fix: restrict AllowRegistration check to local registration (#5939)

* fix: restrict AllowRegistration check to local registration * add comment * add additional tests * hide registration fields if no registration allowed * fix: always allow linking and creation of external idps on users in userV2 and admin import * chore: exclude console dist and node_module folders from cache * chore: include node_module folders into cache again * linting
2025-08-12 03:37:34 +00:00 · 2023-08-23 13:55:52 +02:00
parent cbd2ef0612
commit 66772ad0dd
9 changed files with 468 additions and 40 deletions
--- a/internal/command/idp_model.go
+++ b/internal/command/idp_model.go
@@ -189,6 +189,10 @@ func (wm *OAuthIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encry
 	)
 }

+func (wm *OAuthIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type OIDCIDPWriteModel struct {
 	eventstore.WriteModel

@@ -310,7 +314,10 @@ func (wm *OIDCIDPWriteModel) NewChanges(
 // reduceIDPConfigAddedEvent handles old idpConfig events
 func (wm *OIDCIDPWriteModel) reduceIDPConfigAddedEvent(e *idpconfig.IDPConfigAddedEvent) {
 	wm.Name = e.Name
+	wm.Options.IsCreationAllowed = true
+	wm.Options.IsLinkingAllowed = true
 	wm.Options.IsAutoCreation = e.AutoRegister
+	wm.Options.IsAutoUpdate = false
 	wm.State = domain.IDPStateActive
 }

@@ -382,6 +389,10 @@ func (wm *OIDCIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encryp
 	)
 }

+func (wm *OIDCIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type JWTIDPWriteModel struct {
 	eventstore.WriteModel

@@ -483,7 +494,10 @@ func (wm *JWTIDPWriteModel) NewChanges(
 // reduceIDPConfigAddedEvent handles old idpConfig events
 func (wm *JWTIDPWriteModel) reduceIDPConfigAddedEvent(e *idpconfig.IDPConfigAddedEvent) {
 	wm.Name = e.Name
+	wm.Options.IsCreationAllowed = true
+	wm.Options.IsLinkingAllowed = true
 	wm.Options.IsAutoCreation = e.AutoRegister
+	wm.Options.IsAutoUpdate = false
 	wm.State = domain.IDPStateActive
 }

@@ -546,6 +560,10 @@ func (wm *JWTIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encrypt
 	)
 }

+func (wm *JWTIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type AzureADIDPWriteModel struct {
 	eventstore.WriteModel

@@ -690,6 +708,10 @@ func (wm *AzureADIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Enc
 	)
 }

+func (wm *AzureADIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type GitHubIDPWriteModel struct {
 	eventstore.WriteModel

@@ -803,6 +825,10 @@ func (wm *GitHubIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encr
 	)
 }

+func (wm *GitHubIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type GitHubEnterpriseIDPWriteModel struct {
 	eventstore.WriteModel

@@ -947,6 +973,10 @@ func (wm *GitHubEnterpriseIDPWriteModel) ToProvider(callbackURL string, idpAlg c
 	)
 }

+func (wm *GitHubEnterpriseIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type GitLabIDPWriteModel struct {
 	eventstore.WriteModel

@@ -1061,6 +1091,10 @@ func (wm *GitLabIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encr
 	)
 }

+func (wm *GitLabIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type GitLabSelfHostedIDPWriteModel struct {
 	eventstore.WriteModel

@@ -1185,6 +1219,10 @@ func (wm *GitLabSelfHostedIDPWriteModel) ToProvider(callbackURL string, idpAlg c
 	)
 }

+func (wm *GitLabSelfHostedIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type GoogleIDPWriteModel struct {
 	eventstore.WriteModel

@@ -1306,6 +1344,10 @@ func (wm *GoogleIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encr
 	)
 }

+func (wm *GoogleIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type LDAPIDPWriteModel struct {
 	eventstore.WriteModel

@@ -1541,6 +1583,10 @@ func (wm *LDAPIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encryp
 	), nil
 }

+func (wm *LDAPIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.Options
+}
+
 type IDPRemoveWriteModel struct {
 	eventstore.WriteModel

@@ -1771,6 +1817,7 @@ func (wm *IDPTypeWriteModel) Query() *eventstore.SearchQueryBuilder {
 type IDP interface {
 	eventstore.QueryReducer
 	ToProvider(string, crypto.EncryptionAlgorithm) (providers.Provider, error)
+	GetProviderOptions() idp.Options
 }

 type AllIDPWriteModel struct {
@@ -1863,3 +1910,7 @@ func (wm *AllIDPWriteModel) AppendEvents(events ...eventstore.Event) {
 func (wm *AllIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.EncryptionAlgorithm) (providers.Provider, error) {
 	return wm.model.ToProvider(callbackURL, idpAlg)
 }
+
+func (wm *AllIDPWriteModel) GetProviderOptions() idp.Options {
+	return wm.model.GetProviderOptions()
+}