mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-08 02:52:45 +00:00
fix: idps (#777)
* fix: update client secret, skip passwordsteps only if login not if linking * fix: global policy for register * fix: scope handling * fix: back after error * fix: change org id scope to primary domain * fix: check if primarydomain empty * fix: local sh * fix: disable buttons on org login policy
This commit is contained in:
Fabi
@@ -74,6 +74,7 @@ type userEventProvider interface {
|
||||
|
||||
type orgViewProvider interface {
|
||||
OrgByID(string) (*org_view_model.OrgView, error)
|
||||
OrgByPrimaryDomain(string) (*org_view_model.OrgView, error)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
|
||||
@@ -231,6 +232,16 @@ func (repo *AuthRequestRepo) LinkExternalUsers(ctx context.Context, authReqID, u
|
||||
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) ResetLinkingUsers(ctx context.Context, authReqID, userAgentID string) error {
|
||||
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
request.LinkingUsers = nil
|
||||
request.SelectedIDPConfigID = ""
|
||||
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, registerUser *user_model.User, externalIDP *user_model.ExternalIDP, orgMember *org_model.OrgMember, authReqID, userAgentID, resourceOwner string) error {
|
||||
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
|
||||
if err != nil {
|
||||
@@ -317,7 +328,14 @@ func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context,
|
||||
func (repo *AuthRequestRepo) fillLoginPolicy(ctx context.Context, request *model.AuthRequest) error {
|
||||
orgID := request.UserOrgID
|
||||
if orgID == "" {
|
||||
orgID = request.GetScopeOrgID()
|
||||
primaryDomain := request.GetScopeOrgPrimaryDomain()
|
||||
if primaryDomain != "" {
|
||||
org, err := repo.GetOrgByPrimaryDomain(primaryDomain)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
orgID = org.ID
|
||||
}
|
||||
}
|
||||
if orgID == "" {
|
||||
orgID = repo.IAMID
|
||||
@@ -335,7 +353,16 @@ func (repo *AuthRequestRepo) fillLoginPolicy(ctx context.Context, request *model
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *model.AuthRequest, loginName string) (err error) {
|
||||
orgID := request.GetScopeOrgID()
|
||||
primaryDomain := request.GetScopeOrgPrimaryDomain()
|
||||
orgID := ""
|
||||
if primaryDomain != "" {
|
||||
org, err := repo.GetOrgByPrimaryDomain(primaryDomain)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
orgID = org.ID
|
||||
}
|
||||
|
||||
user := new(user_view_model.UserView)
|
||||
if orgID != "" {
|
||||
user, err = repo.View.UserByLoginNameAndResourceOwner(loginName, orgID)
|
||||
@@ -356,6 +383,14 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *model.
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo AuthRequestRepo) GetOrgByPrimaryDomain(primaryDomain string) (*org_model.OrgView, error) {
|
||||
org, err := repo.OrgViewProvider.OrgByPrimaryDomain(primaryDomain)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return org_view_model.OrgToModel(org), nil
|
||||
}
|
||||
|
||||
func (repo AuthRequestRepo) checkLoginPolicyWithResourceOwner(ctx context.Context, request *model.AuthRequest, user *user_view_model.UserView) error {
|
||||
loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, user.ResourceOwner)
|
||||
if err != nil {
|
||||
@@ -386,10 +421,15 @@ func (repo *AuthRequestRepo) checkSelectedExternalIDP(request *model.AuthRequest
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) checkExternalUserLogin(request *model.AuthRequest, idpConfigID, externalUserID string) (err error) {
|
||||
orgID := request.GetScopeOrgID()
|
||||
primaryDomain := request.GetScopeOrgPrimaryDomain()
|
||||
externalIDP := new(user_view_model.ExternalIDPView)
|
||||
if orgID != "" {
|
||||
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(externalUserID, idpConfigID, orgID)
|
||||
org := new(org_model.OrgView)
|
||||
if primaryDomain != "" {
|
||||
org, err = repo.GetOrgByPrimaryDomain(primaryDomain)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(externalUserID, idpConfigID, org.ID)
|
||||
} else {
|
||||
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigID(externalUserID, idpConfigID)
|
||||
}
|
||||
@@ -435,7 +475,7 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthR
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if request.SelectedIDPConfigID == "" {
|
||||
if request.SelectedIDPConfigID == "" || (request.SelectedIDPConfigID != "" && request.LinkingUsers != nil && len(request.LinkingUsers) > 0) {
|
||||
if user.InitRequired {
|
||||
return append(steps, &model.InitUserStep{PasswordSet: user.PasswordSet}), nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user