feat: multiple domains (#188)

* check uniqueness on create and register user * change user email, reserve release unique email * usergrant unique aggregate * usergrant uniqueness * validate UserGrant * fix tests * domain is set on username in all orgs * domain in admin * org domain sql * zitadel domain org name * org domains * org iam policy * default org iam policy * SETUP * load login names * login by login name * login name * fix: merge master * fix: merge master * Update internal/user/repository/eventsourcing/user.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: fix unique domains * fix: rename env variable Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 03:57:32 +00:00 · 2020-06-16 11:40:18 +02:00
parent 64b14b4e19
commit 7a6ca24625
109 changed files with 12578 additions and 6025 deletions
--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -36,7 +36,7 @@ type EventstoreRepos struct {

 func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []spooler.Handler {
 	return []spooler.Handler{
-		&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}},
+		&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, orgEvents: repos.OrgEvents},
 		&UserSession{handler: handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount}, userEvents: repos.UserEvents},
 		&Token{handler: handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount}},
 		&Key{handler: handler{view, bulkLimit, configs.cycleDuration("Key"), errorCount}},
--- a/internal/auth/repository/eventsourcing/handler/org.go
+++ b/internal/auth/repository/eventsourcing/handler/org.go
@@ -6,7 +6,7 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/spooler"
 	"github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-	"github.com/caos/zitadel/internal/org/repository/view"
+	org_model "github.com/caos/zitadel/internal/org/repository/view/model"
 	"time"
 )

@@ -33,7 +33,7 @@ func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
 }

 func (o *Org) Process(event *es_models.Event) error {
-	org := new(view.OrgView)
+	org := new(org_model.OrgView)

 	switch event.Type {
 	case model.OrgAdded:
--- a/internal/auth/repository/eventsourcing/handler/user.go
+++ b/internal/auth/repository/eventsourcing/handler/user.go
@@ -1,6 +1,11 @@
 package handler

 import (
+	"context"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
+	org_model "github.com/caos/zitadel/internal/org/model"
+	org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
+	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	"time"

@@ -9,13 +14,13 @@ import (
 	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/spooler"
-	"github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )

 type User struct {
 	handler
 	eventstore eventstore.Eventstore
+	orgEvents  *org_events.OrgEventstore
 }

 const (
@@ -33,15 +38,29 @@ func (p *User) EventQuery() (*models.SearchQuery, error) {
 	if err != nil {
 		return nil, err
 	}
-	return eventsourcing.UserQuery(sequence), nil
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(es_model.UserAggregate, org_es_model.OrgAggregate).
+		LatestSequenceFilter(sequence), nil
 }

-func (p *User) Process(event *models.Event) (err error) {
+func (u *User) Process(event *models.Event) (err error) {
+	switch event.AggregateType {
+	case es_model.UserAggregate:
+		return u.ProcessUser(event)
+	case org_es_model.OrgAggregate:
+		return u.ProcessOrg(event)
+	default:
+		return nil
+	}
+}
+
+func (p *User) ProcessUser(event *models.Event) (err error) {
 	user := new(view_model.UserView)
 	switch event.Type {
 	case es_model.UserAdded,
 		es_model.UserRegistered:
 		user.AppendEvent(event)
+		p.fillLoginNames(user)
 	case es_model.UserProfileChanged,
 		es_model.UserEmailChanged,
 		es_model.UserEmailVerified,
@@ -70,7 +89,72 @@ func (p *User) Process(event *models.Event) (err error) {
 	if err != nil {
 		return err
 	}
-	return p.view.PutUser(user)
+	return p.view.PutUser(user, user.Sequence)
+}
+
+func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
+	org, err := u.orgEvents.OrgByID(context.Background(), org_model.NewOrg(user.ResourceOwner))
+	if err != nil {
+		return err
+	}
+	policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
+	if err != nil {
+		return err
+	}
+	user.LoginNames = getLoginNames(policy, user.UserName, org.Domains)
+	return nil
+}
+
+func getLoginNames(policy *org_model.OrgIamPolicy, userName string, domains []*org_model.OrgDomain) []string {
+	loginNames := make([]string, 0)
+	if !policy.UserLoginMustBeDomain {
+		return []string{userName}
+	}
+	for _, d := range domains {
+		if d.Verified {
+			loginNames = append(loginNames, userName+"@"+d.Domain)
+		}
+	}
+	return loginNames
+}
+
+func (u *User) ProcessOrg(event *models.Event) (err error) {
+	switch event.Type {
+	case org_es_model.OrgDomainVerified,
+		org_es_model.OrgDomainRemoved,
+		org_es_model.OrgIamPolicyAdded,
+		org_es_model.OrgIamPolicyChanged,
+		org_es_model.OrgIamPolicyRemoved:
+		return u.fillLoginNamesOnOrgUsers(event)
+	default:
+		return u.view.ProcessedUserSequence(event.Sequence)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
+	org, err := u.orgEvents.OrgByID(context.Background(), org_model.NewOrg(event.ResourceOwner))
+	if err != nil {
+		return err
+	}
+	policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
+	if err != nil {
+		return err
+	}
+	users, err := u.view.UsersByOrgID(event.AggregateID)
+	if err != nil {
+		return err
+	}
+	for _, user := range users {
+		user.LoginNames = getLoginNames(policy, user.UserName, org.Domains)
+		err := u.view.PutUser(user, event.Sequence)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }

 func (p *User) OnError(event *models.Event, err error) error {
--- a/internal/auth/repository/eventsourcing/handler/user_grant.go
+++ b/internal/auth/repository/eventsourcing/handler/user_grant.go
@@ -189,7 +189,6 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
 				ID:            u.iamProjectID + member.UserID,
 				ResourceOwner: u.iamID,
 				OrgName:       u.iamID,
-				OrgDomain:     u.iamID,
 				ProjectID:     u.iamProjectID,
 				UserID:        member.UserID,
 				RoleKeys:      member.Roles,
@@ -334,7 +333,6 @@ func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *pr
 }

 func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) {
-	grant.OrgDomain = org.Domain
 	grant.OrgName = org.Name
 }