TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: option to disallow public org registration (#6917)

Browse Source 
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* lint
This commit is contained in:
Elio Bischof
2023-11-22 10:29:38 +01:00
committed by GitHub
parent 5fa596a871
commit 76fe032b5f
45 changed files with 1280 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/api/ui/login/register_org_handler.go
View File

@@ -1,6 +1,7 @@
package login
import (
"context"
"net/http"
"github.com/zitadel/zitadel/internal/api/authz"
@@ -38,6 +39,11 @@ type registerOrgData struct {
}
func (l *Login) handleRegisterOrg(w http.ResponseWriter, r *http.Request) {
disallowed, err := l.publicOrgRegistrationIsDisallowed(r.Context())
if disallowed || err != nil {
w.WriteHeader(http.StatusNotFound)
return
}
data := new(registerOrgFormData)
authRequest, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
@@ -48,6 +54,11 @@ func (l *Login) handleRegisterOrg(w http.ResponseWriter, r *http.Request) {
}
func (l *Login) handleRegisterOrgCheck(w http.ResponseWriter, r *http.Request) {
disallowed, err := l.publicOrgRegistrationIsDisallowed(r.Context())
if disallowed || err != nil {
w.WriteHeader(http.StatusConflict)
return
}
data := new(registerOrgFormData)
authRequest, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
@@ -119,6 +130,11 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplRegisterOrg], data, nil)
}
func (l *Login) publicOrgRegistrationIsDisallowed(ctx context.Context) (bool, error) {
restrictions, err := l.query.GetInstanceRestrictions(ctx)
return restrictions.DisallowPublicOrgRegistration, err
}
func (d registerOrgFormData) toUserDomain() *domain.Human {
if d.Username == "" {
d.Username = string(d.Email)