ProjectGrantMemberView) AppendEvent(event *models.Event) (err error) { - r.Sequence = event.Seq - r.ChangeDate = event.CreationDate - switch event.Type() { - case project.GrantMemberAddedType: - r.setRootData(event) - r.CreationDate = event.CreationDate - err = r.SetData(event) - case project.GrantMemberChangedType: - err = r.SetData(event) - } - return err -} - -func (r *ProjectGrantMemberView) setRootData(event *models.Event) { - r.ProjectID = event.AggregateID -} - -func (r *ProjectGrantMemberView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, r); err != nil { - logging.Log("EVEN-slo9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-0plew", "Could not unmarshal data") - } - return nil -} diff --git a/internal/project/repository/view/model/project_grant_member_test.go b/internal/project/repository/view/model/project_grant_member_test.go deleted file mode 100644 index 57028979ab..0000000000 --- a/internal/project/repository/view/model/project_grant_member_test.go +++ /dev/null @@ -1,62 +0,0 @@ -package model - -import ( - "encoding/json" - "reflect" - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -func mockProjectGrantMemberData(member *es_model.ProjectGrantMember) []byte { - data, _ := json.Marshal(member) - return data -} - -func TestGrantedProjectMemberAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - member *ProjectGrantMemberView - } - tests := []struct { - name string - args args - result *ProjectGrantMemberView - }{ - { - name: "append added member event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantMemberAddedType, ResourceOwner: "OrgID", Data: mockProjectGrantMemberData(&es_model.ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}})}, - member: &ProjectGrantMemberView{}, - }, - result: &ProjectGrantMemberView{ProjectID: "AggregateID", UserID: "UserID", GrantID: "ProjectGrantID", Roles: []string{"Role"}}, - }, - { - name: "append changed member event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantMemberAddedType, ResourceOwner: "OrgID", Data: mockProjectGrantMemberData(&es_model.ProjectGrantMember{GrantID: "ProjectGrantID", Roles: []string{"RoleChanged"}})}, - member: &ProjectGrantMemberView{ProjectID: "AggregateID", UserID: "UserID", GrantID: "ProjectGrantID", Roles: []string{"Role"}}, - }, - result: &ProjectGrantMemberView{ProjectID: "AggregateID", UserID: "UserID", GrantID: "ProjectGrantID", Roles: []string{"RoleChanged"}}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.member.AppendEvent(tt.args.event) - if tt.args.member.ProjectID != tt.result.ProjectID { - t.Errorf("got wrong result projectID: expected: %v, actual: %v ", tt.result.ProjectID, tt.args.member.ProjectID) - } - if tt.args.member.UserID != tt.result.UserID { - t.Errorf("got wrong result userID: expected: %v, actual: %v ", tt.result.UserID, tt.args.member.UserID) - } - if tt.args.member.GrantID != tt.result.GrantID { - t.Errorf("got wrong result ProjectGrantID: expected: %v, actual: %v ", tt.result.GrantID, tt.args.member.GrantID) - } - if !reflect.DeepEqual(tt.args.member.Roles, tt.result.Roles) { - t.Errorf("got wrong result Roles: expected: %v, actual: %v ", tt.result.Roles, tt.args.member.Roles) - } - }) - } -} diff --git a/internal/project/repository/view/model/project_grant_test.go b/internal/project/repository/view/model/project_grant_test.go deleted file mode 100644 index 3f777182b0..0000000000 --- a/internal/project/repository/view/model/project_grant_test.go +++ /dev/null @@ -1,90 +0,0 @@ -package model - -import ( - "encoding/json" - "reflect" - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -func mockProjectData(project *es_model.Project) []byte { - data, _ := json.Marshal(project) - return data -} - -func mockProjectGrantData(grant *es_model.ProjectGrant) []byte { - data, _ := json.Marshal(grant) - return data -} - -func TestProjectGrantAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - project *ProjectGrantView - } - tests := []struct { - name string - args args - result *ProjectGrantView - }{ - { - name: "append added project grant event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantAddedType, ResourceOwner: "GrantedOrgID", Data: mockProjectGrantData(&es_model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "GrantedOrgID", RoleKeys: []string{"Role"}})}, - project: &ProjectGrantView{}, - }, - result: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateActive), GrantedRoleKeys: []string{"Role"}}, - }, - { - name: "append change project grant event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantChangedType, ResourceOwner: "GrantedOrgID", Data: mockProjectGrantData(&es_model.ProjectGrant{GrantID: "ProjectGrantID", RoleKeys: []string{"RoleChanged"}})}, - project: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateActive), GrantedRoleKeys: []string{"Role"}}, - }, - result: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateActive), GrantedRoleKeys: []string{"RoleChanged"}}, - }, - { - name: "append deactivate project grant event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantDeactivatedType, ResourceOwner: "GrantedOrgID", Data: mockProjectGrantData(&es_model.ProjectGrant{GrantID: "ProjectGrantID"})}, - project: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateActive), GrantedRoleKeys: []string{"Role"}}, - }, - result: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateInactive), GrantedRoleKeys: []string{"Role"}}, - }, - { - name: "append reactivate project grant event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.GrantReactivatedType, ResourceOwner: "GrantedOrgID", Data: mockProjectGrantData(&es_model.ProjectGrant{GrantID: "ProjectGrantID"})}, - project: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateInactive), GrantedRoleKeys: []string{"Role"}}, - }, - result: &ProjectGrantView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", OrgID: "GrantedOrgID", State: int32(model.ProjectStateActive), GrantedRoleKeys: []string{"Role"}}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.project.AppendEvent(tt.args.event) - if tt.args.project.ProjectID != tt.result.ProjectID { - t.Errorf("got wrong result projectID: expected: %v, actual: %v ", tt.result.ProjectID, tt.args.project.ProjectID) - } - if tt.args.project.OrgID != tt.result.OrgID { - t.Errorf("got wrong result orgID: expected: %v, actual: %v ", tt.result.OrgID, tt.args.project.OrgID) - } - if tt.args.project.ResourceOwner != tt.result.ResourceOwner { - t.Errorf("got wrong result ResourceOwner: expected: %v, actual: %v ", tt.result.ResourceOwner, tt.args.project.ResourceOwner) - } - if tt.args.project.Name != tt.result.Name { - t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.result.Name, tt.args.project.Name) - } - if tt.args.project.State != tt.result.State { - t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.result.State, tt.args.project.State) - } - if !reflect.DeepEqual(tt.args.project.GrantedRoleKeys, tt.result.GrantedRoleKeys) { - t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.result.GrantedRoleKeys, tt.args.project.GrantedRoleKeys) - } - }) - } -} diff --git a/internal/project/repository/view/model/project_member.go b/internal/project/repository/view/model/project_member.go deleted file mode 100644 index 4a20e3da10..0000000000 --- a/internal/project/repository/view/model/project_member.go +++ /dev/null @@ -1,66 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/repository/project" -) - -const ( - ProjectMemberKeyUserID = "user_id" - ProjectMemberKeyProjectID = "project_id" - ProjectMemberKeyUserName = "user_name" - ProjectMemberKeyEmail = "email" - ProjectMemberKeyFirstName = "first_name" - ProjectMemberKeyLastName = "last_name" -) - -type ProjectMemberView struct { - UserID string `json:"userId" gorm:"column:user_id;primary_key"` - ProjectID string `json:"-" gorm:"column:project_id;primary_key"` - UserName string `json:"-" gorm:"column:user_name"` - Email string `json:"-" gorm:"column:email_address"` - FirstName string `json:"-" gorm:"column:first_name"` - LastName string `json:"-" gorm:"column:last_name"` - DisplayName string `json:"-" gorm:"column:display_name"` - Roles database.TextArray[string] `json:"roles" gorm:"column:roles"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - PreferredLoginName string `json:"-" gorm:"column:preferred_login_name"` - AvatarKey string `json:"-" gorm:"column:avatar_key"` - UserResourceOwner string `json:"-" gorm:"column:user_resource_owner"` - - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` -} - -func (r *ProjectMemberView) AppendEvent(event *models.Event) (err error) { - r.Sequence = event.Seq - r.ChangeDate = event.CreationDate - switch event.Type() { - case project.MemberAddedType: - r.setRootData(event) - r.CreationDate = event.CreationDate - err = r.SetData(event) - case project.MemberChangedType: - err = r.SetData(event) - } - return err -} - -func (r *ProjectMemberView) setRootData(event *models.Event) { - r.ProjectID = event.AggregateID -} - -func (r *ProjectMemberView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, r); err != nil { - logging.Log("EVEN-slo9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data") - } - return nil -} diff --git a/internal/project/repository/view/model/project_member_test.go b/internal/project/repository/view/model/project_member_test.go deleted file mode 100644 index dff8425665..0000000000 --- a/internal/project/repository/view/model/project_member_test.go +++ /dev/null @@ -1,59 +0,0 @@ -package model - -import ( - "encoding/json" - "reflect" - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -func mockProjectMemberData(member *es_model.ProjectMember) []byte { - data, _ := json.Marshal(member) - return data -} - -func TestProjectMemberAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - member *ProjectMemberView - } - tests := []struct { - name string - args args - result *ProjectMemberView - }{ - { - name: "append added member event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.MemberAddedType, ResourceOwner: "OrgID", Data: mockProjectMemberData(&es_model.ProjectMember{UserID: "UserID", Roles: []string{"Role"}})}, - member: &ProjectMemberView{}, - }, - result: &ProjectMemberView{ProjectID: "AggregateID", UserID: "UserID", Roles: []string{"Role"}}, - }, - { - name: "append changed member event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.MemberAddedType, ResourceOwner: "OrgID", Data: mockProjectMemberData(&es_model.ProjectMember{UserID: "UserID", Roles: []string{"RoleChanged"}})}, - member: &ProjectMemberView{ProjectID: "AggregateID", UserID: "UserID", Roles: []string{"Role"}}, - }, - result: &ProjectMemberView{ProjectID: "AggregateID", UserID: "UserID", Roles: []string{"RoleChanged"}}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.member.AppendEvent(tt.args.event) - if tt.args.member.ProjectID != tt.result.ProjectID { - t.Errorf("got wrong result projectID: expected: %v, actual: %v ", tt.result.ProjectID, tt.args.member.ProjectID) - } - if tt.args.member.UserID != tt.result.UserID { - t.Errorf("got wrong result userID: expected: %v, actual: %v ", tt.result.UserID, tt.args.member.UserID) - } - if !reflect.DeepEqual(tt.args.member.Roles, tt.result.Roles) { - t.Errorf("got wrong result Roles: expected: %v, actual: %v ", tt.result.Roles, tt.args.member.Roles) - } - }) - } -} diff --git a/internal/project/repository/view/model/project_test.go b/internal/project/repository/view/model/project_test.go deleted file mode 100644 index 4731d98f23..0000000000 --- a/internal/project/repository/view/model/project_test.go +++ /dev/null @@ -1,72 +0,0 @@ -package model - -import ( - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/project/model" - es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/project" -) - -func TestProjectAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - project *ProjectView - } - tests := []struct { - name string - args args - result *ProjectView - }{ - { - name: "append added project event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType, ResourceOwner: "GrantedOrgID", Data: mockProjectData(&es_model.Project{Name: "ProjectName"})}, - project: &ProjectView{}, - }, - result: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateActive)}, - }, - { - name: "append change project event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectChangedType, ResourceOwner: "GrantedOrgID", Data: mockProjectData(&es_model.Project{Name: "ProjectNameChanged"})}, - project: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateActive)}, - }, - result: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectNameChanged", State: int32(model.ProjectStateActive)}, - }, - { - name: "append project deactivate event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectDeactivatedType, ResourceOwner: "GrantedOrgID"}, - project: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateActive)}, - }, - result: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateInactive)}, - }, - { - name: "append project reactivate event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectReactivatedType, ResourceOwner: "GrantedOrgID"}, - project: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateInactive)}, - }, - result: &ProjectView{ProjectID: "AggregateID", ResourceOwner: "GrantedOrgID", Name: "ProjectName", State: int32(model.ProjectStateActive)}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.project.AppendEvent(tt.args.event) - if tt.args.project.ProjectID != tt.result.ProjectID { - t.Errorf("got wrong result projectID: expected: %v, actual: %v ", tt.result.ProjectID, tt.args.project.ProjectID) - } - if tt.args.project.ResourceOwner != tt.result.ResourceOwner { - t.Errorf("got wrong result ResourceOwner: expected: %v, actual: %v ", tt.result.ResourceOwner, tt.args.project.ResourceOwner) - } - if tt.args.project.Name != tt.result.Name { - t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.result.Name, tt.args.project.Name) - } - if tt.args.project.State != tt.result.State { - t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.result.State, tt.args.project.State) - } - }) - } -} diff --git a/internal/project/repository/view/org_project_mapping_view.go b/internal/project/repository/view/org_project_mapping_view.go deleted file mode 100644 index b75a7f13dd..0000000000 --- a/internal/project/repository/view/org_project_mapping_view.go +++ /dev/null @@ -1,70 +0,0 @@ -package view - -import ( - "github.com/jinzhu/gorm" - - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - proj_model "github.com/zitadel/zitadel/internal/project/model" - "github.com/zitadel/zitadel/internal/project/repository/view/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -func OrgProjectMappingByIDs(db *gorm.DB, table, orgID, projectID, instanceID string) (*model.OrgProjectMapping, error) { - orgProjectMapping := new(model.OrgProjectMapping) - - projectIDQuery := model.OrgProjectMappingSearchQuery{Key: proj_model.OrgProjectMappingSearchKeyProjectID, Value: projectID, Method: domain.SearchMethodEquals} - orgIDQuery := model.OrgProjectMappingSearchQuery{Key: proj_model.OrgProjectMappingSearchKeyOrgID, Value: orgID, Method: domain.SearchMethodEquals} - instanceIDQuery := model.OrgProjectMappingSearchQuery{Key: proj_model.OrgProjectMappingSearchKeyInstanceID, Value: instanceID, Method: domain.SearchMethodEquals} - ownerRemovedQuery := model.OrgProjectMappingSearchQuery{Key: proj_model.OrgProjectMappingSearchKeyOwnerRemoved, Value: false, Method: domain.SearchMethodEquals} - query := repository.PrepareGetByQuery(table, projectIDQuery, orgIDQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, orgProjectMapping) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-fn9fs", "Errors.OrgProjectMapping.NotExisting") - } - return orgProjectMapping, err -} - -func PutOrgProjectMapping(db *gorm.DB, table string, grant *model.OrgProjectMapping) error { - save := repository.PrepareSave(table) - return save(db, grant) -} - -func DeleteOrgProjectMapping(db *gorm.DB, table, orgID, projectID, instanceID string) error { - projectIDSearch := repository.Key{Key: model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyProjectID), Value: projectID} - orgIDSearch := repository.Key{Key: model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyOrgID), Value: orgID} - instanceIDSearch := repository.Key{Key: model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyInstanceID), Value: instanceID} - delete := repository.PrepareDeleteByKeys(table, projectIDSearch, orgIDSearch, instanceIDSearch) - return delete(db) -} - -func DeleteInstanceOrgProjectMappings(db *gorm.DB, table, instanceID string) error { - delete := repository.PrepareDeleteByKey(table, model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyInstanceID), instanceID) - return delete(db) -} - -func UpdateOwnerRemovedOrgProjectMappings(db *gorm.DB, table, instanceID, orgID string) error { - update := repository.PrepareUpdateByKeys(table, - model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyOwnerRemoved), - true, - repository.Key{Key: model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyInstanceID), Value: instanceID}, - repository.Key{Key: model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyOrgID), Value: orgID}, - ) - return update(db) -} - -func DeleteOrgProjectMappingsByProjectID(db *gorm.DB, table, projectID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyProjectID), projectID}, - repository.Key{model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyInstanceID), instanceID}, - ) - return delete(db) -} - -func DeleteOrgProjectMappingsByProjectGrantID(db *gorm.DB, table, projectGrantID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyProjectGrantID), projectGrantID}, - repository.Key{model.OrgProjectMappingSearchKey(proj_model.OrgProjectMappingSearchKeyInstanceID), instanceID}, - ) - return delete(db) -} diff --git a/internal/project/repository/view/query.go b/internal/project/repository/view/query.go index 70d7f29e43..af1670a4d9 100644 --- a/internal/project/repository/view/query.go +++ b/internal/project/repository/view/query.go @@ -1,14 +1,14 @@ package view import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func ProjectByIDQuery(id, instanceID string, latestSequence uint64) (*eventstore.SearchQueryBuilder, error) { if id == "" { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dke74", "Errors.Project.ProjectIDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-dke74", "Errors.Project.ProjectIDMissing") } return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). InstanceID(instanceID). diff --git a/internal/query/access_token.go b/internal/query/access_token.go index 664796d2d2..379b561bf5 100644 --- a/internal/query/access_token.go +++ b/internal/query/access_token.go @@ -6,11 +6,11 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/oidcsession" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type OIDCSessionAccessTokenReadModel struct { @@ -98,14 +98,14 @@ func (q *Queries) ActiveAccessTokenByToken(ctx context.Context, token string) (m split := strings.Split(token, "-") if len(split) != 2 { - return nil, caos_errs.ThrowPermissionDenied(nil, "QUERY-LJK2W", "Errors.OIDCSession.Token.Invalid") + return nil, zerrors.ThrowPermissionDenied(nil, "QUERY-LJK2W", "Errors.OIDCSession.Token.Invalid") } model, err = q.accessTokenByOIDCSessionAndTokenID(ctx, split[0], split[1]) if err != nil { return nil, err } if !model.AccessTokenExpiration.After(time.Now()) { - return nil, caos_errs.ThrowPermissionDenied(nil, "QUERY-SAF3rf", "Errors.OIDCSession.Token.Expired") + return nil, zerrors.ThrowPermissionDenied(nil, "QUERY-SAF3rf", "Errors.OIDCSession.Token.Expired") } if err = q.checkSessionNotTerminatedAfter(ctx, model.SessionID, model.AccessTokenCreation); err != nil { return nil, err @@ -119,10 +119,10 @@ func (q *Queries) accessTokenByOIDCSessionAndTokenID(ctx context.Context, oidcSe model = newOIDCSessionAccessTokenReadModel(oidcSessionID) if err = q.eventstore.FilterToQueryReducer(ctx, model); err != nil { - return nil, caos_errs.ThrowPermissionDenied(err, "QUERY-ASfe2", "Errors.OIDCSession.Token.Invalid") + return nil, zerrors.ThrowPermissionDenied(err, "QUERY-ASfe2", "Errors.OIDCSession.Token.Invalid") } if model.AccessTokenID != tokenID { - return nil, caos_errs.ThrowPermissionDenied(nil, "QUERY-M2u9w", "Errors.OIDCSession.Token.Invalid") + return nil, zerrors.ThrowPermissionDenied(nil, "QUERY-M2u9w", "Errors.OIDCSession.Token.Invalid") } return model, nil } @@ -145,10 +145,10 @@ func (q *Queries) checkSessionNotTerminatedAfter(ctx context.Context, sessionID ). Builder()) if err != nil { - return caos_errs.ThrowPermissionDenied(err, "QUERY-SJ642", "Errors.Internal") + return zerrors.ThrowPermissionDenied(err, "QUERY-SJ642", "Errors.Internal") } if len(events) > 0 { - return caos_errs.ThrowPermissionDenied(nil, "QUERY-IJL3H", "Errors.OIDCSession.Token.Invalid") + return zerrors.ThrowPermissionDenied(nil, "QUERY-IJL3H", "Errors.OIDCSession.Token.Invalid") } return nil } diff --git a/internal/query/action.go b/internal/query/action.go index e2c75e6906..30ded403d1 100644 --- a/internal/query/action.go +++ b/internal/query/action.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -127,7 +127,7 @@ func (q *Queries) SearchActions(ctx context.Context, queries *ActionSearchQuerie } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-SDgwg", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-SDgwg", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -135,7 +135,7 @@ func (q *Queries) SearchActions(ctx context.Context, queries *ActionSearchQuerie return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SDfr52", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-SDfr52", "Errors.Internal") } actions.State, err = q.latestState(ctx, actionTable) @@ -157,7 +157,7 @@ func (q *Queries) GetActionByID(ctx context.Context, id string, orgID string, wi } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgff3", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgff3", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -223,7 +223,7 @@ func prepareActionsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-EGdff", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-EGdff", "Errors.Query.CloseRows") } return &Actions{ @@ -264,10 +264,10 @@ func prepareActionQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuild &action.AllowedToFail, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-GEfnb", "Errors.Action.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-GEfnb", "Errors.Action.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Dbnt4", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Dbnt4", "Errors.Internal") } return action, nil } diff --git a/internal/query/action_flow.go b/internal/query/action_flow.go index a06d88b626..d6d4243d94 100644 --- a/internal/query/action_flow.go +++ b/internal/query/action_flow.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -75,7 +75,7 @@ func (q *Queries) GetFlow(ctx context.Context, flowType domain.FlowType, orgID s } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-HBRh3", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-HBRh3", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -99,7 +99,7 @@ func (q *Queries) GetActiveActionsByFlowAndTriggerType(ctx context.Context, flow } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgff3", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgff3", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -120,7 +120,7 @@ func (q *Queries) GetFlowTypesOfActionID(ctx context.Context, actionID string) ( } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-Dh311", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-Dh311", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -192,7 +192,7 @@ func prepareTriggerActionsQuery(ctx context.Context, db prepareDatabase) (sq.Sel } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Df42d", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Df42d", "Errors.Query.CloseRows") } return actions, nil @@ -281,7 +281,7 @@ func prepareFlowQuery(ctx context.Context, db prepareDatabase, flowType domain.F } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") } return flow, nil diff --git a/internal/query/action_test.go b/internal/query/action_test.go index 4c0f00d075..f6ba5be4b9 100644 --- a/internal/query/action_test.go +++ b/internal/query/action_test.go @@ -10,7 +10,7 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -227,7 +227,7 @@ func Test_ActionPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/app.go b/internal/query/app.go index 0877d68c0f..92a44742f9 100644 --- a/internal/query/app.go +++ b/internal/query/app.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Apps struct { @@ -264,7 +264,7 @@ func (q *Queries) AppByProjectAndAppID(ctx context.Context, shouldTriggerBulk bo } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-AFDgg", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-AFDgg", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -285,7 +285,7 @@ func (q *Queries) AppByID(ctx context.Context, appID string) (app *App, err erro } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-immt9", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-immt9", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -306,7 +306,7 @@ func (q *Queries) AppBySAMLEntityID(ctx context.Context, entityID string) (app * } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-JgUop", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-JgUop", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -331,7 +331,7 @@ func (q *Queries) ProjectByClientID(ctx context.Context, appID string) (project }, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-XhJi3", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-XhJi3", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -352,7 +352,7 @@ func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) ( } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement") + return "", zerrors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -378,7 +378,7 @@ func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (id s } query, args, err := stmt.Where(where).ToSql() if err != nil { - return "", errors.ThrowInternal(err, "QUERY-SDfg3", "Errors.Query.SQLStatement") + return "", zerrors.ThrowInternal(err, "QUERY-SDfg3", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -399,7 +399,7 @@ func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string) (project } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-XhJi4", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-XhJi4", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -420,7 +420,7 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (app * } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-JgVop", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-JgVop", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -444,7 +444,7 @@ func (q *Queries) AppByClientID(ctx context.Context, clientID string) (app *App, }, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -462,7 +462,7 @@ func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, wit eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -470,7 +470,7 @@ func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, wit return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") } apps.State, err = q.latestState(ctx, appsTable) return apps, err @@ -484,7 +484,7 @@ func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -492,7 +492,7 @@ func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") } return ids, nil } @@ -594,10 +594,10 @@ func prepareAppQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-pCP8P", "Errors.App.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-pCP8P", "Errors.App.NotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-4SJlx", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-4SJlx", "Errors.Internal") } apiConfig.set(app) @@ -621,10 +621,10 @@ func prepareProjectIDByAppQuery(ctx context.Context, db prepareDatabase) (sq.Sel ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return "", errors.ThrowNotFound(err, "QUERY-aKcc2", "Errors.Project.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return "", zerrors.ThrowNotFound(err, "QUERY-aKcc2", "Errors.Project.NotExisting") } - return "", errors.ThrowInternal(err, "QUERY-3A5TG", "Errors.Internal") + return "", zerrors.ThrowInternal(err, "QUERY-3A5TG", "Errors.Internal") } return projectID, nil @@ -666,10 +666,10 @@ func prepareProjectByAppQuery(ctx context.Context, db prepareDatabase) (sq.Selec &p.PrivateLabelingSetting, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-yxTMh", "Errors.Project.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-yxTMh", "Errors.Project.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") } return p, nil } @@ -769,7 +769,7 @@ func prepareAppsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-XGWAX", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-XGWAX", "Errors.Internal") } apiConfig.set(app) @@ -800,7 +800,7 @@ func prepareClientIDsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu &apiID, &oidcID, ); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-0R2Nw", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-0R2Nw", "Errors.Internal") } if apiID.Valid { ids = append(ids, apiID.String) diff --git a/internal/query/app_test.go b/internal/query/app_test.go index 599a9724aa..a7658dd0a2 100644 --- a/internal/query/app_test.go +++ b/internal/query/app_test.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -1146,7 +1146,7 @@ func Test_AppPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -1864,7 +1864,7 @@ func Test_ProjectIDByAppPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -1930,7 +1930,7 @@ func Test_ProjectByAppPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/auth_request.go b/internal/query/auth_request.go index 71766b8990..50df4bf6fd 100644 --- a/internal/query/auth_request.go +++ b/internal/query/auth_request.go @@ -4,7 +4,7 @@ import ( "context" "database/sql" _ "embed" - errs "errors" + "errors" "fmt" "time" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequest struct { @@ -36,7 +36,7 @@ type AuthRequest struct { func (a *AuthRequest) checkLoginClient(ctx context.Context) error { if uid := authz.GetCtxData(ctx).UserID; uid != a.LoginClient { - return errors.ThrowPermissionDenied(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient") + return zerrors.ThrowPermissionDenied(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient") } return nil } @@ -77,11 +77,11 @@ func (q *Queries) AuthRequestByID(ctx context.Context, shouldTriggerBulk bool, i q.authRequestByIDQuery(ctx), id, authz.GetInstance(ctx).InstanceID(), ) - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Thee9", "Errors.AuthRequest.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Thee9", "Errors.AuthRequest.NotExisting") } if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Ou8ue", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Ou8ue", "Errors.Internal") } dst.Scope = scope diff --git a/internal/query/auth_request_test.go b/internal/query/auth_request_test.go index 4cc52fa8c6..aacc2e0259 100644 --- a/internal/query/auth_request_test.go +++ b/internal/query/auth_request_test.go @@ -16,8 +16,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestQueries_AuthRequestByID(t *testing.T) { @@ -126,7 +126,7 @@ func TestQueries_AuthRequestByID(t *testing.T) { id: "123", }, expect: mockQueryScanErr(expQuery, cols, nil, "123", "instanceID"), - wantErr: errors.ThrowNotFound(sql.ErrNoRows, "QUERY-Thee9", "Errors.AuthRequest.NotExisting"), + wantErr: zerrors.ThrowNotFound(sql.ErrNoRows, "QUERY-Thee9", "Errors.AuthRequest.NotExisting"), }, { name: "query error", @@ -135,7 +135,7 @@ func TestQueries_AuthRequestByID(t *testing.T) { id: "123", }, expect: mockQueryErr(expQuery, sql.ErrConnDone, "123", "instanceID"), - wantErr: errors.ThrowInternal(sql.ErrConnDone, "QUERY-Ou8ue", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(sql.ErrConnDone, "QUERY-Ou8ue", "Errors.Internal"), }, { name: "wrong login client", @@ -157,7 +157,7 @@ func TestQueries_AuthRequestByID(t *testing.T) { sql.NullInt64{}, sql.NullString{}, }, "123", "instanceID"), - wantErr: errors.ThrowPermissionDeniedf(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient"), + wantErr: zerrors.ThrowPermissionDeniedf(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient"), }, } for _, tt := range tests { diff --git a/internal/query/authn_key.go b/internal/query/authn_key.go index 21ff3aee1d..584270e2bc 100644 --- a/internal/query/authn_key.go +++ b/internal/query/authn_key.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -137,7 +137,7 @@ func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQu } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-SAf3f", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-SAf3f", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -145,7 +145,7 @@ func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQu return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dbg53", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Dbg53", "Errors.Internal") } authNKeys.State, err = q.latestState(ctx, authNKeyTable) @@ -164,7 +164,7 @@ func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySear } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-SAg3f", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-SAg3f", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -172,7 +172,7 @@ func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySear return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dbi53", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Dbi53", "Errors.Internal") } authNKeys.State, err = q.latestState(ctx, authNKeyTable) return authNKeys, err @@ -200,7 +200,7 @@ func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, i } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -228,7 +228,7 @@ func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -284,7 +284,7 @@ func prepareAuthNKeysQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows") } return &AuthNKeys{ @@ -319,10 +319,10 @@ func prepareAuthNKeyQuery(ctx context.Context, db prepareDatabase) (sq.SelectBui &authNKey.Type, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Dgr3g", "Errors.AuthNKey.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Dgr3g", "Errors.AuthNKey.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-BGnbr", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-BGnbr", "Errors.Internal") } return authNKey, nil } @@ -339,10 +339,10 @@ func prepareAuthNKeyPublicKeyQuery(ctx context.Context, db prepareDatabase) (sq. &publicKey, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-SDf32", "Errors.AuthNKey.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-SDf32", "Errors.AuthNKey.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Bfs2a", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Bfs2a", "Errors.Internal") } return publicKey, nil } @@ -386,7 +386,7 @@ func prepareAuthNKeysDataQuery(ctx context.Context, db prepareDatabase) (sq.Sele } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows") } return &AuthNKeysData{ diff --git a/internal/query/authn_key_test.go b/internal/query/authn_key_test.go index 620e6a5079..5f5084de35 100644 --- a/internal/query/authn_key_test.go +++ b/internal/query/authn_key_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -361,7 +361,7 @@ func Test_AuthNKeyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -424,7 +424,7 @@ func Test_AuthNKeyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/certificate.go b/internal/query/certificate.go index d43787ff23..f4254e0231 100644 --- a/internal/query/certificate.go +++ b/internal/query/certificate.go @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Certificate interface { @@ -85,7 +85,7 @@ func (q *Queries) ActiveCertificates(ctx context.Context, t time.Time, usage dom }, ).OrderBy(KeyPrivateColExpiry.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SDfkg", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SDfkg", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -93,11 +93,11 @@ func (q *Queries) ActiveCertificates(ctx context.Context, t time.Time, usage dom return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Sgan4", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Sgan4", "Errors.Internal") } certs.State, err = q.latestState(ctx, keyTable) - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return certs, err } return certs, nil @@ -146,7 +146,7 @@ func prepareCertificateQuery(ctx context.Context, db prepareDatabase) (sq.Select } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") } return &Certificates{ diff --git a/internal/query/certificate_test.go b/internal/query/certificate_test.go index 6e8b52abfa..a6c862c8ad 100644 --- a/internal/query/certificate_test.go +++ b/internal/query/certificate_test.go @@ -10,7 +10,7 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -65,7 +65,7 @@ func Test_CertificatePrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/current_state.go b/internal/query/current_state.go index 2c42e97bde..73c8eaeb9a 100644 --- a/internal/query/current_state.go +++ b/internal/query/current_state.go @@ -4,7 +4,7 @@ import ( "context" "database/sql" _ "embed" - errs "errors" + "errors" "fmt" "strings" "time" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type State struct { @@ -68,7 +68,7 @@ func (q *Queries) SearchCurrentStates(ctx context.Context, queries *CurrentState query, scan := prepareCurrentStateQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-MmFef", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-MmFef", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -76,7 +76,7 @@ func (q *Queries) SearchCurrentStates(ctx context.Context, queries *CurrentState return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-22H8f", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-22H8f", "Errors.Internal") } return currentStates, nil @@ -97,7 +97,7 @@ func (q *Queries) latestState(ctx context.Context, projections ...table) (state OrderBy(CurrentStateColEventDate.identifier() + " DESC"). ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-5CfX9", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-5CfX9", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -111,7 +111,7 @@ func (q *Queries) latestState(ctx context.Context, projections ...table) (state func (q *Queries) ClearCurrentSequence(ctx context.Context, projectionName string) (err error) { tx, err := q.client.Begin() if err != nil { - return errors.ThrowInternal(err, "QUERY-9iOpr", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-9iOpr", "Errors.RemoveFailed") } defer func() { if err != nil { @@ -120,7 +120,7 @@ func (q *Queries) ClearCurrentSequence(ctx context.Context, projectionName strin return } if commitErr := tx.Commit(); commitErr != nil { - err = errors.ThrowInternal(commitErr, "QUERY-JGD0l", "Errors.Internal") + err = zerrors.ThrowInternal(commitErr, "QUERY-JGD0l", "Errors.Internal") } }() @@ -139,7 +139,7 @@ func (q *Queries) ClearCurrentSequence(ctx context.Context, projectionName strin } err = tx.Commit() if err != nil { - return errors.ThrowInternal(err, "QUERY-Sfvsc", "Errors.Internal") + return zerrors.ThrowInternal(err, "QUERY-Sfvsc", "Errors.Internal") } return nil } @@ -153,11 +153,11 @@ func (q *Queries) checkAndLock(tx *sql.Tx, projectionName string) (name string, PlaceholderFormat(sq.Dollar). ToSql() if err != nil { - return "", errors.ThrowInternal(err, "QUERY-UJTUy", "Errors.Internal") + return "", zerrors.ThrowInternal(err, "QUERY-UJTUy", "Errors.Internal") } row := tx.QueryRow(stmt, args...) if err := row.Scan(&name); err != nil || name == "" { - return "", errors.ThrowInternal(err, "QUERY-ej8fn", "Errors.ProjectionName.Invalid") + return "", zerrors.ThrowInternal(err, "QUERY-ej8fn", "Errors.ProjectionName.Invalid") } return name, nil } @@ -165,7 +165,7 @@ func (q *Queries) checkAndLock(tx *sql.Tx, projectionName string) (name string, func tablesForReset(ctx context.Context, tx *sql.Tx, projectionName string) (tables []string, err error) { names := strings.Split(projectionName, ".") if len(names) != 2 { - return nil, errors.ThrowInvalidArgument(nil, "QUERY-wk1jr", "Errors.InvalidArgument") + return nil, zerrors.ThrowInvalidArgument(nil, "QUERY-wk1jr", "Errors.InvalidArgument") } schema := names[0] tablePrefix := names[1] @@ -181,19 +181,19 @@ func tablesForReset(ctx context.Context, tx *sql.Tx, projectionName string) (tab PlaceholderFormat(sq.Dollar). ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ASff2", "Errors.ProjectionName.Invalid") + return nil, zerrors.ThrowInternal(err, "QUERY-ASff2", "Errors.ProjectionName.Invalid") } rows, err := tx.QueryContext(ctx, tablesQuery, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgfw", "Errors.ProjectionName.Invalid") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgfw", "Errors.ProjectionName.Invalid") } defer rows.Close() for rows.Next() { var tableName string if err := rows.Scan(&tableName); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ej8fn", "Errors.ProjectionName.Invalid") + return nil, zerrors.ThrowInternal(err, "QUERY-ej8fn", "Errors.ProjectionName.Invalid") } tables = append(tables, schema+"."+tableName) } @@ -209,7 +209,7 @@ func reset(ctx context.Context, tx *sql.Tx, tables []string, projectionName stri for _, tableName := range tables { _, err := tx.Exec(fmt.Sprintf("TRUNCATE %s cascade", tableName)) if err != nil { - return errors.ThrowInternal(err, "QUERY-3n92f", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-3n92f", "Errors.RemoveFailed") } } update, args, err := sq.Update(currentStateTable.identifier()). @@ -220,11 +220,11 @@ func reset(ctx context.Context, tx *sql.Tx, tables []string, projectionName stri PlaceholderFormat(sq.Dollar). ToSql() if err != nil { - return errors.ThrowInternal(err, "QUERY-Ff3tw", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-Ff3tw", "Errors.RemoveFailed") } _, err = tx.Exec(update, args...) if err != nil { - return errors.ThrowInternal(err, "QUERY-NFiws", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-NFiws", "Errors.RemoveFailed") } return nil } @@ -247,8 +247,8 @@ func prepareLatestState(ctx context.Context, db prepareDatabase) (sq.SelectBuild &position, &lastUpdated, ) - if err != nil && !errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowInternal(err, "QUERY-aAZ1D", "Errors.Internal") + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowInternal(err, "QUERY-aAZ1D", "Errors.Internal") } return &State{ EventCreatedAt: creationDate.Time, @@ -307,7 +307,7 @@ func prepareCurrentStateQuery(ctx context.Context, db prepareDatabase) (sq.Selec } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-jbJ77", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-jbJ77", "Errors.Query.CloseRows") } return &CurrentStates{ diff --git a/internal/query/custom_text.go b/internal/query/custom_text.go index 794271f3ec..3bd3bf0793 100644 --- a/internal/query/custom_text.go +++ b/internal/query/custom_text.go @@ -15,10 +15,11 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type CustomTexts struct { @@ -101,7 +102,7 @@ func (q *Queries) CustomTextList(ctx context.Context, aggregateID, template, lan } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-M9gse", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-M9gse", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -109,7 +110,7 @@ func (q *Queries) CustomTextList(ctx context.Context, aggregateID, template, lan return err }, query, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-2j00f", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-2j00f", "Errors.Internal") } texts.State, err = q.latestState(ctx, projectsTable) @@ -131,7 +132,7 @@ func (q *Queries) CustomTextListByTemplate(ctx context.Context, aggregateID, tem } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-M49fs", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-M49fs", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -139,7 +140,7 @@ func (q *Queries) CustomTextListByTemplate(ctx context.Context, aggregateID, tem return err }, query, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3n9ge", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-3n9ge", "Errors.Internal") } texts.State, err = q.latestState(ctx, projectsTable) @@ -156,7 +157,7 @@ func (q *Queries) GetDefaultLoginTexts(ctx context.Context, lang string) (_ *dom } loginText := new(domain.CustomLoginText) if err := yaml.Unmarshal(contents, loginText); err != nil { - return nil, errors.ThrowInternal(err, "TEXT-M0p4s", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "TEXT-M0p4s", "Errors.TranslationFile.ReadError") } loginText.IsDefault = true loginText.AggregateID = authz.GetInstance(ctx).InstanceID() @@ -184,7 +185,7 @@ func (q *Queries) IAMLoginTexts(ctx context.Context, lang string) (_ *domain.Cus } loginTextMap := make(map[string]interface{}) if err := yaml.Unmarshal(contents, &loginTextMap); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-m0Jf3", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "QUERY-m0Jf3", "Errors.TranslationFile.ReadError") } texts, err := q.CustomTextList(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText, lang, false) if err != nil { @@ -200,11 +201,11 @@ func (q *Queries) IAMLoginTexts(ctx context.Context, lang string) (_ *domain.Cus } jsonbody, err := json.Marshal(loginTextMap) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-0nJ3f", "Errors.TranslationFile.MergeError") + return nil, zerrors.ThrowInternal(err, "QUERY-0nJ3f", "Errors.TranslationFile.MergeError") } loginText := new(domain.CustomLoginText) if err := json.Unmarshal(jsonbody, &loginText); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-m93Jf", "Errors.TranslationFile.MergeError") + return nil, zerrors.ThrowInternal(err, "QUERY-m93Jf", "Errors.TranslationFile.MergeError") } loginText.AggregateID = authz.GetInstance(ctx).InstanceID() loginText.IsDefault = true @@ -217,9 +218,9 @@ func (q *Queries) readLoginTranslationFile(ctx context.Context, lang string) ([] contents, ok := q.LoginTranslationFileContents[lang] var err error if !ok { - contents, err = q.readTranslationFile(q.LoginDir, fmt.Sprintf("/i18n/%s.yaml", lang)) - if errors.IsNotFound(err) { - contents, err = q.readTranslationFile(q.LoginDir, fmt.Sprintf("/i18n/%s.yaml", authz.GetInstance(ctx).DefaultLanguage().String())) + contents, err = q.readTranslationFile(i18n.LOGIN, fmt.Sprintf("/i18n/%s.yaml", lang)) + if zerrors.IsNotFound(err) { + contents, err = q.readTranslationFile(i18n.LOGIN, fmt.Sprintf("/i18n/%s.yaml", authz.GetInstance(ctx).DefaultLanguage().String())) } if err != nil { return nil, err @@ -267,7 +268,7 @@ func prepareCustomTextsQuery(ctx context.Context, db prepareDatabase) (sq.Select } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3n9fs", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-3n9fs", "Errors.Query.CloseRows") } return &CustomTexts{ diff --git a/internal/query/custom_text_test.go b/internal/query/custom_text_test.go index 3df40638cc..0453f71a2a 100644 --- a/internal/query/custom_text_test.go +++ b/internal/query/custom_text_test.go @@ -10,7 +10,7 @@ import ( "golang.org/x/text/language" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -59,7 +59,7 @@ func Test_CustomTextPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/device_auth.go b/internal/query/device_auth.go index c16fcdf58c..17e1b8e943 100644 --- a/internal/query/device_auth.go +++ b/internal/query/device_auth.go @@ -3,146 +3,134 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" + "time" sq "github.com/Masterminds/squirrel" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( - deviceAuthTable = table{ - name: projection.DeviceAuthProjectionTable, - instanceIDCol: projection.DeviceAuthColumnInstanceID, + deviceAuthRequestTable = table{ + name: projection.DeviceAuthRequestProjectionTable, + instanceIDCol: projection.DeviceAuthRequestColumnInstanceID, } - DeviceAuthColumnID = Column{ - name: projection.DeviceAuthColumnID, - table: deviceAuthTable, + DeviceAuthRequestColumnClientID = Column{ + name: projection.DeviceAuthRequestColumnClientID, + table: deviceAuthRequestTable, } - DeviceAuthColumnClientID = Column{ - name: projection.DeviceAuthColumnClientID, - table: deviceAuthTable, + DeviceAuthRequestColumnDeviceCode = Column{ + name: projection.DeviceAuthRequestColumnDeviceCode, + table: deviceAuthRequestTable, } - DeviceAuthColumnDeviceCode = Column{ - name: projection.DeviceAuthColumnDeviceCode, - table: deviceAuthTable, + DeviceAuthRequestColumnUserCode = Column{ + name: projection.DeviceAuthRequestColumnUserCode, + table: deviceAuthRequestTable, } - DeviceAuthColumnUserCode = Column{ - name: projection.DeviceAuthColumnUserCode, - table: deviceAuthTable, + DeviceAuthRequestColumnScopes = Column{ + name: projection.DeviceAuthRequestColumnScopes, + table: deviceAuthRequestTable, } - DeviceAuthColumnExpires = Column{ - name: projection.DeviceAuthColumnExpires, - table: deviceAuthTable, + DeviceAuthRequestColumnCreationDate = Column{ + name: projection.DeviceAuthRequestColumnCreationDate, + table: deviceAuthRequestTable, } - DeviceAuthColumnScopes = Column{ - name: projection.DeviceAuthColumnScopes, - table: deviceAuthTable, + DeviceAuthRequestColumnChangeDate = Column{ + name: projection.DeviceAuthRequestColumnChangeDate, + table: deviceAuthRequestTable, } - DeviceAuthColumnState = Column{ - name: projection.DeviceAuthColumnState, - table: deviceAuthTable, + DeviceAuthRequestColumnSequence = Column{ + name: projection.DeviceAuthRequestColumnSequence, + table: deviceAuthRequestTable, } - DeviceAuthColumnSubject = Column{ - name: projection.DeviceAuthColumnSubject, - table: deviceAuthTable, - } - DeviceAuthColumnCreationDate = Column{ - name: projection.DeviceAuthColumnCreationDate, - table: deviceAuthTable, - } - DeviceAuthColumnChangeDate = Column{ - name: projection.DeviceAuthColumnChangeDate, - table: deviceAuthTable, - } - DeviceAuthColumnSequence = Column{ - name: projection.DeviceAuthColumnSequence, - table: deviceAuthTable, - } - DeviceAuthColumnInstanceID = Column{ - name: projection.DeviceAuthColumnInstanceID, - table: deviceAuthTable, + DeviceAuthRequestColumnInstanceID = Column{ + name: projection.DeviceAuthRequestColumnInstanceID, + table: deviceAuthRequestTable, } ) -func (q *Queries) DeviceAuthByDeviceCode(ctx context.Context, clientID, deviceCode string) (deviceAuth *domain.DeviceAuth, err error) { - ctx, span := tracing.NewSpan(ctx) - defer func() { span.EndWithError(err) }() - - stmt, scan := prepareDeviceAuthQuery(ctx, q.client) - eq := sq.Eq{ - DeviceAuthColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), - DeviceAuthColumnClientID.identifier(): clientID, - DeviceAuthColumnDeviceCode.identifier(): deviceCode, - } - query, args, err := stmt.Where(eq).ToSql() - if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-uk1Oh", "Errors.Query.SQLStatement") - } - - err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { - deviceAuth, err = scan(row) - return err - }, query, args...) - return deviceAuth, err +type DeviceAuth struct { + ClientID string + DeviceCode string + UserCode string + Expires time.Time + Scopes []string + State domain.DeviceAuthState + Subject string + UserAuthMethods []domain.UserAuthMethodType + AuthTime time.Time } -func (q *Queries) DeviceAuthByUserCode(ctx context.Context, userCode string) (deviceAuth *domain.DeviceAuth, err error) { +// DeviceAuthByDeviceCode gets the current state of a Device Authorization directly from the eventstore. +func (q *Queries) DeviceAuthByDeviceCode(ctx context.Context, deviceCode string) (deviceAuth *DeviceAuth, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + model := NewDeviceAuthReadModel(deviceCode, authz.GetInstance(ctx).InstanceID()) + if err := q.eventstore.FilterToQueryReducer(ctx, model); err != nil { + return nil, err + } + if !model.State.Exists() { + return nil, zerrors.ThrowNotFound(nil, "QUERY-eeR0e", "Errors.DeviceAuth.NotExisting") + } + return &model.DeviceAuth, nil +} + +// DeviceAuthRequestByUserCode finds a Device Authorization request by User-Code from the `device_auth_requests` projection. +func (q *Queries) DeviceAuthRequestByUserCode(ctx context.Context, userCode string) (authReq *domain.AuthRequestDevice, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() stmt, scan := prepareDeviceAuthQuery(ctx, q.client) eq := sq.Eq{ - DeviceAuthColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), - DeviceAuthColumnUserCode.identifier(): userCode, + DeviceAuthRequestColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), + DeviceAuthRequestColumnUserCode.identifier(): userCode, } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Axu7l", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Axu7l", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { - deviceAuth, err = scan(row) + authReq, err = scan(row) return err }, query, args...) - return deviceAuth, err + return authReq, err } var deviceAuthSelectColumns = []string{ - DeviceAuthColumnID.identifier(), - DeviceAuthColumnClientID.identifier(), - DeviceAuthColumnScopes.identifier(), - DeviceAuthColumnExpires.identifier(), - DeviceAuthColumnState.identifier(), - DeviceAuthColumnSubject.identifier(), + DeviceAuthRequestColumnClientID.identifier(), + DeviceAuthRequestColumnDeviceCode.identifier(), + DeviceAuthRequestColumnUserCode.identifier(), + DeviceAuthRequestColumnScopes.identifier(), } -func prepareDeviceAuthQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*domain.DeviceAuth, error)) { - return sq.Select(deviceAuthSelectColumns...).From(deviceAuthTable.identifier()).PlaceholderFormat(sq.Dollar), - func(row *sql.Row) (*domain.DeviceAuth, error) { - dst := new(domain.DeviceAuth) - var scopes database.TextArray[string] +func prepareDeviceAuthQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*domain.AuthRequestDevice, error)) { + return sq.Select(deviceAuthSelectColumns...).From(deviceAuthRequestTable.identifier()).PlaceholderFormat(sq.Dollar), + func(row *sql.Row) (*domain.AuthRequestDevice, error) { + dst := new(domain.AuthRequestDevice) + var ( + scopes database.TextArray[string] + ) err := row.Scan( - &dst.AggregateID, &dst.ClientID, + &dst.DeviceCode, + &dst.UserCode, &scopes, - &dst.Expires, - &dst.State, - &dst.Subject, ) - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Sah9a", "Errors.DeviceAuth.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Sah9a", "Errors.DeviceAuth.NotExisting") } if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Voo3o", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Voo3o", "Errors.Internal") } - dst.Scopes = scopes return dst, nil } diff --git a/internal/query/device_auth_model.go b/internal/query/device_auth_model.go new file mode 100644 index 0000000000..23fc0775e1 --- /dev/null +++ b/internal/query/device_auth_model.go @@ -0,0 +1,58 @@ +package query + +import ( + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/deviceauth" +) + +type DeviceAuthReadModel struct { + eventstore.ReadModel + DeviceAuth +} + +func NewDeviceAuthReadModel(deviceCode, resourceOwner string) *DeviceAuthReadModel { + return &DeviceAuthReadModel{ + ReadModel: eventstore.ReadModel{ + AggregateID: deviceCode, + ResourceOwner: resourceOwner, + }, + } +} + +func (m *DeviceAuthReadModel) Reduce() error { + for _, event := range m.Events { + switch e := event.(type) { + case *deviceauth.AddedEvent: + m.ClientID = e.ClientID + m.DeviceCode = e.DeviceCode + m.UserCode = e.UserCode + m.Expires = e.Expires + m.Scopes = e.Scopes + m.State = e.State + case *deviceauth.ApprovedEvent: + m.State = domain.DeviceAuthStateApproved + m.Subject = e.Subject + m.UserAuthMethods = e.UserAuthMethods + m.AuthTime = e.AuthTime + case *deviceauth.CanceledEvent: + m.State = e.Reason.State() + } + } + + return m.ReadModel.Reduce() +} + +func (m *DeviceAuthReadModel) Query() *eventstore.SearchQueryBuilder { + return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + ResourceOwner(m.ResourceOwner). + AddQuery(). + AggregateTypes(deviceauth.AggregateType). + AggregateIDs(m.AggregateID). + EventTypes( + deviceauth.AddedEventType, + deviceauth.ApprovedEventType, + deviceauth.CanceledEventType, + ). + Builder() +} diff --git a/internal/query/device_auth_test.go b/internal/query/device_auth_test.go index a9f5efcf2d..c909694aef 100644 --- a/internal/query/device_auth_test.go +++ b/internal/query/device_auth_test.go @@ -6,82 +6,188 @@ import ( "database/sql/driver" "errors" "fmt" + "io" "regexp" "testing" + "time" "github.com/DATA-DOG/go-sqlmock" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" -) - -const ( - expectedDeviceAuthQueryC = `SELECT` + - ` projections.device_authorizations.id,` + - ` projections.device_authorizations.client_id,` + - ` projections.device_authorizations.scopes,` + - ` projections.device_authorizations.expires,` + - ` projections.device_authorizations.state,` + - ` projections.device_authorizations.subject` + - ` FROM projections.device_authorizations` - expectedDeviceAuthWhereDeviceCodeQueryC = expectedDeviceAuthQueryC + - ` WHERE projections.device_authorizations.client_id = $1` + - ` AND projections.device_authorizations.device_code = $2` + - ` AND projections.device_authorizations.instance_id = $3` - expectedDeviceAuthWhereUserCodeQueryC = expectedDeviceAuthQueryC + - ` WHERE projections.device_authorizations.instance_id = $1` + - ` AND projections.device_authorizations.user_code = $2` -) - -var ( - expectedDeviceAuthQuery = regexp.QuoteMeta(expectedDeviceAuthQueryC) - expectedDeviceAuthWhereDeviceCodeQuery = regexp.QuoteMeta(expectedDeviceAuthWhereDeviceCodeQueryC) - expectedDeviceAuthWhereUserCodeQuery = regexp.QuoteMeta(expectedDeviceAuthWhereUserCodeQueryC) - expectedDeviceAuthValues = []driver.Value{ - "primary-id", - "client-id", - database.TextArray[string]{"a", "b", "c"}, - testNow, - domain.DeviceAuthStateApproved, - "subject", - } - expectedDeviceAuth = &domain.DeviceAuth{ - ObjectRoot: models.ObjectRoot{ - AggregateID: "primary-id", - }, - ClientID: "client-id", - Scopes: []string{"a", "b", "c"}, - Expires: testNow, - State: domain.DeviceAuthStateApproved, - Subject: "subject", - } + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/deviceauth" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestQueries_DeviceAuthByDeviceCode(t *testing.T) { - client, mock, err := sqlmock.New() - if err != nil { - t.Fatalf("failed to build mock client: %v", err) + ctx := authz.NewMockContext("inst1", "org1", "user1") + timestamp := time.Date(2015, 12, 15, 22, 13, 45, 0, time.UTC) + tests := []struct { + name string + eventstore func(t *testing.T) *eventstore.Eventstore + want *DeviceAuth + wantErr error + }{ + { + name: "filter error", + eventstore: expectEventstore( + expectFilterError(io.ErrClosedPipe), + ), + wantErr: io.ErrClosedPipe, + }, + { + name: "not found", + eventstore: expectEventstore( + expectFilter(), + ), + wantErr: zerrors.ThrowNotFound(nil, "QUERY-eeR0e", "Errors.DeviceAuth.NotExisting"), + }, + { + name: "ok, initiated", + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher(deviceauth.NewAddedEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + "client1", "device1", "user-code", timestamp, []string{"foo", "bar"}, + )), + ), + ), + want: &DeviceAuth{ + ClientID: "client1", + DeviceCode: "device1", + UserCode: "user-code", + Expires: timestamp, + Scopes: []string{"foo", "bar"}, + State: domain.DeviceAuthStateInitiated, + }, + }, + { + name: "ok, approved", + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher(deviceauth.NewAddedEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + "client1", "device1", "user-code", timestamp, []string{"foo", "bar"}, + )), + eventFromEventPusher(deviceauth.NewApprovedEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + "user1", []domain.UserAuthMethodType{domain.UserAuthMethodTypePasswordless}, + timestamp, + )), + ), + ), + want: &DeviceAuth{ + ClientID: "client1", + DeviceCode: "device1", + UserCode: "user-code", + Expires: timestamp, + Scopes: []string{"foo", "bar"}, + State: domain.DeviceAuthStateApproved, + Subject: "user1", + UserAuthMethods: []domain.UserAuthMethodType{domain.UserAuthMethodTypePasswordless}, + AuthTime: timestamp, + }, + }, + { + name: "ok, denied", + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher(deviceauth.NewAddedEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + "client1", "device1", "user-code", timestamp, []string{"foo", "bar"}, + )), + eventFromEventPusher(deviceauth.NewCanceledEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + domain.DeviceAuthCanceledDenied, + )), + ), + ), + want: &DeviceAuth{ + ClientID: "client1", + DeviceCode: "device1", + UserCode: "user-code", + Expires: timestamp, + Scopes: []string{"foo", "bar"}, + State: domain.DeviceAuthStateDenied, + }, + }, + { + name: "ok, expired", + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher(deviceauth.NewAddedEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + "client1", "device1", "user-code", timestamp, []string{"foo", "bar"}, + )), + eventFromEventPusher(deviceauth.NewCanceledEvent( + ctx, + deviceauth.NewAggregate("device1", "instance1"), + domain.DeviceAuthCanceledExpired, + )), + ), + ), + want: &DeviceAuth{ + ClientID: "client1", + DeviceCode: "device1", + UserCode: "user-code", + Expires: timestamp, + Scopes: []string{"foo", "bar"}, + State: domain.DeviceAuthStateExpired, + }, + }, } - defer client.Close() - - mock.ExpectBegin() - mock.ExpectQuery(expectedDeviceAuthWhereDeviceCodeQuery).WillReturnRows( - sqlmock.NewRows(deviceAuthSelectColumns).AddRow(expectedDeviceAuthValues...), - ) - mock.ExpectCommit() - q := Queries{ - client: &database.DB{DB: client}, + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + q := &Queries{ + eventstore: tt.eventstore(t), + } + got, err := q.DeviceAuthByDeviceCode(ctx, "device1") + require.ErrorIs(t, err, tt.wantErr) + assert.Equal(t, tt.want, got) + }) } - got, err := q.DeviceAuthByDeviceCode(context.TODO(), "123", "456") - require.NoError(t, err) - assert.Equal(t, expectedDeviceAuth, got) - require.NoError(t, mock.ExpectationsWereMet()) } -func TestQueries_DeviceAuthByUserCode(t *testing.T) { +const ( + expectedDeviceAuthQueryC = `SELECT` + + ` projections.device_auth_requests.client_id,` + + ` projections.device_auth_requests.device_code,` + + ` projections.device_auth_requests.user_code,` + + ` projections.device_auth_requests.scopes` + + ` FROM projections.device_auth_requests` + expectedDeviceAuthWhereUserCodeQueryC = expectedDeviceAuthQueryC + + ` WHERE projections.device_auth_requests.instance_id = $1` + + ` AND projections.device_auth_requests.user_code = $2` +) + +var ( + expectedDeviceAuthQuery = regexp.QuoteMeta(expectedDeviceAuthQueryC) + expectedDeviceAuthWhereUserCodeQuery = regexp.QuoteMeta(expectedDeviceAuthWhereUserCodeQueryC) + expectedDeviceAuthValues = []driver.Value{ + "client-id", + "device1", + "user-code", + database.TextArray[string]{"a", "b", "c"}, + } + expectedDeviceAuth = &domain.AuthRequestDevice{ + ClientID: "client-id", + DeviceCode: "device1", + UserCode: "user-code", + Scopes: []string{"a", "b", "c"}, + } +) + +func TestQueries_DeviceAuthRequestByUserCode(t *testing.T) { client, mock, err := sqlmock.New() if err != nil { t.Fatalf("failed to build mock client: %v", err) @@ -96,7 +202,7 @@ func TestQueries_DeviceAuthByUserCode(t *testing.T) { q := Queries{ client: &database.DB{DB: client}, } - got, err := q.DeviceAuthByUserCode(context.TODO(), "789") + got, err := q.DeviceAuthRequestByUserCode(context.TODO(), "789") require.NoError(t, err) assert.Equal(t, expectedDeviceAuth, got) require.NoError(t, mock.ExpectationsWereMet()) @@ -110,7 +216,7 @@ func Test_prepareDeviceAuthQuery(t *testing.T) { tests := []struct { name string want want - object any + object *domain.AuthRequestDevice }{ { name: "success", @@ -137,7 +243,7 @@ func Test_prepareDeviceAuthQuery(t *testing.T) { return nil, true }, }, - object: (*domain.DeviceAuth)(nil), + object: nil, }, { name: "other error", @@ -153,7 +259,7 @@ func Test_prepareDeviceAuthQuery(t *testing.T) { return nil, true }, }, - object: (*domain.DeviceAuth)(nil), + object: nil, }, } for _, tt := range tests { diff --git a/internal/query/domain_policy.go b/internal/query/domain_policy.go index bbe79a9daf..922efb3869 100644 --- a/internal/query/domain_policy.go +++ b/internal/query/domain_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type DomainPolicy struct { @@ -123,7 +123,7 @@ func (q *Queries) DomainPolicyByOrg(ctx context.Context, shouldTriggerBulk bool, query, args, err := stmt.Where(eq).OrderBy(DomainPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-D3CqT", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-D3CqT", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -145,7 +145,7 @@ func (q *Queries) DefaultDomainPolicy(ctx context.Context) (policy *DomainPolicy OrderBy(DomainPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-pM7lP", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-pM7lP", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -185,10 +185,10 @@ func prepareDomainPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Selec &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-K0Jr5", "Errors.DomainPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-K0Jr5", "Errors.DomainPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-rIy6j", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-rIy6j", "Errors.Internal") } return policy, nil } diff --git a/internal/query/domain_policy_test.go b/internal/query/domain_policy_test.go index ef861c737b..70d3ddc391 100644 --- a/internal/query/domain_policy_test.go +++ b/internal/query/domain_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -60,7 +60,7 @@ func Test_DomainPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/embed/oidc_client_by_id.sql b/internal/query/embed/oidc_client_by_id.sql new file mode 100644 index 0000000000..c2fa73c3e2 --- /dev/null +++ b/internal/query/embed/oidc_client_by_id.sql @@ -0,0 +1,46 @@ +--deallocate q; +--prepare q(text, text, boolean) as + +with client as ( + select c.instance_id, + c.app_id, c.client_id, c.client_secret, c.redirect_uris, c.response_types, c.grant_types, + c.application_type, c.auth_method_type, c.post_logout_redirect_uris, c.is_dev_mode, + c.access_token_type, c.access_token_role_assertion, c.id_token_role_assertion, + c.id_token_userinfo_assertion, c.clock_skew, c.additional_origins, a.project_id, a.state + from projections.apps6_oidc_configs c + join projections.apps6 a on a.id = c.app_id and a.instance_id = c.instance_id + where c.instance_id = $1 + and c.client_id = $2 +), +roles as ( + select p.project_id, json_agg(p.role_key) as project_role_keys + from projections.project_roles4 p + join client c on c.project_id = p.project_id + and p.instance_id = c.instance_id + group by p.project_id +), +keys as ( + select identifier as client_id, json_object_agg(id, encode(public_key, 'base64')) as public_keys + from projections.authn_keys2 + where $3 = true -- when argument is false, don't waste time on trying to query for keys. + and instance_id = $1 + and identifier = $2 + and expiration > current_timestamp + group by identifier +), +settings as ( + select instance_id, json_build_object('access_token_lifetime', access_token_lifetime, 'id_token_lifetime', id_token_lifetime) as settings + from projections.oidc_settings2 + where aggregate_id = $1 + and instance_id = $1 +) + +select row_to_json(r) as client from ( + select c.*, r.project_role_keys, k.public_keys, s.settings + from client c + left join roles r on r.project_id = c.project_id + left join keys k on k.client_id = c.client_id + left join settings s on s.instance_id = s.instance_id +) r; + +--execute q('230690539048009730', '236647088211951618@tests', true); \ No newline at end of file diff --git a/internal/query/embed/userinfo_by_id.sql b/internal/query/embed/userinfo_by_id.sql index 1f289f60c9..ad959e43f0 100644 --- a/internal/query/embed/userinfo_by_id.sql +++ b/internal/query/embed/userinfo_by_id.sql @@ -1,6 +1,6 @@ with usr as ( select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name - from projections.users9 u + from projections.users10 u left join projections.login_names3 n on u.id = n.user_id and u.instance_id = n.instance_id where u.id = $1 and u.instance_id = $2 @@ -9,7 +9,7 @@ with usr as ( human as ( select $1 as user_id, row_to_json(r) as human from ( select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified - from projections.users9_humans + from projections.users10_humans where user_id = $1 and instance_id = $2 ) r @@ -17,7 +17,7 @@ human as ( machine as ( select $1 as user_id, row_to_json(r) as machine from ( select name, description - from projections.users9_machines + from projections.users10_machines where user_id = $1 and instance_id = $2 ) r diff --git a/internal/query/event.go b/internal/query/event.go index 074b5c83cf..a956979422 100644 --- a/internal/query/event.go +++ b/internal/query/event.go @@ -6,9 +6,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Event struct { @@ -45,7 +45,7 @@ func (q *Queries) SearchEvents(ctx context.Context, query *eventstore.SearchQuer defer func() { span.EndWithError(err) }() auditLogRetention := q.defaultAuditLogRetention instanceLimits, err := q.Limits(ctx, authz.GetInstance(ctx).InstanceID()) - if err != nil && !errors.IsNotFound(err) { + if err != nil && !zerrors.IsNotFound(err) { return nil, err } if instanceLimits != nil && instanceLimits.AuditLogRetention != nil { diff --git a/internal/query/failed_events.go b/internal/query/failed_events.go index a1c2b31e41..7d2e875cee 100644 --- a/internal/query/failed_events.go +++ b/internal/query/failed_events.go @@ -8,8 +8,8 @@ import ( sq "github.com/Masterminds/squirrel" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -86,7 +86,7 @@ func (q *Queries) SearchFailedEvents(ctx context.Context, queries *FailedEventSe query, scan := prepareFailedEventsQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-n8rjJ", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-n8rjJ", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -94,7 +94,7 @@ func (q *Queries) SearchFailedEvents(ctx context.Context, queries *FailedEventSe return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3j99J", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-3j99J", "Errors.Internal") } return failedEvents, nil } @@ -109,11 +109,11 @@ func (q *Queries) RemoveFailedEvent(ctx context.Context, projectionName, instanc PlaceholderFormat(sq.Dollar). ToSql() if err != nil { - return errors.ThrowInternal(err, "QUERY-DGgh3", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-DGgh3", "Errors.RemoveFailed") } _, err = q.client.ExecContext(ctx, stmt, args...) if err != nil { - return errors.ThrowInternal(err, "QUERY-0kbFF", "Errors.RemoveFailed") + return zerrors.ThrowInternal(err, "QUERY-0kbFF", "Errors.RemoveFailed") } return nil } @@ -175,7 +175,7 @@ func prepareFailedEventsQuery(ctx context.Context, db prepareDatabase) (sq.Selec } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-En99f", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-En99f", "Errors.Query.CloseRows") } return &FailedEvents{ diff --git a/internal/query/iam_member.go b/internal/query/iam_member.go index ca30fc05f6..9f1c5521c9 100644 --- a/internal/query/iam_member.go +++ b/internal/query/iam_member.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -71,7 +71,7 @@ func (q *Queries) IAMMembers(ctx context.Context, queries *IAMMembersQuery) (mem eq := sq.Eq{InstanceMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest") } currentSequence, err := q.latestState(ctx, instanceMemberTable) @@ -84,7 +84,7 @@ func (q *Queries) IAMMembers(ctx context.Context, queries *IAMMembersQuery) (mem return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Pdg1I", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Pdg1I", "Errors.Internal") } members.State = currentSequence return members, err @@ -172,7 +172,7 @@ func prepareInstanceMembersQuery(ctx context.Context, db prepareDatabase) (sq.Se } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-EqJFc", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-EqJFc", "Errors.Query.CloseRows") } return &Members{ diff --git a/internal/query/iam_member_test.go b/internal/query/iam_member_test.go index 476e4e2358..8f1857eae9 100644 --- a/internal/query/iam_member_test.go +++ b/internal/query/iam_member_test.go @@ -21,21 +21,21 @@ var ( ", members.user_id" + ", members.roles" + ", projections.login_names3.login_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.display_name" + - ", projections.users9_machines.name" + - ", projections.users9_humans.avatar_key" + - ", projections.users9.type" + + ", projections.users10_humans.email" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.display_name" + + ", projections.users10_machines.name" + + ", projections.users10_humans.avatar_key" + + ", projections.users10.type" + ", COUNT(*) OVER () " + "FROM projections.instance_members4 AS members " + - "LEFT JOIN projections.users9_humans " + - "ON members.user_id = projections.users9_humans.user_id AND members.instance_id = projections.users9_humans.instance_id " + - "LEFT JOIN projections.users9_machines " + - "ON members.user_id = projections.users9_machines.user_id AND members.instance_id = projections.users9_machines.instance_id " + - "LEFT JOIN projections.users9 " + - "ON members.user_id = projections.users9.id AND members.instance_id = projections.users9.instance_id " + + "LEFT JOIN projections.users10_humans " + + "ON members.user_id = projections.users10_humans.user_id AND members.instance_id = projections.users10_humans.instance_id " + + "LEFT JOIN projections.users10_machines " + + "ON members.user_id = projections.users10_machines.user_id AND members.instance_id = projections.users10_machines.instance_id " + + "LEFT JOIN projections.users10 " + + "ON members.user_id = projections.users10.id AND members.instance_id = projections.users10.instance_id " + "LEFT JOIN projections.login_names3 " + "ON members.user_id = projections.login_names3.user_id AND members.instance_id = projections.login_names3.instance_id " + "AS OF SYSTEM TIME '-1 ms' " + diff --git a/internal/query/idp.go b/internal/query/idp.go index 6dc4d4783b..06d96a76a5 100644 --- a/internal/query/idp.go +++ b/internal/query/idp.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -15,10 +15,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type IDP struct { @@ -219,7 +219,7 @@ func (q *Queries) IDPByIDAndResourceOwner(ctx context.Context, shouldTriggerBulk stmt, scan := prepareIDPByIDQuery(ctx, q.client) query, args, err := stmt.Where(where).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-0gocI", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-0gocI", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -243,7 +243,7 @@ func (q *Queries) IDPs(ctx context.Context, queries *IDPSearchQueries, withOwner } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-X6X7y", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-X6X7y", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -251,7 +251,7 @@ func (q *Queries) IDPs(ctx context.Context, queries *IDPSearchQueries, withOwner return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-xPlVH", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-xPlVH", "Errors.Internal") } idps.State, err = q.latestState(ctx, idpTable) return idps, err @@ -370,10 +370,10 @@ func prepareIDPByIDQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil &jwtEndpoint, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-rhR2o", "Errors.IDPConfig.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-rhR2o", "Errors.IDPConfig.NotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-zE3Ro", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-zE3Ro", "Errors.Internal") } if oidcIDPID.Valid { @@ -515,7 +515,7 @@ func prepareIDPsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-iiBgK", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-iiBgK", "Errors.Query.CloseRows") } return &IDPs{ @@ -539,5 +539,5 @@ func (q *Queries) GetOIDCIDPClientSecret(ctx context.Context, shouldRealTime boo if idp.ClientSecret != nil && idp.ClientSecret.Crypted != nil { return crypto.DecryptString(idp.ClientSecret, q.idpConfigEncryption) } - return "", errors.ThrowNotFound(nil, "QUERY-bsm2o", "Errors.Query.NotFound") + return "", zerrors.ThrowNotFound(nil, "QUERY-bsm2o", "Errors.Query.NotFound") } diff --git a/internal/query/idp_login_policy_link.go b/internal/query/idp_login_policy_link.go index 7bc60bf177..f257e88ad4 100644 --- a/internal/query/idp_login_policy_link.go +++ b/internal/query/idp_login_policy_link.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type IDPLoginPolicyLink struct { @@ -103,7 +103,7 @@ func (q *Queries) IDPLoginPolicyLinks(ctx context.Context, resourceOwner string, stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-FDbKW", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-FDbKW", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -111,7 +111,7 @@ func (q *Queries) IDPLoginPolicyLinks(ctx context.Context, resourceOwner string, return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ZkKUc", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-ZkKUc", "Errors.Internal") } idps.State, err = q.latestState(ctx, idpLoginPolicyLinkTable) return idps, err @@ -168,7 +168,7 @@ func prepareIDPLoginPolicyLinksQuery(ctx context.Context, db prepareDatabase, re } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-vOLFG", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-vOLFG", "Errors.Query.CloseRows") } return &IDPLoginPolicyLinks{ diff --git a/internal/query/idp_template.go b/internal/query/idp_template.go index 39e68b8870..1cfdc14d5b 100644 --- a/internal/query/idp_template.go +++ b/internal/query/idp_template.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -15,11 +15,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type IDPTemplate struct { @@ -723,7 +723,7 @@ func (q *Queries) IDPTemplateByID(ctx context.Context, shouldTriggerBulk bool, i } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SFefg", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SFefg", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -747,7 +747,7 @@ func (q *Queries) IDPTemplates(ctx context.Context, queries *IDPTemplateSearchQu } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-SAF34", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-SAF34", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -755,7 +755,7 @@ func (q *Queries) IDPTemplates(ctx context.Context, queries *IDPTemplateSearchQu return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-BDFrq", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-BDFrq", "Errors.Internal") } idps.State, err = q.latestState(ctx, idpTemplateTable) return idps, err @@ -1136,10 +1136,10 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se &appleScopes, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-SAFrt", "Errors.IDPConfig.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-SAFrt", "Errors.IDPConfig.NotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-ADG42", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-ADG42", "Errors.Internal") } idpTemplate.Name = name.String @@ -1771,7 +1771,7 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SAGrt", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-SAGrt", "Errors.Query.CloseRows") } return &IDPTemplates{ diff --git a/internal/query/idp_template_test.go b/internal/query/idp_template_test.go index 626e411c89..f95b6da05b 100644 --- a/internal/query/idp_template_test.go +++ b/internal/query/idp_template_test.go @@ -11,8 +11,8 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/repository/idp" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -509,7 +509,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -2132,7 +2132,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/idp_test.go b/internal/query/idp_test.go index 5b34fac069..9474a0c751 100644 --- a/internal/query/idp_test.go +++ b/internal/query/idp_test.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -150,7 +150,7 @@ func Test_IDPPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -353,7 +353,7 @@ func Test_IDPPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/idp_user_link.go b/internal/query/idp_user_link.go index 60d6066044..50e780c372 100644 --- a/internal/query/idp_user_link.go +++ b/internal/query/idp_user_link.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type IDPUserLink struct { @@ -100,7 +100,7 @@ func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQ } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-4zzFK", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-4zzFK", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -108,7 +108,7 @@ func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQ return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-C1E4D", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-C1E4D", "Errors.Internal") } idps.State, err = q.latestState(ctx, idpUserLinkTable) return idps, err @@ -176,7 +176,7 @@ func prepareIDPUserLinksQuery(ctx context.Context, db prepareDatabase) (sq.Selec } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-nwx6U", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-nwx6U", "Errors.Query.CloseRows") } return &IDPUserLinks{ diff --git a/internal/query/instance.go b/internal/query/instance.go index ba28bb6a24..7c8acdf310 100644 --- a/internal/query/instance.go +++ b/internal/query/instance.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "strings" "time" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -174,7 +174,7 @@ func (q *Queries) SearchInstances(ctx context.Context, queries *InstanceSearchQu filter, query, scan := prepareInstancesQuery(ctx, q.client) stmt, args, err := query(queries.toQuery(filter)).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-M9fow", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-M9fow", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -182,7 +182,7 @@ func (q *Queries) SearchInstances(ctx context.Context, queries *InstanceSearchQu return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3j98f", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-3j98f", "Errors.Internal") } return instances, err } @@ -203,7 +203,7 @@ func (q *Queries) Instance(ctx context.Context, shouldTriggerBulk bool) (instanc InstanceColumnID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-d9ngs", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-d9ngs", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -223,7 +223,7 @@ func (q *Queries) InstanceByHost(ctx context.Context, host string) (instance aut InstanceDomainDomainCol.identifier(): host, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SAfg2", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SAfg2", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -274,10 +274,10 @@ func prepareInstanceQuery(ctx context.Context, db prepareDatabase, host string) &lang, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-5m09s", "Errors.IAM.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-5m09s", "Errors.IAM.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-3j9sf", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-3j9sf", "Errors.Internal") } instance.DefaultLang = language.Make(lang) return instance, nil @@ -377,7 +377,7 @@ func prepareInstancesQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-8nlWW", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-8nlWW", "Errors.Query.CloseRows") } return &Instances{ @@ -445,7 +445,7 @@ func prepareInstanceDomainQuery(ctx context.Context, db prepareDatabase, host st &sequence, ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-d9nw", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-d9nw", "Errors.Internal") } if !domain.Valid { continue @@ -461,11 +461,11 @@ func prepareInstanceDomainQuery(ctx context.Context, db prepareDatabase, host st }) } if instance.ID == "" { - return nil, errors.ThrowNotFound(nil, "QUERY-n0wng", "Errors.IAM.NotFound") + return nil, zerrors.ThrowNotFound(nil, "QUERY-n0wng", "Errors.IAM.NotFound") } instance.DefaultLang = language.Make(lang) if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") } return instance, nil } @@ -533,7 +533,7 @@ func prepareAuthzInstanceQuery(ctx context.Context, db prepareDatabase, host str &instance.csp.allowedOrigins, ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-d3fas", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-d3fas", "Errors.Internal") } if !domain.Valid { continue @@ -550,11 +550,11 @@ func prepareAuthzInstanceQuery(ctx context.Context, db prepareDatabase, host str instance.csp.enabled = securityPolicyEnabled.Bool } if instance.ID == "" { - return nil, errors.ThrowNotFound(nil, "QUERY-1kIjX", "Errors.IAM.NotFound") + return nil, zerrors.ThrowNotFound(nil, "QUERY-1kIjX", "Errors.IAM.NotFound") } instance.DefaultLang = language.Make(lang) if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-Dfbe2", "Errors.Query.CloseRows") } return instance, nil } diff --git a/internal/query/instance_domain.go b/internal/query/instance_domain.go index ee5230f06b..285bd12936 100644 --- a/internal/query/instance_domain.go +++ b/internal/query/instance_domain.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type InstanceDomain struct { @@ -68,7 +68,7 @@ func (q *Queries) SearchInstanceDomains(ctx context.Context, queries *InstanceDo InstanceDomainInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-inlsF", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-inlsF", "Errors.Query.SQLStatement") } return q.queryInstanceDomains(ctx, stmt, scan, args...) @@ -81,7 +81,7 @@ func (q *Queries) SearchInstanceDomainsGlobal(ctx context.Context, queries *Inst query, scan := prepareInstanceDomainsQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-IHhLR", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-IHhLR", "Errors.Query.SQLStatement") } return q.queryInstanceDomains(ctx, stmt, scan, args...) @@ -133,7 +133,7 @@ func prepareInstanceDomainsQuery(ctx context.Context, db prepareDatabase) (sq.Se } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-8nlWW", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-8nlWW", "Errors.Query.CloseRows") } return &InstanceDomains{ diff --git a/internal/query/instance_test.go b/internal/query/instance_test.go index decd687e29..03b9937d5d 100644 --- a/internal/query/instance_test.go +++ b/internal/query/instance_test.go @@ -13,7 +13,7 @@ import ( sq "github.com/Masterminds/squirrel" "golang.org/x/text/language" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -104,7 +104,7 @@ func Test_InstancePrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/key.go b/internal/query/key.go index 7447b11343..5e1f4fca5f 100644 --- a/internal/query/key.go +++ b/internal/query/key.go @@ -12,11 +12,11 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/keypair" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Key interface { @@ -193,7 +193,7 @@ func (q *Queries) ActivePublicKeys(ctx context.Context, t time.Time) (keys *Publ sq.Gt{KeyPublicColExpiry.identifier(): t}, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SDFfg", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SDFfg", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -201,11 +201,11 @@ func (q *Queries) ActivePublicKeys(ctx context.Context, t time.Time) (keys *Publ return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Sghn4", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Sghn4", "Errors.Internal") } keys.State, err = q.latestState(ctx, keyTable) - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return keys, err } return keys, nil @@ -228,7 +228,7 @@ func (q *Queries) ActivePrivateSigningKey(ctx context.Context, t time.Time) (key sq.Gt{KeyPrivateColExpiry.identifier(): t}, }).OrderBy(KeyPrivateColExpiry.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SDff2", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SDff2", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -236,10 +236,10 @@ func (q *Queries) ActivePrivateSigningKey(ctx context.Context, t time.Time) (key return err }, query, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-WRFG4", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-WRFG4", "Errors.Internal") } keys.State, err = q.latestState(ctx, keyTable) - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return keys, err } return keys, nil @@ -289,7 +289,7 @@ func preparePublicKeysQuery(ctx context.Context, db prepareDatabase) (sq.SelectB } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") } return &PublicKeys{ @@ -340,7 +340,7 @@ func preparePrivateKeysQuery(ctx context.Context, db prepareDatabase) (sq.Select } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") } return &PrivateKeys{ @@ -408,18 +408,18 @@ func (q *Queries) GetActivePublicKeyByID(ctx context.Context, keyID string, curr return nil, err } if model.Algorithm == "" || model.Key == nil { - return nil, errors.ThrowNotFound(err, "QUERY-Ahf7x", "Errors.Key.NotFound") + return nil, zerrors.ThrowNotFound(err, "QUERY-Ahf7x", "Errors.Key.NotFound") } if model.Expiry.Before(current) { - return nil, errors.ThrowInvalidArgument(err, "QUERY-ciF4k", "Errors.Key.ExpireBeforeNow") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-ciF4k", "Errors.Key.ExpireBeforeNow") } keyValue, err := crypto.Decrypt(model.Key, q.keyEncryptionAlgorithm) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Ie4oh", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Ie4oh", "Errors.Internal") } publicKey, err := crypto.BytesToPublicKey(keyValue) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Kai2Z", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Kai2Z", "Errors.Internal") } return &rsaPublicKey{ diff --git a/internal/query/key_test.go b/internal/query/key_test.go index 553b635241..af3702c0e7 100644 --- a/internal/query/key_test.go +++ b/internal/query/key_test.go @@ -20,9 +20,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" key_repo "github.com/zitadel/zitadel/internal/repository/keypair" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -88,7 +88,7 @@ func Test_KeyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -169,7 +169,7 @@ func Test_KeyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -292,7 +292,7 @@ func TestQueries_GetActivePublicKeyByID(t *testing.T) { eventstore: expectEventstore( expectFilter(), ), - wantErr: errs.ThrowNotFound(nil, "QUERY-Ahf7x", "Errors.Key.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "QUERY-Ahf7x", "Errors.Key.NotFound"), }, { name: "expired error", @@ -324,7 +324,7 @@ func TestQueries_GetActivePublicKeyByID(t *testing.T) { )), ), ), - wantErr: errs.ThrowInvalidArgument(nil, "QUERY-ciF4k", "Errors.Key.ExpireBeforeNow"), + wantErr: zerrors.ThrowInvalidArgument(nil, "QUERY-ciF4k", "Errors.Key.ExpireBeforeNow"), }, { name: "decrypt error", @@ -363,7 +363,7 @@ func TestQueries_GetActivePublicKeyByID(t *testing.T) { expect.DecryptionKeyIDs().Return([]string{}) return encryption }, - wantErr: errs.ThrowInternal(nil, "QUERY-Ie4oh", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(nil, "QUERY-Ie4oh", "Errors.Internal"), }, { name: "parse error", @@ -403,7 +403,7 @@ func TestQueries_GetActivePublicKeyByID(t *testing.T) { expect.Decrypt([]byte("public"), "keyID").Return([]byte("foo"), nil) return encryption }, - wantErr: errs.ThrowInternal(nil, "QUERY-Kai2Z", "Errors.Internal"), + wantErr: zerrors.ThrowInternal(nil, "QUERY-Kai2Z", "Errors.Internal"), }, { name: "success", diff --git a/internal/query/label_policy.go b/internal/query/label_policy.go index fe21987adb..6dc7b00922 100644 --- a/internal/query/label_policy.go +++ b/internal/query/label_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type LabelPolicy struct { @@ -66,7 +66,7 @@ func (q *Queries) ActiveLabelPolicyByOrg(ctx context.Context, orgID string, with OrderBy(LabelPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-V22un", "unable to create sql stmt") + return nil, zerrors.ThrowInternal(err, "QUERY-V22un", "unable to create sql stmt") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -99,7 +99,7 @@ func (q *Queries) PreviewLabelPolicyByOrg(ctx context.Context, orgID string) (po OrderBy(LabelPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-AG5eq", "unable to create sql stmt") + return nil, zerrors.ThrowInternal(err, "QUERY-AG5eq", "unable to create sql stmt") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -122,7 +122,7 @@ func (q *Queries) DefaultActiveLabelPolicy(ctx context.Context) (policy *LabelPo OrderBy(LabelPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-mN0Ci", "unable to create sql stmt") + return nil, zerrors.ThrowInternal(err, "QUERY-mN0Ci", "unable to create sql stmt") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -145,7 +145,7 @@ func (q *Queries) DefaultPreviewLabelPolicy(ctx context.Context) (policy *LabelP OrderBy(LabelPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-B3JQR", "unable to create sql stmt") + return nil, zerrors.ThrowInternal(err, "QUERY-B3JQR", "unable to create sql stmt") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -321,10 +321,10 @@ func prepareLabelPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Select &darkIconURL, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-bJEsm", "Errors.Org.PolicyNotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-bJEsm", "Errors.Org.PolicyNotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-awLM6", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-awLM6", "Errors.Internal") } policy.FontURL = fontURL.String diff --git a/internal/query/languages.go b/internal/query/languages.go deleted file mode 100644 index f12c29677e..0000000000 --- a/internal/query/languages.go +++ /dev/null @@ -1,22 +0,0 @@ -package query - -import ( - "context" - - "github.com/zitadel/logging" - "golang.org/x/text/language" - - "github.com/zitadel/zitadel/internal/i18n" -) - -func (q *Queries) Languages(ctx context.Context) ([]language.Tag, error) { - if len(q.supportedLangs) == 0 { - langs, err := i18n.SupportedLanguages(q.LoginDir) - if err != nil { - logging.Log("ADMIN-tiMWs").WithError(err).Debug("unable to parse language") - return nil, err - } - q.supportedLangs = langs - } - return q.supportedLangs, nil -} diff --git a/internal/query/limits.go b/internal/query/limits.go index cf9635026d..bd03f4ad91 100644 --- a/internal/query/limits.go +++ b/internal/query/limits.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -71,7 +71,7 @@ func (q *Queries) Limits(ctx context.Context, resourceOwner string) (limits *Lim LimitsColumnResourceOwner.identifier(): resourceOwner, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-jJe80", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-jJe80", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -106,10 +106,10 @@ func prepareLimitsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuild &auditLogRetention, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-GU1em", "Errors.Limits.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-GU1em", "Errors.Limits.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-00jgy", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-00jgy", "Errors.Internal") } if auditLogRetention.Valid { limits.AuditLogRetention = &auditLogRetention.Duration diff --git a/internal/query/limits_test.go b/internal/query/limits_test.go index 84e6e70e52..efd1272354 100644 --- a/internal/query/limits_test.go +++ b/internal/query/limits_test.go @@ -11,7 +11,7 @@ import ( "github.com/muhlemmer/gu" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -56,7 +56,7 @@ func Test_LimitsPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/lockout_policy.go b/internal/query/lockout_policy.go index d568427b24..e84750cc6d 100644 --- a/internal/query/lockout_policy.go +++ b/internal/query/lockout_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type LockoutPolicy struct { @@ -113,7 +113,7 @@ func (q *Queries) LockoutPolicyByOrg(ctx context.Context, shouldTriggerBulk bool OrderBy(LockoutColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -135,7 +135,7 @@ func (q *Queries) DefaultLockoutPolicy(ctx context.Context) (policy *LockoutPoli OrderBy(LockoutColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -173,10 +173,10 @@ func prepareLockoutPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Sele &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-63mtI", "Errors.PasswordComplexityPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-63mtI", "Errors.PasswordComplexityPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") } return policy, nil } diff --git a/internal/query/lockout_policy_test.go b/internal/query/lockout_policy_test.go index 0fefcf386e..044f6c291b 100644 --- a/internal/query/lockout_policy_test.go +++ b/internal/query/lockout_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -59,7 +59,7 @@ func Test_LockoutPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/login_policy.go b/internal/query/login_policy.go index fc4b12bf4b..7bd6597976 100644 --- a/internal/query/login_policy.go +++ b/internal/query/login_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type LoginPolicy struct { @@ -194,7 +194,7 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, shouldTriggerBulk bool, o }, }).Limit(1).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-scVHo", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-scVHo", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -202,7 +202,7 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, shouldTriggerBulk bool, o return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SWgr3", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-SWgr3", "Errors.Internal") } return policy, nil } @@ -233,7 +233,7 @@ func (q *Queries) DefaultLoginPolicy(ctx context.Context) (policy *LoginPolicy, LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-t4TBK", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-t4TBK", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -241,7 +241,7 @@ func (q *Queries) DefaultLoginPolicy(ctx context.Context) (policy *LoginPolicy, return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SArt2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-SArt2", "Errors.Internal") } return policy, nil } @@ -268,7 +268,7 @@ func (q *Queries) SecondFactorsByOrg(ctx context.Context, orgID string) (factors OrderBy(LoginPolicyColumnIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-scVHo", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-scVHo", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -292,7 +292,7 @@ func (q *Queries) DefaultSecondFactors(ctx context.Context) (factors *SecondFact LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-CZ2Nv", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-CZ2Nv", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -328,7 +328,7 @@ func (q *Queries) MultiFactorsByOrg(ctx context.Context, orgID string) (factors OrderBy(LoginPolicyColumnIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-B4o7h", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-B4o7h", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -352,7 +352,7 @@ func (q *Queries) DefaultMultiFactors(ctx context.Context) (factors *MultiFactor LoginPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-WxYjr", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-WxYjr", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -425,11 +425,11 @@ func prepareLoginPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Select &p.MultiFactorCheckLifetime, ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-YcC53", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-YcC53", "Errors.Internal") } } if p.OrgID == "" { - return nil, errors.ThrowNotFound(nil, "QUERY-QsUBJ", "Errors.LoginPolicy.NotFound") + return nil, zerrors.ThrowNotFound(nil, "QUERY-QsUBJ", "Errors.LoginPolicy.NotFound") } p.DefaultRedirectURI = defaultRedirectURI.String return p, nil @@ -447,10 +447,10 @@ func prepareLoginPolicy2FAsQuery(ctx context.Context, db prepareDatabase) (sq.Se &p.Factors, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-yPqIZ", "Errors.LoginPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-yPqIZ", "Errors.LoginPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Mr6H3", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Mr6H3", "Errors.Internal") } p.Count = uint64(len(p.Factors)) @@ -469,10 +469,10 @@ func prepareLoginPolicyMFAsQuery(ctx context.Context, db prepareDatabase) (sq.Se &p.Factors, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-yPqIZ", "Errors.LoginPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-yPqIZ", "Errors.LoginPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Mr6H3", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Mr6H3", "Errors.Internal") } p.Count = uint64(len(p.Factors)) diff --git a/internal/query/login_policy_test.go b/internal/query/login_policy_test.go index f346bd9e3a..7714fa302a 100644 --- a/internal/query/login_policy_test.go +++ b/internal/query/login_policy_test.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -104,7 +104,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -201,7 +201,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -269,7 +269,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/mail_template.go b/internal/query/mail_template.go index f0872cf290..9d5ff83162 100644 --- a/internal/query/mail_template.go +++ b/internal/query/mail_template.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type MailTemplate struct { @@ -90,7 +90,7 @@ func (q *Queries) MailTemplateByOrg(ctx context.Context, orgID string, withOwner OrderBy(MailTemplateColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-m0sJg", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-m0sJg", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -112,7 +112,7 @@ func (q *Queries) DefaultMailTemplate(ctx context.Context) (template *MailTempla OrderBy(MailTemplateColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-2m0fH", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-2m0fH", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -146,10 +146,10 @@ func prepareMailTemplateQuery(ctx context.Context, db prepareDatabase) (sq.Selec &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-2NO0g", "Errors.MailTemplate.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-2NO0g", "Errors.MailTemplate.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-4Nisf", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-4Nisf", "Errors.Internal") } return policy, nil } diff --git a/internal/query/message_text.go b/internal/query/message_text.go index 4bc656c0cc..dd2d9cd50b 100644 --- a/internal/query/message_text.go +++ b/internal/query/message_text.go @@ -4,10 +4,9 @@ import ( "context" "database/sql" "encoding/json" - errs "errors" + "errors" "fmt" "io/ioutil" - "net/http" "os" "time" @@ -18,9 +17,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/i18n" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type MessageTexts struct { @@ -137,7 +137,7 @@ func (q *Queries) DefaultMessageText(ctx context.Context) (text *MessageText, er }). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-1b9mf", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-1b9mf", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -157,7 +157,7 @@ func (q *Queries) DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx context. } messageTexts := new(MessageTexts) if err := yaml.Unmarshal(contents, messageTexts); err != nil { - return nil, errors.ThrowInternal(err, "TEXT-3N9fs", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "TEXT-3N9fs", "Errors.TranslationFile.ReadError") } return messageTexts.GetMessageTextByType(messageType), nil } @@ -179,14 +179,14 @@ func (q *Queries) CustomMessageTextByTypeAndLanguage(ctx context.Context, aggreg query, args, err := stmt.Where(eq).OrderBy(MessageTextColAggregateID.identifier()).Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-1b9mf", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-1b9mf", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { msg, err = scan(row) return err }, query, args...) - if errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return q.IAMMessageTextByTypeAndLanguage(ctx, messageType, language) } return msg, err @@ -202,7 +202,7 @@ func (q *Queries) IAMMessageTextByTypeAndLanguage(ctx context.Context, messageTy } notificationTextMap := make(map[string]interface{}) if err := yaml.Unmarshal(contents, ¬ificationTextMap); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ekjFF", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "QUERY-ekjFF", "Errors.TranslationFile.ReadError") } texts, err := q.CustomTextList(ctx, authz.GetInstance(ctx).InstanceID(), messageType, language, false) if err != nil { @@ -218,11 +218,11 @@ func (q *Queries) IAMMessageTextByTypeAndLanguage(ctx context.Context, messageTy jsonbody, err := json.Marshal(notificationTextMap) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3m8fJ", "Errors.TranslationFile.MergeError") + return nil, zerrors.ThrowInternal(err, "QUERY-3m8fJ", "Errors.TranslationFile.MergeError") } notificationText := new(MessageTexts) if err := json.Unmarshal(jsonbody, ¬ificationText); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-9MkfD", "Errors.TranslationFile.MergeError") + return nil, zerrors.ThrowInternal(err, "QUERY-9MkfD", "Errors.TranslationFile.MergeError") } result := notificationText.GetMessageTextByType(messageType) result.IsDefault = true @@ -236,9 +236,9 @@ func (q *Queries) readNotificationTextMessages(ctx context.Context, language str var err error contents, ok := q.NotificationTranslationFileContents[language] if !ok { - contents, err = q.readTranslationFile(q.NotificationDir, fmt.Sprintf("/i18n/%s.yaml", language)) - if errors.IsNotFound(err) { - contents, err = q.readTranslationFile(q.NotificationDir, fmt.Sprintf("/i18n/%s.yaml", authz.GetInstance(ctx).DefaultLanguage().String())) + contents, err = q.readTranslationFile(i18n.NOTIFICATION, fmt.Sprintf("/i18n/%s.yaml", language)) + if zerrors.IsNotFound(err) { + contents, err = q.readTranslationFile(i18n.NOTIFICATION, fmt.Sprintf("/i18n/%s.yaml", authz.GetInstance(ctx).DefaultLanguage().String())) } if err != nil { return nil, err @@ -294,10 +294,10 @@ func prepareMessageTextQuery(ctx context.Context, db prepareDatabase) (sq.Select &footer, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-3nlrS", "Errors.MessageText.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-3nlrS", "Errors.MessageText.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-499gJ", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-499gJ", "Errors.Internal") } msg.Language = language.Make(lang) msg.Title = title.String @@ -311,17 +311,17 @@ func prepareMessageTextQuery(ctx context.Context, db prepareDatabase) (sq.Select } } -func (q *Queries) readTranslationFile(dir http.FileSystem, filename string) ([]byte, error) { - r, err := dir.Open(filename) +func (q *Queries) readTranslationFile(namespace i18n.Namespace, filename string) ([]byte, error) { + r, err := i18n.LoadFilesystem(namespace).Open(filename) if os.IsNotExist(err) { - return nil, errors.ThrowNotFound(err, "QUERY-sN9wg", "Errors.TranslationFile.NotFound") + return nil, zerrors.ThrowNotFound(err, "QUERY-sN9wg", "Errors.TranslationFile.NotFound") } if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-93njw", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "QUERY-93njw", "Errors.TranslationFile.ReadError") } contents, err := ioutil.ReadAll(r) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-l0fse", "Errors.TranslationFile.ReadError") + return nil, zerrors.ThrowInternal(err, "QUERY-l0fse", "Errors.TranslationFile.ReadError") } return contents, nil } diff --git a/internal/query/message_text_test.go b/internal/query/message_text_test.go index 713066512f..09df5dcd83 100644 --- a/internal/query/message_text_test.go +++ b/internal/query/message_text_test.go @@ -11,7 +11,7 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -70,7 +70,7 @@ func Test_MessageTextPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/milestone.go b/internal/query/milestone.go index 7a91223c95..0b9c34fc76 100644 --- a/internal/query/milestone.go +++ b/internal/query/milestone.go @@ -9,10 +9,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/milestone" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Milestones struct { @@ -78,7 +78,7 @@ func (q *Queries) SearchMilestones(ctx context.Context, instanceIDs []string, qu } stmt, args, err := queries.toQuery(query).Where(sq.Eq{MilestoneInstanceIDColID.identifier(): instanceIDs}).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-A9i5k", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-A9i5k", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { milestones, err = scan(rows) diff --git a/internal/query/notification_policy.go b/internal/query/notification_policy.go index ba0b2c549e..f3878e7987 100644 --- a/internal/query/notification_policy.go +++ b/internal/query/notification_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,10 +11,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type NotificationPolicy struct { @@ -104,7 +104,7 @@ func (q *Queries) NotificationPolicyByOrg(ctx context.Context, shouldTriggerBulk }). OrderBy(NotificationPolicyColIsDefault.identifier()).Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Xuoapqm", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Xuoapqm", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -135,7 +135,7 @@ func (q *Queries) DefaultNotificationPolicy(ctx context.Context, shouldTriggerBu OrderBy(NotificationPolicyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-xlqp209", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-xlqp209", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -171,10 +171,10 @@ func prepareNotificationPolicyQuery(ctx context.Context, db prepareDatabase) (sq &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-x0so2p", "Errors.NotificationPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-x0so2p", "Errors.NotificationPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Zixoooq", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Zixoooq", "Errors.Internal") } return policy, nil } diff --git a/internal/query/notification_policy_test.go b/internal/query/notification_policy_test.go index 3c5de860fa..d755bdc544 100644 --- a/internal/query/notification_policy_test.go +++ b/internal/query/notification_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -56,7 +56,7 @@ func Test_NotificationPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/notification_provider.go b/internal/query/notification_provider.go index 7ba7320e2a..b2038c603d 100644 --- a/internal/query/notification_provider.go +++ b/internal/query/notification_provider.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type DebugNotificationProvider struct { @@ -87,7 +87,7 @@ func (q *Queries) NotificationProviderByIDAndType(ctx context.Context, aggID str }). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-f9jSf", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-f9jSf", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -122,10 +122,10 @@ func prepareDebugNotificationProviderQuery(ctx context.Context, db prepareDataba &p.Compact, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-s9ujf", "Errors.NotificationProvider.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-s9ujf", "Errors.NotificationProvider.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-2liu0", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-2liu0", "Errors.Internal") } return p, nil } diff --git a/internal/query/notification_provider_test.go b/internal/query/notification_provider_test.go index b0bfbe5115..2fce31e118 100644 --- a/internal/query/notification_provider_test.go +++ b/internal/query/notification_provider_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -56,7 +56,7 @@ func Test_NotificationProviderPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/oidc_client.go b/internal/query/oidc_client.go new file mode 100644 index 0000000000..7157f9e6ef --- /dev/null +++ b/internal/query/oidc_client.go @@ -0,0 +1,60 @@ +package query + +import ( + "context" + "database/sql" + _ "embed" + "errors" + "time" + + "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/database" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" +) + +type OIDCClient struct { + InstanceID string `json:"instance_id,omitempty"` + AppID string `json:"app_id,omitempty"` + State domain.AppState `json:"state,omitempty"` + ClientID string `json:"client_id,omitempty"` + ClientSecret *crypto.CryptoValue `json:"client_secret,omitempty"` + RedirectURIs []string `json:"redirect_uris,omitempty"` + ResponseTypes []domain.OIDCResponseType `json:"response_types,omitempty"` + GrantTypes []domain.OIDCGrantType `json:"grant_types,omitempty"` + ApplicationType domain.OIDCApplicationType `json:"application_type,omitempty"` + AuthMethodType domain.OIDCAuthMethodType `json:"auth_method_type,omitempty"` + PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"` + IsDevMode bool `json:"is_dev_mode,omitempty"` + AccessTokenType domain.OIDCTokenType `json:"access_token_type,omitempty"` + AccessTokenRoleAssertion bool `json:"access_token_role_assertion,omitempty"` + IDTokenRoleAssertion bool `json:"id_token_role_assertion,omitempty"` + IDTokenUserinfoAssertion bool `json:"id_token_userinfo_assertion,omitempty"` + ClockSkew time.Duration `json:"clock_skew,omitempty"` + AdditionalOrigins []string `json:"additional_origins,omitempty"` + PublicKeys map[string][]byte `json:"public_keys,omitempty"` + ProjectID string `json:"project_id,omitempty"` + ProjectRoleKeys []string `json:"project_role_keys,omitempty"` + Settings *OIDCSettings `json:"settings,omitempty"` +} + +//go:embed embed/oidc_client_by_id.sql +var oidcClientQuery string + +func (q *Queries) GetOIDCClientByID(ctx context.Context, clientID string, getKeys bool) (client *OIDCClient, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + client, err = database.QueryJSONObject[OIDCClient](ctx, q.client, oidcClientQuery, + authz.GetInstance(ctx).InstanceID(), clientID, getKeys, + ) + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-wu6Ee", "Errors.App.NotFound") + } + if err != nil { + return nil, zerrors.ThrowInternal(err, "QUERY-ieR7R", "Errors.Internal") + } + return client, err +} diff --git a/internal/query/oidc_client_test.go b/internal/query/oidc_client_test.go new file mode 100644 index 0000000000..44f642ccea --- /dev/null +++ b/internal/query/oidc_client_test.go @@ -0,0 +1,208 @@ +package query + +import ( + "database/sql" + "database/sql/driver" + _ "embed" + "regexp" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/database" + "github.com/zitadel/zitadel/internal/domain" + "github.com/zitadel/zitadel/internal/zerrors" +) + +var ( + //go:embed testdata/oidc_client_jwt.json + testdataOidcClientJWT string + //go:embed testdata/oidc_client_public.json + testdataOidcClientPublic string + //go:embed testdata/oidc_client_secret.json + testdataOidcClientSecret string + //go:embed testdata/oidc_client_no_settings.json + testdataOidcClientNoSettings string +) + +func TestQueries_GetOIDCClientByID(t *testing.T) { + expQuery := regexp.QuoteMeta(oidcClientQuery) + cols := []string{"client"} + pubkey := `-----BEGIN RSA PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ufAL1b72bIy1ar+Ws6b +GohJJQFB7dfRapDqeqM8Ukp6CVdPzq/pOz1viAq50yzWZJryF+2wshFAKGF9A2/B +2Yf9bJXPZ/KbkFrYT3NTvYDkvlaSTl9mMnzrU29s48F1PTWKfB+C3aMsOEG1BufV +s63qF4nrEPjSbhljIco9FZq4XppIzhMQ0fDdA/+XygCJqvuaL0LibM1KrlUdnu71 +YekhSJjEPnvOisXIk4IXywoGIOwtjxkDvNItQvaMVldr4/kb6uvbgdWwq5EwBZXq +low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx +6QIDAQAB +-----END RSA PUBLIC KEY----- +` + + tests := []struct { + name string + mock sqlExpectation + want *OIDCClient + wantErr error + }{ + { + name: "no rows", + mock: mockQueryErr(expQuery, sql.ErrNoRows, "instanceID", "clientID", true), + wantErr: zerrors.ThrowNotFound(sql.ErrNoRows, "QUERY-wu6Ee", "Errors.App.NotFound"), + }, + { + name: "internal error", + mock: mockQueryErr(expQuery, sql.ErrConnDone, "instanceID", "clientID", true), + wantErr: zerrors.ThrowInternal(sql.ErrConnDone, "QUERY-ieR7R", "Errors.Internal"), + }, + { + name: "jwt client", + mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientJWT}, "instanceID", "clientID", true), + want: &OIDCClient{ + InstanceID: "230690539048009730", + AppID: "236647088211886082", + State: domain.AppStateActive, + ClientID: "236647088211951618@tests", + ClientSecret: nil, + RedirectURIs: []string{"http://localhost:9999/auth/callback"}, + ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode, domain.OIDCGrantTypeRefreshToken}, + ApplicationType: domain.OIDCApplicationTypeWeb, + AuthMethodType: domain.OIDCAuthMethodTypePrivateKeyJWT, + PostLogoutRedirectURIs: []string{"https://example.com/logout"}, + IsDevMode: true, + AccessTokenType: domain.OIDCTokenTypeJWT, + AccessTokenRoleAssertion: true, + IDTokenRoleAssertion: true, + IDTokenUserinfoAssertion: true, + ClockSkew: 1000000000, + AdditionalOrigins: []string{"https://example.com"}, + ProjectID: "236645808328409090", + PublicKeys: map[string][]byte{"236647201860747266": []byte(pubkey)}, + ProjectRoleKeys: []string{"role1", "role2"}, + Settings: &OIDCSettings{ + AccessTokenLifetime: 43200000000000, + IdTokenLifetime: 43200000000000, + }, + }, + }, + { + name: "public client", + mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientPublic}, "instanceID", "clientID", true), + want: &OIDCClient{ + InstanceID: "230690539048009730", + AppID: "236646457053020162", + State: domain.AppStateActive, + ClientID: "236646457053085698@tests", + ClientSecret: nil, + RedirectURIs: []string{"http://localhost:9999/auth/callback"}, + ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, + ApplicationType: domain.OIDCApplicationTypeWeb, + AuthMethodType: domain.OIDCAuthMethodTypeNone, + PostLogoutRedirectURIs: nil, + IsDevMode: true, + AccessTokenType: domain.OIDCTokenTypeBearer, + AccessTokenRoleAssertion: false, + IDTokenRoleAssertion: false, + IDTokenUserinfoAssertion: false, + ClockSkew: 0, + AdditionalOrigins: nil, + PublicKeys: nil, + ProjectID: "236645808328409090", + ProjectRoleKeys: []string{"role1", "role2"}, + Settings: &OIDCSettings{ + AccessTokenLifetime: 43200000000000, + IdTokenLifetime: 43200000000000, + }, + }, + }, + { + name: "secret client", + mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientSecret}, "instanceID", "clientID", true), + want: &OIDCClient{ + InstanceID: "230690539048009730", + AppID: "236646858984783874", + State: domain.AppStateActive, + ClientID: "236646858984849410@tests", + ClientSecret: &crypto.CryptoValue{ + CryptoType: crypto.TypeHash, + Algorithm: "bcrypt", + Crypted: []byte(`$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq`), + }, + RedirectURIs: []string{"http://localhost:9999/auth/callback"}, + ResponseTypes: []domain.OIDCResponseType{0}, + GrantTypes: []domain.OIDCGrantType{0}, + ApplicationType: domain.OIDCApplicationTypeWeb, + AuthMethodType: domain.OIDCAuthMethodTypeBasic, + PostLogoutRedirectURIs: nil, + IsDevMode: true, + AccessTokenType: domain.OIDCTokenTypeBearer, + AccessTokenRoleAssertion: false, + IDTokenRoleAssertion: false, + IDTokenUserinfoAssertion: false, + ClockSkew: 0, + AdditionalOrigins: nil, + PublicKeys: nil, + ProjectID: "236645808328409090", + ProjectRoleKeys: []string{"role1", "role2"}, + Settings: &OIDCSettings{ + AccessTokenLifetime: 43200000000000, + IdTokenLifetime: 43200000000000, + }, + }, + }, + { + name: "no oidc settings", + mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientNoSettings}, "instanceID", "clientID", true), + want: &OIDCClient{ + InstanceID: "239520764275982338", + AppID: "239520764276441090", + State: domain.AppStateActive, + ClientID: "239520764779364354@zitadel", + ClientSecret: nil, + RedirectURIs: []string{ + "http://test2-qucuh5.localhost:9000/ui/console/auth/callback", + "http://test.localhost.com:9000/ui/console/auth/callback"}, + ResponseTypes: []domain.OIDCResponseType{0}, + GrantTypes: []domain.OIDCGrantType{0}, + ApplicationType: domain.OIDCApplicationTypeUserAgent, + AuthMethodType: domain.OIDCAuthMethodTypeNone, + PostLogoutRedirectURIs: []string{ + "http://test2-qucuh5.localhost:9000/ui/console/signedout", + "http://test.localhost.com:9000/ui/console/signedout", + }, + IsDevMode: true, + AccessTokenType: domain.OIDCTokenTypeBearer, + AccessTokenRoleAssertion: false, + IDTokenRoleAssertion: false, + IDTokenUserinfoAssertion: false, + ClockSkew: 0, + AdditionalOrigins: nil, + PublicKeys: nil, + ProjectID: "239520764276178946", + ProjectRoleKeys: nil, + Settings: nil, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + execMock(t, tt.mock, func(db *sql.DB) { + q := &Queries{ + client: &database.DB{ + DB: db, + Database: &prepareDB{}, + }, + } + ctx := authz.NewMockContext("instanceID", "orgID", "loginClient") + got, err := q.GetOIDCClientByID(ctx, "clientID", true) + require.ErrorIs(t, err, tt.wantErr) + assert.Equal(t, tt.want, got) + }) + }) + } +} diff --git a/internal/query/oidc_settings.go b/internal/query/oidc_settings.go index 7e48ff43a7..32cbc32429 100644 --- a/internal/query/oidc_settings.go +++ b/internal/query/oidc_settings.go @@ -3,16 +3,16 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -69,10 +69,10 @@ type OIDCSettings struct { ResourceOwner string Sequence uint64 - AccessTokenLifetime time.Duration - IdTokenLifetime time.Duration - RefreshTokenIdleExpiration time.Duration - RefreshTokenExpiration time.Duration + AccessTokenLifetime time.Duration `json:"access_token_lifetime,omitempty"` + IdTokenLifetime time.Duration `json:"id_token_lifetime,omitempty"` + RefreshTokenIdleExpiration time.Duration `json:"refresh_token_idle_expiration,omitempty"` + RefreshTokenExpiration time.Duration `json:"refresh_token_expiration,omitempty"` } func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (settings *OIDCSettings, err error) { @@ -85,7 +85,7 @@ func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) ( OIDCSettingsColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -122,10 +122,10 @@ func prepareOIDCSettingsQuery(ctx context.Context, db prepareDatabase) (sq.Selec &oidcSettings.RefreshTokenExpiration, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-s9nlw", "Errors.OIDCSettings.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-s9nlw", "Errors.OIDCSettings.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-9bf8s", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-9bf8s", "Errors.Internal") } return oidcSettings, nil } diff --git a/internal/query/oidc_settings_test.go b/internal/query/oidc_settings_test.go index d5aa653160..bdb5cb96ec 100644 --- a/internal/query/oidc_settings_test.go +++ b/internal/query/oidc_settings_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -58,7 +58,7 @@ func Test_OIDCConfigsPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/org.go b/internal/query/org.go index fcc53e6a08..65be2ff1a3 100644 --- a/internal/query/org.go +++ b/internal/query/org.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" domain_pkg "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -109,7 +109,7 @@ func (q *Queries) OrgByID(ctx context.Context, shouldTriggerBulk bool, id string OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-AWx52", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-AWx52", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -130,7 +130,7 @@ func (q *Queries) OrgByPrimaryDomain(ctx context.Context, domain string) (org *O OrgColumnState.identifier(): domain_pkg.OrgStateActive, }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -151,7 +151,7 @@ func (q *Queries) OrgByVerifiedDomain(ctx context.Context, domain string) (org * OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -166,7 +166,7 @@ func (q *Queries) IsOrgUnique(ctx context.Context, name, domain string) (isUniqu defer func() { span.EndWithError(err) }() if name == "" && domain == "" { - return false, errors.ThrowInvalidArgument(nil, "QUERY-DGqfd", "Errors.Query.InvalidRequest") + return false, zerrors.ThrowInvalidArgument(nil, "QUERY-DGqfd", "Errors.Query.InvalidRequest") } query, scan := prepareOrgUniqueQuery(ctx, q.client) stmt, args, err := query.Where( @@ -188,7 +188,7 @@ func (q *Queries) IsOrgUnique(ctx context.Context, name, domain string) (isUniqu }, }).ToSql() if err != nil { - return false, errors.ThrowInternal(err, "QUERY-Dgbe2", "Errors.Query.SQLStatement") + return false, zerrors.ThrowInternal(err, "QUERY-Dgbe2", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -226,7 +226,7 @@ func (q *Queries) SearchOrgs(ctx context.Context, queries *OrgSearchQueries) (or }, }).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-wQ3by", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-wQ3by", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -234,7 +234,7 @@ func (q *Queries) SearchOrgs(ctx context.Context, queries *OrgSearchQueries) (or return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-M6mYN", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-M6mYN", "Errors.Internal") } orgs.State, err = q.latestState(ctx, orgsTable) @@ -297,7 +297,7 @@ func prepareOrgsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") } return &Orgs{ @@ -335,10 +335,10 @@ func prepareOrgQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, &o.Domain, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-iTTGJ", "Errors.Org.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-iTTGJ", "Errors.Org.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-pWS5H", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-pWS5H", "Errors.Internal") } return o, nil } @@ -371,10 +371,10 @@ func prepareOrgWithDomainsQuery(ctx context.Context, db prepareDatabase) (sq.Sel &o.Domain, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-iTTGJ", "Errors.Org.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-iTTGJ", "Errors.Org.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-pWS5H", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-pWS5H", "Errors.Internal") } return o, nil } @@ -388,7 +388,7 @@ func prepareOrgUniqueQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu func(row *sql.Row) (isUnique bool, err error) { err = row.Scan(&isUnique) if err != nil { - return false, errors.ThrowInternal(err, "QUERY-e6EiG", "Errors.Internal") + return false, zerrors.ThrowInternal(err, "QUERY-e6EiG", "Errors.Internal") } return isUnique, err } diff --git a/internal/query/org_domain.go b/internal/query/org_domain.go index d03f0291d8..595ba897d0 100644 --- a/internal/query/org_domain.go +++ b/internal/query/org_domain.go @@ -10,9 +10,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Domain struct { @@ -67,7 +67,7 @@ func (q *Queries) SearchOrgDomains(ctx context.Context, queries *OrgDomainSearch } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-ZRfj1", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-ZRfj1", "Errors.Query.SQLStatement") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -75,7 +75,7 @@ func (q *Queries) SearchOrgDomains(ctx context.Context, queries *OrgDomainSearch return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-M6mYN", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-M6mYN", "Errors.Internal") } domains.State, err = q.latestState(ctx, orgDomainsTable) @@ -118,7 +118,7 @@ func prepareDomainsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows") } return &Domains{ diff --git a/internal/query/org_member.go b/internal/query/org_member.go index 4b5aed92d1..ea452fe357 100644 --- a/internal/query/org_member.go +++ b/internal/query/org_member.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -73,7 +73,7 @@ func (q *Queries) OrgMembers(ctx context.Context, queries *OrgMembersQuery) (mem eq := sq.Eq{OrgMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-PDAVB", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-PDAVB", "Errors.Query.InvalidRequest") } currentSequence, err := q.latestState(ctx, orgsTable) @@ -86,7 +86,7 @@ func (q *Queries) OrgMembers(ctx context.Context, queries *OrgMembersQuery) (mem return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-5g4yV", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-5g4yV", "Errors.Internal") } members.State = currentSequence @@ -175,7 +175,7 @@ func prepareOrgMembersQuery(ctx context.Context, db prepareDatabase) (sq.SelectB } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-N34NV", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-N34NV", "Errors.Query.CloseRows") } return &Members{ diff --git a/internal/query/org_member_test.go b/internal/query/org_member_test.go index 7dc80dffae..37443d4dc9 100644 --- a/internal/query/org_member_test.go +++ b/internal/query/org_member_test.go @@ -21,24 +21,24 @@ var ( ", members.user_id" + ", members.roles" + ", projections.login_names3.login_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.display_name" + - ", projections.users9_machines.name" + - ", projections.users9_humans.avatar_key" + - ", projections.users9.type" + + ", projections.users10_humans.email" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.display_name" + + ", projections.users10_machines.name" + + ", projections.users10_humans.avatar_key" + + ", projections.users10.type" + ", COUNT(*) OVER () " + "FROM projections.org_members4 AS members " + - "LEFT JOIN projections.users9_humans " + - "ON members.user_id = projections.users9_humans.user_id " + - "AND members.instance_id = projections.users9_humans.instance_id " + - "LEFT JOIN projections.users9_machines " + - "ON members.user_id = projections.users9_machines.user_id " + - "AND members.instance_id = projections.users9_machines.instance_id " + - "LEFT JOIN projections.users9 " + - "ON members.user_id = projections.users9.id " + - "AND members.instance_id = projections.users9.instance_id " + + "LEFT JOIN projections.users10_humans " + + "ON members.user_id = projections.users10_humans.user_id " + + "AND members.instance_id = projections.users10_humans.instance_id " + + "LEFT JOIN projections.users10_machines " + + "ON members.user_id = projections.users10_machines.user_id " + + "AND members.instance_id = projections.users10_machines.instance_id " + + "LEFT JOIN projections.users10 " + + "ON members.user_id = projections.users10.id " + + "AND members.instance_id = projections.users10.instance_id " + "LEFT JOIN projections.login_names3 " + "ON members.user_id = projections.login_names3.user_id " + "AND members.instance_id = projections.login_names3.instance_id " + diff --git a/internal/query/org_metadata.go b/internal/query/org_metadata.go index d0c0e04c11..15007e0e56 100644 --- a/internal/query/org_metadata.go +++ b/internal/query/org_metadata.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -12,10 +12,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type OrgMetadataList struct { @@ -105,7 +105,7 @@ func (q *Queries) GetOrgMetadataByKey(ctx context.Context, shouldTriggerBulk boo } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-aDaG2", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-aDaG2", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -135,7 +135,7 @@ func (q *Queries) SearchOrgMetadata(ctx context.Context, shouldTriggerBulk bool, query, scan := prepareOrgMetadataListQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Egbld", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Egbld", "Errors.Query.SQLStatment") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -143,7 +143,7 @@ func (q *Queries) SearchOrgMetadata(ctx context.Context, shouldTriggerBulk bool, return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Ho2wf", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Ho2wf", "Errors.Internal") } metadata.State, err = q.latestState(ctx, orgMetadataTable) @@ -198,10 +198,10 @@ func prepareOrgMetadataQuery(ctx context.Context, db prepareDatabase) (sq.Select ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Rph32", "Errors.Metadata.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Rph32", "Errors.Metadata.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Hajt2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Hajt2", "Errors.Internal") } return m, nil } @@ -240,7 +240,7 @@ func prepareOrgMetadataListQuery(ctx context.Context, db prepareDatabase) (sq.Se } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-dd3gh", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-dd3gh", "Errors.Query.CloseRows") } return &OrgMetadataList{ diff --git a/internal/query/org_metadata_test.go b/internal/query/org_metadata_test.go index 600a2cca48..0225ef1c2a 100644 --- a/internal/query/org_metadata_test.go +++ b/internal/query/org_metadata_test.go @@ -8,7 +8,7 @@ import ( "regexp" "testing" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -69,7 +69,7 @@ func Test_OrgMetadataPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -130,7 +130,7 @@ func Test_OrgMetadataPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/org_test.go b/internal/query/org_test.go index 55e9546297..fe9ba09f5a 100644 --- a/internal/query/org_test.go +++ b/internal/query/org_test.go @@ -4,7 +4,7 @@ import ( "context" "database/sql" "database/sql/driver" - errs "errors" + "errors" "fmt" "regexp" "testing" @@ -13,7 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -203,7 +203,7 @@ func Test_OrgPrepares(t *testing.T) { sql.ErrConnDone, ), err: func(err error) (error, bool) { - if !errs.Is(err, sql.ErrConnDone) { + if !errors.Is(err, sql.ErrConnDone) { return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false } return nil, true @@ -221,7 +221,7 @@ func Test_OrgPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errors.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -268,7 +268,7 @@ func Test_OrgPrepares(t *testing.T) { sql.ErrConnDone, ), err: func(err error) (error, bool) { - if !errs.Is(err, sql.ErrConnDone) { + if !errors.Is(err, sql.ErrConnDone) { return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false } return nil, true @@ -286,7 +286,7 @@ func Test_OrgPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errors.IsInternal(err) { + if !zerrors.IsInternal(err) { return fmt.Errorf("err should be zitadel.Internal got: %w", err), false } return nil, true @@ -317,7 +317,7 @@ func Test_OrgPrepares(t *testing.T) { sql.ErrConnDone, ), err: func(err error) (error, bool) { - if !errs.Is(err, sql.ErrConnDone) { + if !errors.Is(err, sql.ErrConnDone) { return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false } return nil, true @@ -400,7 +400,7 @@ func TestQueries_IsOrgUnique(t *testing.T) { }, want: want{ isUnique: false, - err: errors.IsErrorInvalidArgument, + err: zerrors.IsErrorInvalidArgument, }, }, } diff --git a/internal/query/password_age_policy.go b/internal/query/password_age_policy.go index dd22ed7156..a74980686d 100644 --- a/internal/query/password_age_policy.go +++ b/internal/query/password_age_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type PasswordAgePolicy struct { @@ -110,7 +110,7 @@ func (q *Queries) PasswordAgePolicyByOrg(ctx context.Context, shouldTriggerBulk OrderBy(PasswordAgeColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -138,7 +138,7 @@ func (q *Queries) DefaultPasswordAgePolicy(ctx context.Context, shouldTriggerBul OrderBy(PasswordAgeColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -176,10 +176,10 @@ func preparePasswordAgePolicyQuery(ctx context.Context, db prepareDatabase) (sq. &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-63mtI", "Errors.Org.PasswordComplexity.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-63mtI", "Errors.Org.PasswordComplexity.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") } return policy, nil } diff --git a/internal/query/password_age_policy_test.go b/internal/query/password_age_policy_test.go index 738a8bb825..b140f82a06 100644 --- a/internal/query/password_age_policy_test.go +++ b/internal/query/password_age_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -58,7 +58,7 @@ func Test_PasswordAgePolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/password_complexity_policy.go b/internal/query/password_complexity_policy.go index c72361f723..d9aba36c5c 100644 --- a/internal/query/password_complexity_policy.go +++ b/internal/query/password_complexity_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type PasswordComplexityPolicy struct { @@ -62,7 +62,7 @@ func (q *Queries) PasswordComplexityPolicyByOrg(ctx context.Context, shouldTrigg OrderBy(PasswordComplexityColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-lDnrk", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-lDnrk", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -91,7 +91,7 @@ func (q *Queries) DefaultPasswordComplexityPolicy(ctx context.Context, shouldTri OrderBy(PasswordComplexityColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-h4Uyr", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-h4Uyr", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -198,10 +198,10 @@ func preparePasswordComplexityPolicyQuery(ctx context.Context, db prepareDatabas &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-63mtI", "Errors.PasswordComplexity.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-63mtI", "Errors.PasswordComplexity.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") } return policy, nil } diff --git a/internal/query/password_complexity_policy_test.go b/internal/query/password_complexity_policy_test.go index 3f3743831a..ac471f3994 100644 --- a/internal/query/password_complexity_policy_test.go +++ b/internal/query/password_complexity_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -64,7 +64,7 @@ func Test_PasswordComplexityPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/privacy_policy.go b/internal/query/privacy_policy.go index 1a08cfb020..2705f2b753 100644 --- a/internal/query/privacy_policy.go +++ b/internal/query/privacy_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type PrivacyPolicy struct { @@ -119,7 +119,7 @@ func (q *Queries) PrivacyPolicyByOrg(ctx context.Context, shouldTriggerBulk bool }). OrderBy(PrivacyColIsDefault.identifier()).Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-UXuPI", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-UXuPI", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -148,7 +148,7 @@ func (q *Queries) DefaultPrivacyPolicy(ctx context.Context, shouldTriggerBulk bo OrderBy(PrivacyColIsDefault.identifier()). Limit(1).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-LkFZ7", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-LkFZ7", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -190,10 +190,10 @@ func preparePrivacyPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Sele &policy.State, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-vNMHL", "Errors.PrivacyPolicy.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-vNMHL", "Errors.PrivacyPolicy.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-csrdo", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-csrdo", "Errors.Internal") } return policy, nil } diff --git a/internal/query/privacy_policy_test.go b/internal/query/privacy_policy_test.go index 70b32723d9..55671eef6d 100644 --- a/internal/query/privacy_policy_test.go +++ b/internal/query/privacy_policy_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -62,7 +62,7 @@ func Test_PrivacyPolicyPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/project.go b/internal/query/project.go index 3876154b51..756039e9ce 100644 --- a/internal/query/project.go +++ b/internal/query/project.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -117,7 +117,7 @@ func (q *Queries) ProjectByID(ctx context.Context, shouldTriggerBulk bool, id st } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -135,7 +135,7 @@ func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQuer eq := sq.Eq{ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-fn9ew", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-fn9ew", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -143,7 +143,7 @@ func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQuer return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-2j00f", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-2j00f", "Errors.Internal") } projects.State, err = q.latestState(ctx, projectsTable) return projects, err @@ -225,10 +225,10 @@ func prepareProjectQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil &p.PrivateLabelingSetting, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-fk2fs", "Errors.Project.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-fk2fs", "Errors.Project.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") } return p, nil } @@ -276,7 +276,7 @@ func prepareProjectsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBui } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") } return &Projects{ diff --git a/internal/query/project_grant.go b/internal/query/project_grant.go index 78fbc7cd6b..ac2d8696e1 100644 --- a/internal/query/project_grant.go +++ b/internal/query/project_grant.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -124,7 +124,7 @@ func (q *Queries) ProjectGrantByID(ctx context.Context, shouldTriggerBulk bool, } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Nf93d", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Nf93d", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -146,7 +146,7 @@ func (q *Queries) ProjectGrantByIDAndGrantedOrg(ctx context.Context, id, granted } query, args, err := stmt.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-MO9fs", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-MO9fs", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -166,7 +166,7 @@ func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrant } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-N9fsg", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-N9fsg", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -174,7 +174,7 @@ func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrant return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-PP02n", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-PP02n", "Errors.Internal") } grants.State, err = q.latestState(ctx, projectGrantsTable) @@ -310,10 +310,10 @@ func prepareProjectGrantQuery(ctx context.Context, db prepareDatabase) (sq.Selec &resourceOwnerName, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-n98GGs", "Errors.ProjectGrant.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-n98GGs", "Errors.ProjectGrant.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-w9fsH", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-w9fsH", "Errors.Internal") } grant.ProjectName = projectName.String @@ -385,7 +385,7 @@ func prepareProjectGrantsQuery(ctx context.Context, db prepareDatabase) (sq.Sele } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-K9gEE", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-K9gEE", "Errors.Query.CloseRows") } return &ProjectGrants{ diff --git a/internal/query/project_grant_member.go b/internal/query/project_grant_member.go index 60eb0dc894..c13300713f 100644 --- a/internal/query/project_grant_member.go +++ b/internal/query/project_grant_member.go @@ -9,8 +9,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -82,7 +82,7 @@ func (q *Queries) ProjectGrantMembers(ctx context.Context, queries *ProjectGrant eq := sq.Eq{ProjectGrantMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-USNwM", "Errors.Query.InvalidRequest") } currentSequence, err := q.latestState(ctx, projectGrantMemberTable) @@ -95,7 +95,7 @@ func (q *Queries) ProjectGrantMembers(ctx context.Context, queries *ProjectGrant return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Pdg1I", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Pdg1I", "Errors.Internal") } members.State = currentSequence @@ -185,7 +185,7 @@ func prepareProjectGrantMembersQuery(ctx context.Context, db prepareDatabase) (s } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-EqJFc", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-EqJFc", "Errors.Query.CloseRows") } return &Members{ diff --git a/internal/query/project_grant_member_test.go b/internal/query/project_grant_member_test.go index 2cf413913c..91cd210679 100644 --- a/internal/query/project_grant_member_test.go +++ b/internal/query/project_grant_member_test.go @@ -21,24 +21,24 @@ var ( ", members.user_id" + ", members.roles" + ", projections.login_names3.login_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.display_name" + - ", projections.users9_machines.name" + - ", projections.users9_humans.avatar_key" + - ", projections.users9.type" + + ", projections.users10_humans.email" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.display_name" + + ", projections.users10_machines.name" + + ", projections.users10_humans.avatar_key" + + ", projections.users10.type" + ", COUNT(*) OVER () " + "FROM projections.project_grant_members4 AS members " + - "LEFT JOIN projections.users9_humans " + - "ON members.user_id = projections.users9_humans.user_id " + - "AND members.instance_id = projections.users9_humans.instance_id " + - "LEFT JOIN projections.users9_machines " + - "ON members.user_id = projections.users9_machines.user_id " + - "AND members.instance_id = projections.users9_machines.instance_id " + - "LEFT JOIN projections.users9 " + - "ON members.user_id = projections.users9.id " + - "AND members.instance_id = projections.users9.instance_id " + + "LEFT JOIN projections.users10_humans " + + "ON members.user_id = projections.users10_humans.user_id " + + "AND members.instance_id = projections.users10_humans.instance_id " + + "LEFT JOIN projections.users10_machines " + + "ON members.user_id = projections.users10_machines.user_id " + + "AND members.instance_id = projections.users10_machines.instance_id " + + "LEFT JOIN projections.users10 " + + "ON members.user_id = projections.users10.id " + + "AND members.instance_id = projections.users10.instance_id " + "LEFT JOIN projections.login_names3 " + "ON members.user_id = projections.login_names3.user_id " + "AND members.instance_id = projections.login_names3.instance_id " + diff --git a/internal/query/project_grant_test.go b/internal/query/project_grant_test.go index e76fd96119..6d2131dfc4 100644 --- a/internal/query/project_grant_test.go +++ b/internal/query/project_grant_test.go @@ -10,7 +10,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -393,7 +393,7 @@ func Test_ProjectGrantPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/project_member.go b/internal/query/project_member.go index 989b608732..a86246bdd7 100644 --- a/internal/query/project_member.go +++ b/internal/query/project_member.go @@ -9,9 +9,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -73,7 +73,7 @@ func (q *Queries) ProjectMembers(ctx context.Context, queries *ProjectMembersQue eq := sq.Eq{ProjectMemberInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-T8CuT", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-T8CuT", "Errors.Query.InvalidRequest") } currentSequence, err := q.latestState(ctx, projectMemberTable) @@ -86,7 +86,7 @@ func (q *Queries) ProjectMembers(ctx context.Context, queries *ProjectMembersQue return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-uh6pj", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-uh6pj", "Errors.Internal") } members.State = currentSequence @@ -175,7 +175,7 @@ func prepareProjectMembersQuery(ctx context.Context, db prepareDatabase) (sq.Sel } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ZJ1Ii", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-ZJ1Ii", "Errors.Query.CloseRows") } return &Members{ diff --git a/internal/query/project_member_test.go b/internal/query/project_member_test.go index b280750247..defec46d49 100644 --- a/internal/query/project_member_test.go +++ b/internal/query/project_member_test.go @@ -21,24 +21,24 @@ var ( ", members.user_id" + ", members.roles" + ", projections.login_names3.login_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.display_name" + - ", projections.users9_machines.name" + - ", projections.users9_humans.avatar_key" + - ", projections.users9.type" + + ", projections.users10_humans.email" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.display_name" + + ", projections.users10_machines.name" + + ", projections.users10_humans.avatar_key" + + ", projections.users10.type" + ", COUNT(*) OVER () " + "FROM projections.project_members4 AS members " + - "LEFT JOIN projections.users9_humans " + - "ON members.user_id = projections.users9_humans.user_id " + - "AND members.instance_id = projections.users9_humans.instance_id " + - "LEFT JOIN projections.users9_machines " + - "ON members.user_id = projections.users9_machines.user_id " + - "AND members.instance_id = projections.users9_machines.instance_id " + - "LEFT JOIN projections.users9 " + - "ON members.user_id = projections.users9.id " + - "AND members.instance_id = projections.users9.instance_id " + + "LEFT JOIN projections.users10_humans " + + "ON members.user_id = projections.users10_humans.user_id " + + "AND members.instance_id = projections.users10_humans.instance_id " + + "LEFT JOIN projections.users10_machines " + + "ON members.user_id = projections.users10_machines.user_id " + + "AND members.instance_id = projections.users10_machines.instance_id " + + "LEFT JOIN projections.users10 " + + "ON members.user_id = projections.users10.id " + + "AND members.instance_id = projections.users10.instance_id " + "LEFT JOIN projections.login_names3 " + "ON members.user_id = projections.login_names3.user_id " + "AND members.instance_id = projections.login_names3.instance_id " + diff --git a/internal/query/project_role.go b/internal/query/project_role.go index e7a3fe288d..bca1957ef4 100644 --- a/internal/query/project_role.go +++ b/internal/query/project_role.go @@ -11,10 +11,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -98,7 +98,7 @@ func (q *Queries) SearchProjectRoles(ctx context.Context, shouldTriggerBulk bool query, scan := prepareProjectRolesQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -106,7 +106,7 @@ func (q *Queries) SearchProjectRoles(ctx context.Context, shouldTriggerBulk bool return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-5Ngd9", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-5Ngd9", "Errors.Internal") } roles.State, err = q.latestState(ctx, projectRolesTable) return roles, err @@ -130,7 +130,7 @@ func (q *Queries) SearchGrantedProjectRoles(ctx context.Context, grantID, grante query, scan := prepareProjectRolesQuery(ctx, q.client) stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -138,7 +138,7 @@ func (q *Queries) SearchGrantedProjectRoles(ctx context.Context, grantID, grante return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-5Ngd9", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-5Ngd9", "Errors.Internal") } roles.State, err = q.latestState(ctx, projectRolesTable) @@ -244,7 +244,7 @@ func prepareProjectRolesQuery(ctx context.Context, db prepareDatabase) (sq.Selec } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-ML0Fs", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-ML0Fs", "Errors.Query.CloseRows") } return &ProjectRoles{ diff --git a/internal/query/project_test.go b/internal/query/project_test.go index eadc60430a..a621c27f42 100644 --- a/internal/query/project_test.go +++ b/internal/query/project_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -250,7 +250,7 @@ func Test_ProjectPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/projection/action.go b/internal/query/projection/action.go index 0bdfccce05..13ff7437ae 100644 --- a/internal/query/projection/action.go +++ b/internal/query/projection/action.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -113,7 +113,7 @@ func (p *actionProjection) Reducers() []handler.AggregateReducer { func (p *actionProjection) reduceActionAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*action.AddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dff21", "reduce.wrong.event.type% s", action.AddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dff21", "reduce.wrong.event.type% s", action.AddedEventType) } return handler.NewCreateStatement( e, @@ -136,7 +136,7 @@ func (p *actionProjection) reduceActionAdded(event eventstore.Event) (*handler.S func (p *actionProjection) reduceActionChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*action.ChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Gg43d", "reduce.wrong.event.type %s", action.ChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Gg43d", "reduce.wrong.event.type %s", action.ChangedEventType) } values := []handler.Column{ handler.NewCol(ActionChangeDateCol, e.CreationDate()), @@ -167,7 +167,7 @@ func (p *actionProjection) reduceActionChanged(event eventstore.Event) (*handler func (p *actionProjection) reduceActionDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*action.DeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Fgh32", "reduce.wrong.event.type %s", action.DeactivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Fgh32", "reduce.wrong.event.type %s", action.DeactivatedEventType) } return handler.NewUpdateStatement( e, @@ -186,7 +186,7 @@ func (p *actionProjection) reduceActionDeactivated(event eventstore.Event) (*han func (p *actionProjection) reduceActionReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*action.ReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-hwdqa", "reduce.wrong.event.type %s", action.ReactivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-hwdqa", "reduce.wrong.event.type %s", action.ReactivatedEventType) } return handler.NewUpdateStatement( e, @@ -205,7 +205,7 @@ func (p *actionProjection) reduceActionReactivated(event eventstore.Event) (*han func (p *actionProjection) reduceActionRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*action.RemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dgh2d", "reduce.wrong.event.type %s", action.RemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dgh2d", "reduce.wrong.event.type %s", action.RemovedEventType) } return handler.NewDeleteStatement( e, @@ -219,7 +219,7 @@ func (p *actionProjection) reduceActionRemoved(event eventstore.Event) (*handler func (p *actionProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-mSmWM", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-mSmWM", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( e, diff --git a/internal/query/projection/action_test.go b/internal/query/projection/action_test.go index 71dacb9d8e..0f5e382737 100644 --- a/internal/query/projection/action_test.go +++ b/internal/query/projection/action_test.go @@ -5,12 +5,12 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestActionProjection_reduces(t *testing.T) { @@ -249,7 +249,7 @@ func TestActionProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/app.go b/internal/query/projection/app.go index 97e7da21f8..9198ecfb20 100644 --- a/internal/query/projection/app.go +++ b/internal/query/projection/app.go @@ -5,13 +5,13 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -232,7 +232,7 @@ func (p *appProjection) Reducers() []handler.AggregateReducer { func (p *appProjection) reduceAppAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ApplicationAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-1xYE6", "reduce.wrong.event.type %s", project.ApplicationAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-1xYE6", "reduce.wrong.event.type %s", project.ApplicationAddedType) } return handler.NewCreateStatement( e, @@ -253,7 +253,7 @@ func (p *appProjection) reduceAppAdded(event eventstore.Event) (*handler.Stateme func (p *appProjection) reduceAppChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ApplicationChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ZJ8JA", "reduce.wrong.event.type %s", project.ApplicationChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ZJ8JA", "reduce.wrong.event.type %s", project.ApplicationChangedType) } if e.Name == "" { return handler.NewNoOpStatement(event), nil @@ -275,7 +275,7 @@ func (p *appProjection) reduceAppChanged(event eventstore.Event) (*handler.State func (p *appProjection) reduceAppDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ApplicationDeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-MVWxZ", "reduce.wrong.event.type %s", project.ApplicationDeactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-MVWxZ", "reduce.wrong.event.type %s", project.ApplicationDeactivatedType) } return handler.NewUpdateStatement( e, @@ -294,7 +294,7 @@ func (p *appProjection) reduceAppDeactivated(event eventstore.Event) (*handler.S func (p *appProjection) reduceAppReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ApplicationReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-D0HZO", "reduce.wrong.event.type %s", project.ApplicationReactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-D0HZO", "reduce.wrong.event.type %s", project.ApplicationReactivatedType) } return handler.NewUpdateStatement( e, @@ -313,7 +313,7 @@ func (p *appProjection) reduceAppReactivated(event eventstore.Event) (*handler.S func (p *appProjection) reduceAppRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ApplicationRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Y99aq", "reduce.wrong.event.type %s", project.ApplicationRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y99aq", "reduce.wrong.event.type %s", project.ApplicationRemovedType) } return handler.NewDeleteStatement( e, @@ -327,7 +327,7 @@ func (p *appProjection) reduceAppRemoved(event eventstore.Event) (*handler.State func (p *appProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-DlUlO", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-DlUlO", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return handler.NewDeleteStatement( e, @@ -341,7 +341,7 @@ func (p *appProjection) reduceProjectRemoved(event eventstore.Event) (*handler.S func (p *appProjection) reduceAPIConfigAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.APIConfigAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Y99aq", "reduce.wrong.event.type %s", project.APIConfigAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y99aq", "reduce.wrong.event.type %s", project.APIConfigAddedType) } return handler.NewMultiStatement( e, @@ -371,7 +371,7 @@ func (p *appProjection) reduceAPIConfigAdded(event eventstore.Event) (*handler.S func (p *appProjection) reduceAPIConfigChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.APIConfigChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-vnZKi", "reduce.wrong.event.type %s", project.APIConfigChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-vnZKi", "reduce.wrong.event.type %s", project.APIConfigChangedType) } cols := make([]handler.Column, 0, 2) if e.ClientSecret != nil { @@ -409,7 +409,7 @@ func (p *appProjection) reduceAPIConfigChanged(event eventstore.Event) (*handler func (p *appProjection) reduceAPIConfigSecretChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.APIConfigSecretChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ttb0I", "reduce.wrong.event.type %s", project.APIConfigSecretChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ttb0I", "reduce.wrong.event.type %s", project.APIConfigSecretChangedType) } return handler.NewMultiStatement( e, @@ -439,7 +439,7 @@ func (p *appProjection) reduceAPIConfigSecretChanged(event eventstore.Event) (*h func (p *appProjection) reduceOIDCConfigAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.OIDCConfigAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigAddedType) } return handler.NewMultiStatement( e, @@ -483,7 +483,7 @@ func (p *appProjection) reduceOIDCConfigAdded(event eventstore.Event) (*handler. func (p *appProjection) reduceOIDCConfigChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.OIDCConfigChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigChangedType) } cols := make([]handler.Column, 0, 15) @@ -563,7 +563,7 @@ func (p *appProjection) reduceOIDCConfigChanged(event eventstore.Event) (*handle func (p *appProjection) reduceOIDCConfigSecretChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.OIDCConfigSecretChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigSecretChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-GNHU1", "reduce.wrong.event.type %s", project.OIDCConfigSecretChangedType) } return handler.NewMultiStatement( e, @@ -593,7 +593,7 @@ func (p *appProjection) reduceOIDCConfigSecretChanged(event eventstore.Event) (* func (p *appProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( @@ -608,7 +608,7 @@ func (p *appProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Sta func (p *appProjection) reduceSAMLConfigAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.SAMLConfigAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgument(nil, "HANDL-GMHU1", "reduce.wrong.event.type") + return nil, zerrors.ThrowInvalidArgument(nil, "HANDL-GMHU1", "reduce.wrong.event.type") } return handler.NewMultiStatement( e, @@ -638,7 +638,7 @@ func (p *appProjection) reduceSAMLConfigAdded(event eventstore.Event) (*handler. func (p *appProjection) reduceSAMLConfigChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.SAMLConfigChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgument(nil, "HANDL-GMHU2", "reduce.wrong.event.type") + return nil, zerrors.ThrowInvalidArgument(nil, "HANDL-GMHU2", "reduce.wrong.event.type") } cols := make([]handler.Column, 0, 3) diff --git a/internal/query/projection/app_test.go b/internal/query/projection/app_test.go index 8ce659be25..41d7fb24d0 100644 --- a/internal/query/projection/app_test.go +++ b/internal/query/projection/app_test.go @@ -6,12 +6,12 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAppProjection_reduces(t *testing.T) { @@ -645,7 +645,7 @@ func TestAppProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/assert.go b/internal/query/projection/assert.go index 369a6da698..96ed195435 100644 --- a/internal/query/projection/assert.go +++ b/internal/query/projection/assert.go @@ -1,14 +1,14 @@ package projection import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) func assertEvent[T eventstore.Event](event eventstore.Event) (T, error) { e, ok := event.(T) if !ok { - return e, errors.ThrowInvalidArgumentf(nil, "HANDL-1m9fS", "reduce.wrong.event.type %T", event) + return e, zerrors.ThrowInvalidArgumentf(nil, "HANDL-1m9fS", "reduce.wrong.event.type %T", event) } return e, nil } diff --git a/internal/query/projection/auth_request.go b/internal/query/projection/auth_request.go index 193f67c585..02a98094b7 100644 --- a/internal/query/projection/auth_request.go +++ b/internal/query/projection/auth_request.go @@ -3,12 +3,12 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/authrequest" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -100,7 +100,7 @@ func (p *authRequestProjection) Reducers() []handler.AggregateReducer { func (p *authRequestProjection) reduceAuthRequestAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*authrequest.AddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Sfwfa", "reduce.wrong.event.type %s", authrequest.AddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Sfwfa", "reduce.wrong.event.type %s", authrequest.AddedType) } return handler.NewCreateStatement( @@ -131,7 +131,7 @@ func (p *authRequestProjection) reduceAuthRequestEnded(event eventstore.Event) ( *authrequest.FailedEvent: break default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASF3h", "reduce.wrong.event.type %s", []eventstore.EventType{authrequest.SucceededType, authrequest.FailedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASF3h", "reduce.wrong.event.type %s", []eventstore.EventType{authrequest.SucceededType, authrequest.FailedType}) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/auth_request_test.go b/internal/query/projection/auth_request_test.go index bda25fdf37..66da1c0dcf 100644 --- a/internal/query/projection/auth_request_test.go +++ b/internal/query/projection/auth_request_test.go @@ -7,10 +7,10 @@ import ( "github.com/muhlemmer/gu" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAuthRequestProjection_reduces(t *testing.T) { @@ -119,7 +119,7 @@ func TestAuthRequestProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/authn_key.go b/internal/query/projection/authn_key.go index bc14c917eb..e2229ad332 100644 --- a/internal/query/projection/authn_key.go +++ b/internal/query/projection/authn_key.go @@ -5,7 +5,6 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -13,6 +12,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -163,7 +163,7 @@ func (p *authNKeyProjection) reduceAuthNKeyAdded(event eventstore.Event) (*handl authNKeyEvent.publicKey = e.PublicKey authNKeyEvent.keyType = e.KeyType default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dgb32", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyAddedEventType, user.MachineKeyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Dgb32", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyAddedEventType, user.MachineKeyAddedEventType}) } return handler.NewCreateStatement( &authNKeyEvent, @@ -207,7 +207,7 @@ func (p *authNKeyProjection) reduceAuthNKeyEnabledChanged(event eventstore.Event changeDate = e.CreationDate() sequence = e.Sequence() default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dbrt1", "reduce.wrong.event.type %v", []eventstore.EventType{project.APIConfigChangedType, project.OIDCConfigChangedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Dbrt1", "reduce.wrong.event.type %v", []eventstore.EventType{project.APIConfigChangedType, project.OIDCConfigChangedType}) } return handler.NewUpdateStatement( event, @@ -237,7 +237,7 @@ func (p *authNKeyProjection) reduceAuthNKeyRemoved(event eventstore.Event) (*han case *user.UserRemovedEvent: condition = handler.NewCond(AuthNKeyAggregateIDCol, e.Aggregate().ID) default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-BGge42", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyRemovedEventType, project.ApplicationRemovedType, project.ProjectRemovedType, user.MachineKeyRemovedEventType, user.UserRemovedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-BGge42", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyRemovedEventType, project.ApplicationRemovedType, project.ProjectRemovedType, user.MachineKeyRemovedEventType, user.UserRemovedType}) } return handler.NewDeleteStatement( event, @@ -251,7 +251,7 @@ func (p *authNKeyProjection) reduceAuthNKeyRemoved(event eventstore.Event) (*han func (p *authNKeyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/authn_key_test.go b/internal/query/projection/authn_key_test.go index bc016f3758..81879995ce 100644 --- a/internal/query/projection/authn_key_test.go +++ b/internal/query/projection/authn_key_test.go @@ -4,13 +4,13 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestAuthNKeyProjection_reduces(t *testing.T) { @@ -502,7 +502,7 @@ func TestAuthNKeyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/custom_text.go b/internal/query/projection/custom_text.go index a406f4e50b..255902dd7b 100644 --- a/internal/query/projection/custom_text.go +++ b/internal/query/projection/custom_text.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -117,7 +117,7 @@ func (p *customTextProjection) reduceSet(event eventstore.Event) (*handler.State customTextEvent = e.CustomTextSetEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-KKfw4", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextSetEventType, instance.CustomTextSetEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-KKfw4", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextSetEventType, instance.CustomTextSetEventType}) } return handler.NewUpsertStatement( &customTextEvent, @@ -150,7 +150,7 @@ func (p *customTextProjection) reduceRemoved(event eventstore.Event) (*handler.S case *instance.CustomTextRemovedEvent: customTextEvent = e.CustomTextRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-n9wJg", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextRemovedEventType, instance.CustomTextRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-n9wJg", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextRemovedEventType, instance.CustomTextRemovedEventType}) } return handler.NewDeleteStatement( &customTextEvent, @@ -171,7 +171,7 @@ func (p *customTextProjection) reduceTemplateRemoved(event eventstore.Event) (*h case *instance.CustomTextTemplateRemovedEvent: customTextEvent = e.CustomTextTemplateRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-29iPf", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextTemplateRemovedEventType, instance.CustomTextTemplateRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-29iPf", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextTemplateRemovedEventType, instance.CustomTextTemplateRemovedEventType}) } return handler.NewDeleteStatement( &customTextEvent, @@ -186,7 +186,7 @@ func (p *customTextProjection) reduceTemplateRemoved(event eventstore.Event) (*h func (p *customTextProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-V2T3z", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-V2T3z", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/custom_text_test.go b/internal/query/projection/custom_text_test.go index 951e236cf7..d366eb35b8 100644 --- a/internal/query/projection/custom_text_test.go +++ b/internal/query/projection/custom_text_test.go @@ -3,11 +3,11 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestCustomTextProjection_reduces(t *testing.T) { @@ -292,7 +292,7 @@ func TestCustomTextProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } event = tt.args.event(t) diff --git a/internal/query/projection/debug_notification.go b/internal/query/projection/debug_notification.go index 7d553ed0b1..eca16dce0a 100644 --- a/internal/query/projection/debug_notification.go +++ b/internal/query/projection/debug_notification.go @@ -6,11 +6,11 @@ import ( "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/repository/settings" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -104,7 +104,7 @@ func (p *debugNotificationProviderProjection) reduceDebugNotificationProviderAdd providerEvent = e.DebugNotificationProviderAddedEvent providerType = domain.NotificationProviderTypeLog default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileAddedEventType, instance.DebugNotificationProviderLogAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileAddedEventType, instance.DebugNotificationProviderLogAddedEventType}) } return handler.NewCreateStatement(&providerEvent, []handler.Column{ @@ -131,7 +131,7 @@ func (p *debugNotificationProviderProjection) reduceDebugNotificationProviderCha providerEvent = e.DebugNotificationProviderChangedEvent providerType = domain.NotificationProviderTypeLog default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileChangedEventType, instance.DebugNotificationProviderLogChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileChangedEventType, instance.DebugNotificationProviderLogChangedEventType}) } cols := []handler.Column{ @@ -164,7 +164,7 @@ func (p *debugNotificationProviderProjection) reduceDebugNotificationProviderRem providerEvent = e.DebugNotificationProviderRemovedEvent providerType = domain.NotificationProviderTypeLog default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-dow9f", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileRemovedEventType, instance.DebugNotificationProviderLogRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-dow9f", "reduce.wrong.event.type %v", []eventstore.EventType{instance.DebugNotificationProviderFileRemovedEventType, instance.DebugNotificationProviderLogRemovedEventType}) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/debug_notification_provider_test.go b/internal/query/projection/debug_notification_provider_test.go index cbe943a7ae..10d85678dd 100644 --- a/internal/query/projection/debug_notification_provider_test.go +++ b/internal/query/projection/debug_notification_provider_test.go @@ -4,10 +4,10 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestDebugNotificationProviderProjection_reduces(t *testing.T) { @@ -245,7 +245,7 @@ func TestDebugNotificationProviderProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/device_auth.go b/internal/query/projection/device_auth.go index f0232192e8..d8231004f9 100644 --- a/internal/query/projection/device_auth.go +++ b/internal/query/projection/device_auth.go @@ -3,66 +3,59 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/deviceauth" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( - DeviceAuthProjectionTable = "projections.device_authorizations" + DeviceAuthRequestProjectionTable = "projections.device_auth_requests" - DeviceAuthColumnID = "id" - DeviceAuthColumnClientID = "client_id" - DeviceAuthColumnDeviceCode = "device_code" - DeviceAuthColumnUserCode = "user_code" - DeviceAuthColumnExpires = "expires" - DeviceAuthColumnScopes = "scopes" - DeviceAuthColumnState = "state" - DeviceAuthColumnSubject = "subject" - - DeviceAuthColumnCreationDate = "creation_date" - DeviceAuthColumnChangeDate = "change_date" - DeviceAuthColumnSequence = "sequence" - DeviceAuthColumnInstanceID = "instance_id" + DeviceAuthRequestColumnClientID = "client_id" + DeviceAuthRequestColumnDeviceCode = "device_code" + DeviceAuthRequestColumnUserCode = "user_code" + DeviceAuthRequestColumnScopes = "scopes" + DeviceAuthRequestColumnCreationDate = "creation_date" + DeviceAuthRequestColumnChangeDate = "change_date" + DeviceAuthRequestColumnSequence = "sequence" + DeviceAuthRequestColumnInstanceID = "instance_id" ) -type deviceAuthProjection struct{} +// deviceAuthRequestProjection holds device authorization requests +// and makes them search-able by User Code. +// In principle the projected data is only needed during user login. +// Device Token logic uses the eventstore directly. +type deviceAuthRequestProjection struct{} func newDeviceAuthProjection(ctx context.Context, config handler.Config) *handler.Handler { - return handler.NewHandler(ctx, &config, new(deviceAuthProjection)) + return handler.NewHandler(ctx, &config, new(deviceAuthRequestProjection)) } -func (*deviceAuthProjection) Name() string { - return DeviceAuthProjectionTable +func (*deviceAuthRequestProjection) Name() string { + return DeviceAuthRequestProjectionTable } -func (*deviceAuthProjection) Init() *old_handler.Check { +func (*deviceAuthRequestProjection) Init() *old_handler.Check { return handler.NewTableCheck( handler.NewTable([]*handler.InitColumn{ - handler.NewColumn(DeviceAuthColumnID, handler.ColumnTypeText), - handler.NewColumn(DeviceAuthColumnClientID, handler.ColumnTypeText), - handler.NewColumn(DeviceAuthColumnDeviceCode, handler.ColumnTypeText), - handler.NewColumn(DeviceAuthColumnUserCode, handler.ColumnTypeText), - handler.NewColumn(DeviceAuthColumnExpires, handler.ColumnTypeTimestamp), - handler.NewColumn(DeviceAuthColumnScopes, handler.ColumnTypeTextArray), - handler.NewColumn(DeviceAuthColumnState, handler.ColumnTypeEnum, handler.Default(domain.DeviceAuthStateInitiated)), - handler.NewColumn(DeviceAuthColumnSubject, handler.ColumnTypeText, handler.Default("")), - handler.NewColumn(DeviceAuthColumnCreationDate, handler.ColumnTypeTimestamp), - handler.NewColumn(DeviceAuthColumnChangeDate, handler.ColumnTypeTimestamp), - handler.NewColumn(DeviceAuthColumnSequence, handler.ColumnTypeInt64), - handler.NewColumn(DeviceAuthColumnInstanceID, handler.ColumnTypeText), + handler.NewColumn(DeviceAuthRequestColumnClientID, handler.ColumnTypeText), + handler.NewColumn(DeviceAuthRequestColumnDeviceCode, handler.ColumnTypeText), + handler.NewColumn(DeviceAuthRequestColumnUserCode, handler.ColumnTypeText), + handler.NewColumn(DeviceAuthRequestColumnScopes, handler.ColumnTypeTextArray), + handler.NewColumn(DeviceAuthRequestColumnCreationDate, handler.ColumnTypeTimestamp), + handler.NewColumn(DeviceAuthRequestColumnChangeDate, handler.ColumnTypeTimestamp), + handler.NewColumn(DeviceAuthRequestColumnSequence, handler.ColumnTypeInt64), + handler.NewColumn(DeviceAuthRequestColumnInstanceID, handler.ColumnTypeText), }, - handler.NewPrimaryKey(DeviceAuthColumnInstanceID, DeviceAuthColumnID), - handler.WithIndex(handler.NewIndex("user_code", []string{DeviceAuthColumnInstanceID, DeviceAuthColumnUserCode})), - handler.WithIndex(handler.NewIndex("device_code", []string{DeviceAuthColumnInstanceID, DeviceAuthColumnClientID, DeviceAuthColumnDeviceCode})), + handler.NewPrimaryKey(DeviceAuthRequestColumnInstanceID, DeviceAuthRequestColumnDeviceCode), + handler.WithIndex(handler.NewIndex("user_code", []string{DeviceAuthRequestColumnInstanceID, DeviceAuthRequestColumnUserCode})), ), ) } -func (p *deviceAuthProjection) Reducers() []handler.AggregateReducer { +func (p *deviceAuthRequestProjection) Reducers() []handler.AggregateReducer { return []handler.AggregateReducer{ { Aggregate: deviceauth.AggregateType, @@ -73,89 +66,49 @@ func (p *deviceAuthProjection) Reducers() []handler.AggregateReducer { }, { Event: deviceauth.ApprovedEventType, - Reduce: p.reduceAppoved, + Reduce: p.reduceDoneEvents, }, { Event: deviceauth.CanceledEventType, - Reduce: p.reduceCanceled, - }, - { - Event: deviceauth.RemovedEventType, - Reduce: p.reduceRemoved, + Reduce: p.reduceDoneEvents, }, }, }, } } -func (p *deviceAuthProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { +func (p *deviceAuthRequestProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*deviceauth.AddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-chu6O", "reduce.wrong.event.type %T != %s", event, deviceauth.AddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-chu6O", "reduce.wrong.event.type %T != %s", event, deviceauth.AddedEventType) } return handler.NewCreateStatement( e, []handler.Column{ - handler.NewCol(DeviceAuthColumnID, e.Aggregate().ID), - handler.NewCol(DeviceAuthColumnClientID, e.ClientID), - handler.NewCol(DeviceAuthColumnDeviceCode, e.DeviceCode), - handler.NewCol(DeviceAuthColumnUserCode, e.UserCode), - handler.NewCol(DeviceAuthColumnExpires, e.Expires), - handler.NewCol(DeviceAuthColumnScopes, e.Scopes), - handler.NewCol(DeviceAuthColumnCreationDate, e.CreationDate()), - handler.NewCol(DeviceAuthColumnChangeDate, e.CreationDate()), - handler.NewCol(DeviceAuthColumnSequence, e.Sequence()), - handler.NewCol(DeviceAuthColumnInstanceID, e.Aggregate().InstanceID), + handler.NewCol(DeviceAuthRequestColumnClientID, e.ClientID), + handler.NewCol(DeviceAuthRequestColumnDeviceCode, e.DeviceCode), + handler.NewCol(DeviceAuthRequestColumnUserCode, e.UserCode), + handler.NewCol(DeviceAuthRequestColumnScopes, e.Scopes), + handler.NewCol(DeviceAuthRequestColumnCreationDate, e.CreationDate()), + handler.NewCol(DeviceAuthRequestColumnChangeDate, e.CreationDate()), + handler.NewCol(DeviceAuthRequestColumnSequence, e.Sequence()), + handler.NewCol(DeviceAuthRequestColumnInstanceID, e.Aggregate().InstanceID), }, ), nil } -func (p *deviceAuthProjection) reduceAppoved(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*deviceauth.ApprovedEvent) - if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-kei0A", "reduce.wrong.event.type %T != %s", event, deviceauth.ApprovedEventType) - } - return handler.NewUpdateStatement(e, - []handler.Column{ - handler.NewCol(DeviceAuthColumnState, domain.DeviceAuthStateApproved), - handler.NewCol(DeviceAuthColumnSubject, e.Subject), - handler.NewCol(DeviceAuthColumnChangeDate, e.CreationDate()), - handler.NewCol(DeviceAuthColumnSequence, e.Sequence()), - }, - []handler.Condition{ - handler.NewCond(DeviceAuthColumnInstanceID, e.Aggregate().InstanceID), - handler.NewCond(DeviceAuthColumnID, e.Aggregate().ID), - }, - ), nil -} +// reduceDoneEvents removes the device auth request from the projection. +func (p *deviceAuthRequestProjection) reduceDoneEvents(event eventstore.Event) (*handler.Statement, error) { + switch event.(type) { + case *deviceauth.ApprovedEvent, *deviceauth.CanceledEvent: + return handler.NewDeleteStatement(event, + []handler.Condition{ + handler.NewCond(DeviceAuthRequestColumnInstanceID, event.Aggregate().InstanceID), + handler.NewCond(DeviceAuthRequestColumnDeviceCode, event.Aggregate().ID), + }, + ), nil -func (p *deviceAuthProjection) reduceCanceled(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*deviceauth.CanceledEvent) - if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-eeS8d", "reduce.wrong.event.type %T != %s", event, deviceauth.CanceledEventType) + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-eeS8d", "reduce.wrong.event.type %T", event) } - return handler.NewUpdateStatement(e, - []handler.Column{ - handler.NewCol(DeviceAuthColumnState, e.Reason.State()), - handler.NewCol(DeviceAuthColumnChangeDate, e.CreationDate()), - handler.NewCol(DeviceAuthColumnSequence, e.Sequence()), - }, - []handler.Condition{ - handler.NewCond(DeviceAuthColumnInstanceID, e.Aggregate().InstanceID), - handler.NewCond(DeviceAuthColumnID, e.Aggregate().ID), - }, - ), nil -} - -func (p *deviceAuthProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*deviceauth.RemovedEvent) - if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-AJi1u", "reduce.wrong.event.type %T != %s", event, deviceauth.RemovedEventType) - } - return handler.NewDeleteStatement(e, - []handler.Condition{ - handler.NewCond(DeviceAuthColumnInstanceID, e.Aggregate().InstanceID), - handler.NewCond(DeviceAuthColumnID, e.Aggregate().ID), - }, - ), nil } diff --git a/internal/query/projection/domain_policy.go b/internal/query/projection/domain_policy.go index b11fbf2607..9277d342a9 100644 --- a/internal/query/projection/domain_policy.go +++ b/internal/query/projection/domain_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -116,7 +116,7 @@ func (p *domainPolicyProjection) reduceAdded(event eventstore.Event) (*handler.S policyEvent = e.DomainPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-CSE7A", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyAddedEventType, instance.DomainPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-CSE7A", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyAddedEventType, instance.DomainPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -143,7 +143,7 @@ func (p *domainPolicyProjection) reduceChanged(event eventstore.Event) (*handler case *instance.DomainPolicyChangedEvent: policyEvent = e.DomainPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-qgVug", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyChangedEventType, instance.DomainPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-qgVug", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyChangedEventType, instance.DomainPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(DomainPolicyChangeDateCol, policyEvent.CreationDate()), @@ -170,7 +170,7 @@ func (p *domainPolicyProjection) reduceChanged(event eventstore.Event) (*handler func (p *domainPolicyProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.DomainPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-JAENd", "reduce.wrong.event.type %s", org.DomainPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-JAENd", "reduce.wrong.event.type %s", org.DomainPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -183,7 +183,7 @@ func (p *domainPolicyProjection) reduceRemoved(event eventstore.Event) (*handler func (p *domainPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-JYD2K", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-JYD2K", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/domain_policy_test.go b/internal/query/projection/domain_policy_test.go index 0df5f786d1..418640cb1e 100644 --- a/internal/query/projection/domain_policy_test.go +++ b/internal/query/projection/domain_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestDomainPolicyProjection_reduces(t *testing.T) { @@ -258,7 +258,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/executer_test.go b/internal/query/projection/executer_test.go index 8dca87a383..9c1dd021fc 100644 --- a/internal/query/projection/executer_test.go +++ b/internal/query/projection/executer_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type testExecuter struct { @@ -30,7 +30,7 @@ func (e *testExecuter) Exec(stmt string, args ...interface{}) (sql.Result, error } if e.execIdx >= len(e.executions) { - return nil, errors.ThrowInternal(nil, "PROJE-8TNoE", "too many executions") + return nil, zerrors.ThrowInternal(nil, "PROJE-8TNoE", "too many executions") } e.executions[e.execIdx].gottenArgs = args e.executions[e.execIdx].gottenStmt = stmt diff --git a/internal/query/projection/flow.go b/internal/query/projection/flow.go index 5d03d8f07d..2e954bca28 100644 --- a/internal/query/projection/flow.go +++ b/internal/query/projection/flow.go @@ -3,12 +3,12 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -84,7 +84,7 @@ func (p *flowProjection) Reducers() []handler.AggregateReducer { func (p *flowProjection) reduceTriggerActionsSetEventType(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.TriggerActionsSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.TriggerActionsSetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.TriggerActionsSetEventType) } stmts := make([]func(reader eventstore.Event) handler.Exec, len(e.ActionIDs)+1) stmts[0] = handler.AddDeleteStatement( @@ -115,7 +115,7 @@ func (p *flowProjection) reduceTriggerActionsSetEventType(event eventstore.Event func (p *flowProjection) reduceFlowClearedEventType(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.FlowClearedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.FlowClearedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.FlowClearedEventType) } return handler.NewDeleteStatement( e, @@ -130,7 +130,7 @@ func (p *flowProjection) reduceFlowClearedEventType(event eventstore.Event) (*ha func (p *flowProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Yd7WC", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Yd7WC", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/flow_test.go b/internal/query/projection/flow_test.go index 757aea548b..add857b464 100644 --- a/internal/query/projection/flow_test.go +++ b/internal/query/projection/flow_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestFlowProjection_reduces(t *testing.T) { @@ -162,7 +162,7 @@ func TestFlowProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/idp.go b/internal/query/projection/idp.go index db5cc4319a..32bb5abec3 100644 --- a/internal/query/projection/idp.go +++ b/internal/query/projection/idp.go @@ -5,13 +5,13 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -223,7 +223,7 @@ func (p *idpProjection) reduceIDPAdded(event eventstore.Event) (*handler.Stateme idpEvent = e.IDPConfigAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fcUdQ", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fcUdQ", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) } return handler.NewCreateStatement( @@ -252,7 +252,7 @@ func (p *idpProjection) reduceIDPChanged(event eventstore.Event) (*handler.State case *instance.IDPConfigChangedEvent: idpEvent = e.IDPConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-NVvJD", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-NVvJD", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) } cols := make([]handler.Column, 0, 5) @@ -292,7 +292,7 @@ func (p *idpProjection) reduceIDPDeactivated(event eventstore.Event) (*handler.S case *instance.IDPConfigDeactivatedEvent: idpEvent = e.IDPConfigDeactivatedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-94O5l", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-94O5l", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType}) } return handler.NewUpdateStatement( @@ -317,7 +317,7 @@ func (p *idpProjection) reduceIDPReactivated(event eventstore.Event) (*handler.S case *instance.IDPConfigReactivatedEvent: idpEvent = e.IDPConfigReactivatedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-I8QyS", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-I8QyS", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType}) } return handler.NewUpdateStatement( @@ -342,7 +342,7 @@ func (p *idpProjection) reduceIDPRemoved(event eventstore.Event) (*handler.State case *instance.IDPConfigRemovedEvent: idpEvent = e.IDPConfigRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-B4zy8", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-B4zy8", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) } return handler.NewDeleteStatement( @@ -362,7 +362,7 @@ func (p *idpProjection) reduceOIDCConfigAdded(event eventstore.Event) (*handler. case *instance.IDPOIDCConfigAddedEvent: idpEvent = e.OIDCConfigAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-2FuAA", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-2FuAA", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) } return handler.NewMultiStatement(&idpEvent, @@ -403,7 +403,7 @@ func (p *idpProjection) reduceOIDCConfigChanged(event eventstore.Event) (*handle case *instance.IDPOIDCConfigChangedEvent: idpEvent = e.OIDCConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType}) } cols := make([]handler.Column, 0, 8) @@ -467,7 +467,7 @@ func (p *idpProjection) reduceJWTConfigAdded(event eventstore.Event) (*handler.S case *instance.IDPJWTConfigAddedEvent: idpEvent = e.JWTConfigAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-qvPdb", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-qvPdb", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) } return handler.NewMultiStatement(&idpEvent, @@ -505,7 +505,7 @@ func (p *idpProjection) reduceJWTConfigChanged(event eventstore.Event) (*handler case *instance.IDPJWTConfigChangedEvent: idpEvent = e.JWTConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType}) } cols := make([]handler.Column, 0, 4) @@ -552,7 +552,7 @@ func (p *idpProjection) reduceJWTConfigChanged(event eventstore.Event) (*handler func (p *idpProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-YsbQC", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-YsbQC", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/idp_login_policy_link.go b/internal/query/projection/idp_login_policy_link.go index 7fcdc57804..a72cd84fde 100644 --- a/internal/query/projection/idp_login_policy_link.go +++ b/internal/query/projection/idp_login_policy_link.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -138,7 +138,7 @@ func (p *idpLoginPolicyLinkProjection) reduceAdded(event eventstore.Event) (*han idp = e.IdentityProviderAddedEvent providerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Nlp55", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderAddedEventType, instance.LoginPolicyIDPProviderAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Nlp55", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderAddedEventType, instance.LoginPolicyIDPProviderAddedEventType}) } return handler.NewCreateStatement(&idp, @@ -164,7 +164,7 @@ func (p *idpLoginPolicyLinkProjection) reduceRemoved(event eventstore.Event) (*h case *instance.IdentityProviderRemovedEvent: idp = e.IdentityProviderRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-tUMYY", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderRemovedEventType, instance.LoginPolicyIDPProviderRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-tUMYY", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderRemovedEventType, instance.LoginPolicyIDPProviderRemovedEventType}) } return handler.NewDeleteStatement(&idp, @@ -185,7 +185,7 @@ func (p *idpLoginPolicyLinkProjection) reduceCascadeRemoved(event eventstore.Eve case *instance.IdentityProviderCascadeRemovedEvent: idp = e.IdentityProviderCascadeRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-iCKSj", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderCascadeRemovedEventType, instance.LoginPolicyIDPProviderCascadeRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-iCKSj", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyIDPProviderCascadeRemovedEventType, instance.LoginPolicyIDPProviderCascadeRemovedEventType}) } return handler.NewDeleteStatement(&idp, @@ -213,7 +213,7 @@ func (p *idpLoginPolicyLinkProjection) reduceIDPConfigRemoved(event eventstore.E handler.NewCond(IDPLoginPolicyLinkInstanceIDCol, event.Aggregate().InstanceID), } default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-u6tze", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-u6tze", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) } return handler.NewDeleteStatement(event, conditions), nil @@ -235,7 +235,7 @@ func (p *idpLoginPolicyLinkProjection) reduceIDPRemoved(event eventstore.Event) handler.NewCond(IDPLoginPolicyLinkInstanceIDCol, event.Aggregate().InstanceID), } default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SFED3", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SFED3", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) } return handler.NewDeleteStatement(event, conditions), nil @@ -244,7 +244,7 @@ func (p *idpLoginPolicyLinkProjection) reduceIDPRemoved(event eventstore.Event) func (p *idpLoginPolicyLinkProjection) reducePolicyRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.LoginPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SF3dg", "reduce.wrong.event.type %s", org.LoginPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SF3dg", "reduce.wrong.event.type %s", org.LoginPolicyRemovedEventType) } return handler.NewDeleteStatement(e, []handler.Condition{ @@ -257,7 +257,7 @@ func (p *idpLoginPolicyLinkProjection) reducePolicyRemoved(event eventstore.Even func (p *idpLoginPolicyLinkProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-YbhOv", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-YbhOv", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/idp_login_policy_link_test.go b/internal/query/projection/idp_login_policy_link_test.go index 4f58ec1fae..bfda5ac735 100644 --- a/internal/query/projection/idp_login_policy_link_test.go +++ b/internal/query/projection/idp_login_policy_link_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestIDPLoginPolicyLinkProjection_reduces(t *testing.T) { @@ -420,7 +420,7 @@ func TestIDPLoginPolicyLinkProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/idp_template.go b/internal/query/projection/idp_template.go index 181fecefb6..00cac448af 100644 --- a/internal/query/projection/idp_template.go +++ b/internal/query/projection/idp_template.go @@ -6,7 +6,6 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -14,6 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -679,7 +679,7 @@ func (p *idpTemplateProjection) reduceOAuthIDPAdded(event eventstore.Event) (*ha idpEvent = e.OAuthIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPAddedEventType, instance.OAuthIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPAddedEventType, instance.OAuthIDPAddedEventType}) } return handler.NewMultiStatement( @@ -727,7 +727,7 @@ func (p *idpTemplateProjection) reduceOAuthIDPChanged(event eventstore.Event) (* case *instance.OAuthIDPChangedEvent: idpEvent = e.OAuthIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPChangedEventType, instance.OAuthIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPChangedEventType, instance.OAuthIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -771,7 +771,7 @@ func (p *idpTemplateProjection) reduceOIDCIDPAdded(event eventstore.Event) (*han idpEvent = e.OIDCIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPAddedEventType, instance.OIDCIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPAddedEventType, instance.OIDCIDPAddedEventType}) } return handler.NewMultiStatement( @@ -817,7 +817,7 @@ func (p *idpTemplateProjection) reduceOIDCIDPChanged(event eventstore.Event) (*h case *instance.OIDCIDPChangedEvent: idpEvent = e.OIDCIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPChangedEventType, instance.OIDCIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPChangedEventType, instance.OIDCIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -858,7 +858,7 @@ func (p *idpTemplateProjection) reduceOIDCIDPMigratedAzureAD(event eventstore.Ev case *instance.OIDCIDPMigratedAzureADEvent: idpEvent = e.OIDCIDPMigratedAzureADEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedAzureADEventType, instance.OIDCIDPMigratedAzureADEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedAzureADEventType, instance.OIDCIDPMigratedAzureADEventType}) } return handler.NewMultiStatement( @@ -909,7 +909,7 @@ func (p *idpTemplateProjection) reduceOIDCIDPMigratedGoogle(event eventstore.Eve case *instance.OIDCIDPMigratedGoogleEvent: idpEvent = e.OIDCIDPMigratedGoogleEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedGoogleEventType, instance.OIDCIDPMigratedGoogleEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedGoogleEventType, instance.OIDCIDPMigratedGoogleEventType}) } return handler.NewMultiStatement( @@ -961,7 +961,7 @@ func (p *idpTemplateProjection) reduceJWTIDPAdded(event eventstore.Event) (*hand idpEvent = e.JWTIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-xopi2s", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPAddedEventType, instance.JWTIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xopi2s", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPAddedEventType, instance.JWTIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1006,7 +1006,7 @@ func (p *idpTemplateProjection) reduceJWTIDPChanged(event eventstore.Event) (*ha case *instance.JWTIDPChangedEvent: idpEvent = e.JWTIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPChangedEventType, instance.JWTIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPChangedEventType, instance.JWTIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1050,7 +1050,7 @@ func (p *idpTemplateProjection) reduceOldConfigAdded(event eventstore.Event) (*h idpEvent = e.IDPConfigAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ADfeg", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ADfeg", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) } return handler.NewCreateStatement( @@ -1082,7 +1082,7 @@ func (p *idpTemplateProjection) reduceOldConfigChanged(event eventstore.Event) ( case *instance.IDPConfigChangedEvent: idpEvent = e.IDPConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAfg2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAfg2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) } cols := make([]handler.Column, 0, 4) @@ -1115,7 +1115,7 @@ func (p *idpTemplateProjection) reduceOldOIDCConfigAdded(event eventstore.Event) case *instance.IDPOIDCConfigAddedEvent: idpEvent = e.OIDCConfigAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASFdq2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASFdq2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) } return handler.NewMultiStatement( @@ -1154,7 +1154,7 @@ func (p *idpTemplateProjection) reduceOldOIDCConfigChanged(event eventstore.Even case *instance.IDPOIDCConfigChangedEvent: idpEvent = e.OIDCConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPChangedEventType, instance.OIDCIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPChangedEventType, instance.OIDCIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1210,7 +1210,7 @@ func (p *idpTemplateProjection) reduceOldJWTConfigAdded(event eventstore.Event) case *instance.IDPJWTConfigAddedEvent: idpEvent = e.JWTConfigAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASFdq2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASFdq2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) } return handler.NewMultiStatement( @@ -1248,7 +1248,7 @@ func (p *idpTemplateProjection) reduceOldJWTConfigChanged(event eventstore.Event case *instance.IDPJWTConfigChangedEvent: idpEvent = e.JWTConfigChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPChangedEventType, instance.JWTIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPChangedEventType, instance.JWTIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1307,7 +1307,7 @@ func (p *idpTemplateProjection) reduceAzureADIDPAdded(event eventstore.Event) (* idpEvent = e.AzureADIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.AzureADIDPAddedEventType, instance.AzureADIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.AzureADIDPAddedEventType, instance.AzureADIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1353,7 +1353,7 @@ func (p *idpTemplateProjection) reduceAzureADIDPChanged(event eventstore.Event) case *instance.AzureADIDPChangedEvent: idpEvent = e.AzureADIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.AzureADIDPChangedEventType, instance.AzureADIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.AzureADIDPChangedEventType, instance.AzureADIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1397,7 +1397,7 @@ func (p *idpTemplateProjection) reduceGitHubIDPAdded(event eventstore.Event) (*h idpEvent = e.GitHubIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPAddedEventType, instance.GitHubIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPAddedEventType, instance.GitHubIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1444,7 +1444,7 @@ func (p *idpTemplateProjection) reduceGitHubEnterpriseIDPAdded(event eventstore. idpEvent = e.GitHubEnterpriseIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Sf3g2a", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubEnterpriseIDPAddedEventType, instance.GitHubEnterpriseIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Sf3g2a", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubEnterpriseIDPAddedEventType, instance.GitHubEnterpriseIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1491,7 +1491,7 @@ func (p *idpTemplateProjection) reduceGitHubIDPChanged(event eventstore.Event) ( case *instance.GitHubIDPChangedEvent: idpEvent = e.GitHubIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1532,7 +1532,7 @@ func (p *idpTemplateProjection) reduceGitHubEnterpriseIDPChanged(event eventstor case *instance.GitHubEnterpriseIDPChangedEvent: idpEvent = e.GitHubEnterpriseIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SDg3g", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubEnterpriseIDPChangedEventType, instance.GitHubEnterpriseIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SDg3g", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubEnterpriseIDPChangedEventType, instance.GitHubEnterpriseIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1576,7 +1576,7 @@ func (p *idpTemplateProjection) reduceGitLabIDPAdded(event eventstore.Event) (*h idpEvent = e.GitLabIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPAddedEventType, instance.GitLabIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPAddedEventType, instance.GitLabIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1620,7 +1620,7 @@ func (p *idpTemplateProjection) reduceGitLabIDPChanged(event eventstore.Event) ( case *instance.GitLabIDPChangedEvent: idpEvent = e.GitLabIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1664,7 +1664,7 @@ func (p *idpTemplateProjection) reduceGitLabSelfHostedIDPAdded(event eventstore. idpEvent = e.GitLabSelfHostedIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAF3gw", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPAddedEventType, instance.GitLabSelfHostedIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAF3gw", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPAddedEventType, instance.GitLabSelfHostedIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1709,7 +1709,7 @@ func (p *idpTemplateProjection) reduceGitLabSelfHostedIDPChanged(event eventstor case *instance.GitLabSelfHostedIDPChangedEvent: idpEvent = e.GitLabSelfHostedIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAf3g2", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPChangedEventType, instance.GitLabSelfHostedIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAf3g2", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPChangedEventType, instance.GitLabSelfHostedIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1753,7 +1753,7 @@ func (p *idpTemplateProjection) reduceGoogleIDPAdded(event eventstore.Event) (*h idpEvent = e.GoogleIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPAddedEventType, instance.GoogleIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPAddedEventType, instance.GoogleIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1797,7 +1797,7 @@ func (p *idpTemplateProjection) reduceGoogleIDPChanged(event eventstore.Event) ( case *instance.GoogleIDPChangedEvent: idpEvent = e.GoogleIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPChangedEventType, instance.GoogleIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPChangedEventType, instance.GoogleIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1841,7 +1841,7 @@ func (p *idpTemplateProjection) reduceLDAPIDPAdded(event eventstore.Event) (*han idpEvent = e.LDAPIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.LDAPIDPAddedEventType, instance.LDAPIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.LDAPIDPAddedEventType, instance.LDAPIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1904,7 +1904,7 @@ func (p *idpTemplateProjection) reduceLDAPIDPChanged(event eventstore.Event) (*h case *instance.LDAPIDPChangedEvent: idpEvent = e.LDAPIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.LDAPIDPChangedEventType, instance.LDAPIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.LDAPIDPChangedEventType, instance.LDAPIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -1949,7 +1949,7 @@ func (p *idpTemplateProjection) reduceSAMLIDPAdded(event eventstore.Event) (*han idpEvent = e.SAMLIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.SAMLIDPAddedEventType, instance.SAMLIDPAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-9s02m1", "reduce.wrong.event.type %v", []eventstore.EventType{org.SAMLIDPAddedEventType, instance.SAMLIDPAddedEventType}) } return handler.NewMultiStatement( @@ -1995,7 +1995,7 @@ func (p *idpTemplateProjection) reduceSAMLIDPChanged(event eventstore.Event) (*h case *instance.SAMLIDPChangedEvent: idpEvent = e.SAMLIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-o7c0fii4ad", "reduce.wrong.event.type %v", []eventstore.EventType{org.SAMLIDPChangedEventType, instance.SAMLIDPChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-o7c0fii4ad", "reduce.wrong.event.type %v", []eventstore.EventType{org.SAMLIDPChangedEventType, instance.SAMLIDPChangedEventType}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -2040,7 +2040,7 @@ func (p *idpTemplateProjection) reduceAppleIDPAdded(event eventstore.Event) (*ha idpEvent = e.AppleIDPAddedEvent idpOwnerType = domain.IdentityProviderTypeSystem default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SFvg3", "reduce.wrong.event.type %v", []eventstore.EventType{org.AppleIDPAddedEventType /*, instance.AppleIDPAddedEventType*/}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SFvg3", "reduce.wrong.event.type %v", []eventstore.EventType{org.AppleIDPAddedEventType /*, instance.AppleIDPAddedEventType*/}) } return handler.NewMultiStatement( @@ -2086,7 +2086,7 @@ func (p *idpTemplateProjection) reduceAppleIDPChanged(event eventstore.Event) (* case *instance.AppleIDPChangedEvent: idpEvent = e.AppleIDPChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-GBez3", "reduce.wrong.event.type %v", []eventstore.EventType{org.AppleIDPChangedEventType /*, instance.AppleIDPChangedEventType*/}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-GBez3", "reduce.wrong.event.type %v", []eventstore.EventType{org.AppleIDPChangedEventType /*, instance.AppleIDPChangedEventType*/}) } ops := make([]func(eventstore.Event) handler.Exec, 0, 2) @@ -2127,7 +2127,7 @@ func (p *idpTemplateProjection) reduceIDPConfigRemoved(event eventstore.Event) ( case *instance.IDPConfigRemovedEvent: idpEvent = e.IDPConfigRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAFet", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAFet", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) } return handler.NewDeleteStatement( @@ -2147,7 +2147,7 @@ func (p *idpTemplateProjection) reduceIDPRemoved(event eventstore.Event) (*handl case *instance.IDPRemovedEvent: idpEvent = e.RemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-xbcvwin2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xbcvwin2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) } return handler.NewDeleteStatement( @@ -2162,7 +2162,7 @@ func (p *idpTemplateProjection) reduceIDPRemoved(event eventstore.Event) (*handl func (p *idpTemplateProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Jp0D2K", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Jp0D2K", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/idp_template_test.go b/internal/query/projection/idp_template_test.go index 5e33aebe87..8490810d83 100644 --- a/internal/query/projection/idp_template_test.go +++ b/internal/query/projection/idp_template_test.go @@ -7,11 +7,11 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -150,7 +150,7 @@ func TestIDPTemplateProjection_reducesRemove(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -426,7 +426,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -750,7 +750,7 @@ func TestIDPTemplateProjection_reducesAzureAD(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -1002,7 +1002,7 @@ func TestIDPTemplateProjection_reducesGitHub(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -1272,7 +1272,7 @@ func TestIDPTemplateProjection_reducesGitHubEnterprise(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -1522,7 +1522,7 @@ func TestIDPTemplateProjection_reducesGitLab(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -1780,7 +1780,7 @@ func TestIDPTemplateProjection_reducesGitLabSelfHosted(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -2030,7 +2030,7 @@ func TestIDPTemplateProjection_reducesGoogle(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -2423,7 +2423,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -2681,7 +2681,7 @@ func TestIDPTemplateProjection_reducesApple(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -2967,7 +2967,7 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -3497,7 +3497,7 @@ func TestIDPTemplateProjection_reducesOIDC(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -4084,7 +4084,7 @@ func TestIDPTemplateProjection_reducesOldConfig(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } @@ -4326,7 +4326,7 @@ func TestIDPTemplateProjection_reducesJWT(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/idp_test.go b/internal/query/projection/idp_test.go index bedd528cdf..37c86b8511 100644 --- a/internal/query/projection/idp_test.go +++ b/internal/query/projection/idp_test.go @@ -5,11 +5,11 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestIDPProjection_reduces(t *testing.T) { @@ -920,7 +920,7 @@ func TestIDPProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/idp_user_link.go b/internal/query/projection/idp_user_link.go index ce588a20e1..edcaf4fc86 100644 --- a/internal/query/projection/idp_user_link.go +++ b/internal/query/projection/idp_user_link.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -82,6 +82,10 @@ func (p *idpUserLinkProjection) Reducers() []handler.AggregateReducer { Event: user.UserIDPExternalIDMigratedType, Reduce: p.reduceExternalIDMigrated, }, + { + Event: user.UserIDPExternalUsernameChangedType, + Reduce: p.reduceExternalUsernameChanged, + }, }, }, { @@ -116,7 +120,7 @@ func (p *idpUserLinkProjection) Reducers() []handler.AggregateReducer { func (p *idpUserLinkProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserIDPLinkAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-DpmXq", "reduce.wrong.event.type %s", user.UserIDPLinkAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-DpmXq", "reduce.wrong.event.type %s", user.UserIDPLinkAddedType) } return handler.NewCreateStatement(e, @@ -137,7 +141,7 @@ func (p *idpUserLinkProjection) reduceAdded(event eventstore.Event) (*handler.St func (p *idpUserLinkProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserIDPLinkRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-AZmfJ", "reduce.wrong.event.type %s", user.UserIDPLinkRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-AZmfJ", "reduce.wrong.event.type %s", user.UserIDPLinkRemovedType) } return handler.NewDeleteStatement(e, @@ -153,7 +157,7 @@ func (p *idpUserLinkProjection) reduceRemoved(event eventstore.Event) (*handler. func (p *idpUserLinkProjection) reduceCascadeRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserIDPLinkCascadeRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-jQpv9", "reduce.wrong.event.type %s", user.UserIDPLinkCascadeRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-jQpv9", "reduce.wrong.event.type %s", user.UserIDPLinkCascadeRemovedType) } return handler.NewDeleteStatement(e, @@ -169,7 +173,7 @@ func (p *idpUserLinkProjection) reduceCascadeRemoved(event eventstore.Event) (*h func (p *idpUserLinkProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-PGiAY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-PGiAY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( @@ -184,7 +188,7 @@ func (p *idpUserLinkProjection) reduceOwnerRemoved(event eventstore.Event) (*han func (p *idpUserLinkProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-uwlWE", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-uwlWE", "reduce.wrong.event.type %s", user.UserRemovedType) } return handler.NewDeleteStatement(e, @@ -198,7 +202,7 @@ func (p *idpUserLinkProjection) reduceUserRemoved(event eventstore.Event) (*hand func (p *idpUserLinkProjection) reduceExternalIDMigrated(event eventstore.Event) (*handler.Statement, error) { e, err := assertEvent[*user.UserIDPExternalIDMigratedEvent](event) if err != nil { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-AS3th", "reduce.wrong.event.type %s", user.UserIDPExternalIDMigratedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-AS3th", "reduce.wrong.event.type %s", user.UserIDPExternalIDMigratedType) } return handler.NewUpdateStatement(e, @@ -216,6 +220,27 @@ func (p *idpUserLinkProjection) reduceExternalIDMigrated(event eventstore.Event) ), nil } +func (p *idpUserLinkProjection) reduceExternalUsernameChanged(event eventstore.Event) (*handler.Statement, error) { + e, err := assertEvent[*user.UserIDPExternalUsernameEvent](event) + if err != nil { + return nil, err + } + + return handler.NewUpdateStatement(e, + []handler.Column{ + handler.NewCol(IDPUserLinkChangeDateCol, e.CreationDate()), + handler.NewCol(IDPUserLinkSequenceCol, e.Sequence()), + handler.NewCol(IDPUserLinkDisplayNameCol, e.ExternalUsername), + }, + []handler.Condition{ + handler.NewCond(IDPUserLinkIDPIDCol, e.IDPConfigID), + handler.NewCond(IDPUserLinkUserIDCol, e.Aggregate().ID), + handler.NewCond(IDPUserLinkExternalUserIDCol, e.ExternalUserID), + handler.NewCond(IDPUserLinkInstanceIDCol, e.Aggregate().InstanceID), + }, + ), nil +} + func (p *idpUserLinkProjection) reduceIDPConfigRemoved(event eventstore.Event) (*handler.Statement, error) { var idpID string @@ -225,7 +250,7 @@ func (p *idpUserLinkProjection) reduceIDPConfigRemoved(event eventstore.Event) ( case *instance.IDPConfigRemovedEvent: idpID = e.ConfigID default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-iCKSj", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-iCKSj", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) } return handler.NewDeleteStatement(event, diff --git a/internal/query/projection/idp_user_link_test.go b/internal/query/projection/idp_user_link_test.go index a5e860844f..6545d30b40 100644 --- a/internal/query/projection/idp_user_link_test.go +++ b/internal/query/projection/idp_user_link_test.go @@ -3,12 +3,12 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestIDPUserLinkProjection_reduces(t *testing.T) { @@ -238,6 +238,41 @@ func TestIDPUserLinkProjection_reduces(t *testing.T) { }, }, }, + { + name: "reduceExternalUsernameChanged", + args: args{ + event: getEvent(testEvent( + user.UserIDPExternalUsernameChangedType, + user.AggregateType, + []byte(`{ + "idpConfigId": "idp-config-id", + "userId": "external-user-id", + "username": "new-username" +}`), + ), eventstore.GenericEventMapper[user.UserIDPExternalUsernameEvent]), + }, + reduce: (&idpUserLinkProjection{}).reduceExternalUsernameChanged, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE projections.idp_user_links3 SET (change_date, sequence, display_name) = ($1, $2, $3) WHERE (idp_id = $4) AND (user_id = $5) AND (external_user_id = $6) AND (instance_id = $7)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + "new-username", + "idp-config-id", + "agg-id", + "external-user-id", + "instance-id", + }, + }, + }, + }, + }, + }, { name: "org IDPConfigRemovedEvent", args: args{ @@ -303,7 +338,7 @@ func TestIDPUserLinkProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/instance.go b/internal/query/projection/instance.go index 68a1106064..9f46ee22fa 100644 --- a/internal/query/projection/instance.go +++ b/internal/query/projection/instance.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -95,7 +95,7 @@ func (p *instanceProjection) Reducers() []handler.AggregateReducer { func (p *instanceProjection) reduceInstanceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.InstanceAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-29nlS", "reduce.wrong.event.type %s", instance.InstanceAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-29nlS", "reduce.wrong.event.type %s", instance.InstanceAddedEventType) } return handler.NewCreateStatement( e, @@ -113,7 +113,7 @@ func reduceInstanceRemovedHelper(instanceIDCol string) func(event eventstore.Eve return func(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.InstanceRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-22nlS", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-22nlS", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) } return handler.NewDeleteStatement( e, @@ -127,7 +127,7 @@ func reduceInstanceRemovedHelper(instanceIDCol string) func(event eventstore.Eve func (p *instanceProjection) reduceInstanceChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.InstanceChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-so2am1", "reduce.wrong.event.type %s", instance.InstanceChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-so2am1", "reduce.wrong.event.type %s", instance.InstanceChangedEventType) } return handler.NewUpdateStatement( e, @@ -145,7 +145,7 @@ func (p *instanceProjection) reduceInstanceChanged(event eventstore.Event) (*han func (p *instanceProjection) reduceDefaultOrgSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.DefaultOrgSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-2n9f2", "reduce.wrong.event.type %s", instance.DefaultOrgSetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-2n9f2", "reduce.wrong.event.type %s", instance.DefaultOrgSetEventType) } return handler.NewUpdateStatement( e, @@ -163,7 +163,7 @@ func (p *instanceProjection) reduceDefaultOrgSet(event eventstore.Event) (*handl func (p *instanceProjection) reduceIAMProjectSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.ProjectSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-30o0e", "reduce.wrong.event.type %s", instance.ProjectSetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-30o0e", "reduce.wrong.event.type %s", instance.ProjectSetEventType) } return handler.NewUpdateStatement( e, @@ -181,7 +181,7 @@ func (p *instanceProjection) reduceIAMProjectSet(event eventstore.Event) (*handl func (p *instanceProjection) reduceConsoleSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.ConsoleSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dgf11", "reduce.wrong.event.type %s", instance.ConsoleSetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dgf11", "reduce.wrong.event.type %s", instance.ConsoleSetEventType) } return handler.NewUpdateStatement( e, @@ -200,7 +200,7 @@ func (p *instanceProjection) reduceConsoleSet(event eventstore.Event) (*handler. func (p *instanceProjection) reduceDefaultLanguageSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.DefaultLanguageSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-30o0e", "reduce.wrong.event.type %s", instance.DefaultLanguageSetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-30o0e", "reduce.wrong.event.type %s", instance.DefaultLanguageSetEventType) } return handler.NewUpdateStatement( e, diff --git a/internal/query/projection/instance_domain.go b/internal/query/projection/instance_domain.go index 8eff389ce1..4be3c58342 100644 --- a/internal/query/projection/instance_domain.go +++ b/internal/query/projection/instance_domain.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -82,7 +82,7 @@ func (p *instanceDomainProjection) Reducers() []handler.AggregateReducer { func (p *instanceDomainProjection) reduceDomainAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.DomainAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-38nNf", "reduce.wrong.event.type %s", instance.InstanceDomainAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-38nNf", "reduce.wrong.event.type %s", instance.InstanceDomainAddedEventType) } return handler.NewCreateStatement( e, @@ -101,7 +101,7 @@ func (p *instanceDomainProjection) reduceDomainAdded(event eventstore.Event) (*h func (p *instanceDomainProjection) reduceDomainPrimarySet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.DomainPrimarySetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f8nlw", "reduce.wrong.event.type %s", instance.InstanceDomainPrimarySetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-f8nlw", "reduce.wrong.event.type %s", instance.InstanceDomainPrimarySetEventType) } return handler.NewMultiStatement( e, @@ -133,7 +133,7 @@ func (p *instanceDomainProjection) reduceDomainPrimarySet(event eventstore.Event func (p *instanceDomainProjection) reduceDomainRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.DomainRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-388Nk", "reduce.wrong.event.type %s", instance.InstanceDomainRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-388Nk", "reduce.wrong.event.type %s", instance.InstanceDomainRemovedEventType) } return handler.NewDeleteStatement( e, diff --git a/internal/query/projection/instance_domain_test.go b/internal/query/projection/instance_domain_test.go index 7997bc0a8b..d8bf93a5f0 100644 --- a/internal/query/projection/instance_domain_test.go +++ b/internal/query/projection/instance_domain_test.go @@ -3,10 +3,10 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestInstanceDomainProjection_reduces(t *testing.T) { @@ -109,7 +109,7 @@ func TestInstanceDomainProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/instance_member.go b/internal/query/projection/instance_member.go index f58d098102..ef71a4bf58 100644 --- a/internal/query/projection/instance_member.go +++ b/internal/query/projection/instance_member.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -102,7 +102,7 @@ func (p *instanceMemberProjection) Reducers() []handler.AggregateReducer { func (p *instanceMemberProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.MemberAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-pGNCu", "reduce.wrong.event.type %s", instance.MemberAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-pGNCu", "reduce.wrong.event.type %s", instance.MemberAddedEventType) } ctx := setMemberContext(e.Aggregate()) userOwner, err := getResourceOwnerOfUser(ctx, p.es, e.Aggregate().InstanceID, e.UserID) @@ -115,7 +115,7 @@ func (p *instanceMemberProjection) reduceAdded(event eventstore.Event) (*handler func (p *instanceMemberProjection) reduceChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.MemberChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-5WQcZ", "reduce.wrong.event.type %s", instance.MemberChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-5WQcZ", "reduce.wrong.event.type %s", instance.MemberChangedEventType) } return reduceMemberChanged(e.MemberChangedEvent) } @@ -123,7 +123,7 @@ func (p *instanceMemberProjection) reduceChanged(event eventstore.Event) (*handl func (p *instanceMemberProjection) reduceCascadeRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.MemberCascadeRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dmdf2", "reduce.wrong.event.type %s", instance.MemberCascadeRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dmdf2", "reduce.wrong.event.type %s", instance.MemberCascadeRemovedEventType) } return reduceMemberCascadeRemoved(e.MemberCascadeRemovedEvent) } @@ -131,7 +131,7 @@ func (p *instanceMemberProjection) reduceCascadeRemoved(event eventstore.Event) func (p *instanceMemberProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.MemberRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-exVqy", "reduce.wrong.event.type %s", instance.MemberRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-exVqy", "reduce.wrong.event.type %s", instance.MemberRemovedEventType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.UserID)) } @@ -139,7 +139,7 @@ func (p *instanceMemberProjection) reduceRemoved(event eventstore.Event) (*handl func (p *instanceMemberProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-mkDHF", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-mkDHF", "reduce.wrong.event.type %s", user.UserRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.Aggregate().ID)) } @@ -147,7 +147,7 @@ func (p *instanceMemberProjection) reduceUserRemoved(event eventstore.Event) (*h func (p *instanceMemberProjection) reduceUserOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-mkDHa", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-mkDHa", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return reduceMemberUserOwnerRemoved(e) } diff --git a/internal/query/projection/instance_member_test.go b/internal/query/projection/instance_member_test.go index 5631407439..22490ddc49 100644 --- a/internal/query/projection/instance_member_test.go +++ b/internal/query/projection/instance_member_test.go @@ -8,12 +8,12 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestInstanceMemberProjection_reduces(t *testing.T) { @@ -256,7 +256,7 @@ func TestInstanceMemberProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/instance_test.go b/internal/query/projection/instance_test.go index 274e28f3f9..8228c2308b 100644 --- a/internal/query/projection/instance_test.go +++ b/internal/query/projection/instance_test.go @@ -3,10 +3,10 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestInstanceProjection_reduces(t *testing.T) { @@ -167,7 +167,7 @@ func TestInstanceProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/key.go b/internal/query/projection/key.go index d15cb62ea7..37581aab36 100644 --- a/internal/query/projection/key.go +++ b/internal/query/projection/key.go @@ -5,12 +5,12 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/keypair" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -141,7 +141,7 @@ func (p *keyProjection) Reducers() []handler.AggregateReducer { func (p *keyProjection) reduceKeyPairAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*keypair.AddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAbr2", "reduce.wrong.event.type %s", keypair.AddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAbr2", "reduce.wrong.event.type %s", keypair.AddedEventType) } if e.PrivateKey.Expiry.Before(time.Now()) && e.PublicKey.Expiry.Before(time.Now()) { return handler.NewNoOpStatement(e), nil @@ -174,7 +174,7 @@ func (p *keyProjection) reduceKeyPairAdded(event eventstore.Event) (*handler.Sta if e.PublicKey.Expiry.After(time.Now()) { publicKey, err := crypto.Decrypt(e.PublicKey.Key, p.encryptionAlgorithm) if err != nil { - return nil, errors.ThrowInternal(err, "HANDL-DAg2f", "cannot decrypt public key") + return nil, zerrors.ThrowInternal(err, "HANDL-DAg2f", "cannot decrypt public key") } creates = append(creates, handler.AddCreateStatement( []handler.Column{ @@ -193,7 +193,7 @@ func (p *keyProjection) reduceKeyPairAdded(event eventstore.Event) (*handler.Sta func (p *keyProjection) reduceCertificateAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*keypair.AddedCertificateEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAbr09", "reduce.wrong.event.type %s", keypair.AddedCertificateEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAbr09", "reduce.wrong.event.type %s", keypair.AddedCertificateEventType) } if e.Certificate.Expiry.Before(time.Now()) { @@ -202,7 +202,7 @@ func (p *keyProjection) reduceCertificateAdded(event eventstore.Event) (*handler certificate, err := crypto.Decrypt(e.Certificate.Key, p.certEncryptionAlgorithm) if err != nil { - return nil, errors.ThrowInternal(err, "HANDL-Dajwig2f", "cannot decrypt certificate") + return nil, zerrors.ThrowInternal(err, "HANDL-Dajwig2f", "cannot decrypt certificate") } creates := []func(eventstore.Event) handler.Exec{handler.AddCreateStatement( diff --git a/internal/query/projection/key_test.go b/internal/query/projection/key_test.go index 26e56b731a..7022c1b9ec 100644 --- a/internal/query/projection/key_test.go +++ b/internal/query/projection/key_test.go @@ -9,11 +9,11 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/keypair" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestKeyProjection_reduces(t *testing.T) { @@ -159,7 +159,7 @@ func TestKeyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/label_policy.go b/internal/query/projection/label_policy.go index 49f69738e4..dd9c1d07db 100644 --- a/internal/query/projection/label_policy.go +++ b/internal/query/projection/label_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -242,7 +242,7 @@ func (p *labelPolicyProjection) reduceAdded(event eventstore.Event) (*handler.St policyEvent = e.LabelPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-CSE7A", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyAddedEventType, instance.LabelPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-CSE7A", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyAddedEventType, instance.LabelPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -278,7 +278,7 @@ func (p *labelPolicyProjection) reduceChanged(event eventstore.Event) (*handler. case *instance.LabelPolicyChangedEvent: policyEvent = e.LabelPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-qgVug", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyChangedEventType, instance.LabelPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-qgVug", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyChangedEventType, instance.LabelPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(LabelPolicyChangeDateCol, policyEvent.CreatedAt()), @@ -333,7 +333,7 @@ func (p *labelPolicyProjection) reduceChanged(event eventstore.Event) (*handler. func (p *labelPolicyProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.LabelPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-ATMBz", "reduce.wrong.event.type %s", org.LabelPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-ATMBz", "reduce.wrong.event.type %s", org.LabelPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -348,7 +348,7 @@ func (p *labelPolicyProjection) reduceActivated(event eventstore.Event) (*handle case *org.LabelPolicyActivatedEvent, *instance.LabelPolicyActivatedEvent: // everything ok default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dldEU", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyActivatedEventType, instance.LabelPolicyActivatedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-dldEU", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyActivatedEventType, instance.LabelPolicyActivatedEventType}) } return handler.NewCopyStatement( event, @@ -430,7 +430,7 @@ func (p *labelPolicyProjection) reduceLogoAdded(event eventstore.Event) (*handle case *instance.LabelPolicyLogoDarkAddedEvent: storeKey = handler.NewCol(LabelPolicyDarkLogoURLCol, e.StoreKey) default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-4wbOI", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyLogoAddedEventType, instance.LabelPolicyLogoAddedEventType, org.LabelPolicyLogoDarkAddedEventType, instance.LabelPolicyLogoDarkAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-4wbOI", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyLogoAddedEventType, instance.LabelPolicyLogoAddedEventType, org.LabelPolicyLogoDarkAddedEventType, instance.LabelPolicyLogoDarkAddedEventType}) } return handler.NewUpdateStatement( @@ -459,7 +459,7 @@ func (p *labelPolicyProjection) reduceLogoRemoved(event eventstore.Event) (*hand case *instance.LabelPolicyLogoDarkRemovedEvent: col = LabelPolicyDarkLogoURLCol default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-kg8H4", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyLogoRemovedEventType, instance.LabelPolicyLogoRemovedEventType, org.LabelPolicyLogoDarkRemovedEventType, instance.LabelPolicyLogoDarkRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-kg8H4", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyLogoRemovedEventType, instance.LabelPolicyLogoRemovedEventType, org.LabelPolicyLogoDarkRemovedEventType, instance.LabelPolicyLogoDarkRemovedEventType}) } return handler.NewUpdateStatement( @@ -488,7 +488,7 @@ func (p *labelPolicyProjection) reduceIconAdded(event eventstore.Event) (*handle case *instance.LabelPolicyIconDarkAddedEvent: storeKey = handler.NewCol(LabelPolicyDarkIconURLCol, e.StoreKey) default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-e2JFz", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyIconAddedEventType, instance.LabelPolicyIconAddedEventType, org.LabelPolicyIconDarkAddedEventType, instance.LabelPolicyIconDarkAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-e2JFz", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyIconAddedEventType, instance.LabelPolicyIconAddedEventType, org.LabelPolicyIconDarkAddedEventType, instance.LabelPolicyIconDarkAddedEventType}) } return handler.NewUpdateStatement( @@ -517,7 +517,7 @@ func (p *labelPolicyProjection) reduceIconRemoved(event eventstore.Event) (*hand case *instance.LabelPolicyIconDarkRemovedEvent: col = LabelPolicyDarkIconURLCol default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-gfgbY", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyIconRemovedEventType, instance.LabelPolicyIconRemovedEventType, org.LabelPolicyIconDarkRemovedEventType, instance.LabelPolicyIconDarkRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-gfgbY", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyIconRemovedEventType, instance.LabelPolicyIconRemovedEventType, org.LabelPolicyIconDarkRemovedEventType, instance.LabelPolicyIconDarkRemovedEventType}) } return handler.NewUpdateStatement( @@ -542,7 +542,7 @@ func (p *labelPolicyProjection) reduceFontAdded(event eventstore.Event) (*handle case *instance.LabelPolicyFontAddedEvent: storeKey = handler.NewCol(LabelPolicyFontURLCol, e.StoreKey) default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-65i9W", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyFontAddedEventType, instance.LabelPolicyFontAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-65i9W", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyFontAddedEventType, instance.LabelPolicyFontAddedEventType}) } return handler.NewUpdateStatement( @@ -567,7 +567,7 @@ func (p *labelPolicyProjection) reduceFontRemoved(event eventstore.Event) (*hand case *instance.LabelPolicyFontRemovedEvent: col = LabelPolicyFontURLCol default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-xf32J", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyFontRemovedEventType, instance.LabelPolicyFontRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-xf32J", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyFontRemovedEventType, instance.LabelPolicyFontRemovedEventType}) } return handler.NewUpdateStatement( @@ -589,7 +589,7 @@ func (p *labelPolicyProjection) reduceAssetsRemoved(event eventstore.Event) (*ha case *org.LabelPolicyAssetsRemovedEvent, *instance.LabelPolicyAssetsRemovedEvent: //ok default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-qi39A", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyAssetsRemovedEventType, instance.LabelPolicyAssetsRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-qi39A", "reduce.wrong.event.type %v", []eventstore.EventType{org.LabelPolicyAssetsRemovedEventType, instance.LabelPolicyAssetsRemovedEventType}) } return handler.NewUpdateStatement( @@ -613,7 +613,7 @@ func (p *labelPolicyProjection) reduceAssetsRemoved(event eventstore.Event) (*ha func (p *labelPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Su6pX", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Su6pX", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/label_policy_test.go b/internal/query/projection/label_policy_test.go index 202e8cd32c..4fbc8b17a5 100644 --- a/internal/query/projection/label_policy_test.go +++ b/internal/query/projection/label_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLabelPolicyProjection_reduces(t *testing.T) { @@ -1025,7 +1025,7 @@ func TestLabelPolicyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/limits_test.go b/internal/query/projection/limits_test.go index 0277e29243..b5b8e0ad46 100644 --- a/internal/query/projection/limits_test.go +++ b/internal/query/projection/limits_test.go @@ -4,10 +4,10 @@ import ( "testing" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/limits" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLimitsProjection_reduces(t *testing.T) { @@ -85,7 +85,7 @@ func TestLimitsProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } event = tt.args.event(t) diff --git a/internal/query/projection/lockout_policy.go b/internal/query/projection/lockout_policy.go index 9ab9f6f519..ceb99c2aa0 100644 --- a/internal/query/projection/lockout_policy.go +++ b/internal/query/projection/lockout_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -114,7 +114,7 @@ func (p *lockoutPolicyProjection) reduceAdded(event eventstore.Event) (*handler. policyEvent = e.LockoutPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-d8mZO", "reduce.wrong.event.type, %v", []eventstore.EventType{org.LockoutPolicyAddedEventType, instance.LockoutPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-d8mZO", "reduce.wrong.event.type, %v", []eventstore.EventType{org.LockoutPolicyAddedEventType, instance.LockoutPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -140,7 +140,7 @@ func (p *lockoutPolicyProjection) reduceChanged(event eventstore.Event) (*handle case *instance.LockoutPolicyChangedEvent: policyEvent = e.LockoutPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-pT3mQ", "reduce.wrong.event.type, %v", []eventstore.EventType{org.LockoutPolicyChangedEventType, instance.LockoutPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-pT3mQ", "reduce.wrong.event.type, %v", []eventstore.EventType{org.LockoutPolicyChangedEventType, instance.LockoutPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(LockoutPolicyChangeDateCol, policyEvent.CreationDate()), @@ -164,7 +164,7 @@ func (p *lockoutPolicyProjection) reduceChanged(event eventstore.Event) (*handle func (p *lockoutPolicyProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.LockoutPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Bqut9", "reduce.wrong.event.type %s", org.LockoutPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Bqut9", "reduce.wrong.event.type %s", org.LockoutPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -177,7 +177,7 @@ func (p *lockoutPolicyProjection) reduceRemoved(event eventstore.Event) (*handle func (p *lockoutPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-IoW0x", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-IoW0x", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/lockout_policy_test.go b/internal/query/projection/lockout_policy_test.go index 65e7125746..781f3a48c4 100644 --- a/internal/query/projection/lockout_policy_test.go +++ b/internal/query/projection/lockout_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLockoutPolicyProjection_reduces(t *testing.T) { @@ -250,7 +250,7 @@ func TestLockoutPolicyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/login_name.go b/internal/query/projection/login_name.go index 44058e5871..3c31928af4 100644 --- a/internal/query/projection/login_name.go +++ b/internal/query/projection/login_name.go @@ -6,7 +6,6 @@ import ( sq "github.com/Masterminds/squirrel" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -14,6 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -340,7 +340,7 @@ func (p *loginNameProjection) reduceUserCreated(event eventstore.Event) (*handle case *user.MachineAddedEvent: userName = e.UserName default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ayo69", "reduce.wrong.event.type %v", []eventstore.EventType{user.UserV1AddedType, user.HumanAddedType, user.UserV1RegisteredType, user.HumanRegisteredType, user.MachineAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ayo69", "reduce.wrong.event.type %v", []eventstore.EventType{user.UserV1AddedType, user.HumanAddedType, user.UserV1RegisteredType, user.HumanRegisteredType, user.MachineAddedEventType}) } return handler.NewCreateStatement( @@ -358,7 +358,7 @@ func (p *loginNameProjection) reduceUserCreated(event eventstore.Event) (*handle func (p *loginNameProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-QIe3C", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-QIe3C", "reduce.wrong.event.type %s", user.UserRemovedType) } return handler.NewDeleteStatement( @@ -374,7 +374,7 @@ func (p *loginNameProjection) reduceUserRemoved(event eventstore.Event) (*handle func (p *loginNameProjection) reduceUserNameChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UsernameChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-QlwjC", "reduce.wrong.event.type %s", user.UserUserNameChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-QlwjC", "reduce.wrong.event.type %s", user.UserUserNameChangedType) } return handler.NewUpdateStatement( @@ -393,7 +393,7 @@ func (p *loginNameProjection) reduceUserNameChanged(event eventstore.Event) (*ha func (p *loginNameProjection) reduceUserDomainClaimed(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.DomainClaimedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-AQMBY", "reduce.wrong.event.type %s", user.UserDomainClaimedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-AQMBY", "reduce.wrong.event.type %s", user.UserDomainClaimedType) } return handler.NewUpdateStatement( @@ -423,7 +423,7 @@ func (p *loginNameProjection) reduceOrgIAMPolicyAdded(event eventstore.Event) (* policyEvent = &e.DomainPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-yCV6S", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyAddedEventType, instance.DomainPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-yCV6S", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyAddedEventType, instance.DomainPolicyAddedEventType}) } return handler.NewCreateStatement( @@ -447,7 +447,7 @@ func (p *loginNameProjection) reduceDomainPolicyChanged(event eventstore.Event) case *instance.DomainPolicyChangedEvent: policyEvent = &e.DomainPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ArFDd", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyChangedEventType, instance.DomainPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ArFDd", "reduce.wrong.event.type %v", []eventstore.EventType{org.DomainPolicyChangedEventType, instance.DomainPolicyChangedEventType}) } if policyEvent.UserLoginMustBeDomain == nil { @@ -470,7 +470,7 @@ func (p *loginNameProjection) reduceDomainPolicyChanged(event eventstore.Event) func (p *loginNameProjection) reduceDomainPolicyRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ysEeB", "reduce.wrong.event.type %s", org.DomainPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ysEeB", "reduce.wrong.event.type %s", org.DomainPolicyRemovedEventType) } return handler.NewDeleteStatement( @@ -486,7 +486,7 @@ func (p *loginNameProjection) reduceDomainPolicyRemoved(event eventstore.Event) func (p *loginNameProjection) reduceDomainVerified(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainVerifiedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-weGAh", "reduce.wrong.event.type %s", org.OrgDomainVerifiedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-weGAh", "reduce.wrong.event.type %s", org.OrgDomainVerifiedEventType) } return handler.NewCreateStatement( @@ -503,7 +503,7 @@ func (p *loginNameProjection) reduceDomainVerified(event eventstore.Event) (*han func (p *loginNameProjection) reducePrimaryDomainSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainPrimarySetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-eOXPN", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-eOXPN", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) } return handler.NewMultiStatement( @@ -536,7 +536,7 @@ func (p *loginNameProjection) reducePrimaryDomainSet(event eventstore.Event) (*h func (p *loginNameProjection) reduceDomainRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-4RHYq", "reduce.wrong.event.type %s", org.OrgDomainRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-4RHYq", "reduce.wrong.event.type %s", org.OrgDomainRemovedEventType) } return handler.NewDeleteStatement( @@ -553,7 +553,7 @@ func (p *loginNameProjection) reduceDomainRemoved(event eventstore.Event) (*hand func (p *loginNameProjection) reduceInstanceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.InstanceRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASeg3", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASeg3", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) } return handler.NewMultiStatement( @@ -582,7 +582,7 @@ func (p *loginNameProjection) reduceInstanceRemoved(event eventstore.Event) (*ha func (p *loginNameProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-px02mo", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-px02mo", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( diff --git a/internal/query/projection/login_name_test.go b/internal/query/projection/login_name_test.go index 019f6fd0a7..dcab0a857e 100644 --- a/internal/query/projection/login_name_test.go +++ b/internal/query/projection/login_name_test.go @@ -3,12 +3,12 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLoginNameProjection_reduces(t *testing.T) { @@ -572,7 +572,7 @@ func TestLoginNameProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/login_policy.go b/internal/query/projection/login_policy.go index 3101accbeb..024f727d6f 100644 --- a/internal/query/projection/login_policy.go +++ b/internal/query/projection/login_policy.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -175,7 +175,7 @@ func (p *loginPolicyProjection) reduceLoginPolicyAdded(event eventstore.Event) ( policyEvent = e.LoginPolicyAddedEvent isDefault = false default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyAddedEventType, instance.LoginPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-pYPxS", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyAddedEventType, instance.LoginPolicyAddedEventType}) } return handler.NewCreateStatement(&policyEvent, []handler.Column{ @@ -213,7 +213,7 @@ func (p *loginPolicyProjection) reduceLoginPolicyChanged(event eventstore.Event) case *org.LoginPolicyChangedEvent: policyEvent = e.LoginPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-BpaO6", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyChangedEventType, instance.LoginPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-BpaO6", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyChangedEventType, instance.LoginPolicyChangedEventType}) } cols := []handler.Column{ @@ -290,7 +290,7 @@ func (p *loginPolicyProjection) reduceMFAAdded(event eventstore.Event) (*handler case *org.LoginPolicyMultiFactorAddedEvent: policyEvent = e.MultiFactorAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-WMhAV", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyMultiFactorAddedEventType, instance.LoginPolicyMultiFactorAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-WMhAV", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyMultiFactorAddedEventType, instance.LoginPolicyMultiFactorAddedEventType}) } return handler.NewUpdateStatement( @@ -315,7 +315,7 @@ func (p *loginPolicyProjection) reduceMFARemoved(event eventstore.Event) (*handl case *org.LoginPolicyMultiFactorRemovedEvent: policyEvent = e.MultiFactorRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-czU7n", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyMultiFactorRemovedEventType, instance.LoginPolicyMultiFactorRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-czU7n", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicyMultiFactorRemovedEventType, instance.LoginPolicyMultiFactorRemovedEventType}) } return handler.NewUpdateStatement( @@ -335,7 +335,7 @@ func (p *loginPolicyProjection) reduceMFARemoved(event eventstore.Event) (*handl func (p *loginPolicyProjection) reduceLoginPolicyRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.LoginPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-oRSvD", "reduce.wrong.event.type %s", org.LoginPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-oRSvD", "reduce.wrong.event.type %s", org.LoginPolicyRemovedEventType) } return handler.NewDeleteStatement( e, @@ -354,7 +354,7 @@ func (p *loginPolicyProjection) reduceSecondFactorAdded(event eventstore.Event) case *org.LoginPolicySecondFactorAddedEvent: policyEvent = e.SecondFactorAddedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-agB2E", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicySecondFactorAddedEventType, instance.LoginPolicySecondFactorAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-agB2E", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicySecondFactorAddedEventType, instance.LoginPolicySecondFactorAddedEventType}) } return handler.NewUpdateStatement( @@ -379,7 +379,7 @@ func (p *loginPolicyProjection) reduceSecondFactorRemoved(event eventstore.Event case *org.LoginPolicySecondFactorRemovedEvent: policyEvent = e.SecondFactorRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-KYJvA", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicySecondFactorRemovedEventType, instance.LoginPolicySecondFactorRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-KYJvA", "reduce.wrong.event.type %v", []eventstore.EventType{org.LoginPolicySecondFactorRemovedEventType, instance.LoginPolicySecondFactorRemovedEventType}) } return handler.NewUpdateStatement( @@ -399,7 +399,7 @@ func (p *loginPolicyProjection) reduceSecondFactorRemoved(event eventstore.Event func (p *loginPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-B8NZW", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-B8NZW", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/login_policy_test.go b/internal/query/projection/login_policy_test.go index 4ebfa3483d..1f10e63bef 100644 --- a/internal/query/projection/login_policy_test.go +++ b/internal/query/projection/login_policy_test.go @@ -5,11 +5,11 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestLoginPolicyProjection_reduces(t *testing.T) { @@ -739,7 +739,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/mail_template.go b/internal/query/projection/mail_template.go index 91bab4c655..e5b4e0b908 100644 --- a/internal/query/projection/mail_template.go +++ b/internal/query/projection/mail_template.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -110,7 +110,7 @@ func (p *mailTemplateProjection) reduceAdded(event eventstore.Event) (*handler.S templateEvent = e.MailTemplateAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-0pJ3f", "reduce.wrong.event.type, %v", []eventstore.EventType{org.MailTemplateAddedEventType, instance.MailTemplateAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-0pJ3f", "reduce.wrong.event.type, %v", []eventstore.EventType{org.MailTemplateAddedEventType, instance.MailTemplateAddedEventType}) } return handler.NewCreateStatement( &templateEvent, @@ -134,7 +134,7 @@ func (p *mailTemplateProjection) reduceChanged(event eventstore.Event) (*handler case *instance.MailTemplateChangedEvent: policyEvent = e.MailTemplateChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-gJ03f", "reduce.wrong.event.type, %v", []eventstore.EventType{org.MailTemplateChangedEventType, instance.MailTemplateChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-gJ03f", "reduce.wrong.event.type, %v", []eventstore.EventType{org.MailTemplateChangedEventType, instance.MailTemplateChangedEventType}) } cols := []handler.Column{ handler.NewCol(MailTemplateChangeDateCol, policyEvent.CreationDate()), @@ -155,7 +155,7 @@ func (p *mailTemplateProjection) reduceChanged(event eventstore.Event) (*handler func (p *mailTemplateProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.MailTemplateRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-3jJGs", "reduce.wrong.event.type %s", org.MailTemplateRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-3jJGs", "reduce.wrong.event.type %s", org.MailTemplateRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -168,7 +168,7 @@ func (p *mailTemplateProjection) reduceRemoved(event eventstore.Event) (*handler func (p *mailTemplateProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-CThXR", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-CThXR", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/mail_template_test.go b/internal/query/projection/mail_template_test.go index 336ad394f6..39a7e45260 100644 --- a/internal/query/projection/mail_template_test.go +++ b/internal/query/projection/mail_template_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestMailTemplateProjection_reduces(t *testing.T) { @@ -240,7 +240,7 @@ func TestMailTemplateProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/message_text_test.go b/internal/query/projection/message_text_test.go index 0fb3f14410..7f67f946a6 100644 --- a/internal/query/projection/message_text_test.go +++ b/internal/query/projection/message_text_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestMessageTextProjection_reduces(t *testing.T) { @@ -712,7 +712,7 @@ func TestMessageTextProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/message_texts.go b/internal/query/projection/message_texts.go index fd6af6c1ab..4b2a2b16ca 100644 --- a/internal/query/projection/message_texts.go +++ b/internal/query/projection/message_texts.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -125,7 +125,7 @@ func (p *messageTextProjection) reduceAdded(event eventstore.Event) (*handler.St case *instance.CustomTextSetEvent: templateEvent = e.CustomTextSetEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-2n90r", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextSetEventType, instance.CustomTextSetEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-2n90r", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextSetEventType, instance.CustomTextSetEventType}) } if !isMessageTemplate(templateEvent.Template) { return handler.NewNoOpStatement(event), nil @@ -182,7 +182,7 @@ func (p *messageTextProjection) reduceRemoved(event eventstore.Event) (*handler. case *instance.CustomTextRemovedEvent: templateEvent = e.CustomTextRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-fm0ge", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextRemovedEventType, instance.CustomTextRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-fm0ge", "reduce.wrong.event.type %v", []eventstore.EventType{org.CustomTextRemovedEventType, instance.CustomTextRemovedEventType}) } if !isMessageTemplate(templateEvent.Template) { return handler.NewNoOpStatement(event), nil @@ -232,7 +232,7 @@ func (p *messageTextProjection) reduceTemplateRemoved(event eventstore.Event) (* case *instance.CustomTextTemplateRemovedEvent: templateEvent = e.CustomTextTemplateRemovedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-2n9rs", "reduce.wrong.event.type %s", org.CustomTextTemplateRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-2n9rs", "reduce.wrong.event.type %s", org.CustomTextTemplateRemovedEventType) } if !isMessageTemplate(templateEvent.Template) { return handler.NewNoOpStatement(event), nil @@ -251,7 +251,7 @@ func (p *messageTextProjection) reduceTemplateRemoved(event eventstore.Event) (* func (p *messageTextProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-mLsQw", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-mLsQw", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/milestones_test.go b/internal/query/projection/milestones_test.go index fd606538a7..884c7e27de 100644 --- a/internal/query/projection/milestones_test.go +++ b/internal/query/projection/milestones_test.go @@ -5,13 +5,13 @@ import ( "time" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/milestone" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestMilestonesProjection_reduces(t *testing.T) { @@ -380,7 +380,7 @@ func TestMilestonesProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } event = tt.args.event(t) diff --git a/internal/query/projection/notification_policy.go b/internal/query/projection/notification_policy.go index 49c8618a2f..4b4d50f690 100644 --- a/internal/query/projection/notification_policy.go +++ b/internal/query/projection/notification_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -111,7 +111,7 @@ func (p *notificationPolicyProjection) reduceAdded(event eventstore.Event) (*han policyEvent = e.NotificationPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-x02s1m", "reduce.wrong.event.type %v", []eventstore.EventType{org.NotificationPolicyAddedEventType, instance.NotificationPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-x02s1m", "reduce.wrong.event.type %v", []eventstore.EventType{org.NotificationPolicyAddedEventType, instance.NotificationPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -136,7 +136,7 @@ func (p *notificationPolicyProjection) reduceChanged(event eventstore.Event) (*h case *instance.NotificationPolicyChangedEvent: policyEvent = e.NotificationPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-psom2h19", "reduce.wrong.event.type %v", []eventstore.EventType{org.NotificationPolicyChangedEventType, instance.NotificationPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-psom2h19", "reduce.wrong.event.type %v", []eventstore.EventType{org.NotificationPolicyChangedEventType, instance.NotificationPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(NotificationPolicyColumnChangeDate, policyEvent.CreationDate()), @@ -157,7 +157,7 @@ func (p *notificationPolicyProjection) reduceChanged(event eventstore.Event) (*h func (p *notificationPolicyProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.NotificationPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Po2iso2", "reduce.wrong.event.type %s", org.NotificationPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Po2iso2", "reduce.wrong.event.type %s", org.NotificationPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -170,7 +170,7 @@ func (p *notificationPolicyProjection) reduceRemoved(event eventstore.Event) (*h func (p *notificationPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-poxi9a", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-poxi9a", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/notification_policy_test.go b/internal/query/projection/notification_policy_test.go index b21f33b74b..3da507fd20 100644 --- a/internal/query/projection/notification_policy_test.go +++ b/internal/query/projection/notification_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestNotificationPolicyProjection_reduces(t *testing.T) { @@ -242,7 +242,7 @@ func TestNotificationPolicyProjection_reduces(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if ok := errors.IsErrorInvalidArgument(err); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/oidc_settings.go b/internal/query/projection/oidc_settings.go index fc53b5260e..8b24b926d7 100644 --- a/internal/query/projection/oidc_settings.go +++ b/internal/query/projection/oidc_settings.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -79,7 +79,7 @@ func (p *oidcSettingsProjection) Reducers() []handler.AggregateReducer { func (p *oidcSettingsProjection) reduceOIDCSettingsAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.OIDCSettingsAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-f9nwf", "reduce.wrong.event.type %s", instance.OIDCSettingsAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-f9nwf", "reduce.wrong.event.type %s", instance.OIDCSettingsAddedEventType) } return handler.NewCreateStatement( e, @@ -101,7 +101,7 @@ func (p *oidcSettingsProjection) reduceOIDCSettingsAdded(event eventstore.Event) func (p *oidcSettingsProjection) reduceOIDCSettingsChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.OIDCSettingsChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-8JJ2d", "reduce.wrong.event.type %s", instance.OIDCSettingsChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-8JJ2d", "reduce.wrong.event.type %s", instance.OIDCSettingsChangedEventType) } columns := make([]handler.Column, 0, 6) diff --git a/internal/query/projection/oidc_settings_test.go b/internal/query/projection/oidc_settings_test.go index c4d5c7b8e2..b78d38d04c 100644 --- a/internal/query/projection/oidc_settings_test.go +++ b/internal/query/projection/oidc_settings_test.go @@ -4,10 +4,10 @@ import ( "testing" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestOIDCSettingsProjection_reduces(t *testing.T) { @@ -119,7 +119,7 @@ func TestOIDCSettingsProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/org.go b/internal/query/projection/org.go index 9db19403ce..271aae145e 100644 --- a/internal/query/projection/org.go +++ b/internal/query/projection/org.go @@ -4,12 +4,12 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -103,7 +103,7 @@ func (p *orgProjection) Reducers() []handler.AggregateReducer { func (p *orgProjection) reduceOrgAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.OrgAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.OrgAddedEventType) } return handler.NewCreateStatement( e, @@ -123,7 +123,7 @@ func (p *orgProjection) reduceOrgAdded(event eventstore.Event) (*handler.Stateme func (p *orgProjection) reduceOrgChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bg8oM", "reduce.wrong.event.type %s", org.OrgChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bg8oM", "reduce.wrong.event.type %s", org.OrgChangedEventType) } if e.Name == "" { return handler.NewNoOpStatement(e), nil @@ -145,7 +145,7 @@ func (p *orgProjection) reduceOrgChanged(event eventstore.Event) (*handler.State func (p *orgProjection) reduceOrgDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgDeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-BApK4", "reduce.wrong.event.type %s", org.OrgDeactivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-BApK4", "reduce.wrong.event.type %s", org.OrgDeactivatedEventType) } return handler.NewUpdateStatement( e, @@ -164,7 +164,7 @@ func (p *orgProjection) reduceOrgDeactivated(event eventstore.Event) (*handler.S func (p *orgProjection) reduceOrgReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-o37De", "reduce.wrong.event.type %s", org.OrgReactivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-o37De", "reduce.wrong.event.type %s", org.OrgReactivatedEventType) } return handler.NewUpdateStatement( e, @@ -183,7 +183,7 @@ func (p *orgProjection) reduceOrgReactivated(event eventstore.Event) (*handler.S func (p *orgProjection) reducePrimaryDomainSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainPrimarySetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-4TbKT", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-4TbKT", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) } return handler.NewUpdateStatement( e, @@ -202,7 +202,7 @@ func (p *orgProjection) reducePrimaryDomainSet(event eventstore.Event) (*handler func (p *orgProjection) reduceOrgRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DgMSg", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-DgMSg", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( e, diff --git a/internal/query/projection/org_domain.go b/internal/query/projection/org_domain.go index 21e03e9225..b412b7fa3a 100644 --- a/internal/query/projection/org_domain.go +++ b/internal/query/projection/org_domain.go @@ -4,12 +4,12 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -103,7 +103,7 @@ func (p *orgDomainProjection) Reducers() []handler.AggregateReducer { func (p *orgDomainProjection) reduceDomainAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DM2DI", "reduce.wrong.event.type %s", org.OrgDomainAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-DM2DI", "reduce.wrong.event.type %s", org.OrgDomainAddedEventType) } return handler.NewCreateStatement( e, @@ -124,7 +124,7 @@ func (p *orgDomainProjection) reduceDomainAdded(event eventstore.Event) (*handle func (p *orgDomainProjection) reduceDomainVerificationAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainVerificationAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-EBzyu", "reduce.wrong.event.type %s", org.OrgDomainVerificationAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-EBzyu", "reduce.wrong.event.type %s", org.OrgDomainVerificationAddedEventType) } return handler.NewUpdateStatement( e, @@ -144,7 +144,7 @@ func (p *orgDomainProjection) reduceDomainVerificationAdded(event eventstore.Eve func (p *orgDomainProjection) reduceDomainVerified(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainVerifiedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-3Rvkr", "reduce.wrong.event.type %s", org.OrgDomainVerifiedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-3Rvkr", "reduce.wrong.event.type %s", org.OrgDomainVerifiedEventType) } return handler.NewUpdateStatement( e, @@ -164,7 +164,7 @@ func (p *orgDomainProjection) reduceDomainVerified(event eventstore.Event) (*han func (p *orgDomainProjection) reducePrimaryDomainSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainPrimarySetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-aIuei", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-aIuei", "reduce.wrong.event.type %s", org.OrgDomainPrimarySetEventType) } return handler.NewMultiStatement( e, @@ -198,7 +198,7 @@ func (p *orgDomainProjection) reducePrimaryDomainSet(event eventstore.Event) (*h func (p *orgDomainProjection) reduceDomainRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.DomainRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-gh1Mx", "reduce.wrong.event.type %s", org.OrgDomainRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-gh1Mx", "reduce.wrong.event.type %s", org.OrgDomainRemovedEventType) } return handler.NewDeleteStatement( e, @@ -213,7 +213,7 @@ func (p *orgDomainProjection) reduceDomainRemoved(event eventstore.Event) (*hand func (p *orgDomainProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dMUKJ", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-dMUKJ", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/org_domain_test.go b/internal/query/projection/org_domain_test.go index 0494177ebf..df01b502f9 100644 --- a/internal/query/projection/org_domain_test.go +++ b/internal/query/projection/org_domain_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestOrgDomainProjection_reduces(t *testing.T) { @@ -245,7 +245,7 @@ func TestOrgDomainProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/org_member.go b/internal/query/projection/org_member.go index 801b682486..37c6d241a8 100644 --- a/internal/query/projection/org_member.go +++ b/internal/query/projection/org_member.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -101,7 +101,7 @@ func (p *orgMemberProjection) Reducers() []handler.AggregateReducer { func (p *orgMemberProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MemberAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.MemberAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-uYq4r", "reduce.wrong.event.type %s", org.MemberAddedEventType) } ctx := setMemberContext(e.Aggregate()) userOwner, err := getResourceOwnerOfUser(ctx, p.es, e.Aggregate().InstanceID, e.UserID) @@ -114,7 +114,7 @@ func (p *orgMemberProjection) reduceAdded(event eventstore.Event) (*handler.Stat func (p *orgMemberProjection) reduceChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MemberChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bg8oM", "reduce.wrong.event.type %s", org.MemberChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bg8oM", "reduce.wrong.event.type %s", org.MemberChangedEventType) } return reduceMemberChanged(e.MemberChangedEvent, withMemberCond(OrgMemberOrgIDCol, e.Aggregate().ID)) } @@ -122,7 +122,7 @@ func (p *orgMemberProjection) reduceChanged(event eventstore.Event) (*handler.St func (p *orgMemberProjection) reduceCascadeRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MemberCascadeRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-4twP2", "reduce.wrong.event.type %s", org.MemberCascadeRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-4twP2", "reduce.wrong.event.type %s", org.MemberCascadeRemovedEventType) } return reduceMemberCascadeRemoved(e.MemberCascadeRemovedEvent, withMemberCond(OrgMemberOrgIDCol, e.Aggregate().ID)) } @@ -130,7 +130,7 @@ func (p *orgMemberProjection) reduceCascadeRemoved(event eventstore.Event) (*han func (p *orgMemberProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MemberRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-avatH", "reduce.wrong.event.type %s", org.MemberRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-avatH", "reduce.wrong.event.type %s", org.MemberRemovedEventType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.UserID), @@ -141,7 +141,7 @@ func (p *orgMemberProjection) reduceRemoved(event eventstore.Event) (*handler.St func (p *orgMemberProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-eBMqH", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-eBMqH", "reduce.wrong.event.type %s", user.UserRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.Aggregate().ID)) } @@ -149,7 +149,7 @@ func (p *orgMemberProjection) reduceUserRemoved(event eventstore.Event) (*handle func (p *orgMemberProjection) reduceOrgRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-jnGAV", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-jnGAV", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( e, diff --git a/internal/query/projection/org_member_test.go b/internal/query/projection/org_member_test.go index 5737c30e8b..7c8fd8679d 100644 --- a/internal/query/projection/org_member_test.go +++ b/internal/query/projection/org_member_test.go @@ -8,12 +8,12 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestOrgMemberProjection_reduces(t *testing.T) { @@ -264,7 +264,7 @@ func TestOrgMemberProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/org_metadata.go b/internal/query/projection/org_metadata.go index e2e21f4e1e..7e4e908820 100644 --- a/internal/query/projection/org_metadata.go +++ b/internal/query/projection/org_metadata.go @@ -3,12 +3,12 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -92,7 +92,7 @@ func (p *orgMetadataProjection) Reducers() []handler.AggregateReducer { func (p *orgMetadataProjection) reduceMetadataSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MetadataSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Ghn53", "reduce.wrong.event.type %s", org.MetadataSetType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ghn53", "reduce.wrong.event.type %s", org.MetadataSetType) } return handler.NewUpsertStatement( e, @@ -117,7 +117,7 @@ func (p *orgMetadataProjection) reduceMetadataSet(event eventstore.Event) (*hand func (p *orgMetadataProjection) reduceMetadataRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.MetadataRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bm542", "reduce.wrong.event.type %s", org.MetadataRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bm542", "reduce.wrong.event.type %s", org.MetadataRemovedType) } return handler.NewDeleteStatement( e, @@ -135,7 +135,7 @@ func (p *orgMetadataProjection) reduceMetadataRemovedAll(event eventstore.Event) *org.OrgRemovedEvent: //ok default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bmnf3", "reduce.wrong.event.type %v", []eventstore.EventType{org.MetadataRemovedAllType, org.OrgRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bmnf3", "reduce.wrong.event.type %v", []eventstore.EventType{org.MetadataRemovedAllType, org.OrgRemovedEventType}) } return handler.NewDeleteStatement( event, @@ -149,7 +149,7 @@ func (p *orgMetadataProjection) reduceMetadataRemovedAll(event eventstore.Event) func (p *orgMetadataProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Hkd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Hkd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewUpdateStatement( diff --git a/internal/query/projection/org_metadata_test.go b/internal/query/projection/org_metadata_test.go index b0fce9911d..1883afac4a 100644 --- a/internal/query/projection/org_metadata_test.go +++ b/internal/query/projection/org_metadata_test.go @@ -3,11 +3,11 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestOrgMetadataProjection_reduces(t *testing.T) { @@ -174,7 +174,7 @@ func TestOrgMetadataProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/org_test.go b/internal/query/projection/org_test.go index 94d72469a7..eec60de1f4 100644 --- a/internal/query/projection/org_test.go +++ b/internal/query/projection/org_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestOrgProjection_reduces(t *testing.T) { @@ -249,7 +249,7 @@ func TestOrgProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/password_age_policy.go b/internal/query/projection/password_age_policy.go index 03e0aee338..5a1bbbdc73 100644 --- a/internal/query/projection/password_age_policy.go +++ b/internal/query/projection/password_age_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -114,7 +114,7 @@ func (p *passwordAgeProjection) reduceAdded(event eventstore.Event) (*handler.St policyEvent = e.PasswordAgePolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-CJqF0", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordAgePolicyAddedEventType, instance.PasswordAgePolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-CJqF0", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordAgePolicyAddedEventType, instance.PasswordAgePolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -140,7 +140,7 @@ func (p *passwordAgeProjection) reduceChanged(event eventstore.Event) (*handler. case *instance.PasswordAgePolicyChangedEvent: policyEvent = e.PasswordAgePolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-i7FZt", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordAgePolicyChangedEventType, instance.PasswordAgePolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-i7FZt", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordAgePolicyChangedEventType, instance.PasswordAgePolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(AgePolicyChangeDateCol, policyEvent.CreationDate()), @@ -164,7 +164,7 @@ func (p *passwordAgeProjection) reduceChanged(event eventstore.Event) (*handler. func (p *passwordAgeProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.PasswordAgePolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-EtHWB", "reduce.wrong.event.type %s", org.PasswordAgePolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-EtHWB", "reduce.wrong.event.type %s", org.PasswordAgePolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -177,7 +177,7 @@ func (p *passwordAgeProjection) reduceRemoved(event eventstore.Event) (*handler. func (p *passwordAgeProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-edLs2", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-edLs2", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/password_age_policy_test.go b/internal/query/projection/password_age_policy_test.go index 8ce044e785..a1a240b985 100644 --- a/internal/query/projection/password_age_policy_test.go +++ b/internal/query/projection/password_age_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPasswordAgeProjection_reduces(t *testing.T) { @@ -250,7 +250,7 @@ func TestPasswordAgeProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/password_complexity_policy.go b/internal/query/projection/password_complexity_policy.go index 96072017dd..2072ba6360 100644 --- a/internal/query/projection/password_complexity_policy.go +++ b/internal/query/projection/password_complexity_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -120,7 +120,7 @@ func (p *passwordComplexityProjection) reduceAdded(event eventstore.Event) (*han policyEvent = e.PasswordComplexityPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-KTHmJ", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, instance.PasswordComplexityPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-KTHmJ", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, instance.PasswordComplexityPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -149,7 +149,7 @@ func (p *passwordComplexityProjection) reduceChanged(event eventstore.Event) (*h case *instance.PasswordComplexityPolicyChangedEvent: policyEvent = e.PasswordComplexityPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-cf3Xb", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, instance.PasswordComplexityPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-cf3Xb", "reduce.wrong.event.type %v", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, instance.PasswordComplexityPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(ComplexityPolicyChangeDateCol, policyEvent.CreationDate()), @@ -182,7 +182,7 @@ func (p *passwordComplexityProjection) reduceChanged(event eventstore.Event) (*h func (p *passwordComplexityProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.PasswordComplexityPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-wttCd", "reduce.wrong.event.type %s", org.PasswordComplexityPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-wttCd", "reduce.wrong.event.type %s", org.PasswordComplexityPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -195,7 +195,7 @@ func (p *passwordComplexityProjection) reduceRemoved(event eventstore.Event) (*h func (p *passwordComplexityProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-pGTz9", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-pGTz9", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/password_complexity_policy_test.go b/internal/query/projection/password_complexity_policy_test.go index 0428d1ae24..f9cb0b75a0 100644 --- a/internal/query/projection/password_complexity_policy_test.go +++ b/internal/query/projection/password_complexity_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPasswordComplexityProjection_reduces(t *testing.T) { @@ -274,7 +274,7 @@ func TestPasswordComplexityProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/privacy_policy.go b/internal/query/projection/privacy_policy.go index 44ac5794fe..2bec8fea18 100644 --- a/internal/query/projection/privacy_policy.go +++ b/internal/query/projection/privacy_policy.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/policy" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -118,7 +118,7 @@ func (p *privacyPolicyProjection) reduceAdded(event eventstore.Event) (*handler. policyEvent = e.PrivacyPolicyAddedEvent isDefault = true default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-kRNh8", "reduce.wrong.event.type %v", []eventstore.EventType{org.PrivacyPolicyAddedEventType, instance.PrivacyPolicyAddedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-kRNh8", "reduce.wrong.event.type %v", []eventstore.EventType{org.PrivacyPolicyAddedEventType, instance.PrivacyPolicyAddedEventType}) } return handler.NewCreateStatement( &policyEvent, @@ -146,7 +146,7 @@ func (p *privacyPolicyProjection) reduceChanged(event eventstore.Event) (*handle case *instance.PrivacyPolicyChangedEvent: policyEvent = e.PrivacyPolicyChangedEvent default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-91weZ", "reduce.wrong.event.type %v", []eventstore.EventType{org.PrivacyPolicyChangedEventType, instance.PrivacyPolicyChangedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-91weZ", "reduce.wrong.event.type %v", []eventstore.EventType{org.PrivacyPolicyChangedEventType, instance.PrivacyPolicyChangedEventType}) } cols := []handler.Column{ handler.NewCol(PrivacyPolicyChangeDateCol, policyEvent.CreationDate()), @@ -176,7 +176,7 @@ func (p *privacyPolicyProjection) reduceChanged(event eventstore.Event) (*handle func (p *privacyPolicyProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { policyEvent, ok := event.(*org.PrivacyPolicyRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-FvtGO", "reduce.wrong.event.type %s", org.PrivacyPolicyRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-FvtGO", "reduce.wrong.event.type %s", org.PrivacyPolicyRemovedEventType) } return handler.NewDeleteStatement( policyEvent, @@ -189,7 +189,7 @@ func (p *privacyPolicyProjection) reduceRemoved(event eventstore.Event) (*handle func (p *privacyPolicyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-bxJCY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-bxJCY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/privacy_policy_test.go b/internal/query/projection/privacy_policy_test.go index 53c147507e..2d768f7e4b 100644 --- a/internal/query/projection/privacy_policy_test.go +++ b/internal/query/projection/privacy_policy_test.go @@ -4,11 +4,11 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPrivacyPolicyProjection_reduces(t *testing.T) { @@ -261,7 +261,7 @@ func TestPrivacyPolicyProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/project.go b/internal/query/projection/project.go index 95f62cdc7c..b894c37cec 100644 --- a/internal/query/projection/project.go +++ b/internal/query/projection/project.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -113,7 +113,7 @@ func (p *projectProjection) Reducers() []handler.AggregateReducer { func (p *projectProjection) reduceProjectAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-l000S", "reduce.wrong.event.type %s", project.ProjectAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-l000S", "reduce.wrong.event.type %s", project.ProjectAddedType) } return handler.NewCreateStatement( e, @@ -137,7 +137,7 @@ func (p *projectProjection) reduceProjectAdded(event eventstore.Event) (*handler func (p *projectProjection) reduceProjectChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectChangeEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-s00Fs", "reduce.wrong.event.type %s", project.ProjectChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-s00Fs", "reduce.wrong.event.type %s", project.ProjectChangedType) } if e.Name == nil && e.HasProjectCheck == nil && e.ProjectRoleAssertion == nil && e.ProjectRoleCheck == nil && e.PrivateLabelingSetting == nil { return handler.NewNoOpStatement(e), nil @@ -174,7 +174,7 @@ func (p *projectProjection) reduceProjectChanged(event eventstore.Event) (*handl func (p *projectProjection) reduceProjectDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectDeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-LLp0f", "reduce.wrong.event.type %s", project.ProjectDeactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-LLp0f", "reduce.wrong.event.type %s", project.ProjectDeactivatedType) } return handler.NewUpdateStatement( e, @@ -193,7 +193,7 @@ func (p *projectProjection) reduceProjectDeactivated(event eventstore.Event) (*h func (p *projectProjection) reduceProjectReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-9J98f", "reduce.wrong.event.type %s", project.ProjectReactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-9J98f", "reduce.wrong.event.type %s", project.ProjectReactivatedType) } return handler.NewUpdateStatement( e, @@ -212,7 +212,7 @@ func (p *projectProjection) reduceProjectReactivated(event eventstore.Event) (*h func (p *projectProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-5N9fs", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-5N9fs", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return handler.NewDeleteStatement( e, @@ -226,7 +226,7 @@ func (p *projectProjection) reduceProjectRemoved(event eventstore.Event) (*handl func (p *projectProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-sbgru", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-sbgru", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/project_grant.go b/internal/query/projection/project_grant.go index 7923299e34..d6fbde8556 100644 --- a/internal/query/projection/project_grant.go +++ b/internal/query/projection/project_grant.go @@ -5,13 +5,13 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -119,7 +119,7 @@ func (p *projectGrantProjection) Reducers() []handler.AggregateReducer { func (p *projectGrantProjection) reduceProjectGrantAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-g92Fg", "reduce.wrong.event.type %s", project.GrantAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-g92Fg", "reduce.wrong.event.type %s", project.GrantAddedType) } return handler.NewCreateStatement( e, @@ -141,7 +141,7 @@ func (p *projectGrantProjection) reduceProjectGrantAdded(event eventstore.Event) func (p *projectGrantProjection) reduceProjectGrantChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-g0fg4", "reduce.wrong.event.type %s", project.GrantChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-g0fg4", "reduce.wrong.event.type %s", project.GrantChangedType) } return handler.NewUpdateStatement( e, @@ -161,7 +161,7 @@ func (p *projectGrantProjection) reduceProjectGrantChanged(event eventstore.Even func (p *projectGrantProjection) reduceProjectGrantCascadeChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantCascadeChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ll9Ts", "reduce.wrong.event.type %s", project.GrantCascadeChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ll9Ts", "reduce.wrong.event.type %s", project.GrantCascadeChangedType) } return handler.NewUpdateStatement( e, @@ -181,7 +181,7 @@ func (p *projectGrantProjection) reduceProjectGrantCascadeChanged(event eventsto func (p *projectGrantProjection) reduceProjectGrantDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantDeactivateEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-0fj2f", "reduce.wrong.event.type %s", project.GrantDeactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-0fj2f", "reduce.wrong.event.type %s", project.GrantDeactivatedType) } return handler.NewUpdateStatement( e, @@ -201,7 +201,7 @@ func (p *projectGrantProjection) reduceProjectGrantDeactivated(event eventstore. func (p *projectGrantProjection) reduceProjectGrantReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-2M0ve", "reduce.wrong.event.type %s", project.GrantReactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-2M0ve", "reduce.wrong.event.type %s", project.GrantReactivatedType) } return handler.NewUpdateStatement( e, @@ -221,7 +221,7 @@ func (p *projectGrantProjection) reduceProjectGrantReactivated(event eventstore. func (p *projectGrantProjection) reduceProjectGrantRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-o0w4f", "reduce.wrong.event.type %s", project.GrantRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-o0w4f", "reduce.wrong.event.type %s", project.GrantRemovedType) } return handler.NewDeleteStatement( e, @@ -236,7 +236,7 @@ func (p *projectGrantProjection) reduceProjectGrantRemoved(event eventstore.Even func (p *projectGrantProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-gn9rw", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-gn9rw", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return handler.NewDeleteStatement( e, @@ -250,7 +250,7 @@ func (p *projectGrantProjection) reduceProjectRemoved(event eventstore.Event) (* func (p *projectGrantProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-HDgW3", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-HDgW3", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( diff --git a/internal/query/projection/project_grant_member.go b/internal/query/projection/project_grant_member.go index cf357ba919..b86c025315 100644 --- a/internal/query/projection/project_grant_member.go +++ b/internal/query/projection/project_grant_member.go @@ -3,7 +3,6 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -12,6 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -122,7 +122,7 @@ func (p *projectGrantMemberProjection) Reducers() []handler.AggregateReducer { func (p *projectGrantMemberProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantMemberAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-0EBQf", "reduce.wrong.event.type %s", project.GrantMemberAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-0EBQf", "reduce.wrong.event.type %s", project.GrantMemberAddedType) } ctx := setMemberContext(e.Aggregate()) userOwner, err := getResourceOwnerOfUser(ctx, p.es, e.Aggregate().InstanceID, e.UserID) @@ -145,7 +145,7 @@ func (p *projectGrantMemberProjection) reduceAdded(event eventstore.Event) (*han func (p *projectGrantMemberProjection) reduceChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantMemberChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-YX5Tk", "reduce.wrong.event.type %s", project.GrantMemberChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-YX5Tk", "reduce.wrong.event.type %s", project.GrantMemberChangedType) } return reduceMemberChanged( *member.NewMemberChangedEvent(&e.BaseEvent, e.UserID, e.Roles...), @@ -157,7 +157,7 @@ func (p *projectGrantMemberProjection) reduceChanged(event eventstore.Event) (*h func (p *projectGrantMemberProjection) reduceCascadeRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantMemberCascadeRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-adnHG", "reduce.wrong.event.type %s", project.GrantMemberCascadeRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-adnHG", "reduce.wrong.event.type %s", project.GrantMemberCascadeRemovedType) } return reduceMemberCascadeRemoved( *member.NewCascadeRemovedEvent(&e.BaseEvent, e.UserID), @@ -169,7 +169,7 @@ func (p *projectGrantMemberProjection) reduceCascadeRemoved(event eventstore.Eve func (p *projectGrantMemberProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantMemberRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-MGNnA", "reduce.wrong.event.type %s", project.GrantMemberRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-MGNnA", "reduce.wrong.event.type %s", project.GrantMemberRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.UserID), @@ -181,7 +181,7 @@ func (p *projectGrantMemberProjection) reduceRemoved(event eventstore.Event) (*h func (p *projectGrantMemberProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-rufJr", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-rufJr", "reduce.wrong.event.type %s", user.UserRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.Aggregate().ID)) } @@ -189,7 +189,7 @@ func (p *projectGrantMemberProjection) reduceUserRemoved(event eventstore.Event) func (p *projectGrantMemberProjection) reduceInstanceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.InstanceRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Z2p6o", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Z2p6o", "reduce.wrong.event.type %s", instance.InstanceRemovedEventType) } return reduceMemberRemoved(e, withMemberCond(MemberInstanceID, e.Aggregate().ID)) } @@ -197,7 +197,7 @@ func (p *projectGrantMemberProjection) reduceInstanceRemoved(event eventstore.Ev func (p *projectGrantMemberProjection) reduceOrgRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Zzp6o", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Zzp6o", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( e, @@ -215,7 +215,7 @@ func (p *projectGrantMemberProjection) reduceOrgRemoved(event eventstore.Event) func (p *projectGrantMemberProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-JLODy", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-JLODy", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return reduceMemberRemoved(e, withMemberCond(ProjectGrantMemberProjectIDCol, e.Aggregate().ID)) } @@ -223,7 +223,7 @@ func (p *projectGrantMemberProjection) reduceProjectRemoved(event eventstore.Eve func (p *projectGrantMemberProjection) reduceProjectGrantRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-D1J9R", "reduce.wrong.event.type %s", project.GrantRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-D1J9R", "reduce.wrong.event.type %s", project.GrantRemovedType) } return reduceMemberRemoved(e, withMemberCond(ProjectGrantMemberGrantIDCol, e.GrantID), diff --git a/internal/query/projection/project_grant_member_test.go b/internal/query/projection/project_grant_member_test.go index b9425d789f..3b7839fe80 100644 --- a/internal/query/projection/project_grant_member_test.go +++ b/internal/query/projection/project_grant_member_test.go @@ -8,13 +8,13 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestProjectGrantMemberProjection_reduces(t *testing.T) { @@ -344,7 +344,7 @@ func TestProjectGrantMemberProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/project_grant_test.go b/internal/query/projection/project_grant_test.go index af8692db91..1ea9105704 100644 --- a/internal/query/projection/project_grant_test.go +++ b/internal/query/projection/project_grant_test.go @@ -5,12 +5,12 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestProjectGrantProjection_reduces(t *testing.T) { @@ -302,7 +302,7 @@ func TestProjectGrantProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/project_member.go b/internal/query/projection/project_member.go index 1a56605740..bf1f82f85d 100644 --- a/internal/query/projection/project_member.go +++ b/internal/query/projection/project_member.go @@ -3,7 +3,6 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -12,6 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -114,7 +114,7 @@ func (p *projectMemberProjection) Reducers() []handler.AggregateReducer { func (p *projectMemberProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.MemberAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-bgx5Q", "reduce.wrong.event.type %s", project.MemberAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-bgx5Q", "reduce.wrong.event.type %s", project.MemberAddedType) } ctx := setMemberContext(e.Aggregate()) userOwner, err := getResourceOwnerOfUser(ctx, p.es, e.Aggregate().InstanceID, e.UserID) @@ -131,7 +131,7 @@ func (p *projectMemberProjection) reduceAdded(event eventstore.Event) (*handler. func (p *projectMemberProjection) reduceChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.MemberChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-90WJ1", "reduce.wrong.event.type %s", project.MemberChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-90WJ1", "reduce.wrong.event.type %s", project.MemberChangedType) } return reduceMemberChanged( *member.NewMemberChangedEvent(&e.BaseEvent, e.UserID, e.Roles...), @@ -142,7 +142,7 @@ func (p *projectMemberProjection) reduceChanged(event eventstore.Event) (*handle func (p *projectMemberProjection) reduceCascadeRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.MemberCascadeRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-aGd43", "reduce.wrong.event.type %s", project.MemberCascadeRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-aGd43", "reduce.wrong.event.type %s", project.MemberCascadeRemovedType) } return reduceMemberCascadeRemoved( *member.NewCascadeRemovedEvent(&e.BaseEvent, e.UserID), @@ -153,7 +153,7 @@ func (p *projectMemberProjection) reduceCascadeRemoved(event eventstore.Event) ( func (p *projectMemberProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.MemberRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-eJZPh", "reduce.wrong.event.type %s", project.MemberRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-eJZPh", "reduce.wrong.event.type %s", project.MemberRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.UserID), @@ -164,7 +164,7 @@ func (p *projectMemberProjection) reduceRemoved(event eventstore.Event) (*handle func (p *projectMemberProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-aYA60", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-aYA60", "reduce.wrong.event.type %s", user.UserRemovedType) } return reduceMemberRemoved(e, withMemberCond(MemberUserIDCol, e.Aggregate().ID)) } @@ -172,7 +172,7 @@ func (p *projectMemberProjection) reduceUserRemoved(event eventstore.Event) (*ha func (p *projectMemberProjection) reduceOrgRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-NGUEL", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-NGUEL", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( e, @@ -184,7 +184,7 @@ func (p *projectMemberProjection) reduceOrgRemoved(event eventstore.Event) (*han func (p *projectMemberProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-NGUEL", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-NGUEL", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return reduceMemberRemoved(e, withMemberCond(ProjectMemberProjectIDCol, e.Aggregate().ID)) } diff --git a/internal/query/projection/project_member_test.go b/internal/query/projection/project_member_test.go index 49a910c1bb..28faa07e6e 100644 --- a/internal/query/projection/project_member_test.go +++ b/internal/query/projection/project_member_test.go @@ -8,13 +8,13 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestProjectMemberProjection_reduces(t *testing.T) { @@ -294,7 +294,7 @@ func TestProjectMemberProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/project_role.go b/internal/query/projection/project_role.go index f1d4d45413..633c35efdb 100644 --- a/internal/query/projection/project_role.go +++ b/internal/query/projection/project_role.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -101,7 +101,7 @@ func (p *projectRoleProjection) Reducers() []handler.AggregateReducer { func (p *projectRoleProjection) reduceProjectRoleAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.RoleAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-g92Fg", "reduce.wrong.event.type %s", project.RoleAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-g92Fg", "reduce.wrong.event.type %s", project.RoleAddedType) } return handler.NewCreateStatement( e, @@ -122,7 +122,7 @@ func (p *projectRoleProjection) reduceProjectRoleAdded(event eventstore.Event) ( func (p *projectRoleProjection) reduceProjectRoleChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.RoleChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-sM0f", "reduce.wrong.event.type %s", project.GrantChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-sM0f", "reduce.wrong.event.type %s", project.GrantChangedType) } if e.DisplayName == nil && e.Group == nil { return handler.NewNoOpStatement(e), nil @@ -150,7 +150,7 @@ func (p *projectRoleProjection) reduceProjectRoleChanged(event eventstore.Event) func (p *projectRoleProjection) reduceProjectRoleRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.RoleRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-L0fJf", "reduce.wrong.event.type %s", project.GrantRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-L0fJf", "reduce.wrong.event.type %s", project.GrantRemovedType) } return handler.NewDeleteStatement( e, @@ -165,7 +165,7 @@ func (p *projectRoleProjection) reduceProjectRoleRemoved(event eventstore.Event) func (p *projectRoleProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-l0geG", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-l0geG", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return handler.NewDeleteStatement( e, @@ -179,7 +179,7 @@ func (p *projectRoleProjection) reduceProjectRemoved(event eventstore.Event) (*h func (p *projectRoleProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-3XrHY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-3XrHY", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/project_role_test.go b/internal/query/projection/project_role_test.go index ee4ace10b5..b6a6d81957 100644 --- a/internal/query/projection/project_role_test.go +++ b/internal/query/projection/project_role_test.go @@ -3,12 +3,12 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestProjectRoleProjection_reduces(t *testing.T) { @@ -217,7 +217,7 @@ func TestProjectRoleProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/project_test.go b/internal/query/projection/project_test.go index af7e85c6ec..f8e693c7af 100644 --- a/internal/query/projection/project_test.go +++ b/internal/query/projection/project_test.go @@ -4,12 +4,12 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/project" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestProjectProjection_reduces(t *testing.T) { @@ -255,7 +255,7 @@ func TestProjectProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/quota.go b/internal/query/projection/quota.go index d92ad0b49d..84721f5d3d 100644 --- a/internal/query/projection/quota.go +++ b/internal/query/projection/quota.go @@ -5,12 +5,12 @@ import ( "time" "github.com/zitadel/zitadel/internal/database" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -300,7 +300,7 @@ func (q *quotaProjection) IncrementUsage(ctx context.Context, unit quota.Unit, i instanceID, unit, periodStart, count, ).Scan(&sum) if err != nil { - return 0, zitadel_errors.ThrowInternalf(err, "PROJ-SJL3h", "incrementing usage for unit %d failed for at least one quota period", unit) + return 0, zerrors.ThrowInternalf(err, "PROJ-SJL3h", "incrementing usage for unit %d failed for at least one quota period", unit) } return sum, err } diff --git a/internal/query/projection/quota_test.go b/internal/query/projection/quota_test.go index fb44901e05..e4c290812e 100644 --- a/internal/query/projection/quota_test.go +++ b/internal/query/projection/quota_test.go @@ -10,11 +10,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/quota" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestQuotasProjection_reduces(t *testing.T) { @@ -348,7 +348,7 @@ func TestQuotasProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } event = tt.args.event(t) diff --git a/internal/query/projection/restrictions.go b/internal/query/projection/restrictions.go index 597a6fac64..44bf97c5d0 100644 --- a/internal/query/projection/restrictions.go +++ b/internal/query/projection/restrictions.go @@ -3,6 +3,7 @@ package projection import ( "context" + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -11,7 +12,7 @@ import ( ) const ( - RestrictionsProjectionTable = "projections.restrictions" + RestrictionsProjectionTable = "projections.restrictions2" RestrictionsColumnAggregateID = "aggregate_id" RestrictionsColumnCreationDate = "creation_date" @@ -21,6 +22,7 @@ const ( RestrictionsColumnSequence = "sequence" RestrictionsColumnDisallowPublicOrgRegistration = "disallow_public_org_registration" + RestrictionsColumnAllowedLanguages = "allowed_languages" ) type restrictionsProjection struct{} @@ -42,7 +44,8 @@ func (*restrictionsProjection) Init() *old_handler.Check { handler.NewColumn(RestrictionsColumnResourceOwner, handler.ColumnTypeText), handler.NewColumn(RestrictionsColumnInstanceID, handler.ColumnTypeText), handler.NewColumn(RestrictionsColumnSequence, handler.ColumnTypeInt64), - handler.NewColumn(RestrictionsColumnDisallowPublicOrgRegistration, handler.ColumnTypeBool), + handler.NewColumn(RestrictionsColumnDisallowPublicOrgRegistration, handler.ColumnTypeBool, handler.Nullable()), + handler.NewColumn(RestrictionsColumnAllowedLanguages, handler.ColumnTypeTextArray, handler.Nullable()), }, handler.NewPrimaryKey(RestrictionsColumnInstanceID, RestrictionsColumnResourceOwner), ), @@ -89,8 +92,11 @@ func (p *restrictionsProjection) reduceRestrictionsSet(event eventstore.Event) ( handler.NewCol(RestrictionsColumnSequence, e.Sequence()), handler.NewCol(RestrictionsColumnAggregateID, e.Aggregate().ID), } - if e.DisallowPublicOrgRegistrations != nil { - updateCols = append(updateCols, handler.NewCol(RestrictionsColumnDisallowPublicOrgRegistration, *e.DisallowPublicOrgRegistrations)) + if e.DisallowPublicOrgRegistration != nil { + updateCols = append(updateCols, handler.NewCol(RestrictionsColumnDisallowPublicOrgRegistration, *e.DisallowPublicOrgRegistration)) + } + if e.AllowedLanguages != nil { + updateCols = append(updateCols, handler.NewCol(RestrictionsColumnAllowedLanguages, domain.LanguagesToStrings(*e.AllowedLanguages))) } return handler.NewUpsertStatement(e, conflictCols, updateCols), nil } diff --git a/internal/query/projection/restrictions_test.go b/internal/query/projection/restrictions_test.go index f018ab00c0..d67459e34c 100644 --- a/internal/query/projection/restrictions_test.go +++ b/internal/query/projection/restrictions_test.go @@ -3,10 +3,10 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/restrictions" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestRestrictionsProjection_reduces(t *testing.T) { @@ -25,7 +25,7 @@ func TestRestrictionsProjection_reduces(t *testing.T) { event: getEvent(testEvent( restrictions.SetEventType, restrictions.AggregateType, - []byte(`{ "disallowPublicOrgRegistrations": true }`), + []byte(`{ "disallowPublicOrgRegistration": true }`), ), restrictions.SetEventMapper), }, reduce: (&restrictionsProjection{}).reduceRestrictionsSet, @@ -35,7 +35,7 @@ func TestRestrictionsProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.restrictions (instance_id, resource_owner, creation_date, change_date, sequence, aggregate_id, disallow_public_org_registration) VALUES ($1, $2, $3, $4, $5, $6, $7) ON CONFLICT (instance_id, resource_owner) DO UPDATE SET (creation_date, change_date, sequence, aggregate_id, disallow_public_org_registration) = (projections.restrictions.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.aggregate_id, EXCLUDED.disallow_public_org_registration)", + expectedStmt: "INSERT INTO projections.restrictions2 (instance_id, resource_owner, creation_date, change_date, sequence, aggregate_id, disallow_public_org_registration) VALUES ($1, $2, $3, $4, $5, $6, $7) ON CONFLICT (instance_id, resource_owner) DO UPDATE SET (creation_date, change_date, sequence, aggregate_id, disallow_public_org_registration) = (projections.restrictions2.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.aggregate_id, EXCLUDED.disallow_public_org_registration)", expectedArgs: []interface{}{ "instance-id", "ro-id", @@ -66,7 +66,7 @@ func TestRestrictionsProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.restrictions (instance_id, resource_owner, creation_date, change_date, sequence, aggregate_id) VALUES ($1, $2, $3, $4, $5, $6) ON CONFLICT (instance_id, resource_owner) DO UPDATE SET (creation_date, change_date, sequence, aggregate_id) = (projections.restrictions.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.aggregate_id)", + expectedStmt: "INSERT INTO projections.restrictions2 (instance_id, resource_owner, creation_date, change_date, sequence, aggregate_id) VALUES ($1, $2, $3, $4, $5, $6) ON CONFLICT (instance_id, resource_owner) DO UPDATE SET (creation_date, change_date, sequence, aggregate_id) = (projections.restrictions2.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.aggregate_id)", expectedArgs: []interface{}{ "instance-id", "ro-id", @@ -85,7 +85,7 @@ func TestRestrictionsProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } event = tt.args.event(t) diff --git a/internal/query/projection/secret_generator.go b/internal/query/projection/secret_generator.go index d81937d677..839dcb5d0e 100644 --- a/internal/query/projection/secret_generator.go +++ b/internal/query/projection/secret_generator.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -89,7 +89,7 @@ func (p *secretGeneratorProjection) Reducers() []handler.AggregateReducer { func (p *secretGeneratorProjection) reduceSecretGeneratorAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SecretGeneratorAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-sk99F", "reduce.wrong.event.type %s", instance.SecretGeneratorAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-sk99F", "reduce.wrong.event.type %s", instance.SecretGeneratorAddedEventType) } return handler.NewCreateStatement( e, @@ -114,7 +114,7 @@ func (p *secretGeneratorProjection) reduceSecretGeneratorAdded(event eventstore. func (p *secretGeneratorProjection) reduceSecretGeneratorChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SecretGeneratorChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-s00Fs", "reduce.wrong.event.type %s", instance.SecretGeneratorChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-s00Fs", "reduce.wrong.event.type %s", instance.SecretGeneratorChangedEventType) } columns := make([]handler.Column, 0, 7) @@ -152,7 +152,7 @@ func (p *secretGeneratorProjection) reduceSecretGeneratorChanged(event eventstor func (p *secretGeneratorProjection) reduceSecretGeneratorRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SecretGeneratorRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fmiIf", "reduce.wrong.event.type %s", instance.SecretGeneratorRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fmiIf", "reduce.wrong.event.type %s", instance.SecretGeneratorRemovedEventType) } return handler.NewDeleteStatement( e, diff --git a/internal/query/projection/secret_generator_test.go b/internal/query/projection/secret_generator_test.go index 4f808d0511..8ddb109b9b 100644 --- a/internal/query/projection/secret_generator_test.go +++ b/internal/query/projection/secret_generator_test.go @@ -5,10 +5,10 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSecretGeneratorProjection_reduces(t *testing.T) { @@ -154,7 +154,7 @@ func TestSecretGeneratorProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/security_policy.go b/internal/query/projection/security_policy.go index 4c30cfc868..c8776ed0b1 100644 --- a/internal/query/projection/security_policy.go +++ b/internal/query/projection/security_policy.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -66,7 +66,7 @@ func (p *securityPolicyProjection) Reducers() []handler.AggregateReducer { func (p *securityPolicyProjection) reduceSecurityPolicySet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SecurityPolicySetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-D3g87", "reduce.wrong.event.type %s", instance.SecurityPolicySetEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-D3g87", "reduce.wrong.event.type %s", instance.SecurityPolicySetEventType) } changes := []handler.Column{ handler.NewCol(SecurityPolicyColumnCreationDate, e.CreationDate()), diff --git a/internal/query/projection/session.go b/internal/query/projection/session.go index 90736523f3..196a352190 100644 --- a/internal/query/projection/session.go +++ b/internal/query/projection/session.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -170,7 +170,7 @@ func (p *sessionProjection) Reducers() []handler.AggregateReducer { func (p *sessionProjection) reduceSessionAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.AddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Sfrgf", "reduce.wrong.event.type %s", session.AddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Sfrgf", "reduce.wrong.event.type %s", session.AddedType) } cols := make([]handler.Column, 0, 12) @@ -207,7 +207,7 @@ func (p *sessionProjection) reduceSessionAdded(event eventstore.Event) (*handler func (p *sessionProjection) reduceUserChecked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.UserCheckedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-saDg5", "reduce.wrong.event.type %s", session.UserCheckedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-saDg5", "reduce.wrong.event.type %s", session.UserCheckedType) } return handler.NewUpdateStatement( e, @@ -228,7 +228,7 @@ func (p *sessionProjection) reduceUserChecked(event eventstore.Event) (*handler. func (p *sessionProjection) reducePasswordChecked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.PasswordCheckedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SDgrb", "reduce.wrong.event.type %s", session.PasswordCheckedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SDgrb", "reduce.wrong.event.type %s", session.PasswordCheckedType) } return handler.NewUpdateStatement( @@ -248,7 +248,7 @@ func (p *sessionProjection) reducePasswordChecked(event eventstore.Event) (*hand func (p *sessionProjection) reduceIntentChecked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.IntentCheckedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SDgr2", "reduce.wrong.event.type %s", session.IntentCheckedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SDgr2", "reduce.wrong.event.type %s", session.IntentCheckedType) } return handler.NewUpdateStatement( @@ -268,7 +268,7 @@ func (p *sessionProjection) reduceIntentChecked(event eventstore.Event) (*handle func (p *sessionProjection) reduceWebAuthNChecked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.WebAuthNCheckedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-WieM4", "reduce.wrong.event.type %s", session.WebAuthNCheckedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-WieM4", "reduce.wrong.event.type %s", session.WebAuthNCheckedType) } return handler.NewUpdateStatement( e, @@ -288,7 +288,7 @@ func (p *sessionProjection) reduceWebAuthNChecked(event eventstore.Event) (*hand func (p *sessionProjection) reduceTOTPChecked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.TOTPCheckedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Oqu8i", "reduce.wrong.event.type %s", session.TOTPCheckedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Oqu8i", "reduce.wrong.event.type %s", session.TOTPCheckedType) } return handler.NewUpdateStatement( @@ -348,7 +348,7 @@ func (p *sessionProjection) reduceOTPEmailChecked(event eventstore.Event) (*hand func (p *sessionProjection) reduceTokenSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.TokenSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAfd3", "reduce.wrong.event.type %s", session.TokenSetType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAfd3", "reduce.wrong.event.type %s", session.TokenSetType) } return handler.NewUpdateStatement( @@ -368,7 +368,7 @@ func (p *sessionProjection) reduceTokenSet(event eventstore.Event) (*handler.Sta func (p *sessionProjection) reduceMetadataSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.MetadataSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAfd3", "reduce.wrong.event.type %s", session.MetadataSetType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAfd3", "reduce.wrong.event.type %s", session.MetadataSetType) } return handler.NewUpdateStatement( @@ -408,7 +408,7 @@ func (p *sessionProjection) reduceLifetimeSet(event eventstore.Event) (*handler. func (p *sessionProjection) reduceSessionTerminated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*session.TerminateEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SAftn", "reduce.wrong.event.type %s", session.TerminateType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAftn", "reduce.wrong.event.type %s", session.TerminateType) } return handler.NewDeleteStatement( @@ -423,7 +423,7 @@ func (p *sessionProjection) reduceSessionTerminated(event eventstore.Event) (*ha func (p *sessionProjection) reducePasswordChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPasswordChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Deg3d", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Deg3d", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) } return handler.NewUpdateStatement( diff --git a/internal/query/projection/session_test.go b/internal/query/projection/session_test.go index 78218c88ab..ecd9ca5f1e 100644 --- a/internal/query/projection/session_test.go +++ b/internal/query/projection/session_test.go @@ -7,12 +7,12 @@ import ( "github.com/muhlemmer/gu" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/session" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSessionProjection_reduces(t *testing.T) { @@ -419,7 +419,7 @@ func TestSessionProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if !errors.IsErrorInvalidArgument(err) { + if !zerrors.IsErrorInvalidArgument(err) { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/sms.go b/internal/query/projection/sms.go index eb173a4cf7..13059203f9 100644 --- a/internal/query/projection/sms.go +++ b/internal/query/projection/sms.go @@ -4,11 +4,11 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -111,7 +111,7 @@ func (p *smsConfigProjection) Reducers() []handler.AggregateReducer { func (p *smsConfigProjection) reduceSMSConfigTwilioAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigTwilioAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-s8efs", "reduce.wrong.event.type %s", instance.SMSConfigTwilioAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-s8efs", "reduce.wrong.event.type %s", instance.SMSConfigTwilioAddedEventType) } return handler.NewMultiStatement( @@ -144,7 +144,7 @@ func (p *smsConfigProjection) reduceSMSConfigTwilioAdded(event eventstore.Event) func (p *smsConfigProjection) reduceSMSConfigTwilioChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigTwilioChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fi99F", "reduce.wrong.event.type %s", instance.SMSConfigTwilioChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fi99F", "reduce.wrong.event.type %s", instance.SMSConfigTwilioChangedEventType) } columns := make([]handler.Column, 0) if e.SID != nil { @@ -180,7 +180,7 @@ func (p *smsConfigProjection) reduceSMSConfigTwilioChanged(event eventstore.Even func (p *smsConfigProjection) reduceSMSConfigTwilioTokenChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigTwilioTokenChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fi99F", "reduce.wrong.event.type %s", instance.SMSConfigTwilioTokenChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fi99F", "reduce.wrong.event.type %s", instance.SMSConfigTwilioTokenChangedEventType) } columns := make([]handler.Column, 0) if e.Token != nil { @@ -213,7 +213,7 @@ func (p *smsConfigProjection) reduceSMSConfigTwilioTokenChanged(event eventstore func (p *smsConfigProjection) reduceSMSConfigActivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigActivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fj9Ef", "reduce.wrong.event.type %s", instance.SMSConfigActivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fj9Ef", "reduce.wrong.event.type %s", instance.SMSConfigActivatedEventType) } return handler.NewUpdateStatement( e, @@ -232,7 +232,7 @@ func (p *smsConfigProjection) reduceSMSConfigActivated(event eventstore.Event) ( func (p *smsConfigProjection) reduceSMSConfigDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigDeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-dj9Js", "reduce.wrong.event.type %s", instance.SMSConfigDeactivatedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-dj9Js", "reduce.wrong.event.type %s", instance.SMSConfigDeactivatedEventType) } return handler.NewUpdateStatement( e, @@ -251,7 +251,7 @@ func (p *smsConfigProjection) reduceSMSConfigDeactivated(event eventstore.Event) func (p *smsConfigProjection) reduceSMSConfigRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMSConfigRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-s9JJf", "reduce.wrong.event.type %s", instance.SMSConfigRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-s9JJf", "reduce.wrong.event.type %s", instance.SMSConfigRemovedEventType) } return handler.NewDeleteStatement( e, diff --git a/internal/query/projection/sms_test.go b/internal/query/projection/sms_test.go index c3ca8f99f8..1e1a384ed2 100644 --- a/internal/query/projection/sms_test.go +++ b/internal/query/projection/sms_test.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSMSProjection_reduces(t *testing.T) { @@ -295,7 +295,7 @@ func TestSMSProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/smtp.go b/internal/query/projection/smtp.go index 40f1519508..b753df7f57 100644 --- a/internal/query/projection/smtp.go +++ b/internal/query/projection/smtp.go @@ -3,11 +3,11 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -93,7 +93,7 @@ func (p *smtpConfigProjection) Reducers() []handler.AggregateReducer { func (p *smtpConfigProjection) reduceSMTPConfigAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMTPConfigAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-sk99F", "reduce.wrong.event.type %s", instance.SMTPConfigAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-sk99F", "reduce.wrong.event.type %s", instance.SMTPConfigAddedEventType) } return handler.NewCreateStatement( e, @@ -118,7 +118,7 @@ func (p *smtpConfigProjection) reduceSMTPConfigAdded(event eventstore.Event) (*h func (p *smtpConfigProjection) reduceSMTPConfigChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMTPConfigChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-wl0wd", "reduce.wrong.event.type %s", instance.SMTPConfigChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-wl0wd", "reduce.wrong.event.type %s", instance.SMTPConfigChangedEventType) } columns := make([]handler.Column, 0, 8) @@ -155,7 +155,7 @@ func (p *smtpConfigProjection) reduceSMTPConfigChanged(event eventstore.Event) ( func (p *smtpConfigProjection) reduceSMTPConfigPasswordChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*instance.SMTPConfigPasswordChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-fk02f", "reduce.wrong.event.type %s", instance.SMTPConfigChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fk02f", "reduce.wrong.event.type %s", instance.SMTPConfigChangedEventType) } return handler.NewUpdateStatement( diff --git a/internal/query/projection/smtp_test.go b/internal/query/projection/smtp_test.go index 922ef12478..3fd78c7bc8 100644 --- a/internal/query/projection/smtp_test.go +++ b/internal/query/projection/smtp_test.go @@ -3,10 +3,10 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestSMTPConfigProjection_reduces(t *testing.T) { @@ -205,7 +205,7 @@ func TestSMTPConfigProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/user.go b/internal/query/projection/user.go index 3451e6fc37..61a9708546 100644 --- a/internal/query/projection/user.go +++ b/internal/query/projection/user.go @@ -5,17 +5,17 @@ import ( "database/sql" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( - UserTable = "projections.users9" + UserTable = "projections.users10" UserHumanTable = UserTable + "_" + UserHumanSuffix UserMachineTable = UserTable + "_" + UserMachineSuffix UserNotifyTable = UserTable + "_" + UserNotifySuffix @@ -57,7 +57,7 @@ const ( MachineUserInstanceIDCol = "instance_id" MachineNameCol = "name" MachineDescriptionCol = "description" - MachineHasSecretCol = "has_secret" + MachineSecretCol = "secret" MachineAccessTokenTypeCol = "access_token_type" // notify @@ -122,7 +122,7 @@ func (*userProjection) Init() *old_handler.Check { handler.NewColumn(MachineUserInstanceIDCol, handler.ColumnTypeText), handler.NewColumn(MachineNameCol, handler.ColumnTypeText), handler.NewColumn(MachineDescriptionCol, handler.ColumnTypeText, handler.Nullable()), - handler.NewColumn(MachineHasSecretCol, handler.ColumnTypeBool, handler.Default(false)), + handler.NewColumn(MachineSecretCol, handler.ColumnTypeJSONB, handler.Nullable()), handler.NewColumn(MachineAccessTokenTypeCol, handler.ColumnTypeEnum, handler.Default(0)), }, handler.NewPrimaryKey(MachineUserInstanceIDCol, MachineUserIDCol), @@ -312,7 +312,7 @@ func (p *userProjection) Reducers() []handler.AggregateReducer { func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Ebynp", "reduce.wrong.event.type %s", user.HumanAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ebynp", "reduce.wrong.event.type %s", user.HumanAddedType) } return handler.NewMultiStatement( e, @@ -360,7 +360,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanRegisteredEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-xE53M", "reduce.wrong.event.type %s", user.HumanRegisteredType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xE53M", "reduce.wrong.event.type %s", user.HumanRegisteredType) } return handler.NewMultiStatement( e, @@ -408,7 +408,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler func (p *userProjection) reduceHumanInitCodeAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanInitialCodeAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dvgws", "reduce.wrong.event.type %s", user.HumanInitialCodeAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dvgws", "reduce.wrong.event.type %s", user.HumanInitialCodeAddedType) } return handler.NewUpdateStatement( e, @@ -425,7 +425,7 @@ func (p *userProjection) reduceHumanInitCodeAdded(event eventstore.Event) (*hand func (p *userProjection) reduceHumanInitCodeSucceeded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanInitializedCheckSucceededEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dfvwq", "reduce.wrong.event.type %s", user.HumanInitializedCheckSucceededType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dfvwq", "reduce.wrong.event.type %s", user.HumanInitializedCheckSucceededType) } return handler.NewUpdateStatement( e, @@ -442,7 +442,7 @@ func (p *userProjection) reduceHumanInitCodeSucceeded(event eventstore.Event) (* func (p *userProjection) reduceUserLocked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserLockedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-exyBF", "reduce.wrong.event.type %s", user.UserLockedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-exyBF", "reduce.wrong.event.type %s", user.UserLockedType) } return handler.NewUpdateStatement( @@ -462,7 +462,7 @@ func (p *userProjection) reduceUserLocked(event eventstore.Event) (*handler.Stat func (p *userProjection) reduceUserUnlocked(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserUnlockedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-JIyRl", "reduce.wrong.event.type %s", user.UserUnlockedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-JIyRl", "reduce.wrong.event.type %s", user.UserUnlockedType) } return handler.NewUpdateStatement( @@ -482,7 +482,7 @@ func (p *userProjection) reduceUserUnlocked(event eventstore.Event) (*handler.St func (p *userProjection) reduceUserDeactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserDeactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-6BNjj", "reduce.wrong.event.type %s", user.UserDeactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-6BNjj", "reduce.wrong.event.type %s", user.UserDeactivatedType) } return handler.NewUpdateStatement( @@ -502,7 +502,7 @@ func (p *userProjection) reduceUserDeactivated(event eventstore.Event) (*handler func (p *userProjection) reduceUserReactivated(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserReactivatedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-IoF6j", "reduce.wrong.event.type %s", user.UserReactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-IoF6j", "reduce.wrong.event.type %s", user.UserReactivatedType) } return handler.NewUpdateStatement( @@ -522,7 +522,7 @@ func (p *userProjection) reduceUserReactivated(event eventstore.Event) (*handler func (p *userProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-BQB2t", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-BQB2t", "reduce.wrong.event.type %s", user.UserRemovedType) } return handler.NewDeleteStatement( @@ -537,7 +537,7 @@ func (p *userProjection) reduceUserRemoved(event eventstore.Event) (*handler.Sta func (p *userProjection) reduceUserNameChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UsernameChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-QNKyV", "reduce.wrong.event.type %s", user.UserUserNameChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-QNKyV", "reduce.wrong.event.type %s", user.UserUserNameChangedType) } return handler.NewUpdateStatement( @@ -557,7 +557,7 @@ func (p *userProjection) reduceUserNameChanged(event eventstore.Event) (*handler func (p *userProjection) reduceDomainClaimed(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.DomainClaimedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-ASwf3", "reduce.wrong.event.type %s", user.UserDomainClaimedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ASwf3", "reduce.wrong.event.type %s", user.UserDomainClaimedType) } return handler.NewUpdateStatement( @@ -577,7 +577,7 @@ func (p *userProjection) reduceDomainClaimed(event eventstore.Event) (*handler.S func (p *userProjection) reduceHumanProfileChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanProfileChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-769v4", "reduce.wrong.event.type %s", user.HumanProfileChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-769v4", "reduce.wrong.event.type %s", user.HumanProfileChangedType) } cols := make([]handler.Column, 0, 6) if e.FirstName != "" { @@ -630,7 +630,7 @@ func (p *userProjection) reduceHumanProfileChanged(event eventstore.Event) (*han func (p *userProjection) reduceHumanPhoneChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPhoneChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-xOGIA", "reduce.wrong.event.type %s", user.HumanPhoneChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xOGIA", "reduce.wrong.event.type %s", user.HumanPhoneChangedType) } return handler.NewMultiStatement( @@ -672,7 +672,7 @@ func (p *userProjection) reduceHumanPhoneChanged(event eventstore.Event) (*handl func (p *userProjection) reduceHumanPhoneRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPhoneRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-JI4S1", "reduce.wrong.event.type %s", user.HumanPhoneRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-JI4S1", "reduce.wrong.event.type %s", user.HumanPhoneRemovedType) } return handler.NewMultiStatement( @@ -715,7 +715,7 @@ func (p *userProjection) reduceHumanPhoneRemoved(event eventstore.Event) (*handl func (p *userProjection) reduceHumanPhoneVerified(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPhoneVerifiedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-LBnqG", "reduce.wrong.event.type %s", user.HumanPhoneVerifiedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-LBnqG", "reduce.wrong.event.type %s", user.HumanPhoneVerifiedType) } return handler.NewMultiStatement( @@ -756,7 +756,7 @@ func (p *userProjection) reduceHumanPhoneVerified(event eventstore.Event) (*hand func (p *userProjection) reduceHumanEmailChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanEmailChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-KwiHa", "reduce.wrong.event.type %s", user.HumanEmailChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-KwiHa", "reduce.wrong.event.type %s", user.HumanEmailChangedType) } return handler.NewMultiStatement( @@ -798,7 +798,7 @@ func (p *userProjection) reduceHumanEmailChanged(event eventstore.Event) (*handl func (p *userProjection) reduceHumanEmailVerified(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanEmailVerifiedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-JzcDq", "reduce.wrong.event.type %s", user.HumanEmailVerifiedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-JzcDq", "reduce.wrong.event.type %s", user.HumanEmailVerifiedType) } return handler.NewMultiStatement( @@ -839,7 +839,7 @@ func (p *userProjection) reduceHumanEmailVerified(event eventstore.Event) (*hand func (p *userProjection) reduceHumanAvatarAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanAvatarAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-eDEdt", "reduce.wrong.event.type %s", user.HumanAvatarAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-eDEdt", "reduce.wrong.event.type %s", user.HumanAvatarAddedType) } return handler.NewMultiStatement( @@ -870,7 +870,7 @@ func (p *userProjection) reduceHumanAvatarAdded(event eventstore.Event) (*handle func (p *userProjection) reduceHumanAvatarRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanAvatarRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-KhETX", "reduce.wrong.event.type %s", user.HumanAvatarRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-KhETX", "reduce.wrong.event.type %s", user.HumanAvatarRemovedType) } return handler.NewMultiStatement( @@ -901,7 +901,7 @@ func (p *userProjection) reduceHumanAvatarRemoved(event eventstore.Event) (*hand func (p *userProjection) reduceHumanPasswordChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.HumanPasswordChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-jqXUY", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-jqXUY", "reduce.wrong.event.type %s", user.HumanPasswordChangedType) } return handler.NewUpdateStatement( @@ -920,7 +920,7 @@ func (p *userProjection) reduceHumanPasswordChanged(event eventstore.Event) (*ha func (p *userProjection) reduceMachineSecretSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MachineSecretSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x0p1n1i", "reduce.wrong.event.type %s", user.MachineSecretSetType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x0p1n1i", "reduce.wrong.event.type %s", user.MachineSecretSetType) } return handler.NewMultiStatement( e, @@ -936,7 +936,7 @@ func (p *userProjection) reduceMachineSecretSet(event eventstore.Event) (*handle ), handler.AddUpdateStatement( []handler.Column{ - handler.NewCol(MachineHasSecretCol, true), + handler.NewCol(MachineSecretCol, e.ClientSecret), }, []handler.Condition{ handler.NewCond(MachineUserIDCol, e.Aggregate().ID), @@ -950,7 +950,7 @@ func (p *userProjection) reduceMachineSecretSet(event eventstore.Event) (*handle func (p *userProjection) reduceMachineSecretRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MachineSecretRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-x0p6n1i", "reduce.wrong.event.type %s", user.MachineSecretRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x0p6n1i", "reduce.wrong.event.type %s", user.MachineSecretRemovedType) } return handler.NewMultiStatement( @@ -967,7 +967,7 @@ func (p *userProjection) reduceMachineSecretRemoved(event eventstore.Event) (*ha ), handler.AddUpdateStatement( []handler.Column{ - handler.NewCol(MachineHasSecretCol, false), + handler.NewCol(MachineSecretCol, nil), }, []handler.Condition{ handler.NewCond(MachineUserIDCol, e.Aggregate().ID), @@ -981,7 +981,7 @@ func (p *userProjection) reduceMachineSecretRemoved(event eventstore.Event) (*ha func (p *userProjection) reduceMachineAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MachineAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-q7ier", "reduce.wrong.event.type %s", user.MachineAddedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-q7ier", "reduce.wrong.event.type %s", user.MachineAddedEventType) } return handler.NewMultiStatement( @@ -1015,7 +1015,7 @@ func (p *userProjection) reduceMachineAdded(event eventstore.Event) (*handler.St func (p *userProjection) reduceMachineChanged(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MachineChangedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-qYHvj", "reduce.wrong.event.type %s", user.MachineChangedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-qYHvj", "reduce.wrong.event.type %s", user.MachineChangedEventType) } cols := make([]handler.Column, 0, 2) @@ -1059,7 +1059,7 @@ func (p *userProjection) reduceMachineChanged(event eventstore.Event) (*handler. func (p *userProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-NCsdV", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-NCsdV", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/user_auth_method.go b/internal/query/projection/user_auth_method.go index 49455c81bd..c545d41c15 100644 --- a/internal/query/projection/user_auth_method.go +++ b/internal/query/projection/user_auth_method.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -162,7 +162,7 @@ func (p *userAuthMethodProjection) reduceInitAuthMethod(event eventstore.Event) case *user.HumanOTPAddedEvent: methodType = domain.UserAuthMethodTypeTOTP default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) } return handler.NewUpsertStatement( @@ -206,7 +206,7 @@ func (p *userAuthMethodProjection) reduceActivateEvent(event eventstore.Event) ( methodType = domain.UserAuthMethodTypeTOTP default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) } return handler.NewUpdateStatement( @@ -235,7 +235,7 @@ func (p *userAuthMethodProjection) reduceAddAuthMethod(event eventstore.Event) ( case *user.HumanOTPEmailAddedEvent: methodType = domain.UserAuthMethodTypeOTPEmail default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DS4g3", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanOTPSMSAddedType, user.HumanOTPEmailAddedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-DS4g3", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanOTPSMSAddedType, user.HumanOTPEmailAddedType}) } return handler.NewCreateStatement( @@ -274,7 +274,7 @@ func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event methodType = domain.UserAuthMethodTypeOTPEmail default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType, user.HumanMFAOTPRemovedType, user.HumanOTPSMSRemovedType, user.HumanPhoneRemovedType, user.HumanOTPEmailRemovedType}) } @@ -296,7 +296,7 @@ func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event func (p *userAuthMethodProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-FwDZ8", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-FwDZ8", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/user_auth_method_test.go b/internal/query/projection/user_auth_method_test.go index e3d52f253e..4902fba820 100644 --- a/internal/query/projection/user_auth_method_test.go +++ b/internal/query/projection/user_auth_method_test.go @@ -4,12 +4,12 @@ import ( "testing" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestUserAuthMethodProjection_reduces(t *testing.T) { @@ -541,7 +541,7 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/user_grant.go b/internal/query/projection/user_grant.go index 43f8ae8b9f..963cad395d 100644 --- a/internal/query/projection/user_grant.go +++ b/internal/query/projection/user_grant.go @@ -6,7 +6,6 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" @@ -15,6 +14,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -178,7 +178,7 @@ func (p *userGrantProjection) Reducers() []handler.AggregateReducer { func (p *userGrantProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*usergrant.UserGrantAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-MQHVB", "reduce.wrong.event.type %s", usergrant.UserGrantAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-MQHVB", "reduce.wrong.event.type %s", usergrant.UserGrantAddedType) } ctx := setUserGrantContext(e.Aggregate()) @@ -231,7 +231,7 @@ func (p *userGrantProjection) reduceChanged(event eventstore.Event) (*handler.St case *usergrant.UserGrantCascadeChangedEvent: roles = e.RoleKeys default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-hOr1E", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantChangedType, usergrant.UserGrantCascadeChangedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-hOr1E", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantChangedType, usergrant.UserGrantCascadeChangedType}) } return handler.NewUpdateStatement( @@ -253,7 +253,7 @@ func (p *userGrantProjection) reduceRemoved(event eventstore.Event) (*handler.St case *usergrant.UserGrantRemovedEvent, *usergrant.UserGrantCascadeRemovedEvent: // ok default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-7OBEC", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantRemovedType, usergrant.UserGrantCascadeRemovedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-7OBEC", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantRemovedType, usergrant.UserGrantCascadeRemovedType}) } return handler.NewDeleteStatement( @@ -267,7 +267,7 @@ func (p *userGrantProjection) reduceRemoved(event eventstore.Event) (*handler.St func (p *userGrantProjection) reduceDeactivated(event eventstore.Event) (*handler.Statement, error) { if _, ok := event.(*usergrant.UserGrantDeactivatedEvent); !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-oP7Gm", "reduce.wrong.event.type %s", usergrant.UserGrantDeactivatedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-oP7Gm", "reduce.wrong.event.type %s", usergrant.UserGrantDeactivatedType) } return handler.NewUpdateStatement( @@ -285,8 +285,8 @@ func (p *userGrantProjection) reduceDeactivated(event eventstore.Event) (*handle } func (p *userGrantProjection) reduceReactivated(event eventstore.Event) (*handler.Statement, error) { - if _, ok := event.(*usergrant.UserGrantDeactivatedEvent); !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DGsKh", "reduce.wrong.event.type %s", usergrant.UserGrantReactivatedType) + if _, ok := event.(*usergrant.UserGrantReactivatedEvent); !ok { + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-DGsKh", "reduce.wrong.event.type %s", usergrant.UserGrantReactivatedType) } return handler.NewUpdateStatement( @@ -305,7 +305,7 @@ func (p *userGrantProjection) reduceReactivated(event eventstore.Event) (*handle func (p *userGrantProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { if _, ok := event.(*user.UserRemovedEvent); !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Bner2a", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Bner2a", "reduce.wrong.event.type %s", user.UserRemovedType) } return handler.NewDeleteStatement( @@ -319,7 +319,7 @@ func (p *userGrantProjection) reduceUserRemoved(event eventstore.Event) (*handle func (p *userGrantProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) { if _, ok := event.(*project.ProjectRemovedEvent); !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Bne2a", "reduce.wrong.event.type %s", project.ProjectRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Bne2a", "reduce.wrong.event.type %s", project.ProjectRemovedType) } return handler.NewDeleteStatement( @@ -334,7 +334,7 @@ func (p *userGrantProjection) reduceProjectRemoved(event eventstore.Event) (*han func (p *userGrantProjection) reduceProjectGrantRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.GrantRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dGr2a", "reduce.wrong.event.type %s", project.GrantRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-dGr2a", "reduce.wrong.event.type %s", project.GrantRemovedType) } return handler.NewDeleteStatement( @@ -349,7 +349,7 @@ func (p *userGrantProjection) reduceProjectGrantRemoved(event eventstore.Event) func (p *userGrantProjection) reduceRoleRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*project.RoleRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dswg2", "reduce.wrong.event.type %s", project.RoleRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-dswg2", "reduce.wrong.event.type %s", project.RoleRemovedType) } return handler.NewUpdateStatement( @@ -375,7 +375,7 @@ func (p *userGrantProjection) reduceProjectGrantChanged(event eventstore.Event) grantID = e.GrantID keys = e.RoleKeys default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Fh3gw", "reduce.wrong.event.type %v", []eventstore.EventType{project.GrantChangedType, project.GrantCascadeChangedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-Fh3gw", "reduce.wrong.event.type %v", []eventstore.EventType{project.GrantChangedType, project.GrantCascadeChangedType}) } return handler.NewUpdateStatement( @@ -393,7 +393,7 @@ func (p *userGrantProjection) reduceProjectGrantChanged(event eventstore.Event) func (p *userGrantProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-jpIvp", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-jpIvp", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewMultiStatement( @@ -441,7 +441,7 @@ func getResourceOwnerOfUser(ctx context.Context, es handler.EventStore, instance return "", err } if len(events) != 1 { - return "", errors.ThrowNotFound(nil, "PROJ-0I92sp", "Errors.User.NotFound") + return "", zerrors.ThrowNotFound(nil, "PROJ-0I92sp", "Errors.User.NotFound") } return events[0].Aggregate().ResourceOwner, nil } @@ -462,7 +462,7 @@ func getResourceOwnerOfProject(ctx context.Context, es handler.EventStore, insta return "", err } if len(events) != 1 { - return "", errors.ThrowNotFound(nil, "PROJ-0I91sp", "Errors.Project.NotFound") + return "", zerrors.ThrowNotFound(nil, "PROJ-0I91sp", "Errors.Project.NotFound") } return events[0].Aggregate().ResourceOwner, nil } @@ -486,11 +486,11 @@ func getGrantedOrgOfGrantedProject(ctx context.Context, es handler.EventStore, i return "", err } if len(events) != 1 { - return "", errors.ThrowNotFound(nil, "PROJ-MoaSpw", "Errors.Grant.NotFound") + return "", zerrors.ThrowNotFound(nil, "PROJ-MoaSpw", "Errors.Grant.NotFound") } grantAddedEvent, ok := events[0].(*project.GrantAddedEvent) if !ok { - return "", errors.ThrowNotFound(nil, "PROJ-P0s2o0", "Errors.Grant.NotFound") + return "", zerrors.ThrowNotFound(nil, "PROJ-P0s2o0", "Errors.Grant.NotFound") } return grantAddedEvent.GrantedOrgID, nil } diff --git a/internal/query/projection/user_grant_test.go b/internal/query/projection/user_grant_test.go index 97a464e370..22644d6e8c 100644 --- a/internal/query/projection/user_grant_test.go +++ b/internal/query/projection/user_grant_test.go @@ -8,7 +8,6 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" @@ -16,6 +15,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/repository/usergrant" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestUserGrantProjection_reduces(t *testing.T) { @@ -345,7 +345,7 @@ func TestUserGrantProjection_reduces(t *testing.T) { usergrant.UserGrantReactivatedType, usergrant.AggregateType, nil, - ), usergrant.UserGrantDeactivatedEventMapper), + ), usergrant.UserGrantReactivatedEventMapper), }, reduce: (&userGrantProjection{}).reduceReactivated, want: wantReduce{ @@ -557,7 +557,7 @@ func TestUserGrantProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/user_metadata.go b/internal/query/projection/user_metadata.go index e1b155294c..6599e1d2ce 100644 --- a/internal/query/projection/user_metadata.go +++ b/internal/query/projection/user_metadata.go @@ -3,13 +3,13 @@ package projection import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -100,7 +100,7 @@ func (p *userMetadataProjection) Reducers() []handler.AggregateReducer { func (p *userMetadataProjection) reduceMetadataSet(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MetadataSetEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Ghn52", "reduce.wrong.event.type %s", user.MetadataSetType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ghn52", "reduce.wrong.event.type %s", user.MetadataSetType) } return handler.NewUpsertStatement( e, @@ -125,7 +125,7 @@ func (p *userMetadataProjection) reduceMetadataSet(event eventstore.Event) (*han func (p *userMetadataProjection) reduceMetadataRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.MetadataRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bm542", "reduce.wrong.event.type %s", user.MetadataRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bm542", "reduce.wrong.event.type %s", user.MetadataRemovedType) } return handler.NewDeleteStatement( e, @@ -143,7 +143,7 @@ func (p *userMetadataProjection) reduceMetadataRemovedAll(event eventstore.Event *user.UserRemovedEvent: //ok default: - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Bmnf2", "reduce.wrong.event.type %v", []eventstore.EventType{user.MetadataRemovedAllType, user.UserRemovedType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Bmnf2", "reduce.wrong.event.type %v", []eventstore.EventType{user.MetadataRemovedAllType, user.UserRemovedType}) } return handler.NewDeleteStatement( event, @@ -157,7 +157,7 @@ func (p *userMetadataProjection) reduceMetadataRemovedAll(event eventstore.Event func (p *userMetadataProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-oqwul", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-oqwul", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/user_metadata_test.go b/internal/query/projection/user_metadata_test.go index 9d0bb60ce2..a6d0ac7a4e 100644 --- a/internal/query/projection/user_metadata_test.go +++ b/internal/query/projection/user_metadata_test.go @@ -3,12 +3,12 @@ package projection import ( "testing" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestUserMetadataProjection_reduces(t *testing.T) { @@ -199,7 +199,7 @@ func TestUserMetadataProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/user_personal_access_token.go b/internal/query/projection/user_personal_access_token.go index 2c072d3bd8..0efb5d6412 100644 --- a/internal/query/projection/user_personal_access_token.go +++ b/internal/query/projection/user_personal_access_token.go @@ -4,13 +4,13 @@ import ( "context" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" old_handler "github.com/zitadel/zitadel/internal/eventstore/handler" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -103,7 +103,7 @@ func (p *personalAccessTokenProjection) Reducers() []handler.AggregateReducer { func (p *personalAccessTokenProjection) reducePersonalAccessTokenAdded(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.PersonalAccessTokenAddedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-DVgf7", "reduce.wrong.event.type %s", user.PersonalAccessTokenAddedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-DVgf7", "reduce.wrong.event.type %s", user.PersonalAccessTokenAddedType) } return handler.NewCreateStatement( e, @@ -124,7 +124,7 @@ func (p *personalAccessTokenProjection) reducePersonalAccessTokenAdded(event eve func (p *personalAccessTokenProjection) reducePersonalAccessTokenRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.PersonalAccessTokenRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-g7u3F", "reduce.wrong.event.type %s", user.PersonalAccessTokenRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-g7u3F", "reduce.wrong.event.type %s", user.PersonalAccessTokenRemovedType) } return handler.NewDeleteStatement( e, @@ -138,7 +138,7 @@ func (p *personalAccessTokenProjection) reducePersonalAccessTokenRemoved(event e func (p *personalAccessTokenProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*user.UserRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Dff3h", "reduce.wrong.event.type %s", user.UserRemovedType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Dff3h", "reduce.wrong.event.type %s", user.UserRemovedType) } return handler.NewDeleteStatement( e, @@ -152,7 +152,7 @@ func (p *personalAccessTokenProjection) reduceUserRemoved(event eventstore.Event func (p *personalAccessTokenProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) { e, ok := event.(*org.OrgRemovedEvent) if !ok { - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-zQVhl", "reduce.wrong.event.type %s", org.OrgRemovedEventType) + return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-zQVhl", "reduce.wrong.event.type %s", org.OrgRemovedEventType) } return handler.NewDeleteStatement( diff --git a/internal/query/projection/user_personal_access_token_test.go b/internal/query/projection/user_personal_access_token_test.go index 4cb7e3162a..43d7638a66 100644 --- a/internal/query/projection/user_personal_access_token_test.go +++ b/internal/query/projection/user_personal_access_token_test.go @@ -5,12 +5,12 @@ import ( "time" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPersonalAccessTokenProjection_reduces(t *testing.T) { @@ -169,7 +169,7 @@ func TestPersonalAccessTokenProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/projection/user_test.go b/internal/query/projection/user_test.go index da4f2a860c..9aaec46cf0 100644 --- a/internal/query/projection/user_test.go +++ b/internal/query/projection/user_test.go @@ -4,13 +4,14 @@ import ( "database/sql" "testing" + "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestUserProjection_reduces(t *testing.T) { @@ -50,7 +51,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -64,7 +65,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -79,7 +80,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -119,7 +120,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -133,7 +134,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -148,7 +149,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -183,7 +184,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -197,7 +198,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -212,7 +213,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -252,7 +253,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -266,7 +267,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -281,7 +282,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -321,7 +322,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -335,7 +336,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -350,7 +351,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -385,7 +386,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -399,7 +400,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedStmt: "INSERT INTO projections.users10_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -414,7 +415,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -444,7 +445,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ domain.UserStateInitial, "agg-id", @@ -472,7 +473,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ domain.UserStateInitial, "agg-id", @@ -500,7 +501,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ domain.UserStateActive, "agg-id", @@ -528,7 +529,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10 SET state = $1 WHERE (id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ domain.UserStateActive, "agg-id", @@ -556,7 +557,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, domain.UserStateLocked, @@ -586,7 +587,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, domain.UserStateActive, @@ -616,7 +617,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, domain.UserStateInactive, @@ -646,7 +647,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, domain.UserStateActive, @@ -676,7 +677,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "DELETE FROM projections.users9 WHERE (id = $1) AND (instance_id = $2)", + expectedStmt: "DELETE FROM projections.users10 WHERE (id = $1) AND (instance_id = $2)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -705,7 +706,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, "username", @@ -737,7 +738,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", + expectedStmt: "UPDATE projections.users10 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)", expectedArgs: []interface{}{ anyArg{}, "id@temporary.domain", @@ -774,7 +775,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -783,7 +784,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)", + expectedStmt: "UPDATE projections.users10_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)", expectedArgs: []interface{}{ "first-name", "last-name", @@ -823,7 +824,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -832,7 +833,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)", + expectedStmt: "UPDATE projections.users10_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)", expectedArgs: []interface{}{ "first-name", "last-name", @@ -867,7 +868,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -876,7 +877,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ domain.PhoneNumber("+41 00 000 00 00"), false, @@ -885,7 +886,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ &sql.NullString{String: "+41 00 000 00 00", Valid: true}, "agg-id", @@ -915,7 +916,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -924,7 +925,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ domain.PhoneNumber("+41 00 000 00 00"), false, @@ -933,7 +934,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ &sql.NullString{String: "+41 00 000 00 00", Valid: true}, "agg-id", @@ -961,7 +962,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -970,7 +971,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ nil, nil, @@ -979,7 +980,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ nil, nil, @@ -1008,7 +1009,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1017,7 +1018,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ nil, nil, @@ -1026,7 +1027,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ nil, nil, @@ -1055,7 +1056,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1064,7 +1065,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ true, "agg-id", @@ -1072,7 +1073,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)", + expectedStmt: "UPDATE projections.users10_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1099,7 +1100,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1108,7 +1109,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ true, "agg-id", @@ -1116,7 +1117,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)", + expectedStmt: "UPDATE projections.users10_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1145,7 +1146,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1154,7 +1155,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ domain.EmailAddress("email@zitadel.com"), false, @@ -1163,7 +1164,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ &sql.NullString{String: "email@zitadel.com", Valid: true}, "agg-id", @@ -1193,7 +1194,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1202,7 +1203,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ domain.EmailAddress("email@zitadel.com"), false, @@ -1211,7 +1212,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ &sql.NullString{String: "email@zitadel.com", Valid: true}, "agg-id", @@ -1239,7 +1240,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1248,7 +1249,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ true, "agg-id", @@ -1256,7 +1257,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)", + expectedStmt: "UPDATE projections.users10_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1283,7 +1284,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1292,7 +1293,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ true, "agg-id", @@ -1300,7 +1301,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)", + expectedStmt: "UPDATE projections.users10_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1329,7 +1330,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1338,7 +1339,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ "users/agg-id/avatar", "agg-id", @@ -1366,7 +1367,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1375,7 +1376,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ nil, "agg-id", @@ -1406,7 +1407,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -1420,7 +1421,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1454,7 +1455,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "INSERT INTO projections.users9 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedStmt: "INSERT INTO projections.users10 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", expectedArgs: []interface{}{ "agg-id", anyArg{}, @@ -1468,7 +1469,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "INSERT INTO projections.users9_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)", + expectedStmt: "INSERT INTO projections.users10_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)", expectedArgs: []interface{}{ "agg-id", "instance-id", @@ -1501,7 +1502,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1510,7 +1511,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ "machine-name", "description", @@ -1541,7 +1542,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1550,7 +1551,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ "machine-name", "agg-id", @@ -1580,7 +1581,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1589,7 +1590,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ "description", "agg-id", @@ -1627,7 +1628,7 @@ func TestUserProjection_reduces(t *testing.T) { user.MachineSecretSetType, user.AggregateType, []byte(`{ - "client_secret": {} + "clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"} }`), ), user.MachineSecretSetEventMapper), }, @@ -1638,7 +1639,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1647,9 +1648,13 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ - true, + &crypto.CryptoValue{ + CryptoType: crypto.TypeHash, + Algorithm: "bcrypt", + Crypted: []byte{117, 230, 157, 109, 231, 159}, + }, "agg-id", "instance-id", }, @@ -1659,7 +1664,7 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - name: "reduceMachineSecretSet", + name: "reduceMachineSecretRemoved", args: args{ event: getEvent( testEvent( @@ -1675,7 +1680,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "UPDATE projections.users9 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", + expectedStmt: "UPDATE projections.users10 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)", expectedArgs: []interface{}{ anyArg{}, uint64(15), @@ -1684,9 +1689,9 @@ func TestUserProjection_reduces(t *testing.T) { }, }, { - expectedStmt: "UPDATE projections.users9_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)", + expectedStmt: "UPDATE projections.users10_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)", expectedArgs: []interface{}{ - false, + nil, "agg-id", "instance-id", }, @@ -1712,7 +1717,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "DELETE FROM projections.users9 WHERE (instance_id = $1) AND (resource_owner = $2)", + expectedStmt: "DELETE FROM projections.users10 WHERE (instance_id = $1) AND (resource_owner = $2)", expectedArgs: []interface{}{ "instance-id", "agg-id", @@ -1739,7 +1744,7 @@ func TestUserProjection_reduces(t *testing.T) { executer: &testExecuter{ executions: []execution{ { - expectedStmt: "DELETE FROM projections.users9 WHERE (instance_id = $1)", + expectedStmt: "DELETE FROM projections.users10 WHERE (instance_id = $1)", expectedArgs: []interface{}{ "agg-id", }, @@ -1753,7 +1758,7 @@ func TestUserProjection_reduces(t *testing.T) { t.Run(tt.name, func(t *testing.T) { event := baseEvent(t) got, err := tt.reduce(event) - if _, ok := err.(errors.InvalidArgument); !ok { + if ok := zerrors.IsErrorInvalidArgument(err); !ok { t.Errorf("no wrong event mapping: %v, got: %v", err, got) } diff --git a/internal/query/query.go b/internal/query/query.go index 229895da1c..1b48c44a4f 100644 --- a/internal/query/query.go +++ b/internal/query/query.go @@ -3,12 +3,10 @@ package query import ( "context" "fmt" - "net/http" "regexp" "sync" "time" - "github.com/rakyll/statik/fs" "github.com/zitadel/logging" "golang.org/x/text/language" @@ -22,6 +20,7 @@ import ( "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/repository/deviceauth" "github.com/zitadel/zitadel/internal/repository/idpintent" iam_repo "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/keypair" @@ -47,8 +46,6 @@ type Queries struct { checkPermission domain.PermissionCheck DefaultLanguage language.Tag - LoginDir http.FileSystem - NotificationDir http.FileSystem mutex sync.Mutex LoginTranslationFileContents map[string][]byte NotificationTranslationFileContents map[string][]byte @@ -71,22 +68,10 @@ func StartQueries( defaultAuditLogRetention time.Duration, systemAPIUsers map[string]*authz.SystemAPIUser, ) (repo *Queries, err error) { - statikLoginFS, err := fs.NewWithNamespace("login") - if err != nil { - return nil, fmt.Errorf("unable to start login statik dir") - } - - statikNotificationFS, err := fs.NewWithNamespace("notification") - if err != nil { - return nil, fmt.Errorf("unable to start notification statik dir") - } - repo = &Queries{ eventstore: es, client: querySqlClient, DefaultLanguage: language.Und, - LoginDir: statikLoginFS, - NotificationDir: statikNotificationFS, LoginTranslationFileContents: make(map[string][]byte), NotificationTranslationFileContents: make(map[string][]byte), zitadelRoles: zitadelRoles, @@ -115,6 +100,7 @@ func StartQueries( quota.RegisterEventMappers(repo.eventstore) limits.RegisterEventMappers(repo.eventstore) restrictions.RegisterEventMappers(repo.eventstore) + deviceauth.RegisterEventMappers(repo.eventstore) repo.checkPermission = permissionCheck(repo) diff --git a/internal/query/query_test.go b/internal/query/query_test.go index f1dee69814..a7f43bbabb 100644 --- a/internal/query/query_test.go +++ b/internal/query/query_test.go @@ -12,6 +12,7 @@ import ( "github.com/zitadel/zitadel/internal/eventstore/repository/mock" action_repo "github.com/zitadel/zitadel/internal/repository/action" "github.com/zitadel/zitadel/internal/repository/authrequest" + "github.com/zitadel/zitadel/internal/repository/deviceauth" "github.com/zitadel/zitadel/internal/repository/feature" "github.com/zitadel/zitadel/internal/repository/idpintent" iam_repo "github.com/zitadel/zitadel/internal/repository/instance" @@ -54,6 +55,7 @@ func expectEventstore(expects ...expect) func(*testing.T) *eventstore.Eventstore quota_repo.RegisterEventMappers(es) limits.RegisterEventMappers(es) feature.RegisterEventMappers(es) + deviceauth.RegisterEventMappers(es) return es } } diff --git a/internal/query/quota.go b/internal/query/quota.go index 1919902a27..1af5be8f87 100644 --- a/internal/query/quota.go +++ b/internal/query/quota.go @@ -3,16 +3,16 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/quota" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -70,7 +70,7 @@ func (q *Queries) GetQuota(ctx context.Context, instanceID string, unit quota.Un }, ).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-XmYn9", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-XmYn9", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { qu, err = scan(row) @@ -96,10 +96,10 @@ func prepareQuotaQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde var now time.Time err := row.Scan(&q.ID, &q.From, &interval, &q.Amount, &q.Limit, &now) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-rDTM6", "Errors.Quota.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-rDTM6", "Errors.Quota.NotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-LqySK", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-LqySK", "Errors.Internal") } q.ResetInterval = time.Duration(interval) q.CurrentPeriodStart = pushPeriodStart(q.From, q.ResetInterval, now) diff --git a/internal/query/quota_notifications.go b/internal/query/quota_notifications.go index 7fc0748f63..0015278b20 100644 --- a/internal/query/quota_notifications.go +++ b/internal/query/quota_notifications.go @@ -3,18 +3,17 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "math" "time" sq "github.com/Masterminds/squirrel" - "github.com/pkg/errors" "github.com/zitadel/zitadel/internal/api/call" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/quota" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -85,7 +84,7 @@ func (q *Queries) GetDueQuotaNotifications(ctx context.Context, instanceID strin }, ).ToSql() if err != nil { - return nil, zitadel_errors.ThrowInternal(err, "QUERY-XmYn9", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-XmYn9", "Errors.Query.SQLStatement") } var notifications *QuotaNotifications err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -166,10 +165,10 @@ func prepareQuotaNotificationsQuery(ctx context.Context, db prepareDatabase) (sq var nextDueThreshold sql.NullInt16 err := rows.Scan(&cfg.ID, &cfg.CallURL, &cfg.Percent, &cfg.Repeat, &nextDueThreshold) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, zitadel_errors.ThrowNotFound(err, "QUERY-bbqWb", "Errors.QuotaNotification.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-bbqWb", "Errors.QuotaNotification.NotExisting") } - return nil, zitadel_errors.ThrowInternal(err, "QUERY-8copS", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-8copS", "Errors.Internal") } if nextDueThreshold.Valid { cfg.NextDueThreshold = uint16(nextDueThreshold.Int16) diff --git a/internal/query/quota_periods.go b/internal/query/quota_periods.go index ce1b76cd08..6ec42deba3 100644 --- a/internal/query/quota_periods.go +++ b/internal/query/quota_periods.go @@ -8,10 +8,10 @@ import ( sq "github.com/Masterminds/squirrel" "github.com/zitadel/zitadel/internal/api/call" - zitadel_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/repository/quota" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -54,13 +54,13 @@ func (q *Queries) GetRemainingQuotaUsage(ctx context.Context, instanceID string, }). ToSql() if err != nil { - return nil, zitadel_errors.ThrowInternal(err, "QUERY-FSA3g", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-FSA3g", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { remaining, err = scan(row) return err }, query, args...) - if zitadel_errors.IsNotFound(err) { + if zerrors.IsNotFound(err) { return nil, nil } return remaining, err @@ -78,9 +78,9 @@ func prepareRemainingQuotaUsageQuery(ctx context.Context, db prepareDatabase) (s err := row.Scan(remaining) if err != nil { if errors.Is(err, sql.ErrNoRows) { - return nil, zitadel_errors.ThrowNotFound(err, "QUERY-quiowi2", "Errors.Internal") + return nil, zerrors.ThrowNotFound(err, "QUERY-quiowi2", "Errors.Internal") } - return nil, zitadel_errors.ThrowInternal(err, "QUERY-81j1jn2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-81j1jn2", "Errors.Internal") } return remaining, nil } diff --git a/internal/query/quota_periods_test.go b/internal/query/quota_periods_test.go index 25ea2056e9..0f44c5e547 100644 --- a/internal/query/quota_periods_test.go +++ b/internal/query/quota_periods_test.go @@ -8,7 +8,7 @@ import ( "regexp" "testing" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -42,7 +42,7 @@ func Test_prepareRemainingQuotaUsageQuery(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/quota_test.go b/internal/query/quota_test.go index c96af861a0..5a75310b72 100644 --- a/internal/query/quota_test.go +++ b/internal/query/quota_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -52,7 +52,7 @@ func Test_QuotaPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/restrictions.go b/internal/query/restrictions.go index 80217164ab..9e0dd37aa6 100644 --- a/internal/query/restrictions.go +++ b/internal/query/restrictions.go @@ -7,12 +7,15 @@ import ( "time" sq "github.com/Masterminds/squirrel" + "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - zitade_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/database" + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + zitade_errors "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -44,10 +47,14 @@ var ( name: projection.RestrictionsColumnSequence, table: restrictionsTable, } - RestrictionsColumnDisallowPublicOrgRegistrations = Column{ + RestrictionsColumnDisallowPublicOrgRegistration = Column{ name: projection.RestrictionsColumnDisallowPublicOrgRegistration, table: restrictionsTable, } + RestrictionsColumnAllowedLanguages = Column{ + name: projection.RestrictionsColumnAllowedLanguages, + table: restrictionsTable, + } ) type Restrictions struct { @@ -58,6 +65,7 @@ type Restrictions struct { Sequence uint64 DisallowPublicOrgRegistration bool + AllowedLanguages []language.Tag } func (q *Queries) GetInstanceRestrictions(ctx context.Context) (restrictions Restrictions, err error) { @@ -91,18 +99,25 @@ func prepareRestrictionsQuery(ctx context.Context, db prepareDatabase) (sq.Selec RestrictionsColumnChangeDate.identifier(), RestrictionsColumnResourceOwner.identifier(), RestrictionsColumnSequence.identifier(), - RestrictionsColumnDisallowPublicOrgRegistrations.identifier(), + RestrictionsColumnDisallowPublicOrgRegistration.identifier(), + RestrictionsColumnAllowedLanguages.identifier(), ). From(restrictionsTable.identifier() + db.Timetravel(call.Took(ctx))). PlaceholderFormat(sq.Dollar), func(row *sql.Row) (restrictions Restrictions, err error) { - return restrictions, row.Scan( + allowedLanguages := database.TextArray[string](make([]string, 0)) + disallowPublicOrgRegistration := sql.NullBool{} + err = row.Scan( &restrictions.AggregateID, &restrictions.CreationDate, &restrictions.ChangeDate, &restrictions.ResourceOwner, &restrictions.Sequence, - &restrictions.DisallowPublicOrgRegistration, + &disallowPublicOrgRegistration, + &allowedLanguages, ) + restrictions.DisallowPublicOrgRegistration = disallowPublicOrgRegistration.Bool + restrictions.AllowedLanguages = domain.StringsToLanguages(allowedLanguages) + return restrictions, err } } diff --git a/internal/query/restrictions_test.go b/internal/query/restrictions_test.go index 83e6d9a8fe..cc7ee8442a 100644 --- a/internal/query/restrictions_test.go +++ b/internal/query/restrictions_test.go @@ -7,16 +7,21 @@ import ( "fmt" "regexp" "testing" + + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/database" ) var ( - expectedRestrictionsQuery = regexp.QuoteMeta("SELECT projections.restrictions.aggregate_id," + - " projections.restrictions.creation_date," + - " projections.restrictions.change_date," + - " projections.restrictions.resource_owner," + - " projections.restrictions.sequence," + - " projections.restrictions.disallow_public_org_registration" + - " FROM projections.restrictions" + + expectedRestrictionsQuery = regexp.QuoteMeta("SELECT projections.restrictions2.aggregate_id," + + " projections.restrictions2.creation_date," + + " projections.restrictions2.change_date," + + " projections.restrictions2.resource_owner," + + " projections.restrictions2.sequence," + + " projections.restrictions2.disallow_public_org_registration," + + " projections.restrictions2.allowed_languages" + + " FROM projections.restrictions2" + " AS OF SYSTEM TIME '-1 ms'", ) @@ -27,6 +32,7 @@ var ( "resource_owner", "sequence", "disallow_public_org_registration", + "allowed_languages", } ) @@ -56,7 +62,9 @@ func Test_RestrictionsPrepare(t *testing.T) { } return nil, true }, - object: Restrictions{}, + object: Restrictions{ + AllowedLanguages: make([]language.Tag, 0), + }, }, }, { @@ -73,6 +81,7 @@ func Test_RestrictionsPrepare(t *testing.T) { "instance1", 0, true, + database.TextArray[string]([]string{"en", "de", "ru"}), }, ), object: Restrictions{ @@ -82,6 +91,7 @@ func Test_RestrictionsPrepare(t *testing.T) { ResourceOwner: "instance1", Sequence: 0, DisallowPublicOrgRegistration: true, + AllowedLanguages: []language.Tag{language.Make("en"), language.Make("de"), language.Make("ru")}, }, }, }, diff --git a/internal/query/search_query.go b/internal/query/search_query.go index c92f155d2a..b4944a8f2d 100644 --- a/internal/query/search_query.go +++ b/internal/query/search_query.go @@ -8,6 +8,7 @@ import ( sq "github.com/Masterminds/squirrel" + "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" ) @@ -255,7 +256,7 @@ func NewInTextQuery(col Column, values []string) (*InTextQuery, error) { }, nil } -type TextQuery struct { +type textQuery struct { Column Column Text string Compare TextComparison @@ -269,21 +270,38 @@ var ( ErrEmptyValues = errors.New("values array must not be empty") ) -func NewTextQuery(col Column, value string, compare TextComparison) (*TextQuery, error) { +func NewTextQuery(col Column, value string, compare TextComparison) (*textQuery, error) { if compare < 0 || compare >= textCompareMax { return nil, ErrInvalidCompare } if col.isZero() { return nil, ErrMissingColumn } - return &TextQuery{ + // handle the comparisons which use (i)like and therefore need to escape potential wildcards in the value + switch compare { + case TextEqualsIgnoreCase, + TextStartsWith, + TextStartsWithIgnoreCase, + TextEndsWith, + TextEndsWithIgnoreCase, + TextContains, + TextContainsIgnoreCase: + value = database.EscapeLikeWildcards(value) + case TextEquals, + TextListContains, + TextNotEquals, + textCompareMax: + // do nothing + } + + return &textQuery{ Column: col, Text: value, Compare: compare, }, nil } -func (q *TextQuery) Col() Column { +func (q *textQuery) Col() Column { return q.Column } @@ -296,11 +314,11 @@ func (q *InTextQuery) comp() sq.Sqlizer { return sq.Eq{q.Column.identifier(): q.Values} } -func (q *TextQuery) toQuery(query sq.SelectBuilder) sq.SelectBuilder { +func (q *textQuery) toQuery(query sq.SelectBuilder) sq.SelectBuilder { return query.Where(q.comp()) } -func (q *TextQuery) comp() sq.Sqlizer { +func (q *textQuery) comp() sq.Sqlizer { switch q.Compare { case TextEquals: return sq.Eq{q.Column.identifier(): q.Text} @@ -346,32 +364,6 @@ const ( textCompareMax ) -// Deprecated: Use TextComparison, will be removed as soon as all calls are changed to query -func TextComparisonFromMethod(m domain.SearchMethod) TextComparison { - switch m { - case domain.SearchMethodEquals: - return TextEquals - case domain.SearchMethodEqualsIgnoreCase: - return TextEqualsIgnoreCase - case domain.SearchMethodStartsWith: - return TextStartsWith - case domain.SearchMethodStartsWithIgnoreCase: - return TextStartsWithIgnoreCase - case domain.SearchMethodContains: - return TextContains - case domain.SearchMethodContainsIgnoreCase: - return TextContainsIgnoreCase - case domain.SearchMethodEndsWith: - return TextEndsWith - case domain.SearchMethodEndsWithIgnoreCase: - return TextEndsWithIgnoreCase - case domain.SearchMethodListContains: - return TextListContains - default: - return textCompareMax - } -} - type NumberQuery struct { Column Column Number interface{} diff --git a/internal/query/search_query_test.go b/internal/query/search_query_test.go index ac56eb6eee..c64b2c131c 100644 --- a/internal/query/search_query_test.go +++ b/internal/query/search_query_test.go @@ -191,7 +191,7 @@ func TestNewSubSelect(t *testing.T) { name: "no column 1", args: args{ column: Column{}, - queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}, + queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}, }, wantErr: func(err error) bool { return errors.Is(err, ErrMissingColumn) @@ -201,7 +201,7 @@ func TestNewSubSelect(t *testing.T) { name: "no column name 1", args: args{ column: testNoCol, - queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}, + queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}, }, wantErr: func(err error) bool { return errors.Is(err, ErrMissingColumn) @@ -211,22 +211,22 @@ func TestNewSubSelect(t *testing.T) { name: "correct 1", args: args{ column: testCol, - queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}, + queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}, }, want: &SubSelect{ Column: testCol, - Queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}, + Queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}, }, }, { name: "correct 3", args: args{ column: testCol, - queries: []SearchQuery{&TextQuery{testCol, "horst1", TextEquals}, &TextQuery{testCol, "horst2", TextEquals}, &TextQuery{testCol, "horst3", TextEquals}}, + queries: []SearchQuery{&textQuery{testCol, "horst1", TextEquals}, &textQuery{testCol, "horst2", TextEquals}, &textQuery{testCol, "horst3", TextEquals}}, }, want: &SubSelect{ Column: testCol, - Queries: []SearchQuery{&TextQuery{testCol, "horst1", TextEquals}, &TextQuery{testCol, "horst2", TextEquals}, &TextQuery{testCol, "horst3", TextEquals}}, + Queries: []SearchQuery{&textQuery{testCol, "horst1", TextEquals}, &textQuery{testCol, "horst2", TextEquals}, &textQuery{testCol, "horst3", TextEquals}}, }, }, } @@ -275,7 +275,7 @@ func TestSubSelect_comp(t *testing.T) { name: "queries 1", fields: fields{ Column: testCol, - Queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}, + Queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}, }, want: want{ query: sq.Select("test_table.test_col").From("test_table").Where(sq.Eq{"test_table.test_col": interface{}("horst")}), @@ -285,7 +285,7 @@ func TestSubSelect_comp(t *testing.T) { name: "queries 1 with alias", fields: fields{ Column: testColAlias, - Queries: []SearchQuery{&TextQuery{testColAlias, "horst", TextEquals}}, + Queries: []SearchQuery{&textQuery{testColAlias, "horst", TextEquals}}, }, want: want{ query: sq.Select("test_alias.test_col").From("test_table AS test_alias").Where(sq.Eq{"test_alias.test_col": interface{}("horst")}), @@ -295,7 +295,7 @@ func TestSubSelect_comp(t *testing.T) { name: "queries 3", fields: fields{ Column: testCol, - Queries: []SearchQuery{&TextQuery{testCol, "horst1", TextEquals}, &TextQuery{testCol, "horst2", TextEquals}, &TextQuery{testCol, "horst3", TextEquals}}, + Queries: []SearchQuery{&textQuery{testCol, "horst1", TextEquals}, &textQuery{testCol, "horst2", TextEquals}, &textQuery{testCol, "horst3", TextEquals}}, }, want: want{ query: sq.Select("test_table.test_col").From("test_table").From("test_table").Where(sq.Eq{"test_table.test_col": "horst1"}).From("test_table").Where(sq.Eq{"test_table.test_col": "horst2"}).From("test_table").Where(sq.Eq{"test_table.test_col": "horst3"}), @@ -585,12 +585,12 @@ func TestNewListQuery(t *testing.T) { name: "correct", args: args{ column: testCol, - data: &SubSelect{Column: testCol, Queries: []SearchQuery{&TextQuery{testCol, "horst1", TextEquals}}}, + data: &SubSelect{Column: testCol, Queries: []SearchQuery{&textQuery{testCol, "horst1", TextEquals}}}, compare: ListIn, }, want: &ListQuery{ Column: testCol, - Data: &SubSelect{Column: testCol, Queries: []SearchQuery{&TextQuery{testCol, "horst1", TextEquals}}}, + Data: &SubSelect{Column: testCol, Queries: []SearchQuery{&textQuery{testCol, "horst1", TextEquals}}}, Compare: ListIn, }, }, @@ -697,7 +697,7 @@ func TestListQuery_comp(t *testing.T) { name: "in subquery text", fields: fields{ Column: testCol, - Data: &SubSelect{Column: testCol, Queries: []SearchQuery{&TextQuery{testCol, "horst", TextEquals}}}, + Data: &SubSelect{Column: testCol, Queries: []SearchQuery{&textQuery{testCol, "horst", TextEquals}}}, Compare: ListIn, }, want: want{ @@ -779,7 +779,7 @@ func TestNewTextQuery(t *testing.T) { tests := []struct { name string args args - want *TextQuery + want *textQuery wantErr func(error) bool }{ { @@ -827,18 +827,317 @@ func TestNewTextQuery(t *testing.T) { }, }, { - name: "correct", + name: "equals", args: args{ column: testCol, value: "hurst", compare: TextEquals, }, - want: &TextQuery{ + want: &textQuery{ Column: testCol, Text: "hurst", Compare: TextEquals, }, }, + { + name: "equals ignore case", + args: args{ + column: testCol, + value: "hurst", + compare: TextEqualsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextEqualsIgnoreCase, + }, + }, + { + name: "equals ignore case % wildcard", + args: args{ + column: testCol, + value: "hu%rst", + compare: TextEqualsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hu\\%rst", + Compare: TextEqualsIgnoreCase, + }, + }, + { + name: "equals ignore case _ wildcard", + args: args{ + column: testCol, + value: "hu_rst", + compare: TextEqualsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hu\\_rst", + Compare: TextEqualsIgnoreCase, + }, + }, + { + name: "equals ignore case _, % wildcards", + args: args{ + column: testCol, + value: "h_urst%", + compare: TextEqualsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "h\\_urst\\%", + Compare: TextEqualsIgnoreCase, + }, + }, + { + name: "not equal", + args: args{ + column: testCol, + value: "hurst", + compare: TextNotEquals, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextNotEquals, + }, + }, + { + name: "starts with", + args: args{ + column: testCol, + value: "hurst", + compare: TextStartsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextStartsWith, + }, + }, + { + name: "starts with _ wildcard", + args: args{ + column: testCol, + value: "_hurst", + compare: TextStartsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "\\_hurst", + Compare: TextStartsWith, + }, + }, + { + name: "starts with % wildcard", + args: args{ + column: testCol, + value: "hurst%", + compare: TextStartsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst\\%", + Compare: TextStartsWith, + }, + }, + { + name: "starts with %, % wildcard", + args: args{ + column: testCol, + value: "hu%%rst", + compare: TextStartsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hu\\%\\%rst", + Compare: TextStartsWith, + }, + }, + { + name: "starts with ignore case", + args: args{ + column: testCol, + value: "hurst", + compare: TextStartsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextStartsWithIgnoreCase, + }, + }, + { + name: "starts with ignore case _ wildcard", + args: args{ + column: testCol, + value: "hur_st", + compare: TextStartsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hur\\_st", + Compare: TextStartsWithIgnoreCase, + }, + }, + { + name: "starts with ignore case % wildcard", + args: args{ + column: testCol, + value: "hurst%", + compare: TextStartsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst\\%", + Compare: TextStartsWithIgnoreCase, + }, + }, + { + name: "starts with ignore case _, _ wildcard", + args: args{ + column: testCol, + value: "h_r_t", + compare: TextStartsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "h\\_r\\_t", + Compare: TextStartsWithIgnoreCase, + }, + }, + { + name: "ends with", + args: args{ + column: testCol, + value: "hurst", + compare: TextEndsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextEndsWith, + }, + }, + { + name: "ends with % wildcard", + args: args{ + column: testCol, + value: "%hurst", + compare: TextEndsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "\\%hurst", + Compare: TextEndsWith, + }, + }, + { + name: "ends with _ wildcard", + args: args{ + column: testCol, + value: "hurst_", + compare: TextEndsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst\\_", + Compare: TextEndsWith, + }, + }, + { + name: "ends with _, % wildcard", + args: args{ + column: testCol, + value: "hurst_%", + compare: TextEndsWith, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst\\_\\%", + Compare: TextEndsWith, + }, + }, + { + name: "ends with ignore case", + args: args{ + column: testCol, + value: "hurst", + compare: TextEndsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextEndsWithIgnoreCase, + }, + }, + { + name: "ends with ignore case _, %, _ wildcards", + args: args{ + column: testCol, + value: "h_r_t%", + compare: TextEndsWithIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "h\\_r\\_t\\%", + Compare: TextEndsWithIgnoreCase, + }, + }, + { + name: "contains", + args: args{ + column: testCol, + value: "hurst", + compare: TextContains, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextContains, + }, + }, + { + name: "contains % wildcard", + args: args{ + column: testCol, + value: "%", + compare: TextContains, + }, + want: &textQuery{ + Column: testCol, + Text: "\\%", + Compare: TextContains, + }, + }, + { + name: "contains ignore csae", + args: args{ + column: testCol, + value: "hurst", + compare: TextContainsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurst", + Compare: TextContainsIgnoreCase, + }, + }, + { + name: "contains ignore csae _ wildcard", + args: args{ + column: testCol, + value: "hurs_", + compare: TextContainsIgnoreCase, + }, + want: &textQuery{ + Column: testCol, + Text: "hurs\\_", + Compare: TextContainsIgnoreCase, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -894,6 +1193,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.ILike{"test_table.test_col": "Hurst"}, }, }, + { + name: "equals ignore case wildcard", + fields: fields{ + Column: testCol, + Text: "Hu%%rst", + Compare: TextEqualsIgnoreCase, + }, + want: want{ + query: sq.ILike{"test_table.test_col": "Hu\\%\\%rst"}, + }, + }, { name: "starts with", fields: fields{ @@ -905,6 +1215,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.Like{"test_table.test_col": "Hurst%"}, }, }, + { + name: "starts with wildcards", + fields: fields{ + Column: testCol, + Text: "_Hurst%", + Compare: TextStartsWith, + }, + want: want{ + query: sq.Like{"test_table.test_col": "\\_Hurst\\%%"}, + }, + }, { name: "starts with ignore case", fields: fields{ @@ -916,6 +1237,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.ILike{"test_table.test_col": "Hurst%"}, }, }, + { + name: "starts with ignore case wildcards", + fields: fields{ + Column: testCol, + Text: "Hurst%", + Compare: TextStartsWithIgnoreCase, + }, + want: want{ + query: sq.ILike{"test_table.test_col": "Hurst\\%%"}, + }, + }, { name: "ends with", fields: fields{ @@ -927,6 +1259,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.Like{"test_table.test_col": "%Hurst"}, }, }, + { + name: "ends with wildcards", + fields: fields{ + Column: testCol, + Text: "Hurst%", + Compare: TextEndsWith, + }, + want: want{ + query: sq.Like{"test_table.test_col": "%Hurst\\%"}, + }, + }, { name: "ends with ignore case", fields: fields{ @@ -938,6 +1281,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.ILike{"test_table.test_col": "%Hurst"}, }, }, + { + name: "ends with ignore case wildcards", + fields: fields{ + Column: testCol, + Text: "%Hurst", + Compare: TextEndsWithIgnoreCase, + }, + want: want{ + query: sq.ILike{"test_table.test_col": "%\\%Hurst"}, + }, + }, { name: "contains", fields: fields{ @@ -949,6 +1303,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.Like{"test_table.test_col": "%Hurst%"}, }, }, + { + name: "contains wildcards", + fields: fields{ + Column: testCol, + Text: "Hu%rst%", + Compare: TextContains, + }, + want: want{ + query: sq.Like{"test_table.test_col": "%Hu\\%rst\\%%"}, + }, + }, { name: "containts ignore case", fields: fields{ @@ -960,6 +1325,17 @@ func TestTextQuery_comp(t *testing.T) { query: sq.ILike{"test_table.test_col": "%Hurst%"}, }, }, + { + name: "contains ignore case wildcards", + fields: fields{ + Column: testCol, + Text: "%Hurst%", + Compare: TextContainsIgnoreCase, + }, + want: want{ + query: sq.ILike{"test_table.test_col": "%\\%Hurst\\%%"}, + }, + }, { name: "list containts", fields: fields{ @@ -999,10 +1375,10 @@ func TestTextQuery_comp(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s := &TextQuery{ - Column: tt.fields.Column, - Text: tt.fields.Text, - Compare: tt.fields.Compare, + s, _ := NewTextQuery(tt.fields.Column, tt.fields.Text, tt.fields.Compare) + if s == nil { + // used to check correct behavior of comp + s = &textQuery{Column: tt.fields.Column, Text: tt.fields.Text, Compare: tt.fields.Compare} } query := s.comp() if query == nil && tt.want.isNil { @@ -1018,95 +1394,6 @@ func TestTextQuery_comp(t *testing.T) { } } -func TestTextComparisonFromMethod(t *testing.T) { - type args struct { - m domain.SearchMethod - } - tests := []struct { - name string - args args - want TextComparison - }{ - { - name: "equals", - args: args{ - m: domain.SearchMethodEquals, - }, - want: TextEquals, - }, - { - name: "equals ignore case", - args: args{ - m: domain.SearchMethodEqualsIgnoreCase, - }, - want: TextEqualsIgnoreCase, - }, - { - name: "starts with", - args: args{ - m: domain.SearchMethodStartsWith, - }, - want: TextStartsWith, - }, - { - name: "starts with ignore case", - args: args{ - m: domain.SearchMethodStartsWithIgnoreCase, - }, - want: TextStartsWithIgnoreCase, - }, - { - name: "ends with", - args: args{ - m: domain.SearchMethodEndsWith, - }, - want: TextEndsWith, - }, - { - name: "ends with ignore case", - args: args{ - m: domain.SearchMethodEndsWithIgnoreCase, - }, - want: TextEndsWithIgnoreCase, - }, - { - name: "contains", - args: args{ - m: domain.SearchMethodContains, - }, - want: TextContains, - }, - { - name: "list contains", - args: args{ - m: domain.SearchMethodListContains, - }, - want: TextListContains, - }, - { - name: "containts ignore case", - args: args{ - m: domain.SearchMethodContainsIgnoreCase, - }, - want: TextContainsIgnoreCase, - }, - { - name: "invalid search method", - args: args{ - m: -1, - }, - want: textCompareMax, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := TextComparisonFromMethod(tt.args.m); got != tt.want { - t.Errorf("TextCompareFromMethod() = %v, want %v", got, tt.want) - } - }) - } -} - func TestNewNumberQuery(t *testing.T) { type args struct { column Column diff --git a/internal/query/secret_generator_test.go b/internal/query/secret_generator_test.go index 44d2015c19..683dc3441e 100644 --- a/internal/query/secret_generator_test.go +++ b/internal/query/secret_generator_test.go @@ -10,7 +10,7 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -246,7 +246,7 @@ func Test_SecretGeneratorsPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/secret_generators.go b/internal/query/secret_generators.go index f339668a25..d8f838b82a 100644 --- a/internal/query/secret_generators.go +++ b/internal/query/secret_generators.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -12,9 +12,9 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -144,7 +144,7 @@ func (q *Queries) SecretGeneratorByType(ctx context.Context, generatorType domai SecretGeneratorColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3k99f", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-3k99f", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -164,7 +164,7 @@ func (q *Queries) SearchSecretGenerators(ctx context.Context, queries *SecretGen SecretGeneratorColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-sn9lw", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-sn9lw", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -172,7 +172,7 @@ func (q *Queries) SearchSecretGenerators(ctx context.Context, queries *SecretGen return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-4miii", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-4miii", "Errors.Internal") } secretGenerators.State, err = q.latestState(ctx, secretGeneratorsTable) return secretGenerators, err @@ -223,10 +223,10 @@ func prepareSecretGeneratorQuery(ctx context.Context, db prepareDatabase) (sq.Se &secretGenerator.IncludeSymbols, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-m9wff", "Errors.SecretGenerator.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-m9wff", "Errors.SecretGenerator.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-2k99d", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-2k99d", "Errors.Internal") } return secretGenerator, nil } @@ -276,7 +276,7 @@ func prepareSecretGeneratorsQuery(ctx context.Context, db prepareDatabase) (sq.S } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-em9fs", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-em9fs", "Errors.Query.CloseRows") } return &SecretGenerators{ diff --git a/internal/query/security_policy.go b/internal/query/security_policy.go index 49f355a458..3a4a3abb20 100644 --- a/internal/query/security_policy.go +++ b/internal/query/security_policy.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,8 +11,8 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -63,7 +63,7 @@ func (q *Queries) SecurityPolicy(ctx context.Context) (policy *SecurityPolicy, e SecurityPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -95,8 +95,8 @@ func prepareSecurityPolicyQuery(ctx context.Context, db prepareDatabase) (sq.Sel &securityPolicy.Enabled, &securityPolicy.AllowedOrigins, ) - if err != nil && !errs.Is(err, sql.ErrNoRows) { // ignore not found errors - return nil, errors.ThrowInternal(err, "QUERY-Dfrt2", "Errors.Internal") + if err != nil && !errors.Is(err, sql.ErrNoRows) { // ignore not found errors + return nil, zerrors.ThrowInternal(err, "QUERY-Dfrt2", "Errors.Internal") } return securityPolicy, nil } diff --git a/internal/query/session.go b/internal/query/session.go index 4507320abe..5aa7c177b1 100644 --- a/internal/query/session.go +++ b/internal/query/session.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "net" "net/http" "time" @@ -16,10 +16,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Sessions struct { @@ -215,7 +215,7 @@ func (q *Queries) SessionByID(ctx context.Context, shouldTriggerBulk bool, id, s }, ).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") } var tokenID string @@ -230,7 +230,7 @@ func (q *Queries) SessionByID(ctx context.Context, shouldTriggerBulk bool, id, s return session, nil } if err := q.sessionTokenVerifier(ctx, sessionToken, session.ID, tokenID); err != nil { - return nil, errors.ThrowPermissionDenied(nil, "QUERY-dsfr3", "Errors.PermissionDenied") + return nil, zerrors.ThrowPermissionDenied(nil, "QUERY-dsfr3", "Errors.PermissionDenied") } return session, nil } @@ -246,7 +246,7 @@ func (q *Queries) SearchSessions(ctx context.Context, queries *SessionsSearchQue }). ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-sn9Jf", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-sn9Jf", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -254,7 +254,7 @@ func (q *Queries) SearchSessions(ctx context.Context, queries *SessionsSearchQue return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Sfg42", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Sfg42", "Errors.Internal") } sessions.State, err = q.latestState(ctx, sessionsTable) @@ -366,10 +366,10 @@ func prepareSessionQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, "", errors.ThrowNotFound(err, "QUERY-SFeaa", "Errors.Session.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, "", zerrors.ThrowNotFound(err, "QUERY-SFeaa", "Errors.Session.NotExisting") } - return nil, "", errors.ThrowInternal(err, "QUERY-SAder", "Errors.Internal") + return nil, "", zerrors.ThrowInternal(err, "QUERY-SAder", "Errors.Internal") } session.UserFactor.UserID = userID.String @@ -471,7 +471,7 @@ func prepareSessionsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBui ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-SAfeg", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-SAfeg", "Errors.Internal") } session.UserFactor.UserID = userID.String session.UserFactor.ResourceOwner = userResourceOwner.String diff --git a/internal/query/sessions_test.go b/internal/query/sessions_test.go index d4f621073a..711e952323 100644 --- a/internal/query/sessions_test.go +++ b/internal/query/sessions_test.go @@ -16,7 +16,7 @@ import ( "github.com/stretchr/testify/require" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -31,7 +31,7 @@ var ( ` projections.sessions8.user_resource_owner,` + ` projections.sessions8.user_checked_at,` + ` projections.login_names3.login_name,` + - ` projections.users9_humans.display_name,` + + ` projections.users10_humans.display_name,` + ` projections.sessions8.password_checked_at,` + ` projections.sessions8.intent_checked_at,` + ` projections.sessions8.webauthn_checked_at,` + @@ -48,8 +48,8 @@ var ( ` projections.sessions8.expiration` + ` FROM projections.sessions8` + ` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` + - ` LEFT JOIN projections.users9_humans ON projections.sessions8.user_id = projections.users9_humans.user_id AND projections.sessions8.instance_id = projections.users9_humans.instance_id` + - ` LEFT JOIN projections.users9 ON projections.sessions8.user_id = projections.users9.id AND projections.sessions8.instance_id = projections.users9.instance_id` + + ` LEFT JOIN projections.users10_humans ON projections.sessions8.user_id = projections.users10_humans.user_id AND projections.sessions8.instance_id = projections.users10_humans.instance_id` + + ` LEFT JOIN projections.users10 ON projections.sessions8.user_id = projections.users10.id AND projections.sessions8.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms'`) expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions8.id,` + ` projections.sessions8.creation_date,` + @@ -62,7 +62,7 @@ var ( ` projections.sessions8.user_resource_owner,` + ` projections.sessions8.user_checked_at,` + ` projections.login_names3.login_name,` + - ` projections.users9_humans.display_name,` + + ` projections.users10_humans.display_name,` + ` projections.sessions8.password_checked_at,` + ` projections.sessions8.intent_checked_at,` + ` projections.sessions8.webauthn_checked_at,` + @@ -75,8 +75,8 @@ var ( ` COUNT(*) OVER ()` + ` FROM projections.sessions8` + ` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` + - ` LEFT JOIN projections.users9_humans ON projections.sessions8.user_id = projections.users9_humans.user_id AND projections.sessions8.instance_id = projections.users9_humans.instance_id` + - ` LEFT JOIN projections.users9 ON projections.sessions8.user_id = projections.users9.id AND projections.sessions8.instance_id = projections.users9.instance_id` + + ` LEFT JOIN projections.users10_humans ON projections.sessions8.user_id = projections.users10_humans.user_id AND projections.sessions8.instance_id = projections.users10_humans.instance_id` + + ` LEFT JOIN projections.users10 ON projections.sessions8.user_id = projections.users10.id AND projections.sessions8.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms'`) sessionCols = []string{ @@ -427,7 +427,7 @@ func Test_SessionPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/sms.go b/internal/query/sms.go index 898f34a4d1..38c798ba17 100644 --- a/internal/query/sms.go +++ b/internal/query/sms.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -12,9 +12,9 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type SMSConfigs struct { @@ -127,7 +127,7 @@ func (q *Queries) SMSProviderConfigByID(ctx context.Context, id string) (config }, ).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -151,7 +151,7 @@ func (q *Queries) SMSProviderConfig(ctx context.Context, queries ...SearchQuery) }, ).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-dn9JW", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -171,7 +171,7 @@ func (q *Queries) SearchSMSConfigs(ctx context.Context, queries *SMSConfigsSearc SMSConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-sn9Jf", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-sn9Jf", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -179,7 +179,7 @@ func (q *Queries) SearchSMSConfigs(ctx context.Context, queries *SMSConfigsSearc return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-aJnZL", "Errors.Internal") } configs.State, err = q.latestState(ctx, smsConfigsTable) return configs, err @@ -228,10 +228,10 @@ func prepareSMSConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-fn99w", "Errors.SMSConfig.NotExisting") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-fn99w", "Errors.SMSConfig.NotExisting") } - return nil, errors.ThrowInternal(err, "QUERY-3n9Js", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-3n9Js", "Errors.Internal") } twilioConfig.set(config) @@ -283,7 +283,7 @@ func prepareSMSConfigsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB ) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-d9jJd", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-d9jJd", "Errors.Internal") } twilioConfig.set(config) diff --git a/internal/query/sms_test.go b/internal/query/sms_test.go index 9f6c906c77..56bb97e2eb 100644 --- a/internal/query/sms_test.go +++ b/internal/query/sms_test.go @@ -10,7 +10,7 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -256,7 +256,7 @@ func Test_SMSConfigPrepare(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/smtp.go b/internal/query/smtp.go index e1d6430eab..81202f2e51 100644 --- a/internal/query/smtp.go +++ b/internal/query/smtp.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -106,7 +106,7 @@ func (q *Queries) SMTPConfigByAggregateID(ctx context.Context, aggregateID strin SMTPConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(), }).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3m9sl", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-3m9sl", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -151,10 +151,10 @@ func prepareSMTPConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectB &password, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-fwofw", "Errors.SMTPConfig.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-fwofw", "Errors.SMTPConfig.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-9k87F", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-9k87F", "Errors.Internal") } config.Password = password return config, nil diff --git a/internal/query/smtp_test.go b/internal/query/smtp_test.go index bbfc757db6..1e72fcdde3 100644 --- a/internal/query/smtp_test.go +++ b/internal/query/smtp_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/zitadel/zitadel/internal/crypto" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -64,7 +64,7 @@ func Test_SMTPConfigsPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/testdata/oidc_client_jwt.json b/internal/query/testdata/oidc_client_jwt.json new file mode 100644 index 0000000000..df871815dd --- /dev/null +++ b/internal/query/testdata/oidc_client_jwt.json @@ -0,0 +1,29 @@ +{ + "instance_id": "230690539048009730", + "app_id": "236647088211886082", + "client_id": "236647088211951618@tests", + "client_secret": null, + "redirect_uris": ["http://localhost:9999/auth/callback"], + "response_types": [0], + "grant_types": [0, 2], + "application_type": 0, + "auth_method_type": 3, + "post_logout_redirect_uris": ["https://example.com/logout"], + "is_dev_mode": true, + "access_token_type": 1, + "access_token_role_assertion": true, + "id_token_role_assertion": true, + "id_token_userinfo_assertion": true, + "clock_skew": 1000000000, + "additional_origins": ["https://example.com"], + "project_id": "236645808328409090", + "state": 1, + "project_role_keys": ["role1", "role2"], + "public_keys": { + "236647201860747266": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFB\nT0NBUThBTUlJQkNnS0NBUUVBMnVmQUwxYjcyYkl5MWFyK1dzNmIKR29oSkpRRkI3ZGZSYXBEcWVx\nTThVa3A2Q1ZkUHpxL3BPejF2aUFxNTB5eldaSnJ5Risyd3NoRkFLR0Y5QTIvQgoyWWY5YkpYUFov\nS2JrRnJZVDNOVHZZRGt2bGFTVGw5bU1uenJVMjlzNDhGMVBUV0tmQitDM2FNc09FRzFCdWZWCnM2\nM3FGNG5yRVBqU2JobGpJY285RlpxNFhwcEl6aE1RMGZEZEEvK1h5Z0NKcXZ1YUwwTGliTTFLcmxV\nZG51NzEKWWVraFNKakVQbnZPaXNYSWs0SVh5d29HSU93dGp4a0R2Tkl0UXZhTVZsZHI0L2tiNnV2\nYmdkV3dxNUV3QlpYcQpsb3cya3lKb3YzOFY0VWsySThrdVhwTGNucnB3NVRpbzJvb2lVRTI3YjB2\nSFpxQktPZWk5VW84OHFDcm4zRUt4CjZRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0t\nLS0K" + }, + "settings": { + "access_token_lifetime": 43200000000000, + "id_token_lifetime": 43200000000000 + } +} diff --git a/internal/query/testdata/oidc_client_no_settings.json b/internal/query/testdata/oidc_client_no_settings.json new file mode 100644 index 0000000000..83d810d669 --- /dev/null +++ b/internal/query/testdata/oidc_client_no_settings.json @@ -0,0 +1,30 @@ +{ + "instance_id": "239520764275982338", + "app_id": "239520764276441090", + "client_id": "239520764779364354@zitadel", + "client_secret": null, + "redirect_uris": [ + "http://test2-qucuh5.localhost:9000/ui/console/auth/callback", + "http://test.localhost.com:9000/ui/console/auth/callback" + ], + "response_types": [0], + "grant_types": [0], + "application_type": 1, + "auth_method_type": 2, + "post_logout_redirect_uris": [ + "http://test2-qucuh5.localhost:9000/ui/console/signedout", + "http://test.localhost.com:9000/ui/console/signedout" + ], + "is_dev_mode": true, + "access_token_type": 0, + "access_token_role_assertion": false, + "id_token_role_assertion": false, + "id_token_userinfo_assertion": false, + "clock_skew": 0, + "additional_origins": null, + "project_id": "239520764276178946", + "state": 1, + "project_role_keys": null, + "public_keys": null, + "settings": null +} diff --git a/internal/query/testdata/oidc_client_public.json b/internal/query/testdata/oidc_client_public.json new file mode 100644 index 0000000000..47cf750c8b --- /dev/null +++ b/internal/query/testdata/oidc_client_public.json @@ -0,0 +1,27 @@ +{ + "instance_id": "230690539048009730", + "app_id": "236646457053020162", + "client_id": "236646457053085698@tests", + "client_secret": null, + "redirect_uris": ["http://localhost:9999/auth/callback"], + "response_types": [0], + "grant_types": [0], + "application_type": 0, + "auth_method_type": 2, + "post_logout_redirect_uris": null, + "is_dev_mode": true, + "access_token_type": 0, + "access_token_role_assertion": false, + "id_token_role_assertion": false, + "id_token_userinfo_assertion": false, + "clock_skew": 0, + "additional_origins": null, + "project_id": "236645808328409090", + "state": 1, + "project_role_keys": ["role1", "role2"], + "public_keys": null, + "settings": { + "access_token_lifetime": 43200000000000, + "id_token_lifetime": 43200000000000 + } +} diff --git a/internal/query/testdata/oidc_client_secret.json b/internal/query/testdata/oidc_client_secret.json new file mode 100644 index 0000000000..e7d5926f7f --- /dev/null +++ b/internal/query/testdata/oidc_client_secret.json @@ -0,0 +1,32 @@ +{ + "instance_id": "230690539048009730", + "app_id": "236646858984783874", + "client_id": "236646858984849410@tests", + "client_secret": { + "KeyID": "", + "Crypted": "JDJhJDE0JE96WjBYRVpaRXREMTNweS9FUGJhMmV2c1M2V2NLWjVvclZNajlwV0hFR0VIbUx1MmgzUEZx", + "Algorithm": "bcrypt", + "CryptoType": 1 + }, + "redirect_uris": ["http://localhost:9999/auth/callback"], + "response_types": [0], + "grant_types": [0], + "application_type": 0, + "auth_method_type": 0, + "post_logout_redirect_uris": null, + "is_dev_mode": true, + "access_token_type": 0, + "access_token_role_assertion": false, + "id_token_role_assertion": false, + "id_token_userinfo_assertion": false, + "clock_skew": 0, + "additional_origins": null, + "project_id": "236645808328409090", + "state": 1, + "project_role_keys": ["role1", "role2"], + "public_keys": null, + "settings": { + "access_token_lifetime": 43200000000000, + "id_token_lifetime": 43200000000000 + } +} diff --git a/internal/query/user.go b/internal/query/user.go index 40546effe5..371d5c0002 100644 --- a/internal/query/user.go +++ b/internal/query/user.go @@ -4,7 +4,7 @@ import ( "context" "database/sql" _ "embed" - errs "errors" + "errors" "strings" "time" @@ -13,11 +13,12 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" + "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Users struct { @@ -92,7 +93,7 @@ type Phone struct { type Machine struct { Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` - HasSecret bool `json:"has_secret,omitempty"` + Secret *crypto.CryptoValue `json:"secret,omitempty"` AccessTokenType domain.OIDCTokenType `json:"access_token_type,omitempty"` } @@ -271,8 +272,8 @@ var ( name: projection.MachineDescriptionCol, table: machineTable, } - MachineHasSecretCol = Column{ - name: projection.MachineHasSecretCol, + MachineSecretCol = Column{ + name: projection.MachineSecretCol, table: machineTable, } MachineAccessTokenTypeCol = Column{ @@ -391,7 +392,7 @@ func (q *Queries) GetUser(ctx context.Context, shouldTriggerBulk bool, queries . } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dnhr2", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Dnhr2", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -415,7 +416,7 @@ func (q *Queries) GetHumanProfile(ctx context.Context, userID string, queries .. } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -439,7 +440,7 @@ func (q *Queries) GetHumanEmail(ctx context.Context, userID string, queries ...S } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-BHhj3", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-BHhj3", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -463,7 +464,7 @@ func (q *Queries) GetHumanPhone(ctx context.Context, userID string, queries ...S } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -549,7 +550,7 @@ func (q *Queries) GetNotifyUser(ctx context.Context, shouldTriggered bool, queri } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Err3g", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Err3g", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -568,7 +569,7 @@ func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries) ( stmt, args, err := queries.toQuery(query).Where(eq). ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -576,7 +577,7 @@ func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries) ( return err }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-AG4gs", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-AG4gs", "Errors.Internal") } users.State, err = q.latestState(ctx, userTable) @@ -616,7 +617,7 @@ func (q *Queries) IsUserUnique(ctx context.Context, username, email, resourceOwn eq := sq.Eq{UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := query.Where(eq).ToSql() if err != nil { - return false, errors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment") + return false, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -790,7 +791,7 @@ func scanUser(row *sql.Row) (*User, error) { machineID := sql.NullString{} name := sql.NullString{} description := sql.NullString{} - hasSecret := sql.NullBool{} + var secret *crypto.CryptoValue accessTokenType := sql.NullInt32{} err := row.Scan( @@ -819,16 +820,16 @@ func scanUser(row *sql.Row) (*User, error) { &machineID, &name, &description, - &hasSecret, + &secret, &accessTokenType, &count, ) if err != nil || count != 1 { - if errs.Is(err, sql.ErrNoRows) || count != 1 { - return nil, errors.ThrowNotFound(err, "QUERY-Dfbg2", "Errors.User.NotFound") + if errors.Is(err, sql.ErrNoRows) || count != 1 { + return nil, zerrors.ThrowNotFound(err, "QUERY-Dfbg2", "Errors.User.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Bgah2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Bgah2", "Errors.Internal") } u.PreferredLoginName = preferredLoginName.String @@ -851,7 +852,7 @@ func scanUser(row *sql.Row) (*User, error) { u.Machine = &Machine{ Name: name.String, Description: description.String, - HasSecret: hasSecret.Bool, + Secret: secret, AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32), } } @@ -893,7 +894,7 @@ func prepareUserQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder MachineUserIDCol.identifier(), MachineNameCol.identifier(), MachineDescriptionCol.identifier(), - MachineHasSecretCol.identifier(), + MachineSecretCol.identifier(), MachineAccessTokenTypeCol.identifier(), countColumn.identifier(), ). @@ -909,6 +910,7 @@ func prepareUserQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder userPreferredLoginNameInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier()+db.Timetravel(call.Took(ctx)), preferredLoginNameArgs...). PlaceholderFormat(sq.Dollar), + scanUser } @@ -957,13 +959,13 @@ func prepareProfileQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuil &avatarKey, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-HNhb3", "Errors.User.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-HNhb3", "Errors.User.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Rfheq", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Rfheq", "Errors.Internal") } if !humanID.Valid { - return nil, errors.ThrowPreconditionFailed(nil, "QUERY-WLTce", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "QUERY-WLTce", "Errors.User.NotHuman") } p.FirstName = firstName.String @@ -1009,13 +1011,13 @@ func prepareEmailQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde &isEmailVerified, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Hms2s", "Errors.User.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Hms2s", "Errors.User.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Nu42d", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Nu42d", "Errors.Internal") } if !humanID.Valid { - return nil, errors.ThrowPreconditionFailed(nil, "QUERY-pt7HY", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "QUERY-pt7HY", "Errors.User.NotHuman") } e.Email = domain.EmailAddress(email.String) @@ -1056,13 +1058,13 @@ func preparePhoneQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde &isPhoneVerified, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-DAvb3", "Errors.User.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-DAvb3", "Errors.User.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Bmf2h", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Bmf2h", "Errors.Internal") } if !humanID.Valid { - return nil, errors.ThrowPreconditionFailed(nil, "QUERY-hliQl", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "QUERY-hliQl", "Errors.User.NotHuman") } e.Phone = phone.String @@ -1174,14 +1176,14 @@ func scanNotifyUser(row *sql.Row) (*NotifyUser, error) { ) if err != nil || count != 1 { - if errs.Is(err, sql.ErrNoRows) || count != 1 { - return nil, errors.ThrowNotFound(err, "QUERY-Dgqd2", "Errors.User.NotFound") + if errors.Is(err, sql.ErrNoRows) || count != 1 { + return nil, zerrors.ThrowNotFound(err, "QUERY-Dgqd2", "Errors.User.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Dbwsg", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Dbwsg", "Errors.Internal") } if !notifyUserID.Valid { - return nil, errors.ThrowPreconditionFailed(nil, "QUERY-Sfw3f", "Errors.User.NotFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "QUERY-Sfw3f", "Errors.User.NotFound") } u.LoginNames = loginNames @@ -1234,10 +1236,10 @@ func prepareUserUniqueQuery(ctx context.Context, db prepareDatabase) (sq.SelectB &isEmailVerified, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { + if errors.Is(err, sql.ErrNoRows) { return true, nil } - return false, errors.ThrowInternal(err, "QUERY-Cxces", "Errors.Internal") + return false, zerrors.ThrowInternal(err, "QUERY-Cxces", "Errors.Internal") } return !userID.Valid, nil } @@ -1278,7 +1280,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde MachineUserIDCol.identifier(), MachineNameCol.identifier(), MachineDescriptionCol.identifier(), - MachineHasSecretCol.identifier(), + MachineSecretCol.identifier(), MachineAccessTokenTypeCol.identifier(), countColumn.identifier()). From(userTable.identifier()). @@ -1317,7 +1319,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde machineID := sql.NullString{} name := sql.NullString{} description := sql.NullString{} - hasSecret := sql.NullBool{} + secret := new(crypto.CryptoValue) accessTokenType := sql.NullInt32{} err := rows.Scan( @@ -1346,7 +1348,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde &machineID, &name, &description, - &hasSecret, + secret, &accessTokenType, &count, ) @@ -1377,7 +1379,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde u.Machine = &Machine{ Name: name.String, Description: description.String, - HasSecret: hasSecret.Bool, + Secret: secret, AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32), } } @@ -1386,7 +1388,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-frhbd", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-frhbd", "Errors.Query.CloseRows") } return &Users{ diff --git a/internal/query/user_auth_method.go b/internal/query/user_auth_method.go index 9341c13e6f..e39fb2a8e9 100644 --- a/internal/query/user_auth_method.go +++ b/internal/query/user_auth_method.go @@ -11,9 +11,9 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -127,7 +127,7 @@ func (q *Queries) SearchUserAuthMethods(ctx context.Context, queries *UserAuthMe } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-j9NJd", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-j9NJd", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -158,7 +158,7 @@ func (q *Queries) ListActiveUserAuthMethodTypes(ctx context.Context, userID stri } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-Sfdrg", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-Sfdrg", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -189,7 +189,7 @@ func (q *Queries) ListUserAuthMethodTypesRequired(ctx context.Context, userID st } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, false, false, errors.ThrowInvalidArgument(err, "QUERY-E5ut4", "Errors.Query.InvalidRequest") + return nil, false, false, zerrors.ThrowInvalidArgument(err, "QUERY-E5ut4", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -197,7 +197,7 @@ func (q *Queries) ListUserAuthMethodTypesRequired(ctx context.Context, userID st return err }, stmt, args...) if err != nil { - return nil, false, false, errors.ThrowInternal(err, "QUERY-Dun75", "Errors.Internal") + return nil, false, false, zerrors.ThrowInternal(err, "QUERY-Dun75", "Errors.Internal") } return userAuthMethodTypes, forceMFA, forceMFALocalOnly, nil } @@ -330,7 +330,7 @@ func prepareUserAuthMethodsQuery(ctx context.Context, db prepareDatabase) (sq.Se } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3n9fl", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-3n9fl", "Errors.Query.CloseRows") } return &AuthMethods{ @@ -392,7 +392,7 @@ func prepareActiveUserAuthMethodTypesQuery(ctx context.Context, db prepareDataba } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-3n9fl", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-3n9fl", "Errors.Query.CloseRows") } return &AuthMethodTypes{ @@ -467,7 +467,7 @@ func prepareUserAuthMethodTypesRequiredQuery(ctx context.Context, db prepareData } if err := rows.Close(); err != nil { - return nil, false, false, errors.ThrowInternal(err, "QUERY-W4zje", "Errors.Query.CloseRows") + return nil, false, false, zerrors.ThrowInternal(err, "QUERY-W4zje", "Errors.Query.CloseRows") } return userAuthMethodTypes, forceMFA.Bool, forceMFALocalOnly.Bool, nil diff --git a/internal/query/user_auth_method_test.go b/internal/query/user_auth_method_test.go index a9aae1d1c5..c78bf85699 100644 --- a/internal/query/user_auth_method_test.go +++ b/internal/query/user_auth_method_test.go @@ -39,38 +39,38 @@ var ( "method_type", "count", } - prepareActiveAuthMethodTypesStmt = `SELECT projections.users9_notifications.password_set,` + + prepareActiveAuthMethodTypesStmt = `SELECT projections.users10_notifications.password_set,` + ` auth_method_types.method_type,` + ` user_idps_count.count` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_notifications ON projections.users9.id = projections.users9_notifications.user_id AND projections.users9.instance_id = projections.users9_notifications.instance_id` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_notifications ON projections.users10.id = projections.users10_notifications.user_id AND projections.users10.instance_id = projections.users10_notifications.instance_id` + ` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` + ` WHERE auth_method_types.state = $1) AS auth_method_types` + - ` ON auth_method_types.user_id = projections.users9.id AND auth_method_types.instance_id = projections.users9.instance_id` + + ` ON auth_method_types.user_id = projections.users10.id AND auth_method_types.instance_id = projections.users10.instance_id` + ` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` + ` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` + - ` ON user_idps_count.user_id = projections.users9.id AND user_idps_count.instance_id = projections.users9.instance_id` + + ` ON user_idps_count.user_id = projections.users10.id AND user_idps_count.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms` prepareActiveAuthMethodTypesCols = []string{ "password_set", "method_type", "idps_count", } - prepareAuthMethodTypesRequiredStmt = `SELECT projections.users9_notifications.password_set,` + + prepareAuthMethodTypesRequiredStmt = `SELECT projections.users10_notifications.password_set,` + ` auth_method_types.method_type,` + ` user_idps_count.count,` + ` auth_methods_force_mfa.force_mfa,` + ` auth_methods_force_mfa.force_mfa_local_only` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_notifications ON projections.users9.id = projections.users9_notifications.user_id AND projections.users9.instance_id = projections.users9_notifications.instance_id` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_notifications ON projections.users10.id = projections.users10_notifications.user_id AND projections.users10.instance_id = projections.users10_notifications.instance_id` + ` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` + ` WHERE auth_method_types.state = $1) AS auth_method_types` + - ` ON auth_method_types.user_id = projections.users9.id AND auth_method_types.instance_id = projections.users9.instance_id` + + ` ON auth_method_types.user_id = projections.users10.id AND auth_method_types.instance_id = projections.users10.instance_id` + ` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` + ` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` + - ` ON user_idps_count.user_id = projections.users9.id AND user_idps_count.instance_id = projections.users9.instance_id` + + ` ON user_idps_count.user_id = projections.users10.id AND user_idps_count.instance_id = projections.users10.instance_id` + ` LEFT JOIN (SELECT auth_methods_force_mfa.force_mfa, auth_methods_force_mfa.force_mfa_local_only, auth_methods_force_mfa.instance_id, auth_methods_force_mfa.aggregate_id FROM projections.login_policies5 AS auth_methods_force_mfa ORDER BY auth_methods_force_mfa.is_default) AS auth_methods_force_mfa` + - ` ON (auth_methods_force_mfa.aggregate_id = projections.users9.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users9.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users9.instance_id` + + ` ON (auth_methods_force_mfa.aggregate_id = projections.users10.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users10.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms ` prepareAuthMethodTypesRequiredCols = []string{ diff --git a/internal/query/user_by_id.sql b/internal/query/user_by_id.sql index 5e6508026a..8f1113de06 100644 --- a/internal/query/user_by_id.sql +++ b/internal/query/user_by_id.sql @@ -23,8 +23,6 @@ WITH login_names AS (SELECT (p.is_default IS TRUE AND p.instance_id = $2) OR (p.instance_id = $2 AND p.resource_owner = u.resource_owner) ) - AND - u.id = $1 ORDER BY is_default LIMIT 1 ) p ON TRUE @@ -33,6 +31,9 @@ WITH login_names AS (SELECT ON u.instance_id = d.instance_id AND u.resource_owner = d.resource_owner + WHERE + u.instance_id = $2 + AND u.id = $1 ) SELECT u.id @@ -60,17 +61,17 @@ SELECT , m.user_id , m.name , m.description - , m.has_secret + , m.secret , m.access_token_type , count(*) OVER () -FROM projections.users9 u +FROM projections.users10 u LEFT JOIN - projections.users9_humans h + projections.users10_humans h ON u.id = h.user_id AND u.instance_id = h.instance_id LEFT JOIN - projections.users9_machines m + projections.users10_machines m ON u.id = m.user_id AND u.instance_id = m.instance_id diff --git a/internal/query/user_by_login_name.sql b/internal/query/user_by_login_name.sql index 933a5d0ae7..cf25638fa6 100644 --- a/internal/query/user_by_login_name.sql +++ b/internal/query/user_by_login_name.sql @@ -30,6 +30,12 @@ WITH found_users AS ( u.instance_id = d.instance_id AND u.resource_owner = d.resource_owner AND CASE WHEN p.must_be_domain THEN d.name_lower = $2 ELSE TRUE END + WHERE + u.instance_id = $4 + AND u.user_name_lower IN ( + $1, + $3 + ) ), login_names AS (SELECT fu.id user_id @@ -91,22 +97,22 @@ SELECT , m.user_id , m.name , m.description - , m.has_secret + , m.secret , m.access_token_type , count(*) OVER () FROM found_users fu JOIN - projections.users9 u + projections.users10 u ON fu.id = u.id AND fu.instance_id = u.instance_id LEFT JOIN - projections.users9_humans h + projections.users10_humans h ON fu.id = h.user_id AND fu.instance_id = h.instance_id LEFT JOIN - projections.users9_machines m + projections.users10_machines m ON fu.id = m.user_id AND fu.instance_id = m.instance_id diff --git a/internal/query/user_grant.go b/internal/query/user_grant.go index 170084d899..9e3cd3790f 100644 --- a/internal/query/user_grant.go +++ b/internal/query/user_grant.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -14,10 +14,10 @@ import ( "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type UserGrant struct { @@ -255,7 +255,7 @@ func (q *Queries) UserGrant(ctx context.Context, shouldTriggerBulk bool, withOwn } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Fa1KW", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-Fa1KW", "Errors.Query.SQLStatement") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -283,7 +283,7 @@ func (q *Queries) UserGrants(ctx context.Context, queries *UserGrantsQueries, sh } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-wXnQR", "Errors.Query.SQLStatement") + return nil, zerrors.ThrowInternal(err, "QUERY-wXnQR", "Errors.Query.SQLStatement") } latestSequence, err := q.latestState(ctx, userGrantTable) @@ -388,10 +388,10 @@ func prepareUserGrantQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu &projectName, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-wIPkA", "Errors.UserGrant.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-wIPkA", "Errors.UserGrant.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-oQPcP", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-oQPcP", "Errors.Internal") } g.Username = username.String @@ -523,7 +523,7 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-iGvmP", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-iGvmP", "Errors.Query.CloseRows") } return &UserGrants{ diff --git a/internal/query/user_grant_test.go b/internal/query/user_grant_test.go index 962c6a1ed6..67e7fb9b86 100644 --- a/internal/query/user_grant_test.go +++ b/internal/query/user_grant_test.go @@ -10,7 +10,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -23,14 +23,14 @@ var ( ", projections.user_grants3.roles" + ", projections.user_grants3.state" + ", projections.user_grants3.user_id" + - ", projections.users9.username" + - ", projections.users9.type" + - ", projections.users9.resource_owner" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.display_name" + - ", projections.users9_humans.avatar_key" + + ", projections.users10.username" + + ", projections.users10.type" + + ", projections.users10.resource_owner" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.email" + + ", projections.users10_humans.display_name" + + ", projections.users10_humans.avatar_key" + ", projections.login_names3.login_name" + ", projections.user_grants3.resource_owner" + ", projections.orgs1.name" + @@ -38,8 +38,8 @@ var ( ", projections.user_grants3.project_id" + ", projections.projects4.name" + " FROM projections.user_grants3" + - " LEFT JOIN projections.users9 ON projections.user_grants3.user_id = projections.users9.id AND projections.user_grants3.instance_id = projections.users9.instance_id" + - " LEFT JOIN projections.users9_humans ON projections.user_grants3.user_id = projections.users9_humans.user_id AND projections.user_grants3.instance_id = projections.users9_humans.instance_id" + + " LEFT JOIN projections.users10 ON projections.user_grants3.user_id = projections.users10.id AND projections.user_grants3.instance_id = projections.users10.instance_id" + + " LEFT JOIN projections.users10_humans ON projections.user_grants3.user_id = projections.users10_humans.user_id AND projections.user_grants3.instance_id = projections.users10_humans.instance_id" + " LEFT JOIN projections.orgs1 ON projections.user_grants3.resource_owner = projections.orgs1.id AND projections.user_grants3.instance_id = projections.orgs1.instance_id" + " LEFT JOIN projections.projects4 ON projections.user_grants3.project_id = projections.projects4.id AND projections.user_grants3.instance_id = projections.projects4.instance_id" + " LEFT JOIN projections.login_names3 ON projections.user_grants3.user_id = projections.login_names3.user_id AND projections.user_grants3.instance_id = projections.login_names3.instance_id" + @@ -78,14 +78,14 @@ var ( ", projections.user_grants3.roles" + ", projections.user_grants3.state" + ", projections.user_grants3.user_id" + - ", projections.users9.username" + - ", projections.users9.type" + - ", projections.users9.resource_owner" + - ", projections.users9_humans.first_name" + - ", projections.users9_humans.last_name" + - ", projections.users9_humans.email" + - ", projections.users9_humans.display_name" + - ", projections.users9_humans.avatar_key" + + ", projections.users10.username" + + ", projections.users10.type" + + ", projections.users10.resource_owner" + + ", projections.users10_humans.first_name" + + ", projections.users10_humans.last_name" + + ", projections.users10_humans.email" + + ", projections.users10_humans.display_name" + + ", projections.users10_humans.avatar_key" + ", projections.login_names3.login_name" + ", projections.user_grants3.resource_owner" + ", projections.orgs1.name" + @@ -94,8 +94,8 @@ var ( ", projections.projects4.name" + ", COUNT(*) OVER ()" + " FROM projections.user_grants3" + - " LEFT JOIN projections.users9 ON projections.user_grants3.user_id = projections.users9.id AND projections.user_grants3.instance_id = projections.users9.instance_id" + - " LEFT JOIN projections.users9_humans ON projections.user_grants3.user_id = projections.users9_humans.user_id AND projections.user_grants3.instance_id = projections.users9_humans.instance_id" + + " LEFT JOIN projections.users10 ON projections.user_grants3.user_id = projections.users10.id AND projections.user_grants3.instance_id = projections.users10.instance_id" + + " LEFT JOIN projections.users10_humans ON projections.user_grants3.user_id = projections.users10_humans.user_id AND projections.user_grants3.instance_id = projections.users10_humans.instance_id" + " LEFT JOIN projections.orgs1 ON projections.user_grants3.resource_owner = projections.orgs1.id AND projections.user_grants3.instance_id = projections.orgs1.instance_id" + " LEFT JOIN projections.projects4 ON projections.user_grants3.project_id = projections.projects4.id AND projections.user_grants3.instance_id = projections.projects4.instance_id" + " LEFT JOIN projections.login_names3 ON projections.user_grants3.user_id = projections.login_names3.user_id AND projections.user_grants3.instance_id = projections.login_names3.instance_id" + @@ -128,7 +128,7 @@ func Test_UserGrantPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/user_membership.go b/internal/query/user_membership.go index 9bf6c5b6d6..b45bd5a943 100644 --- a/internal/query/user_membership.go +++ b/internal/query/user_membership.go @@ -11,10 +11,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Memberships struct { @@ -142,7 +142,7 @@ func (q *Queries) Memberships(ctx context.Context, queries *MembershipSearchQuer eq := sq.Eq{membershipInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()} stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest") } latestSequence, err := q.latestState(ctx, orgMemberTable, instanceMemberTable, projectMemberTable, projectGrantMemberTable) if err != nil { @@ -329,7 +329,7 @@ func prepareMembershipsQuery(ctx context.Context, db prepareDatabase, queries *M } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-N34NV", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-N34NV", "Errors.Query.CloseRows") } return &Memberships{ diff --git a/internal/query/user_metadata.go b/internal/query/user_metadata.go index a4f0fd2e9f..d61d17b6b9 100644 --- a/internal/query/user_metadata.go +++ b/internal/query/user_metadata.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -12,10 +12,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type UserMetadataList struct { @@ -98,7 +98,7 @@ func (q *Queries) GetUserMetadataByKey(ctx context.Context, shouldTriggerBulk bo } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -126,7 +126,7 @@ func (q *Queries) SearchUserMetadata(ctx context.Context, shouldTriggerBulk bool } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatment") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -188,10 +188,10 @@ func prepareUserMetadataQuery(ctx context.Context, db prepareDatabase) (sq.Selec ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-Rgh32", "Errors.Metadata.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Rgh32", "Errors.Metadata.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-Hhjt2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Hhjt2", "Errors.Internal") } return m, nil } @@ -230,7 +230,7 @@ func prepareUserMetadataListQuery(ctx context.Context, db prepareDatabase) (sq.S } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-sd3gh", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-sd3gh", "Errors.Query.CloseRows") } return &UserMetadataList{ diff --git a/internal/query/user_metadata_test.go b/internal/query/user_metadata_test.go index 1fbd04cc7b..8e5f9496f8 100644 --- a/internal/query/user_metadata_test.go +++ b/internal/query/user_metadata_test.go @@ -8,7 +8,7 @@ import ( "regexp" "testing" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -68,7 +68,7 @@ func Test_UserMetadataPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -129,7 +129,7 @@ func Test_UserMetadataPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/user_notify_by_id.sql b/internal/query/user_notify_by_id.sql index d383650c7f..1087a1316b 100644 --- a/internal/query/user_notify_by_id.sql +++ b/internal/query/user_notify_by_id.sql @@ -24,8 +24,6 @@ WITH login_names AS ( (p.is_default IS TRUE AND p.instance_id = $2) OR (p.instance_id = $2 AND p.resource_owner = u.resource_owner) ) - AND - u.id = $1 ORDER BY is_default LIMIT 1 ) p ON TRUE @@ -34,6 +32,9 @@ WITH login_names AS ( ON u.instance_id = d.instance_id AND u.resource_owner = d.resource_owner + WHERE + u.instance_id = $2 + AND u.id = $1 ) SELECT u.id @@ -61,14 +62,14 @@ SELECT , n.verified_phone , n.password_set , count(*) OVER () -FROM projections.users9 u +FROM projections.users10 u LEFT JOIN - projections.users9_humans h + projections.users10_humans h ON u.id = h.user_id AND u.instance_id = h.instance_id LEFT JOIN - projections.users9_notifications n + projections.users10_notifications n ON u.id = n.user_id AND u.instance_id = n.instance_id diff --git a/internal/query/user_notify_by_login_name.sql b/internal/query/user_notify_by_login_name.sql index c375708894..1347e6cb3c 100644 --- a/internal/query/user_notify_by_login_name.sql +++ b/internal/query/user_notify_by_login_name.sql @@ -30,6 +30,12 @@ WITH found_users AS ( u.instance_id = d.instance_id AND u.resource_owner = d.resource_owner AND CASE WHEN p.must_be_domain THEN d.name_lower = $2 ELSE TRUE END + WHERE + u.instance_id = $4 + AND u.user_name_lower IN ( + $1, + $3 + ) ), login_names AS (SELECT fu.id user_id @@ -93,17 +99,17 @@ SELECT , count(*) OVER () FROM found_users fu JOIN - projections.users9 u + projections.users10 u ON fu.id = u.id AND fu.instance_id = u.instance_id LEFT JOIN - projections.users9_humans h + projections.users10_humans h ON fu.id = h.user_id AND fu.instance_id = h.instance_id LEFT JOIN - projections.users9_notifications n + projections.users10_notifications n ON fu.id = n.user_id AND fu.instance_id = n.instance_id diff --git a/internal/query/user_otp.go b/internal/query/user_otp.go index 77e5e16fd9..c257048139 100644 --- a/internal/query/user_otp.go +++ b/internal/query/user_otp.go @@ -5,10 +5,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) func (q *Queries) GetHumanOTPSecret(ctx context.Context, userID, resourceowner string) (_ string, err error) { @@ -16,14 +16,14 @@ func (q *Queries) GetHumanOTPSecret(ctx context.Context, userID, resourceowner s defer func() { span.EndWithError(err) }() if userID == "" { - return "", errors.ThrowPreconditionFailed(nil, "QUERY-8N9ds", "Errors.User.UserIDMissing") + return "", zerrors.ThrowPreconditionFailed(nil, "QUERY-8N9ds", "Errors.User.UserIDMissing") } existingOTP, err := q.otpReadModelByID(ctx, userID, resourceowner) if err != nil { return "", err } if existingOTP.State != domain.MFAStateReady { - return "", errors.ThrowNotFound(nil, "QUERY-01982h", "Errors.User.NotFound") + return "", zerrors.ThrowNotFound(nil, "QUERY-01982h", "Errors.User.NotFound") } return crypto.DecryptString(existingOTP.Secret, q.multifactors.OTP.CryptoMFA) diff --git a/internal/query/user_password.go b/internal/query/user_password.go index 5f991cf002..aa0bc60d2c 100644 --- a/internal/query/user_password.go +++ b/internal/query/user_password.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type HumanPasswordReadModel struct { @@ -31,14 +31,14 @@ func (q *Queries) GetHumanPassword(ctx context.Context, orgID, userID string) (e defer func() { span.EndWithError(err) }() if userID == "" { - return "", errors.ThrowInvalidArgument(nil, "QUERY-4Mfsf", "Errors.User.UserIDMissing") + return "", zerrors.ThrowInvalidArgument(nil, "QUERY-4Mfsf", "Errors.User.UserIDMissing") } existingPassword, err := q.passwordReadModel(ctx, userID, orgID) if err != nil { - return "", errors.ThrowInternal(nil, "QUERY-p1k1n2i", "Errors.User.NotFound") + return "", zerrors.ThrowInternal(nil, "QUERY-p1k1n2i", "Errors.User.NotFound") } if existingPassword.UserState == domain.UserStateUnspecified || existingPassword.UserState == domain.UserStateDeleted { - return "", errors.ThrowPreconditionFailed(nil, "QUERY-3n77z", "Errors.User.NotFound") + return "", zerrors.ThrowPreconditionFailed(nil, "QUERY-3n77z", "Errors.User.NotFound") } return existingPassword.EncodedHash, nil } diff --git a/internal/query/user_personal_access_token.go b/internal/query/user_personal_access_token.go index 17726a06ad..47f92ffc8d 100644 --- a/internal/query/user_personal_access_token.go +++ b/internal/query/user_personal_access_token.go @@ -3,7 +3,7 @@ package query import ( "context" "database/sql" - errs "errors" + "errors" "time" sq "github.com/Masterminds/squirrel" @@ -13,10 +13,10 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/call" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -112,7 +112,7 @@ func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk } stmt, args, err := query.Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment") + return nil, zerrors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment") } err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { @@ -138,7 +138,7 @@ func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *Perso } stmt, args, err := queries.toQuery(query).Where(eq).ToSql() if err != nil { - return nil, errors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest") + return nil, zerrors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest") } err = q.client.QueryContext(ctx, func(rows *sql.Rows) error { @@ -147,7 +147,7 @@ func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *Perso }, stmt, args...) if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Bmz63", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-Bmz63", "Errors.Internal") } personalAccessTokens.State, err = q.latestState(ctx, personalAccessTokensTable) @@ -204,10 +204,10 @@ func preparePersonalAccessTokenQuery(ctx context.Context, db prepareDatabase) (s &p.Scopes, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, errors.ThrowNotFound(err, "QUERY-fRunu", "Errors.PersonalAccessToken.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-fRunu", "Errors.PersonalAccessToken.NotFound") } - return nil, errors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal") } return p, nil } @@ -249,7 +249,7 @@ func preparePersonalAccessTokensQuery(ctx context.Context, db prepareDatabase) ( } if err := rows.Close(); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") + return nil, zerrors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows") } return &PersonalAccessTokens{ diff --git a/internal/query/user_personal_access_token_test.go b/internal/query/user_personal_access_token_test.go index 95b08c87c9..79ba700ed5 100644 --- a/internal/query/user_personal_access_token_test.go +++ b/internal/query/user_personal_access_token_test.go @@ -10,7 +10,7 @@ import ( "time" "github.com/zitadel/zitadel/internal/database" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -81,7 +81,7 @@ func Test_PersonalAccessTokenPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true diff --git a/internal/query/user_test.go b/internal/query/user_test.go index 1076dd8729..35cd2730ee 100644 --- a/internal/query/user_test.go +++ b/internal/query/user_test.go @@ -10,9 +10,10 @@ import ( "golang.org/x/text/language" + "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -22,43 +23,43 @@ var ( preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` + ` FROM projections.login_names3 AS preferred_login_name` + ` WHERE preferred_login_name.is_primary = $1` - userQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9.state,` + - ` projections.users9.type,` + - ` projections.users9.username,` + + userQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10.state,` + + ` projections.users10.type,` + + ` projections.users10.username,` + ` login_names.loginnames,` + ` preferred_login_name.login_name,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.first_name,` + - ` projections.users9_humans.last_name,` + - ` projections.users9_humans.nick_name,` + - ` projections.users9_humans.display_name,` + - ` projections.users9_humans.preferred_language,` + - ` projections.users9_humans.gender,` + - ` projections.users9_humans.avatar_key,` + - ` projections.users9_humans.email,` + - ` projections.users9_humans.is_email_verified,` + - ` projections.users9_humans.phone,` + - ` projections.users9_humans.is_phone_verified,` + - ` projections.users9_machines.user_id,` + - ` projections.users9_machines.name,` + - ` projections.users9_machines.description,` + - ` projections.users9_machines.has_secret,` + - ` projections.users9_machines.access_token_type,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.first_name,` + + ` projections.users10_humans.last_name,` + + ` projections.users10_humans.nick_name,` + + ` projections.users10_humans.display_name,` + + ` projections.users10_humans.preferred_language,` + + ` projections.users10_humans.gender,` + + ` projections.users10_humans.avatar_key,` + + ` projections.users10_humans.email,` + + ` projections.users10_humans.is_email_verified,` + + ` projections.users10_humans.phone,` + + ` projections.users10_humans.is_phone_verified,` + + ` projections.users10_machines.user_id,` + + ` projections.users10_machines.name,` + + ` projections.users10_machines.description,` + + ` projections.users10_machines.secret,` + + ` projections.users10_machines.access_token_type,` + ` COUNT(*) OVER ()` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + - ` LEFT JOIN projections.users9_machines ON projections.users9.id = projections.users9_machines.user_id AND projections.users9.instance_id = projections.users9_machines.instance_id` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + + ` LEFT JOIN projections.users10_machines ON projections.users10.id = projections.users10_machines.user_id AND projections.users10.instance_id = projections.users10_machines.instance_id` + ` LEFT JOIN` + ` (` + loginNamesQuery + `) AS login_names` + - ` ON login_names.user_id = projections.users9.id AND login_names.instance_id = projections.users9.instance_id` + + ` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` + ` LEFT JOIN` + ` (` + preferredLoginNameQuery + `) AS preferred_login_name` + - ` ON preferred_login_name.user_id = projections.users9.id AND preferred_login_name.instance_id = projections.users9.instance_id` + + ` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` userCols = []string{ "id", @@ -71,7 +72,7 @@ var ( "username", "loginnames", "login_name", - //human + // human "user_id", "first_name", "last_name", @@ -84,29 +85,29 @@ var ( "is_email_verified", "phone", "is_phone_verified", - //machine + // machine "user_id", "name", "description", - "has_secret", + "secret", "access_token_type", "count", } - profileQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.first_name,` + - ` projections.users9_humans.last_name,` + - ` projections.users9_humans.nick_name,` + - ` projections.users9_humans.display_name,` + - ` projections.users9_humans.preferred_language,` + - ` projections.users9_humans.gender,` + - ` projections.users9_humans.avatar_key` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + + profileQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.first_name,` + + ` projections.users10_humans.last_name,` + + ` projections.users10_humans.nick_name,` + + ` projections.users10_humans.display_name,` + + ` projections.users10_humans.preferred_language,` + + ` projections.users10_humans.gender,` + + ` projections.users10_humans.avatar_key` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` profileCols = []string{ "id", @@ -123,16 +124,16 @@ var ( "gender", "avatar_key", } - emailQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.email,` + - ` projections.users9_humans.is_email_verified` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + + emailQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.email,` + + ` projections.users10_humans.is_email_verified` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` emailCols = []string{ "id", @@ -144,16 +145,16 @@ var ( "email", "is_email_verified", } - phoneQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.phone,` + - ` projections.users9_humans.is_phone_verified` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + + phoneQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.phone,` + + ` projections.users10_humans.is_phone_verified` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` phoneCols = []string{ "id", @@ -165,14 +166,14 @@ var ( "phone", "is_phone_verified", } - userUniqueQuery = `SELECT projections.users9.id,` + - ` projections.users9.state,` + - ` projections.users9.username,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.email,` + - ` projections.users9_humans.is_email_verified` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + + userUniqueQuery = `SELECT projections.users10.id,` + + ` projections.users10.state,` + + ` projections.users10.username,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.email,` + + ` projections.users10_humans.is_email_verified` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` userUniqueCols = []string{ "id", @@ -182,40 +183,40 @@ var ( "email", "is_email_verified", } - notifyUserQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9.state,` + - ` projections.users9.type,` + - ` projections.users9.username,` + + notifyUserQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10.state,` + + ` projections.users10.type,` + + ` projections.users10.username,` + ` login_names.loginnames,` + ` preferred_login_name.login_name,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.first_name,` + - ` projections.users9_humans.last_name,` + - ` projections.users9_humans.nick_name,` + - ` projections.users9_humans.display_name,` + - ` projections.users9_humans.preferred_language,` + - ` projections.users9_humans.gender,` + - ` projections.users9_humans.avatar_key,` + - ` projections.users9_notifications.user_id,` + - ` projections.users9_notifications.last_email,` + - ` projections.users9_notifications.verified_email,` + - ` projections.users9_notifications.last_phone,` + - ` projections.users9_notifications.verified_phone,` + - ` projections.users9_notifications.password_set,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.first_name,` + + ` projections.users10_humans.last_name,` + + ` projections.users10_humans.nick_name,` + + ` projections.users10_humans.display_name,` + + ` projections.users10_humans.preferred_language,` + + ` projections.users10_humans.gender,` + + ` projections.users10_humans.avatar_key,` + + ` projections.users10_notifications.user_id,` + + ` projections.users10_notifications.last_email,` + + ` projections.users10_notifications.verified_email,` + + ` projections.users10_notifications.last_phone,` + + ` projections.users10_notifications.verified_phone,` + + ` projections.users10_notifications.password_set,` + ` COUNT(*) OVER ()` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + - ` LEFT JOIN projections.users9_notifications ON projections.users9.id = projections.users9_notifications.user_id AND projections.users9.instance_id = projections.users9_notifications.instance_id` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + + ` LEFT JOIN projections.users10_notifications ON projections.users10.id = projections.users10_notifications.user_id AND projections.users10.instance_id = projections.users10_notifications.instance_id` + ` LEFT JOIN` + ` (` + loginNamesQuery + `) AS login_names` + - ` ON login_names.user_id = projections.users9.id AND login_names.instance_id = projections.users9.instance_id` + + ` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` + ` LEFT JOIN` + ` (` + preferredLoginNameQuery + `) AS preferred_login_name` + - ` ON preferred_login_name.user_id = projections.users9.id AND preferred_login_name.instance_id = projections.users9.instance_id` + + ` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` notifyUserCols = []string{ "id", @@ -228,7 +229,7 @@ var ( "username", "loginnames", "login_name", - //human + // human "user_id", "first_name", "last_name", @@ -237,7 +238,7 @@ var ( "preferred_language", "gender", "avatar_key", - //machine + // machine "user_id", "last_email", "verified_email", @@ -246,43 +247,43 @@ var ( "password_set", "count", } - usersQuery = `SELECT projections.users9.id,` + - ` projections.users9.creation_date,` + - ` projections.users9.change_date,` + - ` projections.users9.resource_owner,` + - ` projections.users9.sequence,` + - ` projections.users9.state,` + - ` projections.users9.type,` + - ` projections.users9.username,` + + usersQuery = `SELECT projections.users10.id,` + + ` projections.users10.creation_date,` + + ` projections.users10.change_date,` + + ` projections.users10.resource_owner,` + + ` projections.users10.sequence,` + + ` projections.users10.state,` + + ` projections.users10.type,` + + ` projections.users10.username,` + ` login_names.loginnames,` + ` preferred_login_name.login_name,` + - ` projections.users9_humans.user_id,` + - ` projections.users9_humans.first_name,` + - ` projections.users9_humans.last_name,` + - ` projections.users9_humans.nick_name,` + - ` projections.users9_humans.display_name,` + - ` projections.users9_humans.preferred_language,` + - ` projections.users9_humans.gender,` + - ` projections.users9_humans.avatar_key,` + - ` projections.users9_humans.email,` + - ` projections.users9_humans.is_email_verified,` + - ` projections.users9_humans.phone,` + - ` projections.users9_humans.is_phone_verified,` + - ` projections.users9_machines.user_id,` + - ` projections.users9_machines.name,` + - ` projections.users9_machines.description,` + - ` projections.users9_machines.has_secret,` + - ` projections.users9_machines.access_token_type,` + + ` projections.users10_humans.user_id,` + + ` projections.users10_humans.first_name,` + + ` projections.users10_humans.last_name,` + + ` projections.users10_humans.nick_name,` + + ` projections.users10_humans.display_name,` + + ` projections.users10_humans.preferred_language,` + + ` projections.users10_humans.gender,` + + ` projections.users10_humans.avatar_key,` + + ` projections.users10_humans.email,` + + ` projections.users10_humans.is_email_verified,` + + ` projections.users10_humans.phone,` + + ` projections.users10_humans.is_phone_verified,` + + ` projections.users10_machines.user_id,` + + ` projections.users10_machines.name,` + + ` projections.users10_machines.description,` + + ` projections.users10_machines.secret,` + + ` projections.users10_machines.access_token_type,` + ` COUNT(*) OVER ()` + - ` FROM projections.users9` + - ` LEFT JOIN projections.users9_humans ON projections.users9.id = projections.users9_humans.user_id AND projections.users9.instance_id = projections.users9_humans.instance_id` + - ` LEFT JOIN projections.users9_machines ON projections.users9.id = projections.users9_machines.user_id AND projections.users9.instance_id = projections.users9_machines.instance_id` + + ` FROM projections.users10` + + ` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` + + ` LEFT JOIN projections.users10_machines ON projections.users10.id = projections.users10_machines.user_id AND projections.users10.instance_id = projections.users10_machines.instance_id` + ` LEFT JOIN` + ` (` + loginNamesQuery + `) AS login_names` + - ` ON login_names.user_id = projections.users9.id AND login_names.instance_id = projections.users9.instance_id` + + ` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` + ` LEFT JOIN` + ` (` + preferredLoginNameQuery + `) AS preferred_login_name` + - ` ON preferred_login_name.user_id = projections.users9.id AND preferred_login_name.instance_id = projections.users9.instance_id` + + ` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` + ` AS OF SYSTEM TIME '-1 ms'` usersCols = []string{ "id", @@ -295,7 +296,7 @@ var ( "username", "loginnames", "login_name", - //human + // human "user_id", "first_name", "last_name", @@ -308,11 +309,11 @@ var ( "is_email_verified", "phone", "is_phone_verified", - //machine + // machine "user_id", "name", "description", - "has_secret", + "secret", "access_token_type", "count", } @@ -339,7 +340,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -365,7 +366,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human "id", "first_name", "last_name", @@ -378,7 +379,7 @@ func Test_UserPrepares(t *testing.T) { true, "phone", true, - //machine + // machine nil, nil, nil, @@ -432,7 +433,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human nil, nil, nil, @@ -445,11 +446,11 @@ func Test_UserPrepares(t *testing.T) { nil, nil, nil, - //machine + // machine "id", "name", "description", - true, + nil, domain.OIDCTokenTypeBearer, 1, }, @@ -469,7 +470,71 @@ func Test_UserPrepares(t *testing.T) { Machine: &Machine{ Name: "name", Description: "description", - HasSecret: true, + Secret: nil, + AccessTokenType: domain.OIDCTokenTypeBearer, + }, + }, + }, + { + name: "prepareUserQuery machine with secret found", + prepare: prepareUserQuery, + want: want{ + sqlExpectations: mockQuery( + regexp.QuoteMeta(userQuery), + userCols, + []driver.Value{ + "id", + testNow, + testNow, + "resource_owner", + uint64(20211108), + domain.UserStateActive, + domain.UserTypeMachine, + "username", + database.TextArray[string]{"login_name1", "login_name2"}, + "login_name1", + // human + nil, + nil, + nil, + nil, + nil, + nil, + nil, + nil, + nil, + nil, + nil, + nil, + // machine + "id", + "name", + "description", + `{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`, + domain.OIDCTokenTypeBearer, + 1, + }, + ), + }, + object: &User{ + ID: "id", + CreationDate: testNow, + ChangeDate: testNow, + ResourceOwner: "resource_owner", + Sequence: 20211108, + State: domain.UserStateActive, + Type: domain.UserTypeMachine, + Username: "username", + LoginNames: database.TextArray[string]{"login_name1", "login_name2"}, + PreferredLoginName: "login_name1", + Machine: &Machine{ + Name: "name", + Description: "description", + Secret: &crypto.CryptoValue{ + CryptoType: crypto.TypeHash, + Algorithm: "bcrypt", + Crypted: []byte{117, 230, 157, 109, 231, 159}, + }, AccessTokenType: domain.OIDCTokenTypeBearer, }, }, @@ -501,7 +566,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -572,7 +637,7 @@ func Test_UserPrepares(t *testing.T) { }, ), err: func(err error) (error, bool) { - if !errs.IsPreconditionFailed(err) { + if !zerrors.IsPreconditionFailed(err) { return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false } return nil, true @@ -607,7 +672,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -666,7 +731,7 @@ func Test_UserPrepares(t *testing.T) { }, ), err: func(err error) (error, bool) { - if !errs.IsPreconditionFailed(err) { + if !zerrors.IsPreconditionFailed(err) { return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false } return nil, true @@ -701,7 +766,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -760,7 +825,7 @@ func Test_UserPrepares(t *testing.T) { }, ), err: func(err error) (error, bool) { - if !errs.IsPreconditionFailed(err) { + if !zerrors.IsPreconditionFailed(err) { return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false } return nil, true @@ -795,7 +860,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -849,7 +914,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -875,7 +940,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human "id", "first_name", "last_name", @@ -938,7 +1003,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human "id", "first_name", "last_name", @@ -957,7 +1022,7 @@ func Test_UserPrepares(t *testing.T) { }, ), err: func(err error) (error, bool) { - if !errs.IsPreconditionFailed(err) { + if !zerrors.IsPreconditionFailed(err) { return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false } return nil, true @@ -992,7 +1057,7 @@ func Test_UserPrepares(t *testing.T) { nil, ), err: func(err error) (error, bool) { - if !errs.IsNotFound(err) { + if !zerrors.IsNotFound(err) { return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false } return nil, true @@ -1019,7 +1084,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human "id", "first_name", "last_name", @@ -1032,7 +1097,7 @@ func Test_UserPrepares(t *testing.T) { true, "phone", true, - //machine + // machine nil, nil, nil, @@ -1094,7 +1159,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human "id", "first_name", "last_name", @@ -1107,7 +1172,7 @@ func Test_UserPrepares(t *testing.T) { true, "phone", true, - //machine + // machine nil, nil, nil, @@ -1125,7 +1190,7 @@ func Test_UserPrepares(t *testing.T) { "username", database.TextArray[string]{"login_name1", "login_name2"}, "login_name1", - //human + // human nil, nil, nil, @@ -1138,11 +1203,11 @@ func Test_UserPrepares(t *testing.T) { nil, nil, nil, - //machine + // machine "id", "name", "description", - true, + `{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`, domain.OIDCTokenTypeBearer, }, }, @@ -1190,9 +1255,13 @@ func Test_UserPrepares(t *testing.T) { LoginNames: database.TextArray[string]{"login_name1", "login_name2"}, PreferredLoginName: "login_name1", Machine: &Machine{ - Name: "name", - Description: "description", - HasSecret: true, + Name: "name", + Description: "description", + Secret: &crypto.CryptoValue{ + CryptoType: crypto.TypeHash, + Algorithm: "bcrypt", + Crypted: []byte{117, 230, 157, 109, 231, 159}, + }, AccessTokenType: domain.OIDCTokenTypeBearer, }, }, diff --git a/internal/query/userinfo.go b/internal/query/userinfo.go index c42a893319..2e2c27f9bc 100644 --- a/internal/query/userinfo.go +++ b/internal/query/userinfo.go @@ -4,15 +4,15 @@ import ( "context" "database/sql" _ "embed" - "encoding/json" + "errors" "sync" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" "github.com/zitadel/zitadel/internal/query/projection" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) // oidcUserInfoTriggerHandlers slice can only be created after zitadel @@ -40,23 +40,17 @@ func (q *Queries) GetOIDCUserInfo(ctx context.Context, userID string, roleAudien ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - var data []byte - err = q.client.QueryRowContext(ctx, func(row *sql.Row) error { - return row.Scan(&data) - }, - oidcUserInfoQuery, + userInfo, err := database.QueryJSONObject[OIDCUserInfo](ctx, q.client, oidcUserInfoQuery, userID, authz.GetInstance(ctx).InstanceID(), database.TextArray[string](roleAudience), ) - if err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Oath6", "Errors.Internal") + if errors.Is(err, sql.ErrNoRows) { + return nil, zerrors.ThrowNotFound(err, "QUERY-Eey2a", "Errors.User.NotFound") } - - userInfo := new(OIDCUserInfo) - if err = json.Unmarshal(data, userInfo); err != nil { - return nil, errors.ThrowInternal(err, "QUERY-Vohs6", "Errors.Internal") + if err != nil { + return nil, zerrors.ThrowInternal(err, "QUERY-Oath6", "Errors.Internal") } if userInfo.User == nil { - return nil, errors.ThrowNotFound(nil, "QUERY-ahs4S", "Errors.User.NotFound") + return nil, zerrors.ThrowNotFound(nil, "QUERY-ahs4S", "Errors.User.NotFound") } return userInfo, nil diff --git a/internal/query/userinfo_test.go b/internal/query/userinfo_test.go index 34c713d506..2a6cb959c8 100644 --- a/internal/query/userinfo_test.go +++ b/internal/query/userinfo_test.go @@ -16,7 +16,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -68,21 +68,13 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) { mock: mockQueryErr(expQuery, sql.ErrConnDone, "231965491734773762", "instanceID", nil), wantErr: sql.ErrConnDone, }, - { - name: "unmarshal error", - args: args{ - userID: "231965491734773762", - }, - mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{`~~~`}, "231965491734773762", "instanceID", nil), - wantErr: errors.ThrowInternal(nil, "QUERY-Vohs6", "Errors.Internal"), - }, { name: "user not found", args: args{ userID: "231965491734773762", }, mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoNotFound}, "231965491734773762", "instanceID", nil), - wantErr: errors.ThrowNotFound(nil, "QUERY-ahs4S", "Errors.User.NotFound"), + wantErr: zerrors.ThrowNotFound(nil, "QUERY-ahs4S", "Errors.User.NotFound"), }, { name: "human without metadata", diff --git a/internal/renderer/renderer.go b/internal/renderer/renderer.go index 72da287a36..d9e4a44ef5 100644 --- a/internal/renderer/renderer.go +++ b/internal/renderer/renderer.go @@ -11,8 +11,8 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/authz" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/i18n" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -23,17 +23,13 @@ const ( type Renderer struct { Templates map[string]*template.Template - dir http.FileSystem cookieName string } -func NewRenderer(dir http.FileSystem, tmplMapping map[string]string, funcs map[string]interface{}, cookieName string) (*Renderer, error) { +func NewRenderer(tmplMapping map[string]string, funcs map[string]interface{}, cookieName string) (*Renderer, error) { var err error - r := &Renderer{ - dir: dir, - cookieName: cookieName, - } - err = r.loadTemplates(dir, nil, tmplMapping, funcs) + r := &Renderer{cookieName: cookieName} + err = r.loadTemplates(i18n.LoadFilesystem(i18n.LOGIN), nil, tmplMapping, funcs) if err != nil { return nil, err } @@ -47,8 +43,8 @@ func (r *Renderer) RenderTemplate(w http.ResponseWriter, req *http.Request, tran } } -func (r *Renderer) NewTranslator(ctx context.Context) (*i18n.Translator, error) { - return i18n.NewTranslator(r.dir, authz.GetInstance(ctx).DefaultLanguage(), r.cookieName) +func (r *Renderer) NewTranslator(ctx context.Context, allowedLanguages []language.Tag) (*i18n.Translator, error) { + return i18n.NewLoginTranslator(authz.GetInstance(ctx).DefaultLanguage(), allowedLanguages, r.cookieName) } func (r *Renderer) Localize(translator *i18n.Translator, id string, args map[string]interface{}) string { @@ -85,17 +81,17 @@ func (r *Renderer) loadTemplates(dir http.FileSystem, translator *i18n.Translato } templatesDir, err := dir.Open(templatesPath) if err != nil { - return errors.ThrowNotFound(err, "RENDE-G3aea", "path not found") + return zerrors.ThrowNotFound(err, "RENDE-G3aea", "path not found") } defer templatesDir.Close() files, err := templatesDir.Readdir(0) if err != nil { - return errors.ThrowNotFound(err, "RENDE-dfR33", "cannot read dir") + return zerrors.ThrowNotFound(err, "RENDE-dfR33", "cannot read dir") } tmpl := template.New("") for _, file := range files { if err := r.addFileToTemplate(dir, tmpl, tmplMapping, funcs, file); err != nil { - return errors.ThrowNotFound(err, "RENDE-dfTe1", "cannot append file to templates") + return zerrors.ThrowNotFound(err, "RENDE-dfTe1", "cannot append file to templates") } } r.Templates = make(map[string]*template.Template, len(tmplMapping)) diff --git a/internal/repository/action/action.go b/internal/repository/action/action.go index e1195fa66e..518238266d 100644 --- a/internal/repository/action/action.go +++ b/internal/repository/action/action.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -76,7 +76,7 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "ACTION-4n8vs", "unable to unmarshal action added") + return nil, zerrors.ThrowInternal(err, "ACTION-4n8vs", "unable to unmarshal action added") } return e, nil @@ -112,7 +112,7 @@ func NewChangedEvent( changes []ActionChanges, ) (*ChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "ACTION-dg4t2", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "ACTION-dg4t2", "Errors.NoChangesFound") } changeEvent := &ChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -161,7 +161,7 @@ func ChangedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "ACTION-4n8vs", "unable to unmarshal action changed") + return nil, zerrors.ThrowInternal(err, "ACTION-4n8vs", "unable to unmarshal action changed") } return e, nil diff --git a/internal/repository/asset/asset.go b/internal/repository/asset/asset.go index e965b1ef8b..ca389fc394 100644 --- a/internal/repository/asset/asset.go +++ b/internal/repository/asset/asset.go @@ -1,8 +1,8 @@ package asset import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -42,7 +42,7 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "ASSET-1WEAx", "unable to unmarshal asset") + return nil, zerrors.ThrowInternal(err, "ASSET-1WEAx", "unable to unmarshal asset") } return e, nil @@ -80,7 +80,7 @@ func RemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "ASSET-1m9PP", "unable to unmarshal asset") + return nil, zerrors.ThrowInternal(err, "ASSET-1m9PP", "unable to unmarshal asset") } return e, nil diff --git a/internal/repository/authrequest/auth_request.go b/internal/repository/authrequest/auth_request.go index 3633da54a2..5e9f1ad390 100644 --- a/internal/repository/authrequest/auth_request.go +++ b/internal/repository/authrequest/auth_request.go @@ -5,8 +5,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -92,7 +92,7 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "AUTHR-DG4gn", "unable to unmarshal auth request added") + return nil, zerrors.ThrowInternal(err, "AUTHR-DG4gn", "unable to unmarshal auth request added") } return added, nil @@ -141,7 +141,7 @@ func SessionLinkedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked") + return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked") } return added, nil @@ -182,7 +182,7 @@ func FailedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked") + return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked") } return added, nil @@ -218,7 +218,7 @@ func CodeAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request code added") + return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request code added") } return added, nil diff --git a/internal/repository/deviceauth/constraints.go b/internal/repository/deviceauth/constraints.go index d8362760ea..e88c83e388 100644 --- a/internal/repository/deviceauth/constraints.go +++ b/internal/repository/deviceauth/constraints.go @@ -1,8 +1,6 @@ package deviceauth import ( - "strings" - "github.com/zitadel/zitadel/internal/eventstore" ) @@ -13,15 +11,11 @@ const ( DuplicateDeviceCode = "Errors.DeviceCode.AlreadyExists" ) -func deviceCodeUniqueField(clientID, deviceCode string) string { - return strings.Join([]string{clientID, deviceCode}, ":") -} - -func NewAddUniqueConstraints(clientID, deviceCode, userCode string) []*eventstore.UniqueConstraint { +func NewAddUniqueConstraints(deviceCode, userCode string) []*eventstore.UniqueConstraint { return []*eventstore.UniqueConstraint{ eventstore.NewAddEventUniqueConstraint( UniqueDeviceCode, - deviceCodeUniqueField(clientID, deviceCode), + deviceCode, DuplicateDeviceCode, ), eventstore.NewAddEventUniqueConstraint( @@ -32,11 +26,11 @@ func NewAddUniqueConstraints(clientID, deviceCode, userCode string) []*eventstor } } -func NewRemoveUniqueConstraints(clientID, deviceCode, userCode string) []*eventstore.UniqueConstraint { +func NewRemoveUniqueConstraints(deviceCode, userCode string) []*eventstore.UniqueConstraint { return []*eventstore.UniqueConstraint{ eventstore.NewRemoveUniqueConstraint( UniqueDeviceCode, - deviceCodeUniqueField(clientID, deviceCode), + deviceCode, ), eventstore.NewRemoveUniqueConstraint( UniqueUserCode, diff --git a/internal/repository/deviceauth/device_auth.go b/internal/repository/deviceauth/device_auth.go index 26b50f4ee9..54f8eb623e 100644 --- a/internal/repository/deviceauth/device_auth.go +++ b/internal/repository/deviceauth/device_auth.go @@ -13,7 +13,6 @@ const ( AddedEventType = eventTypePrefix + "added" ApprovedEventType = eventTypePrefix + "approved" CanceledEventType = eventTypePrefix + "canceled" - RemovedEventType = eventTypePrefix + "removed" ) type AddedEvent struct { @@ -36,7 +35,7 @@ func (e *AddedEvent) Payload() any { } func (e *AddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint { - return NewAddUniqueConstraints(e.ClientID, e.DeviceCode, e.UserCode) + return NewAddUniqueConstraints(e.DeviceCode, e.UserCode) } func NewAddedEvent( @@ -58,7 +57,9 @@ func NewAddedEvent( type ApprovedEvent struct { *eventstore.BaseEvent `json:"-"` - Subject string + Subject string + UserAuthMethods []domain.UserAuthMethodType + AuthTime time.Time } func (e *ApprovedEvent) SetBaseEvent(b *eventstore.BaseEvent) { @@ -77,12 +78,16 @@ func NewApprovedEvent( ctx context.Context, aggregate *eventstore.Aggregate, subject string, + userAuthMethods []domain.UserAuthMethodType, + authTime time.Time, ) *ApprovedEvent { return &ApprovedEvent{ eventstore.NewBaseEventForPush( ctx, aggregate, ApprovedEventType, ), subject, + userAuthMethods, + authTime, } } @@ -107,36 +112,3 @@ func (e *CanceledEvent) UniqueConstraints() []*eventstore.UniqueConstraint { func NewCanceledEvent(ctx context.Context, aggregate *eventstore.Aggregate, reason domain.DeviceAuthCanceled) *CanceledEvent { return &CanceledEvent{eventstore.NewBaseEventForPush(ctx, aggregate, CanceledEventType), reason} } - -type RemovedEvent struct { - *eventstore.BaseEvent `json:"-"` - - ClientID string - DeviceCode string - UserCode string -} - -func (e *RemovedEvent) SetBaseEvent(b *eventstore.BaseEvent) { - e.BaseEvent = b -} - -func (e *RemovedEvent) Payload() any { - return e -} - -func (e *RemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint { - return NewRemoveUniqueConstraints(e.ClientID, e.DeviceCode, e.UserCode) -} - -func NewRemovedEvent( - ctx context.Context, - aggregate *eventstore.Aggregate, - clientID, deviceCode, userCode string, -) *RemovedEvent { - return &RemovedEvent{ - eventstore.NewBaseEventForPush( - ctx, aggregate, RemovedEventType, - ), - clientID, deviceCode, userCode, - } -} diff --git a/internal/repository/deviceauth/eventstore.go b/internal/repository/deviceauth/eventstore.go new file mode 100644 index 0000000000..6ebdf71b6e --- /dev/null +++ b/internal/repository/deviceauth/eventstore.go @@ -0,0 +1,9 @@ +package deviceauth + +import "github.com/zitadel/zitadel/internal/eventstore" + +func RegisterEventMappers(es *eventstore.Eventstore) { + es.RegisterFilterEventMapper(AggregateType, AddedEventType, eventstore.GenericEventMapper[AddedEvent]). + RegisterFilterEventMapper(AggregateType, ApprovedEventType, eventstore.GenericEventMapper[ApprovedEvent]). + RegisterFilterEventMapper(AggregateType, CanceledEventType, eventstore.GenericEventMapper[CanceledEvent]) +} diff --git a/internal/repository/flow/flow.go b/internal/repository/flow/flow.go index d0c6a20f0c..cd60bd80fd 100644 --- a/internal/repository/flow/flow.go +++ b/internal/repository/flow/flow.go @@ -2,8 +2,8 @@ package flow import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -51,7 +51,7 @@ func TriggerActionsSetEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "FLOW-4n8vs", "unable to unmarshal trigger actions") + return nil, zerrors.ThrowInternal(err, "FLOW-4n8vs", "unable to unmarshal trigger actions") } return e, nil @@ -92,7 +92,7 @@ func TriggerActionsCascadeRemovedEventMapper(event eventstore.Event) (eventstore err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "FLOW-4n8vs", "unable to unmarshal trigger actions") + return nil, zerrors.ThrowInternal(err, "FLOW-4n8vs", "unable to unmarshal trigger actions") } return e, nil @@ -129,7 +129,7 @@ func FlowClearedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "FLOW-BHfg2", "unable to unmarshal flow cleared") + return nil, zerrors.ThrowInternal(err, "FLOW-BHfg2", "unable to unmarshal flow cleared") } return e, nil diff --git a/internal/repository/idp/apple.go b/internal/repository/idp/apple.go index f140357c05..9c8004b936 100644 --- a/internal/repository/idp/apple.go +++ b/internal/repository/idp/apple.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type AppleIDPAddedEvent struct { @@ -58,7 +58,7 @@ func AppleIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Beqss", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Beqss", "unable to unmarshal event") } return e, nil @@ -83,7 +83,7 @@ func NewAppleIDPChangedEvent( changes []AppleIDPChanges, ) (*AppleIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-SF3h2", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-SF3h2", "Errors.NoChangesFound") } changedEvent := &AppleIDPChangedEvent{ BaseEvent: *base, @@ -154,7 +154,7 @@ func AppleIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-NBe1s", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-NBe1s", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/azuread.go b/internal/repository/idp/azuread.go index ae7a434a8f..a804070f1a 100644 --- a/internal/repository/idp/azuread.go +++ b/internal/repository/idp/azuread.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type AzureADIDPAddedEvent struct { @@ -58,7 +58,7 @@ func AzureADIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Grh2g", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Grh2g", "unable to unmarshal event") } return e, nil @@ -83,7 +83,7 @@ func NewAzureADIDPChangedEvent( changes []AzureADIDPChanges, ) (*AzureADIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") } changedEvent := &AzureADIDPChangedEvent{ BaseEvent: *base, @@ -154,7 +154,7 @@ func AzureADIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/github.go b/internal/repository/idp/github.go index 0b0a902a1d..a146bbc557 100644 --- a/internal/repository/idp/github.go +++ b/internal/repository/idp/github.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type GitHubIDPAddedEvent struct { @@ -52,7 +52,7 @@ func GitHubIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-sdfs3", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-sdfs3", "unable to unmarshal event") } return e, nil @@ -75,7 +75,7 @@ func NewGitHubIDPChangedEvent( changes []GitHubIDPChanges, ) (*GitHubIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") } changedEvent := &GitHubIDPChangedEvent{ BaseEvent: *base, @@ -133,7 +133,7 @@ func GitHubIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Sfrth", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Sfrth", "unable to unmarshal event") } return e, nil @@ -194,7 +194,7 @@ func GitHubEnterpriseIDPAddedEventMapper(event eventstore.Event) (eventstore.Eve err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-sdfs3", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-sdfs3", "unable to unmarshal event") } return e, nil @@ -220,7 +220,7 @@ func NewGitHubEnterpriseIDPChangedEvent( changes []GitHubEnterpriseIDPChanges, ) (*GitHubEnterpriseIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-JHKs9", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-JHKs9", "Errors.NoChangesFound") } changedEvent := &GitHubEnterpriseIDPChangedEvent{ BaseEvent: *base, @@ -296,7 +296,7 @@ func GitHubEnterpriseIDPChangedEventMapper(event eventstore.Event) (eventstore.E err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-ASf3r", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-ASf3r", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/gitlab.go b/internal/repository/idp/gitlab.go index 85cfabc746..e06024aa4b 100644 --- a/internal/repository/idp/gitlab.go +++ b/internal/repository/idp/gitlab.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type GitLabIDPAddedEvent struct { @@ -52,7 +52,7 @@ func GitLabIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-KLewio", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-KLewio", "unable to unmarshal event") } return e, nil @@ -75,7 +75,7 @@ func NewGitLabIDPChangedEvent( changes []GitLabIDPChanges, ) (*GitLabIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-K2gje", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-K2gje", "Errors.NoChangesFound") } changedEvent := &GitLabIDPChangedEvent{ BaseEvent: *base, @@ -134,7 +134,7 @@ func GitLabIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Sfhjk", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Sfhjk", "unable to unmarshal event") } return e, nil @@ -189,7 +189,7 @@ func GitLabSelfHostedIDPAddedEventMapper(event eventstore.Event) (eventstore.Eve err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-S1efv", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-S1efv", "unable to unmarshal event") } return e, nil @@ -213,7 +213,7 @@ func NewGitLabSelfHostedIDPChangedEvent( changes []GitLabSelfHostedIDPChanges, ) (*GitLabSelfHostedIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-Dghj6", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-Dghj6", "Errors.NoChangesFound") } changedEvent := &GitLabSelfHostedIDPChangedEvent{ BaseEvent: *base, @@ -278,7 +278,7 @@ func GitLabSelfHostedIDPChangedEventMapper(event eventstore.Event) (eventstore.E err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-SFrhj", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-SFrhj", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/google.go b/internal/repository/idp/google.go index 3510b27ac7..1a2c64c9a8 100644 --- a/internal/repository/idp/google.go +++ b/internal/repository/idp/google.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type GoogleIDPAddedEvent struct { @@ -52,7 +52,7 @@ func GoogleIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-SAff1", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-SAff1", "unable to unmarshal event") } return e, nil @@ -75,7 +75,7 @@ func NewGoogleIDPChangedEvent( changes []GoogleIDPChanges, ) (*GoogleIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-Dg3qs", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-Dg3qs", "Errors.NoChangesFound") } changedEvent := &GoogleIDPChangedEvent{ BaseEvent: *base, @@ -133,7 +133,7 @@ func GoogleIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-SF3t2", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-SF3t2", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/idp.go b/internal/repository/idp/idp.go index 96b2204854..341caebb85 100644 --- a/internal/repository/idp/idp.go +++ b/internal/repository/idp/idp.go @@ -1,8 +1,8 @@ package idp import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type Options struct { @@ -86,7 +86,7 @@ func RemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-plSD2", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-plSD2", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/jwt.go b/internal/repository/idp/jwt.go index 786d4a62f7..7fe82e7c0a 100644 --- a/internal/repository/idp/jwt.go +++ b/internal/repository/idp/jwt.go @@ -1,8 +1,8 @@ package idp import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type JWTIDPAddedEvent struct { @@ -54,7 +54,7 @@ func JWTIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") } return e, nil @@ -78,7 +78,7 @@ func NewJWTIDPChangedEvent( changes []JWTIDPChanges, ) (*JWTIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") } changedEvent := &JWTIDPChangedEvent{ BaseEvent: *base, @@ -143,7 +143,7 @@ func JWTIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/ldap.go b/internal/repository/idp/ldap.go index bc1b41fb75..5f5bb9ced5 100644 --- a/internal/repository/idp/ldap.go +++ b/internal/repository/idp/ldap.go @@ -4,8 +4,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type LDAPIDPAddedEvent struct { @@ -178,7 +178,7 @@ func LDAPIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Dgh42", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Dgh42", "unable to unmarshal event") } return e, nil @@ -241,7 +241,7 @@ func NewLDAPIDPChangedEvent( changes []LDAPIDPChanges, ) (*LDAPIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-SDf3f", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-SDf3f", "Errors.NoChangesFound") } changedEvent := &LDAPIDPChangedEvent{ BaseEvent: *base, @@ -342,7 +342,7 @@ func LDAPIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Sfth3", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Sfth3", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/oauth.go b/internal/repository/idp/oauth.go index ce0178f8db..9b9b776082 100644 --- a/internal/repository/idp/oauth.go +++ b/internal/repository/idp/oauth.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type OAuthIDPAddedEvent struct { @@ -64,7 +64,7 @@ func OAuthIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") } return e, nil @@ -91,7 +91,7 @@ func NewOAuthIDPChangedEvent( changes []OAuthIDPChanges, ) (*OAuthIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") } changedEvent := &OAuthIDPChangedEvent{ BaseEvent: *base, @@ -173,7 +173,7 @@ func OAuthIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-SAf3gw", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-SAf3gw", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/oidc.go b/internal/repository/idp/oidc.go index 45478dc83d..0970129ceb 100644 --- a/internal/repository/idp/oidc.go +++ b/internal/repository/idp/oidc.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type OIDCIDPAddedEvent struct { @@ -58,7 +58,7 @@ func OIDCIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event") } return e, nil @@ -83,7 +83,7 @@ func NewOIDCIDPChangedEvent( changes []OIDCIDPChanges, ) (*OIDCIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound") } changedEvent := &OIDCIDPChangedEvent{ BaseEvent: *base, @@ -154,7 +154,7 @@ func OIDCIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idp/saml.go b/internal/repository/idp/saml.go index c4205600f4..37534da203 100644 --- a/internal/repository/idp/saml.go +++ b/internal/repository/idp/saml.go @@ -2,8 +2,8 @@ package idp import ( "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type SAMLIDPAddedEvent struct { @@ -58,7 +58,7 @@ func SAMLIDPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-v9uajo3k71", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-v9uajo3k71", "unable to unmarshal event") } return e, nil @@ -83,7 +83,7 @@ func NewSAMLIDPChangedEvent( changes []SAMLIDPChanges, ) (*SAMLIDPChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDP-cz6mnf860t", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-cz6mnf860t", "Errors.NoChangesFound") } changedEvent := &SAMLIDPChangedEvent{ BaseEvent: *base, @@ -154,7 +154,7 @@ func SAMLIDPChangedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-w1t1824tw5", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-w1t1824tw5", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idpconfig/idp_config.go b/internal/repository/idpconfig/idp_config.go index ca9754ebe7..f6cdc748cd 100644 --- a/internal/repository/idpconfig/idp_config.go +++ b/internal/repository/idpconfig/idp_config.go @@ -2,8 +2,8 @@ package idpconfig import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -66,7 +66,7 @@ func IDPConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil @@ -103,7 +103,7 @@ func NewIDPConfigChangedEvent( changes []IDPConfigChanges, ) (*IDPConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDPCONFIG-Dsg21", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDPCONFIG-Dsg21", "Errors.NoChangesFound") } changeEvent := &IDPConfigChangedEvent{ BaseEvent: *base, @@ -143,7 +143,7 @@ func IDPConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil @@ -181,7 +181,7 @@ func IDPConfigDeactivatedEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil @@ -219,7 +219,7 @@ func IDPConfigReactivatedEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil @@ -260,7 +260,7 @@ func IDPConfigRemovedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idpconfig/jwt_config.go b/internal/repository/idpconfig/jwt_config.go index b2c460fdbc..6d6a31e1cc 100644 --- a/internal/repository/idpconfig/jwt_config.go +++ b/internal/repository/idpconfig/jwt_config.go @@ -2,8 +2,7 @@ package idpconfig import ( "github.com/zitadel/zitadel/internal/eventstore" - - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -54,7 +53,7 @@ func JWTConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "JWT-m0fwf", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "JWT-m0fwf", "unable to unmarshal event") } return e, nil @@ -85,7 +84,7 @@ func NewJWTConfigChangedEvent( changes []JWTConfigChanges, ) (*JWTConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDPCONFIG-fn93s", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDPCONFIG-fn93s", "Errors.NoChangesFound") } changeEvent := &JWTConfigChangedEvent{ BaseEvent: *base, @@ -130,7 +129,7 @@ func JWTConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "JWT-fk3fs", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "JWT-fk3fs", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idpconfig/oidc_config.go b/internal/repository/idpconfig/oidc_config.go index 36e0136f06..2a3c80ed5a 100644 --- a/internal/repository/idpconfig/oidc_config.go +++ b/internal/repository/idpconfig/oidc_config.go @@ -3,8 +3,8 @@ package idpconfig import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -69,7 +69,7 @@ func OIDCConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil @@ -105,7 +105,7 @@ func NewOIDCConfigChangedEvent( changes []OIDCConfigChanges, ) (*OIDCConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IDPCONFIG-ADzr5", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IDPCONFIG-ADzr5", "Errors.NoChangesFound") } changeEvent := &OIDCConfigChangedEvent{ BaseEvent: *base, @@ -174,7 +174,7 @@ func OIDCConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "OIDC-plaBZ", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/idpintent/intent.go b/internal/repository/idpintent/intent.go index 7a596becb0..9ac1a875cc 100644 --- a/internal/repository/idpintent/intent.go +++ b/internal/repository/idpintent/intent.go @@ -5,8 +5,8 @@ import ( "net/url" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -60,7 +60,7 @@ func StartedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Sf3f1", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Sf3f1", "unable to unmarshal event") } return e, nil @@ -118,7 +118,7 @@ func SucceededEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-HBreq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-HBreq", "unable to unmarshal event") } return e, nil @@ -173,7 +173,7 @@ func SAMLSucceededEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-l4tw23y6lq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-l4tw23y6lq", "unable to unmarshal event") } return e, nil @@ -215,7 +215,7 @@ func SAMLRequestEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-l85678vwlf", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-l85678vwlf", "unable to unmarshal event") } return e, nil @@ -270,7 +270,7 @@ func LDAPSucceededEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-HBreq", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-HBreq", "unable to unmarshal event") } return e, nil @@ -312,7 +312,7 @@ func FailedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IDP-Sfer3", "unable to unmarshal event") + return nil, zerrors.ThrowInternal(err, "IDP-Sfer3", "unable to unmarshal event") } return e, nil diff --git a/internal/repository/instance/domain.go b/internal/repository/instance/domain.go index 0194bdbc2f..faeb45a71f 100644 --- a/internal/repository/instance/domain.go +++ b/internal/repository/instance/domain.go @@ -3,8 +3,8 @@ package instance import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -61,7 +61,7 @@ func DomainAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(domainAdded) if err != nil { - return nil, errors.ThrowInternal(err, "INSTANCE-3noij", "unable to unmarshal instance domain added") + return nil, zerrors.ThrowInternal(err, "INSTANCE-3noij", "unable to unmarshal instance domain added") } return domainAdded, nil @@ -98,7 +98,7 @@ func DomainPrimarySetEventMapper(event eventstore.Event) (eventstore.Event, erro } err := event.Unmarshal(domainAdded) if err != nil { - return nil, errors.ThrowInternal(err, "INSTANCE-29jöF", "unable to unmarshal instance domain added") + return nil, zerrors.ThrowInternal(err, "INSTANCE-29jöF", "unable to unmarshal instance domain added") } return domainAdded, nil @@ -135,7 +135,7 @@ func DomainRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(domainRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "INSTANCE-BngB2", "unable to unmarshal instance domain removed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-BngB2", "unable to unmarshal instance domain removed") } return domainRemoved, nil diff --git a/internal/repository/instance/event_default_language.go b/internal/repository/instance/event_default_language.go index 4912664348..237fbb5687 100644 --- a/internal/repository/instance/event_default_language.go +++ b/internal/repository/instance/event_default_language.go @@ -5,8 +5,8 @@ import ( "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -48,7 +48,7 @@ func DefaultLanguageSetMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-3j9fs", "unable to unmarshal default language set") + return nil, zerrors.ThrowInternal(err, "IAM-3j9fs", "unable to unmarshal default language set") } return e, nil diff --git a/internal/repository/instance/event_iam_project_set.go b/internal/repository/instance/event_iam_project_set.go index b2f15fdd3c..2506085a0d 100644 --- a/internal/repository/instance/event_iam_project_set.go +++ b/internal/repository/instance/event_iam_project_set.go @@ -3,8 +3,8 @@ package instance import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -47,7 +47,7 @@ func ProjectSetMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal global org set") + return nil, zerrors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal global org set") } return e, nil @@ -91,7 +91,7 @@ func ConsoleSetMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal console set") + return nil, zerrors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal console set") } return e, nil diff --git a/internal/repository/instance/event_org_set.go b/internal/repository/instance/event_org_set.go index 161e317131..a88bfd72e2 100644 --- a/internal/repository/instance/event_org_set.go +++ b/internal/repository/instance/event_org_set.go @@ -3,8 +3,8 @@ package instance import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -46,7 +46,7 @@ func DefaultOrgSetMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal default org set") + return nil, zerrors.ThrowInternal(err, "IAM-cdFZH", "unable to unmarshal default org set") } return e, nil diff --git a/internal/repository/instance/instance.go b/internal/repository/instance/instance.go index 8480fd17c5..bd0214075c 100644 --- a/internal/repository/instance/instance.go +++ b/internal/repository/instance/instance.go @@ -3,8 +3,8 @@ package instance import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -44,7 +44,7 @@ func InstanceAddedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(instanceAdded) if err != nil { - return nil, errors.ThrowInternal(err, "INSTANCE-s9l3F", "unable to unmarshal instance added") + return nil, zerrors.ThrowInternal(err, "INSTANCE-s9l3F", "unable to unmarshal instance added") } return instanceAdded, nil @@ -81,7 +81,7 @@ func InstanceChangedEventMapper(event eventstore.Event) (eventstore.Event, error } err := event.Unmarshal(instanceChanged) if err != nil { - return nil, errors.ThrowInternal(err, "INSTANCE-3hfo8", "unable to unmarshal instance changed") + return nil, zerrors.ThrowInternal(err, "INSTANCE-3hfo8", "unable to unmarshal instance changed") } return instanceChanged, nil diff --git a/internal/repository/instance/oidc_settings.go b/internal/repository/instance/oidc_settings.go index edef8d2c68..c3829499f8 100644 --- a/internal/repository/instance/oidc_settings.go +++ b/internal/repository/instance/oidc_settings.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -58,7 +58,7 @@ func OIDCSettingsAddedEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(oidcSettingsAdded) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added") + return nil, zerrors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added") } return oidcSettingsAdded, nil @@ -87,7 +87,7 @@ func NewOIDCSettingsChangeEvent( changes []OIDCSettingsChanges, ) (*OIDCSettingsChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IAM-dnlwe", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IAM-dnlwe", "Errors.NoChangesFound") } changeEvent := &OIDCSettingsChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -135,7 +135,7 @@ func OIDCSettingsChangedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-f98uf", "unable to unmarshal oidc settings changed") + return nil, zerrors.ThrowInternal(err, "IAM-f98uf", "unable to unmarshal oidc settings changed") } return e, nil diff --git a/internal/repository/instance/policy_security.go b/internal/repository/instance/policy_security.go index 4faeb8eccb..f5627c54ca 100644 --- a/internal/repository/instance/policy_security.go +++ b/internal/repository/instance/policy_security.go @@ -3,8 +3,8 @@ package instance import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -25,7 +25,7 @@ func NewSecurityPolicySetEvent( changes []SecurityPolicyChanges, ) (*SecurityPolicySetEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound") } event := &SecurityPolicySetEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -71,7 +71,7 @@ func SecurityPolicySetEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(securityPolicyAdded) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added") + return nil, zerrors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added") } return securityPolicyAdded, nil diff --git a/internal/repository/instance/secret_generator.go b/internal/repository/instance/secret_generator.go index 4af5387c07..08e03df2b1 100644 --- a/internal/repository/instance/secret_generator.go +++ b/internal/repository/instance/secret_generator.go @@ -5,8 +5,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -83,7 +83,7 @@ func SecretGeneratorAddedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(secretGeneratorAdded) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-en9f4", "unable to unmarshal secret generator added") + return nil, zerrors.ThrowInternal(err, "IAM-en9f4", "unable to unmarshal secret generator added") } return secretGeneratorAdded, nil @@ -116,7 +116,7 @@ func NewSecretGeneratorChangeEvent( changes []SecretGeneratorChanges, ) (*SecretGeneratorChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IAM-j2jfw", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IAM-j2jfw", "Errors.NoChangesFound") } changeEvent := &SecretGeneratorChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -177,7 +177,7 @@ func SecretGeneratorChangedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-2m09e", "unable to unmarshal secret generator changed") + return nil, zerrors.ThrowInternal(err, "IAM-2m09e", "unable to unmarshal secret generator changed") } return e, nil @@ -219,7 +219,7 @@ func SecretGeneratorRemovedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-m09ke", "unable to unmarshal secret generator removed") + return nil, zerrors.ThrowInternal(err, "IAM-m09ke", "unable to unmarshal secret generator removed") } return e, nil diff --git a/internal/repository/instance/sms.go b/internal/repository/instance/sms.go index dfa7e83c24..1b79f1d77e 100644 --- a/internal/repository/instance/sms.go +++ b/internal/repository/instance/sms.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -63,7 +63,7 @@ func SMSConfigTwilioAddedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(smsConfigAdded) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-smwiR", "unable to unmarshal sms config twilio added") + return nil, zerrors.ThrowInternal(err, "IAM-smwiR", "unable to unmarshal sms config twilio added") } return smsConfigAdded, nil @@ -84,7 +84,7 @@ func NewSMSConfigTwilioChangedEvent( changes []SMSConfigTwilioChanges, ) (*SMSConfigTwilioChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IAM-smn8e", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IAM-smn8e", "Errors.NoChangesFound") } changeEvent := &SMSConfigTwilioChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -128,7 +128,7 @@ func SMSConfigTwilioChangedEventMapper(event eventstore.Event) (eventstore.Event } err := event.Unmarshal(smsConfigChanged) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-smwiR", "unable to unmarshal sms config twilio added") + return nil, zerrors.ThrowInternal(err, "IAM-smwiR", "unable to unmarshal sms config twilio added") } return smsConfigChanged, nil @@ -172,7 +172,7 @@ func SMSConfigTwilioTokenChangedEventMapper(event eventstore.Event) (eventstore. } err := event.Unmarshal(smtpConfigTokenChagned) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-fi9Wf", "unable to unmarshal sms config token changed") + return nil, zerrors.ThrowInternal(err, "IAM-fi9Wf", "unable to unmarshal sms config token changed") } return smtpConfigTokenChagned, nil @@ -212,7 +212,7 @@ func SMSConfigActivatedEventMapper(event eventstore.Event) (eventstore.Event, er } err := event.Unmarshal(smsConfigActivated) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-dn92f", "unable to unmarshal sms config twilio activated changed") + return nil, zerrors.ThrowInternal(err, "IAM-dn92f", "unable to unmarshal sms config twilio activated changed") } return smsConfigActivated, nil @@ -252,7 +252,7 @@ func SMSConfigDeactivatedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(smsConfigDeactivated) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-dn92f", "unable to unmarshal sms config twilio deactivated changed") + return nil, zerrors.ThrowInternal(err, "IAM-dn92f", "unable to unmarshal sms config twilio deactivated changed") } return smsConfigDeactivated, nil @@ -292,7 +292,7 @@ func SMSConfigRemovedEventMapper(event eventstore.Event) (eventstore.Event, erro } err := event.Unmarshal(smsConfigRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-99iNF", "unable to unmarshal sms config removed") + return nil, zerrors.ThrowInternal(err, "IAM-99iNF", "unable to unmarshal sms config removed") } return smsConfigRemoved, nil diff --git a/internal/repository/instance/smtp_config.go b/internal/repository/instance/smtp_config.go index eccb18dfee..b0da86cd2d 100644 --- a/internal/repository/instance/smtp_config.go +++ b/internal/repository/instance/smtp_config.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -69,7 +69,7 @@ func SMTPConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error } err := event.Unmarshal(smtpConfigAdded) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-39fks", "unable to unmarshal smtp config added") + return nil, zerrors.ThrowInternal(err, "IAM-39fks", "unable to unmarshal smtp config added") } return smtpConfigAdded, nil @@ -100,7 +100,7 @@ func NewSMTPConfigChangeEvent( changes []SMTPConfigChanges, ) (*SMTPConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "IAM-o0pWf", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "IAM-o0pWf", "Errors.NoChangesFound") } changeEvent := &SMTPConfigChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -160,7 +160,7 @@ func SMTPConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-m09oo", "unable to unmarshal smtp changed") + return nil, zerrors.ThrowInternal(err, "IAM-m09oo", "unable to unmarshal smtp changed") } return e, nil @@ -201,7 +201,7 @@ func SMTPConfigPasswordChangedEventMapper(event eventstore.Event) (eventstore.Ev } err := event.Unmarshal(smtpConfigPasswordChagned) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-99iNF", "unable to unmarshal smtp config password changed") + return nil, zerrors.ThrowInternal(err, "IAM-99iNF", "unable to unmarshal smtp config password changed") } return smtpConfigPasswordChagned, nil @@ -238,7 +238,7 @@ func SMTPConfigRemovedEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(smtpConfigRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "IAM-DVw1s", "unable to unmarshal smtp config removed") + return nil, zerrors.ThrowInternal(err, "IAM-DVw1s", "unable to unmarshal smtp config removed") } return smtpConfigRemoved, nil diff --git a/internal/repository/keypair/certificate.go b/internal/repository/keypair/certificate.go index 9a49ccc7d0..2fd9a62d6a 100644 --- a/internal/repository/keypair/certificate.go +++ b/internal/repository/keypair/certificate.go @@ -5,8 +5,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -52,7 +52,7 @@ func AddedCertificateEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "KEY-4n9vs", "unable to unmarshal certificate added") + return nil, zerrors.ThrowInternal(err, "KEY-4n9vs", "unable to unmarshal certificate added") } return e, nil diff --git a/internal/repository/keypair/key_pair.go b/internal/repository/keypair/key_pair.go index 99b57555d5..8bf2e77080 100644 --- a/internal/repository/keypair/key_pair.go +++ b/internal/repository/keypair/key_pair.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -72,7 +72,7 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "KEY-4n8vs", "unable to unmarshal key pair added") + return nil, zerrors.ThrowInternal(err, "KEY-4n8vs", "unable to unmarshal key pair added") } return e, nil diff --git a/internal/repository/member/events.go b/internal/repository/member/events.go index 3ead301f0c..0c98b46a41 100644 --- a/internal/repository/member/events.go +++ b/internal/repository/member/events.go @@ -3,8 +3,8 @@ package member import ( "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -64,7 +64,7 @@ func MemberAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") } return e, nil @@ -104,7 +104,7 @@ func ChangedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") } return e, nil @@ -142,7 +142,7 @@ func RemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "MEMBER-Ep4ip", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "MEMBER-Ep4ip", "unable to unmarshal label policy") } return e, nil @@ -180,7 +180,7 @@ func CascadeRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "MEMBER-3j9sf", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "MEMBER-3j9sf", "unable to unmarshal label policy") } return e, nil diff --git a/internal/repository/metadata/metadata.go b/internal/repository/metadata/metadata.go index 7026badb1a..2e4a3c11c0 100644 --- a/internal/repository/metadata/metadata.go +++ b/internal/repository/metadata/metadata.go @@ -1,8 +1,8 @@ package metadata import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -45,7 +45,7 @@ func SetEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "META-3n9fs", "unable to unmarshal metadata set") + return nil, zerrors.ThrowInternal(err, "META-3n9fs", "unable to unmarshal metadata set") } return e, nil @@ -83,7 +83,7 @@ func RemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "META-2m99f", "unable to unmarshal metadata removed") + return nil, zerrors.ThrowInternal(err, "META-2m99f", "unable to unmarshal metadata removed") } return e, nil diff --git a/internal/repository/org/domain.go b/internal/repository/org/domain.go index 3489642121..5987e9c3c7 100644 --- a/internal/repository/org/domain.go +++ b/internal/repository/org/domain.go @@ -5,8 +5,8 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -64,7 +64,7 @@ func DomainAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(orgDomainAdded) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-GBr52", "unable to unmarshal org domain added") + return nil, zerrors.ThrowInternal(err, "ORG-GBr52", "unable to unmarshal org domain added") } return orgDomainAdded, nil @@ -110,7 +110,7 @@ func DomainVerificationAddedEventMapper(event eventstore.Event) (eventstore.Even } err := event.Unmarshal(orgDomainVerificationAdded) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-NRN32", "unable to unmarshal org domain verification added") + return nil, zerrors.ThrowInternal(err, "ORG-NRN32", "unable to unmarshal org domain verification added") } return orgDomainVerificationAdded, nil @@ -147,7 +147,7 @@ func DomainVerificationFailedEventMapper(event eventstore.Event) (eventstore.Eve } err := event.Unmarshal(orgDomainVerificationFailed) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-Bhm37", "unable to unmarshal org domain verification failed") + return nil, zerrors.ThrowInternal(err, "ORG-Bhm37", "unable to unmarshal org domain verification failed") } return orgDomainVerificationFailed, nil @@ -184,7 +184,7 @@ func DomainVerifiedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(orgDomainVerified) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-BFSwt", "unable to unmarshal org domain verified") + return nil, zerrors.ThrowInternal(err, "ORG-BFSwt", "unable to unmarshal org domain verified") } return orgDomainVerified, nil @@ -221,7 +221,7 @@ func DomainPrimarySetEventMapper(event eventstore.Event) (eventstore.Event, erro } err := event.Unmarshal(orgDomainPrimarySet) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-N5787", "unable to unmarshal org domain primary set") + return nil, zerrors.ThrowInternal(err, "ORG-N5787", "unable to unmarshal org domain primary set") } return orgDomainPrimarySet, nil @@ -263,7 +263,7 @@ func DomainRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(orgDomainRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-BngB2", "unable to unmarshal org domain removed") + return nil, zerrors.ThrowInternal(err, "ORG-BngB2", "unable to unmarshal org domain removed") } return orgDomainRemoved, nil diff --git a/internal/repository/org/eventstore.go b/internal/repository/org/eventstore.go index 79d409e1c7..ca24c58f96 100644 --- a/internal/repository/org/eventstore.go +++ b/internal/repository/org/eventstore.go @@ -2,7 +2,6 @@ package org import ( "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/repository/deviceauth" ) func RegisterEventMappers(es *eventstore.Eventstore) { @@ -114,9 +113,5 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, MetadataRemovedAllType, MetadataRemovedAllEventMapper). RegisterFilterEventMapper(AggregateType, NotificationPolicyAddedEventType, NotificationPolicyAddedEventMapper). RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper). - RegisterFilterEventMapper(AggregateType, NotificationPolicyRemovedEventType, NotificationPolicyRemovedEventMapper). - RegisterFilterEventMapper(AggregateType, deviceauth.AddedEventType, eventstore.GenericEventMapper[deviceauth.AddedEvent]). - RegisterFilterEventMapper(AggregateType, deviceauth.ApprovedEventType, eventstore.GenericEventMapper[deviceauth.ApprovedEvent]). - RegisterFilterEventMapper(AggregateType, deviceauth.CanceledEventType, eventstore.GenericEventMapper[deviceauth.CanceledEvent]). - RegisterFilterEventMapper(AggregateType, deviceauth.RemovedEventType, eventstore.GenericEventMapper[deviceauth.RemovedEvent]) + RegisterFilterEventMapper(AggregateType, NotificationPolicyRemovedEventType, NotificationPolicyRemovedEventMapper) } diff --git a/internal/repository/org/org.go b/internal/repository/org/org.go index 66bbc59a44..af19fb18f4 100644 --- a/internal/repository/org/org.go +++ b/internal/repository/org/org.go @@ -4,10 +4,10 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/project" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -63,7 +63,7 @@ func OrgAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(orgAdded) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added") + return nil, zerrors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added") } return orgAdded, nil @@ -105,7 +105,7 @@ func OrgChangedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(orgChanged) if err != nil { - return nil, errors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added") + return nil, zerrors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added") } return orgChanged, nil diff --git a/internal/repository/policy/custom_text.go b/internal/repository/policy/custom_text.go index 4f3272bbee..9046977f55 100644 --- a/internal/repository/policy/custom_text.go +++ b/internal/repository/policy/custom_text.go @@ -3,8 +3,8 @@ package policy import ( "golang.org/x/text/language" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -54,7 +54,7 @@ func CustomTextSetEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "TEXT-28dwe", "unable to unmarshal custom text") + return nil, zerrors.ThrowInternal(err, "TEXT-28dwe", "unable to unmarshal custom text") } return e, nil @@ -92,7 +92,7 @@ func CustomTextRemovedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "TEXT-28sMf", "unable to unmarshal custom text removed") + return nil, zerrors.ThrowInternal(err, "TEXT-28sMf", "unable to unmarshal custom text removed") } return e, nil @@ -128,7 +128,7 @@ func CustomTextTemplateRemovedEventMapper(event eventstore.Event) (eventstore.Ev err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "TEXT-mKKRs", "unable to unmarshal custom text message removed") + return nil, zerrors.ThrowInternal(err, "TEXT-mKKRs", "unable to unmarshal custom text message removed") } return e, nil diff --git a/internal/repository/policy/label.go b/internal/repository/policy/label.go index d3025b5ba0..b004b2377d 100644 --- a/internal/repository/policy/label.go +++ b/internal/repository/policy/label.go @@ -2,9 +2,9 @@ package policy import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/asset" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -95,7 +95,7 @@ func LabelPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy") } return e, nil @@ -131,7 +131,7 @@ func NewLabelPolicyChangedEvent( changes []LabelPolicyChanges, ) (*LabelPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-Asfd3", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-Asfd3", "Errors.NoChangesFound") } changeEvent := &LabelPolicyChangedEvent{ BaseEvent: *base, @@ -223,7 +223,7 @@ func LabelPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy") } return e, nil diff --git a/internal/repository/policy/login.go b/internal/repository/policy/login.go index f5e3618552..06def120bd 100644 --- a/internal/repository/policy/login.go +++ b/internal/repository/policy/login.go @@ -4,8 +4,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -94,7 +94,7 @@ func LoginPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy") } return e, nil @@ -135,7 +135,7 @@ func NewLoginPolicyChangedEvent( changes []LoginPolicyChanges, ) (*LoginPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-ADg34", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-ADg34", "Errors.NoChangesFound") } changeEvent := &LoginPolicyChangedEvent{ BaseEvent: *base, @@ -257,7 +257,7 @@ func LoginPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/mail_template.go b/internal/repository/policy/mail_template.go index 3b02c0f4fc..19af380b81 100644 --- a/internal/repository/policy/mail_template.go +++ b/internal/repository/policy/mail_template.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -44,7 +44,7 @@ func MailTemplateAddedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail template") + return nil, zerrors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail template") } return e, nil @@ -69,7 +69,7 @@ func NewMailTemplateChangedEvent( changes []MailTemplateChanges, ) (*MailTemplateChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound") } changeEvent := &MailTemplateChangedEvent{ BaseEvent: *base, @@ -95,7 +95,7 @@ func MailTemplateChangedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-3uu8K", "unable to unmarshal mail template policy") + return nil, zerrors.ThrowInternal(err, "POLIC-3uu8K", "unable to unmarshal mail template policy") } return e, nil diff --git a/internal/repository/policy/mail_text.go b/internal/repository/policy/mail_text.go index 04e3363ab9..98ab936365 100644 --- a/internal/repository/policy/mail_text.go +++ b/internal/repository/policy/mail_text.go @@ -3,8 +3,8 @@ package policy import ( "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -80,7 +80,7 @@ func MailTextAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail text policy") + return nil, zerrors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail text policy") } return e, nil @@ -114,7 +114,7 @@ func NewMailTextChangedEvent( changes []MailTextChanges, ) (*MailTextChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound") } changeEvent := &MailTextChangedEvent{ BaseEvent: *base, @@ -172,7 +172,7 @@ func MailTextChangedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-bn88u", "unable to unmarshal mail text policy") + return nil, zerrors.ThrowInternal(err, "POLIC-bn88u", "unable to unmarshal mail text policy") } return e, nil diff --git a/internal/repository/policy/policy_domain.go b/internal/repository/policy/policy_domain.go index 607fa5e4a5..bd1d9c1b7e 100644 --- a/internal/repository/policy/policy_domain.go +++ b/internal/repository/policy/policy_domain.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -49,7 +49,7 @@ func DomainPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy") } return e, nil @@ -76,7 +76,7 @@ func NewDomainPolicyChangedEvent( changes []DomainPolicyChanges, ) (*DomainPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-DAf3h", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-DAf3h", "Errors.NoChangesFound") } changeEvent := &DomainPolicyChangedEvent{ BaseEvent: *base, @@ -114,7 +114,7 @@ func DomainPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-0Pl9d", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-0Pl9d", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_login_factors.go b/internal/repository/policy/policy_login_factors.go index a2749eb5fd..0e9625f228 100644 --- a/internal/repository/policy/policy_login_factors.go +++ b/internal/repository/policy/policy_login_factors.go @@ -2,8 +2,8 @@ package policy import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -39,7 +39,7 @@ func SecondFactorAddedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-Lp0dE", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-Lp0dE", "unable to unmarshal policy") } return e, nil @@ -75,7 +75,7 @@ func SecondFactorRemovedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-5M9gd", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-5M9gd", "unable to unmarshal policy") } return e, nil @@ -112,7 +112,7 @@ func MultiFactorAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-5Ms90", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-5Ms90", "unable to unmarshal policy") } return e, nil @@ -148,7 +148,7 @@ func MultiFactorRemovedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-1N8sd", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-1N8sd", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_login_identity_provider.go b/internal/repository/policy/policy_login_identity_provider.go index 2b5ff578cf..37166f6bde 100644 --- a/internal/repository/policy/policy_login_identity_provider.go +++ b/internal/repository/policy/policy_login_identity_provider.go @@ -2,8 +2,8 @@ package policy import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -48,7 +48,7 @@ func IdentityProviderAddedEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROVI-bfNnp", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "PROVI-bfNnp", "Errors.Internal") } return e, nil @@ -85,7 +85,7 @@ func IdentityProviderRemovedEventMapper(event eventstore.Event) (eventstore.Even err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROVI-6H0KQ", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "PROVI-6H0KQ", "Errors.Internal") } return e, nil @@ -122,7 +122,7 @@ func IdentityProviderCascadeRemovedEventMapper(event eventstore.Event) (eventsto err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROVI-7M9fs", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "PROVI-7M9fs", "Errors.Internal") } return e, nil diff --git a/internal/repository/policy/policy_notification.go b/internal/repository/policy/policy_notification.go index 3ce617e789..c6f234ef2c 100644 --- a/internal/repository/policy/policy_notification.go +++ b/internal/repository/policy/policy_notification.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -42,7 +42,7 @@ func NotificationPolicyAddedEventMapper(event eventstore.Event) (eventstore.Even err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-0sp2nios", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-0sp2nios", "unable to unmarshal policy") } return e, nil @@ -67,7 +67,7 @@ func NewNotificationPolicyChangedEvent( changes []NotificationPolicyChanges, ) (*NotificationPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-09sp2m", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-09sp2m", "Errors.NoChangesFound") } changeEvent := &NotificationPolicyChangedEvent{ BaseEvent: *base, @@ -93,7 +93,7 @@ func NotificationPolicyChangedEventMapper(event eventstore.Event) (eventstore.Ev err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-09s2oss", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-09s2oss", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_password_age.go b/internal/repository/policy/policy_password_age.go index ee2ea88a3d..b8c5fadb7e 100644 --- a/internal/repository/policy/policy_password_age.go +++ b/internal/repository/policy/policy_password_age.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -46,7 +46,7 @@ func PasswordAgePolicyAddedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy") } return e, nil @@ -72,7 +72,7 @@ func NewPasswordAgePolicyChangedEvent( changes []PasswordAgePolicyChanges, ) (*PasswordAgePolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-DAgt5", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-DAgt5", "Errors.NoChangesFound") } changeEvent := &PasswordAgePolicyChangedEvent{ BaseEvent: *base, @@ -104,7 +104,7 @@ func PasswordAgePolicyChangedEventMapper(event eventstore.Event) (eventstore.Eve err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_password_complexity.go b/internal/repository/policy/policy_password_complexity.go index 00a35da803..da38774c68 100644 --- a/internal/repository/policy/policy_password_complexity.go +++ b/internal/repository/policy/policy_password_complexity.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -54,7 +54,7 @@ func PasswordComplexityPolicyAddedEventMapper(event eventstore.Event) (eventstor err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy") } return e, nil @@ -83,7 +83,7 @@ func NewPasswordComplexityPolicyChangedEvent( changes []PasswordComplexityPolicyChanges, ) (*PasswordComplexityPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-Rdhu3", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-Rdhu3", "Errors.NoChangesFound") } changeEvent := &PasswordComplexityPolicyChangedEvent{ BaseEvent: *base, @@ -133,7 +133,7 @@ func PasswordComplexityPolicyChangedEventMapper(event eventstore.Event) (eventst err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_password_lockout.go b/internal/repository/policy/policy_password_lockout.go index 5e1c1b3984..8ca0737674 100644 --- a/internal/repository/policy/policy_password_lockout.go +++ b/internal/repository/policy/policy_password_lockout.go @@ -1,8 +1,8 @@ package policy import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -46,7 +46,7 @@ func LockoutPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy") } return e, nil @@ -72,7 +72,7 @@ func NewLockoutPolicyChangedEvent( changes []LockoutPolicyChanges, ) (*LockoutPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-sdgh6", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-sdgh6", "Errors.NoChangesFound") } changeEvent := &LockoutPolicyChangedEvent{ BaseEvent: *base, @@ -104,7 +104,7 @@ func LockoutPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/policy/policy_privacy.go b/internal/repository/policy/policy_privacy.go index 75782c3cd1..0b674fff64 100644 --- a/internal/repository/policy/policy_privacy.go +++ b/internal/repository/policy/policy_privacy.go @@ -2,8 +2,8 @@ package policy import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -51,7 +51,7 @@ func PrivacyPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, er } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-2k0fs", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-2k0fs", "unable to unmarshal policy") } return e, nil @@ -79,7 +79,7 @@ func NewPrivacyPolicyChangedEvent( changes []PrivacyPolicyChanges, ) (*PrivacyPolicyChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "POLICY-PPo0s", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-PPo0s", "Errors.NoChangesFound") } changeEvent := &PrivacyPolicyChangedEvent{ BaseEvent: *base, @@ -123,7 +123,7 @@ func PrivacyPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-22nf9", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-22nf9", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/project/api_config.go b/internal/repository/project/api_config.go index 4f24589ac4..7da3103125 100644 --- a/internal/repository/project/api_config.go +++ b/internal/repository/project/api_config.go @@ -5,8 +5,8 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -81,7 +81,7 @@ func APIConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") } return e, nil @@ -110,7 +110,7 @@ func NewAPIConfigChangedEvent( changes []APIConfigChanges, ) (*APIConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "API-i8idç", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "API-i8idç", "Errors.NoChangesFound") } changeEvent := &APIConfigChangedEvent{ @@ -142,7 +142,7 @@ func APIConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") } return e, nil @@ -187,7 +187,7 @@ func APIConfigSecretChangedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-M893d", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-M893d", "unable to unmarshal api config") } return e, nil @@ -229,7 +229,7 @@ func APIConfigSecretCheckSucceededEventMapper(event eventstore.Event) (eventstor err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-837gV", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-837gV", "unable to unmarshal api config") } return e, nil @@ -271,7 +271,7 @@ func APIConfigSecretCheckFailedEventMapper(event eventstore.Event) (eventstore.E err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-987g%", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-987g%", "unable to unmarshal api config") } return e, nil diff --git a/internal/repository/project/application.go b/internal/repository/project/application.go index be2a944ef6..cb6dea1566 100644 --- a/internal/repository/project/application.go +++ b/internal/repository/project/application.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -70,7 +70,7 @@ func ApplicationAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "APPLICATION-Nffg2", "unable to unmarshal application") + return nil, zerrors.ThrowInternal(err, "APPLICATION-Nffg2", "unable to unmarshal application") } return e, nil @@ -121,7 +121,7 @@ func ApplicationChangedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "APPLICATION-9l0cs", "unable to unmarshal application") + return nil, zerrors.ThrowInternal(err, "APPLICATION-9l0cs", "unable to unmarshal application") } return e, nil @@ -163,7 +163,7 @@ func ApplicationDeactivatedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "APPLICATION-0p9fB", "unable to unmarshal application") + return nil, zerrors.ThrowInternal(err, "APPLICATION-0p9fB", "unable to unmarshal application") } return e, nil @@ -205,7 +205,7 @@ func ApplicationReactivatedEventMapper(event eventstore.Event) (eventstore.Event err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "APPLICATION-1m9e3", "unable to unmarshal application") + return nil, zerrors.ThrowInternal(err, "APPLICATION-1m9e3", "unable to unmarshal application") } return e, nil @@ -257,7 +257,7 @@ func ApplicationRemovedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "APPLICATION-1m9e3", "unable to unmarshal application") + return nil, zerrors.ThrowInternal(err, "APPLICATION-1m9e3", "unable to unmarshal application") } return e, nil diff --git a/internal/repository/project/grant.go b/internal/repository/project/grant.go index e9c60b4dab..486a62d924 100644 --- a/internal/repository/project/grant.go +++ b/internal/repository/project/grant.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -74,7 +74,7 @@ func GrantAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-mL0vs", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-mL0vs", "unable to unmarshal project grant") } return e, nil @@ -119,7 +119,7 @@ func GrantChangedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-mL0vs", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-mL0vs", "unable to unmarshal project grant") } return e, nil @@ -164,7 +164,7 @@ func GrantCascadeChangedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-9o0se", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-9o0se", "unable to unmarshal project grant") } return e, nil @@ -206,7 +206,7 @@ func GrantDeactivateEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-9o0se", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-9o0se", "unable to unmarshal project grant") } return e, nil @@ -248,7 +248,7 @@ func GrantReactivatedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-78f7D", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-78f7D", "unable to unmarshal project grant") } return e, nil @@ -293,7 +293,7 @@ func GrantRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-28jM8", "unable to unmarshal project grant") + return nil, zerrors.ThrowInternal(err, "PROJECT-28jM8", "unable to unmarshal project grant") } return e, nil diff --git a/internal/repository/project/grant_member.go b/internal/repository/project/grant_member.go index 5e5e700d94..0e7947c869 100644 --- a/internal/repository/project/grant_member.go +++ b/internal/repository/project/grant_member.go @@ -4,9 +4,9 @@ import ( "context" "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/member" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -73,7 +73,7 @@ func GrantMemberAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-9f0sf", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "PROJECT-9f0sf", "unable to unmarshal label policy") } return e, nil @@ -121,7 +121,7 @@ func GrantMemberChangedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-39fi8", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "PROJECT-39fi8", "unable to unmarshal label policy") } return e, nil @@ -166,7 +166,7 @@ func GrantMemberRemovedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-173fM", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "PROJECT-173fM", "unable to unmarshal label policy") } return e, nil @@ -211,7 +211,7 @@ func GrantMemberCascadeRemovedEventMapper(event eventstore.Event) (eventstore.Ev err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-3kfs3", "unable to unmarshal label policy") + return nil, zerrors.ThrowInternal(err, "PROJECT-3kfs3", "unable to unmarshal label policy") } return e, nil diff --git a/internal/repository/project/key.go b/internal/repository/project/key.go index 4eb03c8ddc..a9f85d1c24 100644 --- a/internal/repository/project/key.go +++ b/internal/repository/project/key.go @@ -5,8 +5,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -66,7 +66,7 @@ func ApplicationKeyAddedEventMapper(event eventstore.Event) (eventstore.Event, e err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") + return nil, zerrors.ThrowInternal(err, "API-BFd15", "unable to unmarshal api config") } return e, nil @@ -107,7 +107,7 @@ func ApplicationKeyRemovedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(applicationKeyRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "USER-cjLeA", "unable to unmarshal application key removed") + return nil, zerrors.ThrowInternal(err, "USER-cjLeA", "unable to unmarshal application key removed") } return applicationKeyRemoved, nil diff --git a/internal/repository/project/oidc_config.go b/internal/repository/project/oidc_config.go index 977af91ea6..5534bd571e 100644 --- a/internal/repository/project/oidc_config.go +++ b/internal/repository/project/oidc_config.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -190,7 +190,7 @@ func OIDCConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config") + return nil, zerrors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config") } return e, nil @@ -232,7 +232,7 @@ func NewOIDCConfigChangedEvent( changes []OIDCConfigChanges, ) (*OIDCConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "OIDC-i8idç", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-i8idç", "Errors.NoChangesFound") } changeEvent := &OIDCConfigChangedEvent{ @@ -348,7 +348,7 @@ func OIDCConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config") + return nil, zerrors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config") } return e, nil @@ -393,7 +393,7 @@ func OIDCConfigSecretChangedEventMapper(event eventstore.Event) (eventstore.Even err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-M893d", "unable to unmarshal oidc config") + return nil, zerrors.ThrowInternal(err, "OIDC-M893d", "unable to unmarshal oidc config") } return e, nil @@ -435,7 +435,7 @@ func OIDCConfigSecretCheckSucceededEventMapper(event eventstore.Event) (eventsto err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-837gV", "unable to unmarshal oidc config") + return nil, zerrors.ThrowInternal(err, "OIDC-837gV", "unable to unmarshal oidc config") } return e, nil @@ -477,7 +477,7 @@ func OIDCConfigSecretCheckFailedEventMapper(event eventstore.Event) (eventstore. err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "OIDC-987g%", "unable to unmarshal oidc config") + return nil, zerrors.ThrowInternal(err, "OIDC-987g%", "unable to unmarshal oidc config") } return e, nil diff --git a/internal/repository/project/project.go b/internal/repository/project/project.go index f378142436..9774877301 100644 --- a/internal/repository/project/project.go +++ b/internal/repository/project/project.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -79,7 +79,7 @@ func ProjectAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-Bfg2f", "unable to unmarshal project") + return nil, zerrors.ThrowInternal(err, "PROJECT-Bfg2f", "unable to unmarshal project") } return e, nil @@ -117,7 +117,7 @@ func NewProjectChangeEvent( changes []ProjectChanges, ) (*ProjectChangeEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-mV9xc", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-mV9xc", "Errors.NoChangesFound") } changeEvent := &ProjectChangeEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -172,7 +172,7 @@ func ProjectChangeEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-M9osd", "unable to unmarshal project") + return nil, zerrors.ThrowInternal(err, "PROJECT-M9osd", "unable to unmarshal project") } return e, nil diff --git a/internal/repository/project/role.go b/internal/repository/project/role.go index e5bf74d0ef..098b32189b 100644 --- a/internal/repository/project/role.go +++ b/internal/repository/project/role.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) var ( @@ -71,7 +71,7 @@ func RoleAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-2M0xy", "unable to unmarshal project role") + return nil, zerrors.ThrowInternal(err, "PROJECT-2M0xy", "unable to unmarshal project role") } return e, nil @@ -100,7 +100,7 @@ func NewRoleChangedEvent( changes []RoleChanges, ) (*RoleChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-eR9vx", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-eR9vx", "Errors.NoChangesFound") } changeEvent := &RoleChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -142,7 +142,7 @@ func RoleChangedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-3M0vx", "unable to unmarshal project role") + return nil, zerrors.ThrowInternal(err, "PROJECT-3M0vx", "unable to unmarshal project role") } return e, nil @@ -183,7 +183,7 @@ func RoleRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "PROJECT-1M0xs", "unable to unmarshal project role") + return nil, zerrors.ThrowInternal(err, "PROJECT-1M0xs", "unable to unmarshal project role") } return e, nil diff --git a/internal/repository/project/saml_config.go b/internal/repository/project/saml_config.go index 3406484433..97af24a0d9 100644 --- a/internal/repository/project/saml_config.go +++ b/internal/repository/project/saml_config.go @@ -3,8 +3,8 @@ package project import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -71,7 +71,7 @@ func SAMLConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "SAML-BDd15", "unable to unmarshal saml config") + return nil, zerrors.ThrowInternal(err, "SAML-BDd15", "unable to unmarshal saml config") } return e, nil @@ -109,7 +109,7 @@ func NewSAMLConfigChangedEvent( changes []SAMLConfigChanges, ) (*SAMLConfigChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "SAML-i8idç", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "SAML-i8idç", "Errors.NoChangesFound") } changeEvent := &SAMLConfigChangedEvent{ @@ -154,7 +154,7 @@ func SAMLConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, err err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "SAML-BFd15", "unable to unmarshal saml config") + return nil, zerrors.ThrowInternal(err, "SAML-BFd15", "unable to unmarshal saml config") } return e, nil diff --git a/internal/repository/quota/events.go b/internal/repository/quota/events.go index 616f61faed..af75383333 100644 --- a/internal/repository/quota/events.go +++ b/internal/repository/quota/events.go @@ -5,8 +5,8 @@ import ( "strconv" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type Unit uint @@ -113,7 +113,7 @@ func SetEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "QUOTA-kmIpI", "unable to unmarshal quota set") + return nil, zerrors.ThrowInternal(err, "QUOTA-kmIpI", "unable to unmarshal quota set") } return e, nil @@ -169,7 +169,7 @@ func NotificationDueEventMapper(event eventstore.Event) (eventstore.Event, error err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "QUOTA-k56rT", "unable to unmarshal notification due") + return nil, zerrors.ThrowInternal(err, "QUOTA-k56rT", "unable to unmarshal notification due") } return e, nil @@ -228,7 +228,7 @@ func NotifiedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "QUOTA-4n8vs", "unable to unmarshal quota notified") + return nil, zerrors.ThrowInternal(err, "QUOTA-4n8vs", "unable to unmarshal quota notified") } return e, nil @@ -269,7 +269,7 @@ func RemovedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "QUOTA-4bReE", "unable to unmarshal quota removed") + return nil, zerrors.ThrowInternal(err, "QUOTA-4bReE", "unable to unmarshal quota removed") } return e, nil diff --git a/internal/repository/restrictions/events.go b/internal/repository/restrictions/events.go index e15fd7c767..7b28af3c30 100644 --- a/internal/repository/restrictions/events.go +++ b/internal/repository/restrictions/events.go @@ -2,6 +2,7 @@ package restrictions import ( "github.com/muhlemmer/gu" + "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/eventstore" ) @@ -13,8 +14,9 @@ const ( // SetEvent describes that restrictions are added or modified and contains only changed properties type SetEvent struct { - *eventstore.BaseEvent `json:"-"` - DisallowPublicOrgRegistrations *bool `json:"disallowPublicOrgRegistrations,omitempty"` + *eventstore.BaseEvent `json:"-"` + DisallowPublicOrgRegistration *bool `json:"disallowPublicOrgRegistration,omitempty"` + AllowedLanguages *[]language.Tag `json:"allowedLanguages,omitempty"` } func (e *SetEvent) Payload() any { @@ -44,9 +46,15 @@ func NewSetEvent( type RestrictionsChange func(*SetEvent) -func ChangePublicOrgRegistrations(disallow bool) RestrictionsChange { +func ChangeDisallowPublicOrgRegistration(disallow bool) RestrictionsChange { return func(e *SetEvent) { - e.DisallowPublicOrgRegistrations = gu.Ptr(disallow) + e.DisallowPublicOrgRegistration = gu.Ptr(disallow) + } +} + +func ChangeAllowedLanguages(allowedLanguages []language.Tag) RestrictionsChange { + return func(e *SetEvent) { + e.AllowedLanguages = &allowedLanguages } } diff --git a/internal/repository/session/session.go b/internal/repository/session/session.go index 464c72971c..116d85a186 100644 --- a/internal/repository/session/session.go +++ b/internal/repository/session/session.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -66,7 +66,7 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) { err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-DG4gn", "unable to unmarshal session added") + return nil, zerrors.ThrowInternal(err, "SESSION-DG4gn", "unable to unmarshal session added") } return added, nil @@ -113,7 +113,7 @@ func UserCheckedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-DSGn5", "unable to unmarshal user checked") + return nil, zerrors.ThrowInternal(err, "SESSION-DSGn5", "unable to unmarshal user checked") } return added, nil @@ -154,7 +154,7 @@ func PasswordCheckedEventMapper(event eventstore.Event) (eventstore.Event, error } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-DGt21", "unable to unmarshal password checked") + return nil, zerrors.ThrowInternal(err, "SESSION-DGt21", "unable to unmarshal password checked") } return added, nil @@ -195,7 +195,7 @@ func IntentCheckedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-DGt90", "unable to unmarshal intent checked") + return nil, zerrors.ThrowInternal(err, "SESSION-DGt90", "unable to unmarshal intent checked") } return added, nil @@ -564,7 +564,7 @@ func TokenSetEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-Sf3va", "unable to unmarshal token set") + return nil, zerrors.ThrowInternal(err, "SESSION-Sf3va", "unable to unmarshal token set") } return added, nil @@ -605,7 +605,7 @@ func MetadataSetEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(added) if err != nil { - return nil, errors.ThrowInternal(err, "SESSION-BD21d", "unable to unmarshal metadata set") + return nil, zerrors.ThrowInternal(err, "SESSION-BD21d", "unable to unmarshal metadata set") } return added, nil diff --git a/internal/repository/settings/debug_notification.go b/internal/repository/settings/debug_notification.go index c1ae68f87f..97a3d8630a 100644 --- a/internal/repository/settings/debug_notification.go +++ b/internal/repository/settings/debug_notification.go @@ -1,8 +1,8 @@ package settings import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -45,7 +45,7 @@ func DebugNotificationProviderAddedEventMapper(event eventstore.Event) (eventsto err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "SET-f93ns", "unable to unmarshal debug notification added") + return nil, zerrors.ThrowInternal(err, "SET-f93ns", "unable to unmarshal debug notification added") } return e, nil @@ -70,7 +70,7 @@ func NewDebugNotificationProviderChangedEvent( changes []DebugNotificationProviderChanges, ) (*DebugNotificationProviderChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "SET-hj90s", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "SET-hj90s", "Errors.NoChangesFound") } changeEvent := &DebugNotificationProviderChangedEvent{ BaseEvent: *base, @@ -96,7 +96,7 @@ func DebugNotificationProviderChangedEventMapper(event eventstore.Event) (events err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy") + return nil, zerrors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy") } return e, nil diff --git a/internal/repository/user/eventstore.go b/internal/repository/user/eventstore.go index 414895d5a2..289d8af40a 100644 --- a/internal/repository/user/eventstore.go +++ b/internal/repository/user/eventstore.go @@ -68,6 +68,7 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, UserIDPLinkCascadeRemovedType, UserIDPLinkCascadeRemovedEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPLoginCheckSucceededType, UserIDPCheckSucceededEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPExternalIDMigratedType, eventstore.GenericEventMapper[UserIDPExternalIDMigratedEvent]). + RegisterFilterEventMapper(AggregateType, UserIDPExternalUsernameChangedType, eventstore.GenericEventMapper[UserIDPExternalUsernameEvent]). RegisterFilterEventMapper(AggregateType, HumanEmailChangedType, HumanEmailChangedEventMapper). RegisterFilterEventMapper(AggregateType, HumanEmailVerifiedType, HumanEmailVerifiedEventMapper). RegisterFilterEventMapper(AggregateType, HumanEmailVerificationFailedType, HumanEmailVerificationFailedEventMapper). diff --git a/internal/repository/user/human.go b/internal/repository/user/human.go index 7cbeaa9c71..c53b9e03d6 100644 --- a/internal/repository/user/human.go +++ b/internal/repository/user/human.go @@ -9,8 +9,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -128,7 +128,7 @@ func HumanAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(humanAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-vGlhy", "unable to unmarshal human added") + return nil, zerrors.ThrowInternal(err, "USER-vGlhy", "unable to unmarshal human added") } return humanAdded, nil @@ -233,7 +233,7 @@ func HumanRegisteredEventMapper(event eventstore.Event) (eventstore.Event, error } err := event.Unmarshal(humanRegistered) if err != nil { - return nil, errors.ThrowInternal(err, "USER-3Vm9s", "unable to unmarshal human registered") + return nil, zerrors.ThrowInternal(err, "USER-3Vm9s", "unable to unmarshal human registered") } return humanRegistered, nil @@ -282,7 +282,7 @@ func HumanInitialCodeAddedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(humanRegistered) if err != nil { - return nil, errors.ThrowInternal(err, "USER-bM9se", "unable to unmarshal human initial code added") + return nil, zerrors.ThrowInternal(err, "USER-bM9se", "unable to unmarshal human initial code added") } return humanRegistered, nil @@ -407,7 +407,7 @@ func HumanSignedOutEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(signedOut) if err != nil { - return nil, errors.ThrowInternal(err, "USER-WFS3g", "unable to unmarshal human signed out") + return nil, zerrors.ThrowInternal(err, "USER-WFS3g", "unable to unmarshal human signed out") } return signedOut, nil diff --git a/internal/repository/user/human_address.go b/internal/repository/user/human_address.go index 7681866f2a..586adcb8ae 100644 --- a/internal/repository/user/human_address.go +++ b/internal/repository/user/human_address.go @@ -3,8 +3,8 @@ package user import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -36,7 +36,7 @@ func NewAddressChangedEvent( changes []AddressChanges, ) (*HumanAddressChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "USER-3n8fs", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "USER-3n8fs", "Errors.NoChangesFound") } changeEvent := &HumanAddressChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -89,7 +89,7 @@ func HumanAddressChangedEventMapper(event eventstore.Event) (eventstore.Event, e } err := event.Unmarshal(addressChanged) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human address changed") + return nil, zerrors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human address changed") } return addressChanged, nil diff --git a/internal/repository/user/human_email.go b/internal/repository/user/human_email.go index 9706706c4a..b78017aed4 100644 --- a/internal/repository/user/human_email.go +++ b/internal/repository/user/human_email.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -52,7 +52,7 @@ func HumanEmailChangedEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(emailChangedEvent) if err != nil { - return nil, errors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed") + return nil, zerrors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed") } return emailChangedEvent, nil @@ -177,7 +177,7 @@ func HumanEmailCodeAddedEventMapper(event eventstore.Event) (eventstore.Event, e } err := event.Unmarshal(codeAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-3M0sd", "unable to unmarshal human email code added") + return nil, zerrors.ThrowInternal(err, "USER-3M0sd", "unable to unmarshal human email code added") } return codeAdded, nil diff --git a/internal/repository/user/human_external_idp.go b/internal/repository/user/human_external_idp.go index cf698f4471..b5665ea4da 100644 --- a/internal/repository/user/human_external_idp.go +++ b/internal/repository/user/human_external_idp.go @@ -3,8 +3,8 @@ package user import ( "context" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -12,10 +12,11 @@ const ( UserIDPLinkEventPrefix = humanEventPrefix + "externalidp." idpLoginEventPrefix = humanEventPrefix + "externallogin." - UserIDPLinkAddedType = UserIDPLinkEventPrefix + "added" - UserIDPLinkRemovedType = UserIDPLinkEventPrefix + "removed" - UserIDPLinkCascadeRemovedType = UserIDPLinkEventPrefix + "cascade.removed" - UserIDPExternalIDMigratedType = UserIDPLinkEventPrefix + "id.migrated" + UserIDPLinkAddedType = UserIDPLinkEventPrefix + "added" + UserIDPLinkRemovedType = UserIDPLinkEventPrefix + "removed" + UserIDPLinkCascadeRemovedType = UserIDPLinkEventPrefix + "cascade.removed" + UserIDPExternalIDMigratedType = UserIDPLinkEventPrefix + "id.migrated" + UserIDPExternalUsernameChangedType = UserIDPLinkEventPrefix + "username.changed" UserIDPLoginCheckSucceededType = idpLoginEventPrefix + "check.succeeded" ) @@ -75,7 +76,7 @@ func UserIDPLinkAddedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "USER-6M9sd", "unable to unmarshal user external idp added") + return nil, zerrors.ThrowInternal(err, "USER-6M9sd", "unable to unmarshal user external idp added") } return e, nil @@ -120,7 +121,7 @@ func UserIDPLinkRemovedEventMapper(event eventstore.Event) (eventstore.Event, er err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "USER-eAWoT", "unable to unmarshal user external idp removed") + return nil, zerrors.ThrowInternal(err, "USER-eAWoT", "unable to unmarshal user external idp removed") } return e, nil @@ -165,7 +166,7 @@ func UserIDPLinkCascadeRemovedEventMapper(event eventstore.Event) (eventstore.Ev err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "USER-dKGqO", "unable to unmarshal user external idp cascade removed") + return nil, zerrors.ThrowInternal(err, "USER-dKGqO", "unable to unmarshal user external idp cascade removed") } return e, nil @@ -205,7 +206,7 @@ func UserIDPCheckSucceededEventMapper(event eventstore.Event) (eventstore.Event, err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "USER-oikSS", "unable to unmarshal user external idp check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-oikSS", "unable to unmarshal user external idp check succeeded") } return e, nil @@ -248,3 +249,41 @@ func NewUserIDPExternalIDMigratedEvent( NewID: newID, } } + +type UserIDPExternalUsernameEvent struct { + eventstore.BaseEvent `json:"-"` + IDPConfigID string `json:"idpConfigId"` + ExternalUserID string `json:"userId"` + ExternalUsername string `json:"username"` +} + +func (e *UserIDPExternalUsernameEvent) Payload() interface{} { + return e +} + +func (e *UserIDPExternalUsernameEvent) UniqueConstraints() []*eventstore.UniqueConstraint { + return nil +} + +func (e *UserIDPExternalUsernameEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewUserIDPExternalUsernameEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + idpConfigID, + externalUserID, + externalUsername string, +) *UserIDPExternalUsernameEvent { + return &UserIDPExternalUsernameEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + UserIDPExternalUsernameChangedType, + ), + IDPConfigID: idpConfigID, + ExternalUserID: externalUserID, + ExternalUsername: externalUsername, + } +} diff --git a/internal/repository/user/human_mfa_otp.go b/internal/repository/user/human_mfa_otp.go index 95fd0c0bb0..1eb74f3403 100644 --- a/internal/repository/user/human_mfa_otp.go +++ b/internal/repository/user/human_mfa_otp.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -68,7 +68,7 @@ func HumanOTPAddedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(otpAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp added") + return nil, zerrors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp added") } return otpAdded, nil } @@ -172,7 +172,7 @@ func HumanOTPCheckSucceededEventMapper(event eventstore.Event) (eventstore.Event } err := event.Unmarshal(otpAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check succeeded") } return otpAdded, nil } @@ -211,7 +211,7 @@ func HumanOTPCheckFailedEventMapper(event eventstore.Event) (eventstore.Event, e } err := event.Unmarshal(otpAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check failed") + return nil, zerrors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check failed") } return otpAdded, nil } diff --git a/internal/repository/user/human_mfa_passwordless.go b/internal/repository/user/human_mfa_passwordless.go index ec6342d2e7..603c657497 100644 --- a/internal/repository/user/human_mfa_passwordless.go +++ b/internal/repository/user/human_mfa_passwordless.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -308,7 +308,7 @@ func HumanPasswordlessInitCodeAddedEventMapper(event eventstore.Event) (eventsto } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-BDf32", "unable to unmarshal human passwordless code added") + return nil, zerrors.ThrowInternal(err, "USER-BDf32", "unable to unmarshal human passwordless code added") } return webAuthNAdded, nil } @@ -366,7 +366,7 @@ func HumanPasswordlessInitCodeRequestedEventMapper(event eventstore.Event) (even } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-VGfg3", "unable to unmarshal human passwordless code delivery added") + return nil, zerrors.ThrowInternal(err, "USER-VGfg3", "unable to unmarshal human passwordless code delivery added") } return webAuthNAdded, nil } @@ -406,7 +406,7 @@ func HumanPasswordlessInitCodeSentEventMapper(event eventstore.Event) (eventstor } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code sent") + return nil, zerrors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code sent") } return webAuthNAdded, nil } @@ -446,7 +446,7 @@ func HumanPasswordlessInitCodeCodeCheckFailedEventMapper(event eventstore.Event) } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code check failed") + return nil, zerrors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code check failed") } return webAuthNAdded, nil } @@ -486,7 +486,7 @@ func HumanPasswordlessInitCodeCodeCheckSucceededEventMapper(event eventstore.Eve } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-Gtg4j", "unable to unmarshal human passwordless code check succeeded") } return webAuthNAdded, nil } diff --git a/internal/repository/user/human_mfa_web_auth_n.go b/internal/repository/user/human_mfa_web_auth_n.go index 7425803626..113bc9e956 100644 --- a/internal/repository/user/human_mfa_web_auth_n.go +++ b/internal/repository/user/human_mfa_web_auth_n.go @@ -2,8 +2,8 @@ package user import ( "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type HumanWebAuthNAddedEvent struct { @@ -42,7 +42,7 @@ func HumanWebAuthNAddedEventMapper(event eventstore.Event) (eventstore.Event, er } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-tB8sf", "unable to unmarshal human webAuthN added") + return nil, zerrors.ThrowInternal(err, "USER-tB8sf", "unable to unmarshal human webAuthN added") } return webAuthNAdded, nil } @@ -98,7 +98,7 @@ func HumanWebAuthNVerifiedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(webauthNVerified) if err != nil { - return nil, errors.ThrowInternal(err, "USER-B0zDs", "unable to unmarshal human webAuthN verified") + return nil, zerrors.ThrowInternal(err, "USER-B0zDs", "unable to unmarshal human webAuthN verified") } return webauthNVerified, nil } @@ -136,7 +136,7 @@ func HumanWebAuthNSignCountChangedEventMapper(event eventstore.Event) (eventstor } err := event.Unmarshal(webauthNVerified) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5Gm0s", "unable to unmarshal human webAuthN sign count") + return nil, zerrors.ThrowInternal(err, "USER-5Gm0s", "unable to unmarshal human webAuthN sign count") } return webauthNVerified, nil } @@ -172,7 +172,7 @@ func HumanWebAuthNRemovedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(webauthNVerified) if err != nil { - return nil, errors.ThrowInternal(err, "USER-gM9sd", "unable to unmarshal human webAuthN token removed") + return nil, zerrors.ThrowInternal(err, "USER-gM9sd", "unable to unmarshal human webAuthN token removed") } return webauthNVerified, nil } @@ -210,7 +210,7 @@ func HumanWebAuthNBeginLoginEventMapper(event eventstore.Event) (eventstore.Even } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-rMb8x", "unable to unmarshal human webAuthN begin login") + return nil, zerrors.ThrowInternal(err, "USER-rMb8x", "unable to unmarshal human webAuthN begin login") } return webAuthNAdded, nil } @@ -243,7 +243,7 @@ func HumanWebAuthNCheckSucceededEventMapper(event eventstore.Event) (eventstore. } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-2M0fg", "unable to unmarshal human webAuthN check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-2M0fg", "unable to unmarshal human webAuthN check succeeded") } return webAuthNAdded, nil } @@ -276,7 +276,7 @@ func HumanWebAuthNCheckFailedEventMapper(event eventstore.Event) (eventstore.Eve } err := event.Unmarshal(webAuthNAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-O0dse", "unable to unmarshal human webAuthN check failed") + return nil, zerrors.ThrowInternal(err, "USER-O0dse", "unable to unmarshal human webAuthN check failed") } return webAuthNAdded, nil } diff --git a/internal/repository/user/human_password.go b/internal/repository/user/human_password.go index aaca42dfe3..9df7e6c7fd 100644 --- a/internal/repository/user/human_password.go +++ b/internal/repository/user/human_password.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -72,7 +72,7 @@ func HumanPasswordChangedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(humanAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed") + return nil, zerrors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed") } return humanAdded, nil @@ -141,7 +141,7 @@ func HumanPasswordCodeAddedEventMapper(event eventstore.Event) (eventstore.Event } err := event.Unmarshal(humanAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Ms90d", "unable to unmarshal human password code added") + return nil, zerrors.ThrowInternal(err, "USER-Ms90d", "unable to unmarshal human password code added") } return humanAdded, nil @@ -237,7 +237,7 @@ func HumanPasswordCheckSucceededEventMapper(event eventstore.Event) (eventstore. } err := event.Unmarshal(humanAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5M9sd", "unable to unmarshal human password check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-5M9sd", "unable to unmarshal human password check succeeded") } return humanAdded, nil @@ -277,7 +277,7 @@ func HumanPasswordCheckFailedEventMapper(event eventstore.Event) (eventstore.Eve } err := event.Unmarshal(humanAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-4m9fs", "unable to unmarshal human password check failed") + return nil, zerrors.ThrowInternal(err, "USER-4m9fs", "unable to unmarshal human password check failed") } return humanAdded, nil diff --git a/internal/repository/user/human_phone.go b/internal/repository/user/human_phone.go index 7c2302bb4d..2b3a1f24d3 100644 --- a/internal/repository/user/human_phone.go +++ b/internal/repository/user/human_phone.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -52,7 +52,7 @@ func HumanPhoneChangedEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(phoneChangedEvent) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human phone changed") + return nil, zerrors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human phone changed") } return phoneChangedEvent, nil @@ -200,7 +200,7 @@ func HumanPhoneCodeAddedEventMapper(event eventstore.Event) (eventstore.Event, e } err := event.Unmarshal(codeAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-6Ms9d", "unable to unmarshal human phone code added") + return nil, zerrors.ThrowInternal(err, "USER-6Ms9d", "unable to unmarshal human phone code added") } return codeAdded, nil diff --git a/internal/repository/user/human_profile.go b/internal/repository/user/human_profile.go index 611591dbf8..1c73b2dce2 100644 --- a/internal/repository/user/human_profile.go +++ b/internal/repository/user/human_profile.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" "golang.org/x/text/language" ) @@ -39,7 +39,7 @@ func NewHumanProfileChangedEvent( changes []ProfileChanges, ) (*HumanProfileChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "USER-33n8F", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "USER-33n8F", "Errors.NoChangesFound") } changeEvent := &HumanProfileChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -98,7 +98,7 @@ func HumanProfileChangedEventMapper(event eventstore.Event) (eventstore.Event, e } err := event.Unmarshal(profileChanged) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human profile changed") + return nil, zerrors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human profile changed") } return profileChanged, nil diff --git a/internal/repository/user/human_refresh_token.go b/internal/repository/user/human_refresh_token.go index f17d906f3e..2de3a2ca4f 100644 --- a/internal/repository/user/human_refresh_token.go +++ b/internal/repository/user/human_refresh_token.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -81,7 +81,7 @@ func HumanRefreshTokenAddedEventMapper(event eventstore.Event) (eventstore.Event } err := event.Unmarshal(refreshTokenAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-DGr14", "unable to unmarshal refresh token added") + return nil, zerrors.ThrowInternal(err, "USER-DGr14", "unable to unmarshal refresh token added") } return refreshTokenAdded, nil @@ -132,7 +132,7 @@ func HumanRefreshTokenRenewedEventEventMapper(event eventstore.Event) (eventstor } err := event.Unmarshal(tokenAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-GBt21", "unable to unmarshal refresh token renewed") + return nil, zerrors.ThrowInternal(err, "USER-GBt21", "unable to unmarshal refresh token renewed") } return tokenAdded, nil @@ -177,7 +177,7 @@ func HumanRefreshTokenRemovedEventEventMapper(event eventstore.Event) (eventstor } err := event.Unmarshal(tokenAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Dggs2", "unable to unmarshal refresh token removed") + return nil, zerrors.ThrowInternal(err, "USER-Dggs2", "unable to unmarshal refresh token removed") } return tokenAdded, nil diff --git a/internal/repository/user/machine.go b/internal/repository/user/machine.go index 7faea5ac95..d76290931a 100644 --- a/internal/repository/user/machine.go +++ b/internal/repository/user/machine.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -62,7 +62,7 @@ func MachineAddedEventMapper(event eventstore.Event) (eventstore.Event, error) { } err := event.Unmarshal(machineAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-tMv9s", "unable to unmarshal machine added") + return nil, zerrors.ThrowInternal(err, "USER-tMv9s", "unable to unmarshal machine added") } return machineAdded, nil @@ -90,7 +90,7 @@ func NewMachineChangedEvent( changes []MachineChanges, ) (*MachineChangedEvent, error) { if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "USER-3M9fs", "Errors.NoChangesFound") + return nil, zerrors.ThrowPreconditionFailed(nil, "USER-3M9fs", "Errors.NoChangesFound") } changeEvent := &MachineChangedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -131,7 +131,7 @@ func MachineChangedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(machineChanged) if err != nil { - return nil, errors.ThrowInternal(err, "USER-4M9ds", "unable to unmarshal machine changed") + return nil, zerrors.ThrowInternal(err, "USER-4M9ds", "unable to unmarshal machine changed") } return machineChanged, nil diff --git a/internal/repository/user/machine_key.go b/internal/repository/user/machine_key.go index 283e8240ec..aff1c3750e 100644 --- a/internal/repository/user/machine_key.go +++ b/internal/repository/user/machine_key.go @@ -6,8 +6,8 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -65,7 +65,7 @@ func MachineKeyAddedEventMapper(event eventstore.Event) (eventstore.Event, error if unwrapErr, ok := err.(*json.UnmarshalTypeError); ok && unwrapErr.Field == "publicKey" { return machineKeyAdded, nil } - return nil, errors.ThrowInternal(err, "USER-p0ovS", "unable to unmarshal machine key added") + return nil, zerrors.ThrowInternal(err, "USER-p0ovS", "unable to unmarshal machine key added") } return machineKeyAdded, nil @@ -106,7 +106,7 @@ func MachineKeyRemovedEventMapper(event eventstore.Event) (eventstore.Event, err } err := event.Unmarshal(machineRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "USER-5Gm9s", "unable to unmarshal machine key removed") + return nil, zerrors.ThrowInternal(err, "USER-5Gm9s", "unable to unmarshal machine key removed") } return machineRemoved, nil diff --git a/internal/repository/user/machine_secret.go b/internal/repository/user/machine_secret.go index 041d938f8e..9d2f9fa97f 100644 --- a/internal/repository/user/machine_secret.go +++ b/internal/repository/user/machine_secret.go @@ -4,8 +4,8 @@ import ( "context" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -51,7 +51,7 @@ func MachineSecretSetEventMapper(event eventstore.Event) (eventstore.Event, erro } err := event.Unmarshal(credentialsSet) if err != nil { - return nil, errors.ThrowInternal(err, "USER-lopbqu", "unable to unmarshal machine secret set") + return nil, zerrors.ThrowInternal(err, "USER-lopbqu", "unable to unmarshal machine secret set") } return credentialsSet, nil @@ -88,7 +88,7 @@ func MachineSecretRemovedEventMapper(event eventstore.Event) (eventstore.Event, } err := event.Unmarshal(credentialsRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "USER-quox9j2", "unable to unmarshal machine secret removed") + return nil, zerrors.ThrowInternal(err, "USER-quox9j2", "unable to unmarshal machine secret removed") } return credentialsRemoved, nil @@ -125,7 +125,7 @@ func MachineSecretCheckSucceededEventMapper(event eventstore.Event) (eventstore. } err := event.Unmarshal(check) if err != nil { - return nil, errors.ThrowInternal(err, "USER-x002n1p", "unable to unmarshal machine secret check succeeded") + return nil, zerrors.ThrowInternal(err, "USER-x002n1p", "unable to unmarshal machine secret check succeeded") } return check, nil @@ -162,7 +162,7 @@ func MachineSecretCheckFailedEventMapper(event eventstore.Event) (eventstore.Eve } err := event.Unmarshal(check) if err != nil { - return nil, errors.ThrowInternal(err, "USER-x7901b1l", "unable to unmarshal machine secret check failed") + return nil, zerrors.ThrowInternal(err, "USER-x7901b1l", "unable to unmarshal machine secret check failed") } return check, nil diff --git a/internal/repository/user/personal_access_token.go b/internal/repository/user/personal_access_token.go index 10432fe22e..0528507a36 100644 --- a/internal/repository/user/personal_access_token.go +++ b/internal/repository/user/personal_access_token.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -55,7 +55,7 @@ func PersonalAccessTokenAddedEventMapper(event eventstore.Event) (eventstore.Eve } err := event.Unmarshal(tokenAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Dbges", "unable to unmarshal token added") + return nil, zerrors.ThrowInternal(err, "USER-Dbges", "unable to unmarshal token added") } return tokenAdded, nil @@ -96,7 +96,7 @@ func PersonalAccessTokenRemovedEventMapper(event eventstore.Event) (eventstore.E } err := event.Unmarshal(tokenRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "USER-Dbneg", "unable to unmarshal token removed") + return nil, zerrors.ThrowInternal(err, "USER-Dbneg", "unable to unmarshal token removed") } return tokenRemoved, nil diff --git a/internal/repository/user/user.go b/internal/repository/user/user.go index df99eb2e74..260dab135b 100644 --- a/internal/repository/user/user.go +++ b/internal/repository/user/user.go @@ -6,8 +6,8 @@ import ( "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -262,7 +262,7 @@ func UserTokenAddedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(tokenAdded) if err != nil { - return nil, errors.ThrowInternal(err, "USER-7M9sd", "unable to unmarshal token added") + return nil, zerrors.ThrowInternal(err, "USER-7M9sd", "unable to unmarshal token added") } return tokenAdded, nil @@ -303,7 +303,7 @@ func UserTokenRemovedEventMapper(event eventstore.Event) (eventstore.Event, erro } err := event.Unmarshal(tokenRemoved) if err != nil { - return nil, errors.ThrowInternal(err, "USER-7M9sd", "unable to unmarshal token added") + return nil, zerrors.ThrowInternal(err, "USER-7M9sd", "unable to unmarshal token added") } return tokenRemoved, nil @@ -359,7 +359,7 @@ func DomainClaimedEventMapper(event eventstore.Event) (eventstore.Event, error) } err := event.Unmarshal(domainClaimed) if err != nil { - return nil, errors.ThrowInternal(err, "USER-aR8jc", "unable to unmarshal domain claimed") + return nil, zerrors.ThrowInternal(err, "USER-aR8jc", "unable to unmarshal domain claimed") } return domainClaimed, nil @@ -457,7 +457,7 @@ func UsernameChangedEventMapper(event eventstore.Event) (eventstore.Event, error } err := event.Unmarshal(domainClaimed) if err != nil { - return nil, errors.ThrowInternal(err, "USER-4Bm9s", "unable to unmarshal username changed") + return nil, zerrors.ThrowInternal(err, "USER-4Bm9s", "unable to unmarshal username changed") } return domainClaimed, nil diff --git a/internal/repository/usergrant/user_grant.go b/internal/repository/usergrant/user_grant.go index 10d6cfcf1f..bd0908f60e 100644 --- a/internal/repository/usergrant/user_grant.go +++ b/internal/repository/usergrant/user_grant.go @@ -6,7 +6,7 @@ import ( "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -78,7 +78,7 @@ func UserGrantAddedEventMapper(event eventstore.Event) (eventstore.Event, error) err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "UGRANT-0p9ol", "unable to unmarshal user grant") + return nil, zerrors.ThrowInternal(err, "UGRANT-0p9ol", "unable to unmarshal user grant") } return e, nil @@ -118,7 +118,7 @@ func UserGrantChangedEventMapper(event eventstore.Event) (eventstore.Event, erro err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "UGRANT-4M0sd", "unable to unmarshal user grant") + return nil, zerrors.ThrowInternal(err, "UGRANT-4M0sd", "unable to unmarshal user grant") } return e, nil @@ -158,7 +158,7 @@ func UserGrantCascadeChangedEventMapper(event eventstore.Event) (eventstore.Even err := event.Unmarshal(e) if err != nil { - return nil, errors.ThrowInternal(err, "UGRANT-Gs9df", "unable to unmarshal user grant") + return nil, zerrors.ThrowInternal(err, "UGRANT-Gs9df", "unable to unmarshal user grant") } return e, nil diff --git a/internal/static/config/config.go b/internal/static/config/config.go index 2ace6a731e..5aa8a4e32d 100644 --- a/internal/static/config/config.go +++ b/internal/static/config/config.go @@ -4,10 +4,10 @@ import ( "database/sql" "github.com/zitadel/zitadel/internal/api/http/middleware" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/static" "github.com/zitadel/zitadel/internal/static/database" "github.com/zitadel/zitadel/internal/static/s3" + "github.com/zitadel/zitadel/internal/zerrors" ) type AssetStorageConfig struct { @@ -19,7 +19,7 @@ type AssetStorageConfig struct { func (a *AssetStorageConfig) NewStorage(client *sql.DB) (static.Storage, error) { t, ok := storage[a.Type] if !ok { - return nil, errors.ThrowInternalf(nil, "STATIC-dsbjh", "config type %s not supported", a.Type) + return nil, zerrors.ThrowInternalf(nil, "STATIC-dsbjh", "config type %s not supported", a.Type) } return t(client, a.Config) diff --git a/internal/static/database/crdb.go b/internal/static/database/crdb.go index 5a012a591d..a031f7d17a 100644 --- a/internal/static/database/crdb.go +++ b/internal/static/database/crdb.go @@ -3,15 +3,15 @@ package database import ( "context" "database/sql" - errs "errors" + "errors" "fmt" "io" "time" "github.com/Masterminds/squirrel" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ static.Storage = (*crdbStorage)(nil) @@ -40,7 +40,7 @@ func NewStorage(client *sql.DB, _ map[string]interface{}) (static.Storage, error func (c *crdbStorage) PutObject(ctx context.Context, instanceID, location, resourceOwner, name, contentType string, objectType static.ObjectType, object io.Reader, objectSize int64) (*static.Asset, error) { data, err := io.ReadAll(object) if err != nil { - return nil, caos_errors.ThrowInternal(err, "DATAB-Dfwvq", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "DATAB-Dfwvq", "Errors.Internal") } stmt, args, err := squirrel.Insert(assetsTable). Columns(AssetColInstanceID, AssetColResourceOwner, AssetColName, AssetColType, AssetColContentType, AssetColData, AssetColUpdatedAt). @@ -52,13 +52,13 @@ func (c *crdbStorage) PutObject(ctx context.Context, instanceID, location, resou PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return nil, caos_errors.ThrowInternal(err, "DATAB-32DG1", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "DATAB-32DG1", "Errors.Internal") } var hash string var updatedAt time.Time err = c.client.QueryRowContext(ctx, stmt, args...).Scan(&hash, &updatedAt) if err != nil { - return nil, caos_errors.ThrowInternal(err, "DATAB-D2g2q", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "DATAB-D2g2q", "Errors.Internal") } return &static.Asset{ InstanceID: instanceID, @@ -82,7 +82,7 @@ func (c *crdbStorage) GetObject(ctx context.Context, instanceID, resourceOwner, PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return nil, nil, caos_errors.ThrowInternal(err, "DATAB-GE3hz", "Errors.Internal") + return nil, nil, zerrors.ThrowInternal(err, "DATAB-GE3hz", "Errors.Internal") } var data []byte asset := &static.Asset{ @@ -98,10 +98,10 @@ func (c *crdbStorage) GetObject(ctx context.Context, instanceID, resourceOwner, &asset.LastModified, ) if err != nil { - if errs.Is(err, sql.ErrNoRows) { - return nil, nil, caos_errors.ThrowNotFound(err, "DATAB-pCP8P", "Errors.Assets.Object.NotFound") + if errors.Is(err, sql.ErrNoRows) { + return nil, nil, zerrors.ThrowNotFound(err, "DATAB-pCP8P", "Errors.Assets.Object.NotFound") } - return nil, nil, caos_errors.ThrowInternal(err, "DATAB-Sfgb3", "Errors.Assets.Object.GetFailed") + return nil, nil, zerrors.ThrowInternal(err, "DATAB-Sfgb3", "Errors.Assets.Object.GetFailed") } asset.Size = int64(len(data)) return data, @@ -122,7 +122,7 @@ func (c *crdbStorage) GetObjectInfo(ctx context.Context, instanceID, resourceOwn PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return nil, caos_errors.ThrowInternal(err, "DATAB-rggt2", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "DATAB-rggt2", "Errors.Internal") } asset := &static.Asset{ InstanceID: instanceID, @@ -138,7 +138,7 @@ func (c *crdbStorage) GetObjectInfo(ctx context.Context, instanceID, resourceOwn &asset.LastModified, ) if err != nil { - return nil, caos_errors.ThrowInternal(err, "DATAB-Dbh2s", "Errors.Internal") + return nil, zerrors.ThrowInternal(err, "DATAB-Dbh2s", "Errors.Internal") } return asset, nil } @@ -153,11 +153,11 @@ func (c *crdbStorage) RemoveObject(ctx context.Context, instanceID, resourceOwne PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-Sgvwq", "Errors.Internal") + return zerrors.ThrowInternal(err, "DATAB-Sgvwq", "Errors.Internal") } _, err = c.client.ExecContext(ctx, stmt, args...) if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-RHNgf", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(err, "DATAB-RHNgf", "Errors.Assets.Object.RemoveFailed") } return nil } @@ -172,11 +172,11 @@ func (c *crdbStorage) RemoveObjects(ctx context.Context, instanceID, resourceOwn PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-Sfgeq", "Errors.Internal") + return zerrors.ThrowInternal(err, "DATAB-Sfgeq", "Errors.Internal") } _, err = c.client.ExecContext(ctx, stmt, args...) if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-Efgt2", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(err, "DATAB-Efgt2", "Errors.Assets.Object.RemoveFailed") } return nil } @@ -189,11 +189,11 @@ func (c *crdbStorage) RemoveInstanceObjects(ctx context.Context, instanceID stri PlaceholderFormat(squirrel.Dollar). ToSql() if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-Sfgeq", "Errors.Internal") + return zerrors.ThrowInternal(err, "DATAB-Sfgeq", "Errors.Internal") } _, err = c.client.ExecContext(ctx, stmt, args...) if err != nil { - return caos_errors.ThrowInternal(err, "DATAB-Efgt2", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(err, "DATAB-Efgt2", "Errors.Assets.Object.RemoveFailed") } return nil } diff --git a/internal/static/i18n/bg.yaml b/internal/static/i18n/bg.yaml index ff7f86601a..fbc61f74bd 100644 --- a/internal/static/i18n/bg.yaml +++ b/internal/static/i18n/bg.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Не са посочени лимити Restrictions: NoneSpecified: Не са посочени ограничения + DefaultLanguageMustBeAllowed: Езикът по подразбиране трябва да бъде разрешен Language: NotParsed: Езикът не можа да бъде анализиран синтактично + NotSupported: Езикът не се поддържа + NotAllowed: Езикът не е разрешен + Undefined: Езикът е неопределен + Duplicate: Езиците имат дубликати OIDCSettings: NotFound: Конфигурацията на OIDC не е намерена AlreadyExists: OIDC конфигурацията вече съществува @@ -141,7 +146,7 @@ Errors: ExternalIDP: Invalid: Невалиден външен IDP IDPConfigNotExisting: Невалиден доставчик на IDP за тази организация - NotAllowed: Външен IDP не е разрешен в тази организация + NotAllowed: Външен IDP не е разрешен MinimumExternalIDPNeeded: Трябва да се добави поне един IDP AlreadyExists: Външен IDP вече е зает NotFound: Външен IDP не е намерен diff --git a/internal/static/i18n/cs.yaml b/internal/static/i18n/cs.yaml index 4230dc7749..df607c6f0e 100644 --- a/internal/static/i18n/cs.yaml +++ b/internal/static/i18n/cs.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Nebyly určeny žádné limity Restrictions: NoneSpecified: Nebyla určena žádná omezení + DefaultLanguageMustBeAllowed: Výchozí jazyk musí být povolen Language: NotParsed: Jazyk nelze určit + NotSupported: Jazyk není podporován + NotAllowed: Jazyk není povolen + Undefined: Jazyk není definován + Duplicate: Jazyky mají duplikáty OIDCSettings: NotFound: Konfigurace OIDC nebyla nalezena AlreadyExists: Konfigurace OIDC již existuje @@ -138,7 +143,7 @@ Errors: ExternalIDP: Invalid: Externí IDP je neplatné IDPConfigNotExisting: Konfigurace poskytovatele IDP je pro tuto organizaci neplatná - NotAllowed: Externí IDP není v této organizaci povoleno + NotAllowed: Externí IDP není povolen MinimumExternalIDPNeeded: Musí být přidán alespoň jeden IDP AlreadyExists: Externí IDP již obsazeno NotFound: Externí IDP nenalezeno diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml index 65cd5b1168..2215c60a0a 100644 --- a/internal/static/i18n/de.yaml +++ b/internal/static/i18n/de.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Keine Limits angegeben Restrictions: NoneSpecified: Keine Restriktionen angegeben + DefaultLanguageMustBeAllowed: Default Sprache muss erlaubt sein Language: NotParsed: Sprache konnte nicht gemapped werden + NotSupported: Sprache wird nicht unterstützt + NotAllowed: Sprache ist nicht erlaubt + Undefined: Sprache ist nicht definiert + Duplicate: Sprachen haben Duplikate OIDCSettings: NotFound: OIDC Konfiguration konnte nicht gefunden werden AlreadyExists: OIDC Konfiguration existiert bereits @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: Externer IDP ungültig IDPConfigNotExisting: IDP Provider ungültig für diese Organisation - NotAllowed: Externer IDP ist auf dieser Organisation nicht erlaubt. + NotAllowed: Externer IDP nicht erlaubt MinimumExternalIDPNeeded: Mindestens ein IDP muss hinzugefügt werden. AlreadyExists: External IDP ist bereits vergeben NotFound: Externer IDP nicht gefunden diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index e3cdbcf2e8..55cfdee3d1 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: No limits specified Restrictions: NoneSpecified: No restrictions specified + DefaultLanguageMustBeAllowed: The default language must be allowed Language: NotParsed: Could not parse language + NotSupported: Language is not supported + NotAllowed: Language is not allowed + Undefined: Language is undefined + Duplicate: Languages have duplicates OIDCSettings: NotFound: OIDC Configuration not found AlreadyExists: OIDC configuration already exists @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: External IDP invalid IDPConfigNotExisting: IDP provider invalid for this organization - NotAllowed: External IDP not allowed on this organization + NotAllowed: External IDP not allowed MinimumExternalIDPNeeded: At least one IDP must be added AlreadyExists: External IDP already taken NotFound: External IDP not found diff --git a/internal/static/i18n/es.yaml b/internal/static/i18n/es.yaml index 7a5d0ab297..1bea1ad05a 100644 --- a/internal/static/i18n/es.yaml +++ b/internal/static/i18n/es.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: No se especificaron límites Restrictions: NoneSpecified: No se especificaron restricciones + DefaultLanguageMustBeAllowed: El idioma por defecto debe estar permitido Language: NotParsed: No pude analizar el idioma + NotSupported: El idioma no está soportado + NotAllowed: El idioma no está permitido + Undefined: El idioma no está definido + Duplicate: Idiomas duplicados OIDCSettings: NotFound: Configuración OIDC no encontrada AlreadyExists: La configuración OIDC ya existe @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: IDP externo no válido IDPConfigNotExisting: Proveedor IDP no válido para esta organización - NotAllowed: IDP externo no permitido para esta organización + NotAllowed: IDP externo no permitido MinimumExternalIDPNeeded: Al menos de añadirse un IDP AlreadyExists: IDP externo ya cogido NotFound: IDP no encontrado diff --git a/internal/static/i18n/fr.yaml b/internal/static/i18n/fr.yaml index 43f8b8453b..11720a473a 100644 --- a/internal/static/i18n/fr.yaml +++ b/internal/static/i18n/fr.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Aucune limite spécifiée Restrictions: NoneSpecified: Aucune restriction spécifiée + DefaultLanguageMustBeAllowed: La langue par défaut doit être autorisée Language: NotParsed: Impossible d'analyser la langue + NotSupported: Langue non prise en charge + NotAllowed: Langue non autorisée + Undefined: Langue non définie + Duplicate: Langues en double OIDCSettings: NotFound: Configuration OIDC non trouvée AlreadyExists: La configuration OIDC existe déjà @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: IDP Externer invalide IDPConfigNotExisting: Le fournisseur IDP n'est pas valide pour cette organisation - NotAllowed: IDP externe non autorisé pour cette organisation + NotAllowed: IDP externe non autorisé MinimumExternalIDPNeeded: Au moins un IDP doit être ajouté AlreadyExists: External IDP déjà pris NotFound: IDP externe non trouvé diff --git a/internal/static/i18n/it.yaml b/internal/static/i18n/it.yaml index 045a7b06bc..fa74723055 100644 --- a/internal/static/i18n/it.yaml +++ b/internal/static/i18n/it.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Nessun limite specificato Restrictions: NoneSpecified: Nessuna restrizione specificata + DefaultLanguageMustBeAllowed: La lingua predefinita deve essere consentita Language: NotParsed: Impossibile analizzare la lingua + NotSupported: Lingua non supportata + NotAllowed: Lingua non consentita + Undefined: Lingua non definita + Duplicate: Lingue duplicate OIDCSettings: NotFound: Impossibile trovare la configurazione OIDC AlreadyExists: La configurazione OIDC esiste già @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: IDP esterno non valido IDPConfigNotExisting: IDP non valido per questa organizzazione - NotAllowed: IDP esterno non consentito su questa organizzazione + NotAllowed: IDP esterno non consentito MinimumExternalIDPNeeded: Almeno un IDP deve essere aggiunto AlreadyExists: IDP esterno già preso NotFound: IDP esterno non trovato diff --git a/internal/static/i18n/ja.yaml b/internal/static/i18n/ja.yaml index aa6e591987..ff333884cd 100644 --- a/internal/static/i18n/ja.yaml +++ b/internal/static/i18n/ja.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: 制限が指定されていません Restrictions: NoneSpecified: 制限が指定されていません + DefaultLanguageMustBeAllowed: デフォルト言語は許可されている必要があります Language: NotParsed: 言語のパースに失敗しました + NotSupported: 言語はサポートされていません + NotAllowed: 言語は許可されていません + Undefined: 言語は未定義です + Duplicate: 言語に重複があります OIDCSettings: NotFound: OIDC構成が見つかりません AlreadyExists: すでに存在するOIDC構成です @@ -131,7 +136,7 @@ Errors: ExternalIDP: Invalid: 無効な外部IDPです IDPConfigNotExisting: この組織はIDPプロバイダーが無効です - NotAllowed: この組織では外部IDPが許可されていません + NotAllowed: 外部IDPは許可されていません MinimumExternalIDPNeeded: 少なくとも1つのIDPを追加する必要があります AlreadyExists: 外部IDPはすでに使用されています NotFound: 外部IDPが見つかりません diff --git a/internal/static/i18n/mk.yaml b/internal/static/i18n/mk.yaml index a28190f645..1cef512502 100644 --- a/internal/static/i18n/mk.yaml +++ b/internal/static/i18n/mk.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Не се наведени лимити Restrictions: NoneSpecified: Не се наведени ограничувања + DefaultLanguageMustBeAllowed: Стандардниот јазик мора да биде дозволен Language: NotParsed: Јазикот не може да се парсира + NotSupported: Јазикот не е поддржан + NotAllowed: Јазикот не е дозволен + Undefined: Јазикот е недефиниран + Duplicate: Јазиците имаат дупликати OIDCSettings: NotFound: OIDC конфигурацијата не е пронајдена AlreadyExists: OIDC конфигурацијата веќе постои @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: Невалиден надворешен IDP IDPConfigNotExisting: IDP не е валиден за оваа организација - NotAllowed: Надворешниоте IDP не е дозволен на оваа организација + NotAllowed: Надворешниот IDP не е дозволен MinimumExternalIDPNeeded: Мора да се додаде најмалку еден надворешен IDP AlreadyExists: Надворешниот IDP е веќе зафатен NotFound: Надворешниот IDP не е пронајден diff --git a/internal/static/i18n/nl.yaml b/internal/static/i18n/nl.yaml index d9489dbb9e..059e6393be 100644 --- a/internal/static/i18n/nl.yaml +++ b/internal/static/i18n/nl.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Geen limieten gespecificeerd Restrictions: NoneSpecified: Geen beperkingen gespecificeerd + DefaultLanguageMustBeAllowed: De standaardtaal moet worden toegestaan Language: NotParsed: Kon taal niet parsen + NotSupported: Taal wordt niet ondersteund + NotAllowed: Taal is niet toegestaan + Undefined: Taal is niet gedefinieerd + Duplicate: Talen hebben duplicaten OIDCSettings: NotFound: OIDC-configuratie niet gevonden AlreadyExists: OIDC-configuratie bestaat al @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: Externe IDP ongeldig IDPConfigNotExisting: IDP provider ongeldig voor deze organisatie - NotAllowed: Externe IDP niet toegestaan op deze organisatie + NotAllowed: Externe IDP niet toegestaan MinimumExternalIDPNeeded: Er moet minstens één IDP worden toegevoegd AlreadyExists: Externe IDP al ingenomen NotFound: Externe IDP niet gevonden diff --git a/internal/static/i18n/pl.yaml b/internal/static/i18n/pl.yaml index 2359c4a6d3..41909826e0 100644 --- a/internal/static/i18n/pl.yaml +++ b/internal/static/i18n/pl.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Nie określono limitów Restrictions: NoneSpecified: Nie określono ograniczeń + DefaultLanguageMustBeAllowed: Domyślny język musi być dozwolony Language: NotParsed: Nie można przeanalizować języka + NotSupported: Język nie jest obsługiwany + NotAllowed: Język nie jest dozwolony + Undefined: Język jest niezdefiniowany + Duplicate: Języki mają duplikaty OIDCSettings: NotFound: Konfiguracja OIDC nie znaleziona AlreadyExists: Konfiguracja OIDC już istnieje @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: Nieprawidłowy IDP zewnętrzny IDPConfigNotExisting: Dostawca IDP jest nieprawidłowy dla tej organizacji - NotAllowed: IDP zewnętrzne nie jest dozwolone w tej organizacji + NotAllowed: IDP zewnętrzne nie jest dozwolone MinimumExternalIDPNeeded: Przynajmniej jeden IDP musi być dodany AlreadyExists: IDP zewnętrzne już istnieje NotFound: IDP zewnętrzne nie znaleziony diff --git a/internal/static/i18n/pt.yaml b/internal/static/i18n/pt.yaml index 1633181539..dc151ba3a6 100644 --- a/internal/static/i18n/pt.yaml +++ b/internal/static/i18n/pt.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Nenhum limite especificado Restrictions: NoneSpecified: Nenhuma restrição especificada + DefaultLanguageMustBeAllowed: O idioma padrão deve ser permitido Language: NotParsed: Não foi possível analisar o idioma + NotSupported: Idioma não suportado + NotAllowed: Idioma não permitido + Undefined: Idioma indefinido + Duplicate: Idiomas têm duplicatas OIDCSettings: NotFound: Configuração OIDC não encontrada AlreadyExists: Configuração OIDC já existe @@ -138,7 +143,7 @@ Errors: ExternalIDP: Invalid: IDP externo inválido IDPConfigNotExisting: Provedor de IDP inválido para esta organização - NotAllowed: IDP externo não permitido nesta organização + NotAllowed: IDP externo não permitido MinimumExternalIDPNeeded: Pelo menos um IDP deve ser adicionado AlreadyExists: IDP externo já está em uso NotFound: IDP externo não encontrado diff --git a/internal/static/i18n/ru.yaml b/internal/static/i18n/ru.yaml index 21d8dd9a60..ddb54240dc 100644 --- a/internal/static/i18n/ru.yaml +++ b/internal/static/i18n/ru.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: Не указаны лимиты Restrictions: NoneSpecified: Не указаны ограничения + DefaultLanguageMustBeAllowed: Язык по умолчанию должен быть разрешен Language: NotParsed: Не удалось разобрать язык + NotSupported: Язык не поддерживается + NotAllowed: Язык не разрешен + Undefined: Язык не определен + Duplicate: Языки имеют дубликаты OIDCSettings: NotFound: Конфигурация OIDC не найдена AlreadyExists: Конфигурация OIDC уже существует @@ -138,7 +143,7 @@ Errors: ExternalIDP: Invalid: Внешний идентификационный номер недействителен. IDPConfigNotExisting: Поставщик МВУ недействителен для этой организации. - NotAllowed: Внешний IDP не разрешен в этой организации. + NotAllowed: Внешний IDP не разрешен MinimumExternalIDPNeeded: Необходимо добавить хотя бы одного ВПЛ. AlreadyExists: Внешнее ВПЛ уже занято NotFound: Внешний IDP не найден diff --git a/internal/static/i18n/zh.yaml b/internal/static/i18n/zh.yaml index 5b3ee8cab2..1c46962c3b 100644 --- a/internal/static/i18n/zh.yaml +++ b/internal/static/i18n/zh.yaml @@ -33,8 +33,13 @@ Errors: NoneSpecified: 未指定限制 Restrictions: NoneSpecified: 未指定限制 + DefaultLanguageMustBeAllowed: 默认语言必须被允许 Language: NotParsed: 无法解析语言 + NotSupported: 语言不支持 + NotAllowed: 语言不被允许 + Undefined: 语言未定义 + Duplicate: 语言有重复 OIDCSettings: NotFound: OIDC 配置未找到 AlreadyExists: OIDC 配置已存在 @@ -139,7 +144,7 @@ Errors: ExternalIDP: Invalid: 外部 IDP 无效 IDPConfigNotExisting: IDP 提供者对此组织无效 - NotAllowed: 此组织不允许外部 IDP + NotAllowed: 外部 IDP 不允许 MinimumExternalIDPNeeded: 必须添加至少一个 IDP AlreadyExists: 外部 IDP 已存在 NotFound: 未找到外部 IDP diff --git a/internal/static/mock/storage_mock.impl.go b/internal/static/mock/storage_mock.impl.go index 3cd497dcc2..aaa33aa8e2 100644 --- a/internal/static/mock/storage_mock.impl.go +++ b/internal/static/mock/storage_mock.impl.go @@ -8,8 +8,8 @@ import ( "go.uber.org/mock/gomock" - caos_errors "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) func NewStorage(t *testing.T) *MockStorage { @@ -37,7 +37,7 @@ func (m *MockStorage) ExpectPutObject() *MockStorage { func (m *MockStorage) ExpectPutObjectError() *MockStorage { m.EXPECT(). PutObject(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()). - Return(nil, caos_errors.ThrowInternal(nil, "", "")) + Return(nil, zerrors.ThrowInternal(nil, "", "")) return m } @@ -58,6 +58,6 @@ func (m *MockStorage) ExpectRemoveObjectsNoError() *MockStorage { func (m *MockStorage) ExpectRemoveObjectError() *MockStorage { m.EXPECT(). RemoveObject(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()). - Return(caos_errors.ThrowInternal(nil, "", "")) + Return(zerrors.ThrowInternal(nil, "", "")) return m } diff --git a/internal/static/s3/config.go b/internal/static/s3/config.go index 9a00cb97b1..986d74764c 100644 --- a/internal/static/s3/config.go +++ b/internal/static/s3/config.go @@ -7,9 +7,8 @@ import ( "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" - "github.com/zitadel/zitadel/internal/errors" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -29,7 +28,7 @@ func (c *Config) NewStorage() (static.Storage, error) { Region: c.Location, }) if err != nil { - return nil, caos_errs.ThrowInternal(err, "MINIO-2n9fs", "Errors.Assets.Store.NotInitialized") + return nil, zerrors.ThrowInternal(err, "MINIO-2n9fs", "Errors.Assets.Store.NotInitialized") } return &Minio{ Client: minioClient, @@ -42,11 +41,11 @@ func (c *Config) NewStorage() (static.Storage, error) { func NewStorage(_ *sql.DB, rawConfig map[string]interface{}) (static.Storage, error) { configData, err := json.Marshal(rawConfig) if err != nil { - return nil, errors.ThrowInternal(err, "MINIO-Ef2f2", "could not map config") + return nil, zerrors.ThrowInternal(err, "MINIO-Ef2f2", "could not map config") } c := new(Config) if err := json.Unmarshal(configData, c); err != nil { - return nil, errors.ThrowInternal(err, "MINIO-GB4nw", "could not map config") + return nil, zerrors.ThrowInternal(err, "MINIO-GB4nw", "could not map config") } return c.NewStorage() } diff --git a/internal/static/s3/minio.go b/internal/static/s3/minio.go index e8506955e6..47d5112d39 100644 --- a/internal/static/s3/minio.go +++ b/internal/static/s3/minio.go @@ -12,8 +12,8 @@ import ( "golang.org/x/sync/errgroup" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/static" + "github.com/zitadel/zitadel/internal/zerrors" ) var _ static.Storage = (*Minio)(nil) @@ -27,14 +27,14 @@ type Minio struct { func (m *Minio) PutObject(ctx context.Context, instanceID, location, resourceOwner, name, contentType string, objectType static.ObjectType, object io.Reader, objectSize int64) (*static.Asset, error) { err := m.createBucket(ctx, instanceID, location) - if err != nil && !caos_errs.IsErrorAlreadyExists(err) { + if err != nil && !zerrors.IsErrorAlreadyExists(err) { return nil, err } bucketName := m.prefixBucketName(instanceID) objectName := fmt.Sprintf("%s/%s", resourceOwner, name) info, err := m.Client.PutObject(ctx, bucketName, objectName, object, objectSize, minio.PutObjectOptions{ContentType: contentType}) if err != nil { - return nil, caos_errs.ThrowInternal(err, "MINIO-590sw", "Errors.Assets.Object.PutFailed") + return nil, zerrors.ThrowInternal(err, "MINIO-590sw", "Errors.Assets.Object.PutFailed") } return &static.Asset{ InstanceID: info.Bucket, @@ -53,18 +53,18 @@ func (m *Minio) GetObject(ctx context.Context, instanceID, resourceOwner, name s objectName := fmt.Sprintf("%s/%s", resourceOwner, name) object, err := m.Client.GetObject(ctx, bucketName, objectName, minio.GetObjectOptions{}) if err != nil { - return nil, nil, caos_errs.ThrowInternal(err, "MINIO-VGDgv", "Errors.Assets.Object.GetFailed") + return nil, nil, zerrors.ThrowInternal(err, "MINIO-VGDgv", "Errors.Assets.Object.GetFailed") } info := func() (*static.Asset, error) { info, err := object.Stat() if err != nil { - return nil, caos_errs.ThrowInternal(err, "MINIO-F96xF", "Errors.Assets.Object.GetFailed") + return nil, zerrors.ThrowInternal(err, "MINIO-F96xF", "Errors.Assets.Object.GetFailed") } return m.objectToAssetInfo(instanceID, resourceOwner, info), nil } asset, err := io.ReadAll(object) if err != nil { - return nil, nil, caos_errs.ThrowInternal(err, "MINIO-SFef1", "Errors.Assets.Object.GetFailed") + return nil, nil, zerrors.ThrowInternal(err, "MINIO-SFef1", "Errors.Assets.Object.GetFailed") } return asset, info, nil } @@ -75,9 +75,9 @@ func (m *Minio) GetObjectInfo(ctx context.Context, instanceID, resourceOwner, na objectInfo, err := m.Client.StatObject(ctx, bucketName, objectName, minio.StatObjectOptions{}) if err != nil { if errResp := minio.ToErrorResponse(err); errResp.StatusCode == http.StatusNotFound { - return nil, caos_errs.ThrowNotFound(err, "MINIO-Gdfh4", "Errors.Assets.Object.GetFailed") + return nil, zerrors.ThrowNotFound(err, "MINIO-Gdfh4", "Errors.Assets.Object.GetFailed") } - return nil, caos_errs.ThrowInternal(err, "MINIO-1vySX", "Errors.Assets.Object.GetFailed") + return nil, zerrors.ThrowInternal(err, "MINIO-1vySX", "Errors.Assets.Object.GetFailed") } return m.objectToAssetInfo(instanceID, resourceOwner, objectInfo), nil } @@ -87,7 +87,7 @@ func (m *Minio) RemoveObject(ctx context.Context, instanceID, resourceOwner, nam objectName := fmt.Sprintf("%s/%s", resourceOwner, name) err := m.Client.RemoveObject(ctx, bucketName, objectName, minio.RemoveObjectOptions{}) if err != nil { - return caos_errs.ThrowInternal(err, "MINIO-x85RT", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(err, "MINIO-x85RT", "Errors.Assets.Object.RemoveFailed") } return nil } @@ -115,7 +115,7 @@ func (m *Minio) RemoveObjects(ctx context.Context, instanceID, resourceOwner str logging.WithFields("bucketName", bucketName, "path", path).Warn("list objects for remove failed with not found") continue } - return caos_errs.ThrowInternal(object.Err, "MINIO-WQF32", "Errors.Assets.Object.ListFailed") + return zerrors.ThrowInternal(object.Err, "MINIO-WQF32", "Errors.Assets.Object.ListFailed") } objectsCh <- object } @@ -124,13 +124,13 @@ func (m *Minio) RemoveObjects(ctx context.Context, instanceID, resourceOwner str if m.MultiDelete { for objError := range m.Client.RemoveObjects(ctx, bucketName, objectsCh, minio.RemoveObjectsOptions{GovernanceBypass: true}) { - return caos_errs.ThrowInternal(objError.Err, "MINIO-Sfdgr", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(objError.Err, "MINIO-Sfdgr", "Errors.Assets.Object.RemoveFailed") } return g.Wait() } for objectInfo := range objectsCh { if err := m.Client.RemoveObject(ctx, bucketName, objectInfo.Key, minio.RemoveObjectOptions{GovernanceBypass: true}); err != nil { - return caos_errs.ThrowInternal(err, "MINIO-GVgew", "Errors.Assets.Object.RemoveFailed") + return zerrors.ThrowInternal(err, "MINIO-GVgew", "Errors.Assets.Object.RemoveFailed") } } return g.Wait() @@ -149,14 +149,14 @@ func (m *Minio) createBucket(ctx context.Context, name, location string) error { exists, err := m.Client.BucketExists(ctx, name) if err != nil { logging.WithFields("bucketname", name).WithError(err).Error("cannot check if bucket exists") - return caos_errs.ThrowInternal(err, "MINIO-1b8fs", "Errors.Assets.Bucket.Internal") + return zerrors.ThrowInternal(err, "MINIO-1b8fs", "Errors.Assets.Bucket.Internal") } if exists { - return caos_errs.ThrowAlreadyExists(nil, "MINIO-9n3MK", "Errors.Assets.Bucket.AlreadyExists") + return zerrors.ThrowAlreadyExists(nil, "MINIO-9n3MK", "Errors.Assets.Bucket.AlreadyExists") } err = m.Client.MakeBucket(ctx, name, minio.MakeBucketOptions{Region: location}) if err != nil { - return caos_errs.ThrowInternal(err, "MINIO-4m90d", "Errors.Assets.Bucket.CreateFailed") + return zerrors.ThrowInternal(err, "MINIO-4m90d", "Errors.Assets.Bucket.CreateFailed") } return nil } diff --git a/internal/telemetry/metrics/config/config.go b/internal/telemetry/metrics/config/config.go index 270cc77165..e9bcbe45c2 100644 --- a/internal/telemetry/metrics/config/config.go +++ b/internal/telemetry/metrics/config/config.go @@ -1,8 +1,8 @@ package config import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/metrics/otel" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -19,7 +19,7 @@ var meter = map[string]func(map[string]interface{}) error{ func (c *Config) NewMeter() error { t, ok := meter[c.Type] if !ok { - return errors.ThrowInternalf(nil, "METER-Dfqsx", "config type %s not supported", c.Type) + return zerrors.ThrowInternalf(nil, "METER-Dfqsx", "config type %s not supported", c.Type) } return t(c.Config) diff --git a/internal/telemetry/metrics/otel/open_telemetry.go b/internal/telemetry/metrics/otel/open_telemetry.go index 0afafad23e..ed1a94f840 100644 --- a/internal/telemetry/metrics/otel/open_telemetry.go +++ b/internal/telemetry/metrics/otel/open_telemetry.go @@ -11,9 +11,9 @@ import ( "go.opentelemetry.io/otel/metric" sdk_metric "go.opentelemetry.io/otel/sdk/metric" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/metrics" otel_resource "github.com/zitadel/zitadel/internal/telemetry/otel" + "github.com/zitadel/zitadel/internal/zerrors" ) type Metrics struct { @@ -66,7 +66,7 @@ func (m *Metrics) RegisterCounter(name, description string) error { func (m *Metrics) AddCount(ctx context.Context, name string, value int64, labels map[string]attribute.Value) error { counter, exists := m.Counters.Load(name) if !exists { - return caos_errs.ThrowNotFound(nil, "METER-4u8fs", "Errors.Metrics.Counter.NotFound") + return zerrors.ThrowNotFound(nil, "METER-4u8fs", "Errors.Metrics.Counter.NotFound") } counter.(metric.Int64Counter).Add(ctx, value, MapToAddOption(labels)...) return nil diff --git a/internal/telemetry/tracing/config/config.go b/internal/telemetry/tracing/config/config.go index 4e1a415201..cb44c6b65f 100644 --- a/internal/telemetry/tracing/config/config.go +++ b/internal/telemetry/tracing/config/config.go @@ -1,10 +1,10 @@ package config import ( - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing/google" "github.com/zitadel/zitadel/internal/telemetry/tracing/log" "github.com/zitadel/zitadel/internal/telemetry/tracing/otel" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -15,7 +15,7 @@ type Config struct { func (c *Config) NewTracer() error { t, ok := tracer[c.Type] if !ok { - return errors.ThrowInternalf(nil, "TRACE-dsbjh", "config type %s not supported", c.Type) + return zerrors.ThrowInternalf(nil, "TRACE-dsbjh", "config type %s not supported", c.Type) } return t(c.Config) diff --git a/internal/telemetry/tracing/otel/config.go b/internal/telemetry/tracing/otel/config.go index 81995a941c..a9f9168c1b 100644 --- a/internal/telemetry/tracing/otel/config.go +++ b/internal/telemetry/tracing/otel/config.go @@ -7,8 +7,8 @@ import ( otlpgrpc "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" sdk_trace "go.opentelemetry.io/otel/sdk/trace" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/telemetry/tracing" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -38,11 +38,11 @@ func FractionFromConfig(i interface{}) (float64, error) { case string: f, err := strconv.ParseFloat(fraction, 64) if err != nil { - return 0, errors.ThrowInternal(err, "OTEL-SAfe1", "could not map fraction") + return 0, zerrors.ThrowInternal(err, "OTEL-SAfe1", "could not map fraction") } return f, nil default: - return 0, errors.ThrowInternal(nil, "OTEL-Dd2s", "could not map fraction, unknown type") + return 0, zerrors.ThrowInternal(nil, "OTEL-Dd2s", "could not map fraction, unknown type") } } diff --git a/internal/telemetry/tracing/span.go b/internal/telemetry/tracing/span.go index 9e6f3bc287..9a6b6385ee 100644 --- a/internal/telemetry/tracing/span.go +++ b/internal/telemetry/tracing/span.go @@ -4,7 +4,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/trace" - grpc_errs "github.com/zitadel/zitadel/internal/api/grpc/errors" + "github.com/zitadel/zitadel/internal/api/grpc/gerrors" ) type Span struct { @@ -41,6 +41,6 @@ func (s *Span) SetStatusByError(err error) { ) } - code, msg, id, _ := grpc_errs.ExtractCaosError(err) + code, msg, id, _ := gerrors.ExtractZITADELError(err) s.span.SetAttributes(attribute.Int("grpc_code", int(code)), attribute.String("grpc_msg", msg), attribute.String("error_id", id)) } diff --git a/internal/user/model/external_idp_view.go b/internal/user/model/external_idp_view.go index 2225f7676c..6dc8f53dc7 100644 --- a/internal/user/model/external_idp_view.go +++ b/internal/user/model/external_idp_view.go @@ -2,7 +2,7 @@ package model import ( "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" "time" ) @@ -56,7 +56,7 @@ type ExternalIDPSearchResponse struct { func (r *ExternalIDPSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-3n8fM", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-3n8fM", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/user/model/refresh_token_view.go b/internal/user/model/refresh_token_view.go index d3437a22cf..1e1da39997 100644 --- a/internal/user/model/refresh_token_view.go +++ b/internal/user/model/refresh_token_view.go @@ -2,7 +2,7 @@ package model import ( "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" "time" ) @@ -63,7 +63,7 @@ type RefreshTokenSearchResponse struct { func (r *RefreshTokenSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-M0fse", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-M0fse", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/user/model/token_view.go b/internal/user/model/token_view.go index de9b387b4f..c2f82afaa3 100644 --- a/internal/user/model/token_view.go +++ b/internal/user/model/token_view.go @@ -2,7 +2,7 @@ package model import ( "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" "time" ) @@ -61,7 +61,7 @@ type TokenSearchResponse struct { func (r *TokenSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-M0fse", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-M0fse", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/user/model/user_membership_view.go b/internal/user/model/user_membership_view.go index 08bc87f612..3c68ef2866 100644 --- a/internal/user/model/user_membership_view.go +++ b/internal/user/model/user_membership_view.go @@ -2,7 +2,7 @@ package model import ( "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" "time" ) @@ -70,7 +70,7 @@ type UserMembershipSearchResponse struct { func (r *UserMembershipSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-288fJ", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-288fJ", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/user/model/user_session_view.go b/internal/user/model/user_session_view.go index f610eaa03a..7a23fa2a68 100644 --- a/internal/user/model/user_session_view.go +++ b/internal/user/model/user_session_view.go @@ -4,7 +4,7 @@ import ( "time" "github.com/zitadel/zitadel/internal/domain" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type UserSessionView struct { @@ -64,7 +64,7 @@ type UserSessionSearchResponse struct { func (r *UserSessionSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return caos_errors.ThrowInvalidArgument(nil, "SEARCH-27ifs", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-27ifs", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go index dac8b8a558..6806d78ebd 100644 --- a/internal/user/model/user_view.go +++ b/internal/user/model/user_view.go @@ -6,9 +6,8 @@ import ( "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore/v1/models" - iam_model "github.com/zitadel/zitadel/internal/iam/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type UserView struct { @@ -137,7 +136,7 @@ const ( func (r *UserSearchRequest) EnsureLimit(limit uint64) error { if r.Limit > limit { - return errors.ThrowInvalidArgument(nil, "SEARCH-zz62F", "Errors.Limit.ExceedsDefault") + return zerrors.ThrowInvalidArgument(nil, "SEARCH-zz62F", "Errors.Limit.ExceedsDefault") } if r.Limit == 0 { r.Limit = limit @@ -231,23 +230,9 @@ func (u *UserView) IsPasswordlessReady() bool { return false } -func (u *UserView) HasRequiredOrgMFALevel(policy *iam_model.LoginPolicyView) bool { - if !policy.ForceMFA { - return true - } - switch u.MFAMaxSetUp { - case domain.MFALevelSecondFactor: - return policy.HasSecondFactors() - case domain.MFALevelMultiFactor: - return policy.HasMultiFactors() - default: - return false - } -} - func (u *UserView) GetProfile() (*Profile, error) { if u.HumanView == nil { - return nil, errors.ThrowPreconditionFailed(nil, "MODEL-WLTce", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "MODEL-WLTce", "Errors.User.NotHuman") } return &Profile{ ObjectRoot: models.ObjectRoot{ @@ -271,7 +256,7 @@ func (u *UserView) GetProfile() (*Profile, error) { func (u *UserView) GetPhone() (*Phone, error) { if u.HumanView == nil { - return nil, errors.ThrowPreconditionFailed(nil, "MODEL-him4a", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "MODEL-him4a", "Errors.User.NotHuman") } return &Phone{ ObjectRoot: models.ObjectRoot{ @@ -288,7 +273,7 @@ func (u *UserView) GetPhone() (*Phone, error) { func (u *UserView) GetEmail() (*Email, error) { if u.HumanView == nil { - return nil, errors.ThrowPreconditionFailed(nil, "MODEL-PWd6K", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "MODEL-PWd6K", "Errors.User.NotHuman") } return &Email{ ObjectRoot: models.ObjectRoot{ @@ -305,7 +290,7 @@ func (u *UserView) GetEmail() (*Email, error) { func (u *UserView) GetAddress() (*Address, error) { if u.HumanView == nil { - return nil, errors.ThrowPreconditionFailed(nil, "MODEL-DN61m", "Errors.User.NotHuman") + return nil, zerrors.ThrowPreconditionFailed(nil, "MODEL-DN61m", "Errors.User.NotHuman") } return &Address{ ObjectRoot: models.ObjectRoot{ diff --git a/internal/user/repository/eventsourcing/model/address.go b/internal/user/repository/eventsourcing/model/address.go index d3fa65f4ee..518216272c 100644 --- a/internal/user/repository/eventsourcing/model/address.go +++ b/internal/user/repository/eventsourcing/model/address.go @@ -5,8 +5,8 @@ import ( "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Address struct { @@ -50,7 +50,7 @@ func (a *Address) setData(event *es_models.Event) error { a.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, a); err != nil { logging.Log("EVEN-clos0").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-so92s", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-so92s", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/auth_request.go b/internal/user/repository/eventsourcing/model/auth_request.go index 62b5fe48c1..a523dded7e 100644 --- a/internal/user/repository/eventsourcing/model/auth_request.go +++ b/internal/user/repository/eventsourcing/model/auth_request.go @@ -5,8 +5,8 @@ import ( "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/zerrors" ) type AuthRequest struct { @@ -25,7 +25,7 @@ type BrowserInfo struct { func (a *AuthRequest) SetData(event eventstore.Event) error { if err := event.Unmarshal(a); err != nil { logging.Log("EVEN-T5df6").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-yGmhh", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-yGmhh", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/email.go b/internal/user/repository/eventsourcing/model/email.go index f4abf69edc..7e5c5b827c 100644 --- a/internal/user/repository/eventsourcing/model/email.go +++ b/internal/user/repository/eventsourcing/model/email.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Email struct { @@ -51,7 +51,7 @@ func (a *Email) setData(event *es_models.Event) error { a.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, a); err != nil { logging.Log("EVEN-dlo9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-sl9xw", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-sl9xw", "could not unmarshal event") } return nil } @@ -61,7 +61,7 @@ func (a *EmailCode) SetData(event *es_models.Event) error { a.CreationDate = event.CreationDate if err := json.Unmarshal(event.Data, a); err != nil { logging.Log("EVEN-lo9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-s8uws", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-s8uws", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/external_idp.go b/internal/user/repository/eventsourcing/model/external_idp.go index df3038ea50..5890db3808 100644 --- a/internal/user/repository/eventsourcing/model/external_idp.go +++ b/internal/user/repository/eventsourcing/model/external_idp.go @@ -5,8 +5,8 @@ import ( "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type ExternalIDP struct { @@ -54,7 +54,7 @@ func (pw *ExternalIDP) setData(event *es_models.Event) error { pw.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, pw); err != nil { logging.Log("EVEN-Msi9d").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-A9osf", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-A9osf", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/otp.go b/internal/user/repository/eventsourcing/model/otp.go index f5bf36592f..a40b5b2c93 100644 --- a/internal/user/repository/eventsourcing/model/otp.go +++ b/internal/user/repository/eventsourcing/model/otp.go @@ -4,10 +4,10 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type OTP struct { @@ -40,7 +40,7 @@ func (o *OTP) setData(event eventstore.Event) error { o.ObjectRoot.AppendEvent(event) if err := event.Unmarshal(o); err != nil { logging.Log("EVEN-d9soe").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") } return nil } @@ -48,7 +48,7 @@ func (o *OTP) setData(event eventstore.Event) error { func (o *OTPVerified) SetData(event eventstore.Event) error { if err := event.Unmarshal(o); err != nil { logging.Log("EVEN-BF421").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-GB6hj", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-GB6hj", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/password.go b/internal/user/repository/eventsourcing/model/password.go index e9d3e58f3a..8b40e45d9b 100644 --- a/internal/user/repository/eventsourcing/model/password.go +++ b/internal/user/repository/eventsourcing/model/password.go @@ -6,9 +6,9 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Password struct { @@ -51,7 +51,7 @@ func (pw *Password) setData(event eventstore.Event) error { pw.ObjectRoot.AppendEvent(event) if err := event.Unmarshal(pw); err != nil { logging.Log("EVEN-dks93").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-sl9xlo2rsw", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-sl9xlo2rsw", "could not unmarshal event") } return nil } @@ -61,7 +61,7 @@ func (c *PasswordCode) SetData(event eventstore.Event) error { c.CreationDate = event.CreatedAt() if err := event.Unmarshal(c); err != nil { logging.Log("EVEN-lo0y2").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-q21dr", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-q21dr", "could not unmarshal event") } return nil } @@ -69,7 +69,7 @@ func (c *PasswordCode) SetData(event eventstore.Event) error { func (pw *PasswordChange) SetData(event eventstore.Event) error { if err := event.Unmarshal(pw); err != nil { logging.Log("EVEN-ADs31").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-BDd32", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-BDd32", "could not unmarshal event") } pw.ObjectRoot.AppendEvent(event) return nil diff --git a/internal/user/repository/eventsourcing/model/phone.go b/internal/user/repository/eventsourcing/model/phone.go index 80e08fc164..26063769c6 100644 --- a/internal/user/repository/eventsourcing/model/phone.go +++ b/internal/user/repository/eventsourcing/model/phone.go @@ -7,8 +7,8 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/zerrors" ) type Phone struct { @@ -56,7 +56,7 @@ func (p *Phone) setData(event *es_models.Event) error { p.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, p); err != nil { logging.Log("EVEN-lco9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lre56", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-lre56", "could not unmarshal event") } return nil } @@ -66,7 +66,7 @@ func (c *PhoneCode) SetData(event *es_models.Event) error { c.CreationDate = event.CreationDate if err := json.Unmarshal(event.Data, c); err != nil { logging.Log("EVEN-sk8ws").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-7hdj3", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-7hdj3", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/token.go b/internal/user/repository/eventsourcing/model/token.go index 57718c8383..bb1e1945d6 100644 --- a/internal/user/repository/eventsourcing/model/token.go +++ b/internal/user/repository/eventsourcing/model/token.go @@ -7,9 +7,9 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" user_repo "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type Token struct { @@ -49,7 +49,7 @@ func (t *Token) setData(event *es_models.Event) error { t.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, t); err != nil { logging.Log("EVEN-4Fm9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/user.go b/internal/user/repository/eventsourcing/model/user.go index 36cba95eae..1f58208dd0 100644 --- a/internal/user/repository/eventsourcing/model/user.go +++ b/internal/user/repository/eventsourcing/model/user.go @@ -6,11 +6,10 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -80,13 +79,13 @@ func (u *User) AppendEvent(event *es_models.Event) error { return u.Machine.AppendEvent(event) } - return errors.ThrowNotFound(nil, "MODEL-x9TaX", "Errors.UserType.Undefined") + return zerrors.ThrowNotFound(nil, "MODEL-x9TaX", "Errors.UserType.Undefined") } func (u *User) setData(event *es_models.Event) error { if err := json.Unmarshal(event.Data, u); err != nil { logging.Log("EVEN-ZDzQy").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-yGmhh", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-yGmhh", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/user_human.go b/internal/user/repository/eventsourcing/model/user_human.go index 2df0d5bb72..5fbfb3ad41 100644 --- a/internal/user/repository/eventsourcing/model/user_human.go +++ b/internal/user/repository/eventsourcing/model/user_human.go @@ -7,10 +7,10 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/crypto" - caos_errs "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type Human struct { @@ -159,7 +159,7 @@ func (h *Human) ComputeObject() { func (u *Human) setData(event *es_models.Event) error { if err := json.Unmarshal(event.Data, u); err != nil { logging.Log("EVEN-8ujgd").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-sj4jd", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-sj4jd", "could not unmarshal event") } return nil } @@ -179,7 +179,7 @@ func (c *InitUserCode) SetData(event *es_models.Event) error { c.ObjectRoot.AppendEvent(event) if err := json.Unmarshal(event.Data, c); err != nil { logging.Log("EVEN-7duwe").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lo34s", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-lo34s", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/eventsourcing/model/user_machine.go b/internal/user/repository/eventsourcing/model/user_machine.go index 45d60b4848..a8d6602ced 100644 --- a/internal/user/repository/eventsourcing/model/user_machine.go +++ b/internal/user/repository/eventsourcing/model/user_machine.go @@ -6,9 +6,9 @@ import ( "github.com/zitadel/logging" - "github.com/zitadel/zitadel/internal/errors" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" user_repo "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) type Machine struct { @@ -39,7 +39,7 @@ func (sa *Machine) AppendEvent(event *es_models.Event) (err error) { func (sa *Machine) setData(event *es_models.Event) error { if err := json.Unmarshal(event.Data, sa); err != nil { logging.Log("EVEN-8ujgd").WithError(err).Error("could not unmarshal event data") - return errors.ThrowInternal(err, "MODEL-GwjY9", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-GwjY9", "could not unmarshal event") } return nil } @@ -69,7 +69,7 @@ func (key *MachineKey) AppendEvent(event *es_models.Event) (err error) { case user_repo.MachineKeyAddedEventType: err = json.Unmarshal(event.Data, key) if err != nil { - return errors.ThrowInternal(err, "MODEL-SjI4S", "Errors.Internal") + return zerrors.ThrowInternal(err, "MODEL-SjI4S", "Errors.Internal") } case user_repo.MachineKeyRemovedEventType: key.ExpirationDate = event.CreationDate diff --git a/internal/user/repository/eventsourcing/model/web_auth_n.go b/internal/user/repository/eventsourcing/model/web_auth_n.go index 86bf5de063..5a5a133aff 100644 --- a/internal/user/repository/eventsourcing/model/web_auth_n.go +++ b/internal/user/repository/eventsourcing/model/web_auth_n.go @@ -3,10 +3,10 @@ package model import ( "github.com/zitadel/logging" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) type WebAuthNToken struct { @@ -64,7 +64,7 @@ func GetWebauthn(webauthnTokens []*WebAuthNToken, id string) (int, *WebAuthNToke func (w *WebAuthNVerify) SetData(event eventstore.Event) error { if err := event.Unmarshal(w); err != nil { logging.Log("EVEN-G342rf").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-B6641", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-B6641", "could not unmarshal event") } return nil } @@ -101,7 +101,7 @@ func (u *Human) appendU2FVerifiedEvent(event eventstore.Event) error { token.State = int32(model.MFAStateReady) return nil } - return caos_errs.ThrowPreconditionFailed(nil, "MODEL-4hu9s", "Errors.Users.MFA.U2F.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-4hu9s", "Errors.Users.MFA.U2F.NotExisting") } func (u *Human) appendU2FChangeSignCountEvent(event eventstore.Event) error { @@ -114,7 +114,7 @@ func (u *Human) appendU2FChangeSignCountEvent(event eventstore.Event) error { token.setData(event) return nil } - return caos_errs.ThrowPreconditionFailed(nil, "MODEL-5Ms8h", "Errors.Users.MFA.U2F.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-5Ms8h", "Errors.Users.MFA.U2F.NotExisting") } func (u *Human) appendU2FRemovedEvent(event eventstore.Event) error { @@ -166,7 +166,7 @@ func (u *Human) appendPasswordlessVerifiedEvent(event eventstore.Event) error { token.State = int32(model.MFAStateReady) return nil } - return caos_errs.ThrowPreconditionFailed(nil, "MODEL-mKns8", "Errors.Users.MFA.Passwordless.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-mKns8", "Errors.Users.MFA.Passwordless.NotExisting") } func (u *Human) appendPasswordlessChangeSignCountEvent(event eventstore.Event) error { @@ -182,7 +182,7 @@ func (u *Human) appendPasswordlessChangeSignCountEvent(event eventstore.Event) e } return nil } - return caos_errs.ThrowPreconditionFailed(nil, "MODEL-2Mv9s", "Errors.Users.MFA.Passwordless.NotExisting") + return zerrors.ThrowPreconditionFailed(nil, "MODEL-2Mv9s", "Errors.Users.MFA.Passwordless.NotExisting") } func (u *Human) appendPasswordlessRemovedEvent(event eventstore.Event) error { @@ -206,7 +206,7 @@ func (w *WebAuthNToken) setData(event eventstore.Event) error { w.ObjectRoot.AppendEvent(event) if err := event.Unmarshal(w); err != nil { logging.Log("EVEN-4M9is").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") } return nil } @@ -251,7 +251,7 @@ func (w *WebAuthNLogin) setData(event eventstore.Event) error { w.ObjectRoot.AppendEvent(event) if err := event.Unmarshal(w); err != nil { logging.Log("EVEN-hmSlo").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-lo023", "could not unmarshal event") } return nil } diff --git a/internal/user/repository/view/external_idp_view.go b/internal/user/repository/view/external_idp_view.go deleted file mode 100644 index 4a64557f80..0000000000 --- a/internal/user/repository/view/external_idp_view.go +++ /dev/null @@ -1,147 +0,0 @@ -package view - -import ( - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/view/repository" - - "github.com/jinzhu/gorm" - - caos_errs "github.com/zitadel/zitadel/internal/errors" - usr_model "github.com/zitadel/zitadel/internal/user/model" - "github.com/zitadel/zitadel/internal/user/repository/view/model" -) - -func ExternalIDPByExternalUserIDAndIDPConfigID(db *gorm.DB, table, externalUserID, idpConfigID, instanceID string) (*model.ExternalIDPView, error) { - user := new(model.ExternalIDPView) - userIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyExternalUserID, - Method: domain.SearchMethodEquals, - Value: externalUserID, - } - idpConfigIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyIdpConfigID, - Method: domain.SearchMethodEquals, - Value: idpConfigID, - } - instanceIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Mso9f", "Errors.ExternalIDP.NotFound") - } - return user, err -} - -func ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(db *gorm.DB, table, externalUserID, idpConfigID, resourceOwner, instanceID string) (*model.ExternalIDPView, error) { - user := new(model.ExternalIDPView) - userIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyExternalUserID, - Method: domain.SearchMethodEquals, - Value: externalUserID, - } - idpConfigIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyIdpConfigID, - Method: domain.SearchMethodEquals, - Value: idpConfigID, - } - resourceOwnerQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyResourceOwner, - Method: domain.SearchMethodEquals, - Value: resourceOwner, - } - instanceIDQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, resourceOwnerQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Sf8sd", "Errors.ExternalIDP.NotFound") - } - return user, err -} - -func ExternalIDPsByIDPConfigID(db *gorm.DB, table, idpConfigID, instanceID string) ([]*model.ExternalIDPView, error) { - externalIDPs := make([]*model.ExternalIDPView, 0) - orgIDQuery := &usr_model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyIdpConfigID, - Method: domain.SearchMethodEquals, - Value: idpConfigID, - } - instanceIDQuery := &usr_model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &usr_model.ExternalIDPSearchQuery{ - Key: usr_model.ExternalIDPSearchKeyOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareSearchQuery(table, model.ExternalIDPSearchRequest{ - Queries: []*usr_model.ExternalIDPSearchQuery{orgIDQuery, instanceIDQuery, ownerRemovedQuery}, - }) - _, err := query(db, &externalIDPs) - return externalIDPs, err -} - -func PutExternalIDPs(db *gorm.DB, table string, externalIDPs ...*model.ExternalIDPView) error { - save := repository.PrepareBulkSave(table) - u := make([]interface{}, len(externalIDPs)) - for i, idp := range externalIDPs { - u[i] = idp - } - return save(db, u...) -} - -func PutExternalIDP(db *gorm.DB, table string, idp *model.ExternalIDPView) error { - save := repository.PrepareSave(table) - return save(db, idp) -} - -func DeleteExternalIDP(db *gorm.DB, table, externalUserID, idpConfigID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyExternalUserID), Value: externalUserID}, - repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyIdpConfigID), Value: idpConfigID}, - repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), Value: instanceID}, - ) - return delete(db) -} - -func DeleteExternalIDPsByUserID(db *gorm.DB, table, userID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyUserID), userID}, - repository.Key{model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), instanceID}, - ) - return delete(db) -} - -func DeleteInstanceExternalIDPs(db *gorm.DB, table, instanceID string) error { - delete := repository.PrepareDeleteByKey(table, model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), instanceID) - return delete(db) -} - -func UpdateOrgOwnerRemovedExternalIDPs(db *gorm.DB, table, instanceID, aggID string) error { - update := repository.PrepareUpdateByKeys(table, - model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyOwnerRemoved), - true, - repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), Value: instanceID}, - repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyResourceOwner), Value: aggID}, - ) - return update(db) -} diff --git a/internal/user/repository/view/model/external_idp_query.go b/internal/user/repository/view/model/external_idp_query.go deleted file mode 100644 index d6f193cb7d..0000000000 --- a/internal/user/repository/view/model/external_idp_query.go +++ /dev/null @@ -1,69 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - usr_model "github.com/zitadel/zitadel/internal/user/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type ExternalIDPSearchRequest usr_model.ExternalIDPSearchRequest -type ExternalIDPSearchQuery usr_model.ExternalIDPSearchQuery -type ExternalIDPSearchKey usr_model.ExternalIDPSearchKey - -func (req ExternalIDPSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req ExternalIDPSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req ExternalIDPSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == usr_model.ExternalIDPSearchKeyUnspecified { - return nil - } - return ExternalIDPSearchKey(req.SortingColumn) -} - -func (req ExternalIDPSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req ExternalIDPSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = ExternalIDPSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req ExternalIDPSearchQuery) GetKey() repository.ColumnKey { - return ExternalIDPSearchKey(req.Key) -} - -func (req ExternalIDPSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req ExternalIDPSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key ExternalIDPSearchKey) ToColumnName() string { - switch usr_model.ExternalIDPSearchKey(key) { - case usr_model.ExternalIDPSearchKeyExternalUserID: - return ExternalIDPKeyExternalUserID - case usr_model.ExternalIDPSearchKeyUserID: - return ExternalIDPKeyUserID - case usr_model.ExternalIDPSearchKeyIdpConfigID: - return ExternalIDPKeyIDPConfigID - case usr_model.ExternalIDPSearchKeyResourceOwner: - return ExternalIDPKeyResourceOwner - case usr_model.ExternalIDPSearchKeyInstanceID: - return ExternalIDPKeyInstanceID - case usr_model.ExternalIDPSearchKeyOwnerRemoved: - return ExternalIDPKeyOwnerRemoved - default: - return "" - } -} diff --git a/internal/user/repository/view/model/external_idps.go b/internal/user/repository/view/model/external_idps.go deleted file mode 100644 index 4b03c7dc49..0000000000 --- a/internal/user/repository/view/model/external_idps.go +++ /dev/null @@ -1,59 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - user_repo "github.com/zitadel/zitadel/internal/repository/user" -) - -const ( - ExternalIDPKeyExternalUserID = "external_user_id" - ExternalIDPKeyUserID = "user_id" - ExternalIDPKeyIDPConfigID = "idp_config_id" - ExternalIDPKeyResourceOwner = "resource_owner" - ExternalIDPKeyInstanceID = "instance_id" - ExternalIDPKeyOwnerRemoved = "owner_removed" -) - -type ExternalIDPView struct { - ExternalUserID string `json:"userID" gorm:"column:external_user_id;primary_key"` - IDPConfigID string `json:"idpConfigID" gorm:"column:idp_config_id;primary_key"` - UserID string `json:"-" gorm:"column:user_id"` - IDPName string `json:"-" gorm:"column:idp_name"` - UserDisplayName string `json:"displayName" gorm:"column:user_display_name"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"` -} - -func (i *ExternalIDPView) AppendEvent(event *models.Event) (err error) { - i.Sequence = event.Seq - i.ChangeDate = event.CreationDate - if event.Typ == user_repo.UserIDPLinkAddedType { - i.setRootData(event) - i.CreationDate = event.CreationDate - err = i.SetData(event) - } - return err -} - -func (r *ExternalIDPView) setRootData(event *models.Event) { - r.UserID = event.AggregateID - r.ResourceOwner = event.ResourceOwner - r.InstanceID = event.InstanceID -} - -func (r *ExternalIDPView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, r); err != nil { - logging.Log("EVEN-48sfs").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") - } - return nil -} diff --git a/internal/user/repository/view/model/notify_user.go b/internal/user/repository/view/model/notify_user.go deleted file mode 100644 index 371d7a9cdb..0000000000 --- a/internal/user/repository/view/model/notify_user.go +++ /dev/null @@ -1,132 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - org_model "github.com/zitadel/zitadel/internal/org/model" - "github.com/zitadel/zitadel/internal/repository/user" - es_model "github.com/zitadel/zitadel/internal/user/repository/eventsourcing/model" -) - -const ( - NotifyUserKeyUserID = "id" - NotifyUserKeyResourceOwner = "resource_owner" - NotifyUserKeyInstanceID = "instance_id" -) - -type NotifyUser struct { - ID string `json:"-" gorm:"column:id;primary_key"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - UserName string `json:"userName" gorm:"column:user_name"` - LoginNames database.TextArray[string] `json:"-" gorm:"column:login_names"` - PreferredLoginName string `json:"-" gorm:"column:preferred_login_name"` - FirstName string `json:"firstName" gorm:"column:first_name"` - LastName string `json:"lastName" gorm:"column:last_name"` - NickName string `json:"nickName" gorm:"column:nick_name"` - DisplayName string `json:"displayName" gorm:"column:display_name"` - PreferredLanguage string `json:"preferredLanguage" gorm:"column:preferred_language"` - Gender int32 `json:"gender" gorm:"column:gender"` - LastEmail string `json:"email" gorm:"column:last_email"` - VerifiedEmail string `json:"-" gorm:"column:verified_email"` - LastPhone string `json:"phone" gorm:"column:last_phone"` - VerifiedPhone string `json:"-" gorm:"column:verified_phone"` - PasswordSet bool `json:"-" gorm:"column:password_set"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - State int32 `json:"-" gorm:"-"` - InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"` -} - -func (u *NotifyUser) GenerateLoginName(domain string, appendDomain bool) string { - if !appendDomain { - return u.UserName - } - return u.UserName + "@" + domain -} - -func (u *NotifyUser) SetLoginNames(userLoginMustBeDomain bool, domains []*org_model.OrgDomain) { - loginNames := make([]string, 0) - for _, d := range domains { - if d.Verified { - loginNames = append(loginNames, u.GenerateLoginName(d.Domain, true)) - } - } - if !userLoginMustBeDomain { - loginNames = append(loginNames, u.UserName) - } - u.LoginNames = loginNames -} - -func (u *NotifyUser) AppendEvent(event *models.Event) (err error) { - u.ChangeDate = event.CreationDate - u.Sequence = event.Seq - switch event.Type() { - case user.UserV1AddedType, - user.UserV1RegisteredType, - user.HumanRegisteredType, - user.HumanAddedType, - user.MachineAddedEventType: - u.CreationDate = event.CreationDate - u.setRootData(event) - err = u.setData(event) - if err != nil { - return err - } - err = u.setPasswordData(event) - case user.UserV1ProfileChangedType, - user.UserV1EmailChangedType, - user.UserV1PhoneChangedType, - user.HumanProfileChangedType, - user.HumanEmailChangedType, - user.HumanPhoneChangedType, - user.UserUserNameChangedType: - err = u.setData(event) - case user.UserV1EmailVerifiedType, - user.HumanEmailVerifiedType: - u.VerifiedEmail = u.LastEmail - case user.UserV1PhoneRemovedType, - user.HumanPhoneRemovedType: - u.VerifiedPhone = "" - u.LastPhone = "" - case user.UserV1PhoneVerifiedType, - user.HumanPhoneVerifiedType: - u.VerifiedPhone = u.LastPhone - case user.UserV1PasswordChangedType, - user.HumanPasswordChangedType: - err = u.setPasswordData(event) - case user.UserRemovedType: - u.State = int32(UserStateDeleted) - } - return err -} - -func (u *NotifyUser) setRootData(event *models.Event) { - u.ID = event.AggregateID - u.ResourceOwner = event.ResourceOwner - u.InstanceID = event.InstanceID -} - -func (u *NotifyUser) setData(event *models.Event) error { - if err := json.Unmarshal(event.Data, u); err != nil { - logging.Log("MODEL-lso9e").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-8iows", "could not unmarshal data") - } - return nil -} - -func (u *NotifyUser) setPasswordData(event *models.Event) error { - password := new(es_model.Password) - if err := json.Unmarshal(event.Data, password); err != nil { - logging.Log("MODEL-dfhw6").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-BHFD2", "could not unmarshal data") - } - u.PasswordSet = password.Secret != nil || password.EncodedHash != "" - return nil -} diff --git a/internal/user/repository/view/model/notify_user_query.go b/internal/user/repository/view/model/notify_user_query.go deleted file mode 100644 index e91299f386..0000000000 --- a/internal/user/repository/view/model/notify_user_query.go +++ /dev/null @@ -1,63 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - usr_model "github.com/zitadel/zitadel/internal/user/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type NotifyUserSearchRequest usr_model.NotifyUserSearchRequest -type NotifyUserSearchQuery usr_model.NotifyUserSearchQuery -type NotifyUserSearchKey usr_model.NotifyUserSearchKey - -func (req NotifyUserSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req NotifyUserSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req NotifyUserSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == usr_model.NotifyUserSearchKeyUnspecified { - return nil - } - return NotifyUserSearchKey(req.SortingColumn) -} - -func (req NotifyUserSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req NotifyUserSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = NotifyUserSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req NotifyUserSearchQuery) GetKey() repository.ColumnKey { - return NotifyUserSearchKey(req.Key) -} - -func (req NotifyUserSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req NotifyUserSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key NotifyUserSearchKey) ToColumnName() string { - switch usr_model.NotifyUserSearchKey(key) { - case usr_model.NotifyUserSearchKeyUserID: - return NotifyUserKeyUserID - case usr_model.NotifyUserSearchKeyResourceOwner: - return NotifyUserKeyResourceOwner - case usr_model.NotifyUserSearchKeyInstanceID: - return NotifyUserKeyInstanceID - default: - return "" - } -} diff --git a/internal/user/repository/view/model/notify_user_test.go b/internal/user/repository/view/model/notify_user_test.go deleted file mode 100644 index 7644ba03ab..0000000000 --- a/internal/user/repository/view/model/notify_user_test.go +++ /dev/null @@ -1,123 +0,0 @@ -package model - -import ( - "testing" - - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" - "github.com/zitadel/zitadel/internal/repository/user" - es_model "github.com/zitadel/zitadel/internal/user/repository/eventsourcing/model" -) - -func TestNotifyUserAppendEvent(t *testing.T) { - type args struct { - event *es_models.Event - user *NotifyUser - } - tests := []struct { - name string - args args - result *NotifyUser - }{ - { - name: "append added user event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1AddedType, ResourceOwner: "GrantedOrgID", Data: mockUserData(getFullHuman(nil))}, - user: &NotifyUser{}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - { - name: "append added human event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.HumanAddedType, ResourceOwner: "GrantedOrgID", Data: mockUserData(getFullHuman(nil))}, - user: &NotifyUser{}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - { - name: "append change user profile event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1ProfileChangedType, ResourceOwner: "GrantedOrgID", Data: mockProfileData(&es_model.Profile{FirstName: "FirstNameChanged"})}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstNameChanged", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - { - name: "append change user email event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1EmailChangedType, ResourceOwner: "GrantedOrgID", Data: mockEmailData(&es_model.Email{EmailAddress: "EmailChanged"})}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "EmailChanged", LastPhone: "Phone"}, - }, - { - name: "append change user email event, existing email", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1EmailChangedType, ResourceOwner: "GrantedOrgID", Data: mockEmailData(&es_model.Email{EmailAddress: "EmailChanged"})}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", VerifiedEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "EmailChanged", VerifiedEmail: "Email", LastPhone: "Phone"}, - }, - { - name: "append verify user email event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1EmailVerifiedType, ResourceOwner: "GrantedOrgID"}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", VerifiedEmail: "Email", LastPhone: "Phone"}, - }, - { - name: "append change user phone event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1PhoneChangedType, ResourceOwner: "GrantedOrgID", Data: mockPhoneData(&es_model.Phone{PhoneNumber: "PhoneChanged"})}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "PhoneChanged"}, - }, - { - name: "append change user phone event, existing phone", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1PhoneChangedType, ResourceOwner: "GrantedOrgID", Data: mockPhoneData(&es_model.Phone{PhoneNumber: "PhoneChanged"})}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone", VerifiedPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "PhoneChanged", VerifiedPhone: "Phone"}, - }, - { - name: "append verify user phone event", - args: args{ - event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: user.UserV1PhoneVerifiedType, ResourceOwner: "GrantedOrgID"}, - user: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone"}, - }, - result: &NotifyUser{ID: "AggregateID", ResourceOwner: "GrantedOrgID", UserName: "UserName", FirstName: "FirstName", LastName: "LastName", LastEmail: "Email", LastPhone: "Phone", VerifiedPhone: "Phone"}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tt.args.user.AppendEvent(tt.args.event) - if tt.args.user.ID != tt.result.ID { - t.Errorf("got wrong result ID: expected: %v, actual: %v ", tt.result.ID, tt.args.user.ID) - } - if tt.args.user.FirstName != tt.result.FirstName { - t.Errorf("got wrong result FirstName: expected: %v, actual: %v ", tt.result.FirstName, tt.args.user.FirstName) - } - if tt.args.user.LastName != tt.result.LastName { - t.Errorf("got wrong result FirstName: expected: %v, actual: %v ", tt.result.FirstName, tt.args.user.FirstName) - } - if tt.args.user.ResourceOwner != tt.result.ResourceOwner { - t.Errorf("got wrong result ResourceOwner: expected: %v, actual: %v ", tt.result.ResourceOwner, tt.args.user.ResourceOwner) - } - if tt.args.user.LastEmail != tt.result.LastEmail { - t.Errorf("got wrong result LastEmail: expected: %v, actual: %v ", tt.result.LastEmail, tt.args.user.LastEmail) - } - if tt.args.user.VerifiedEmail != tt.result.VerifiedEmail { - t.Errorf("got wrong result VerifiedEmail: expected: %v, actual: %v ", tt.result.VerifiedEmail, tt.args.user.VerifiedEmail) - } - if tt.args.user.LastPhone != tt.result.LastPhone { - t.Errorf("got wrong result LastPhone: expected: %v, actual: %v ", tt.result.LastPhone, tt.args.user.LastPhone) - } - if tt.args.user.VerifiedPhone != tt.result.VerifiedPhone { - t.Errorf("got wrong result VerifiedPhone: expected: %v, actual: %v ", tt.result.VerifiedPhone, tt.args.user.VerifiedPhone) - } - }) - } -} diff --git a/internal/user/repository/view/model/refresh_token.go b/internal/user/repository/view/model/refresh_token.go index d62b3e1410..a45300ca81 100644 --- a/internal/user/repository/view/model/refresh_token.go +++ b/internal/user/repository/view/model/refresh_token.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" user_repo "github.com/zitadel/zitadel/internal/repository/user" usr_model "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -122,7 +122,7 @@ func (t *RefreshTokenView) appendAddedEvent(event eventstore.Event) error { e := new(user_repo.HumanRefreshTokenAddedEvent) if err := event.Unmarshal(e); err != nil { logging.Log("EVEN-Dbb31").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Bbr42", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-Bbr42", "could not unmarshal event") } t.ID = e.TokenID t.CreationDate = event.CreatedAt() @@ -142,7 +142,7 @@ func (t *RefreshTokenView) appendRenewedEvent(event eventstore.Event) error { e := new(user_repo.HumanRefreshTokenRenewedEvent) if err := event.Unmarshal(e); err != nil { logging.Log("EVEN-Vbbn2").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Bbrn4", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-Bbrn4", "could not unmarshal event") } t.ID = e.TokenID t.IdleExpiration = event.CreatedAt().Add(e.IdleExpiration) diff --git a/internal/user/repository/view/model/token.go b/internal/user/repository/view/model/token.go index 4e11eec94e..5b01ecd5be 100644 --- a/internal/user/repository/view/model/token.go +++ b/internal/user/repository/view/model/token.go @@ -6,10 +6,10 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" user_repo "github.com/zitadel/zitadel/internal/repository/user" usr_model "github.com/zitadel/zitadel/internal/user/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -133,7 +133,7 @@ func (t *TokenView) setRootData(event eventstore.Event) { func (t *TokenView) setData(event eventstore.Event) error { if err := event.Unmarshal(t); err != nil { logging.Log("EVEN-3Gm9s").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") + return zerrors.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") } return nil } @@ -142,7 +142,7 @@ func agentIDFromSession(event eventstore.Event) (string, error) { session := make(map[string]interface{}) if err := event.Unmarshal(&session); err != nil { logging.Log("EVEN-Ghgt3").WithError(err).Error("could not unmarshal event data") - return "", caos_errs.ThrowInternal(nil, "MODEL-GBf32", "could not unmarshal data") + return "", zerrors.ThrowInternal(nil, "MODEL-GBf32", "could not unmarshal data") } return session["userAgentID"].(string), nil } @@ -201,7 +201,7 @@ func eventToMap(event eventstore.Event) (map[string]interface{}, error) { m := make(map[string]interface{}) if err := event.Unmarshal(&m); err != nil { logging.Log("EVEN-Dbffe").WithError(err).Error("could not unmarshal event data") - return nil, caos_errs.ThrowInternal(nil, "MODEL-SDAfw", "could not unmarshal data") + return nil, zerrors.ThrowInternal(nil, "MODEL-SDAfw", "could not unmarshal data") } return m, nil } diff --git a/internal/user/repository/view/model/user.go b/internal/user/repository/view/model/user.go index 65fd329933..1beb4b323d 100644 --- a/internal/user/repository/view/model/user.go +++ b/internal/user/repository/view/model/user.go @@ -9,12 +9,12 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" org_model "github.com/zitadel/zitadel/internal/org/model" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/user/model" es_model "github.com/zitadel/zitadel/internal/user/repository/eventsourcing/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -317,14 +317,14 @@ func (u *UserView) AppendEvent(event eventstore.Event) (err error) { user.HumanMFAOTPAddedType: if u.HumanView == nil { logging.WithFields("event_sequence", event.Sequence, "aggregate_id", event.Aggregate().ID, "instance", event.Aggregate().InstanceID).Warn("event is ignored because human not exists") - return errors.ThrowInvalidArgument(nil, "MODEL-p2BXx", "event ignored: human not exists") + return zerrors.ThrowInvalidArgument(nil, "MODEL-p2BXx", "event ignored: human not exists") } u.OTPState = int32(model.MFAStateNotReady) case user.UserV1MFAOTPVerifiedType, user.HumanMFAOTPVerifiedType: if u.HumanView == nil { logging.WithFields("event_sequence", event.Sequence, "aggregate_id", event.Aggregate().ID, "instance", event.Aggregate().InstanceID).Warn("event is ignored because human not exists") - return errors.ThrowInvalidArgument(nil, "MODEL-o6Lcq", "event ignored: human not exists") + return zerrors.ThrowInvalidArgument(nil, "MODEL-o6Lcq", "event ignored: human not exists") } u.OTPState = int32(model.MFAStateReady) u.MFAInitSkipped = time.Time{} @@ -368,7 +368,7 @@ func (u *UserView) AppendEvent(event eventstore.Event) (err error) { user.HumanPasswordlessInitCodeRequestedType: if u.HumanView == nil { logging.WithFields("event_sequence", event.Sequence, "aggregate_id", event.Aggregate().ID, "instance", event.Aggregate().InstanceID).Warn("event is ignored because human not exists") - return errors.ThrowInvalidArgument(nil, "MODEL-MbyC0", "event ignored: human not exists") + return zerrors.ThrowInvalidArgument(nil, "MODEL-MbyC0", "event ignored: human not exists") } if !u.PasswordSet { u.PasswordlessInitRequired = true @@ -388,7 +388,7 @@ func (u *UserView) setRootData(event eventstore.Event) { func (u *UserView) setData(event eventstore.Event) error { if err := event.Unmarshal(u); err != nil { logging.Log("MODEL-lso9e").WithError(err).Error("could not unmarshal event data") - return errors.ThrowInternal(nil, "MODEL-8iows", "could not unmarshal data") + return zerrors.ThrowInternal(nil, "MODEL-8iows", "could not unmarshal data") } return nil } @@ -397,7 +397,7 @@ func (u *UserView) setPasswordData(event eventstore.Event) error { password := new(es_model.Password) if err := event.Unmarshal(password); err != nil { logging.Log("MODEL-sdw4r").WithError(err).Error("could not unmarshal event data") - return errors.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") + return zerrors.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") } u.PasswordSet = password.Secret != nil || password.EncodedHash != "" u.PasswordInitRequired = !u.PasswordSet @@ -503,7 +503,7 @@ func webAuthNViewFromEvent(event eventstore.Event) (*WebAuthNView, error) { token := new(WebAuthNView) err := event.Unmarshal(token) if err != nil { - return nil, errors.ThrowInternal(err, "MODEL-FSaq1", "could not unmarshal data") + return nil, zerrors.ThrowInternal(err, "MODEL-FSaq1", "could not unmarshal data") } return token, err } diff --git a/internal/user/repository/view/model/user_membership.go b/internal/user/repository/view/model/user_membership.go deleted file mode 100644 index 7562c1e846..0000000000 --- a/internal/user/repository/view/model/user_membership.go +++ /dev/null @@ -1,135 +0,0 @@ -package model - -import ( - "encoding/json" - "time" - - "github.com/zitadel/logging" - - "github.com/zitadel/zitadel/internal/database" - caos_errs "github.com/zitadel/zitadel/internal/errors" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" - iam_es_model "github.com/zitadel/zitadel/internal/iam/repository/eventsourcing/model" - org_es_model "github.com/zitadel/zitadel/internal/org/repository/eventsourcing/model" - proj_es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model" - "github.com/zitadel/zitadel/internal/repository/instance" - "github.com/zitadel/zitadel/internal/repository/org" - "github.com/zitadel/zitadel/internal/repository/project" - "github.com/zitadel/zitadel/internal/user/model" -) - -const ( - UserMembershipKeyUserID = "user_id" - UserMembershipKeyAggregateID = "aggregate_id" - UserMembershipKeyObjectID = "object_id" - UserMembershipKeyResourceOwner = "resource_owner" - UserMembershipKeyMemberType = "member_type" - UserMembershipKeyInstanceID = "instance_id" -) - -type UserMembershipView struct { - UserID string `json:"-" gorm:"column:user_id;primary_key"` - MemberType int32 `json:"-" gorm:"column:member_type;primary_key"` - AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"` - ObjectID string `json:"-" gorm:"column:object_id;primary_key"` - - Roles database.TextArray[string] `json:"-" gorm:"column:roles"` - DisplayName string `json:"-" gorm:"column:display_name"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - ResourceOwnerName string `json:"-" gorm:"column:resource_owner_name"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"` -} - -func (u *UserMembershipView) AppendEvent(event *models.Event) (err error) { - u.ChangeDate = event.CreationDate - u.Sequence = event.Seq - - switch event.Type() { - case instance.MemberAddedEventType: - u.setRootData(event, model.MemberTypeIam) - err = u.setIamMemberData(event) - case instance.MemberChangedEventType, - instance.MemberRemovedEventType, - instance.MemberCascadeRemovedEventType: - err = u.setIamMemberData(event) - case org.MemberAddedEventType: - u.setRootData(event, model.MemberTypeOrganisation) - err = u.setOrgMemberData(event) - case org.MemberChangedEventType, - org.MemberRemovedEventType, - org.MemberCascadeRemovedEventType: - err = u.setOrgMemberData(event) - case project.MemberAddedType: - u.setRootData(event, model.MemberTypeProject) - err = u.setProjectMemberData(event) - case project.MemberChangedType, - project.MemberRemovedType, - project.MemberCascadeRemovedType: - err = u.setProjectMemberData(event) - case project.GrantMemberAddedType: - u.setRootData(event, model.MemberTypeProjectGrant) - err = u.setProjectGrantMemberData(event) - case project.GrantMemberChangedType, - project.GrantMemberRemovedType, - project.GrantMemberCascadeRemovedType: - err = u.setProjectGrantMemberData(event) - } - return err -} - -func (u *UserMembershipView) setRootData(event *models.Event, memberType model.MemberType) { - u.CreationDate = event.CreationDate - u.AggregateID = event.AggregateID - u.ObjectID = event.AggregateID - u.ResourceOwner = event.ResourceOwner - u.MemberType = int32(memberType) - u.InstanceID = event.InstanceID -} - -func (u *UserMembershipView) setIamMemberData(event *models.Event) error { - member := new(iam_es_model.IAMMember) - if err := json.Unmarshal(event.Data, member); err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") - } - u.UserID = member.UserID - u.Roles = member.Roles - return nil -} - -func (u *UserMembershipView) setOrgMemberData(event *models.Event) error { - member := new(org_es_model.OrgMember) - if err := json.Unmarshal(event.Data, member); err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") - } - u.UserID = member.UserID - u.Roles = member.Roles - return nil -} - -func (u *UserMembershipView) setProjectMemberData(event *models.Event) error { - member := new(proj_es_model.ProjectMember) - if err := json.Unmarshal(event.Data, member); err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") - } - u.UserID = member.UserID - u.Roles = member.Roles - return nil -} - -func (u *UserMembershipView) setProjectGrantMemberData(event *models.Event) error { - member := new(proj_es_model.ProjectGrantMember) - if err := json.Unmarshal(event.Data, member); err != nil { - logging.New().WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data") - } - u.UserID = member.UserID - u.ObjectID = member.GrantID - u.Roles = member.Roles - return nil -} diff --git a/internal/user/repository/view/model/user_membership_query.go b/internal/user/repository/view/model/user_membership_query.go deleted file mode 100644 index 37d68792b6..0000000000 --- a/internal/user/repository/view/model/user_membership_query.go +++ /dev/null @@ -1,70 +0,0 @@ -package model - -import ( - "github.com/zitadel/zitadel/internal/domain" - usr_model "github.com/zitadel/zitadel/internal/user/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -type UserMembershipSearchRequest usr_model.UserMembershipSearchRequest -type UserMembershipSearchQuery usr_model.UserMembershipSearchQuery -type UserMembershipSearchKey usr_model.UserMembershipSearchKey - -func (req UserMembershipSearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req UserMembershipSearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req UserMembershipSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == usr_model.UserMembershipSearchKeyUnspecified { - return nil - } - return UserMembershipSearchKey(req.SortingColumn) -} - -func (req UserMembershipSearchRequest) GetAsc() bool { - return req.Asc -} - -func (req UserMembershipSearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = UserMembershipSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req UserMembershipSearchQuery) GetKey() repository.ColumnKey { - return UserMembershipSearchKey(req.Key) -} - -func (req UserMembershipSearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req UserMembershipSearchQuery) GetValue() interface{} { - return req.Value -} - -func (key UserMembershipSearchKey) ToColumnName() string { - switch usr_model.UserMembershipSearchKey(key) { - case usr_model.UserMembershipSearchKeyUserID: - return UserMembershipKeyUserID - case usr_model.UserMembershipSearchKeyResourceOwner: - return UserMembershipKeyResourceOwner - case usr_model.UserMembershipSearchKeyMemberType: - return UserMembershipKeyMemberType - case usr_model.UserMembershipSearchKeyAggregateID: - return UserMembershipKeyAggregateID - case usr_model.UserMembershipSearchKeyObjectID: - return UserMembershipKeyObjectID - case usr_model.UserMembershipSearchKeyInstanceID: - return UserMembershipKeyInstanceID - - default: - return "" - } -} diff --git a/internal/user/repository/view/model/user_session.go b/internal/user/repository/view/model/user_session.go index d660b38a25..3b21e877f2 100644 --- a/internal/user/repository/view/model/user_session.go +++ b/internal/user/repository/view/model/user_session.go @@ -6,11 +6,11 @@ import ( "github.com/zitadel/logging" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/user/model" es_model "github.com/zitadel/zitadel/internal/user/repository/eventsourcing/model" + "github.com/zitadel/zitadel/internal/zerrors" ) const ( @@ -49,7 +49,7 @@ func UserSessionFromEvent(event eventstore.Event) (*UserSessionView, error) { v := new(UserSessionView) if err := event.Unmarshal(v); err != nil { logging.Log("EVEN-lso9e").WithError(err).Error("could not unmarshal event data") - return nil, caos_errs.ThrowInternal(nil, "MODEL-sd325", "could not unmarshal data") + return nil, zerrors.ThrowInternal(nil, "MODEL-sd325", "could not unmarshal data") } return v, nil } @@ -212,7 +212,7 @@ func avatarKeyFromEvent(event eventstore.Event) (string, error) { data := make(map[string]string) if err := event.Unmarshal(&data); err != nil { logging.Log("EVEN-Sfew2").WithError(err).Error("could not unmarshal event data") - return "", caos_errs.ThrowInternal(err, "MODEL-SFw2q", "could not unmarshal event") + return "", zerrors.ThrowInternal(err, "MODEL-SFw2q", "could not unmarshal event") } return data["storeKey"], nil } diff --git a/internal/user/repository/view/notify_user.go b/internal/user/repository/view/notify_user.go deleted file mode 100644 index 031ca3209d..0000000000 --- a/internal/user/repository/view/notify_user.go +++ /dev/null @@ -1,56 +0,0 @@ -package view - -import ( - "github.com/jinzhu/gorm" - - "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" - usr_model "github.com/zitadel/zitadel/internal/user/model" - "github.com/zitadel/zitadel/internal/user/repository/view/model" - "github.com/zitadel/zitadel/internal/view/repository" -) - -func NotifyUserByID(db *gorm.DB, table, userID, instanceID string) (*model.NotifyUser, error) { - user := new(model.NotifyUser) - query := repository.PrepareGetByQuery(table, - model.NotifyUserSearchQuery{Key: usr_model.NotifyUserSearchKeyUserID, Method: domain.SearchMethodEquals, Value: userID}, - model.NotifyUserSearchQuery{Key: usr_model.NotifyUserSearchKeyInstanceID, Method: domain.SearchMethodEquals, Value: instanceID}, - ) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Gad31", "Errors.User.NotFound") - } - return user, err -} - -func NotifyUsersByOrgID(db *gorm.DB, table, orgID, instanceID string) ([]*model.NotifyUser, error) { - users := make([]*model.NotifyUser, 0) - orgIDQuery := &usr_model.NotifyUserSearchQuery{ - Key: usr_model.NotifyUserSearchKeyResourceOwner, - Method: domain.SearchMethodEquals, - Value: orgID, - } - instanceIDQuery := &usr_model.NotifyUserSearchQuery{ - Key: usr_model.NotifyUserSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - query := repository.PrepareSearchQuery(table, model.NotifyUserSearchRequest{ - Queries: []*usr_model.NotifyUserSearchQuery{orgIDQuery, instanceIDQuery}, - }) - _, err := query(db, &users) - return users, err -} - -func PutNotifyUser(db *gorm.DB, table string, project *model.NotifyUser) error { - save := repository.PrepareSave(table) - return save(db, project) -} - -func DeleteNotifyUser(db *gorm.DB, table, userID, instanceID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{model.UserSearchKey(usr_model.NotifyUserSearchKeyUserID), userID}, - repository.Key{model.UserSearchKey(usr_model.NotifyUserSearchKeyInstanceID), instanceID}, - ) - return delete(db) -} diff --git a/internal/user/repository/view/query.go b/internal/user/repository/view/query.go index def8e6397d..3285c11234 100644 --- a/internal/user/repository/view/query.go +++ b/internal/user/repository/view/query.go @@ -3,14 +3,14 @@ package view import ( "time" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/user" + "github.com/zitadel/zitadel/internal/zerrors" ) func UserByIDQuery(id, instanceID string, changeDate time.Time, eventTypes []eventstore.EventType) (*eventstore.SearchQueryBuilder, error) { if id == "" { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d8isw", "Errors.User.UserIDMissing") + return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-d8isw", "Errors.User.UserIDMissing") } return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). AwaitOpenTransactions(). diff --git a/internal/user/repository/view/refresh_token_view.go b/internal/user/repository/view/refresh_token_view.go index 98715cab6c..642dfc1016 100644 --- a/internal/user/repository/view/refresh_token_view.go +++ b/internal/user/repository/view/refresh_token_view.go @@ -4,10 +4,10 @@ import ( "github.com/jinzhu/gorm" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/user/model" usr_model "github.com/zitadel/zitadel/internal/user/repository/view/model" "github.com/zitadel/zitadel/internal/view/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) func RefreshTokenByID(db *gorm.DB, table, tokenID, instanceID string) (*usr_model.RefreshTokenView, error) { @@ -17,8 +17,8 @@ func RefreshTokenByID(db *gorm.DB, table, tokenID, instanceID string) (*usr_mode &usr_model.RefreshTokenSearchQuery{Key: model.RefreshTokenSearchKeyInstanceID, Method: domain.SearchMethodEquals, Value: instanceID}, ) err := query(db, token) - if errors.IsNotFound(err) { - return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.RefreshToken.NotFound") + if zerrors.IsNotFound(err) { + return nil, zerrors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.RefreshToken.NotFound") } return token, err } diff --git a/internal/user/repository/view/token_view.go b/internal/user/repository/view/token_view.go index 6aaed26e33..72a0d164a4 100644 --- a/internal/user/repository/view/token_view.go +++ b/internal/user/repository/view/token_view.go @@ -4,10 +4,10 @@ import ( "github.com/jinzhu/gorm" "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/user/model" usr_model "github.com/zitadel/zitadel/internal/user/repository/view/model" "github.com/zitadel/zitadel/internal/view/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) func TokenByIDs(db *gorm.DB, table, tokenID, userID, instanceID string) (*usr_model.TokenView, error) { @@ -18,8 +18,8 @@ func TokenByIDs(db *gorm.DB, table, tokenID, userID, instanceID string) (*usr_mo &usr_model.TokenSearchQuery{Key: model.TokenSearchKeyInstanceID, Method: domain.SearchMethodEquals, Value: instanceID}, ) err := query(db, token) - if errors.IsNotFound(err) { - return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound") + if zerrors.IsNotFound(err) { + return nil, zerrors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound") } return token, err } diff --git a/internal/user/repository/view/user_session_view.go b/internal/user/repository/view/user_session_view.go index 7b75c31d3c..487857c1ba 100644 --- a/internal/user/repository/view/user_session_view.go +++ b/internal/user/repository/view/user_session_view.go @@ -4,10 +4,10 @@ import ( "github.com/jinzhu/gorm" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" usr_model "github.com/zitadel/zitadel/internal/user/model" "github.com/zitadel/zitadel/internal/user/repository/view/model" "github.com/zitadel/zitadel/internal/view/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) func UserSessionByIDs(db *gorm.DB, table, agentID, userID, instanceID string) (*model.UserSessionView, error) { @@ -29,8 +29,8 @@ func UserSessionByIDs(db *gorm.DB, table, agentID, userID, instanceID string) (* } query := repository.PrepareGetByQuery(table, userAgentQuery, userQuery, instanceIDQuery) err := query(db, userSession) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-NGBs1", "Errors.UserSession.NotFound") + if zerrors.IsNotFound(err) { + return nil, zerrors.ThrowNotFound(nil, "VIEW-NGBs1", "Errors.UserSession.NotFound") } return userSession, err } diff --git a/internal/user/repository/view/user_view.go b/internal/user/repository/view/user_view.go index c0b5d2af7c..0b0aeba47d 100644 --- a/internal/user/repository/view/user_view.go +++ b/internal/user/repository/view/user_view.go @@ -1,14 +1,13 @@ package view import ( - "github.com/zitadel/zitadel/internal/domain" - "github.com/zitadel/zitadel/internal/view/repository" - "github.com/jinzhu/gorm" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/domain" usr_model "github.com/zitadel/zitadel/internal/user/model" "github.com/zitadel/zitadel/internal/user/repository/view/model" + "github.com/zitadel/zitadel/internal/view/repository" + "github.com/zitadel/zitadel/internal/zerrors" ) func UserByID(db *gorm.DB, table, userID, instanceID string) (*model.UserView, error) { @@ -30,91 +29,8 @@ func UserByID(db *gorm.DB, table, userID, instanceID string) (*model.UserView, e } query := repository.PrepareGetByQuery(table, userIDQuery, instanceIDQuery, ownerRemovedQuery) err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-sj8Sw", "Errors.User.NotFound") - } - user.SetEmptyUserType() - return user, err -} - -func UserByUserName(db *gorm.DB, table, userName, instanceID string) (*model.UserView, error) { - user := new(model.UserView) - userNameQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyUserName, - Method: domain.SearchMethodEquals, - Value: userName, - } - instanceIDQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareGetByQuery(table, userNameQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso9s", "Errors.User.NotFound") - } - user.SetEmptyUserType() - return user, err -} - -func UserByLoginName(db *gorm.DB, table, loginName, instanceID string) (*model.UserView, error) { - user := new(model.UserView) - loginNameQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyLoginNames, - Method: domain.SearchMethodListContains, - Value: loginName, - } - instanceIDQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareGetByQuery(table, loginNameQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFound") - } - user.SetEmptyUserType() - return user, err -} - -func UserByLoginNameAndResourceOwner(db *gorm.DB, table, loginName, resourceOwner, instanceID string) (*model.UserView, error) { - user := new(model.UserView) - loginNameQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyLoginNames, - Method: domain.SearchMethodListContains, - Value: loginName, - } - resourceOwnerQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyResourceOwner, - Method: domain.SearchMethodEquals, - Value: resourceOwner, - } - instanceIDQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchKeyInstanceID, - Method: domain.SearchMethodEquals, - Value: instanceID, - } - ownerRemovedQuery := &model.UserSearchQuery{ - Key: usr_model.UserSearchOwnerRemoved, - Method: domain.SearchMethodEquals, - Value: false, - } - query := repository.PrepareGetByQuery(table, loginNameQuery, resourceOwnerQuery, instanceIDQuery, ownerRemovedQuery) - err := query(db, user) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFoundOnOrg") + if zerrors.IsNotFound(err) { + return nil, zerrors.ThrowNotFound(nil, "VIEW-sj8Sw", "Errors.User.NotFound") } user.SetEmptyUserType() return user, err diff --git a/internal/view/repository/query.go b/internal/view/repository/query.go index ba18c71ba3..4b931b7d5e 100644 --- a/internal/view/repository/query.go +++ b/internal/view/repository/query.go @@ -11,7 +11,7 @@ import ( "github.com/zitadel/zitadel/internal/database" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type SearchRequest interface { @@ -48,7 +48,7 @@ func PrepareSearchQuery(table string, request SearchRequest) func(db *gorm.DB, r var err error query, err = SetQuery(query, q.GetKey(), q.GetValue(), q.GetMethod()) if err != nil { - return count, caos_errs.ThrowInvalidArgument(err, "VIEW-KaGue", "query is invalid") + return count, zerrors.ThrowInvalidArgument(err, "VIEW-KaGue", "query is invalid") } } @@ -69,7 +69,7 @@ func PrepareSearchQuery(table string, request SearchRequest) func(db *gorm.DB, r query = query.Offset(request.GetOffset()) err := query.Find(res).Error if err != nil { - return count, caos_errs.ThrowInternal(err, "VIEW-muSDK", "unable to find result") + return count, zerrors.ThrowInternal(err, "VIEW-muSDK", "unable to find result") } return count, nil } @@ -78,7 +78,7 @@ func PrepareSearchQuery(table string, request SearchRequest) func(db *gorm.DB, r func SetQuery(query *gorm.DB, key ColumnKey, value interface{}, method domain.SearchMethod) (*gorm.DB, error) { column := key.ToColumnName() if column == "" { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-7dz3w", "Column name missing") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-7dz3w", "Column name missing") } switch method { @@ -87,44 +87,50 @@ func SetQuery(query *gorm.DB, key ColumnKey, value interface{}, method domain.Se case domain.SearchMethodEqualsIgnoreCase: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-idu8e", "Equal ignore case only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-idu8e", "Equal ignore case only possible for strings") } query = query.Where("LOWER("+column+") = LOWER(?)", valueText) case domain.SearchMethodStartsWith: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-SLj7s", "Starts with only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-SLj7s", "Starts with only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where(column+" LIKE ?", valueText+"%") case domain.SearchMethodStartsWithIgnoreCase: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-eidus", "Starts with ignore case only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-eidus", "Starts with ignore case only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where("LOWER("+column+") LIKE LOWER(?)", valueText+"%") case domain.SearchMethodEndsWith: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-Hswd3", "Ends with only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-Hswd3", "Ends with only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where(column+" LIKE ?", "%"+valueText) case domain.SearchMethodEndsWithIgnoreCase: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-dAG31", "Ends with ignore case only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-dAG31", "Ends with ignore case only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where("LOWER("+column+") LIKE LOWER(?)", "%"+valueText) case domain.SearchMethodContains: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-3ids", "Contains with only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-3ids", "Contains with only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where(column+" LIKE ?", "%"+valueText+"%") case domain.SearchMethodContainsIgnoreCase: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-eid73", "Contains with ignore case only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-eid73", "Contains with ignore case only possible for strings") } + valueText = database.EscapeLikeWildcards(valueText) query = query.Where("LOWER("+column+") LIKE LOWER(?)", "%"+valueText+"%") case domain.SearchMethodNotEquals: query = query.Where(""+column+" <> ?", value) @@ -137,7 +143,7 @@ func SetQuery(query *gorm.DB, key ColumnKey, value interface{}, method domain.Se case domain.SearchMethodListContains: valueText, ok := value.(string) if !ok { - return nil, caos_errs.ThrowInvalidArgument(nil, "VIEW-Psois", "list contains only possible for strings") + return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-Psois", "list contains only possible for strings") } query = query.Where("? <@ "+column, database.TextArray[string]{valueText}) default: diff --git a/internal/view/repository/query_test.go b/internal/view/repository/query_test.go index c85660e995..49cd961b1a 100644 --- a/internal/view/repository/query_test.go +++ b/internal/view/repository/query_test.go @@ -1,11 +1,12 @@ package repository import ( + "reflect" "testing" "github.com/jinzhu/gorm" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPrepareSearchQuery(t *testing.T) { @@ -126,7 +127,7 @@ func TestPrepareSearchQuery(t *testing.T) { res{ count: 1, wantErr: true, - errFunc: caos_errs.IsInternal, + errFunc: zerrors.IsInternal, }, }, } @@ -155,3 +156,304 @@ func TestPrepareSearchQuery(t *testing.T) { }) } } + +func TestSetQuery(t *testing.T) { + query := mockDB(t).db.Select("test_field").Table("test_table") + exprPrefix := `(SELECT test_field FROM "test_table" WHERE ` + type args struct { + key ColumnKey + value interface{} + method domain.SearchMethod + } + type want struct { + isErr func(t *testing.T, got error) + query *gorm.SqlExpr + } + tests := []struct { + name string + args args + want want + }{ + { + name: "contains", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodContains, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%asdf%"), + }, + }, + { + name: "contains _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodContains, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\_df%"), + }, + }, + { + name: "contains % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodContains, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\%df%"), + }, + }, + { + name: "contains % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodContains, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%a\\_s\\%d\\_f%"), + }, + }, + { + name: "starts with", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodStartsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "asdf%"), + }, + }, + { + name: "starts with _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodStartsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "as\\_df%"), + }, + }, + { + name: "starts with % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodStartsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "as\\%df%"), + }, + }, + { + name: "starts with % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodStartsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "a\\_s\\%d\\_f%"), + }, + }, + { + name: "ends with", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodEndsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%asdf"), + }, + }, + { + name: "ends with _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodEndsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\_df"), + }, + }, + { + name: "ends with % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodEndsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\%df"), + }, + }, + { + name: "ends with % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodEndsWith, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%a\\_s\\%d\\_f"), + }, + }, + { + name: "starts with ignore case", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodStartsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "asdf%"), + }, + }, + { + name: "starts with ignore case _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodStartsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "as\\_df%"), + }, + }, + { + name: "starts with ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodStartsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "as\\%df%"), + }, + }, + { + name: "starts with ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodStartsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "a\\_s\\%d\\_f%"), + }, + }, + { + name: "ends with ignore case", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodEndsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%asdf"), + }, + }, + { + name: "ends with ignore case _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodEndsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\_df"), + }, + }, + { + name: "ends with ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodEndsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\%df"), + }, + }, + { + name: "ends with ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodEndsWithIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%a\\_s\\%d\\_f"), + }, + }, + { + name: "contains ignore case", + args: args{ + key: TestSearchKey_TEST, + value: "asdf", + method: domain.SearchMethodContainsIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%asdf%"), + }, + }, + { + name: "contains ignore case _ wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as_df", + method: domain.SearchMethodContainsIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\_df%"), + }, + }, + { + name: "contains ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "as%df", + method: domain.SearchMethodContainsIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\%df%"), + }, + }, + { + name: "contains ignore case % wildcard", + args: args{ + key: TestSearchKey_TEST, + value: "a_s%d_f", + method: domain.SearchMethodContainsIgnoreCase, + }, + want: want{ + query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%a\\_s\\%d\\_f%"), + }, + }, + } + for _, tt := range tests { + if tt.want.isErr == nil { + tt.want.isErr = func(t *testing.T, got error) { + if got == nil { + return + } + t.Errorf("no error expected got: %v", got) + } + } + t.Run(tt.name, func(t *testing.T) { + got, err := SetQuery(query, tt.args.key, tt.args.value, tt.args.method) + tt.want.isErr(t, err) + if !reflect.DeepEqual(got.SubQuery(), tt.want.query) { + t.Errorf("unexpected query: \nwant: %v\n got: %v", *tt.want.query, *got.SubQuery()) + } + }) + } +} diff --git a/internal/view/repository/requests.go b/internal/view/repository/requests.go index 9de4f9fcdd..b1d98af34f 100644 --- a/internal/view/repository/requests.go +++ b/internal/view/repository/requests.go @@ -9,8 +9,7 @@ import ( "github.com/jinzhu/gorm" "github.com/zitadel/logging" - - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func PrepareGetByQuery(table string, queries ...SearchQuery) func(db *gorm.DB, res interface{}) error { @@ -20,7 +19,7 @@ func PrepareGetByQuery(table string, queries ...SearchQuery) func(db *gorm.DB, r var err error query, err = SetQuery(query, q.GetKey(), q.GetValue(), q.GetMethod()) if err != nil { - return caos_errs.ThrowInvalidArgument(err, "VIEW-KaGue", "query is invalid") + return zerrors.ThrowInvalidArgument(err, "VIEW-KaGue", "query is invalid") } } @@ -36,10 +35,10 @@ func PrepareGetByQuery(table string, queries ...SearchQuery) func(db *gorm.DB, r return nil } if errors.Is(err, gorm.ErrRecordNotFound) { - return caos_errs.ThrowNotFound(err, "VIEW-hodc6", "object not found") + return zerrors.ThrowNotFound(err, "VIEW-hodc6", "object not found") } logging.LogWithFields("VIEW-Mg6la", "table ", table).WithError(err).Warn("get from cache error") - return caos_errs.ThrowInternal(err, "VIEW-qJBg9", "cache error") + return zerrors.ThrowInternal(err, "VIEW-qJBg9", "cache error") } } @@ -48,16 +47,16 @@ func PrepareBulkSave(table string) func(db *gorm.DB, objects ...interface{}) err db = db.Table(table) db = db.Begin() if err := db.Error; err != nil { - return caos_errs.ThrowInternal(err, "REPOS-Fl0Is", "unable to begin") + return zerrors.ThrowInternal(err, "REPOS-Fl0Is", "unable to begin") } for _, object := range objects { err := db.Save(object).Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-oJJSm", "unable to put object to view") + return zerrors.ThrowInternal(err, "VIEW-oJJSm", "unable to put object to view") } } if err := db.Commit().Error; err != nil { - return caos_errs.ThrowInternal(err, "REPOS-IfhUE", "unable to commit") + return zerrors.ThrowInternal(err, "REPOS-IfhUE", "unable to commit") } return nil } @@ -67,7 +66,7 @@ func PrepareSave(table string) func(db *gorm.DB, object interface{}) error { return func(db *gorm.DB, object interface{}) error { err := db.Table(table).Save(object).Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-2m9fs", "unable to put object to view") + return zerrors.ThrowInternal(err, "VIEW-2m9fs", "unable to put object to view") } return nil } @@ -82,7 +81,7 @@ func PrepareSaveOnConflict(table string, conflictColumns, updateColumns []string return func(db *gorm.DB, object interface{}) error { err := db.Table(table).Set("gorm:insert_option", onConflict).Save(object).Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-AfC7G", "unable to put object to view") + return zerrors.ThrowInternal(err, "VIEW-AfC7G", "unable to put object to view") } return nil } @@ -95,7 +94,7 @@ func PrepareDeleteByKey(table string, key ColumnKey, id interface{}) func(db *go Delete(nil). Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-die73", "could not delete object") + return zerrors.ThrowInternal(err, "VIEW-die73", "could not delete object") } return nil } @@ -111,7 +110,7 @@ func PrepareUpdateByKeys(table string, column ColumnKey, value interface{}, keys Update(column.ToColumnName(), value). Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-ps099xj", "could not update object") + return zerrors.ThrowInternal(err, "VIEW-ps099xj", "could not update object") } return nil } @@ -132,7 +131,7 @@ func PrepareDeleteByKeys(table string, keys ...Key) func(db *gorm.DB) error { Delete(nil). Error if err != nil { - return caos_errs.ThrowInternal(err, "VIEW-die73", "could not delete object") + return zerrors.ThrowInternal(err, "VIEW-die73", "could not delete object") } return nil } diff --git a/internal/view/repository/requests_test.go b/internal/view/repository/requests_test.go index c852d15a7f..36982827f4 100644 --- a/internal/view/repository/requests_test.go +++ b/internal/view/repository/requests_test.go @@ -6,7 +6,7 @@ import ( "github.com/jinzhu/gorm" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestPrepareGetByQuery(t *testing.T) { @@ -114,7 +114,7 @@ func TestPrepareGetByQuery(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsNotFound, + errFunc: zerrors.IsNotFound, }, }, { @@ -128,7 +128,7 @@ func TestPrepareGetByQuery(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsInternal, + errFunc: zerrors.IsInternal, }, }, { @@ -142,7 +142,7 @@ func TestPrepareGetByQuery(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsErrorInvalidArgument, + errFunc: zerrors.IsErrorInvalidArgument, }, }, } @@ -212,7 +212,7 @@ func TestPreparePut(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsInternal, + errFunc: zerrors.IsInternal, }, }, } @@ -284,7 +284,7 @@ func TestPrepareDelete(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsInternal, + errFunc: zerrors.IsInternal, }, }, } @@ -375,7 +375,7 @@ func TestPrepareDeleteByKeys(t *testing.T) { res{ result: Test{ID: "VALUE"}, wantErr: true, - errFunc: caos_errs.IsInternal, + errFunc: zerrors.IsInternal, }, }, } diff --git a/internal/webauthn/webauthn.go b/internal/webauthn/webauthn.go index 8a9709ec86..329d533631 100644 --- a/internal/webauthn/webauthn.go +++ b/internal/webauthn/webauthn.go @@ -13,7 +13,7 @@ import ( "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/http" "github.com/zitadel/zitadel/internal/domain" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) type Config struct { @@ -80,11 +80,11 @@ func (w *Config) BeginRegistration(ctx context.Context, user *domain.Human, acco webauthn.WithExclusions(existing), ) if err != nil { - return nil, caos_errs.ThrowInternal(err, "WEBAU-bM8sd", "Errors.User.WebAuthN.BeginRegisterFailed") + return nil, zerrors.ThrowInternal(err, "WEBAU-bM8sd", "Errors.User.WebAuthN.BeginRegisterFailed") } cred, err := json.Marshal(credentialOptions) if err != nil { - return nil, caos_errs.ThrowInternal(err, "WEBAU-D7cus", "Errors.User.WebAuthN.MarshalError") + return nil, zerrors.ThrowInternal(err, "WEBAU-D7cus", "Errors.User.WebAuthN.MarshalError") } return &domain.WebAuthNToken{ Challenge: sessionData.Challenge, @@ -97,12 +97,12 @@ func (w *Config) BeginRegistration(ctx context.Context, user *domain.Human, acco func (w *Config) FinishRegistration(ctx context.Context, user *domain.Human, webAuthN *domain.WebAuthNToken, tokenName string, credData []byte, isLoginUI bool) (*domain.WebAuthNToken, error) { if webAuthN == nil { - return nil, caos_errs.ThrowInternal(nil, "WEBAU-5M9so", "Errors.User.WebAuthN.NotFound") + return nil, zerrors.ThrowInternal(nil, "WEBAU-5M9so", "Errors.User.WebAuthN.NotFound") } credentialData, err := protocol.ParseCredentialCreationResponseBody(bytes.NewReader(credData)) if err != nil { logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn credential could not be parsed") - return nil, caos_errs.ThrowInternal(err, "WEBAU-sEr8c", "Errors.User.WebAuthN.ErrorOnParseCredential") + return nil, zerrors.ThrowInternal(err, "WEBAU-sEr8c", "Errors.User.WebAuthN.ErrorOnParseCredential") } sessionData := WebAuthNToSessionData(webAuthN) webAuthNServer, err := w.serverFromContext(ctx, webAuthN.RPID, credentialData.Response.CollectedClientData.Origin) @@ -117,7 +117,7 @@ func (w *Config) FinishRegistration(ctx context.Context, user *domain.Human, web credentialData) if err != nil { logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn credential could not be created") - return nil, caos_errs.ThrowInternal(err, "WEBAU-3Vb9s", "Errors.User.WebAuthN.CreateCredentialFailed") + return nil, zerrors.ThrowInternal(err, "WEBAU-3Vb9s", "Errors.User.WebAuthN.CreateCredentialFailed") } webAuthN.KeyID = credential.ID @@ -141,11 +141,11 @@ func (w *Config) BeginLogin(ctx context.Context, user *domain.Human, userVerific }, webauthn.WithUserVerification(UserVerificationFromDomain(userVerification))) if err != nil { logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn login could not be started") - return nil, caos_errs.ThrowInternal(err, "WEBAU-4G8sw", "Errors.User.WebAuthN.BeginLoginFailed") + return nil, zerrors.ThrowInternal(err, "WEBAU-4G8sw", "Errors.User.WebAuthN.BeginLoginFailed") } cred, err := json.Marshal(assertion) if err != nil { - return nil, caos_errs.ThrowInternal(err, "WEBAU-2M0s9", "Errors.User.WebAuthN.MarshalError") + return nil, zerrors.ThrowInternal(err, "WEBAU-2M0s9", "Errors.User.WebAuthN.MarshalError") } return &domain.WebAuthNLogin{ Challenge: sessionData.Challenge, @@ -160,7 +160,7 @@ func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN * assertionData, err := protocol.ParseCredentialRequestResponseBody(bytes.NewReader(credData)) if err != nil { logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn assertion could not be parsed") - return nil, caos_errs.ThrowInternal(err, "WEBAU-ADgv4", "Errors.User.WebAuthN.ValidateLoginFailed") + return nil, zerrors.ThrowInternal(err, "WEBAU-ADgv4", "Errors.User.WebAuthN.ValidateLoginFailed") } webUser := &webUser{ Human: user, @@ -173,11 +173,11 @@ func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN * credential, err := webAuthNServer.ValidateLogin(webUser, WebAuthNLoginToSessionData(webAuthN), assertionData) if err != nil { logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn assertion failed") - return nil, caos_errs.ThrowInternal(err, "WEBAU-3M9si", "Errors.User.WebAuthN.ValidateLoginFailed") + return nil, zerrors.ThrowInternal(err, "WEBAU-3M9si", "Errors.User.WebAuthN.ValidateLoginFailed") } if credential.Authenticator.CloneWarning { - return credential, caos_errs.ThrowInternal(nil, "WEBAU-4M90s", "Errors.User.WebAuthN.CloneWarning") + return credential, zerrors.ThrowInternal(nil, "WEBAU-4M90s", "Errors.User.WebAuthN.CloneWarning") } return credential, nil } @@ -189,7 +189,7 @@ func (w *Config) serverFromContext(ctx context.Context, id, origin string) (*web } webAuthn, err := webauthn.New(config) if err != nil { - return nil, caos_errs.ThrowInternal(err, "WEBAU-UX9ta", "Errors.User.WebAuthN.ServerConfig") + return nil, zerrors.ThrowInternal(err, "WEBAU-UX9ta", "Errors.User.WebAuthN.ServerConfig") } return webAuthn, nil } diff --git a/internal/webauthn/webauthn_test.go b/internal/webauthn/webauthn_test.go index 7d8052048a..b7c4276aec 100644 --- a/internal/webauthn/webauthn_test.go +++ b/internal/webauthn/webauthn_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" "github.com/zitadel/zitadel/internal/api/authz" - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestConfig_serverFromContext(t *testing.T) { @@ -27,7 +27,7 @@ func TestConfig_serverFromContext(t *testing.T) { { name: "webauthn error", args: args{context.Background(), "", ""}, - wantErr: caos_errs.ThrowInternal(nil, "WEBAU-UX9ta", "Errors.User.WebAuthN.ServerConfig"), + wantErr: zerrors.ThrowInternal(nil, "WEBAU-UX9ta", "Errors.User.WebAuthN.ServerConfig"), }, { name: "success from ctx", diff --git a/internal/errors/already_exists.go b/internal/zerrors/already_exists.go similarity index 72% rename from internal/errors/already_exists.go rename to internal/zerrors/already_exists.go index 83f95a2be3..bdc544979a 100644 --- a/internal/errors/already_exists.go +++ b/internal/zerrors/already_exists.go @@ -1,4 +1,4 @@ -package errors +package zerrors import "fmt" @@ -13,15 +13,15 @@ type AlreadyExists interface { } type AlreadyExistsError struct { - *CaosError + *ZitadelError } func ThrowAlreadyExists(parent error, id, message string) error { - return &AlreadyExistsError{CreateCaosError(parent, id, message)} + return &AlreadyExistsError{CreateZitadelError(parent, id, message)} } func ThrowAlreadyExistsf(parent error, id, format string, a ...interface{}) error { - return &AlreadyExistsError{CreateCaosError(parent, id, fmt.Sprintf(format, a...))} + return &AlreadyExistsError{CreateZitadelError(parent, id, fmt.Sprintf(format, a...))} } func (err *AlreadyExistsError) IsAlreadyExists() {} @@ -31,7 +31,7 @@ func (err *AlreadyExistsError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func IsErrorAlreadyExists(err error) bool { @@ -40,5 +40,5 @@ func IsErrorAlreadyExists(err error) bool { } func (err *AlreadyExistsError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/already_exists_test.go b/internal/zerrors/already_exists_test.go new file mode 100644 index 0000000000..6039c37887 --- /dev/null +++ b/internal/zerrors/already_exists_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestAlreadyExistsError(t *testing.T) { + var alreadyExistsError interface{} = new(zerrors.AlreadyExistsError) + _, ok := alreadyExistsError.(zerrors.AlreadyExists) + assert.True(t, ok) +} + +func TestThrowAlreadyExistsf(t *testing.T) { + err := zerrors.ThrowAlreadyExistsf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.AlreadyExistsError) + assert.True(t, ok) +} + +func TestIsErrorAlreadyExists(t *testing.T) { + err := zerrors.ThrowAlreadyExists(nil, "id", "msg") + ok := zerrors.IsErrorAlreadyExists(err) + assert.True(t, ok) + + err = errors.New("Already Exists!") + ok = zerrors.IsErrorAlreadyExists(err) + assert.False(t, ok) +} diff --git a/internal/errors/deadline_exceeded.go b/internal/zerrors/deadline_exceeded.go similarity index 82% rename from internal/errors/deadline_exceeded.go rename to internal/zerrors/deadline_exceeded.go index 9efe842c73..b19aac733d 100644 --- a/internal/errors/deadline_exceeded.go +++ b/internal/zerrors/deadline_exceeded.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type DeadlineExceeded interface { } type DeadlineExceededError struct { - *CaosError + *ZitadelError } func ThrowDeadlineExceeded(parent error, id, message string) error { - return &DeadlineExceededError{CreateCaosError(parent, id, message)} + return &DeadlineExceededError{CreateZitadelError(parent, id, message)} } func ThrowDeadlineExceededf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *DeadlineExceededError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *DeadlineExceededError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/deadline_exceeded_test.go b/internal/zerrors/deadline_exceeded_test.go new file mode 100644 index 0000000000..743add7162 --- /dev/null +++ b/internal/zerrors/deadline_exceeded_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestDeadlineExceededError(t *testing.T) { + var err interface{} = new(zerrors.DeadlineExceededError) + _, ok := err.(zerrors.DeadlineExceeded) + assert.True(t, ok) +} + +func TestThrowDeadlineExceededf(t *testing.T) { + err := zerrors.ThrowDeadlineExceededf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.DeadlineExceededError) + assert.True(t, ok) +} + +func TestIsDeadlineExceeded(t *testing.T) { + err := zerrors.ThrowDeadlineExceeded(nil, "id", "msg") + ok := zerrors.IsDeadlineExceeded(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsDeadlineExceeded(err) + assert.False(t, ok) +} diff --git a/internal/errors/error.go b/internal/zerrors/error.go similarity index 96% rename from internal/errors/error.go rename to internal/zerrors/error.go index 31d1fc6843..a2840063cc 100644 --- a/internal/errors/error.go +++ b/internal/zerrors/error.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "strings" diff --git a/internal/errors/error_test.go b/internal/zerrors/error_test.go similarity index 53% rename from internal/errors/error_test.go rename to internal/zerrors/error_test.go index 8078bca55b..23ef370305 100644 --- a/internal/errors/error_test.go +++ b/internal/zerrors/error_test.go @@ -1,4 +1,4 @@ -package errors_test +package zerrors_test import ( "errors" @@ -6,14 +6,14 @@ import ( "github.com/stretchr/testify/assert" - caos_errors "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestContains(t *testing.T) { err := errors.New("hello world") - world := caos_errors.Contains(err, "hello") + world := zerrors.Contains(err, "hello") assert.True(t, world) - mars := caos_errors.Contains(err, "mars") + mars := zerrors.Contains(err, "mars") assert.False(t, mars) } diff --git a/internal/errors/generate/error.go.tmpl b/internal/zerrors/generate/error.go.tmpl similarity index 100% rename from internal/errors/generate/error.go.tmpl rename to internal/zerrors/generate/error.go.tmpl diff --git a/internal/errors/generate/error_creator.go b/internal/zerrors/generate/error_creator.go similarity index 95% rename from internal/errors/generate/error_creator.go rename to internal/zerrors/generate/error_creator.go index 2062161c77..8e16ad3342 100644 --- a/internal/errors/generate/error_creator.go +++ b/internal/zerrors/generate/error_creator.go @@ -1,4 +1,4 @@ -//go generate +// go generate package main import ( @@ -32,7 +32,7 @@ func main() { fmt.Print(` !!!!! - Add status mapping in internal/api/grpc/caos_errors.go + Add status mapping in internal/api/grpc/zerrors.go !!!!!`) } diff --git a/internal/errors/generate/error_interface.go.tmpl b/internal/zerrors/generate/error_interface.go.tmpl similarity index 100% rename from internal/errors/generate/error_interface.go.tmpl rename to internal/zerrors/generate/error_interface.go.tmpl diff --git a/internal/zerrors/generate/error_test.go.tmpl b/internal/zerrors/generate/error_test.go.tmpl new file mode 100644 index 0000000000..6d967e1afc --- /dev/null +++ b/internal/zerrors/generate/error_test.go.tmpl @@ -0,0 +1,33 @@ +package errors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func Test{{.ErrorName}}Error(t *testing.T) { + var err interface{} + err = new(zerrors.{{.ErrorName}}Error) + _, ok := err.(*zerrors.{{.ErrorName}}) + assert.True(t, ok) +} + +func TestThrow{{.ErrorName}}f(t *testing.T) { + err := zerrors.Throw{{.ErrorName}}f(nil, "id", "msg") + _, ok := err.(*zerrors.{{.ErrorName}}Error) + assert.True(t, ok) +} + +func TestIs{{.ErrorName}}(t *testing.T) { + err := zerrors.Throw{{.ErrorName}}(nil, "id", "msg") + ok := zerrors.Is{{.ErrorName}}(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.Is{{.ErrorName}}(err) + assert.False(t, ok) +} diff --git a/internal/errors/internal.go b/internal/zerrors/internal.go similarity index 80% rename from internal/errors/internal.go rename to internal/zerrors/internal.go index 0b0a4272af..97c164f3eb 100644 --- a/internal/errors/internal.go +++ b/internal/zerrors/internal.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type Internal interface { } type InternalError struct { - *CaosError + *ZitadelError } func ThrowInternal(parent error, id, message string) error { - return &InternalError{CreateCaosError(parent, id, message)} + return &InternalError{CreateZitadelError(parent, id, message)} } func ThrowInternalf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *InternalError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *InternalError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/internal_test.go b/internal/zerrors/internal_test.go new file mode 100644 index 0000000000..3448afbafa --- /dev/null +++ b/internal/zerrors/internal_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestInternalError(t *testing.T) { + var err interface{} = new(zerrors.InternalError) + _, ok := err.(zerrors.Internal) + assert.True(t, ok) +} + +func TestThrowInternalf(t *testing.T) { + err := zerrors.ThrowInternalf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.InternalError) + assert.True(t, ok) +} + +func TestIsInternal(t *testing.T) { + err := zerrors.ThrowInternal(nil, "id", "msg") + ok := zerrors.IsInternal(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsInternal(err) + assert.False(t, ok) +} diff --git a/internal/errors/invalid_argument.go b/internal/zerrors/invalid_argument.go similarity index 82% rename from internal/errors/invalid_argument.go rename to internal/zerrors/invalid_argument.go index 431885dca4..b2a33fc860 100644 --- a/internal/errors/invalid_argument.go +++ b/internal/zerrors/invalid_argument.go @@ -1,4 +1,4 @@ -package errors +package zerrors import "fmt" @@ -13,11 +13,11 @@ type InvalidArgument interface { } type InvalidArgumentError struct { - *CaosError + *ZitadelError } func ThrowInvalidArgument(parent error, id, message string) error { - return &InvalidArgumentError{CreateCaosError(parent, id, message)} + return &InvalidArgumentError{CreateZitadelError(parent, id, message)} } func ThrowInvalidArgumentf(parent error, id, format string, a ...interface{}) error { @@ -36,9 +36,9 @@ func (err *InvalidArgumentError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *InvalidArgumentError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/invalid_argument_test.go b/internal/zerrors/invalid_argument_test.go new file mode 100644 index 0000000000..7c1bd75aeb --- /dev/null +++ b/internal/zerrors/invalid_argument_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestInvalidArgumentError(t *testing.T) { + var invalidArgumentError interface{} = new(zerrors.InvalidArgumentError) + _, ok := invalidArgumentError.(zerrors.InvalidArgument) + assert.True(t, ok) +} + +func TestThrowInvalidArgumentf(t *testing.T) { + err := zerrors.ThrowInvalidArgumentf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.InvalidArgumentError) + assert.True(t, ok) +} + +func TestIsErrorInvalidArgument(t *testing.T) { + err := zerrors.ThrowInvalidArgument(nil, "id", "msg") + ok := zerrors.IsErrorInvalidArgument(err) + assert.True(t, ok) + + err = errors.New("I am invalid!") + ok = zerrors.IsErrorInvalidArgument(err) + assert.False(t, ok) +} diff --git a/internal/errors/not_found.go b/internal/zerrors/not_found.go similarity index 77% rename from internal/errors/not_found.go rename to internal/zerrors/not_found.go index c53edeeeec..450cc1aa6e 100644 --- a/internal/errors/not_found.go +++ b/internal/zerrors/not_found.go @@ -1,4 +1,4 @@ -package errors +package zerrors import "fmt" @@ -8,11 +8,11 @@ type NotFound interface { } type NotFoundError struct { - *CaosError + *ZitadelError } func ThrowNotFound(parent error, id, message string) error { - return &NotFoundError{CreateCaosError(parent, id, message)} + return &NotFoundError{CreateZitadelError(parent, id, message)} } func ThrowNotFoundf(parent error, id, format string, a ...interface{}) error { @@ -31,9 +31,9 @@ func (err *NotFoundError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *NotFoundError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/not_found_test.go b/internal/zerrors/not_found_test.go new file mode 100644 index 0000000000..b54c550b25 --- /dev/null +++ b/internal/zerrors/not_found_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestNotFoundError(t *testing.T) { + var notFoundError interface{} = new(zerrors.NotFoundError) + _, ok := notFoundError.(zerrors.NotFound) + assert.True(t, ok) +} + +func TestThrowNotFoundf(t *testing.T) { + err := zerrors.ThrowNotFoundf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.NotFoundError) + assert.True(t, ok) +} + +func TestIsNotFound(t *testing.T) { + err := zerrors.ThrowNotFound(nil, "id", "msg") + ok := zerrors.IsNotFound(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsNotFound(err) + assert.False(t, ok) +} diff --git a/internal/errors/permission_denied.go b/internal/zerrors/permission_denied.go similarity index 82% rename from internal/errors/permission_denied.go rename to internal/zerrors/permission_denied.go index 4665308844..62bff08ed6 100644 --- a/internal/errors/permission_denied.go +++ b/internal/zerrors/permission_denied.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type PermissionDenied interface { } type PermissionDeniedError struct { - *CaosError + *ZitadelError } func ThrowPermissionDenied(parent error, id, message string) error { - return &PermissionDeniedError{CreateCaosError(parent, id, message)} + return &PermissionDeniedError{CreateZitadelError(parent, id, message)} } func ThrowPermissionDeniedf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *PermissionDeniedError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *PermissionDeniedError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/permission_denied_test.go b/internal/zerrors/permission_denied_test.go new file mode 100644 index 0000000000..e60177055a --- /dev/null +++ b/internal/zerrors/permission_denied_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestPermissionDeniedError(t *testing.T) { + var err interface{} = new(zerrors.PermissionDeniedError) + _, ok := err.(zerrors.PermissionDenied) + assert.True(t, ok) +} + +func TestThrowPermissionDeniedf(t *testing.T) { + err := zerrors.ThrowPermissionDeniedf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.PermissionDeniedError) + assert.True(t, ok) +} + +func TestIsPermissionDenied(t *testing.T) { + err := zerrors.ThrowPermissionDenied(nil, "id", "msg") + ok := zerrors.IsPermissionDenied(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsPermissionDenied(err) + assert.False(t, ok) +} diff --git a/internal/errors/precondition_failed.go b/internal/zerrors/precondition_failed.go similarity index 82% rename from internal/errors/precondition_failed.go rename to internal/zerrors/precondition_failed.go index 2deee47aa8..ebacb4aa81 100644 --- a/internal/errors/precondition_failed.go +++ b/internal/zerrors/precondition_failed.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type PreconditionFailed interface { } type PreconditionFailedError struct { - *CaosError + *ZitadelError } func ThrowPreconditionFailed(parent error, id, message string) error { - return &PreconditionFailedError{CreateCaosError(parent, id, message)} + return &PreconditionFailedError{CreateZitadelError(parent, id, message)} } func ThrowPreconditionFailedf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *PreconditionFailedError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *PreconditionFailedError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/precondition_failed_test.go b/internal/zerrors/precondition_failed_test.go new file mode 100644 index 0000000000..33e45dc487 --- /dev/null +++ b/internal/zerrors/precondition_failed_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestPreconditionFailedError(t *testing.T) { + var err interface{} = new(zerrors.PreconditionFailedError) + _, ok := err.(zerrors.PreconditionFailed) + assert.True(t, ok) +} + +func TestThrowPreconditionFailedf(t *testing.T) { + err := zerrors.ThrowPreconditionFailedf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.PreconditionFailedError) + assert.True(t, ok) +} + +func TestIsPreconditionFailed(t *testing.T) { + err := zerrors.ThrowPreconditionFailed(nil, "id", "msg") + ok := zerrors.IsPreconditionFailed(err) + assert.True(t, ok) + + err = errors.New("Precondition failed!") + ok = zerrors.IsPreconditionFailed(err) + assert.False(t, ok) +} diff --git a/internal/errors/resource_exhausted.go b/internal/zerrors/resource_exhausted.go similarity index 83% rename from internal/errors/resource_exhausted.go rename to internal/zerrors/resource_exhausted.go index 1485fa361f..1beac0857f 100644 --- a/internal/errors/resource_exhausted.go +++ b/internal/zerrors/resource_exhausted.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type ResourceExhausted interface { } type ResourceExhaustedError struct { - *CaosError + *ZitadelError } func ThrowResourceExhausted(parent error, id, message string) error { - return &ResourceExhaustedError{CreateCaosError(parent, id, message)} + return &ResourceExhaustedError{CreateZitadelError(parent, id, message)} } func ThrowResourceExhaustedf(parent error, id, format string, a ...interface{}) error { @@ -40,9 +40,9 @@ func (err *ResourceExhaustedError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *ResourceExhaustedError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/resource_exhausted_test.go b/internal/zerrors/resource_exhausted_test.go new file mode 100644 index 0000000000..680cf487f3 --- /dev/null +++ b/internal/zerrors/resource_exhausted_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestResourceExhaustedError(t *testing.T) { + var err interface{} = new(zerrors.ResourceExhaustedError) + _, ok := err.(zerrors.ResourceExhausted) + assert.True(t, ok) +} + +func TestThrowResourceExhaustedf(t *testing.T) { + err := zerrors.ThrowResourceExhaustedf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.ResourceExhaustedError) + assert.True(t, ok) +} + +func TestIsResourceExhausted(t *testing.T) { + err := zerrors.ThrowResourceExhausted(nil, "id", "msg") + ok := zerrors.IsResourceExhausted(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsResourceExhausted(err) + assert.False(t, ok) +} diff --git a/internal/errors/unauthenticated.go b/internal/zerrors/unauthenticated.go similarity index 82% rename from internal/errors/unauthenticated.go rename to internal/zerrors/unauthenticated.go index 29237657ea..16a6a98852 100644 --- a/internal/errors/unauthenticated.go +++ b/internal/zerrors/unauthenticated.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type Unauthenticated interface { } type UnauthenticatedError struct { - *CaosError + *ZitadelError } func ThrowUnauthenticated(parent error, id, message string) error { - return &UnauthenticatedError{CreateCaosError(parent, id, message)} + return &UnauthenticatedError{CreateZitadelError(parent, id, message)} } func ThrowUnauthenticatedf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *UnauthenticatedError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *UnauthenticatedError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/unauthenticated_test.go b/internal/zerrors/unauthenticated_test.go new file mode 100644 index 0000000000..9fa9c0a184 --- /dev/null +++ b/internal/zerrors/unauthenticated_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestUnauthenticatedError(t *testing.T) { + var err interface{} = new(zerrors.UnauthenticatedError) + _, ok := err.(zerrors.Unauthenticated) + assert.True(t, ok) +} + +func TestThrowUnauthenticatedf(t *testing.T) { + err := zerrors.ThrowUnauthenticatedf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.UnauthenticatedError) + assert.True(t, ok) +} + +func TestIsUnauthenticated(t *testing.T) { + err := zerrors.ThrowUnauthenticated(nil, "id", "msg") + ok := zerrors.IsUnauthenticated(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsUnauthenticated(err) + assert.False(t, ok) +} diff --git a/internal/errors/unavailable.go b/internal/zerrors/unavailable.go similarity index 81% rename from internal/errors/unavailable.go rename to internal/zerrors/unavailable.go index b4b30ab7fb..65572881e2 100644 --- a/internal/errors/unavailable.go +++ b/internal/zerrors/unavailable.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type Unavailable interface { } type UnavailableError struct { - *CaosError + *ZitadelError } func ThrowUnavailable(parent error, id, message string) error { - return &UnavailableError{CreateCaosError(parent, id, message)} + return &UnavailableError{CreateZitadelError(parent, id, message)} } func ThrowUnavailablef(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *UnavailableError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *UnavailableError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/unavailable_test.go b/internal/zerrors/unavailable_test.go new file mode 100644 index 0000000000..f36d25e2cf --- /dev/null +++ b/internal/zerrors/unavailable_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestUnavailableError(t *testing.T) { + var err interface{} = new(zerrors.UnavailableError) + _, ok := err.(zerrors.Unavailable) + assert.True(t, ok) +} + +func TestThrowUnavailablef(t *testing.T) { + err := zerrors.ThrowUnavailablef(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.UnavailableError) + assert.True(t, ok) +} + +func TestIsUnavailable(t *testing.T) { + err := zerrors.ThrowUnavailable(nil, "id", "msg") + ok := zerrors.IsUnavailable(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsUnavailable(err) + assert.False(t, ok) +} diff --git a/internal/errors/unimplemented.go b/internal/zerrors/unimplemented.go similarity index 81% rename from internal/errors/unimplemented.go rename to internal/zerrors/unimplemented.go index 1d0b77ed2a..544f05ee26 100644 --- a/internal/errors/unimplemented.go +++ b/internal/zerrors/unimplemented.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type Unimplemented interface { } type UnimplementedError struct { - *CaosError + *ZitadelError } func ThrowUnimplemented(parent error, id, message string) error { - return &UnimplementedError{CreateCaosError(parent, id, message)} + return &UnimplementedError{CreateZitadelError(parent, id, message)} } func ThrowUnimplementedf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *UnimplementedError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *UnimplementedError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/unimplemented_test.go b/internal/zerrors/unimplemented_test.go new file mode 100644 index 0000000000..3786ed2f45 --- /dev/null +++ b/internal/zerrors/unimplemented_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestUnimplementedError(t *testing.T) { + var unimplementedError interface{} = new(zerrors.UnimplementedError) + _, ok := unimplementedError.(zerrors.Unimplemented) + assert.True(t, ok) +} + +func TestThrowUnimplementedf(t *testing.T) { + err := zerrors.ThrowUnimplementedf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.UnimplementedError) + assert.True(t, ok) +} + +func TestIsUnimplemented(t *testing.T) { + err := zerrors.ThrowUnimplemented(nil, "id", "msg") + ok := zerrors.IsUnimplemented(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsUnimplemented(err) + assert.False(t, ok) +} diff --git a/internal/errors/unknown.go b/internal/zerrors/unknown.go similarity index 79% rename from internal/errors/unknown.go rename to internal/zerrors/unknown.go index 78eda816ab..cba44de8a3 100644 --- a/internal/errors/unknown.go +++ b/internal/zerrors/unknown.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "fmt" @@ -15,11 +15,11 @@ type Unknown interface { } type UnknownError struct { - *CaosError + *ZitadelError } func ThrowUnknown(parent error, id, message string) error { - return &UnknownError{CreateCaosError(parent, id, message)} + return &UnknownError{CreateZitadelError(parent, id, message)} } func ThrowUnknownf(parent error, id, format string, a ...interface{}) error { @@ -38,9 +38,9 @@ func (err *UnknownError) Is(target error) bool { if !ok { return false } - return err.CaosError.Is(t.CaosError) + return err.ZitadelError.Is(t.ZitadelError) } func (err *UnknownError) Unwrap() error { - return err.CaosError + return err.ZitadelError } diff --git a/internal/zerrors/unknown_test.go b/internal/zerrors/unknown_test.go new file mode 100644 index 0000000000..973966ce71 --- /dev/null +++ b/internal/zerrors/unknown_test.go @@ -0,0 +1,33 @@ +package zerrors_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/zitadel/zitadel/internal/zerrors" +) + +func TestUnknownError(t *testing.T) { + var err interface{} = new(zerrors.UnknownError) + _, ok := err.(zerrors.Unknown) + assert.True(t, ok) +} + +func TestThrowUnknownf(t *testing.T) { + err := zerrors.ThrowUnknownf(nil, "id", "msg") + //nolint:errorlint + _, ok := err.(*zerrors.UnknownError) + assert.True(t, ok) +} + +func TestIsUnknown(t *testing.T) { + err := zerrors.ThrowUnknown(nil, "id", "msg") + ok := zerrors.IsUnknown(err) + assert.True(t, ok) + + err = errors.New("I am found!") + ok = zerrors.IsUnknown(err) + assert.False(t, ok) +} diff --git a/internal/errors/caos_error.go b/internal/zerrors/zerror.go similarity index 56% rename from internal/errors/caos_error.go rename to internal/zerrors/zerror.go index 83d5a7ce4a..d7b85b84a7 100644 --- a/internal/errors/caos_error.go +++ b/internal/zerrors/zerror.go @@ -1,4 +1,4 @@ -package errors +package zerrors import ( "errors" @@ -6,55 +6,55 @@ import ( "reflect" ) -var _ Error = (*CaosError)(nil) +var _ Error = (*ZitadelError)(nil) -type CaosError struct { +type ZitadelError struct { Parent error Message string ID string } func ThrowError(parent error, id, message string) error { - return CreateCaosError(parent, id, message) + return CreateZitadelError(parent, id, message) } -func CreateCaosError(parent error, id, message string) *CaosError { - return &CaosError{ +func CreateZitadelError(parent error, id, message string) *ZitadelError { + return &ZitadelError{ Parent: parent, ID: id, Message: message, } } -func (err *CaosError) Error() string { +func (err *ZitadelError) Error() string { if err.Parent != nil { return fmt.Sprintf("ID=%s Message=%s Parent=(%v)", err.ID, err.Message, err.Parent) } return fmt.Sprintf("ID=%s Message=%s", err.ID, err.Message) } -func (err *CaosError) Unwrap() error { +func (err *ZitadelError) Unwrap() error { return err.GetParent() } -func (err *CaosError) GetParent() error { +func (err *ZitadelError) GetParent() error { return err.Parent } -func (err *CaosError) GetMessage() string { +func (err *ZitadelError) GetMessage() string { return err.Message } -func (err *CaosError) SetMessage(msg string) { +func (err *ZitadelError) SetMessage(msg string) { err.Message = msg } -func (err *CaosError) GetID() string { +func (err *ZitadelError) GetID() string { return err.ID } -func (err *CaosError) Is(target error) bool { - t, ok := target.(*CaosError) +func (err *ZitadelError) Is(target error) bool { + t, ok := target.(*ZitadelError) if !ok { return false } @@ -71,8 +71,8 @@ func (err *CaosError) Is(target error) bool { return true } -func (err *CaosError) As(target interface{}) bool { - _, ok := target.(**CaosError) +func (err *ZitadelError) As(target interface{}) bool { + _, ok := target.(**ZitadelError) if !ok { return false } diff --git a/internal/errors/caos_error_test.go b/internal/zerrors/zerror_test.go similarity index 62% rename from internal/errors/caos_error_test.go rename to internal/zerrors/zerror_test.go index 4ce9fc7b33..dcd0d8bcf0 100644 --- a/internal/errors/caos_error_test.go +++ b/internal/zerrors/zerror_test.go @@ -1,19 +1,18 @@ -package errors_test +package zerrors_test import ( "testing" "github.com/stretchr/testify/assert" - - caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/zerrors" ) func TestErrorMethod(t *testing.T) { - err := caos_errs.ThrowError(nil, "id", "msg") + err := zerrors.ThrowError(nil, "id", "msg") expected := "ID=id Message=msg" assert.Equal(t, expected, err.Error()) - err = caos_errs.ThrowError(err, "subID", "subMsg") + err = zerrors.ThrowError(err, "subID", "subMsg") subExptected := "ID=subID Message=subMsg Parent=(ID=id Message=msg)" assert.Equal(t, subExptected, err.Error()) } diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto index 448fcca303..e85ccea8a0 100644 --- a/proto/zitadel/admin.proto +++ b/proto/zitadel/admin.proto @@ -230,7 +230,7 @@ service AdminService { }; option (zitadel.v1.auth_option) = { - permission: "iam.read"; + permission: "authenticated"; }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { @@ -240,6 +240,22 @@ service AdminService { }; } + rpc GetAllowedLanguages(GetAllowedLanguagesRequest) returns (GetAllowedLanguagesResponse) { + option (google.api.http) = { + get: "/languages/allowed"; + }; + + option (zitadel.v1.auth_option) = { + permission: "authenticated"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Allowed Languages"; + description: "If the languages are restricted, only those are returned. Else, all supported languages are returned." + tags: "Restrictions"; + }; + } + rpc SetDefaultLanguage(SetDefaultLanguageRequest) returns (SetDefaultLanguageResponse) { option (google.api.http) = { put: "/languages/default/{language}"; @@ -3843,7 +3859,7 @@ service AdminService { responses: { key: "200"; value: { - description: "The status 200 is also returned if no restrictions were ever set. In this case, all feature restrictions have zero values."; + description: "The status 200 is also returned if no restrictions were ever set. In this case, all feature restrictions are undefined."; }; }; }; @@ -3868,6 +3884,17 @@ message GetSupportedLanguagesResponse { ]; } +//This is an empty request +message GetAllowedLanguagesRequest {} + +message GetAllowedLanguagesResponse { + repeated string languages = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"en\", \"de\", \"it\"]" + } + ]; +} + message SetDefaultLanguageRequest { string language = 1 [ (validate.rules).string = {min_len: 1, max_len: 10}, @@ -7945,11 +7972,35 @@ message ListEventsRequest { } ]; google.protobuf.Timestamp creation_date = 9 [ + deprecated = true, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"2019-04-01T08:45:00.000000Z\""; - description: "If asc is false, the events returned are older than creation_date. If asc is true, the events returned are younger than creation_date. If creation_date is not set the field is ignored."; + description: "Use from instead."; } ]; + message creation_date_range { + google.protobuf.Timestamp since = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2019-04-01T08:45:00.000000Z\""; + description: "The events returned are younger than the UTC since date"; + } + ]; + google.protobuf.Timestamp until = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2019-04-01T08:45:00.000000Z\""; + description: "The events returned are older than the UTC until date."; + } + ]; + } + oneof creation_date_filter { + creation_date_range range = 10; + google.protobuf.Timestamp from = 11 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2019-04-01T08:45:00.000000Z\""; + description: "If asc is false, the events returned are older than the UTC from date. If asc is true, the events returned are younger than from."; + } + ]; + } } message ListEventsResponse { @@ -7994,6 +8045,20 @@ message SetRestrictionsRequest { description: "defines if ZITADEL should expose the endpoint /ui/login/register/org. If it is true, the org registration endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests."; } ]; + optional SelectLanguages allowed_languages = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "restricts the allowed languages. If allowed_languages is undefined, the allowed languages are not changed."; + } + ]; +} + +// We have to wrap the languages list into a message so we can serialize empty lists. +message SelectLanguages { + repeated string list = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which languages to select. An empty list means all languages are selected."; + } + ]; } message SetRestrictionsResponse { @@ -8009,5 +8074,10 @@ message GetRestrictionsResponse { description: "defines if ZITADEL should expose the endpoint /ui/login/register/org. If it is true, the org registration endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests."; } ]; + repeated string allowed_languages = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines the allowed languages. If allowed_languages has one or more entries, only these languages are allowed. If it has no entries, all supported languages are allowed"; + } + ]; } diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto index 5fd8772edc..58767f9fe9 100644 --- a/proto/zitadel/auth.proto +++ b/proto/zitadel/auth.proto @@ -143,10 +143,10 @@ service AuthService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { summary: "Supported Languages"; - description: "The supported/default languages of the system will be returned by the language abbreviation." + description: "Use GetSupportedLanguages on the admin service instead." + deprecated: true; tags: "General"; }; - } rpc GetMyUser(GetMyUserRequest) returns (GetMyUserResponse) { @@ -996,7 +996,6 @@ message HealthzResponse {} //This is an empty request message GetSupportedLanguagesRequest {} -//This is an empty response message GetSupportedLanguagesResponse { repeated string languages = 1 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto index 37f7c12b20..9bb2e1efb3 100644 --- a/proto/zitadel/management.proto +++ b/proto/zitadel/management.proto @@ -268,7 +268,8 @@ service ManagementService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { summary: "Supported Languages"; - description: "The supported/default languages of the system will be returned by the language abbreviation." + description: "Use GetSupportedLanguages on the admin service instead." + deprecated: true; tags: "General"; responses: { key: "200" diff --git a/proto/zitadel/session/v2beta/session_service.proto b/proto/zitadel/session/v2beta/session_service.proto index ef1108e2c7..3461772c9a 100644 --- a/proto/zitadel/session/v2beta/session_service.proto +++ b/proto/zitadel/session/v2beta/session_service.proto @@ -280,7 +280,8 @@ message CreateSessionRequest{ optional google.protobuf.Duration lifetime = 5 [ (validate.rules).duration = {gt: {seconds: 0}}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "\"duration after which the session will be automatically invalidated\""; + description: "\"duration (in seconds) after which the session will be automatically invalidated\""; + example:"\"18000s\"" } ]; } @@ -333,7 +334,8 @@ message SetSessionRequest{ optional google.protobuf.Duration lifetime = 6 [ (validate.rules).duration = {gt: {seconds: 0}}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "\"duration after which the session will be automatically invalidated\""; + description: "\"duration (in seconds) after which the session will be automatically invalidated\""; + example:"\"18000s\"" } ]; } diff --git a/proto/zitadel/user/v2beta/email.proto b/proto/zitadel/user/v2beta/email.proto index 6e0c3ada0b..8a76a2eb0d 100644 --- a/proto/zitadel/user/v2beta/email.proto +++ b/proto/zitadel/user/v2beta/email.proto @@ -27,6 +27,18 @@ message SetHumanEmail { } } +message HumanEmail { + string email = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"mini@mouse.com\""; + } + ]; + bool is_verified = 2; +} + + message SendEmailVerificationCode { optional string url_template = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, diff --git a/proto/zitadel/user/v2beta/password.proto b/proto/zitadel/user/v2beta/password.proto index 8a615657ed..69fe5fc303 100644 --- a/proto/zitadel/user/v2beta/password.proto +++ b/proto/zitadel/user/v2beta/password.proto @@ -55,3 +55,31 @@ enum NotificationType { NOTIFICATION_TYPE_Email = 1; NOTIFICATION_TYPE_SMS = 2; } + +message SetPassword { + oneof password_type { + Password password = 1; + HashedPassword hashed_password = 2; + } + oneof verification { + string current_password = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"Secr3tP4ssw0rd!\""; + } + ]; + string verification_code = 4 [ + (validate.rules).string = {min_len: 1, max_len: 20}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 20; + example: "\"SKJd342k\""; + description: "\"the verification code generated during password reset request\""; + } + ]; + } +} \ No newline at end of file diff --git a/proto/zitadel/user/v2beta/phone.proto b/proto/zitadel/user/v2beta/phone.proto index 75bb80c4b2..c71a725b29 100644 --- a/proto/zitadel/user/v2beta/phone.proto +++ b/proto/zitadel/user/v2beta/phone.proto @@ -24,6 +24,16 @@ message SetHumanPhone { } } +message HumanPhone { + string phone = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"+41791234567\""; + } + ]; + bool is_verified = 2; +} + message SendPhoneVerificationCode {} message ReturnPhoneVerificationCode {} diff --git a/proto/zitadel/user/v2beta/user.proto b/proto/zitadel/user/v2beta/user.proto index ab1b5c5241..57482a23dd 100644 --- a/proto/zitadel/user/v2beta/user.proto +++ b/proto/zitadel/user/v2beta/user.proto @@ -7,10 +7,9 @@ option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2beta;user"; import "google/api/field_behavior.proto"; import "protoc-gen-openapiv2/options/annotations.proto"; import "validate/validate.proto"; - -message User { - string id = 1; -} +import "zitadel/object/v2beta/object.proto"; +import "zitadel/user/v2beta/email.proto"; +import "zitadel/user/v2beta/phone.proto"; enum Gender { GENDER_UNSPECIFIED = 0; @@ -66,6 +65,45 @@ message SetHumanProfile { ]; } +message HumanProfile { + string given_name = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"Minnie\""; + } + ]; + string family_name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"Mouse\""; + } + ]; + optional string nick_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Mini\""; + } + ]; + optional string display_name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Minnie Mouse\""; + } + ]; + optional string preferred_language = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 10; + example: "\"en\""; + } + ]; + optional zitadel.user.v2beta.Gender gender = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"GENDER_FEMALE\""; + } + ]; +} message SetMetadataEntry { string key = 1 [ @@ -88,3 +126,44 @@ message SetMetadataEntry { } ]; } + +message HumanUser { + string user_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\""; + } + ]; + UserState state = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the user"; + } + ]; + string username = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"minnie-mouse\""; + } + ]; + repeated string login_names = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"gigi@zitadel.com\", \"gigi@zitadel.zitadel.ch\"]"; + } + ]; + string preferred_login_name = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@zitadel.com\""; + } + ]; + HumanProfile profile = 6; + HumanEmail email = 7; + HumanPhone phone = 8; +} + +enum UserState { + USER_STATE_UNSPECIFIED = 0; + USER_STATE_ACTIVE = 1; + USER_STATE_INACTIVE = 2; + USER_STATE_DELETED = 3; + USER_STATE_LOCKED = 4; + USER_STATE_SUSPEND = 5; + USER_STATE_INITIAL = 6; +} \ No newline at end of file diff --git a/proto/zitadel/user/v2beta/user_service.proto b/proto/zitadel/user/v2beta/user_service.proto index 36517dc4c5..0a34f7c558 100644 --- a/proto/zitadel/user/v2beta/user_service.proto +++ b/proto/zitadel/user/v2beta/user_service.proto @@ -238,6 +238,149 @@ service UserService { }; } + rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) { + option (google.api.http) = { + put: "/v2beta/users/{user_id}" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Update User"; + description: "Update all information from a user." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc DeactivateUser(DeactivateUserRequest) returns (DeactivateUserResponse) { + option (google.api.http) = { + post: "/v2beta/users/{user_id}/deactivate" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Deactivate user"; + description: "The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc ReactivateUser(ReactivateUserRequest) returns (ReactivateUserResponse) { + option (google.api.http) = { + post: "/v2beta/users/{user_id}/reactivate" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Reactivate user"; + description: "Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc LockUser(LockUserRequest) returns (LockUserResponse) { + option (google.api.http) = { + post: "/v2beta/users/{user_id}/lock" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Lock user"; + description: "The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)" + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc UnlockUser(UnlockUserRequest) returns (UnlockUserResponse) { + option (google.api.http) = { + post: "/v2beta/users/{user_id}/unlock" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Unlock user"; + description: "Unlock a user with the state 'locked'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'locked'." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse) { + option (google.api.http) = { + delete: "/v2beta/users/{user_id}" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "user.delete" + } + }; + + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Delete user"; + description: "The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found" + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + rpc RegisterPasskey (RegisterPasskeyRequest) returns (RegisterPasskeyResponse) { option (google.api.http) = { post: "/v2beta/users/{user_id}/passkeys" @@ -804,6 +947,133 @@ message VerifyPhoneResponse{ zitadel.object.v2beta.Details details = 1; } +message DeleteUserRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + }]; +} + +message DeleteUserResponse { + zitadel.object.v2beta.Details details = 1; +} + +message GetUserByIDRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + description: "User ID of the user you like to get." + } + ]; +} + +message GetUserByIDResponse { + zitadel.object.v2beta.Details details = 1; + HumanUser user = 2; +} + +message UpdateHumanUserRequest{ + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\""; + } + ]; + optional string username = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"minnie-mouse\""; + } + ]; + optional SetHumanProfile profile = 3; + optional SetHumanEmail email = 4; + optional SetHumanPhone phone = 5; + optional SetPassword password = 6; +} + +message UpdateHumanUserResponse { + zitadel.object.v2beta.Details details = 1; + optional string email_code = 2; + optional string phone_code = 3; +} + +message DeactivateUserRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; +} + +message DeactivateUserResponse { + zitadel.object.v2beta.Details details = 1; +} + + +message ReactivateUserRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; +} + +message ReactivateUserResponse { + zitadel.object.v2beta.Details details = 1; +} + +message LockUserRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; +} + +message LockUserResponse { + zitadel.object.v2beta.Details details = 1; +} + +message UnlockUserRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; +} + +message UnlockUserResponse { + zitadel.object.v2beta.Details details = 1; +} + message RegisterPasskeyRequest{ string user_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200},