feat(login): use default org for login without provided org context (#6625)

* start feature flags * base feature events on domain const * setup default features * allow setting feature in system api * allow setting feature in admin api * set settings in login based on feature * fix rebasing * unit tests * i18n * update policy after domain discovery * some changes from review * check feature and value type * check feature and value type
2025-08-11 18:17:35 +00:00 · 2023-09-29 10:21:32 +02:00
parent d01f4d229f
commit 68bfab2fb3
41 changed files with 875 additions and 38 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -3706,6 +3706,19 @@ service AdminService {
            description: "Returns a list of the possible aggregate types in ZITADEL. This is used to filter the aggregate types in the list events request."
        };
    }
+
+    // Activates the "LoginDefaultOrg" feature by setting the flag to "true"
+    // This is irreversible!
+    // Once activated, the login UI will use the settings of the default org (and not from the instance) if not organisation context is set
+    rpc ActivateFeatureLoginDefaultOrg(ActivateFeatureLoginDefaultOrgRequest) returns (ActivateFeatureLoginDefaultOrgResponse) {
+        option (google.api.http) = {
+            put: "/features/login_default_org"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.feature.write";
+        };
+    }
 }


@@ -7740,3 +7753,9 @@ message ListAggregateTypesRequest {}
 message ListAggregateTypesResponse {
    repeated zitadel.event.v1.AggregateType aggregate_types = 1;
 }
+
+message ActivateFeatureLoginDefaultOrgRequest {}
+
+message ActivateFeatureLoginDefaultOrgResponse {
+    zitadel.v1.ObjectDetails details = 1;
+}
--- a/proto/zitadel/system.proto
+++ b/proto/zitadel/system.proto
@@ -397,6 +397,18 @@ service SystemService {
      permission: "authenticated";
    };
  }
+
+  // Set a feature flag on an instance
+  rpc SetInstanceFeature(SetInstanceFeatureRequest) returns (SetInstanceFeatureResponse) {
+    option (google.api.http) = {
+      put: "/instances/{instance_id}/features/{feature_id}"
+      body: "*"
+    };
+
+    option (zitadel.v1.auth_option) = {
+      permission: "authenticated";
+    };
+  }
 }


@@ -879,3 +891,19 @@ message FailedEvent {
    }
  ];
 }
+
+message SetInstanceFeatureRequest {
+  string instance_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  // the feature (id) according to [internal/domain/feature.go]
+  int32 feature_id = 2 [(validate.rules).int32 = {gt: 0}];
+  // value based on the feature type
+  oneof value {
+    option (validate.required) = true;
+
+    bool bool = 3;
+  }
+}
+
+message SetInstanceFeatureResponse {
+  zitadel.v1.ObjectDetails details = 1;
+}