feat: multiple domains (#188)

* check uniqueness on create and register user

* change user email, reserve release unique email

* usergrant unique aggregate

* usergrant uniqueness

* validate UserGrant

* fix tests

* domain is set on username in all orgs

* domain in admin

* org domain sql

* zitadel domain org name

* org domains

* org iam policy

* default org iam policy

* SETUP

* load login names

* login by login name

* login name

* fix: merge master

* fix: merge master

* Update internal/user/repository/eventsourcing/user.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: fix unique domains

* fix: rename env variable

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/org/repository/view/model/org.go

@@ -1,4 +1,4 @@
-package view
+package model
 
 import (
 	"encoding/json"
@@ -33,7 +33,6 @@ type OrgView struct {
 
 func OrgFromModel(org *org_model.OrgView) *OrgView {
 	return &OrgView{
-		Domain:        org.Domain,
 		ChangeDate:    org.ChangeDate,
 		CreationDate:  org.CreationDate,
 		ID:            org.ID,
@@ -46,7 +45,6 @@ func OrgFromModel(org *org_model.OrgView) *OrgView {
 
 func OrgToModel(org *OrgView) *org_model.OrgView {
 	return &org_model.OrgView{
-		Domain:        org.Domain,
 		ChangeDate:    org.ChangeDate,
 		CreationDate:  org.CreationDate,
 		ID:            org.ID,

internal/org/repository/view/model/org_domain.go

@@ -0,0 +1,87 @@
+package model
+
+import (
+	"encoding/json"
+	"github.com/caos/logging"
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	"github.com/caos/zitadel/internal/org/model"
+	es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
+	"time"
+)
+
+const (
+	OrgDomainKeyOrgID    = "org_id"
+	OrgDomainKeyDomain   = "domain"
+	OrgDomainKeyVerified = "verified"
+	OrgDomainKeyPrimary  = "primary_domain"
+)
+
+type OrgDomainView struct {
+	Domain   string `json:"domain" gorm:"column:domain;primary_key"`
+	OrgID    string `json:"-" gorm:"column:org_id;primary_key"`
+	Verified bool   `json:"-" gorm:"column:verified"`
+	Primary  bool   `json:"-" gorm:"column:primary_domain"`
+	Sequence uint64 `json:"-" gorm:"column:sequence"`
+
+	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
+	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
+}
+
+func OrgDomainViewFromModel(domain *model.OrgDomainView) *OrgDomainView {
+	return &OrgDomainView{
+		OrgID:        domain.OrgID,
+		Domain:       domain.Domain,
+		Primary:      domain.Primary,
+		Verified:     domain.Verified,
+		CreationDate: domain.CreationDate,
+		ChangeDate:   domain.ChangeDate,
+	}
+}
+
+func OrgDomainToModel(domain *OrgDomainView) *model.OrgDomainView {
+	return &model.OrgDomainView{
+		OrgID:        domain.OrgID,
+		Domain:       domain.Domain,
+		Primary:      domain.Primary,
+		Verified:     domain.Verified,
+		CreationDate: domain.CreationDate,
+		ChangeDate:   domain.ChangeDate,
+	}
+}
+
+func OrgDomainsToModel(domain []*OrgDomainView) []*model.OrgDomainView {
+	result := make([]*model.OrgDomainView, len(domain))
+	for i, r := range domain {
+		result[i] = OrgDomainToModel(r)
+	}
+	return result
+}
+
+func (d *OrgDomainView) AppendEvent(event *models.Event) (err error) {
+	d.Sequence = event.Sequence
+	d.ChangeDate = event.CreationDate
+	switch event.Type {
+	case es_model.OrgDomainAdded:
+		d.setRootData(event)
+		d.CreationDate = event.CreationDate
+		err = d.SetData(event)
+	case es_model.OrgDomainVerified:
+		d.Verified = true
+	case es_model.OrgDomainPrimarySet:
+		d.Primary = true
+	}
+	return err
+}
+
+func (r *OrgDomainView) setRootData(event *models.Event) {
+	r.OrgID = event.AggregateID
+}
+
+func (r *OrgDomainView) SetData(event *models.Event) error {
+	if err := json.Unmarshal(event.Data, r); err != nil {
+		logging.Log("EVEN-sj4Sf").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
+	}
+	return nil
+}

internal/org/repository/view/model/org_domain_query.go

@@ -0,0 +1,65 @@
+package model
+
+import (
+	global_model "github.com/caos/zitadel/internal/model"
+	org_model "github.com/caos/zitadel/internal/org/model"
+	"github.com/caos/zitadel/internal/view"
+)
+
+type OrgDomainSearchRequest org_model.OrgDomainSearchRequest
+type OrgDomainSearchQuery org_model.OrgDomainSearchQuery
+type OrgDomainSearchKey org_model.OrgDomainSearchKey
+
+func (req OrgDomainSearchRequest) GetLimit() uint64 {
+	return req.Limit
+}
+
+func (req OrgDomainSearchRequest) GetOffset() uint64 {
+	return req.Offset
+}
+
+func (req OrgDomainSearchRequest) GetSortingColumn() view.ColumnKey {
+	if req.SortingColumn == org_model.ORGDOMAINSEARCHKEY_UNSPECIFIED {
+		return nil
+	}
+	return OrgDomainSearchKey(req.SortingColumn)
+}
+
+func (req OrgDomainSearchRequest) GetAsc() bool {
+	return req.Asc
+}
+
+func (req OrgDomainSearchRequest) GetQueries() []view.SearchQuery {
+	result := make([]view.SearchQuery, len(req.Queries))
+	for i, q := range req.Queries {
+		result[i] = OrgDomainSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
+	}
+	return result
+}
+
+func (req OrgDomainSearchQuery) GetKey() view.ColumnKey {
+	return OrgDomainSearchKey(req.Key)
+}
+
+func (req OrgDomainSearchQuery) GetMethod() global_model.SearchMethod {
+	return req.Method
+}
+
+func (req OrgDomainSearchQuery) GetValue() interface{} {
+	return req.Value
+}
+
+func (key OrgDomainSearchKey) ToColumnName() string {
+	switch org_model.OrgDomainSearchKey(key) {
+	case org_model.ORGDOMAINSEARCHKEY_DOMAIN:
+		return OrgDomainKeyDomain
+	case org_model.ORGDOMAINSEARCHKEY_ORG_ID:
+		return OrgDomainKeyOrgID
+	case org_model.ORGDOMAINSEARCHKEY_VERIFIED:
+		return OrgDomainKeyVerified
+	case org_model.ORGDOMAINSEARCHKEY_PRIMARY:
+		return OrgDomainKeyPrimary
+	default:
+		return ""
+	}
+}

internal/org/repository/view/model/org_member.go

@@ -1,4 +1,4 @@
-package view
+package model
 
 import (
 	"encoding/json"

internal/org/repository/view/model/org_member_query.go

@@ -1,4 +1,4 @@
-package view
+package model
 
 import (
 	global_model "github.com/caos/zitadel/internal/model"

internal/org/repository/view/model/org_query.go

@@ -1,4 +1,4 @@
-package view
+package model
 
 import (
 	global_model "github.com/caos/zitadel/internal/model"

internal/org/repository/view/org_domain_view.go

@@ -0,0 +1,64 @@
+package view
+
+import (
+	global_model "github.com/caos/zitadel/internal/model"
+	org_model "github.com/caos/zitadel/internal/org/model"
+	"github.com/caos/zitadel/internal/org/repository/view/model"
+	"github.com/caos/zitadel/internal/view"
+	"github.com/jinzhu/gorm"
+)
+
+func OrgDomainByOrgIDAndDomain(db *gorm.DB, table, orgID, domain string) (*model.OrgDomainView, error) {
+	domainView := new(model.OrgDomainView)
+	orgIDQuery := &model.OrgDomainSearchQuery{Key: org_model.ORGDOMAINSEARCHKEY_ORG_ID, Value: orgID, Method: global_model.SEARCHMETHOD_EQUALS}
+	domainQuery := &model.OrgDomainSearchQuery{Key: org_model.ORGDOMAINSEARCHKEY_DOMAIN, Value: domain, Method: global_model.SEARCHMETHOD_EQUALS}
+	query := view.PrepareGetByQuery(table, orgIDQuery, domainQuery)
+	err := query(db, domainView)
+	return domainView, err
+}
+
+func VerifiedOrgDomain(db *gorm.DB, table, domain string) (*model.OrgDomainView, error) {
+	domainView := new(model.OrgDomainView)
+	domainQuery := &model.OrgDomainSearchQuery{Key: org_model.ORGDOMAINSEARCHKEY_DOMAIN, Value: domain, Method: global_model.SEARCHMETHOD_EQUALS}
+	verifiedQuery := &model.OrgDomainSearchQuery{Key: org_model.ORGDOMAINSEARCHKEY_VERIFIED, Value: true, Method: global_model.SEARCHMETHOD_EQUALS}
+	query := view.PrepareGetByQuery(table, domainQuery, verifiedQuery)
+	err := query(db, domainView)
+	return domainView, err
+}
+
+func SearchOrgDomains(db *gorm.DB, table string, req *org_model.OrgDomainSearchRequest) ([]*model.OrgDomainView, int, error) {
+	members := make([]*model.OrgDomainView, 0)
+	query := view.PrepareSearchQuery(table, model.OrgDomainSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
+	count, err := query(db, &members)
+	if err != nil {
+		return nil, 0, err
+	}
+	return members, count, nil
+}
+
+func OrgDomainsByOrgID(db *gorm.DB, table string, orgID string) ([]*model.OrgDomainView, error) {
+	domains := make([]*model.OrgDomainView, 0)
+	queries := []*org_model.OrgDomainSearchQuery{
+		{
+			Key:    org_model.ORGDOMAINSEARCHKEY_ORG_ID,
+			Value:  orgID,
+			Method: global_model.SEARCHMETHOD_EQUALS,
+		},
+	}
+	query := view.PrepareSearchQuery(table, model.OrgDomainSearchRequest{Queries: queries})
+	_, err := query(db, &domains)
+	if err != nil {
+		return nil, err
+	}
+	return domains, nil
+}
+
+func PutOrgDomain(db *gorm.DB, table string, role *model.OrgDomainView) error {
+	save := view.PrepareSave(table)
+	return save(db, role)
+}
+
+func DeleteOrgDomain(db *gorm.DB, table, domain string) error {
+	delete := view.PrepareDeleteByKey(table, model.OrgSearchKey(org_model.ORGDOMAINSEARCHKEY_DOMAIN), domain)
+	return delete(db)
+}

internal/org/repository/view/org_member_view.go

@@ -3,31 +3,32 @@ package view
 import (
 	global_model "github.com/caos/zitadel/internal/model"
 	org_model "github.com/caos/zitadel/internal/org/model"
+	"github.com/caos/zitadel/internal/org/repository/view/model"
 	"github.com/caos/zitadel/internal/view"
 	"github.com/jinzhu/gorm"
 )
 
-func OrgMemberByIDs(db *gorm.DB, table, orgID, userID string) (*OrgMemberView, error) {
-	member := new(OrgMemberView)
+func OrgMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.OrgMemberView, error) {
+	member := new(model.OrgMemberView)
 
-	orgIDQuery := &OrgMemberSearchQuery{Key: org_model.ORGMEMBERSEARCHKEY_ORG_ID, Value: orgID, Method: global_model.SEARCHMETHOD_EQUALS}
-	userIDQuery := &OrgMemberSearchQuery{Key: org_model.ORGMEMBERSEARCHKEY_USER_ID, Value: userID, Method: global_model.SEARCHMETHOD_EQUALS}
+	orgIDQuery := &model.OrgMemberSearchQuery{Key: org_model.ORGMEMBERSEARCHKEY_ORG_ID, Value: orgID, Method: global_model.SEARCHMETHOD_EQUALS}
+	userIDQuery := &model.OrgMemberSearchQuery{Key: org_model.ORGMEMBERSEARCHKEY_USER_ID, Value: userID, Method: global_model.SEARCHMETHOD_EQUALS}
 	query := view.PrepareGetByQuery(table, orgIDQuery, userIDQuery)
 	err := query(db, member)
 	return member, err
 }
 
-func SearchOrgMembers(db *gorm.DB, table string, req *org_model.OrgMemberSearchRequest) ([]*OrgMemberView, int, error) {
-	members := make([]*OrgMemberView, 0)
-	query := view.PrepareSearchQuery(table, OrgMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
+func SearchOrgMembers(db *gorm.DB, table string, req *org_model.OrgMemberSearchRequest) ([]*model.OrgMemberView, int, error) {
+	members := make([]*model.OrgMemberView, 0)
+	query := view.PrepareSearchQuery(table, model.OrgMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
 	count, err := query(db, &members)
 	if err != nil {
 		return nil, 0, err
 	}
 	return members, count, nil
 }
-func OrgMembersByUserID(db *gorm.DB, table string, userID string) ([]*OrgMemberView, error) {
-	members := make([]*OrgMemberView, 0)
+func OrgMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.OrgMemberView, error) {
+	members := make([]*model.OrgMemberView, 0)
 	queries := []*org_model.OrgMemberSearchQuery{
 		{
 			Key:    org_model.ORGMEMBERSEARCHKEY_USER_ID,
@@ -35,7 +36,7 @@ func OrgMembersByUserID(db *gorm.DB, table string, userID string) ([]*OrgMemberV
 			Method: global_model.SEARCHMETHOD_EQUALS,
 		},
 	}
-	query := view.PrepareSearchQuery(table, OrgMemberSearchRequest{Queries: queries})
+	query := view.PrepareSearchQuery(table, model.OrgMemberSearchRequest{Queries: queries})
 	_, err := query(db, &members)
 	if err != nil {
 		return nil, err
@@ -43,7 +44,7 @@ func OrgMembersByUserID(db *gorm.DB, table string, userID string) ([]*OrgMemberV
 	return members, nil
 }
 
-func PutOrgMember(db *gorm.DB, table string, role *OrgMemberView) error {
+func PutOrgMember(db *gorm.DB, table string, role *model.OrgMemberView) error {
 	save := view.PrepareSave(table)
 	return save(db, role)
 }

internal/org/repository/view/org_view.go

@@ -2,20 +2,21 @@ package view
 
 import (
 	org_model "github.com/caos/zitadel/internal/org/model"
+	"github.com/caos/zitadel/internal/org/repository/view/model"
 	"github.com/caos/zitadel/internal/view"
 	"github.com/jinzhu/gorm"
 )
 
-func OrgByID(db *gorm.DB, table, orgID string) (*OrgView, error) {
-	org := new(OrgView)
-	query := view.PrepareGetByKey(table, OrgSearchKey(org_model.ORGSEARCHKEY_ORG_ID), orgID)
+func OrgByID(db *gorm.DB, table, orgID string) (*model.OrgView, error) {
+	org := new(model.OrgView)
+	query := view.PrepareGetByKey(table, model.OrgSearchKey(org_model.ORGSEARCHKEY_ORG_ID), orgID)
 	err := query(db, org)
 	return org, err
 }
 
-func SearchOrgs(db *gorm.DB, table string, req *org_model.OrgSearchRequest) ([]*OrgView, int, error) {
-	orgs := make([]*OrgView, 0)
-	query := view.PrepareSearchQuery(table, OrgSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
+func SearchOrgs(db *gorm.DB, table string, req *org_model.OrgSearchRequest) ([]*model.OrgView, int, error) {
+	orgs := make([]*model.OrgView, 0)
+	query := view.PrepareSearchQuery(table, model.OrgSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
 	count, err := query(db, &orgs)
 	if err != nil {
 		return nil, 0, err
@@ -23,19 +24,12 @@ func SearchOrgs(db *gorm.DB, table string, req *org_model.OrgSearchRequest) ([]*
 	return orgs, count, nil
 }
 
-func GetGlobalOrgByDomain(db *gorm.DB, table, domain string) (*OrgView, error) {
-	org := new(OrgView)
-	query := view.PrepareGetByKey(table, OrgSearchKey(org_model.ORGSEARCHKEY_ORG_DOMAIN), domain)
-	err := query(db, org)
-	return org, err
-}
-
-func PutOrg(db *gorm.DB, table string, org *OrgView) error {
+func PutOrg(db *gorm.DB, table string, org *model.OrgView) error {
 	save := view.PrepareSave(table)
 	return save(db, org)
 }
 
 func DeleteOrg(db *gorm.DB, table, orgID string) error {
-	delete := view.PrepareDeleteByKey(table, OrgSearchKey(org_model.ORGSEARCHKEY_ORG_ID), orgID)
+	delete := view.PrepareDeleteByKey(table, model.OrgSearchKey(org_model.ORGSEARCHKEY_ORG_ID), orgID)
 	return delete(db)
 }