Merge branch 'master' into new-eventstore

This commit is contained in:
adlerhurst 2020-11-19 17:20:09 +01:00
commit 609c4d4f24
86 changed files with 294 additions and 113 deletions

View File

@ -51,6 +51,8 @@ Details need to be announced, but feel free to contribute already. As long as yo
We already have documentation specific [guidelines](./site/CONTRIBUTING.md). We already have documentation specific [guidelines](./site/CONTRIBUTING.md).
Howto develop ZITADEL: [contribute](./CONTRIBUTING.md)
## Security ## Security
See the policy [here](./SECURITY.md) See the policy [here](./SECURITY.md)

View File

@ -40,7 +40,7 @@ COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose -f build/docker-comp
### Fullstack including database ### Fullstack including database
```Bash ```Bash
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose -f build/docker-compose.yml up --build COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose -f build/docker-compose-dev.yml up --build
``` ```
## Debug ## Debug

View File

@ -95,3 +95,5 @@ SetUp:
DefaultLabelPolicy: DefaultLabelPolicy:
PrimaryColor: '#222324' PrimaryColor: '#222324'
SecondaryColor: '#ffffff' SecondaryColor: '#ffffff'
Step7:
DefaultSecondFactor: 1 #SecondFactorTypeOTP

View File

@ -79,8 +79,8 @@ func userGrantSearchQueryToModel(query *management.UserGrantSearchQuery) *grant_
func userGrantSearchKeyToModel(key management.UserGrantSearchKey) grant_model.UserGrantSearchKey { func userGrantSearchKeyToModel(key management.UserGrantSearchKey) grant_model.UserGrantSearchKey {
switch key { switch key {
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ORG_ID: case management.UserGrantSearchKey_USERGRANTSEARCHKEY_WITH_GRANTED:
return grant_model.UserGrantSearchKeyResourceOwner return grant_model.UserGrantSearchKeyWithGranted
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_PROJECT_ID: case management.UserGrantSearchKey_USERGRANTSEARCHKEY_PROJECT_ID:
return grant_model.UserGrantSearchKeyProjectID return grant_model.UserGrantSearchKeyProjectID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_USER_ID: case management.UserGrantSearchKey_USERGRANTSEARCHKEY_USER_ID:

View File

@ -109,8 +109,6 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
return nil, err return nil, err
} }
request.Audience = appIDs request.Audience = appIDs
projectIDAud := request.GetScopeProjectIDsForAud()
request.Audience = append(request.Audience, projectIDAud...)
request.AppendAudIfNotExisting(app.ProjectID) request.AppendAudIfNotExisting(app.ProjectID)
if request.LoginHint != "" { if request.LoginHint != "" {
err = repo.checkLoginName(ctx, request, request.LoginHint) err = repo.checkLoginName(ctx, request, request.LoginHint)
@ -624,12 +622,16 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *model.AuthRequest) (
func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *model.AuthRequest, user *user_model.UserView) (model.NextStep, bool, error) { func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *model.AuthRequest, user *user_model.UserView) (model.NextStep, bool, error) {
mfaLevel := request.MfaLevel() mfaLevel := request.MfaLevel()
promptRequired := (user.MfaMaxSetUp < mfaLevel) || !user.HasRequiredOrgMFALevel(request.LoginPolicy) allowedProviders, required := user.MfaTypesAllowed(mfaLevel, request.LoginPolicy)
if promptRequired || !repo.mfaSkippedOrSetUp(user, request.LoginPolicy) { promptRequired := (user.MfaMaxSetUp < mfaLevel) || (len(allowedProviders) == 0 && required)
if promptRequired || !repo.mfaSkippedOrSetUp(user) {
types := user.MfaTypesSetupPossible(mfaLevel, request.LoginPolicy) types := user.MfaTypesSetupPossible(mfaLevel, request.LoginPolicy)
if promptRequired && len(types) == 0 { if promptRequired && len(types) == 0 {
return nil, false, errors.ThrowPreconditionFailed(nil, "LOGIN-5Hm8s", "Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured") return nil, false, errors.ThrowPreconditionFailed(nil, "LOGIN-5Hm8s", "Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured")
} }
if len(types) == 0 {
return nil, true, nil
}
return &model.MfaPromptStep{ return &model.MfaPromptStep{
Required: promptRequired, Required: promptRequired,
MfaProviders: types, MfaProviders: types,
@ -639,7 +641,7 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
default: default:
fallthrough fallthrough
case model.MFALevelNotSetUp: case model.MFALevelNotSetUp:
if user.MfaMaxSetUp == model.MFALevelNotSetUp { if len(allowedProviders) == 0 {
return nil, true, nil return nil, true, nil
} }
fallthrough fallthrough
@ -658,11 +660,11 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
} }
} }
return &model.MfaVerificationStep{ return &model.MfaVerificationStep{
MfaProviders: user.MfaTypesAllowed(mfaLevel, request.LoginPolicy), MfaProviders: allowedProviders,
}, false, nil }, false, nil
} }
func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, policy *iam_model.LoginPolicyView) bool { func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView) bool {
if user.MfaMaxSetUp > model.MFALevelNotSetUp { if user.MfaMaxSetUp > model.MFALevelNotSetUp {
return true return true
} }

View File

@ -909,6 +909,25 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
false, false,
errors.IsPreconditionFailed, errors.IsPreconditionFailed,
}, },
{
"not set up, no mfas configured, no prompt and true",
fields{
MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
},
args{
request: &model.AuthRequest{
LoginPolicy: &iam_model.LoginPolicyView{},
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MfaMaxSetUp: model.MFALevelNotSetUp,
},
},
},
nil,
true,
nil,
},
{ {
"not set up, prompt and false", "not set up, prompt and false",
fields{ fields{
@ -988,7 +1007,9 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
}, },
args{ args{
request: &model.AuthRequest{ request: &model.AuthRequest{
LoginPolicy: &iam_model.LoginPolicyView{}, LoginPolicy: &iam_model.LoginPolicyView{
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
},
}, },
user: &user_model.UserView{ user: &user_model.UserView{
HumanView: &user_model.HumanView{ HumanView: &user_model.HumanView{
@ -1055,7 +1076,6 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
} }
type args struct { type args struct {
user *user_model.UserView user *user_model.UserView
policy *iam_model.LoginPolicyView
} }
tests := []struct { tests := []struct {
name string name string
@ -1072,9 +1092,6 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
MfaMaxSetUp: model.MFALevelSecondFactor, MfaMaxSetUp: model.MFALevelSecondFactor,
}, },
}, },
&iam_model.LoginPolicyView{
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
},
}, },
true, true,
}, },
@ -1090,9 +1107,6 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
MfaInitSkipped: time.Now().UTC().Add(-10 * time.Hour), MfaInitSkipped: time.Now().UTC().Add(-10 * time.Hour),
}, },
}, },
&iam_model.LoginPolicyView{
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
},
}, },
true, true,
}, },
@ -1108,9 +1122,6 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
MfaInitSkipped: time.Now().UTC().Add(-40 * 24 * time.Hour), MfaInitSkipped: time.Now().UTC().Add(-40 * 24 * time.Hour),
}, },
}, },
&iam_model.LoginPolicyView{
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
},
}, },
false, false,
}, },
@ -1120,7 +1131,7 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
repo := &AuthRequestRepo{ repo := &AuthRequestRepo{
MfaInitSkippedLifeTime: tt.fields.MfaInitSkippedLifeTime, MfaInitSkippedLifeTime: tt.fields.MfaInitSkippedLifeTime,
} }
if got := repo.mfaSkippedOrSetUp(tt.args.user, tt.args.policy); got != tt.want { if got := repo.mfaSkippedOrSetUp(tt.args.user); got != tt.want {
t.Errorf("mfaSkippedOrSetUp() = %v, want %v", got, tt.want) t.Errorf("mfaSkippedOrSetUp() = %v, want %v", got, tt.want)
} }
}) })

View File

@ -3,11 +3,13 @@ package eventstore
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models" "github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model" usr_model "github.com/caos/zitadel/internal/user/model"
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing" user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/repository/view/model" "github.com/caos/zitadel/internal/user/repository/view/model"
"strings"
"time" "time"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view" "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
@ -18,19 +20,26 @@ type TokenRepo struct {
View *view.View View *view.View
} }
func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) { func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) {
preferredLanguage := "" preferredLanguage := ""
user, _ := repo.View.UserByID(userID) user, _ := repo.View.UserByID(userID)
if user != nil { if user != nil {
preferredLanguage = user.PreferredLanguage preferredLanguage = user.PreferredLanguage
} }
for _, scope := range scopes {
if strings.HasPrefix(scope, auth_req_model.ProjectIDScope) && strings.HasSuffix(scope, auth_req_model.AudSuffix) {
audience = append(audience, strings.TrimSuffix(strings.TrimPrefix(scope, auth_req_model.ProjectIDScope), auth_req_model.AudSuffix))
}
}
now := time.Now().UTC() now := time.Now().UTC()
token := &usr_model.Token{ token := &usr_model.Token{
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: userID, AggregateID: userID,
}, },
UserAgentID: agentID, UserAgentID: agentID,
ApplicationID: applicationID, ApplicationID: clientID,
Audience: audience, Audience: audience,
Scopes: scopes, Scopes: scopes,
Expiration: now.Add(lifetime), Expiration: now.Add(lifetime),
@ -82,3 +91,12 @@ func (repo *TokenRepo) TokenByID(ctx context.Context, userID, tokenID string) (*
} }
return model.TokenViewToModel(token), nil return model.TokenViewToModel(token), nil
} }
func AppendAudIfNotExisting(aud string, existingAud []string) []string {
for _, a := range existingAud {
if a == aud {
return existingAud
}
}
return append(existingAud, aud)
}

View File

@ -56,6 +56,8 @@ func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
return err return err
} }
err = policy.AppendEvent(event) err = policy.AppendEvent(event)
case model.LoginPolicyRemoved:
return m.view.DeleteLoginPolicy(event.AggregateID, event.Sequence)
default: default:
return m.view.ProcessedLoginPolicySequence(event.Sequence) return m.view.ProcessedLoginPolicySequence(event.Sequence)
} }

View File

@ -350,6 +350,7 @@ func (u *UserGrant) fillUserData(grant *view_model.UserGrantView, user *usr_mode
func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) { func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) {
grant.ProjectName = project.Name grant.ProjectName = project.Name
grant.ProjectOwner = project.ResourceOwner
} }
func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) { func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) {

View File

@ -7,7 +7,7 @@ import (
) )
type TokenRepository interface { type TokenRepository interface {
CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) CreateToken(ctx context.Context, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error)
IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error) IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error)
TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error)
} }

View File

@ -16,6 +16,9 @@ func (o *ObjectRoot) AppendEvent(event *Event) {
if o.AggregateID == "" { if o.AggregateID == "" {
o.AggregateID = event.AggregateID o.AggregateID = event.AggregateID
} }
if o.ResourceOwner == "" {
o.ResourceOwner = event.ResourceOwner
}
o.ChangeDate = event.CreationDate o.ChangeDate = event.CreationDate
if event.PreviousSequence == 0 { if event.PreviousSequence == 0 {
@ -23,7 +26,6 @@ func (o *ObjectRoot) AppendEvent(event *Event) {
} }
o.Sequence = event.Sequence o.Sequence = event.Sequence
o.ResourceOwner = event.ResourceOwner
} }
func (o *ObjectRoot) IsZero() bool { func (o *ObjectRoot) IsZero() bool {
return o.AggregateID == "" return o.AggregateID == ""

View File

@ -13,6 +13,7 @@ const (
Step4 Step4
Step5 Step5
Step6 Step6
Step7
//StepCount marks the the length of possible steps (StepCount-1 == last possible step) //StepCount marks the the length of possible steps (StepCount-1 == last possible step)
StepCount StepCount
) )

View File

@ -83,10 +83,12 @@ func (es *IAMEventstore) StartSetup(ctx context.Context, iamID string, step iam_
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "Setup already started") return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "Setup already started")
} }
repoIAM := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: iamID}, SetUpStarted: model.Step(step)} if iam == nil {
if iam != nil { iam = &iam_model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
repoIAM.ObjectRoot = iam.ObjectRoot
} }
iam.SetUpStarted = step
repoIAM := model.IAMFromModel(iam)
createAggregate := IAMSetupStartedAggregate(es.AggregateCreator(), repoIAM) createAggregate := IAMSetupStartedAggregate(es.AggregateCreator(), repoIAM)
err = es_sdk.Push(ctx, es.PushAggregates, repoIAM.AppendEvents, createAggregate) err = es_sdk.Push(ctx, es.PushAggregates, repoIAM.AppendEvents, createAggregate)
if err != nil { if err != nil {
@ -603,31 +605,43 @@ func (es *IAMEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, p
} }
func (es *IAMEventstore) AddSecondFactorToLoginPolicy(ctx context.Context, aggregateID string, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) { func (es *IAMEventstore) AddSecondFactorToLoginPolicy(ctx context.Context, aggregateID string, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) {
if mfa == iam_model.SecondFactorTypeUnspecified { repoIAM, addAggregate, err := es.PrepareAddSecondFactorToLoginPolicy(ctx, aggregateID, mfa)
return 0, caos_errs.ThrowPreconditionFailed(nil, "EVENT-1M8Js", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
iam, err := es.IAMByID(ctx, aggregateID)
if err != nil { if err != nil {
return 0, err return 0, err
} }
if _, m := iam.DefaultLoginPolicy.GetSecondFactor(mfa); m != 0 { err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIAM.AppendEvents, addAggregate)
return 0, caos_errs.ThrowAlreadyExists(nil, "EVENT-4Rk09", "Errors.IAM.LoginPolicy.MFA.AlreadyExists")
}
repoIam := model.IAMFromModel(iam)
repoMFA := model.SecondFactorFromModel(mfa)
addAggregate := LoginPolicySecondFactorAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMFA)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil { if err != nil {
return 0, err return 0, err
} }
es.iamCache.cacheIAM(repoIam) es.iamCache.cacheIAM(repoIAM)
if _, m := model.GetMFA(repoIam.DefaultLoginPolicy.SecondFactors, int32(mfa)); m != 0 { if _, m := model.GetMFA(repoIAM.DefaultLoginPolicy.SecondFactors, int32(mfa)); m != 0 {
return iam_model.SecondFactorType(m), nil return iam_model.SecondFactorType(m), nil
} }
return 0, caos_errs.ThrowInternal(nil, "EVENT-5N9so", "Errors.Internal") return 0, caos_errs.ThrowInternal(nil, "EVENT-5N9so", "Errors.Internal")
} }
func (es *IAMEventstore) PrepareAddSecondFactorToLoginPolicy(ctx context.Context, aggregateID string, mfa iam_model.SecondFactorType) (*model.IAM, *models.Aggregate, error) {
if mfa == iam_model.SecondFactorTypeUnspecified {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-1M8Js", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
iam, err := es.IAMByID(ctx, aggregateID)
if err != nil {
return nil, nil, err
}
if _, m := iam.DefaultLoginPolicy.GetSecondFactor(mfa); m != 0 {
return nil, nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-4Rk09", "Errors.IAM.LoginPolicy.MFA.AlreadyExists")
}
repoIAM := model.IAMFromModel(iam)
repoMFA := model.SecondFactorFromModel(mfa)
addAggregate := LoginPolicySecondFactorAddedAggregate(es.Eventstore.AggregateCreator(), repoIAM, repoMFA)
aggregate, err := addAggregate(ctx)
if err != nil {
return nil, nil, err
}
return repoIAM, aggregate, nil
}
func (es *IAMEventstore) RemoveSecondFactorFromLoginPolicy(ctx context.Context, aggregateID string, mfa iam_model.SecondFactorType) error { func (es *IAMEventstore) RemoveSecondFactorFromLoginPolicy(ctx context.Context, aggregateID string, mfa iam_model.SecondFactorType) error {
if mfa == iam_model.SecondFactorTypeUnspecified { if mfa == iam_model.SecondFactorTypeUnspecified {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-4gJ9s", "Errors.IAM.LoginPolicy.MFA.Unspecified") return caos_errs.ThrowPreconditionFailed(nil, "EVENT-4gJ9s", "Errors.IAM.LoginPolicy.MFA.Unspecified")

View File

@ -2,6 +2,7 @@ package eventstore
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/authz"
caos_errors "github.com/caos/zitadel/internal/errors" caos_errors "github.com/caos/zitadel/internal/errors"

View File

@ -176,6 +176,7 @@ func (u *UserGrant) fillUserData(grant *view_model.UserGrantView, user *usr_mode
func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) { func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) {
grant.ProjectName = project.Name grant.ProjectName = project.Name
grant.ProjectOwner = project.ResourceOwner
} }
func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) { func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) {

View File

@ -12,6 +12,7 @@ type IAMSetUp struct {
Step4 *Step4 Step4 *Step4
Step5 *Step5 Step5 *Step5
Step6 *Step6 Step6 *Step6
Step7 *Step7
} }
func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) { func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) {
@ -25,6 +26,7 @@ func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) {
setup.Step4, setup.Step4,
setup.Step5, setup.Step5,
setup.Step6, setup.Step6,
setup.Step7,
} { } {
if step.step() <= currentDone { if step.step() <= currentDone {
continue continue

54
internal/setup/step7.go Normal file
View File

@ -0,0 +1,54 @@
package setup
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
type Step7 struct {
DefaultSecondFactor iam_model.SecondFactorType
setup *Setup
}
func (step *Step7) isNil() bool {
return step == nil
}
func (step *Step7) step() iam_model.Step {
return iam_model.Step7
}
func (step *Step7) init(setup *Setup) {
step.setup = setup
}
func (step *Step7) execute(ctx context.Context) (*iam_model.IAM, error) {
iam, agg, err := step.add2FAToPolicy(ctx, step.DefaultSecondFactor)
if err != nil {
logging.Log("SETUP-ZTuS1").WithField("step", step.step()).WithError(err).Error("unable to finish setup (add default mfa to login policy)")
return nil, err
}
iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())
if err != nil {
logging.Log("SETUP-OkF8o").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")
return nil, err
}
err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)
if err != nil {
logging.Log("SETUP-YbQ6T").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
return nil, err
}
return iam_es_model.IAMToModel(iam), nil
}
func (step *Step7) add2FAToPolicy(ctx context.Context, secondFactor iam_model.SecondFactorType) (*iam_es_model.IAM, *models.Aggregate, error) {
logging.Log("SETUP-geMGDuZ").Info("adding 2FA to loginPolicy")
return step.setup.IamEvents.PrepareAddSecondFactorToLoginPolicy(ctx, step.setup.iamID, secondFactor)
}

View File

@ -142,10 +142,12 @@ func (u *UserView) MfaTypesSetupPossible(level req_model.MFALevel, policy *iam_m
return types return types
} }
func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.LoginPolicyView) []req_model.MFAType { func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.LoginPolicyView) ([]req_model.MFAType, bool) {
types := make([]req_model.MFAType, 0) types := make([]req_model.MFAType, 0)
required := true
switch level { switch level {
default: default:
required = policy.ForceMFA
fallthrough fallthrough
case req_model.MFALevelSecondFactor: case req_model.MFALevelSecondFactor:
if policy.HasSecondFactors() { if policy.HasSecondFactors() {
@ -172,7 +174,7 @@ func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.L
} }
//PLANNED: add token //PLANNED: add token
} }
return types return types, required
} }
func (u *UserView) HasRequiredOrgMFALevel(policy *iam_model.LoginPolicyView) bool { func (u *UserView) HasRequiredOrgMFALevel(policy *iam_model.LoginPolicyView) bool {

View File

@ -56,6 +56,7 @@ const (
UserGrantSearchKeyOrgDomain UserGrantSearchKeyOrgDomain
UserGrantSearchKeyProjectName UserGrantSearchKeyProjectName
UserGrantSearchKeyDisplayName UserGrantSearchKeyDisplayName
UserGrantSearchKeyWithGranted
) )
type UserGrantSearchQuery struct { type UserGrantSearchQuery struct {

View File

@ -43,6 +43,7 @@ type UserGrantView struct {
DisplayName string `json:"-" gorm:"column:display_name"` DisplayName string `json:"-" gorm:"column:display_name"`
Email string `json:"-" gorm:"column:email"` Email string `json:"-" gorm:"column:email"`
ProjectName string `json:"-" gorm:"column:project_name"` ProjectName string `json:"-" gorm:"column:project_name"`
ProjectOwner string `json:"-" gorm:"column:project_owner"`
OrgName string `json:"-" gorm:"column:org_name"` OrgName string `json:"-" gorm:"column:org_name"`
OrgPrimaryDomain string `json:"-" gorm:"column:org_primary_domain"` OrgPrimaryDomain string `json:"-" gorm:"column:org_primary_domain"`
RoleKeys pq.StringArray `json:"roleKeys" gorm:"column:role_keys"` RoleKeys pq.StringArray `json:"roleKeys" gorm:"column:role_keys"`

View File

@ -2,12 +2,13 @@ package model
import ( import (
"encoding/json" "encoding/json"
"reflect"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/models" es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/model" "github.com/caos/zitadel/internal/usergrant/model"
es_model "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model" es_model "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
"github.com/lib/pq" "github.com/lib/pq"
"reflect"
"testing"
) )
func mockUserGrantData(grant *es_model.UserGrant) []byte { func mockUserGrantData(grant *es_model.UserGrant) []byte {

View File

@ -34,13 +34,39 @@ func UserGrantByIDs(db *gorm.DB, table, resourceOwnerID, projectID, userID strin
} }
func SearchUserGrants(db *gorm.DB, table string, req *grant_model.UserGrantSearchRequest) ([]*model.UserGrantView, uint64, error) { func SearchUserGrants(db *gorm.DB, table string, req *grant_model.UserGrantSearchRequest) ([]*model.UserGrantView, uint64, error) {
users := make([]*model.UserGrantView, 0) grants := make([]*model.UserGrantView, 0)
var orgID string
var withGranted bool
for i := len(req.Queries) - 1; i >= 0; i-- {
shouldRemove := false
if req.Queries[i].Key == grant_model.UserGrantSearchKeyResourceOwner {
orgID = req.Queries[i].Value.(string)
shouldRemove = true
}
if req.Queries[i].Key == grant_model.UserGrantSearchKeyWithGranted {
withGranted = true
shouldRemove = true
}
if shouldRemove {
req.Queries[i] = req.Queries[len(req.Queries)-1]
req.Queries[len(req.Queries)-1] = nil
req.Queries = req.Queries[:len(req.Queries)-1]
}
}
if withGranted {
db = db.Where("resource_owner = ? OR project_owner = ?", orgID, orgID)
} else {
db = db.Where("resource_owner = ?", orgID)
}
query := repository.PrepareSearchQuery(table, model.UserGrantSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries}) query := repository.PrepareSearchQuery(table, model.UserGrantSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &users) count, err := query(db, &grants)
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
return users, count, nil return grants, count, nil
} }
func UserGrantsByUserID(db *gorm.DB, table, userID string) ([]*model.UserGrantView, error) { func UserGrantsByUserID(db *gorm.DB, table, userID string) ([]*model.UserGrantView, error) {

View File

@ -2,6 +2,7 @@ package repository
import ( import (
"fmt" "fmt"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/model" "github.com/caos/zitadel/internal/model"
"github.com/jinzhu/gorm" "github.com/jinzhu/gorm"
@ -37,6 +38,7 @@ func PrepareSearchQuery(table string, request SearchRequest) func(db *gorm.DB, r
} }
query = query.Order(fmt.Sprintf("%s %s", column.ToColumnName(), order)) query = query.Order(fmt.Sprintf("%s %s", column.ToColumnName(), order))
} }
for _, q := range request.GetQueries() { for _, q := range request.GetQueries() {
var err error var err error
query, err = SetQuery(query, q.GetKey(), q.GetValue(), q.GetMethod()) query, err = SetQuery(query, q.GetKey(), q.GetValue(), q.GetMethod())

View File

@ -0,0 +1,5 @@
ALTER TABLE management.user_grants ADD COLUMN project_owner STRING;
ALTER TABLE auth.user_grants ADD COLUMN project_owner STRING;
ALTER TABLE authz.user_grants ADD COLUMN project_owner STRING;

View File

@ -2863,7 +2863,7 @@ message UserGrantSearchRequest {
message UserGrantSearchQuery { message UserGrantSearchQuery {
UserGrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}]; UserGrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2 [(validate.rules).enum = {in: [0]}]; SearchMethod method = 2 [(validate.rules).enum.defined_only = true];
string value = 3; string value = 3;
} }
@ -2871,7 +2871,7 @@ enum UserGrantSearchKey {
USERGRANTSEARCHKEY_UNSPECIFIED = 0; USERGRANTSEARCHKEY_UNSPECIFIED = 0;
USERGRANTSEARCHKEY_PROJECT_ID = 1; USERGRANTSEARCHKEY_PROJECT_ID = 1;
USERGRANTSEARCHKEY_USER_ID = 2; USERGRANTSEARCHKEY_USER_ID = 2;
USERGRANTSEARCHKEY_ORG_ID = 3; USERGRANTSEARCHKEY_WITH_GRANTED = 3;
USERGRANTSEARCHKEY_ROLE_KEY = 4; USERGRANTSEARCHKEY_ROLE_KEY = 4;
USERGRANTSEARCHKEY_GRANT_ID = 5; USERGRANTSEARCHKEY_GRANT_ID = 5;
USERGRANTSEARCHKEY_USER_NAME = 6; USERGRANTSEARCHKEY_USER_NAME = 6;

143
site/package-lock.json generated
View File

@ -1060,19 +1060,14 @@
"to-fast-properties": "^2.0.0" "to-fast-properties": "^2.0.0"
} }
}, },
"@formatjs/intl-unified-numberformat": { "@formatjs/ecma402-abstract": {
"version": "3.3.7", "version": "1.4.0",
"resolved": "https://registry.npmjs.org/@formatjs/intl-unified-numberformat/-/intl-unified-numberformat-3.3.7.tgz", "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-1.4.0.tgz",
"integrity": "sha512-KnWgLRHzCAgT9eyt3OS34RHoyD7dPDYhRcuKn+/6Kv2knDF8Im43J6vlSW6Hm1w63fNq3ZIT1cFk7RuVO3Psag==", "integrity": "sha512-Mv027hcLFjE45K8UJ8PjRpdDGfR0aManEFj1KzoN8zXNveHGEygpZGfFf/FTTMl+QEVSrPAUlyxaCApvmv47AQ==",
"requires": { "requires": {
"@formatjs/intl-utils": "^2.3.0" "tslib": "^2.0.1"
} }
}, },
"@formatjs/intl-utils": {
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/@formatjs/intl-utils/-/intl-utils-2.3.0.tgz",
"integrity": "sha512-KWk80UPIzPmUg+P0rKh6TqspRw0G6eux1PuJr+zz47ftMaZ9QDwbGzHZbtzWkl5hgayM/qrKRutllRC7D/vVXQ=="
},
"@polka/send": { "@polka/send": {
"version": "0.4.0", "version": "0.4.0",
"resolved": "https://registry.npmjs.org/@polka/send/-/send-0.4.0.tgz", "resolved": "https://registry.npmjs.org/@polka/send/-/send-0.4.0.tgz",
@ -1374,11 +1369,6 @@
"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
"dev": true "dev": true
}, },
"commander": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz",
"integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA=="
},
"commondir": { "commondir": {
"version": "1.0.1", "version": "1.0.1",
"resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz",
@ -1464,8 +1454,7 @@
"deepmerge": { "deepmerge": {
"version": "4.2.2", "version": "4.2.2",
"resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz",
"integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg=="
"dev": true
}, },
"define-properties": { "define-properties": {
"version": "1.1.3", "version": "1.1.3",
@ -1476,6 +1465,11 @@
"object-keys": "^1.0.12" "object-keys": "^1.0.12"
} }
}, },
"dlv": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz",
"integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
},
"electron-to-chromium": { "electron-to-chromium": {
"version": "1.3.587", "version": "1.3.587",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.587.tgz", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.587.tgz",
@ -1533,9 +1527,9 @@
"integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==" "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="
}, },
"estree-walker": { "estree-walker": {
"version": "0.9.0", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-0.9.0.tgz", "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.1.tgz",
"integrity": "sha512-12U47o7XHUX329+x3FzNVjCx3SHEzMF0nkDv7r/HnBzX/xNTKxajBk6gyygaxrAFtLj39219oMfbtxv4KpaOiA==" "integrity": "sha512-tF0hv+Yi2Ot1cwj9eYHtxC0jB9bmjacjQs6ZBTj82H8JwUywFuc+7E83NWfNMwHXZc11mjfFcVXPe9gEP4B8dg=="
}, },
"esutils": { "esutils": {
"version": "2.0.3", "version": "2.0.3",
@ -1543,6 +1537,11 @@
"integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
"dev": true "dev": true
}, },
"fast-memoize": {
"version": "2.5.2",
"resolved": "https://registry.npmjs.org/fast-memoize/-/fast-memoize-2.5.2.tgz",
"integrity": "sha512-Ue0LwpDYErFbmNnZSF0UH6eImUwDmogUO1jyE+JbN2gsQz/jICm1Ve7t9QT0rNSsfJt+Hs4/S3GnsDVjL4HVrw=="
},
"fs.realpath": { "fs.realpath": {
"version": "1.0.0", "version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@ -1703,26 +1702,23 @@
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
"dev": true "dev": true
}, },
"intl-format-cache": {
"version": "4.3.1",
"resolved": "https://registry.npmjs.org/intl-format-cache/-/intl-format-cache-4.3.1.tgz",
"integrity": "sha512-OEUYNA7D06agqPOYhbTkl0T8HA3QKSuwWh1HiClEnpd9vw7N+3XsQt5iZ0GUEchp5CW1fQk/tary+NsbF3yQ1Q=="
},
"intl-messageformat": { "intl-messageformat": {
"version": "7.8.4", "version": "9.3.18",
"resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-7.8.4.tgz", "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-9.3.18.tgz",
"integrity": "sha512-yS0cLESCKCYjseCOGXuV4pxJm/buTfyCJ1nzQjryHmSehlptbZbn9fnlk1I9peLopZGGbjj46yHHiTAEZ1qOTA==", "integrity": "sha512-OKrLWppdxXtRdRCPjmRZ9Ru7UZkZJDlMl+1Vpb3sCLWK0mFpr129K+gIlIb5zrWoAH3NiYDzekBXPTRWCyHSIA==",
"requires": { "requires": {
"intl-format-cache": "^4.2.21", "fast-memoize": "^2.5.2",
"intl-messageformat-parser": "^3.6.4" "intl-messageformat-parser": "6.0.16",
"tslib": "^2.0.1"
} }
}, },
"intl-messageformat-parser": { "intl-messageformat-parser": {
"version": "3.6.4", "version": "6.0.16",
"resolved": "https://registry.npmjs.org/intl-messageformat-parser/-/intl-messageformat-parser-3.6.4.tgz", "resolved": "https://registry.npmjs.org/intl-messageformat-parser/-/intl-messageformat-parser-6.0.16.tgz",
"integrity": "sha512-RgPGwue0mJtoX2Ax8EmMzJzttxjnva7gx0Q7mKJ4oALrTZvtmCeAw5Msz2PcjW4dtCh/h7vN/8GJCxZO1uv+OA==", "integrity": "sha512-Qy3Zz0vF4fhMVuW4BDqUr55LsOl9enM03wuwbP4Yg7v29rYNpf7Z76Whstu6uDLDJokrjbpgDvRcjSDTAhxKJw==",
"requires": { "requires": {
"@formatjs/intl-unified-numberformat": "^3.2.0" "@formatjs/ecma402-abstract": "1.4.0",
"tslib": "^2.0.1"
} }
}, },
"is-arrayish": { "is-arrayish": {
@ -1908,9 +1904,9 @@
} }
}, },
"marked": { "marked": {
"version": "1.2.2", "version": "1.2.4",
"resolved": "https://registry.npmjs.org/marked/-/marked-1.2.2.tgz", "resolved": "https://registry.npmjs.org/marked/-/marked-1.2.4.tgz",
"integrity": "sha512-5jjKHVl/FPo0Z6ocP3zYhKiJLzkwJAw4CZoLjv57FkvbUuwOX4LIBBGGcXjAY6ATcd1q9B8UTj5T9Umauj0QYQ==" "integrity": "sha512-6x5TFGCTKSQBLTZtOburGxCxFEBJEGYVLwCMTBCxzvyuisGcC20UNzDSJhCr/cJ/Kmh6ulfJm10g6WWEAJ3kvg=="
}, },
"matchit": { "matchit": {
"version": "1.1.0", "version": "1.1.0",
@ -1965,6 +1961,11 @@
"integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==",
"dev": true "dev": true
}, },
"mri": {
"version": "1.1.6",
"resolved": "https://registry.npmjs.org/mri/-/mri-1.1.6.tgz",
"integrity": "sha512-oi1b3MfbyGa7FJMP9GmLTttni5JoICpYBRlq+x5V16fZbLsnL9N3wFqqIm/nIG43FjUFkFh9Epzp/kzUGUnJxQ=="
},
"ms": { "ms": {
"version": "2.0.0", "version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
@ -2246,18 +2247,18 @@
} }
}, },
"rollup": { "rollup": {
"version": "2.33.1", "version": "2.33.2",
"resolved": "https://registry.npmjs.org/rollup/-/rollup-2.33.1.tgz", "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.33.2.tgz",
"integrity": "sha512-uY4O/IoL9oNW8MMcbA5hcOaz6tZTMIh7qJHx/tzIJm+n1wLoY38BLn6fuy7DhR57oNFLMbDQtDeJoFURt5933w==", "integrity": "sha512-QPQ6/fWCrzHtSXkI269rhKaC7qXGghYBwXU04b1JsDZ6ibZa3DJ9D1SFAYRMgx1inDg0DaTbb3N4Z1NK/r3fhw==",
"dev": true, "dev": true,
"requires": { "requires": {
"fsevents": "~2.1.2" "fsevents": "~2.1.2"
} }
}, },
"rollup-plugin-svelte": { "rollup-plugin-svelte": {
"version": "6.1.0", "version": "6.1.1",
"resolved": "https://registry.npmjs.org/rollup-plugin-svelte/-/rollup-plugin-svelte-6.1.0.tgz", "resolved": "https://registry.npmjs.org/rollup-plugin-svelte/-/rollup-plugin-svelte-6.1.1.tgz",
"integrity": "sha512-TX1nIZSD6ePiSdYIEfpkvR7lLnP1nsSycCVz+vXbm5d5kIe5WMldo6fwcL/T8KPjc42XDgLaRcS74BorpQvpiA==", "integrity": "sha512-ijnm0pH1ScrY4uxwaNXBpNVejVzpL2769hIEbAlnqNUWZrffLspu5/k9/l/Wsj3NrEHLQ6wCKGagVJonyfN7ow==",
"dev": true, "dev": true,
"requires": { "requires": {
"require-relative": "^0.8.7", "require-relative": "^0.8.7",
@ -2294,6 +2295,14 @@
} }
} }
}, },
"sade": {
"version": "1.7.4",
"resolved": "https://registry.npmjs.org/sade/-/sade-1.7.4.tgz",
"integrity": "sha512-y5yauMD93rX840MwUJr7C1ysLFBgMspsdTo4UVrDg3fXDvtwOyIqykhVAAm6fk/3au77773itJStObgK+LKaiA==",
"requires": {
"mri": "^1.1.0"
}
},
"safe-buffer": { "safe-buffer": {
"version": "5.1.2", "version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
@ -2364,12 +2373,20 @@
"dev": true "dev": true
}, },
"sirv": { "sirv": {
"version": "0.4.6", "version": "1.0.7",
"resolved": "https://registry.npmjs.org/sirv/-/sirv-0.4.6.tgz", "resolved": "https://registry.npmjs.org/sirv/-/sirv-1.0.7.tgz",
"integrity": "sha512-rYpOXlNbpHiY4nVXxuDf4mXPvKz1reZGap/LkWp9TvcZ84qD/nPBjjH/6GZsgIjVMbOslnY8YYULAyP8jMn1GQ==", "integrity": "sha512-QMT2OTD3CTr8de9VByPmvSEeyt6k8/Cxg0J2kQJ5HNhIWfhFg9ypcIWWzez9rPWnGj+WtJ7AZD/MdT/vdilV/A==",
"requires": { "requires": {
"@polka/url": "^0.5.0", "@polka/url": "^1.0.0-next.9",
"mime": "^2.3.1" "mime": "^2.3.1",
"totalist": "^1.0.0"
},
"dependencies": {
"@polka/url": {
"version": "1.0.0-next.11",
"resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.11.tgz",
"integrity": "sha512-3NsZsJIA/22P3QUyrEDNA2D133H4j224twJrdipXN38dpnIOzAbUDtOwkcJ5pXmn75w7LSQDjA4tO9dm1XlqlA=="
}
} }
}, },
"source-map": { "source-map": {
@ -2530,19 +2547,21 @@
} }
}, },
"svelte": { "svelte": {
"version": "3.29.4", "version": "3.29.7",
"resolved": "https://registry.npmjs.org/svelte/-/svelte-3.29.4.tgz", "resolved": "https://registry.npmjs.org/svelte/-/svelte-3.29.7.tgz",
"integrity": "sha512-oW0fGHlyFFMvzRtIvOs84b0fOc0gmZNQcL5Is3hxuTpvaYX3pfd8oHy4KnOvbq4Ca6SG6AHdRMk7OhApTo0NqA==", "integrity": "sha512-rx0g311kBODvEWUU01DFBUl3MJuJven04bvTVFUG/w0On/wuj0PajQY/QlXcJndFxG+W1s8iXKaB418tdHWc3A==",
"dev": true "dev": true
}, },
"svelte-i18n": { "svelte-i18n": {
"version": "3.1.0", "version": "3.2.5",
"resolved": "https://registry.npmjs.org/svelte-i18n/-/svelte-i18n-3.1.0.tgz", "resolved": "https://registry.npmjs.org/svelte-i18n/-/svelte-i18n-3.2.5.tgz",
"integrity": "sha512-R4hH422srFiXekbJJYQp/NPgdiffE12ST0mvrrcbNs5SGpLdl4aK6EE1pWEP3BzTxly0witZy9GDERL8nXSDAw==", "integrity": "sha512-EBPEPcf3Ro7av0b8g/owlfb8fQgnYFan/9gfpRtJ5EmJ7SUUnoCD8JngN9FCKY/cBu1kg2aCUCM6XyauMuAvIA==",
"requires": { "requires": {
"commander": "^4.0.1", "deepmerge": "^4.2.2",
"estree-walker": "^0.9.0", "dlv": "^1.1.3",
"intl-messageformat": "^7.5.2", "estree-walker": "^2.0.1",
"intl-messageformat": "^9.3.15",
"sade": "^1.7.4",
"tiny-glob": "^0.2.6" "tiny-glob": "^0.2.6"
} }
}, },
@ -2586,6 +2605,11 @@
"integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=", "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=",
"dev": true "dev": true
}, },
"totalist": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/totalist/-/totalist-1.1.0.tgz",
"integrity": "sha512-gduQwd1rOdDMGxFG1gEvhV88Oirdo2p+KjoYFU7k2g+i7n6AFFbDQ5kMPUsW0pNbfQsB/cwXvT1i4Bue0s9g5g=="
},
"trouter": { "trouter": {
"version": "2.0.1", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/trouter/-/trouter-2.0.1.tgz", "resolved": "https://registry.npmjs.org/trouter/-/trouter-2.0.1.tgz",
@ -2594,6 +2618,11 @@
"matchit": "^1.0.0" "matchit": "^1.0.0"
} }
}, },
"tslib": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.3.tgz",
"integrity": "sha512-uZtkfKblCEQtZKBF6EBXVZeQNl82yqtDQdv+eck8u7tdPxjLu2/lp5/uPW+um2tpuxINHWy3GhiccY7QgEaVHQ=="
},
"uglify-js": { "uglify-js": {
"version": "3.11.5", "version": "3.11.5",
"resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.11.5.tgz", "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.11.5.tgz",

View File

@ -9,7 +9,8 @@
"start": "node __sapper__/build", "start": "node __sapper__/build",
"cy:run": "cypress run", "cy:run": "cypress run",
"cy:open": "cypress open", "cy:open": "cypress open",
"test": "run-p --race dev cy:run" "test": "run-p --race dev cy:run",
"imageoptim": "imageoptim --imagealpha 'static/img/*.png'"
}, },
"dependencies": { "dependencies": {
"@polka/send": "^0.4.0", "@polka/send": "^0.4.0",
@ -20,7 +21,7 @@
"marked": "^1.2.2", "marked": "^1.2.2",
"polka": "^0.5.2", "polka": "^0.5.2",
"svelte-i18n": "^3.1.0", "svelte-i18n": "^3.1.0",
"sirv": "^0.4.2" "sirv": "^1.0.7"
}, },
"devDependencies": { "devDependencies": {
"@babel/core": "^7.12.3", "@babel/core": "^7.12.3",

Binary file not shown.

Before

Width:  |  Height:  |  Size: 344 KiB

After

Width:  |  Height:  |  Size: 71 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 863 KiB

After

Width:  |  Height:  |  Size: 202 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.1 MiB

After

Width:  |  Height:  |  Size: 259 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.0 MiB

After

Width:  |  Height:  |  Size: 261 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 861 KiB

After

Width:  |  Height:  |  Size: 196 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 856 KiB

After

Width:  |  Height:  |  Size: 194 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 866 KiB

After

Width:  |  Height:  |  Size: 202 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 910 KiB

After

Width:  |  Height:  |  Size: 208 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 855 KiB

After

Width:  |  Height:  |  Size: 197 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 499 KiB

After

Width:  |  Height:  |  Size: 82 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 840 KiB

After

Width:  |  Height:  |  Size: 163 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 447 KiB

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 429 KiB

After

Width:  |  Height:  |  Size: 35 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 293 KiB

After

Width:  |  Height:  |  Size: 33 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 274 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 28 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 110 KiB

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 16 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 119 KiB

After

Width:  |  Height:  |  Size: 21 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 905 KiB

After

Width:  |  Height:  |  Size: 138 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 841 KiB

After

Width:  |  Height:  |  Size: 163 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 615 KiB

After

Width:  |  Height:  |  Size: 132 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 676 KiB

After

Width:  |  Height:  |  Size: 123 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 695 KiB

After

Width:  |  Height:  |  Size: 139 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 686 KiB

After

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 249 KiB

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 250 KiB

After

Width:  |  Height:  |  Size: 40 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 615 KiB

After

Width:  |  Height:  |  Size: 132 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 204 KiB

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1002 KiB

After

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.0 MiB

After

Width:  |  Height:  |  Size: 174 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 656 KiB

After

Width:  |  Height:  |  Size: 116 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 715 KiB

After

Width:  |  Height:  |  Size: 142 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1006 KiB

After

Width:  |  Height:  |  Size: 109 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 788 KiB

After

Width:  |  Height:  |  Size: 155 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 247 KiB

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 692 KiB

After

Width:  |  Height:  |  Size: 107 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 298 KiB

After

Width:  |  Height:  |  Size: 29 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 294 KiB

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 268 KiB

After

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 274 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.2 MiB

After

Width:  |  Height:  |  Size: 181 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 338 KiB

After

Width:  |  Height:  |  Size: 47 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 250 KiB

After

Width:  |  Height:  |  Size: 52 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 668 KiB

After

Width:  |  Height:  |  Size: 123 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 160 KiB

After

Width:  |  Height:  |  Size: 27 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 302 KiB

After

Width:  |  Height:  |  Size: 64 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 16 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 360 KiB

After

Width:  |  Height:  |  Size: 47 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 358 KiB

After

Width:  |  Height:  |  Size: 51 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 68 KiB

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 9.9 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 49 KiB

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 7.2 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 21 KiB