mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 02:54:20 +00:00
feat: display login succeeded page only for native apps (#2839)
This commit is contained in:
Livio Amstutz
GitHub
parent
2265fffd8e
commit
79f7c1198b
@ -46,6 +46,7 @@ type AuthRequestRepo struct {
|
|||||||
IDPProviderViewProvider idpProviderViewProvider
|
IDPProviderViewProvider idpProviderViewProvider
|
||||||
UserGrantProvider userGrantProvider
|
UserGrantProvider userGrantProvider
|
||||||
ProjectProvider projectProvider
|
ProjectProvider projectProvider
|
||||||
|
ApplicationProvider applicationProvider
|
||||||
|
|
||||||
IdGenerator id.Generator
|
IdGenerator id.Generator
|
||||||
|
|
||||||
@ -111,6 +112,10 @@ type projectProvider interface {
|
|||||||
OrgProjectMappingByIDs(orgID, projectID string) (*project_view_model.OrgProjectMapping, error)
|
OrgProjectMappingByIDs(orgID, projectID string) (*project_view_model.OrgProjectMapping, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type applicationProvider interface {
|
||||||
|
AppByOIDCClientID(context.Context, string) (*query.App, error)
|
||||||
|
}
|
||||||
|
|
||||||
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
|
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
|
||||||
return repo.AuthRequests.Health(ctx)
|
return repo.AuthRequests.Health(ctx)
|
||||||
}
|
}
|
||||||
@ -798,6 +803,13 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
|
|||||||
return append(steps, &domain.GrantRequiredStep{}), nil
|
return append(steps, &domain.GrantRequiredStep{}), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ok, err = repo.hasSucceededPage(ctx, request, repo.ApplicationProvider)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
steps = append(steps, &domain.LoginSucceededStep{})
|
||||||
|
}
|
||||||
return append(steps, &domain.RedirectToCallbackStep{}), nil
|
return append(steps, &domain.RedirectToCallbackStep{}), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -986,6 +998,14 @@ func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID stri
|
|||||||
return iam_view_model.CustomTextViewsToDomain(loginTexts), err
|
return iam_view_model.CustomTextViewsToDomain(loginTexts), err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *domain.AuthRequest, provider applicationProvider) (bool, error) {
|
||||||
|
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return app.OIDCConfig.AppType == domain.OIDCApplicationTypeNative, nil
|
||||||
|
}
|
||||||
|
|
||||||
func setOrgID(orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
|
func setOrgID(orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
|
||||||
primaryDomain := request.GetScopeOrgPrimaryDomain()
|
primaryDomain := request.GetScopeOrgPrimaryDomain()
|
||||||
if primaryDomain == "" {
|
if primaryDomain == "" {
|
||||||
|
|||||||
@ -240,6 +240,17 @@ func (m *mockProject) OrgProjectMappingByIDs(orgID, projectID string) (*proj_vie
|
|||||||
return nil, errors.ThrowNotFound(nil, "ERROR", "error")
|
return nil, errors.ThrowNotFound(nil, "ERROR", "error")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type mockApp struct {
|
||||||
|
app *query.App
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string) (*query.App, error) {
|
||||||
|
if m.app != nil {
|
||||||
|
return m.app, nil
|
||||||
|
}
|
||||||
|
return nil, errors.ThrowNotFound(nil, "ERROR", "error")
|
||||||
|
}
|
||||||
|
|
||||||
func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||||
type fields struct {
|
type fields struct {
|
||||||
AuthRequests *cache.AuthRequestCache
|
AuthRequests *cache.AuthRequestCache
|
||||||
@ -250,6 +261,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
orgViewProvider orgViewProvider
|
orgViewProvider orgViewProvider
|
||||||
userGrantProvider userGrantProvider
|
userGrantProvider userGrantProvider
|
||||||
projectProvider projectProvider
|
projectProvider projectProvider
|
||||||
|
applicationProvider applicationProvider
|
||||||
loginPolicyProvider loginPolicyViewProvider
|
loginPolicyProvider loginPolicyViewProvider
|
||||||
lockoutPolicyProvider lockoutPolicyViewProvider
|
lockoutPolicyProvider lockoutPolicyViewProvider
|
||||||
PasswordCheckLifeTime time.Duration
|
PasswordCheckLifeTime time.Duration
|
||||||
@ -705,10 +717,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
IsEmailVerified: true,
|
IsEmailVerified: true,
|
||||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||||
},
|
},
|
||||||
userEventProvider: &mockEventUser{},
|
userEventProvider: &mockEventUser{},
|
||||||
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||||
userGrantProvider: &mockUserGrants{},
|
userGrantProvider: &mockUserGrants{},
|
||||||
projectProvider: &mockProject{},
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
loginPolicyProvider: &mockLoginPolicy{
|
loginPolicyProvider: &mockLoginPolicy{
|
||||||
policy: &query.LoginPolicy{},
|
policy: &query.LoginPolicy{},
|
||||||
},
|
},
|
||||||
@ -763,10 +776,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
IsEmailVerified: true,
|
IsEmailVerified: true,
|
||||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||||
},
|
},
|
||||||
userEventProvider: &mockEventUser{},
|
userEventProvider: &mockEventUser{},
|
||||||
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||||
userGrantProvider: &mockUserGrants{},
|
userGrantProvider: &mockUserGrants{},
|
||||||
projectProvider: &mockProject{},
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
policy: &query.LockoutPolicy{
|
policy: &query.LockoutPolicy{
|
||||||
ShowFailures: true,
|
ShowFailures: true,
|
||||||
@ -994,10 +1008,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
IsEmailVerified: true,
|
IsEmailVerified: true,
|
||||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||||
},
|
},
|
||||||
userEventProvider: &mockEventUser{},
|
userEventProvider: &mockEventUser{},
|
||||||
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||||
userGrantProvider: &mockUserGrants{},
|
userGrantProvider: &mockUserGrants{},
|
||||||
projectProvider: &mockProject{},
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
policy: &query.LockoutPolicy{
|
policy: &query.LockoutPolicy{
|
||||||
ShowFailures: true,
|
ShowFailures: true,
|
||||||
@ -1028,10 +1043,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
IsEmailVerified: true,
|
IsEmailVerified: true,
|
||||||
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||||
},
|
},
|
||||||
userEventProvider: &mockEventUser{},
|
userEventProvider: &mockEventUser{},
|
||||||
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||||
userGrantProvider: &mockUserGrants{},
|
userGrantProvider: &mockUserGrants{},
|
||||||
projectProvider: &mockProject{},
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
policy: &query.LockoutPolicy{
|
policy: &query.LockoutPolicy{
|
||||||
ShowFailures: true,
|
ShowFailures: true,
|
||||||
@ -1051,6 +1067,42 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
[]domain.NextStep{&domain.RedirectToCallbackStep{}},
|
[]domain.NextStep{&domain.RedirectToCallbackStep{}},
|
||||||
nil,
|
nil,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"prompt none, checkLoggedIn true, authenticated and native, login succeeded step",
|
||||||
|
fields{
|
||||||
|
userSessionViewProvider: &mockViewUserSession{
|
||||||
|
PasswordVerification: time.Now().UTC().Add(-5 * time.Minute),
|
||||||
|
SecondFactorVerification: time.Now().UTC().Add(-5 * time.Minute),
|
||||||
|
},
|
||||||
|
userViewProvider: &mockViewUser{
|
||||||
|
PasswordSet: true,
|
||||||
|
IsEmailVerified: true,
|
||||||
|
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
|
||||||
|
},
|
||||||
|
userEventProvider: &mockEventUser{},
|
||||||
|
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||||
|
userGrantProvider: &mockUserGrants{},
|
||||||
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeNative}}},
|
||||||
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
|
policy: &query.LockoutPolicy{
|
||||||
|
ShowFailures: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PasswordCheckLifeTime: 10 * 24 * time.Hour,
|
||||||
|
SecondFactorCheckLifeTime: 18 * time.Hour,
|
||||||
|
},
|
||||||
|
args{&domain.AuthRequest{
|
||||||
|
UserID: "UserID",
|
||||||
|
Prompt: []domain.Prompt{domain.PromptNone},
|
||||||
|
Request: &domain.AuthRequestOIDC{},
|
||||||
|
LoginPolicy: &domain.LoginPolicy{
|
||||||
|
SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
|
||||||
|
},
|
||||||
|
}, true},
|
||||||
|
[]domain.NextStep{&domain.LoginSucceededStep{}, &domain.RedirectToCallbackStep{}},
|
||||||
|
nil,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"prompt none, checkLoggedIn true, authenticated and required user grants missing, grant required step",
|
"prompt none, checkLoggedIn true, authenticated and required user grants missing, grant required step",
|
||||||
fields{
|
fields{
|
||||||
@ -1107,7 +1159,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
roleCheck: true,
|
roleCheck: true,
|
||||||
userGrants: 2,
|
userGrants: 2,
|
||||||
},
|
},
|
||||||
projectProvider: &mockProject{},
|
projectProvider: &mockProject{},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
policy: &query.LockoutPolicy{
|
policy: &query.LockoutPolicy{
|
||||||
ShowFailures: true,
|
ShowFailures: true,
|
||||||
@ -1184,6 +1237,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
projectCheck: true,
|
projectCheck: true,
|
||||||
hasProject: true,
|
hasProject: true,
|
||||||
},
|
},
|
||||||
|
applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}},
|
||||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||||
policy: &query.LockoutPolicy{
|
policy: &query.LockoutPolicy{
|
||||||
ShowFailures: true,
|
ShowFailures: true,
|
||||||
@ -1279,6 +1333,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
|||||||
OrgViewProvider: tt.fields.orgViewProvider,
|
OrgViewProvider: tt.fields.orgViewProvider,
|
||||||
UserGrantProvider: tt.fields.userGrantProvider,
|
UserGrantProvider: tt.fields.userGrantProvider,
|
||||||
ProjectProvider: tt.fields.projectProvider,
|
ProjectProvider: tt.fields.projectProvider,
|
||||||
|
ApplicationProvider: tt.fields.applicationProvider,
|
||||||
LoginPolicyViewProvider: tt.fields.loginPolicyProvider,
|
LoginPolicyViewProvider: tt.fields.loginPolicyProvider,
|
||||||
LockoutPolicyViewProvider: tt.fields.lockoutPolicyProvider,
|
LockoutPolicyViewProvider: tt.fields.lockoutPolicyProvider,
|
||||||
PasswordCheckLifeTime: tt.fields.PasswordCheckLifeTime,
|
PasswordCheckLifeTime: tt.fields.PasswordCheckLifeTime,
|
||||||
|
|||||||
@ -122,6 +122,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
|
|||||||
Query: queries,
|
Query: queries,
|
||||||
UserGrantProvider: queryView,
|
UserGrantProvider: queryView,
|
||||||
ProjectProvider: queryView,
|
ProjectProvider: queryView,
|
||||||
|
ApplicationProvider: queries,
|
||||||
IdGenerator: idGenerator,
|
IdGenerator: idGenerator,
|
||||||
PasswordCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
PasswordCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
||||||
ExternalLoginCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
ExternalLoginCheckLifeTime: systemDefaults.VerificationLifetimes.PasswordCheck.Duration,
|
||||||
|
|||||||
@ -28,6 +28,7 @@ const (
|
|||||||
NextStepRegistration
|
NextStepRegistration
|
||||||
NextStepProjectRequired
|
NextStepProjectRequired
|
||||||
NextStepRedirectToExternalIDP
|
NextStepRedirectToExternalIDP
|
||||||
|
NextStepLoginSucceeded
|
||||||
)
|
)
|
||||||
|
|
||||||
type LoginStep struct{}
|
type LoginStep struct{}
|
||||||
@ -180,3 +181,9 @@ type RedirectToCallbackStep struct{}
|
|||||||
func (s *RedirectToCallbackStep) Type() NextStepType {
|
func (s *RedirectToCallbackStep) Type() NextStepType {
|
||||||
return NextStepRedirectToCallback
|
return NextStepRedirectToCallback
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type LoginSucceededStep struct{}
|
||||||
|
|
||||||
|
func (s *LoginSucceededStep) Type() NextStepType {
|
||||||
|
return NextStepLoginSucceeded
|
||||||
|
}
|
||||||
|
|||||||
@ -21,8 +21,11 @@ func (l *Login) redirectToLoginSuccess(w http.ResponseWriter, r *http.Request, i
|
|||||||
|
|
||||||
func (l *Login) handleLoginSuccess(w http.ResponseWriter, r *http.Request) {
|
func (l *Login) handleLoginSuccess(w http.ResponseWriter, r *http.Request) {
|
||||||
authRequest, _ := l.getAuthRequest(r)
|
authRequest, _ := l.getAuthRequest(r)
|
||||||
if authRequest != nil {
|
if authRequest == nil {
|
||||||
if !(len(authRequest.PossibleSteps) == 1 && authRequest.PossibleSteps[0].Type() == domain.NextStepRedirectToCallback) {
|
l.renderSuccessAndCallback(w, r, nil, nil)
|
||||||
|
}
|
||||||
|
for _, step := range authRequest.PossibleSteps {
|
||||||
|
if step.Type() != domain.NextStepLoginSucceeded && step.Type() != domain.NextStepRedirectToCallback {
|
||||||
l.renderNextStep(w, r, authRequest)
|
l.renderNextStep(w, r, authRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -43,3 +46,8 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request,
|
|||||||
}
|
}
|
||||||
l.renderer.RenderTemplate(w, r, l.getTranslator(authReq), l.renderer.Templates[tmplLoginSuccess], data, nil)
|
l.renderer.RenderTemplate(w, r, l.getTranslator(authReq), l.renderer.Templates[tmplLoginSuccess], data, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (l *Login) redirectToCallback(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
|
||||||
|
callback := l.oidcAuthCallbackURL + authReq.ID
|
||||||
|
http.Redirect(w, r, callback, http.StatusFound)
|
||||||
|
}
|
||||||
|
|||||||
@ -278,6 +278,8 @@ func (l *Login) chooseNextStep(w http.ResponseWriter, r *http.Request, authReq *
|
|||||||
l.chooseNextStep(w, r, authReq, 1, err)
|
l.chooseNextStep(w, r, authReq, 1, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
l.redirectToCallback(w, r, authReq)
|
||||||
|
case *domain.LoginSucceededStep:
|
||||||
l.redirectToLoginSuccess(w, r, authReq.ID)
|
l.redirectToLoginSuccess(w, r, authReq.ID)
|
||||||
case *domain.ChangePasswordStep:
|
case *domain.ChangePasswordStep:
|
||||||
l.renderChangePassword(w, r, authReq, err)
|
l.renderChangePassword(w, r, authReq, err)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user