TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict login to specific org by id (scope) (#4294)

Browse Source 
* feat: add new org scope

* change default of UserLoginMustBeDomain to false

* return resource owner claims

* fix: use email style for first user

* fix: ensure email style for default users (backwards compatibility)

* change to external domain (as it was before UserLoginMustBeDomain change)

* update e2e tests to use email style usernames

* document new scope

* lint e2e

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
This commit is contained in:
Livio Spring
2022-09-23 14:08:10 +02:00
committed by GitHub
parent c98170c19b
commit 7dfa1925cc
17 changed files with 114 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -632,8 +632,14 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
loginName = strings.TrimSpace(loginName)
preferredLoginName := loginName
if request.RequestedOrgID != "" {
if request.RequestedOrgID != "" {
preferredLoginName += "@" + request.RequestedPrimaryDomain
if request.RequestedOrgDomain {
domainPolicy, err := repo.getDomainPolicy(ctx, request.RequestedOrgID)
if err != nil {
return err
}
if domainPolicy.UserLoginMustBeDomain {
preferredLoginName += "@" + request.RequestedPrimaryDomain
}
}
user, err = repo.View.UserByLoginNameAndResourceOwner(preferredLoginName, request.RequestedOrgID, request.InstanceID)
} else {
@@ -1058,7 +1064,23 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
return app.OIDCConfig.AppType == domain.OIDCApplicationTypeNative, nil
}
func (repo *AuthRequestRepo) getDomainPolicy(ctx context.Context, orgID string) (*query.DomainPolicy, error) {
return repo.Query.DomainPolicyByOrg(ctx, false, orgID)
}
func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
orgID := request.GetScopeOrgID()
if orgID != "" {
org, err := orgViewProvider.OrgByID(ctx, false, orgID)
if err != nil {
return err
}
request.RequestedOrgID = org.ID
request.RequestedOrgName = org.Name
request.RequestedPrimaryDomain = org.Domain
return nil
}
primaryDomain := request.GetScopeOrgPrimaryDomain()
if primaryDomain == "" {
return nil
@@ -1071,6 +1093,7 @@ func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *dom
request.RequestedOrgID = org.ID
request.RequestedOrgName = org.Name
request.RequestedPrimaryDomain = primaryDomain
request.RequestedOrgDomain = true
return nil
}