TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:47:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict login to specific org by id (scope) (#4294)

Browse Source 
* feat: add new org scope

* change default of UserLoginMustBeDomain to false

* return resource owner claims

* fix: use email style for first user

* fix: ensure email style for default users (backwards compatibility)

* change to external domain (as it was before UserLoginMustBeDomain change)

* update e2e tests to use email style usernames

* document new scope

* lint e2e

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
This commit is contained in:
Livio Spring
2022-09-23 14:08:10 +02:00
committed by GitHub
parent c98170c19b
commit 7dfa1925cc
17 changed files with 114 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/setup/03.go
View File

@@ -13,6 +13,7 @@ import (
"github.com/zitadel/zitadel/internal/config/systemdefaults"
"github.com/zitadel/zitadel/internal/crypto"
crypto_db "github.com/zitadel/zitadel/internal/crypto/database"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
)
@@ -83,9 +84,17 @@ func (mig *FirstInstance) Execute(ctx context.Context) error {
mig.instanceSetup.CustomDomain = mig.externalDomain
mig.instanceSetup.DefaultLanguage = mig.DefaultLanguage
mig.instanceSetup.Org = mig.Org
// check if username is email style or else append @<orgname>.<custom-domain>
//this way we have the same value as before changing `UserLoginMustBeDomain` to false
if !mig.instanceSetup.DomainPolicy.UserLoginMustBeDomain && !strings.Contains(mig.instanceSetup.Org.Human.Username, "@") {
mig.instanceSetup.Org.Human.Username = mig.instanceSetup.Org.Human.Username + "@" + domain.NewIAMDomainName(mig.instanceSetup.Org.Name, mig.instanceSetup.CustomDomain)
}
mig.instanceSetup.Org.Human.Email.Address = strings.TrimSpace(mig.instanceSetup.Org.Human.Email.Address)
if mig.instanceSetup.Org.Human.Email.Address == "" {
mig.instanceSetup.Org.Human.Email.Address = "admin@" + mig.instanceSetup.CustomDomain
mig.instanceSetup.Org.Human.Email.Address = mig.instanceSetup.Org.Human.Username
if !strings.Contains(mig.instanceSetup.Org.Human.Email.Address, "@") {
mig.instanceSetup.Org.Human.Email.Address = mig.instanceSetup.Org.Human.Username + "@" + domain.NewIAMDomainName(mig.instanceSetup.Org.Name, mig.instanceSetup.CustomDomain)
}
}
_, _, err = cmd.SetUpInstance(ctx, &mig.instanceSetup)