fix: allow start and retrieve IdP intents with IdPs from other organizations (#7871)

* fix: correct resourceowner of intent to instance * fix: correct resourceowner of intent to instance * fix: correct resourceowner of intent to instance * fix: correct resourceowner of intent to instance * fix: correct resourceowner of intent to instance * docs: expand the login example with org specific parameters * fix: existence of idp is not checked through resourceowner * fix: existence of idp is not checked through resourceowner * fix: existence of idp is not checked through resourceowner --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:47:33 +00:00 · 2024-05-07 08:11:20 +02:00
parent 5bf195d374
commit 72c5b057f1
13 changed files with 439 additions and 156 deletions
--- a/internal/command/idp_intent.go
+++ b/internal/command/idp_intent.go
@@ -25,7 +25,7 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

-func (c *Commands) prepareCreateIntent(writeModel *IDPIntentWriteModel, idpID string, successURL, failureURL string) preparation.Validation {
+func (c *Commands) prepareCreateIntent(writeModel *IDPIntentWriteModel, idpID, successURL, failureURL string) preparation.Validation {
 	return func() (_ preparation.CreateCommands, err error) {
 		if idpID == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x8j2bk", "Errors.Intent.IDPMissing")
@@ -43,12 +43,17 @@ func (c *Commands) prepareCreateIntent(writeModel *IDPIntentWriteModel, idpID st
 			if err != nil {
 				return nil, err
 			}
-			exists, err := ExistsIDP(ctx, filter, idpID, writeModel.ResourceOwner)
+			exists, err := ExistsIDP(ctx, filter, idpID)
 			if !exists || err != nil {
 				return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-39n221fs", "Errors.IDPConfig.NotExisting")
 			}
 			return []eventstore.Command{
-				idpintent.NewStartedEvent(ctx, writeModel.aggregate, successURL, failureURL, idpID),
+				idpintent.NewStartedEvent(ctx,
+					IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
+					successURL,
+					failureURL,
+					idpID,
+				),
 			}, nil
 		}, nil
 	}
@@ -64,6 +69,7 @@ func (c *Commands) CreateIntent(ctx context.Context, idpID, successURL, failureU
 		return nil, nil, err
 	}

+	//nolint: staticcheck
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareCreateIntent(writeModel, idpID, successURL, failureURL))
 	if err != nil {
 		return nil, nil, err
@@ -117,7 +123,7 @@ func (c *Commands) GetActiveIntent(ctx context.Context, intentID string) (*IDPIn
 		return nil, err
 	}
 	if intent.State == domain.IDPIntentStateUnspecified {
-		return nil, zerrors.ThrowNotFound(nil, "IDP-Hk38e", "Errors.Intent.NotStarted")
+		return nil, zerrors.ThrowNotFound(nil, "IDP-gy3ctgkqe7", "Errors.Intent.NotStarted")
 	}
 	if intent.State != domain.IDPIntentStateStarted {
 		return nil, zerrors.ThrowInvalidArgument(nil, "IDP-Sfrgs", "Errors.Intent.NotStarted")
@@ -166,7 +172,7 @@ func (c *Commands) SucceedIDPIntent(ctx context.Context, writeModel *IDPIntentWr
 	}
 	cmd := idpintent.NewSucceededEvent(
 		ctx,
-		&idpintent.NewAggregate(writeModel.AggregateID, writeModel.ResourceOwner).Aggregate,
+		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
 		idpInfo,
 		idpUser.GetID(),
 		idpUser.GetPreferredUsername(),
@@ -200,7 +206,7 @@ func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPInte
 	}
 	cmd := idpintent.NewSAMLSucceededEvent(
 		ctx,
-		&idpintent.NewAggregate(writeModel.AggregateID, writeModel.ResourceOwner).Aggregate,
+		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
 		idpInfo,
 		idpUser.GetID(),
 		idpUser.GetPreferredUsername(),
@@ -217,7 +223,7 @@ func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPInte
 func (c *Commands) RequestSAMLIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, requestID string) error {
 	return c.pushAppendAndReduce(ctx, writeModel, idpintent.NewSAMLRequestEvent(
 		ctx,
-		&idpintent.NewAggregate(writeModel.AggregateID, writeModel.ResourceOwner).Aggregate,
+		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
 		requestID,
 	))
 }
@@ -241,7 +247,7 @@ func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPInte
 	}
 	cmd := idpintent.NewLDAPSucceededEvent(
 		ctx,
-		&idpintent.NewAggregate(writeModel.AggregateID, writeModel.ResourceOwner).Aggregate,
+		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
 		idpInfo,
 		idpUser.GetID(),
 		idpUser.GetPreferredUsername(),
@@ -258,7 +264,7 @@ func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPInte
 func (c *Commands) FailIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, reason string) error {
 	cmd := idpintent.NewFailedEvent(
 		ctx,
-		&idpintent.NewAggregate(writeModel.AggregateID, writeModel.ResourceOwner).Aggregate,
+		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
 		reason,
 	)
 	_, err := c.eventstore.Push(ctx, cmd)