feat(saml): implementation of saml for ZITADEL v2 (#3618)

2025-08-12 01:37:31 +00:00 · 2022-09-12 17:18:08 +01:00
parent 01a92ba5d9
commit 7a5f7f82cf
134 changed files with 5570 additions and 1293 deletions
--- a/internal/query/projection/app.go
+++ b/internal/query/projection/app.go
@@ -13,9 +13,10 @@ import (
 )

 const (
-	AppProjectionTable = "projections.apps2"
+	AppProjectionTable = "projections.apps3"
 	AppAPITable        = AppProjectionTable + "_" + appAPITableSuffix
 	AppOIDCTable       = AppProjectionTable + "_" + appOIDCTableSuffix
+	AppSAMLTable       = AppProjectionTable + "_" + appSAMLTableSuffix

 	AppColumnID            = "id"
 	AppColumnName          = "name"
@@ -53,6 +54,13 @@ const (
 	AppOIDCConfigColumnIDTokenUserinfoAssertion = "id_token_userinfo_assertion"
 	AppOIDCConfigColumnClockSkew                = "clock_skew"
 	AppOIDCConfigColumnAdditionalOrigins        = "additional_origins"
+
+	appSAMLTableSuffix             = "saml_configs"
+	AppSAMLConfigColumnAppID       = "app_id"
+	AppSAMLConfigColumnInstanceID  = "instance_id"
+	AppSAMLConfigColumnEntityID    = "entity_id"
+	AppSAMLConfigColumnMetadata    = "metadata"
+	AppSAMLConfigColumnMetadataURL = "metadata_url"
 )

 type appProjection struct {
@@ -116,6 +124,18 @@ func newAppProjection(ctx context.Context, config crdb.StatementHandlerConfig) *
 			crdb.WithForeignKey(crdb.NewForeignKeyOfPublicKeys("fk_oidc_ref_apps")),
 			crdb.WithIndex(crdb.NewIndex("oidc_client_id_idx", []string{AppOIDCConfigColumnClientID})),
 		),
+		crdb.NewSuffixedTable([]*crdb.Column{
+			crdb.NewColumn(AppSAMLConfigColumnAppID, crdb.ColumnTypeText),
+			crdb.NewColumn(AppSAMLConfigColumnInstanceID, crdb.ColumnTypeText),
+			crdb.NewColumn(AppSAMLConfigColumnEntityID, crdb.ColumnTypeText),
+			crdb.NewColumn(AppSAMLConfigColumnMetadata, crdb.ColumnTypeBytes),
+			crdb.NewColumn(AppSAMLConfigColumnMetadataURL, crdb.ColumnTypeText),
+		},
+			crdb.NewPrimaryKey(AppSAMLConfigColumnInstanceID, AppSAMLConfigColumnAppID),
+			appSAMLTableSuffix,
+			crdb.WithForeignKey(crdb.NewForeignKeyOfPublicKeys("fk_saml_ref_apps")),
+			crdb.WithIndex(crdb.NewIndex("saml_entity_id_idx", []string{AppSAMLConfigColumnEntityID})),
+		),
 	)
 	p.StatementHandler = crdb.NewStatementHandler(ctx, config)
 	return p
@@ -174,6 +194,14 @@ func (p *appProjection) reducers() []handler.AggregateReducer {
 					Event:  project.OIDCConfigSecretChangedType,
 					Reduce: p.reduceOIDCConfigSecretChanged,
 				},
+				{
+					Event:  project.SAMLConfigAddedType,
+					Reduce: p.reduceSAMLConfigAdded,
+				},
+				{
+					Event:  project.SAMLConfigChangedType,
+					Reduce: p.reduceSAMLConfigChanged,
+				},
 			},
 		},
 	}
@@ -535,3 +563,77 @@ func (p *appProjection) reduceOIDCConfigSecretChanged(event eventstore.Event) (*
 		),
 	), nil
 }
+
+func (p *appProjection) reduceSAMLConfigAdded(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*project.SAMLConfigAddedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgument(nil, "HANDL-GMHU1", "reduce.wrong.event.type")
+	}
+	return crdb.NewMultiStatement(
+		e,
+		crdb.AddCreateStatement(
+			[]handler.Column{
+				handler.NewCol(AppSAMLConfigColumnAppID, e.AppID),
+				handler.NewCol(AppSAMLConfigColumnInstanceID, e.Aggregate().InstanceID),
+				handler.NewCol(AppSAMLConfigColumnEntityID, e.EntityID),
+				handler.NewCol(AppSAMLConfigColumnMetadata, e.Metadata),
+				handler.NewCol(AppSAMLConfigColumnMetadataURL, e.MetadataURL),
+			},
+			crdb.WithTableSuffix(appSAMLTableSuffix),
+		),
+		crdb.AddUpdateStatement(
+			[]handler.Column{
+				handler.NewCol(AppColumnChangeDate, e.CreationDate()),
+				handler.NewCol(AppColumnSequence, e.Sequence()),
+			},
+			[]handler.Condition{
+				handler.NewCond(AppColumnID, e.AppID),
+				handler.NewCond(AppColumnInstanceID, e.Aggregate().InstanceID),
+			},
+		),
+	), nil
+}
+
+func (p *appProjection) reduceSAMLConfigChanged(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*project.SAMLConfigChangedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgument(nil, "HANDL-GMHU2", "reduce.wrong.event.type")
+	}
+
+	cols := make([]handler.Column, 0, 3)
+	if e.Metadata != nil {
+		cols = append(cols, handler.NewCol(AppSAMLConfigColumnMetadata, e.Metadata))
+	}
+	if e.MetadataURL != nil {
+		cols = append(cols, handler.NewCol(AppSAMLConfigColumnMetadataURL, *e.MetadataURL))
+	}
+	if e.EntityID != "" {
+		cols = append(cols, handler.NewCol(AppSAMLConfigColumnEntityID, e.EntityID))
+	}
+
+	if len(cols) == 0 {
+		return crdb.NewNoOpStatement(e), nil
+	}
+
+	return crdb.NewMultiStatement(
+		e,
+		crdb.AddUpdateStatement(
+			cols,
+			[]handler.Condition{
+				handler.NewCond(AppSAMLConfigColumnAppID, e.AppID),
+				handler.NewCond(AppSAMLConfigColumnInstanceID, e.Aggregate().InstanceID),
+			},
+			crdb.WithTableSuffix(appSAMLTableSuffix),
+		),
+		crdb.AddUpdateStatement(
+			[]handler.Column{
+				handler.NewCol(AppColumnChangeDate, e.CreationDate()),
+				handler.NewCol(AppColumnSequence, e.Sequence()),
+			},
+			[]handler.Condition{
+				handler.NewCond(AppColumnID, e.AppID),
+				handler.NewCond(AppColumnInstanceID, e.Aggregate().InstanceID),
+			},
+		),
+	), nil
+}