TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-27 22:03:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: change to repository event types and removed unused code (#3386)

Browse Source 
* fix: change to repository event types and removed unused code

* some fixes

* remove unused code
This commit is contained in:
Livio Amstutz 2022-03-31 11:36:26 +02:00 committed by GitHub
parent 55af4a18a2
commit 87560157c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
170 changed files with 999 additions and 9581 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/admin/setup/steps.yaml
View File

@ -40,6 +40,18 @@ S2DefaultInstance:
TOSLink: https://docs.zitadel.ch/docs/legal/terms-of-service
PrivacyLink: https://docs.zitadel.ch/docs/legal/privacy-policy
HelpLink: ''
LabelPolicy:
PrimaryColor: '#5469d4'
BackgroundColor: '#fafafa'
WarnColor: '#f44336'
FontColor: '#000000'
PrimaryColorDark: '#5469d4'
BackgroundColorDark: '#212121'
WarnColorDark: '#f44336'
FontColorDark: '#ffffff'
HideLoginNameSuffix: false
ErrorMsgPopup: false
DisableWatermark: false
LockoutPolicy:
MaxAttempts: 0
ShouldShowLockoutFailure: true

67
internal/admin/repository/eventsourcing/handler/styling.go
View File

@ -12,13 +12,14 @@ import (
"github.com/muesli/gamut"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
"github.com/caos/zitadel/internal/static"
)
@ -62,8 +63,8 @@ func (m *Styling) Subscription() *v1.Subscription {
return m.subscription
}
func (_ *Styling) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
func (_ *Styling) AggregateTypes() []models.AggregateType {
return []models.AggregateType{org.AggregateType, instance.AggregateType}
}
func (m *Styling) CurrentSequence() (uint64, error) {
@ -74,48 +75,62 @@ func (m *Styling) CurrentSequence() (uint64, error) {
return sequence.CurrentSequence, nil
}
func (m *Styling) EventQuery() (*es_models.SearchQuery, error) {
func (m *Styling) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestStylingSequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
return models.NewSearchQuery().
AggregateTypeFilter(m.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *Styling) Reduce(event *es_models.Event) (err error) {
func (m *Styling) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
case org.AggregateType, instance.AggregateType:
err = m.processLabelPolicy(event)
}
return err
}
func (m *Styling) processLabelPolicy(event *es_models.Event) (err error) {
func (m *Styling) processLabelPolicy(event *models.Event) (err error) {
policy := new(iam_model.LabelPolicyView)
switch event.Type {
case iam_es_model.LabelPolicyAdded, model.LabelPolicyAdded:
switch eventstore.EventType(event.Type) {
case instance.LabelPolicyAddedEventType,
org.LabelPolicyAddedEventType:
err = policy.AppendEvent(event)
case iam_es_model.LabelPolicyChanged, model.LabelPolicyChanged,
iam_es_model.LabelPolicyLogoAdded, model.LabelPolicyLogoAdded,
iam_es_model.LabelPolicyLogoRemoved, model.LabelPolicyLogoRemoved,
iam_es_model.LabelPolicyIconAdded, model.LabelPolicyIconAdded,
iam_es_model.LabelPolicyIconRemoved, model.LabelPolicyIconRemoved,
iam_es_model.LabelPolicyLogoDarkAdded, model.LabelPolicyLogoDarkAdded,
iam_es_model.LabelPolicyLogoDarkRemoved, model.LabelPolicyLogoDarkRemoved,
iam_es_model.LabelPolicyIconDarkAdded, model.LabelPolicyIconDarkAdded,
iam_es_model.LabelPolicyIconDarkRemoved, model.LabelPolicyIconDarkRemoved,
iam_es_model.LabelPolicyFontAdded, model.LabelPolicyFontAdded,
iam_es_model.LabelPolicyFontRemoved, model.LabelPolicyFontRemoved,
iam_es_model.LabelPolicyAssetsRemoved, model.LabelPolicyAssetsRemoved:
case instance.LabelPolicyChangedEventType,
org.LabelPolicyChangedEventType,
instance.LabelPolicyLogoAddedEventType,
org.LabelPolicyLogoAddedEventType,
instance.LabelPolicyLogoRemovedEventType,
org.LabelPolicyLogoRemovedEventType,
instance.LabelPolicyIconAddedEventType,
org.LabelPolicyIconAddedEventType,
instance.LabelPolicyIconRemovedEventType,
org.LabelPolicyIconRemovedEventType,
instance.LabelPolicyLogoDarkAddedEventType,
org.LabelPolicyLogoDarkAddedEventType,
instance.LabelPolicyLogoDarkRemovedEventType,
org.LabelPolicyLogoDarkRemovedEventType,
instance.LabelPolicyIconDarkAddedEventType,
org.LabelPolicyIconDarkAddedEventType,
instance.LabelPolicyIconDarkRemovedEventType,
org.LabelPolicyIconDarkRemovedEventType,
instance.LabelPolicyFontAddedEventType,
org.LabelPolicyFontAddedEventType,
instance.LabelPolicyFontRemovedEventType,
org.LabelPolicyFontRemovedEventType,
instance.LabelPolicyAssetsRemovedEventType,
org.LabelPolicyAssetsRemovedEventType:
policy, err = m.view.StylingByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
if err != nil {
return err
}
err = policy.AppendEvent(event)
case iam_es_model.LabelPolicyActivated, model.LabelPolicyActivated:
case instance.LabelPolicyActivatedEventType,
org.LabelPolicyActivatedEventType:
policy, err = m.view.StylingByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
if err != nil {
return err
@ -134,7 +149,7 @@ func (m *Styling) processLabelPolicy(event *es_models.Event) (err error) {
return m.view.PutStyling(policy, event)
}
func (m *Styling) OnError(event *es_models.Event, err error) error {
func (m *Styling) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-2m9fs", "id", event.AggregateID).WithError(err).Warn("something went wrong in label policy handler")
return spooler.HandleError(event, err, m.view.GetLatestStylingFailedEvent, m.view.ProcessedStylingFailedEvent, m.view.ProcessedStylingSequence, m.errorCountUntilSkip)
}

3
internal/api/grpc/authn/converter.go
View File

@ -5,7 +5,6 @@ import (
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/pkg/grpc/authn"
)
@ -34,7 +33,7 @@ func KeyToPb(key *query.AuthNKey) *authn.Key {
func KeyTypeToPb(typ domain.AuthNKeyType) authn.KeyType {
switch typ {
case key_model.AuthNKeyTypeJSON:
case domain.AuthNKeyTypeJSON:
return authn.KeyType_KEY_TYPE_JSON
default:
return authn.KeyType_KEY_TYPE_UNSPECIFIED

9
internal/api/grpc/project/application.go
View File

@ -6,7 +6,6 @@ import (
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/query"
app_pb "github.com/caos/zitadel/pkg/grpc/app"
message_pb "github.com/caos/zitadel/pkg/grpc/message"
@ -292,11 +291,3 @@ func AppQueryToModel(appQuery *app_pb.AppQuery) (query.SearchQuery, error) {
return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid")
}
}
func AppQueryNameToModel(query *app_pb.AppNameQuery) *proj_model.ApplicationSearchQuery {
return &proj_model.ApplicationSearchQuery{
Key: proj_model.AppSearchKeyName,
Method: object_grpc.TextMethodToModel(query.Method),
Value: query.Name,
}
}

12
internal/api/grpc/user/converter.go
View File

@ -5,7 +5,6 @@ import (
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/query"
usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
user_pb "github.com/caos/zitadel/pkg/grpc/user"
)
@ -148,17 +147,6 @@ func UserStateToPb(state domain.UserState) user_pb.UserState {
}
}
func ModelUserGrantStateToPb(state usr_grant_model.UserGrantState) user_pb.UserGrantState {
switch state {
case usr_grant_model.UserGrantStateActive:
return user_pb.UserGrantState_USER_GRANT_STATE_ACTIVE
case usr_grant_model.UserGrantStateInactive:
return user_pb.UserGrantState_USER_GRANT_STATE_INACTIVE
default:
return user_pb.UserGrantState_USER_GRANT_STATE_UNSPECIFIED
}
}
func GenderToPb(gender domain.Gender) user_pb.Gender {
switch gender {
case domain.GenderDiverse:

8
internal/api/grpc/user/session.go
View File

@ -2,7 +2,7 @@ package user
import (
"github.com/caos/zitadel/internal/api/grpc/object"
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/domain"
user_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/user"
)
@ -34,11 +34,11 @@ func UserSessionToPb(session *user_model.UserSessionView) *user.Session {
}
}
func SessionStateToPb(state auth_req_model.UserSessionState) user.SessionState {
func SessionStateToPb(state domain.UserSessionState) user.SessionState {
switch state {
case auth_req_model.UserSessionStateActive:
case domain.UserSessionStateActive:
return user.SessionState_SESSION_STATE_ACTIVE
case auth_req_model.UserSessionStateTerminated:
case domain.UserSessionStateTerminated:
return user.SessionState_SESSION_STATE_TERMINATED
default:
return user.SessionState_SESSION_STATE_UNSPECIFIED

17
internal/api/http/middleware/instance_interceptor.go
View File

@ -51,9 +51,9 @@ func setInstance(r *http.Request, verifier authz.InstanceVerifier, headerName st
authCtx, span := tracing.NewServerInterceptorSpan(ctx)
defer func() { span.EndWithError(err) }()
host := r.Header.Get(headerName)
if host == "" {
return nil, fmt.Errorf("host header %s not found", headerName)
host, err := getHost(r, headerName)
if err != nil {
return nil, err
}
instance, err := verifier.InstanceByHost(authCtx, host)
@ -63,3 +63,14 @@ func setInstance(r *http.Request, verifier authz.InstanceVerifier, headerName st
span.End()
return authz.WithInstance(ctx, instance), nil
}
func getHost(r *http.Request, headerName string) (string, error) {
host := r.Host
if headerName != "host" {
host = r.Header.Get(headerName)
}
if host == "" {
return "", fmt.Errorf("host header `%s` not found", headerName)
}
return host, nil
}

12
internal/api/oidc/auth_request.go
View File

@ -2,7 +2,6 @@ package oidc
import (
"context"
"fmt"
"strings"
"time"
@ -16,7 +15,6 @@ import (
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/user/model"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
)
func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error) {
@ -102,16 +100,6 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
return resp.TokenID, resp.Expiration, nil
}
func grantsToScopes(grants []*grant_model.UserGrantView) []string {
scopes := make([]string, 0)
for _, grant := range grants {
for _, role := range grant.RoleKeys {
scopes = append(scopes, fmt.Sprintf("%v:%v", grant.ResourceOwner, role))
}
}
return scopes
}
func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.TokenRequest, refreshToken string) (_, _ string, _ time.Time, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()

5
internal/api/oidc/auth_request_converter.go
View File

@ -12,7 +12,6 @@ import (
"github.com/caos/zitadel/internal/api/authz"
http_utils "github.com/caos/zitadel/internal/api/http"
model2 "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/user/model"
@ -207,8 +206,8 @@ func UILocalesToBusiness(tags []language.Tag) []string {
func GetSelectedIDPIDFromScopes(scopes oidc.SpaceDelimitedArray) string {
for _, scope := range scopes {
if strings.HasPrefix(scope, model2.SelectIDPScope) {
return strings.TrimPrefix(scope, model2.SelectIDPScope)
if strings.HasPrefix(scope, domain.SelectIDPScope) {
return strings.TrimPrefix(scope, domain.SelectIDPScope)
}
}
return ""

13
internal/api/oidc/client.go
View File

@ -11,7 +11,6 @@ import (
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/http"
authreq_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
@ -84,9 +83,9 @@ func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string
}
for i := len(scopes) - 1; i >= 0; i-- {
scope := scopes[i]
if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
var orgID string
org, err := o.query.OrgByDomainGlobal(ctx, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
org, err := o.query.OrgByDomainGlobal(ctx, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
if err == nil {
orgID = org.ID
}
@ -242,8 +241,8 @@ func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSette
if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
}
if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
userInfo.AppendClaims(authreq_model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
userInfo.AppendClaims(domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
}
}
}
@ -283,8 +282,8 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
}
if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
} else if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
claims = appendClaim(claims, authreq_model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
} else if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
claims = appendClaim(claims, domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
}
}
if len(roles) == 0 || clientID == "" {

7
internal/api/oidc/client_converter.go
View File

@ -7,7 +7,6 @@ import (
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/op"
authreq_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/query"
@ -101,13 +100,13 @@ func (c *Client) AccessTokenType() op.AccessTokenType {
}
func (c *Client) IsScopeAllowed(scope string) bool {
if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
return true
}
if strings.HasPrefix(scope, authreq_model.ProjectIDScope) {
if strings.HasPrefix(scope, domain.ProjectIDScope) {
return true
}
if strings.HasPrefix(scope, authreq_model.SelectIDPScope) {
if strings.HasPrefix(scope, domain.SelectIDPScope) {
return true
}
if strings.HasPrefix(scope, ScopeUserMetaData) {

52
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -8,12 +8,12 @@ import (
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/auth_request/model"
cache "github.com/caos/zitadel/internal/auth_request/repository"
"github.com/caos/zitadel/internal/command"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
@ -21,9 +21,9 @@ import (
"github.com/caos/zitadel/internal/id"
project_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
"github.com/caos/zitadel/internal/query"
user_repo "github.com/caos/zitadel/internal/repository/user"
"github.com/caos/zitadel/internal/telemetry/tracing"
user_model "github.com/caos/zitadel/internal/user/model"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -842,7 +842,7 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest)
LoginName: session.LoginName,
ResourceOwner: session.ResourceOwner,
AvatarKey: session.AvatarKey,
UserSessionState: model.UserSessionStateToDomain(session.State),
UserSessionState: session.State,
SelectionPossible: request.RequestedOrgID == "" || request.RequestedOrgID == session.ResourceOwner,
})
}
@ -888,7 +888,7 @@ func (repo *AuthRequestRepo) firstFactorChecked(request *domain.AuthRequest, use
func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *domain.AuthRequest, user *user_model.UserView) (domain.NextStep, bool, error) {
mfaLevel := request.MFALevel()
allowedProviders, required := user.MFATypesAllowed(mfaLevel, request.LoginPolicy)
promptRequired := (model.MFALevelToDomain(user.MFAMaxSetUp) < mfaLevel) || (len(allowedProviders) == 0 && required)
promptRequired := (user.MFAMaxSetUp < mfaLevel) || (len(allowedProviders) == 0 && required)
if promptRequired || !repo.mfaSkippedOrSetUp(user, request) {
types := user.MFATypesSetupPossible(mfaLevel, request.LoginPolicy)
if promptRequired && len(types) == 0 {
@ -912,14 +912,14 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
fallthrough
case domain.MFALevelSecondFactor:
if checkVerificationTimeMaxAge(userSession.SecondFactorVerification, request.LoginPolicy.SecondFactorCheckLifetime, request) {
request.MFAsVerified = append(request.MFAsVerified, model.MFATypeToDomain(userSession.SecondFactorVerificationType))
request.MFAsVerified = append(request.MFAsVerified, userSession.SecondFactorVerificationType)
request.AuthTime = userSession.SecondFactorVerification
return nil, true, nil
}
fallthrough
case domain.MFALevelMultiFactor:
if checkVerificationTimeMaxAge(userSession.MultiFactorVerification, request.LoginPolicy.MultiFactorCheckLifetime, request) {
request.MFAsVerified = append(request.MFAsVerified, model.MFATypeToDomain(userSession.MultiFactorVerificationType))
request.MFAsVerified = append(request.MFAsVerified, userSession.MultiFactorVerificationType)
request.AuthTime = userSession.MultiFactorVerification
return nil, true, nil
}
@ -930,7 +930,7 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
}
func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, request *domain.AuthRequest) bool {
if user.MFAMaxSetUp > model.MFALevelNotSetUp {
if user.MFAMaxSetUp > domain.MFALevelNotSetUp {
return true
}
return checkVerificationTime(user.MFAInitSkipped, request.LoginPolicy.MFAInitSkipLifetime)
@ -1094,24 +1094,24 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
}
sessionCopy := *session
for _, event := range events {
switch event.Type {
case es_model.UserPasswordCheckSucceeded,
es_model.UserPasswordCheckFailed,
es_model.MFAOTPCheckSucceeded,
es_model.MFAOTPCheckFailed,
es_model.SignedOut,
es_model.UserLocked,
es_model.UserDeactivated,
es_model.HumanPasswordCheckSucceeded,
es_model.HumanPasswordCheckFailed,
es_model.HumanExternalLoginCheckSucceeded,
es_model.HumanMFAOTPCheckSucceeded,
es_model.HumanMFAOTPCheckFailed,
es_model.HumanSignedOut,
es_model.HumanPasswordlessTokenCheckSucceeded,
es_model.HumanPasswordlessTokenCheckFailed,
es_model.HumanMFAU2FTokenCheckSucceeded,
es_model.HumanMFAU2FTokenCheckFailed:
switch eventstore.EventType(event.Type) {
case user_repo.UserV1PasswordCheckSucceededType,
user_repo.UserV1PasswordCheckFailedType,
user_repo.UserV1MFAOTPCheckSucceededType,
user_repo.UserV1MFAOTPCheckFailedType,
user_repo.UserV1SignedOutType,
user_repo.UserLockedType,
user_repo.UserDeactivatedType,
user_repo.HumanPasswordCheckSucceededType,
user_repo.HumanPasswordCheckFailedType,
user_repo.UserIDPLoginCheckSucceededType,
user_repo.HumanMFAOTPCheckSucceededType,
user_repo.HumanMFAOTPCheckFailedType,
user_repo.HumanSignedOutType,
user_repo.HumanPasswordlessTokenCheckSucceededType,
user_repo.HumanPasswordlessTokenCheckFailedType,
user_repo.HumanU2FTokenCheckSucceededType,
user_repo.HumanU2FTokenCheckFailedType:
eventData, err := user_view_model.UserSessionFromEvent(event)
if err != nil {
logging.Log("EVENT-sdgT3").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error getting event data")
@ -1120,7 +1120,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
if eventData.UserAgentID != agentID {
continue
}
case es_model.UserRemoved:
case user_repo.UserRemovedType:
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dG2fe", "Errors.User.NotActive")
}
err := sessionCopy.AppendEvent(event)

88
internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
View File

@ -9,7 +9,6 @@ import (
"github.com/stretchr/testify/assert"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/auth_request/repository/cache"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
@ -17,6 +16,7 @@ import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
"github.com/caos/zitadel/internal/query"
user_repo "github.com/caos/zitadel/internal/repository/user"
user_model "github.com/caos/zitadel/internal/user/model"
user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
@ -431,8 +431,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{},
userEventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.UserDeactivated,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserDeactivatedType),
},
},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -453,8 +453,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{},
userEventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.UserLocked,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserLockedType),
},
},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -643,7 +643,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
PasswordChangeRequired: false,
IsEmailVerified: false,
MFAMaxSetUp: int32(model.MFALevelMultiFactor),
MFAMaxSetUp: int32(domain.MFALevelMultiFactor),
},
userEventProvider: &mockEventUser{},
lockoutPolicyProvider: &mockLockoutPolicy{
@ -691,7 +691,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
},
userViewProvider: &mockViewUser{
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
lockoutPolicyProvider: &mockLockoutPolicy{
@ -724,7 +724,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
},
userViewProvider: &mockViewUser{
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -785,7 +785,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -821,7 +821,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
PasswordSet: true,
PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
OTPState: int32(user_model.MFAStateReady),
MFAMaxSetUp: int32(model.MFALevelMultiFactor),
MFAMaxSetUp: int32(domain.MFALevelMultiFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -854,7 +854,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
OTPState: int32(user_model.MFAStateReady),
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -888,7 +888,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
OTPState: int32(user_model.MFAStateReady),
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -925,7 +925,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
PasswordSet: true,
PasswordChangeRequired: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -956,7 +956,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
},
userViewProvider: &mockViewUser{
PasswordSet: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -987,7 +987,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
PasswordChangeRequired: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1018,7 +1018,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1053,7 +1053,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1089,7 +1089,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1125,7 +1125,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1163,7 +1163,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1202,7 +1202,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1240,7 +1240,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1278,7 +1278,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
lockoutPolicyProvider: &mockLockoutPolicy{
policy: &query.LockoutPolicy{
@ -1313,7 +1313,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userViewProvider: &mockViewUser{
PasswordSet: true,
IsEmailVerified: true,
MFAMaxSetUp: int32(model.MFALevelSecondFactor),
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@ -1398,7 +1398,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelNotSetUp,
MFAMaxSetUp: domain.MFALevelNotSetUp,
},
},
},
@ -1416,7 +1416,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelNotSetUp,
MFAMaxSetUp: domain.MFALevelNotSetUp,
},
},
},
@ -1435,7 +1435,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelNotSetUp,
MFAMaxSetUp: domain.MFALevelNotSetUp,
},
},
},
@ -1459,7 +1459,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelNotSetUp,
MFAMaxSetUp: domain.MFALevelNotSetUp,
},
},
},
@ -1482,7 +1482,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelNotSetUp,
MFAMaxSetUp: domain.MFALevelNotSetUp,
MFAInitSkipped: time.Now().UTC(),
},
},
@ -1502,7 +1502,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelSecondFactor,
MFAMaxSetUp: domain.MFALevelSecondFactor,
OTPState: user_model.MFAStateReady,
},
},
@ -1523,7 +1523,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
},
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelSecondFactor,
MFAMaxSetUp: domain.MFALevelSecondFactor,
OTPState: user_model.MFAStateReady,
},
},
@ -1573,7 +1573,7 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
args{
user: &user_model.UserView{
HumanView: &user_model.HumanView{
MFAMaxSetUp: model.MFALevelSecondFactor,
MFAMaxSetUp: domain.MFALevelSecondFactor,
},
},
request: &domain.AuthRequest{
@ -1687,8 +1687,8 @@ func Test_userSessionByIDs(t *testing.T) {
user: &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "FirstName"}},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.MFAOTPCheckSucceeded,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
CreationDate: time.Now().UTC().Round(1 * time.Second),
},
},
@ -1710,8 +1710,8 @@ func Test_userSessionByIDs(t *testing.T) {
user: &user_model.UserView{ID: "id"},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.MFAOTPCheckSucceeded,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
CreationDate: time.Now().UTC().Round(1 * time.Second),
Data: func() []byte {
data, _ := json.Marshal(&user_es_model.AuthRequest{UserAgentID: "otherID"})
@ -1737,8 +1737,8 @@ func Test_userSessionByIDs(t *testing.T) {
user: &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "FirstName"}},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.MFAOTPCheckSucceeded,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
CreationDate: time.Now().UTC().Round(1 * time.Second),
Data: func() []byte {
data, _ := json.Marshal(&user_es_model.AuthRequest{UserAgentID: "agentID"})
@ -1764,8 +1764,8 @@ func Test_userSessionByIDs(t *testing.T) {
user: &user_model.UserView{ID: "id"},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.UserRemoved,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserRemovedType),
},
},
},
@ -1834,8 +1834,8 @@ func Test_userByID(t *testing.T) {
},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.UserPasswordChanged,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserV1PasswordChangedType),
CreationDate: time.Now().UTC().Round(1 * time.Second),
Data: nil,
},
@ -1860,8 +1860,8 @@ func Test_userByID(t *testing.T) {
},
eventProvider: &mockEventUser{
&es_models.Event{
AggregateType: user_es_model.UserAggregate,
Type: user_es_model.UserPasswordChanged,
AggregateType: user_repo.AggregateType,
Type: es_models.EventType(user_repo.UserV1PasswordChangedType),
CreationDate: time.Now().UTC().Round(1 * time.Second),
Data: func() []byte {
data, _ := json.Marshal(user_es_model.Password{ChangeRequired: false, Secret: &crypto.CryptoValue{}})

75
internal/auth/repository/eventsourcing/eventstore/user.go
View File

@ -2,18 +2,10 @@ package eventstore
import (
"context"
"time"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/query"
@ -51,73 +43,6 @@ func (repo *UserRepo) UserEventsByID(ctx context.Context, id string, sequence ui
return repo.getUserEvents(ctx, id, sequence)
}
func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error) {
changes, err := repo.getUserChanges(ctx, authz.GetCtxData(ctx).UserID, lastSequence, limit, sortAscending, retention)
if err != nil {
return nil, err
}
for _, change := range changes.Changes {
change.ModifierName = change.ModifierID
change.ModifierLoginName = change.ModifierID
user, _ := repo.Query.GetUserByID(ctx, change.ModifierID)
if user != nil {
change.ModifierLoginName = user.PreferredLoginName
if user.Human != nil {
change.ModifierName = user.Human.DisplayName
change.ModifierAvatarURL = domain.AvatarURL(repo.PrefixAvatarURL, user.ResourceOwner, user.Human.AvatarKey)
}
if user.Machine != nil {
change.ModifierName = user.Machine.Name
}
}
}
return changes, nil
}
func (r *UserRepo) getUserChanges(ctx context.Context, userID string, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error) {
query := usr_view.ChangesQuery(userID, lastSequence, limit, sortAscending, retention)
events, err := r.Eventstore.FilterEvents(ctx, query)
if err != nil {
logging.Log("EVENT-g9HCv").WithError(err).Warn("eventstore unavailable")
return nil, errors.ThrowInternal(err, "EVENT-htuG9", "Errors.Internal")
}
if len(events) == 0 {
return nil, errors.ThrowNotFound(nil, "EVENT-6cAxe", "Errors.User.NoChanges")
}
result := make([]*model.UserChange, len(events))
for i, event := range events {
creationDate, err := ptypes.TimestampProto(event.CreationDate)
logging.Log("EVENT-8GTGS").OnError(err).Debug("unable to parse timestamp")
change := &model.UserChange{
ChangeDate: creationDate,
EventType: event.Type.String(),
ModifierID: event.EditorUser,
Sequence: event.Sequence,
}
//TODO: now all types should be unmarshalled, e.g. password
// if len(event.Data) != 0 {
// user := new(model.User)
// err := json.Unmarshal(event.Data, user)
// logging.Log("EVENT-Rkg7X").OnError(err).Debug("unable to unmarshal data")
// change.Data = user
// }
result[i] = change
if lastSequence < event.Sequence {
lastSequence = event.Sequence
}
}
return &model.UserChanges{
Changes: result,
LastSequence: lastSequence,
}, nil
}
func (r *UserRepo) getUserEvents(ctx context.Context, userID string, sequence uint64) ([]*models.Event, error) {
query, err := usr_view.UserByIDQuery(userID, sequence)
if err != nil {

48
internal/auth/repository/eventsourcing/handler/idp_config.go
View File

@ -2,14 +2,14 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
)
@ -50,8 +50,8 @@ func (i *IDPConfig) Subscription() *v1.Subscription {
return i.subscription
}
func (_ *IDPConfig) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
func (_ *IDPConfig) AggregateTypes() []models.AggregateType {
return []models.AggregateType{org.AggregateType, instance.AggregateType}
}
func (i *IDPConfig) CurrentSequence() (uint64, error) {
@ -62,37 +62,37 @@ func (i *IDPConfig) CurrentSequence() (uint64, error) {
return sequence.CurrentSequence, nil
}
func (i *IDPConfig) EventQuery() (*es_models.SearchQuery, error) {
func (i *IDPConfig) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPConfigSequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
return models.NewSearchQuery().
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (i *IDPConfig) Reduce(event *es_models.Event) (err error) {
func (i *IDPConfig) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate:
case org.AggregateType:
err = i.processIdpConfig(iam_model.IDPProviderTypeOrg, event)
case iam_es_model.IAMAggregate:
case instance.AggregateType:
err = i.processIdpConfig(iam_model.IDPProviderTypeSystem, event)
}
return err
}
func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *es_models.Event) (err error) {
func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *models.Event) (err error) {
idp := new(iam_view_model.IDPConfigView)
switch event.Type {
case model.IDPConfigAdded,
iam_es_model.IDPConfigAdded:
switch eventstore.EventType(event.Type) {
case org.IDPConfigAddedEventType,
instance.IDPConfigAddedEventType:
err = idp.AppendEvent(providerType, event)
case model.IDPConfigChanged, iam_es_model.IDPConfigChanged,
model.OIDCIDPConfigAdded, iam_es_model.OIDCIDPConfigAdded,
model.OIDCIDPConfigChanged, iam_es_model.OIDCIDPConfigChanged,
es_models.EventType(org.IDPJWTConfigAddedEventType), es_models.EventType(instance.IDPJWTConfigAddedEventType),
es_models.EventType(org.IDPJWTConfigChangedEventType), es_models.EventType(instance.IDPJWTConfigChangedEventType):
case org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType,
org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType,
org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType,
org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType,
org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType:
err = idp.SetData(event)
if err != nil {
return err
@ -102,8 +102,8 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
return err
}
err = idp.AppendEvent(providerType, event)
case model.IDPConfigDeactivated, iam_es_model.IDPConfigDeactivated,
model.IDPConfigReactivated, iam_es_model.IDPConfigReactivated:
case org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType,
org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType:
err = idp.SetData(event)
if err != nil {
return err
@ -113,7 +113,7 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
return err
}
err = idp.AppendEvent(providerType, event)
case model.IDPConfigRemoved, iam_es_model.IDPConfigRemoved:
case org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType:
err = idp.SetData(event)
if err != nil {
return err
@ -128,7 +128,7 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
return i.view.PutIDPConfig(idp, event)
}
func (i *IDPConfig) OnError(event *es_models.Event, err error) error {
func (i *IDPConfig) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Ejf8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
return spooler.HandleError(event, err, i.view.GetLatestIDPConfigFailedEvent, i.view.ProcessedIDPConfigFailedEvent, i.view.ProcessedIDPConfigSequence, i.errorCountUntilSkip)
}

30
internal/auth/repository/eventsourcing/handler/idp_providers.go
View File

@ -7,15 +7,17 @@ import (
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
query2 "github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
)
const (
@ -62,8 +64,8 @@ func (i *IDPProvider) Subscription() *v1.Subscription {
return i.subscription
}
func (_ *IDPProvider) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.IAMAggregate, org_es_model.OrgAggregate}
func (_ *IDPProvider) AggregateTypes() []models.AggregateType {
return []es_models.AggregateType{instance.AggregateType, org.AggregateType}
}
func (i *IDPProvider) CurrentSequence() (uint64, error) {
@ -74,7 +76,7 @@ func (i *IDPProvider) CurrentSequence() (uint64, error) {
return sequence.CurrentSequence, nil
}
func (i *IDPProvider) EventQuery() (*es_models.SearchQuery, error) {
func (i *IDPProvider) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPProviderSequence()
if err != nil {
return nil, err
@ -84,31 +86,31 @@ func (i *IDPProvider) EventQuery() (*es_models.SearchQuery, error) {
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (i *IDPProvider) Reduce(event *es_models.Event) (err error) {
func (i *IDPProvider) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate, org_es_model.OrgAggregate:
case instance.AggregateType, org.AggregateType:
err = i.processIdpProvider(event)
}
return err
}
func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
provider := new(iam_view_model.IDPProviderView)
switch event.Type {
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
switch eventstore.EventType(event.Type) {
case instance.LoginPolicyIDPProviderAddedEventType, org.LoginPolicyIDPProviderAddedEventType:
err = provider.AppendEvent(event)
if err != nil {
return err
}
err = i.fillData(provider)
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
case instance.LoginPolicyIDPProviderRemovedEventType, instance.LoginPolicyIDPProviderCascadeRemovedEventType,
org.LoginPolicyIDPProviderRemovedEventType, org.LoginPolicyIDPProviderCascadeRemovedEventType:
err = provider.SetData(event)
if err != nil {
return err
}
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event)
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
case instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType:
esConfig := new(iam_view_model.IDPConfigView)
providerType := iam_model.IDPProviderTypeSystem
if event.AggregateID != domain.IAMID {
@ -132,7 +134,7 @@ func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
i.fillConfigData(provider, config)
}
return i.view.PutIDPProviders(event, providers...)
case org_es_model.LoginPolicyRemoved:
case org.LoginPolicyRemovedEventType:
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event)
default:
return i.view.ProcessedIDPProviderSequence(event)

15
internal/auth/repository/eventsourcing/handler/org_project_mapping.go
View File

@ -3,13 +3,14 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
proj_view "github.com/caos/zitadel/internal/project/repository/view"
view_model "github.com/caos/zitadel/internal/project/repository/view/model"
"github.com/caos/zitadel/internal/repository/project"
)
const (
@ -51,7 +52,7 @@ func (p *OrgProjectMapping) Subscription() *v1.Subscription {
}
func (_ *OrgProjectMapping) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.ProjectAggregate}
return []es_models.AggregateType{project.AggregateType}
}
func (p *OrgProjectMapping) CurrentSequence() (uint64, error) {
@ -72,24 +73,24 @@ func (p *OrgProjectMapping) EventQuery() (*es_models.SearchQuery, error) {
func (p *OrgProjectMapping) Reduce(event *es_models.Event) (err error) {
mapping := new(view_model.OrgProjectMapping)
switch event.Type {
case model.ProjectAdded:
switch eventstore.EventType(event.Type) {
case project.ProjectAddedType:
mapping.OrgID = event.ResourceOwner
mapping.ProjectID = event.AggregateID
mapping.InstanceID = event.InstanceID
case model.ProjectRemoved:
case project.ProjectRemovedType:
err := p.view.DeleteOrgProjectMappingsByProjectID(event.AggregateID)
if err == nil {
return p.view.ProcessedOrgProjectMappingSequence(event)
}
case model.ProjectGrantAdded:
case project.GrantAddedType:
projectGrant := new(view_model.ProjectGrant)
projectGrant.SetData(event)
mapping.OrgID = projectGrant.GrantedOrgID
mapping.ProjectID = event.AggregateID
mapping.ProjectGrantID = projectGrant.GrantID
mapping.InstanceID = projectGrant.InstanceID
case model.ProjectGrantRemoved:
case project.GrantRemovedType:
projectGrant := new(view_model.ProjectGrant)
projectGrant.SetData(event)
err := p.view.DeleteOrgProjectMappingsByProjectGrantID(event.AggregateID)

27
internal/auth/repository/eventsourcing/handler/refresh_token.go
View File

@ -7,13 +7,12 @@ import (
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/v1"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
user_repo "github.com/caos/zitadel/internal/repository/user"
user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/project"
"github.com/caos/zitadel/internal/repository/user"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -56,7 +55,7 @@ func (t *RefreshToken) Subscription() *v1.Subscription {
}
func (t *RefreshToken) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{user_es_model.UserAggregate, project_es_model.ProjectAggregate}
return []es_models.AggregateType{user.AggregateType, project.AggregateType}
}
func (t *RefreshToken) CurrentSequence() (uint64, error) {
@ -73,21 +72,21 @@ func (t *RefreshToken) EventQuery() (*es_models.SearchQuery, error) {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
AggregateTypeFilter(user.AggregateType, project.AggregateType).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
switch eventstore.EventType(event.Type) {
case user_repo.HumanRefreshTokenAddedType:
case user.HumanRefreshTokenAddedType:
token := new(view_model.RefreshTokenView)
err := token.AppendEvent(event)
if err != nil {
return err
}
return t.view.PutRefreshToken(token, event)
case user_repo.HumanRefreshTokenRenewedType:
e := new(user_repo.HumanRefreshTokenRenewedEvent)
case user.HumanRefreshTokenRenewedType:
e := new(user.HumanRefreshTokenRenewedEvent)
if err := json.Unmarshal(event.Data, e); err != nil {
logging.Log("EVEN-DBbn4").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(nil, "MODEL-BHn75", "could not unmarshal data")
@ -101,16 +100,16 @@ func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
return err
}
return t.view.PutRefreshToken(token, event)
case user_repo.HumanRefreshTokenRemovedType:
e := new(user_repo.HumanRefreshTokenRemovedEvent)
case user.HumanRefreshTokenRemovedType:
e := new(user.HumanRefreshTokenRemovedEvent)
if err := json.Unmarshal(event.Data, e); err != nil {
logging.Log("EVEN-BDbh3").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(nil, "MODEL-Bz653", "could not unmarshal data")
}
return t.view.DeleteRefreshToken(e.TokenID, event)
case user_repo.UserLockedType,
user_repo.UserDeactivatedType,
user_repo.UserRemovedType:
case user.UserLockedType,
user.UserDeactivatedType,
user.UserRemovedType:
return t.view.DeleteUserRefreshTokens(event.AggregateID, event)
default:
return t.view.ProcessedRefreshTokenSequence(event)

42
internal/auth/repository/eventsourcing/handler/token.go
View File

@ -7,6 +7,7 @@ import (
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
@ -15,8 +16,9 @@ import (
proj_model "github.com/caos/zitadel/internal/project/model"
project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
proj_view "github.com/caos/zitadel/internal/project/repository/view"
"github.com/caos/zitadel/internal/repository/project"
"github.com/caos/zitadel/internal/repository/user"
user_repo "github.com/caos/zitadel/internal/repository/user"
user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -59,7 +61,7 @@ func (t *Token) Subscription() *v1.Subscription {
}
func (_ *Token) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{user_es_model.UserAggregate, project_es_model.ProjectAggregate}
return []es_models.AggregateType{user.AggregateType, project.AggregateType}
}
func (p *Token) CurrentSequence() (uint64, error) {
@ -76,22 +78,22 @@ func (t *Token) EventQuery() (*es_models.SearchQuery, error) {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
AggregateTypeFilter(user.AggregateType, project.AggregateType).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (t *Token) Reduce(event *es_models.Event) (err error) {
switch event.Type {
case user_es_model.UserTokenAdded,
es_models.EventType(user_repo.PersonalAccessTokenAddedType):
switch eventstore.EventType(event.Type) {
case user.UserTokenAddedType,
user_repo.PersonalAccessTokenAddedType:
token := new(view_model.TokenView)
err := token.AppendEvent(event)
if err != nil {
return err
}
return t.view.PutToken(token, event)
case user_es_model.UserProfileChanged,
user_es_model.HumanProfileChanged:
case user.UserV1ProfileChangedType,
user.HumanProfileChangedType:
user := new(view_model.UserView)
user.AppendEvent(event)
tokens, err := t.view.TokensByUserID(event.AggregateID)
@ -102,39 +104,39 @@ func (t *Token) Reduce(event *es_models.Event) (err error) {
token.PreferredLanguage = user.PreferredLanguage
}
return t.view.PutTokens(tokens, event)
case user_es_model.SignedOut,
user_es_model.HumanSignedOut:
case user.UserV1SignedOutType,
user.HumanSignedOutType:
id, err := agentIDFromSession(event)
if err != nil {
return err
}
return t.view.DeleteSessionTokens(id, event.AggregateID, event)
case user_es_model.UserLocked,
user_es_model.UserDeactivated,
user_es_model.UserRemoved:
case user.UserLockedType,
user.UserDeactivatedType,
user.UserRemovedType:
return t.view.DeleteUserTokens(event.AggregateID, event)
case es_models.EventType(user_repo.UserTokenRemovedType),
es_models.EventType(user_repo.PersonalAccessTokenRemovedType):
case user_repo.UserTokenRemovedType,
user_repo.PersonalAccessTokenRemovedType:
id, err := tokenIDFromRemovedEvent(event)
if err != nil {
return err
}
return t.view.DeleteToken(id, event)
case es_models.EventType(user_repo.HumanRefreshTokenRemovedType):
case user_repo.HumanRefreshTokenRemovedType:
id, err := refreshTokenIDFromRemovedEvent(event)
if err != nil {
return err
}
return t.view.DeleteTokensFromRefreshToken(id, event)
case project_es_model.ApplicationDeactivated,
project_es_model.ApplicationRemoved:
case project.ApplicationDeactivatedType,
project.ApplicationRemovedType:
application, err := applicationFromSession(event)
if err != nil {
return err
}
return t.view.DeleteApplicationTokens(event, application.AppID)
case project_es_model.ProjectDeactivated,
project_es_model.ProjectRemoved:
case project.ProjectDeactivatedType,
project.ProjectRemovedType:
project, err := t.getProjectByID(context.Background(), event.AggregateID)
if err != nil {
return err

118
internal/auth/repository/eventsourcing/handler/user.go
View File

@ -6,6 +6,7 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
@ -17,7 +18,6 @@ import (
query2 "github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/repository/org"
user_repo "github.com/caos/zitadel/internal/repository/user"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -62,7 +62,7 @@ func (u *User) Subscription() *v1.Subscription {
return u.subscription
}
func (_ *User) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
return []es_models.AggregateType{user_repo.AggregateType, org.AggregateType}
}
func (u *User) CurrentSequence() (uint64, error) {
@ -85,9 +85,9 @@ func (u *User) EventQuery() (*es_models.SearchQuery, error) {
func (u *User) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case es_model.UserAggregate:
case user_repo.AggregateType:
return u.ProcessUser(event)
case org_es_model.OrgAggregate:
case org.AggregateType:
return u.ProcessOrg(event)
default:
return nil
@ -96,63 +96,63 @@ func (u *User) Reduce(event *es_models.Event) (err error) {
func (u *User) ProcessUser(event *es_models.Event) (err error) {
user := new(view_model.UserView)
switch event.Type {
case es_model.UserAdded,
es_model.MachineAdded,
es_model.HumanAdded,
es_model.UserRegistered,
es_model.HumanRegistered:
switch eventstore.EventType(event.Type) {
case user_repo.UserV1AddedType,
user_repo.MachineAddedEventType,
user_repo.HumanAddedType,
user_repo.UserV1RegisteredType,
user_repo.HumanRegisteredType:
err = user.AppendEvent(event)
if err != nil {
return err
}
err = u.fillLoginNames(user)
case es_model.UserProfileChanged,
es_model.UserEmailChanged,
es_model.UserEmailVerified,
es_model.UserPhoneChanged,
es_model.UserPhoneVerified,
es_model.UserPhoneRemoved,
es_model.UserAddressChanged,
es_model.UserDeactivated,
es_model.UserReactivated,
es_model.UserLocked,
es_model.UserUnlocked,
es_model.MFAOTPAdded,
es_model.MFAOTPVerified,
es_model.MFAOTPRemoved,
es_model.MFAInitSkipped,
es_model.UserPasswordChanged,
es_model.HumanProfileChanged,
es_model.HumanEmailChanged,
es_model.HumanEmailVerified,
es_model.HumanAvatarAdded,
es_model.HumanAvatarRemoved,
es_model.HumanPhoneChanged,
es_model.HumanPhoneVerified,
es_model.HumanPhoneRemoved,
es_model.HumanAddressChanged,
es_model.HumanMFAOTPAdded,
es_model.HumanMFAOTPVerified,
es_model.HumanMFAOTPRemoved,
es_model.HumanMFAU2FTokenAdded,
es_model.HumanMFAU2FTokenVerified,
es_model.HumanMFAU2FTokenRemoved,
es_model.HumanPasswordlessTokenAdded,
es_model.HumanPasswordlessTokenVerified,
es_model.HumanPasswordlessTokenRemoved,
es_model.HumanMFAInitSkipped,
es_model.MachineChanged,
es_model.HumanPasswordChanged,
es_models.EventType(user_repo.HumanPasswordlessInitCodeAddedType),
es_models.EventType(user_repo.HumanPasswordlessInitCodeRequestedType):
case user_repo.UserV1ProfileChangedType,
user_repo.UserV1EmailChangedType,
user_repo.UserV1EmailVerifiedType,
user_repo.UserV1PhoneChangedType,
user_repo.UserV1PhoneVerifiedType,
user_repo.UserV1PhoneRemovedType,
user_repo.UserV1AddressChangedType,
user_repo.UserDeactivatedType,
user_repo.UserReactivatedType,
user_repo.UserLockedType,
user_repo.UserUnlockedType,
user_repo.UserV1MFAOTPAddedType,
user_repo.UserV1MFAOTPVerifiedType,
user_repo.UserV1MFAOTPRemovedType,
user_repo.UserV1MFAInitSkippedType,
user_repo.UserV1PasswordChangedType,
user_repo.HumanProfileChangedType,
user_repo.HumanEmailChangedType,
user_repo.HumanEmailVerifiedType,
user_repo.HumanAvatarAddedType,
user_repo.HumanAvatarRemovedType,
user_repo.HumanPhoneChangedType,
user_repo.HumanPhoneVerifiedType,
user_repo.HumanPhoneRemovedType,
user_repo.HumanAddressChangedType,
user_repo.HumanMFAOTPAddedType,
user_repo.HumanMFAOTPVerifiedType,
user_repo.HumanMFAOTPRemovedType,
user_repo.HumanU2FTokenAddedType,
user_repo.HumanU2FTokenVerifiedType,
user_repo.HumanU2FTokenRemovedType,
user_repo.HumanPasswordlessTokenAddedType,
user_repo.HumanPasswordlessTokenVerifiedType,
user_repo.HumanPasswordlessTokenRemovedType,
user_repo.HumanMFAInitSkippedType,
user_repo.MachineChangedEventType,
user_repo.HumanPasswordChangedType,
user_repo.HumanPasswordlessInitCodeAddedType,
user_repo.HumanPasswordlessInitCodeRequestedType:
user, err = u.view.UserByID(event.AggregateID)
if err != nil {
return err
}
err = user.AppendEvent(event)
case es_model.DomainClaimed,
es_model.UserUserNameChanged:
case user_repo.UserDomainClaimedType,
user_repo.UserUserNameChangedType:
user, err = u.view.UserByID(event.AggregateID)
if err != nil {
return err
@ -162,7 +162,7 @@ func (u *User) ProcessUser(event *es_models.Event) (err error) {
return err
}
err = u.fillLoginNames(user)
case es_model.UserRemoved:
case user_repo.UserRemovedType:
return u.view.DeleteUser(event.AggregateID, event)
default:
return u.view.ProcessedUserSequence(event)
@ -184,14 +184,14 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
}
func (u *User) ProcessOrg(event *es_models.Event) (err error) {
switch event.Type {
case org_es_model.OrgDomainVerified,
org_es_model.OrgDomainRemoved,
es_models.EventType(org.DomainPolicyAddedEventType),
es_models.EventType(org.DomainPolicyChangedEventType),
es_models.EventType(org.DomainPolicyRemovedEventType):
switch eventstore.EventType(event.Type) {
case org.OrgDomainVerifiedEventType,
org.OrgDomainRemovedEventType,
org.DomainPolicyAddedEventType,
org.DomainPolicyChangedEventType,
org.DomainPolicyRemovedEventType:
return u.fillLoginNamesOnOrgUsers(event)
case org_es_model.OrgDomainPrimarySet:
case org.OrgDomainPrimarySetEventType:
return u.fillPreferredLoginNamesOnOrgUsers(event)
default:
return u.view.ProcessedUserSequence(event)

31
internal/auth/repository/eventsourcing/handler/user_external_idps.go
View File

@ -8,16 +8,17 @@ import (
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
query2 "github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
"github.com/caos/zitadel/internal/repository/user"
usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -66,7 +67,7 @@ func (i *ExternalIDP) Subscription() *v1.Subscription {
}
func (_ *ExternalIDP) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate}
return []es_models.AggregateType{user.AggregateType, instance.AggregateType, org.AggregateType}
}
func (i *ExternalIDP) CurrentSequence() (uint64, error) {
@ -89,9 +90,9 @@ func (i *ExternalIDP) EventQuery() (*es_models.SearchQuery, error) {
func (i *ExternalIDP) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.UserAggregate:
case user.AggregateType:
err = i.processUser(event)
case iam_es_model.IAMAggregate, org_es_model.OrgAggregate:
case instance.AggregateType, org.AggregateType:
err = i.processIdpConfig(event)
}
return err
@ -99,20 +100,20 @@ func (i *ExternalIDP) Reduce(event *es_models.Event) (err error) {
func (i *ExternalIDP) processUser(event *es_models.Event) (err error) {
externalIDP := new(usr_view_model.ExternalIDPView)
switch event.Type {
case model.HumanExternalIDPAdded:
switch eventstore.EventType(event.Type) {
case user.UserIDPLinkAddedType:
err = externalIDP.AppendEvent(event)
if err != nil {
return err
}
err = i.fillData(externalIDP)
case model.HumanExternalIDPRemoved, model.HumanExternalIDPCascadeRemoved:
case user.UserIDPLinkRemovedType, user.UserIDPLinkCascadeRemovedType:
err = externalIDP.SetData(event)
if err != nil {
return err
}
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event)
case model.UserRemoved:
case user.UserRemovedType:
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event)
default:
return i.view.ProcessedExternalIDPSequence(event)
@ -124,11 +125,11 @@ func (i *ExternalIDP) processUser(event *es_models.Event) (err error) {
}
func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
switch event.Type {
case iam_es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
switch eventstore.EventType(event.Type) {
case instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType:
configView := new(iam_view_model.IDPConfigView)
config := new(query2.IDP)
if event.Type == iam_es_model.IDPConfigChanged {
if eventstore.EventType(event.Type) == instance.IDPConfigChangedEventType {
configView.AppendEvent(iam_model.IDPProviderTypeSystem, event)
} else {
configView.AppendEvent(iam_model.IDPProviderTypeOrg, event)
@ -137,7 +138,7 @@ func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
if err != nil {
return err
}
if event.AggregateType == iam_es_model.IAMAggregate {
if event.AggregateType == instance.AggregateType {
config, err = i.getDefaultIDPConfig(event.InstanceID, configView.IDPConfigID)
} else {
config, err = i.getOrgIDPConfig(event.InstanceID, event.AggregateID, configView.IDPConfigID)
@ -172,7 +173,7 @@ func (i *ExternalIDP) fillConfigData(externalIDP *usr_view_model.ExternalIDPView
}
func (i *ExternalIDP) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-4Rsu8", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
logging.WithFields("id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
return spooler.HandleError(event, err, i.view.GetLatestExternalIDPFailedEvent, i.view.ProcessedExternalIDPFailedEvent, i.view.ProcessedExternalIDPSequence, i.errorCountUntilSkip)
}

75
internal/auth/repository/eventsourcing/handler/user_session.go
View File

@ -3,13 +3,14 @@ package handler
import (
"github.com/caos/logging"
req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/user"
"github.com/caos/zitadel/internal/user/repository/view"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -53,7 +54,7 @@ func (u *UserSession) Subscription() *v1.Subscription {
}
func (_ *UserSession) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.UserAggregate}
return []models.AggregateType{user.AggregateType}
}
func (u *UserSession) CurrentSequence() (uint64, error) {
@ -74,22 +75,22 @@ func (u *UserSession) EventQuery() (*models.SearchQuery, error) {
func (u *UserSession) Reduce(event *models.Event) (err error) {
var session *view_model.UserSessionView
switch event.Type {
case es_model.UserPasswordCheckSucceeded,
es_model.UserPasswordCheckFailed,
es_model.MFAOTPCheckSucceeded,
es_model.MFAOTPCheckFailed,
es_model.SignedOut,
es_model.HumanPasswordCheckSucceeded,
es_model.HumanPasswordCheckFailed,
es_model.HumanExternalLoginCheckSucceeded,
es_model.HumanMFAOTPCheckSucceeded,
es_model.HumanMFAOTPCheckFailed,
es_model.HumanMFAU2FTokenCheckSucceeded,
es_model.HumanMFAU2FTokenCheckFailed,
es_model.HumanPasswordlessTokenCheckSucceeded,
es_model.HumanPasswordlessTokenCheckFailed,
es_model.HumanSignedOut:
switch eventstore.EventType(event.Type) {
case user.UserV1PasswordCheckSucceededType,
user.UserV1PasswordCheckFailedType,
user.UserV1MFAOTPCheckSucceededType,
user.UserV1MFAOTPCheckFailedType,
user.UserV1SignedOutType,
user.HumanPasswordCheckSucceededType,
user.HumanPasswordCheckFailedType,
user.UserIDPLoginCheckSucceededType,
user.HumanMFAOTPCheckSucceededType,
user.HumanMFAOTPCheckFailedType,
user.HumanU2FTokenCheckSucceededType,
user.HumanU2FTokenCheckFailedType,
user.HumanPasswordlessTokenCheckSucceededType,
user.HumanPasswordlessTokenCheckFailedType,
user.HumanSignedOutType:
eventData, err := view_model.UserSessionFromEvent(event)
if err != nil {
return err
@ -104,27 +105,27 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
ResourceOwner: event.ResourceOwner,
UserAgentID: eventData.UserAgentID,
UserID: event.AggregateID,
State: int32(req_model.UserSessionStateActive),
State: int32(domain.UserSessionStateActive),
InstanceID: event.InstanceID,
}
}
return u.updateSession(session, event)
case es_model.UserPasswordChanged,
es_model.MFAOTPRemoved,
es_model.UserProfileChanged,
es_model.UserLocked,
es_model.UserDeactivated,
es_model.HumanPasswordChanged,
es_model.HumanMFAOTPRemoved,
es_model.HumanProfileChanged,
es_model.HumanAvatarAdded,
es_model.HumanAvatarRemoved,
es_model.DomainClaimed,
es_model.UserUserNameChanged,
es_model.HumanExternalIDPRemoved,
es_model.HumanExternalIDPCascadeRemoved,
es_model.HumanPasswordlessTokenRemoved,
es_model.HumanMFAU2FTokenRemoved:
case user.UserV1PasswordChangedType,
user.UserV1MFAOTPRemovedType,
user.UserV1ProfileChangedType,
user.UserLockedType,
user.UserDeactivatedType,
user.HumanPasswordChangedType,
user.HumanMFAOTPRemovedType,
user.HumanProfileChangedType,
user.HumanAvatarAddedType,
user.HumanAvatarRemovedType,
user.UserDomainClaimedType,
user.UserUserNameChangedType,
user.UserIDPLinkRemovedType,
user.UserIDPLinkCascadeRemovedType,
user.HumanPasswordlessTokenRemovedType,
user.HumanU2FTokenRemovedType:
sessions, err := u.view.UserSessionsByUserID(event.AggregateID)
if err != nil {
return err
@ -141,7 +142,7 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
}
}
return u.view.PutUserSessions(sessions, event)
case es_model.UserRemoved:
case user.UserRemovedType:
return u.view.DeleteUserSessions(event.AggregateID, event)
default:
return u.view.ProcessedUserSessionSequence(event)

9
internal/auth/repository/eventsourcing/view/external_idps.go
View File

@ -3,7 +3,6 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
@ -25,14 +24,6 @@ func (v *View) ExternalIDPsByIDPConfigID(idpConfigID string) ([]*model.ExternalI
return view.ExternalIDPsByIDPConfigID(v.Db, externalIDPTable, idpConfigID)
}
func (v *View) ExternalIDPsByUserID(userID string) ([]*model.ExternalIDPView, error) {
return view.ExternalIDPsByUserID(v.Db, externalIDPTable, userID)
}
func (v *View) SearchExternalIDPs(request *usr_model.ExternalIDPSearchRequest) ([]*model.ExternalIDPView, uint64, error) {
return view.SearchExternalIDPs(v.Db, externalIDPTable, request)
}
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, event *models.Event) error {
err := view.PutExternalIDP(v.Db, externalIDPTable, externalIDP)
if err != nil {

9
internal/auth/repository/user.go
View File

@ -2,17 +2,8 @@ package repository
import (
"context"
"time"
"github.com/caos/zitadel/internal/user/model"
)
type UserRepository interface {
myUserRepo
UserSessionUserIDsByAgentID(ctx context.Context, agentID string) ([]string, error)
}
type myUserRepo interface {
MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error)
}

169
internal/auth_request/model/auth_request.go
View File

@ -1,169 +0,0 @@
package model
import (
"strings"
"time"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/errors"
)
type AuthRequest struct {
ID string
AgentID string
CreationDate time.Time
ChangeDate time.Time
BrowserInfo *BrowserInfo
ApplicationID string
CallbackURI string
TransferState string
Prompt Prompt
PossibleLOAs []LevelOfAssurance
UiLocales []string
LoginHint string
MaxAuthAge uint32
Request Request
levelOfAssurance LevelOfAssurance
UserID string
UserName string
LoginName string
DisplayName string
UserOrgID string
RequestedOrgID string
RequestedOrgName string
RequestedPrimaryDomain string
SelectedIDPConfigID string
LinkingUsers []*ExternalUser
PossibleSteps []NextStep
PasswordVerified bool
MFAsVerified []MFAType
Audience []string
AuthTime time.Time
Code string
LoginPolicy *model.LoginPolicyView
LabelPolicy *model.LabelPolicyView
AllowedExternalIDPs []*model.IDPProviderView
}
type ExternalUser struct {
IDPConfigID string
ExternalUserID string
DisplayName string
PreferredUsername string
FirstName string
LastName string
NickName string
Email string
IsEmailVerified bool
PreferredLanguage language.Tag
Phone string
IsPhoneVerified bool
}
type Prompt int32
const (
PromptUnspecified Prompt = iota
PromptNone
PromptLogin
PromptConsent
PromptSelectAccount
)
type LevelOfAssurance int
const (
LevelOfAssuranceNone LevelOfAssurance = iota
)
func NewAuthRequest(id, agentID string, info *BrowserInfo, applicationID, callbackURI, transferState string,
prompt Prompt, possibleLOAs []LevelOfAssurance, uiLocales []string, loginHint, preselectedUserID string, maxAuthAge uint32, request Request) *AuthRequest {
return &AuthRequest{
ID: id,
AgentID: agentID,
BrowserInfo: info,
ApplicationID: applicationID,
CallbackURI: callbackURI,
TransferState: transferState,
Prompt: prompt,
PossibleLOAs: possibleLOAs,
UiLocales: uiLocales,
LoginHint: loginHint,
UserID: preselectedUserID,
MaxAuthAge: maxAuthAge,
Request: request,
}
}
func NewAuthRequestFromType(requestType AuthRequestType) (*AuthRequest, error) {
request, ok := authRequestTypeMapping[requestType]
if !ok {
return nil, errors.ThrowInvalidArgument(nil, "MODEL-ds2kl", "invalid request type")
}
return &AuthRequest{Request: request}, nil
}
func (a *AuthRequest) IsValid() bool {
return a.ID != "" &&
a.AgentID != "" &&
a.BrowserInfo != nil && a.BrowserInfo.IsValid() &&
a.ApplicationID != "" &&
a.CallbackURI != "" &&
a.Request != nil && a.Request.IsValid()
}
func (a *AuthRequest) MFALevel() MFALevel {
return -1
//PLANNED: check a.PossibleLOAs (and Prompt Login?)
}
func (a *AuthRequest) WithCurrentInfo(info *BrowserInfo) *AuthRequest {
a.BrowserInfo = info
return a
}
func (a *AuthRequest) SetUserInfo(userID, userName, loginName, displayName, userOrgID string) {
a.UserID = userID
a.UserName = userName
a.LoginName = loginName
a.DisplayName = displayName
a.UserOrgID = userOrgID
}
func (a *AuthRequest) GetScopeOrgPrimaryDomain() string {
switch request := a.Request.(type) {
case *AuthRequestOIDC:
for _, scope := range request.Scopes {
if strings.HasPrefix(scope, OrgDomainPrimaryScope) {
return strings.TrimPrefix(scope, OrgDomainPrimaryScope)
}
}
}
return ""
}
func (a *AuthRequest) GetScopeProjectIDsForAud() []string {
projectIDs := make([]string, 0)
switch request := a.Request.(type) {
case *AuthRequestOIDC:
for _, scope := range request.Scopes {
if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
projectIDs = append(projectIDs, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
}
}
}
return projectIDs
}
func (a *AuthRequest) AppendAudIfNotExisting(aud string) {
for _, a := range a.Audience {
if a == aud {
return
}
}
a.Audience = append(a.Audience, aud)
}

263
internal/auth_request/model/auth_request_test.go
View File

@ -1,263 +0,0 @@
package model
import (
"net"
"reflect"
"testing"
)
func TestAuthRequest_IsValid(t *testing.T) {
type fields struct {
ID string
AgentID string
BrowserInfo *BrowserInfo
ApplicationID string
CallbackURI string
Request Request
}
tests := []struct {
name string
fields fields
want bool
}{
{
"missing id, false",
fields{},
false,
},
{
"missing agent id, false",
fields{
ID: "id",
},
false,
},
{
"missing browser info, false",
fields{
ID: "id",
AgentID: "agentID",
},
false,
},
{
"browser info invalid, false",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{},
},
false,
},
{
"missing application id, false",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "user agent",
AcceptLanguage: "accept language",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
},
false,
},
{
"missing callback uri, false",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "user agent",
AcceptLanguage: "accept language",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
ApplicationID: "appID",
},
false,
},
{
"missing request, false",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "user agent",
AcceptLanguage: "accept language",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
ApplicationID: "appID",
CallbackURI: "schema://callback",
},
false,
},
{
"request invalid, false",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "user agent",
AcceptLanguage: "accept language",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
ApplicationID: "appID",
CallbackURI: "schema://callback",
Request: &AuthRequestOIDC{},
},
false,
},
{
"valid auth request, true",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "user agent",
AcceptLanguage: "accept language",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
ApplicationID: "appID",
CallbackURI: "schema://callback",
Request: &AuthRequestOIDC{
Scopes: []string{"openid"},
CodeChallenge: &OIDCCodeChallenge{
Challenge: "challenge",
Method: CodeChallengeMethodS256,
},
},
},
true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthRequest{
ID: tt.fields.ID,
AgentID: tt.fields.AgentID,
BrowserInfo: tt.fields.BrowserInfo,
ApplicationID: tt.fields.ApplicationID,
CallbackURI: tt.fields.CallbackURI,
Request: tt.fields.Request,
}
if got := a.IsValid(); got != tt.want {
t.Errorf("IsValid() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthRequest_MFALevel(t *testing.T) {
type fields struct {
Prompt Prompt
PossibleLOAs []LevelOfAssurance
}
tests := []struct {
name string
fields fields
want MFALevel
}{
//PLANNED: Add / replace test cases when LOA is set
{"-1",
fields{},
-1,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthRequest{
Prompt: tt.fields.Prompt,
PossibleLOAs: tt.fields.PossibleLOAs,
}
if got := a.MFALevel(); got != tt.want {
t.Errorf("MFALevel() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthRequest_WithCurrentInfo(t *testing.T) {
type fields struct {
ID string
AgentID string
BrowserInfo *BrowserInfo
}
type args struct {
info *BrowserInfo
}
tests := []struct {
name string
fields fields
args args
want *AuthRequest
}{
{
"unchanged",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
},
args{
&BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
},
&AuthRequest{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
},
},
{
"changed",
fields{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(29, 4, 20, 19),
},
},
args{
&BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(16, 12, 20, 19),
},
},
&AuthRequest{
ID: "id",
AgentID: "agentID",
BrowserInfo: &BrowserInfo{
UserAgent: "ua",
AcceptLanguage: "de",
RemoteIP: net.IPv4(16, 12, 20, 19),
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthRequest{
ID: tt.fields.ID,
AgentID: tt.fields.AgentID,
BrowserInfo: tt.fields.BrowserInfo,
}
if got := a.WithCurrentInfo(tt.args.info); !reflect.DeepEqual(got, tt.want) {
t.Errorf("WithCurrentInfo() = %v, want %v", got, tt.want)
}
})
}
}

28
internal/auth_request/model/browser_info.go
View File

@ -1,28 +0,0 @@
package model
import (
"net"
"net/http"
http_util "github.com/caos/zitadel/internal/api/http"
)
type BrowserInfo struct {
UserAgent string
AcceptLanguage string
RemoteIP net.IP
}
func BrowserInfoFromRequest(r *http.Request) *BrowserInfo {
return &BrowserInfo{
UserAgent: r.Header.Get(http_util.UserAgentHeader),
AcceptLanguage: r.Header.Get(http_util.AcceptLanguage),
RemoteIP: http_util.RemoteIPFromRequest(r),
}
}
func (i *BrowserInfo) IsValid() bool {
return i.UserAgent != "" &&
i.AcceptLanguage != "" &&
i.RemoteIP != nil && !i.RemoteIP.IsUnspecified()
}

17
internal/auth_request/model/code_challenge.go
View File

@ -1,17 +0,0 @@
package model
type OIDCCodeChallenge struct {
Challenge string
Method OIDCCodeChallengeMethod
}
func (c *OIDCCodeChallenge) IsValid() bool {
return c.Challenge != ""
}
type OIDCCodeChallengeMethod int32
const (
CodeChallengeMethodPlain OIDCCodeChallengeMethod = iota
CodeChallengeMethodS256
)

213
internal/auth_request/model/next_step.go
View File

@ -1,213 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
)
type NextStep interface {
Type() NextStepType
}
type NextStepType int32
const (
NextStepUnspecified NextStepType = iota
NextStepLogin
NextStepUserSelection
NextStepInitUser
NextStepPassword
NextStepChangePassword
NextStepInitPassword
NextStepVerifyEmail
NextStepMFAPrompt
NextStepMFAVerify
NextStepRedirectToCallback
NextStepChangeUsername
NextStepLinkUsers
NextStepExternalNotFoundOption
NextStepExternalLogin
NextStepGrantRequired
NextStepPasswordless
)
type UserSessionState int32
const (
UserSessionStateActive UserSessionState = iota
UserSessionStateTerminated
)
type LoginStep struct{}
func (s *LoginStep) Type() NextStepType {
return NextStepLogin
}
type SelectUserStep struct {
Users []UserSelection
}
func (s *SelectUserStep) Type() NextStepType {
return NextStepUserSelection
}
type UserSelection struct {
UserID string
DisplayName string
UserName string
LoginName string
UserSessionState UserSessionState
SelectionPossible bool
}
type InitUserStep struct {
PasswordSet bool
}
type ExternalNotFoundOptionStep struct{}
func (s *ExternalNotFoundOptionStep) Type() NextStepType {
return NextStepExternalNotFoundOption
}
func (s *InitUserStep) Type() NextStepType {
return NextStepInitUser
}
type PasswordStep struct{}
func (s *PasswordStep) Type() NextStepType {
return NextStepPassword
}
type ExternalLoginStep struct {
SelectedIDPConfigID string
}
func (s *ExternalLoginStep) Type() NextStepType {
return NextStepExternalLogin
}
type PasswordlessStep struct{}
func (s *PasswordlessStep) Type() NextStepType {
return NextStepPasswordless
}
type ChangePasswordStep struct{}
func (s *ChangePasswordStep) Type() NextStepType {
return NextStepChangePassword
}
type InitPasswordStep struct{}
func (s *InitPasswordStep) Type() NextStepType {
return NextStepInitPassword
}
type ChangeUsernameStep struct{}
func (s *ChangeUsernameStep) Type() NextStepType {
return NextStepChangeUsername
}
type VerifyEMailStep struct{}
func (s *VerifyEMailStep) Type() NextStepType {
return NextStepVerifyEmail
}
type MFAPromptStep struct {
Required bool
MFAProviders []MFAType
}
func (s *MFAPromptStep) Type() NextStepType {
return NextStepMFAPrompt
}
type MFAVerificationStep struct {
MFAProviders []MFAType
}
func (s *MFAVerificationStep) Type() NextStepType {
return NextStepMFAVerify
}
type LinkUsersStep struct{}
func (s *LinkUsersStep) Type() NextStepType {
return NextStepLinkUsers
}
type GrantRequiredStep struct{}
func (s *GrantRequiredStep) Type() NextStepType {
return NextStepGrantRequired
}
type RedirectToCallbackStep struct{}
func (s *RedirectToCallbackStep) Type() NextStepType {
return NextStepRedirectToCallback
}
type MFAType int
const (
MFATypeOTP MFAType = iota
MFATypeU2F
MFATypeU2FUserVerification
)
type MFALevel int
const (
MFALevelNotSetUp MFALevel = iota
MFALevelSecondFactor
MFALevelMultiFactor
MFALevelMultiFactorCertified
)
func MFATypeToDomain(mfaType MFAType) domain.MFAType {
switch mfaType {
case MFATypeOTP:
return domain.MFATypeOTP
case MFATypeU2F:
return domain.MFATypeU2F
case MFATypeU2FUserVerification:
return domain.MFATypeU2FUserVerification
default:
return domain.MFATypeOTP
}
}
func MFALevelToDomain(mfaLevel MFALevel) domain.MFALevel {
switch mfaLevel {
case MFALevelNotSetUp:
return domain.MFALevelNotSetUp
case MFALevelSecondFactor:
return domain.MFALevelSecondFactor
case MFALevelMultiFactor:
return domain.MFALevelMultiFactor
case MFALevelMultiFactorCertified:
return domain.MFALevelMultiFactorCertified
default:
return domain.MFALevelNotSetUp
}
}
func UserSessionStateToDomain(state UserSessionState) domain.UserSessionState {
switch state {
case UserSessionStateActive:
return domain.UserSessionStateActive
case UserSessionStateTerminated:
return domain.UserSessionStateTerminated
default:
return domain.UserSessionStateActive
}
}

62
internal/auth_request/model/request.go
View File

@ -1,62 +0,0 @@
package model
type Request interface {
Type() AuthRequestType
IsValid() bool
}
type AuthRequestType int32
var (
authRequestTypeMapping = map[AuthRequestType]Request{
AuthRequestTypeOIDC: &AuthRequestOIDC{},
}
)
const (
AuthRequestTypeOIDC AuthRequestType = iota
AuthRequestTypeSAML
)
const (
OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
ProjectIDScope = "urn:zitadel:iam:org:project:id:"
AudSuffix = ":aud"
SelectIDPScope = "urn:zitadel:iam:org:idp:id:"
)
type AuthRequestOIDC struct {
Scopes []string
ResponseType OIDCResponseType
Nonce string
CodeChallenge *OIDCCodeChallenge
}
func (a *AuthRequestOIDC) Type() AuthRequestType {
return AuthRequestTypeOIDC
}
func (a *AuthRequestOIDC) IsValid() bool {
return len(a.Scopes) > 0 &&
a.CodeChallenge == nil || a.CodeChallenge != nil && a.CodeChallenge.IsValid()
}
type AuthRequestSAML struct {
}
func (a *AuthRequestSAML) Type() AuthRequestType {
return AuthRequestTypeSAML
}
func (a *AuthRequestSAML) IsValid() bool {
return true
}
type OIDCResponseType int32
const (
OIDCResponseTypeCode OIDCResponseType = iota
OIDCResponseTypeIdToken
OIDCResponseTypeIdTokenToken
)

17
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@ -14,7 +14,6 @@ import (
caos_errs "github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_view "github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/telemetry/tracing"
usr_model "github.com/caos/zitadel/internal/user/model"
@ -259,19 +258,3 @@ func (r *TokenVerifierRepo) getUserEvents(ctx context.Context, userID string, se
}
return r.Eventstore.FilterEvents(ctx, query)
}
func (repo *TokenVerifierRepo) checkDefaultFeatures(ctx context.Context, requiredFeatures ...string) error {
features, err := repo.Query.DefaultFeatures(ctx)
if err != nil {
return err
}
return checkFeatures(features, requiredFeatures...)
}
func (repo *TokenVerifierRepo) getIAMEvents(ctx context.Context, sequence uint64) ([]*models.Event, error) {
query, err := iam_view.IAMByIDQuery(domain.IAMID, sequence)
if err != nil {
return nil, err
}
return repo.Eventstore.FilterEvents(ctx, query)
}

65
internal/authz/repository/eventsourcing/handler/user_membership.go
View File

@ -6,20 +6,23 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_view "github.com/caos/zitadel/internal/org/repository/view"
proj_model "github.com/caos/zitadel/internal/project/model"
proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
proj_view "github.com/caos/zitadel/internal/project/repository/view"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
"github.com/caos/zitadel/internal/repository/project"
"github.com/caos/zitadel/internal/repository/user"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
usr_es_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -62,7 +65,7 @@ func (m *UserMembership) Subscription() *v1.Subscription {
}
func (_ *UserMembership) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate, model.UserAggregate}
return []es_models.AggregateType{instance.AggregateType, org.AggregateType, project.AggregateType, user.AggregateType}
}
func (m *UserMembership) CurrentSequence() (uint64, error) {
@ -85,13 +88,13 @@ func (m *UserMembership) EventQuery() (*es_models.SearchQuery, error) {
func (m *UserMembership) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case iam_es_model.IAMAggregate:
case instance.AggregateType:
err = m.processIAM(event)
case org_es_model.OrgAggregate:
case org.AggregateType:
err = m.processOrg(event)
case proj_es_model.ProjectAggregate:
case project.AggregateType:
err = m.processProject(event)
case model.UserAggregate:
case user.AggregateType:
err = m.processUser(event)
}
return err
@ -103,17 +106,17 @@ func (m *UserMembership) processIAM(event *es_models.Event) (err error) {
if err != nil {
return err
}
switch event.Type {
case iam_es_model.IAMMemberAdded:
switch eventstore.EventType(event.Type) {
case instance.MemberAddedEventType:
m.fillIamDisplayName(member)
case iam_es_model.IAMMemberChanged:
case instance.MemberChangedEventType:
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam)
if err != nil {
return err
}
err = member.AppendEvent(event)
case iam_es_model.IAMMemberRemoved,
iam_es_model.IAMMemberCascadeRemoved:
case instance.MemberRemovedEventType,
instance.MemberCascadeRemovedEventType:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event)
default:
return m.view.ProcessedUserMembershipSequence(event)
@ -135,19 +138,19 @@ func (m *UserMembership) processOrg(event *es_models.Event) (err error) {
if err != nil {
return err
}
switch event.Type {
case org_es_model.OrgMemberAdded:
switch eventstore.EventType(event.Type) {
case org.MemberAddedEventType:
err = m.fillOrgName(member)
case org_es_model.OrgMemberChanged:
case org.MemberChangedEventType:
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation)
if err != nil {
return err
}
err = member.AppendEvent(event)
case org_es_model.OrgMemberRemoved,
org_es_model.OrgMemberCascadeRemoved:
case org.MemberRemovedEventType,
org.MemberCascadeRemovedEventType:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event)
case org_es_model.OrgChanged:
case org.OrgChangedEventType:
return m.updateOrgName(event)
default:
return m.view.ProcessedUserMembershipSequence(event)
@ -195,35 +198,35 @@ func (m *UserMembership) processProject(event *es_models.Event) (err error) {
if err != nil {
return err
}
switch event.Type {
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectGrantMemberAdded:
switch eventstore.EventType(event.Type) {
case project.MemberAddedType, project.GrantMemberAddedType:
err = m.fillProjectDisplayName(member)
if err != nil {
return err
}
err = m.fillOrgName(member)
case proj_es_model.ProjectMemberChanged:
case project.MemberChangedType:
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject)
if err != nil {
return err
}
err = member.AppendEvent(event)
case proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
case project.MemberRemovedType, project.MemberCascadeRemovedType:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event)
case proj_es_model.ProjectGrantMemberChanged:
case project.GrantMemberChangedType:
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant)
if err != nil {
return err
}
err = member.AppendEvent(event)
case proj_es_model.ProjectGrantMemberRemoved,
proj_es_model.ProjectGrantMemberCascadeRemoved:
case project.GrantMemberRemovedType,
project.GrantMemberCascadeRemovedType:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event)
case proj_es_model.ProjectChanged:
case project.ProjectChangedType:
return m.updateProjectDisplayName(event)
case proj_es_model.ProjectRemoved:
case project.ProjectRemovedType:
return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event)
case proj_es_model.ProjectGrantRemoved:
case project.GrantRemovedType:
return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event)
default:
return m.view.ProcessedUserMembershipSequence(event)
@ -264,8 +267,8 @@ func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error
}
func (m *UserMembership) processUser(event *es_models.Event) (err error) {
switch event.Type {
case model.UserRemoved:
switch eventstore.EventType(event.Type) {
case user.UserRemovedType:
return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event)
default:
return m.view.ProcessedUserMembershipSequence(event)
@ -273,7 +276,7 @@ func (m *UserMembership) processUser(event *es_models.Event) (err error) {
}
func (m *UserMembership) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Ms3fj", "id", event.AggregateID).WithError(err).Warn("something went wrong in user membership handler")
logging.WithFields("id", event.AggregateID).WithError(err).Warn("something went wrong in user membership handler")
return spooler.HandleError(event, err, m.view.GetLatestUserMembershipFailedEvent, m.view.ProcessedUserMembershipFailedEvent, m.view.ProcessedUserMembershipSequence, m.errorCountUntilSkip)
}

1
internal/domain/request.go
View File

@ -5,6 +5,7 @@ const (
OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
ProjectIDScope = "urn:zitadel:iam:org:project:id:"
AudSuffix = ":aud"
SelectIDPScope = "urn:zitadel:iam:org:idp:id:"
)
//TODO: Change AuthRequest to interface and let oidcauthreqesut implement it

54
internal/iam/model/custom_text_view.go
View File

@ -1,54 +0,0 @@
package model
import (
"time"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
)
type CustomTextView struct {
AggregateID string
Template string
Language language.Tag
Key string
Text string
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type CustomTextSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn CustomTextSearchKey
Asc bool
Queries []*CustomTextSearchQuery
}
type CustomTextSearchKey int32
const (
CustomTextSearchKeyUnspecified CustomTextSearchKey = iota
CustomTextSearchKeyAggregateID
CustomTextSearchKeyTemplate
CustomTextSearchKeyLanguage
CustomTextSearchKeyKey
)
type CustomTextSearchQuery struct {
Key CustomTextSearchKey
Method domain.SearchMethod
Value interface{}
}
type CustomTextSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*CustomTextView
Sequence uint64
Timestamp time.Time
}

70
internal/iam/model/iam_member_view.go
View File

@ -1,70 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
caos_errors "github.com/caos/zitadel/internal/errors"
"time"
)
type IAMMemberView struct {
UserID string
IAMID string
UserName string
Email string
FirstName string
LastName string
DisplayName string
PreferredLoginName string
AvatarURL string
UserResourceOwner string
Roles []string
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type IAMMemberSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IAMMemberSearchKey
Asc bool
Queries []*IAMMemberSearchQuery
}
type IAMMemberSearchKey int32
const (
IAMMemberSearchKeyUnspecified IAMMemberSearchKey = iota
IAMMemberSearchKeyUserName
IAMMemberSearchKeyEmail
IAMMemberSearchKeyFirstName
IAMMemberSearchKeyLastName
IAMMemberSearchKeyIamID
IAMMemberSearchKeyUserID
)
type IAMMemberSearchQuery struct {
Key IAMMemberSearchKey
Method domain.SearchMethod
Value interface{}
}
type IAMMemberSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IAMMemberView
Sequence uint64
Timestamp time.Time
}
func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) error {
if r.Limit > limit {
return caos_errors.ThrowInvalidArgument(nil, "SEARCH-vn8ds", "Errors.Limit.ExceedsDefault")
}
if r.Limit == 0 {
r.Limit = limit
}
return nil
}

93
internal/iam/repository/eventsourcing/model/iam.go
View File

@ -1,93 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
IAMVersion = "v1"
)
type Step int
const (
Step1 = Step(model.Step1)
Step2 = Step(model.Step2)
StepCount = Step(model.StepCount)
)
type IAM struct {
es_models.ObjectRoot
SetUpStarted Step `json:"-"`
SetUpDone Step `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IAMProjectID string `json:"iamProjectId,omitempty"`
}
func IAMToModel(iam *IAM) *model.IAM {
converted := &model.IAM{
ObjectRoot: iam.ObjectRoot,
SetUpStarted: domain.Step(iam.SetUpStarted),
SetUpDone: domain.Step(iam.SetUpDone),
GlobalOrgID: iam.GlobalOrgID,
IAMProjectID: iam.IAMProjectID,
}
return converted
}
func (i *IAM) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := i.AppendEvent(event); err != nil {
return err
}
}
return nil
}
func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
i.ObjectRoot.AppendEvent(event)
switch event.Type {
case IAMSetupStarted:
if len(event.Data) == 0 {
i.SetUpStarted = Step(model.Step1)
return
}
step := new(struct{ Step Step })
err = json.Unmarshal(event.Data, step)
if err != nil {
return err
}
i.SetUpStarted = step.Step
case IAMSetupDone:
if len(event.Data) == 0 {
i.SetUpDone = Step(model.Step1)
return
}
step := new(struct{ Step Step })
err = json.Unmarshal(event.Data, step)
if err != nil {
return err
}
i.SetUpDone = step.Step
case IAMProjectSet,
GlobalOrgSet:
err = i.SetData(event)
}
return err
}
func (i *IAM) SetData(event *es_models.Event) error {
i.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, i); err != nil {
logging.Log("EVEN-9sie4").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-slwi3", "could not unmarshal event")
}
return nil
}

75
internal/iam/repository/eventsourcing/model/iam_test.go
View File

@ -1,75 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
func mockIamData(iam *IAM) []byte {
data, _ := json.Marshal(iam)
return data
}
func TestProjectRoleAppendEvent(t *testing.T) {
type args struct {
event *es_models.Event
iam *IAM
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append set up start event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupStarted, ResourceOwner: "OrgID"},
iam: &IAM{},
},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
},
{
name: "append set up done event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupDone, ResourceOwner: "OrgID"},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, SetUpDone: Step1},
},
{
name: "append globalorg event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{GlobalOrgID: "GlobalOrg"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, GlobalOrgID: "GlobalOrg"},
},
{
name: "append iamproject event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{IAMProjectID: "IamProject"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, IAMProjectID: "IamProject"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
tt.args.iam.AppendEvent(tt.args.event)
if tt.args.iam.AggregateID != tt.result.AggregateID {
t.Errorf("got wrong result AggregateID: expected: %v, actual: %v ", tt.result.AggregateID, tt.args.iam.AggregateID)
}
if tt.args.iam.SetUpDone != tt.result.SetUpDone {
t.Errorf("got wrong result SetUpDone: expected: %v, actual: %v ", tt.result.SetUpDone, tt.args.iam.SetUpDone)
}
if tt.args.iam.GlobalOrgID != tt.result.GlobalOrgID {
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.result.GlobalOrgID, tt.args.iam.GlobalOrgID)
}
if tt.args.iam.IAMProjectID != tt.result.IAMProjectID {
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.result.IAMProjectID, tt.args.iam.IAMProjectID)
}
})
}
}

78
internal/iam/repository/eventsourcing/model/idp_config.go
View File

@ -1,78 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
State int32 `json:"-"`
Name string `json:"name,omitempty"`
Type int32 `json:"idpType,omitempty"`
StylingType int32 `json:"stylingType,omitempty"`
OIDCIDPConfig *OIDCIDPConfig `json:"-"`
}
type IDPConfigID struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
}
func GetIDPConfig(idps []*IDPConfig, id string) (int, *IDPConfig) {
for i, idp := range idps {
if idp.IDPConfigID == id {
return i, idp
}
}
return -1, nil
}
func (c *IDPConfig) Changes(changed *IDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if changed.Name != "" && c.Name != changed.Name {
changes["name"] = changed.Name
}
if c.StylingType != changed.StylingType {
changes["stylingType"] = changed.StylingType
}
return changes
}
func IDPConfigsToModel(idps []*IDPConfig) []*model.IDPConfig {
convertedIDPConfigs := make([]*model.IDPConfig, len(idps))
for i, idp := range idps {
convertedIDPConfigs[i] = IDPConfigToModel(idp)
}
return convertedIDPConfigs
}
func IDPConfigToModel(idp *IDPConfig) *model.IDPConfig {
converted := &model.IDPConfig{
ObjectRoot: idp.ObjectRoot,
IDPConfigID: idp.IDPConfigID,
Name: idp.Name,
StylingType: model.IDPStylingType(idp.StylingType),
State: model.IDPConfigState(idp.State),
Type: model.IdpConfigType(idp.Type),
}
if idp.OIDCIDPConfig != nil {
converted.OIDCConfig = OIDCIDPConfigToModel(idp.OIDCIDPConfig)
}
return converted
}
func (c *IDPConfig) SetData(event *es_models.Event) error {
c.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, c); err != nil {
logging.Log("EVEN-Msj9w").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

49
internal/iam/repository/eventsourcing/model/idp_config_test.go
View File

@ -1,49 +0,0 @@
package model
import (
"testing"
)
func TestIdpConfigChanges(t *testing.T) {
type args struct {
existing *IDPConfig
new *IDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "idp config name changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "NameChanged"},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}

55
internal/iam/repository/eventsourcing/model/label_policy.go
View File

@ -1,55 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type LabelPolicy struct {
es_models.ObjectRoot
State int32 `json:"-"`
PrimaryColor string `json:"primaryColor"`
BackgroundColor string `json:"backgroundColor"`
FontColor string `json:"fontColor"`
WarnColor string `json:"warnColor"`
PrimaryColorDark string `json:"primaryColorDark"`
BackgroundColorDark string `json:"backgroundColorDark"`
FontColorDark string `json:"fontColorDark"`
WarnColorDark string `json:"warnColorDark"`
HideLoginNameSuffix bool `json:"hideLoginNameSuffix"`
}
func LabelPolicyToModel(policy *LabelPolicy) *iam_model.LabelPolicy {
return &iam_model.LabelPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
PrimaryColor: policy.PrimaryColor,
BackgroundColor: policy.BackgroundColor,
WarnColor: policy.WarnColor,
FontColor: policy.FontColor,
PrimaryColorDark: policy.PrimaryColorDark,
BackgroundColorDark: policy.BackgroundColorDark,
WarnColorDark: policy.WarnColorDark,
FontColorDark: policy.FontColorDark,
HideLoginNameSuffix: policy.HideLoginNameSuffix,
}
}
func (p *LabelPolicy) SetDataLabel(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "MODEL-Gdgwq", "unable to unmarshal data")
}
return nil
}
func (p *IDPProvider) SetDataLabel(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "MODEL-c41Hn", "unable to unmarshal data")
}
return nil
}

46
internal/iam/repository/eventsourcing/model/lockout_policy.go
View File

@ -1,46 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type LockoutPolicy struct {
es_models.ObjectRoot
State int32 `json:"-"`
MaxPasswordAttempts uint64 `json:"maxPasswordAttempts"`
ShowLockOutFailures bool `json:"showLockOutFailures"`
}
func LockoutPolicyToModel(policy *LockoutPolicy) *iam_model.LockoutPolicy {
return &iam_model.LockoutPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MaxPasswordAttempts: policy.MaxPasswordAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func (p *LockoutPolicy) Changes(changed *LockoutPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if p.MaxPasswordAttempts != changed.MaxPasswordAttempts {
changes["maxAttempts"] = changed.MaxPasswordAttempts
}
if p.ShowLockOutFailures != changed.ShowLockOutFailures {
changes["showLockOutFailures"] = changed.ShowLockOutFailures
}
return changes
}
func (p *LockoutPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

49
internal/iam/repository/eventsourcing/model/lockout_policy_test.go
View File

@ -1,49 +0,0 @@
package model
import (
"testing"
)
func TestPasswordLockoutPolicyChanges(t *testing.T) {
type args struct {
existing *LockoutPolicy
new *LockoutPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "lockout policy all attributes change",
args: args{
existing: &LockoutPolicy{MaxPasswordAttempts: 365, ShowLockOutFailures: true},
new: &LockoutPolicy{MaxPasswordAttempts: 730, ShowLockOutFailures: false},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
new: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}

149
internal/iam/repository/eventsourcing/model/login_policy.go
View File

@ -1,149 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type LoginPolicy struct {
es_models.ObjectRoot
State int32 `json:"-"`
AllowUsernamePassword bool `json:"allowUsernamePassword"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIdp bool `json:"allowExternalIdp"`
ForceMFA bool `json:"forceMFA"`
PasswordlessType int32 `json:"passwordlessType"`
IDPProviders []*IDPProvider `json:"-"`
SecondFactors []int32 `json:"-"`
MultiFactors []int32 `json:"-"`
}
type IDPProvider struct {
es_models.ObjectRoot
Type int32 `json:"idpProviderType"`
IDPConfigID string `json:"idpConfigId"`
}
type IDPProviderID struct {
IDPConfigID string `json:"idpConfigId"`
}
type MFA struct {
MFAType int32 `json:"mfaType"`
}
func GetIDPProvider(providers []*IDPProvider, id string) (int, *IDPProvider) {
for i, p := range providers {
if p.IDPConfigID == id {
return i, p
}
}
return -1, nil
}
func GetMFA(mfas []int32, mfaType int32) (int, int32) {
for i, m := range mfas {
if m == mfaType {
return i, m
}
}
return -1, 0
}
func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
idps := IDPProvidersToModel(policy.IDPProviders)
secondFactors := SecondFactorsToModel(policy.SecondFactors)
multiFactors := MultiFactorsToModel(policy.MultiFactors)
return &iam_model.LoginPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIdp,
IDPProviders: idps,
ForceMFA: policy.ForceMFA,
SecondFactors: secondFactors,
MultiFactors: multiFactors,
PasswordlessType: iam_model.PasswordlessType(policy.PasswordlessType),
}
}
func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
convertedProviders := make([]*iam_model.IDPProvider, len(members))
for i, m := range members {
convertedProviders[i] = IDPProviderToModel(m)
}
return convertedProviders
}
func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: iam_model.IDPProviderType(provider.Type),
IDPConfigID: provider.IDPConfigID,
}
}
func SecondFactorsToModel(mfas []int32) []domain.SecondFactorType {
convertedMFAs := make([]domain.SecondFactorType, len(mfas))
for i, mfa := range mfas {
convertedMFAs[i] = domain.SecondFactorType(mfa)
}
return convertedMFAs
}
func MultiFactorsToModel(mfas []int32) []domain.MultiFactorType {
convertedMFAs := make([]domain.MultiFactorType, len(mfas))
for i, mfa := range mfas {
convertedMFAs[i] = domain.MultiFactorType(mfa)
}
return convertedMFAs
}
func (p *LoginPolicy) Changes(changed *LoginPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if changed.AllowUsernamePassword != p.AllowUsernamePassword {
changes["allowUsernamePassword"] = changed.AllowUsernamePassword
}
if changed.AllowRegister != p.AllowRegister {
changes["allowRegister"] = changed.AllowRegister
}
if changed.AllowExternalIdp != p.AllowExternalIdp {
changes["allowExternalIdp"] = changed.AllowExternalIdp
}
if changed.ForceMFA != p.ForceMFA {
changes["forceMFA"] = changed.ForceMFA
}
if changed.PasswordlessType != p.PasswordlessType {
changes["passwordlessType"] = changed.PasswordlessType
}
return changes
}
func (p *LoginPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}
func (p *IDPProvider) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-ldos9", "unable to unmarshal data")
}
return nil
}
func (m *MFA) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, m)
if err != nil {
return errors.ThrowInternal(err, "EVENT-4G9os", "unable to unmarshal data")
}
return nil
}

41
internal/iam/repository/eventsourcing/model/mail_template.go
View File

@ -1,41 +0,0 @@
package model
import (
b64 "encoding/base64"
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type MailTemplate struct {
es_models.ObjectRoot
State int32 `json:"-"`
Template []byte
}
func MailTemplateToModel(template *MailTemplate) *iam_model.MailTemplate {
return &iam_model.MailTemplate{
ObjectRoot: template.ObjectRoot,
State: iam_model.PolicyState(template.State),
Template: template.Template,
}
}
func (p *MailTemplate) Changes(changed *MailTemplate) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if b64.StdEncoding.EncodeToString(changed.Template) != b64.StdEncoding.EncodeToString(p.Template) {
changes["template"] = b64.StdEncoding.EncodeToString(changed.Template)
}
return changes
}
func (p *MailTemplate) SetDataLabel(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "MODEL-ikjhf", "unable to unmarshal data")
}
return nil
}

49
internal/iam/repository/eventsourcing/model/mail_template_test.go
View File

@ -1,49 +0,0 @@
package model
import (
"testing"
)
func TestMailTemplateChanges(t *testing.T) {
type args struct {
existing *MailTemplate
new *MailTemplate
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "mailtemplate all attributes change",
args: args{
existing: &MailTemplate{Template: []byte("<doctype html>")},
new: &MailTemplate{Template: []byte("<!doctype html>")},
},
res: res{
changesLen: 1,
},
},
{
name: "no changes",
args: args{
existing: &MailTemplate{Template: []byte("<!doctype html>")},
new: &MailTemplate{Template: []byte("<!doctype html>")},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}

119
internal/iam/repository/eventsourcing/model/mail_text.go
View File

@ -1,119 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type MailText struct {
es_models.ObjectRoot
State int32 `json:"-"`
MailTextType string
Language string
Title string
PreHeader string
Subject string
Greeting string
Text string
ButtonText string
}
func GetMailText(mailTexts []*MailText, mailTextType string, language string) (int, *MailText) {
for i, m := range mailTexts {
if m.MailTextType == mailTextType && m.Language == language {
return i, m
}
}
return -1, nil
}
func MailTextsToModel(mailTexts []*MailText) []*iam_model.MailText {
convertedMailTexts := make([]*iam_model.MailText, len(mailTexts))
for i, m := range mailTexts {
convertedMailTexts[i] = MailTextToModel(m)
}
return convertedMailTexts
}
func MailTextToModel(mailText *MailText) *iam_model.MailText {
return &iam_model.MailText{
ObjectRoot: mailText.ObjectRoot,
State: iam_model.PolicyState(mailText.State),
MailTextType: mailText.MailTextType,
Language: mailText.Language,
Title: mailText.Title,
PreHeader: mailText.PreHeader,
Subject: mailText.Subject,
Greeting: mailText.Greeting,
Text: mailText.Text,
ButtonText: mailText.ButtonText,
}
}
func MailTextsFromModel(mailTexts []*iam_model.MailText) []*MailText {
convertedMailTexts := make([]*MailText, len(mailTexts))
for i, m := range mailTexts {
convertedMailTexts[i] = MailTextFromModel(m)
}
return convertedMailTexts
}
func MailTextFromModel(mailText *iam_model.MailText) *MailText {
return &MailText{
ObjectRoot: mailText.ObjectRoot,
State: int32(mailText.State),
MailTextType: mailText.MailTextType,
Language: mailText.Language,
Title: mailText.Title,
PreHeader: mailText.PreHeader,
Subject: mailText.Subject,
Greeting: mailText.Greeting,
Text: mailText.Text,
ButtonText: mailText.ButtonText,
}
}
func (p *MailText) Changes(changed *MailText) map[string]interface{} {
changes := make(map[string]interface{}, 8)
changes["mailTextType"] = changed.MailTextType
changes["language"] = changed.Language
if changed.Title != p.Title {
changes["title"] = changed.Title
}
if changed.PreHeader != p.PreHeader {
changes["preHeader"] = changed.PreHeader
}
if changed.Subject != p.Subject {
changes["subject"] = changed.Subject
}
if changed.Greeting != p.Greeting {
changes["greeting"] = changed.Greeting
}
if changed.Text != p.Text {
changes["text"] = changed.Text
}
if changed.ButtonText != p.ButtonText {
changes["buttonText"] = changed.ButtonText
}
return changes
}
func (p *MailText) SetDataLabel(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "MODEL-3FUV5", "unable to unmarshal data")
}
return nil
}

69
internal/iam/repository/eventsourcing/model/oidc_idp_config.go
View File

@ -1,69 +0,0 @@
package model
import (
"encoding/json"
"reflect"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/lib/pq"
)
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
ClientID string `json:"clientId"`
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
Issuer string `json:"issuer,omitempty"`
Scopes pq.StringArray `json:"scopes,omitempty"`
IDPDisplayNameMapping int32 `json:"idpDisplayNameMapping,omitempty"`
UsernameMapping int32 `json:"usernameMapping,omitempty"`
}
func (c *OIDCIDPConfig) Changes(changed *OIDCIDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if c.ClientID != changed.ClientID {
changes["clientId"] = changed.ClientID
}
if changed.ClientSecret != nil && c.ClientSecret != changed.ClientSecret {
changes["clientSecret"] = changed.ClientSecret
}
if c.Issuer != changed.Issuer {
changes["issuer"] = changed.Issuer
}
if !reflect.DeepEqual(c.Scopes, changed.Scopes) {
changes["scopes"] = changed.Scopes
}
if c.IDPDisplayNameMapping != changed.IDPDisplayNameMapping {
changes["idpDisplayNameMapping"] = changed.IDPDisplayNameMapping
}
if c.UsernameMapping != changed.UsernameMapping {
changes["usernameMapping"] = changed.UsernameMapping
}
return changes
}
func OIDCIDPConfigToModel(config *OIDCIDPConfig) *model.OIDCIDPConfig {
return &model.OIDCIDPConfig{
ObjectRoot: config.ObjectRoot,
IDPConfigID: config.IDPConfigID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
Issuer: config.Issuer,
Scopes: config.Scopes,
IDPDisplayNameMapping: model.OIDCMappingField(config.IDPDisplayNameMapping),
UsernameMapping: model.OIDCMappingField(config.UsernameMapping),
}
}
func (o *OIDCIDPConfig) SetData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil {
logging.Log("EVEN-Msh8s").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

73
internal/iam/repository/eventsourcing/model/oidc_idp_config_test.go
View File

@ -1,73 +0,0 @@
package model
import (
"testing"
"github.com/caos/zitadel/internal/crypto"
)
func TestOIDCIdpConfigChanges(t *testing.T) {
type args struct {
existing *OIDCIDPConfig
new *OIDCIDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "all possible values change",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID"},
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID2",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID2"},
Issuer: "Issuer2",
Scopes: []string{"scope1", "scope2"},
},
},
res: res{
changesLen: 5,
},
},
{
name: "no changes",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}

46
internal/iam/repository/eventsourcing/model/password_age_policy.go
View File

@ -1,46 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type PasswordAgePolicy struct {
es_models.ObjectRoot
State int32 `json:"-"`
MaxAgeDays uint64 `json:"maxAgeDays"`
ExpireWarnDays uint64 `json:"expireWarnDays"`
}
func PasswordAgePolicyToModel(policy *PasswordAgePolicy) *iam_model.PasswordAgePolicy {
return &iam_model.PasswordAgePolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func (p *PasswordAgePolicy) Changes(changed *PasswordAgePolicy) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if p.MaxAgeDays != changed.MaxAgeDays {
changes["maxAgeDays"] = changed.MaxAgeDays
}
if p.ExpireWarnDays != changed.ExpireWarnDays {
changes["expireWarnDays"] = changed.ExpireWarnDays
}
return changes
}
func (p *PasswordAgePolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

49
internal/iam/repository/eventsourcing/model/password_age_policy_test.go
View File

@ -1,49 +0,0 @@
package model
import (
"testing"
)
func TestPasswordAgePolicyChanges(t *testing.T) {
type args struct {
existing *PasswordAgePolicy
new *PasswordAgePolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "age policy all attributes change",
args: args{
existing: &PasswordAgePolicy{MaxAgeDays: 365, ExpireWarnDays: 5},
new: &PasswordAgePolicy{MaxAgeDays: 730, ExpireWarnDays: 10},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
new: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}

40
internal/iam/repository/eventsourcing/model/password_complexity_policy.go
View File

@ -1,40 +0,0 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type PasswordComplexityPolicy struct {
es_models.ObjectRoot
State int32 `json:"-"`
MinLength uint64 `json:"minLength"`
HasLowercase bool `json:"hasLowercase"`
HasUppercase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func PasswordComplexityPolicyToModel(policy *PasswordComplexityPolicy) *iam_model.PasswordComplexityPolicy {
return &iam_model.PasswordComplexityPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func (p *PasswordComplexityPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

76
internal/iam/repository/eventsourcing/model/types.go
View File

@ -1,76 +0,0 @@
package model
import "github.com/caos/zitadel/internal/eventstore/v1/models"
const (
IAMAggregate models.AggregateType = "iam"
IAMSetupStarted models.EventType = "iam.setup.started"
IAMSetupDone models.EventType = "iam.setup.done"
GlobalOrgSet models.EventType = "iam.global.org.set"
IAMProjectSet models.EventType = "iam.project.iam.set"
IAMMemberAdded models.EventType = "iam.member.added"
IAMMemberChanged models.EventType = "iam.member.changed"
IAMMemberRemoved models.EventType = "iam.member.removed"
IAMMemberCascadeRemoved models.EventType = "iam.member.cascade.removed"
IDPConfigAdded models.EventType = "iam.idp.config.added"
IDPConfigChanged models.EventType = "iam.idp.config.changed"
IDPConfigRemoved models.EventType = "iam.idp.config.removed"
IDPConfigDeactivated models.EventType = "iam.idp.config.deactivated"
IDPConfigReactivated models.EventType = "iam.idp.config.reactivated"
OIDCIDPConfigAdded models.EventType = "iam.idp.oidc.config.added"
OIDCIDPConfigChanged models.EventType = "iam.idp.oidc.config.changed"
SAMLIDPConfigAdded models.EventType = "iam.idp.saml.config.added"
SAMLIDPConfigChanged models.EventType = "iam.idp.saml.config.changed"
LoginPolicyAdded models.EventType = "iam.policy.login.added"
LoginPolicyChanged models.EventType = "iam.policy.login.changed"
LoginPolicyIDPProviderAdded models.EventType = "iam.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "iam.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
LoginPolicySecondFactorAdded models.EventType = "iam.policy.login.secondfactor.added"
LoginPolicySecondFactorRemoved models.EventType = "iam.policy.login.secondfactor.removed"
LoginPolicyMultiFactorAdded models.EventType = "iam.policy.login.multifactor.added"
LoginPolicyMultiFactorRemoved models.EventType = "iam.policy.login.multifactor.removed"
LabelPolicyAdded models.EventType = "iam.policy.label.added"
LabelPolicyChanged models.EventType = "iam.policy.label.changed"
LabelPolicyActivated models.EventType = "iam.policy.label.activated"
LabelPolicyLogoAdded models.EventType = "iam.policy.label.logo.added"
LabelPolicyLogoRemoved models.EventType = "iam.policy.label.logo.removed"
LabelPolicyIconAdded models.EventType = "iam.policy.label.icon.added"
LabelPolicyIconRemoved models.EventType = "iam.policy.label.icon.removed"
LabelPolicyLogoDarkAdded models.EventType = "iam.policy.label.logo.dark.added"
LabelPolicyLogoDarkRemoved models.EventType = "iam.policy.label.logo.dark.removed"
LabelPolicyIconDarkAdded models.EventType = "iam.policy.label.icon.dark.added"
LabelPolicyIconDarkRemoved models.EventType = "iam.policy.label.icon.dark.removed"
LabelPolicyFontAdded models.EventType = "iam.policy.label.font.added"
LabelPolicyFontRemoved models.EventType = "iam.policy.label.font.removed"
LabelPolicyAssetsRemoved models.EventType = "iam.policy.label.assets.removed"
MailTemplateAdded models.EventType = "iam.mail.template.added"
MailTemplateChanged models.EventType = "iam.mail.template.changed"
CustomTextSet models.EventType = "iam.customtext.set"
CustomTextRemoved models.EventType = "iam.customtext.removed"
CustomTextMessageRemoved models.EventType = "iam.customtext.template.removed"
PasswordComplexityPolicyAdded models.EventType = "iam.policy.password.complexity.added"
PasswordComplexityPolicyChanged models.EventType = "iam.policy.password.complexity.changed"
PasswordAgePolicyAdded models.EventType = "iam.policy.password.age.added"
PasswordAgePolicyChanged models.EventType = "iam.policy.password.age.changed"
LockoutPolicyAdded models.EventType = "iam.policy.lockout.added"
LockoutPolicyChanged models.EventType = "iam.policy.lockout.changed"
PrivacyPolicyAdded models.EventType = "iam.policy.privacy.added"
PrivacyPolicyChanged models.EventType = "iam.policy.privacy.changed"
OrgIAMPolicyAdded models.EventType = "iam.policy.org.iam.added"
OrgIAMPolicyChanged models.EventType = "iam.policy.org.iam.changed"
)

897
internal/iam/repository/view/model/custom_text.go
View File

@ -1,897 +0,0 @@
package model
import (
"encoding/json"
"strings"
"time"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
)
const (
CustomTextKeyAggregateID = "aggregate_id"
CustomTextKeyTemplate = "template"
CustomTextKeyLanguage = "language"
CustomTextKeyKey = "key"
)
type CustomTextView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
Template string `json:"template" gorm:"column:template;primary_key"`
Language string `json:"language" gorm:"column:language;primary_key"`
Key string `json:"key" gorm:"column:key;primary_key"`
Text string `json:"text" gorm:"column:text"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func (i *CustomTextView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
switch event.Type {
case es_model.CustomTextSet, org_es_model.CustomTextSet:
i.setRootData(event)
err = i.SetData(event)
if err != nil {
return err
}
i.ChangeDate = event.CreationDate
}
return err
}
func (r *CustomTextView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *CustomTextView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("MODEL-3n9fs").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-5CVaR", "Could not unmarshal data")
}
return nil
}
func (r *CustomTextView) IsMessageTemplate() bool {
return r.Template == domain.InitCodeMessageType ||
r.Template == domain.PasswordResetMessageType ||
r.Template == domain.VerifyEmailMessageType ||
r.Template == domain.VerifyPhoneMessageType ||
r.Template == domain.DomainClaimedMessageType ||
r.Template == domain.PasswordlessRegistrationMessageType
}
func CustomTextViewsToLoginDomain(aggregateID, lang string, texts []*CustomTextView) *domain.CustomLoginText {
langTag := language.Make(lang)
result := &domain.CustomLoginText{
ObjectRoot: models.ObjectRoot{
AggregateID: aggregateID,
},
Language: langTag,
}
for _, text := range texts {
if text.CreationDate.Before(result.CreationDate) {
result.CreationDate = text.CreationDate
}
if text.ChangeDate.After(result.ChangeDate) {
result.ChangeDate = text.ChangeDate
}
if strings.HasPrefix(text.Key, domain.LoginKeySelectAccount) {
selectAccountKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyLogin) {
loginKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPassword) {
passwordKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyUsernameChange) {
usernameChangeKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyUsernameChangeDone) {
usernameChangeDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitPassword) {
initPasswordKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitPasswordDone) {
initPasswordDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyEmailVerification) {
emailVerificationKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyEmailVerificationDone) {
emailVerificationDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitializeUser) {
initializeUserKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitUserDone) {
initializeUserDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAPrompt) {
initMFAPromptKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAOTP) {
initMFAOTPKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAU2F) {
initMFAU2FKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyInitMFADone) {
initMFADoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyMFAProviders) {
mfaProvidersKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyVerifyMFAOTP) {
verifyMFAOTPKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyVerifyMFAU2F) {
verifyMFAU2FKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordless) {
passwordlessKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessPrompt) {
passwordlessPromptKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessRegistration) {
passwordlessRegistrationKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessRegistrationDone) {
passwordlessRegistrationDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordChange) {
passwordChangeKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordChangeDone) {
passwordChangeDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyPasswordResetDone) {
passwordResetDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationOption) {
registrationOptionKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationUser) {
registrationUserKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationOrg) {
registrationOrgKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyLinkingUserDone) {
linkingUserKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyExternalNotFound) {
externalUserNotFoundKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeySuccessLogin) {
successLoginKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyLogoutDone) {
logoutDoneKeyToDomain(text, result)
}
if strings.HasPrefix(text.Key, domain.LoginKeyFooter) {
footerKeyToDomain(text, result)
}
}
return result
}
func selectAccountKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeySelectAccountTitle {
result.SelectAccount.Title = text.Text
}
if text.Key == domain.LoginKeySelectAccountDescription {
result.SelectAccount.Description = text.Text
}
if text.Key == domain.LoginKeySelectAccountTitleLinkingProcess {
result.SelectAccount.TitleLinking = text.Text
}
if text.Key == domain.LoginKeySelectAccountDescriptionLinkingProcess {
result.SelectAccount.DescriptionLinking = text.Text
}
if text.Key == domain.LoginKeySelectAccountOtherUser {
result.SelectAccount.OtherUser = text.Text
}
if text.Key == domain.LoginKeySelectAccountSessionStateActive {
result.SelectAccount.SessionState0 = text.Text
}
if text.Key == domain.LoginKeySelectAccountSessionStateInactive {
result.SelectAccount.SessionState1 = text.Text
}
if text.Key == domain.LoginKeySelectAccountUserMustBeMemberOfOrg {
result.SelectAccount.MustBeMemberOfOrg = text.Text
}
}
func loginKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyLoginTitle {
result.Login.Title = text.Text
}
if text.Key == domain.LoginKeyLoginDescription {
result.Login.Description = text.Text
}
if text.Key == domain.LoginKeyLoginTitleLinkingProcess {
result.Login.TitleLinking = text.Text
}
if text.Key == domain.LoginKeyLoginDescriptionLinkingProcess {
result.Login.DescriptionLinking = text.Text
}
if text.Key == domain.LoginKeyLoginNameLabel {
result.Login.LoginNameLabel = text.Text
}
if text.Key == domain.LoginKeyLoginUsernamePlaceHolder {
result.Login.UsernamePlaceholder = text.Text
}
if text.Key == domain.LoginKeyLoginLoginnamePlaceHolder {
result.Login.LoginnamePlaceholder = text.Text
}
if text.Key == domain.LoginKeyLoginExternalUserDescription {
result.Login.ExternalUserDescription = text.Text
}
if text.Key == domain.LoginKeyLoginUserMustBeMemberOfOrg {
result.Login.MustBeMemberOfOrg = text.Text
}
if text.Key == domain.LoginKeyLoginRegisterButtonText {
result.Login.RegisterButtonText = text.Text
}
if text.Key == domain.LoginKeyLoginNextButtonText {
result.Login.NextButtonText = text.Text
}
}
func passwordKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordTitle {
result.Password.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordDescription {
result.Password.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordLabel {
result.Password.PasswordLabel = text.Text
}
if text.Key == domain.LoginKeyPasswordResetLinkText {
result.Password.ResetLinkText = text.Text
}
if text.Key == domain.LoginKeyPasswordBackButtonText {
result.Password.BackButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordNextButtonText {
result.Password.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordMinLength {
result.Password.MinLength = text.Text
}
if text.Key == domain.LoginKeyPasswordHasUppercase {
result.Password.HasUppercase = text.Text
}
if text.Key == domain.LoginKeyPasswordHasLowercase {
result.Password.HasLowercase = text.Text
}
if text.Key == domain.LoginKeyPasswordHasNumber {
result.Password.HasNumber = text.Text
}
if text.Key == domain.LoginKeyPasswordHasSymbol {
result.Password.HasSymbol = text.Text
}
if text.Key == domain.LoginKeyPasswordConfirmation {
result.Password.Confirmation = text.Text
}
}
func usernameChangeKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyUsernameChangeTitle {
result.UsernameChange.Title = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeDescription {
result.UsernameChange.Description = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeUsernameLabel {
result.UsernameChange.UsernameLabel = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeCancelButtonText {
result.UsernameChange.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeNextButtonText {
result.UsernameChange.NextButtonText = text.Text
}
}
func usernameChangeDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyUsernameChangeDoneTitle {
result.UsernameChangeDone.Title = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeDoneDescription {
result.UsernameChangeDone.Description = text.Text
}
if text.Key == domain.LoginKeyUsernameChangeDoneNextButtonText {
result.UsernameChangeDone.NextButtonText = text.Text
}
}
func initPasswordKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitPasswordTitle {
result.InitPassword.Title = text.Text
}
if text.Key == domain.LoginKeyInitPasswordDescription {
result.InitPassword.Description = text.Text
}
if text.Key == domain.LoginKeyInitPasswordCodeLabel {
result.InitPassword.CodeLabel = text.Text
}
if text.Key == domain.LoginKeyInitPasswordNewPasswordLabel {
result.InitPassword.NewPasswordLabel = text.Text
}
if text.Key == domain.LoginKeyInitPasswordNewPasswordConfirmLabel {
result.InitPassword.NewPasswordConfirmLabel = text.Text
}
if text.Key == domain.LoginKeyInitPasswordNextButtonText {
result.InitPassword.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyInitPasswordResendButtonText {
result.InitPassword.ResendButtonText = text.Text
}
}
func initPasswordDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitPasswordDoneTitle {
result.InitPasswordDone.Title = text.Text
}
if text.Key == domain.LoginKeyInitPasswordDoneDescription {
result.InitPasswordDone.Description = text.Text
}
if text.Key == domain.LoginKeyInitPasswordDoneNextButtonText {
result.InitPasswordDone.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyInitPasswordDoneCancelButtonText {
result.InitPasswordDone.CancelButtonText = text.Text
}
}
func emailVerificationKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyEmailVerificationTitle {
result.EmailVerification.Title = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationDescription {
result.EmailVerification.Description = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationCodeLabel {
result.EmailVerification.CodeLabel = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationNextButtonText {
result.EmailVerification.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationResendButtonText {
result.EmailVerification.ResendButtonText = text.Text
}
}
func emailVerificationDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyEmailVerificationDoneTitle {
result.EmailVerificationDone.Title = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationDoneDescription {
result.EmailVerificationDone.Description = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationDoneNextButtonText {
result.EmailVerificationDone.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationDoneCancelButtonText {
result.EmailVerificationDone.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyEmailVerificationDoneLoginButtonText {
result.EmailVerificationDone.LoginButtonText = text.Text
}
}
func initializeUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitializeUserTitle {
result.InitUser.Title = text.Text
}
if text.Key == domain.LoginKeyInitializeUserDescription {
result.InitUser.Description = text.Text
}
if text.Key == domain.LoginKeyInitializeUserCodeLabel {
result.InitUser.CodeLabel = text.Text
}
if text.Key == domain.LoginKeyInitializeUserNewPasswordLabel {
result.InitUser.NewPasswordLabel = text.Text
}
if text.Key == domain.LoginKeyInitializeUserNewPasswordConfirmLabel {
result.InitUser.NewPasswordConfirmLabel = text.Text
}
if text.Key == domain.LoginKeyInitializeUserResendButtonText {
result.InitUser.ResendButtonText = text.Text
}
if text.Key == domain.LoginKeyInitializeUserNextButtonText {
result.InitUser.NextButtonText = text.Text
}
}
func initializeUserDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitUserDoneTitle {
result.InitUserDone.Title = text.Text
}
if text.Key == domain.LoginKeyInitUserDoneDescription {
result.InitUserDone.Description = text.Text
}
if text.Key == domain.LoginKeyInitUserDoneCancelButtonText {
result.InitUserDone.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyInitUserDoneNextButtonText {
result.InitUserDone.NextButtonText = text.Text
}
}
func initMFAPromptKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitMFAPromptTitle {
result.InitMFAPrompt.Title = text.Text
}
if text.Key == domain.LoginKeyInitMFAPromptDescription {
result.InitMFAPrompt.Description = text.Text
}
if text.Key == domain.LoginKeyInitMFAPromptOTPOption {
result.InitMFAPrompt.Provider0 = text.Text
}
if text.Key == domain.LoginKeyInitMFAPromptU2FOption {
result.InitMFAPrompt.Provider1 = text.Text
}
if text.Key == domain.LoginKeyInitMFAPromptSkipButtonText {
result.InitMFAPrompt.SkipButtonText = text.Text
}
if text.Key == domain.LoginKeyInitMFAPromptNextButtonText {
result.InitMFAPrompt.NextButtonText = text.Text
}
}
func initMFAOTPKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitMFAOTPTitle {
result.InitMFAOTP.Title = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPDescription {
result.InitMFAOTP.Description = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPDescriptionOTP {
result.InitMFAOTP.OTPDescription = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPCodeLabel {
result.InitMFAOTP.CodeLabel = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPSecretLabel {
result.InitMFAOTP.SecretLabel = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPNextButtonText {
result.InitMFAOTP.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyInitMFAOTPCancelButtonText {
result.InitMFAOTP.CancelButtonText = text.Text
}
}
func initMFAU2FKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitMFAU2FTitle {
result.InitMFAU2F.Title = text.Text
}
if text.Key == domain.LoginKeyInitMFAU2FDescription {
result.InitMFAU2F.Description = text.Text
}
if text.Key == domain.LoginKeyInitMFAU2FTokenNameLabel {
result.InitMFAU2F.TokenNameLabel = text.Text
}
if text.Key == domain.LoginKeyInitMFAU2FRegisterTokenButtonText {
result.InitMFAU2F.RegisterTokenButtonText = text.Text
}
if text.Key == domain.LoginKeyInitMFAU2FNotSupported {
result.InitMFAU2F.NotSupported = text.Text
}
if text.Key == domain.LoginKeyInitMFAU2FErrorRetry {
result.InitMFAU2F.ErrorRetry = text.Text
}
}
func initMFADoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyInitMFADoneTitle {
result.InitMFADone.Title = text.Text
}
if text.Key == domain.LoginKeyInitMFADoneDescription {
result.InitMFADone.Description = text.Text
}
if text.Key == domain.LoginKeyInitMFADoneCancelButtonText {
result.InitMFADone.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyInitMFADoneNextButtonText {
result.InitMFADone.NextButtonText = text.Text
}
}
func mfaProvidersKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyMFAProvidersChooseOther {
result.MFAProvider.ChooseOther = text.Text
}
if text.Key == domain.LoginKeyMFAProvidersOTP {
result.MFAProvider.Provider0 = text.Text
}
if text.Key == domain.LoginKeyMFAProvidersU2F {
result.MFAProvider.Provider1 = text.Text
}
}
func verifyMFAOTPKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyVerifyMFAOTPTitle {
result.VerifyMFAOTP.Title = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAOTPDescription {
result.VerifyMFAOTP.Description = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAOTPCodeLabel {
result.VerifyMFAOTP.CodeLabel = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAOTPNextButtonText {
result.VerifyMFAOTP.NextButtonText = text.Text
}
}
func verifyMFAU2FKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyVerifyMFAU2FTitle {
result.VerifyMFAU2F.Title = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAU2FDescription {
result.VerifyMFAU2F.Description = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAU2FValidateTokenText {
result.VerifyMFAU2F.ValidateTokenButtonText = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAU2FNotSupported {
result.VerifyMFAU2F.NotSupported = text.Text
}
if text.Key == domain.LoginKeyVerifyMFAU2FErrorRetry {
result.VerifyMFAU2F.ErrorRetry = text.Text
}
}
func passwordlessKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordlessTitle {
result.Passwordless.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordlessDescription {
result.Passwordless.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordlessLoginWithPwButtonText {
result.Passwordless.LoginWithPwButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessValidateTokenButtonText {
result.Passwordless.ValidateTokenButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessNotSupported {
result.Passwordless.NotSupported = text.Text
}
if text.Key == domain.LoginKeyPasswordlessErrorRetry {
result.Passwordless.ErrorRetry = text.Text
}
}
func passwordlessPromptKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordlessPromptTitle {
result.PasswordlessPrompt.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordlessPromptDescription {
result.PasswordlessPrompt.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordlessPromptDescriptionInit {
result.PasswordlessPrompt.DescriptionInit = text.Text
}
if text.Key == domain.LoginKeyPasswordlessPromptPasswordlessButtonText {
result.PasswordlessPrompt.PasswordlessButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessPromptNextButtonText {
result.PasswordlessPrompt.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessPromptSkipButtonText {
result.PasswordlessPrompt.SkipButtonText = text.Text
}
}
func passwordlessRegistrationKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordlessRegistrationTitle {
result.PasswordlessRegistration.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationDescription {
result.PasswordlessRegistration.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationRegisterTokenButtonText {
result.PasswordlessRegistration.RegisterTokenButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationTokenNameLabel {
result.PasswordlessRegistration.TokenNameLabel = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationNotSupported {
result.PasswordlessRegistration.NotSupported = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationErrorRetry {
result.PasswordlessRegistration.ErrorRetry = text.Text
}
}
func passwordlessRegistrationDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordlessRegistrationDoneTitle {
result.PasswordlessRegistrationDone.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationDoneDescription {
result.PasswordlessRegistrationDone.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationDoneDescriptionClose {
result.PasswordlessRegistrationDone.DescriptionClose = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationDoneNextButtonText {
result.PasswordlessRegistrationDone.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordlessRegistrationDoneCancelButtonText {
result.PasswordlessRegistrationDone.CancelButtonText = text.Text
}
}
func passwordChangeKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordChangeTitle {
result.PasswordChange.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeDescription {
result.PasswordChange.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
result.PasswordChange.OldPasswordLabel = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeNewPasswordLabel {
result.PasswordChange.NewPasswordLabel = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeNewPasswordConfirmLabel {
result.PasswordChange.NewPasswordConfirmLabel = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeCancelButtonText {
result.PasswordChange.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeNextButtonText {
result.PasswordChange.NextButtonText = text.Text
}
}
func passwordChangeDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordChangeDoneTitle {
result.PasswordChangeDone.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeDoneDescription {
result.PasswordChangeDone.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeDoneNextButtonText {
result.PasswordChangeDone.NextButtonText = text.Text
}
}
func passwordResetDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyPasswordResetDoneTitle {
result.PasswordResetDone.Title = text.Text
}
if text.Key == domain.LoginKeyPasswordResetDoneDescription {
result.PasswordResetDone.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordResetDoneNextButtonText {
result.PasswordResetDone.NextButtonText = text.Text
}
}
func registrationOptionKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyRegistrationOptionTitle {
result.RegisterOption.Title = text.Text
}
if text.Key == domain.LoginKeyRegistrationOptionDescription {
result.RegisterOption.Description = text.Text
}
if text.Key == domain.LoginKeyRegistrationOptionExternalLoginDescription {
result.RegisterOption.ExternalLoginDescription = text.Text
}
if text.Key == domain.LoginKeyRegistrationOptionUserNameButtonText {
result.RegisterOption.RegisterUsernamePasswordButtonText = text.Text
}
}
func registrationUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyRegistrationUserTitle {
result.RegistrationUser.Title = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserDescription {
result.RegistrationUser.Description = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserDescriptionOrgRegister {
result.RegistrationUser.DescriptionOrgRegister = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserFirstnameLabel {
result.RegistrationUser.FirstnameLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserLastnameLabel {
result.RegistrationUser.LastnameLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserEmailLabel {
result.RegistrationUser.EmailLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserUsernameLabel {
result.RegistrationUser.UsernameLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserLanguageLabel {
result.RegistrationUser.LanguageLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserGenderLabel {
result.RegistrationUser.GenderLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserPasswordLabel {
result.RegistrationUser.PasswordLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserPasswordConfirmLabel {
result.RegistrationUser.PasswordConfirmLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserTOSAndPrivacyLabel {
result.RegistrationUser.TOSAndPrivacyLabel = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserTOSConfirm {
result.RegistrationUser.TOSConfirm = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserTOSLinkText {
result.RegistrationUser.TOSLinkText = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserTOSConfirmAnd {
result.RegistrationUser.TOSConfirmAnd = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserPrivacyLinkText {
result.RegistrationUser.PrivacyLinkText = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserNextButtonText {
result.RegistrationUser.NextButtonText = text.Text
}
if text.Key == domain.LoginKeyRegistrationUserBackButtonText {
result.RegistrationUser.BackButtonText = text.Text
}
}
func registrationOrgKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyRegisterOrgTitle {
result.RegistrationOrg.Title = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgDescription {
result.RegistrationOrg.Description = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgOrgNameLabel {
result.RegistrationOrg.OrgNameLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgFirstnameLabel {
result.RegistrationOrg.FirstnameLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgLastnameLabel {
result.RegistrationOrg.LastnameLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgUsernameLabel {
result.RegistrationOrg.UsernameLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgEmailLabel {
result.RegistrationOrg.EmailLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgPasswordLabel {
result.RegistrationOrg.PasswordLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgPasswordConfirmLabel {
result.RegistrationOrg.PasswordConfirmLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgTOSAndPrivacyLabel {
result.RegistrationOrg.TOSAndPrivacyLabel = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgTOSConfirm {
result.RegistrationOrg.TOSConfirm = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgTOSLinkText {
result.RegistrationOrg.TOSLinkText = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgTosConfirmAnd {
result.RegistrationOrg.TOSConfirmAnd = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgPrivacyLinkText {
result.RegistrationOrg.PrivacyLinkText = text.Text
}
if text.Key == domain.LoginKeyRegisterOrgSaveButtonText {
result.RegistrationOrg.SaveButtonText = text.Text
}
}
func linkingUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyLinkingUserDoneTitle {
result.LinkingUsersDone.Title = text.Text
}
if text.Key == domain.LoginKeyLinkingUserDoneDescription {
result.LinkingUsersDone.Description = text.Text
}
if text.Key == domain.LoginKeyLinkingUserDoneCancelButtonText {
result.LinkingUsersDone.CancelButtonText = text.Text
}
if text.Key == domain.LoginKeyLinkingUserDoneNextButtonText {
result.LinkingUsersDone.NextButtonText = text.Text
}
}
func externalUserNotFoundKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyExternalNotFoundTitle {
result.ExternalNotFoundOption.Title = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundDescription {
result.ExternalNotFoundOption.Description = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundLinkButtonText {
result.ExternalNotFoundOption.LinkButtonText = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundAutoRegisterButtonText {
result.ExternalNotFoundOption.AutoRegisterButtonText = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundTOSAndPrivacyLabel {
result.ExternalNotFoundOption.TOSAndPrivacyLabel = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundTOSConfirm {
result.ExternalNotFoundOption.TOSConfirm = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundTOSLinkText {
result.ExternalNotFoundOption.TOSLinkText = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundTOSConfirmAnd {
result.ExternalNotFoundOption.TOSConfirmAnd = text.Text
}
if text.Key == domain.LoginKeyExternalNotFoundPrivacyLinkText {
result.ExternalNotFoundOption.PrivacyLinkText = text.Text
}
}
func successLoginKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeySuccessLoginTitle {
result.LoginSuccess.Title = text.Text
}
if text.Key == domain.LoginKeySuccessLoginAutoRedirectDescription {
result.LoginSuccess.AutoRedirectDescription = text.Text
}
if text.Key == domain.LoginKeySuccessLoginRedirectedDescription {
result.LoginSuccess.RedirectedDescription = text.Text
}
if text.Key == domain.LoginKeySuccessLoginNextButtonText {
result.LoginSuccess.NextButtonText = text.Text
}
}
func logoutDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyLogoutDoneTitle {
result.LogoutDone.Title = text.Text
}
if text.Key == domain.LoginKeyLogoutDoneDescription {
result.LogoutDone.Description = text.Text
}
if text.Key == domain.LoginKeyLogoutDoneLoginButtonText {
result.LogoutDone.LoginButtonText = text.Text
}
}
func footerKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
if text.Key == domain.LoginKeyFooterTOS {
result.Footer.TOS = text.Text
}
if text.Key == domain.LoginKeyFooterPrivacyPolicy {
result.Footer.PrivacyPolicy = text.Text
}
if text.Key == domain.LoginKeyFooterHelp {
result.Footer.Help = text.Text
}
}

65
internal/iam/repository/view/model/custom_text_query.go
View File

@ -1,65 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/view/repository"
)
type CustomTextSearchRequest iam_model.CustomTextSearchRequest
type CustomTextSearchQuery iam_model.CustomTextSearchQuery
type CustomTextSearchKey iam_model.CustomTextSearchKey
func (req CustomTextSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req CustomTextSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req CustomTextSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.CustomTextSearchKeyUnspecified {
return nil
}
return CustomTextSearchKey(req.SortingColumn)
}
func (req CustomTextSearchRequest) GetAsc() bool {
return req.Asc
}
func (req CustomTextSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = CustomTextSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req CustomTextSearchQuery) GetKey() repository.ColumnKey {
return CustomTextSearchKey(req.Key)
}
func (req CustomTextSearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req CustomTextSearchQuery) GetValue() interface{} {
return req.Value
}
func (key CustomTextSearchKey) ToColumnName() string {
switch iam_model.CustomTextSearchKey(key) {
case iam_model.CustomTextSearchKeyAggregateID:
return CustomTextKeyAggregateID
case iam_model.CustomTextSearchKeyTemplate:
return CustomTextKeyTemplate
case iam_model.CustomTextSearchKeyLanguage:
return CustomTextKeyLanguage
case iam_model.CustomTextSearchKeyKey:
return CustomTextKeyKey
default:
return ""
}
}

95
internal/iam/repository/view/model/iam_member.go
View File

@ -1,95 +0,0 @@
package model
import (
"encoding/json"
"time"
"github.com/caos/logging"
"github.com/lib/pq"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
const (
IAMMemberKeyUserID = "user_id"
IAMMemberKeyIamID = "iam_id"
IAMMemberKeyUserName = "user_name"
IAMMemberKeyEmail = "email"
IAMMemberKeyFirstName = "first_name"
IAMMemberKeyLastName = "last_name"
)
type IAMMemberView struct {
UserID string `json:"userId" gorm:"column:user_id;primary_key"`
IAMID string `json:"-" gorm:"column:iam_id"`
UserName string `json:"-" gorm:"column:user_name"`
Email string `json:"-" gorm:"column:email_address"`
FirstName string `json:"-" gorm:"column:first_name"`
LastName string `json:"-" gorm:"column:last_name"`
DisplayName string `json:"-" gorm:"column:display_name"`
Roles pq.StringArray `json:"roles" gorm:"column:roles"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
PreferredLoginName string `json:"-" gorm:"column:preferred_login_name"`
AvatarKey string `json:"-" gorm:"column:avatar_key"`
UserResourceOwner string `json:"-" gorm:"column:user_resource_owner"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
}
func IAMMemberToModel(member *IAMMemberView, prefixAvatarURL string) *model.IAMMemberView {
return &model.IAMMemberView{
UserID: member.UserID,
IAMID: member.IAMID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
DisplayName: member.DisplayName,
PreferredLoginName: member.PreferredLoginName,
AvatarURL: domain.AvatarURL(prefixAvatarURL, member.UserResourceOwner, member.AvatarKey),
UserResourceOwner: member.UserResourceOwner,
Roles: member.Roles,
Sequence: member.Sequence,
CreationDate: member.CreationDate,
ChangeDate: member.ChangeDate,
}
}
func IAMMembersToModel(roles []*IAMMemberView, prefixAvatarURL string) []*model.IAMMemberView {
result := make([]*model.IAMMemberView, len(roles))
for i, r := range roles {
result[i] = IAMMemberToModel(r, prefixAvatarURL)
}
return result
}
func (r *IAMMemberView) AppendEvent(event *models.Event) (err error) {
r.Sequence = event.Sequence
r.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IAMMemberAdded:
r.setRootData(event)
r.CreationDate = event.CreationDate
err = r.SetData(event)
case es_model.IAMMemberChanged:
err = r.SetData(event)
}
return err
}
func (r *IAMMemberView) setRootData(event *models.Event) {
r.IAMID = event.AggregateID
}
func (r *IAMMemberView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil
}

69
internal/iam/repository/view/model/iam_member_query.go
View File

@ -1,69 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/view/repository"
)
type IAMMemberSearchRequest iam_model.IAMMemberSearchRequest
type IAMMemberSearchQuery iam_model.IAMMemberSearchQuery
type IAMMemberSearchKey iam_model.IAMMemberSearchKey
func (req IAMMemberSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IAMMemberSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IAMMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IAMMemberSearchKeyUnspecified {
return nil
}
return IAMMemberSearchKey(req.SortingColumn)
}
func (req IAMMemberSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IAMMemberSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IAMMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IAMMemberSearchQuery) GetKey() repository.ColumnKey {
return IAMMemberSearchKey(req.Key)
}
func (req IAMMemberSearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req IAMMemberSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IAMMemberSearchKey) ToColumnName() string {
switch iam_model.IAMMemberSearchKey(key) {
case iam_model.IAMMemberSearchKeyEmail:
return IAMMemberKeyEmail
case iam_model.IAMMemberSearchKeyFirstName:
return IAMMemberKeyFirstName
case iam_model.IAMMemberSearchKeyLastName:
return IAMMemberKeyLastName
case iam_model.IAMMemberSearchKeyUserName:
return IAMMemberKeyUserName
case iam_model.IAMMemberSearchKeyUserID:
return IAMMemberKeyUserID
case iam_model.IAMMemberSearchKeyIamID:
return IAMMemberKeyIamID
default:
return ""
}
}

32
internal/iam/repository/view/model/idp_config.go
View File

@ -5,12 +5,10 @@ import (
"time"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/lib/pq"
@ -87,34 +85,26 @@ func IDPConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
return view
}
func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
result := make([]*model.IDPConfigView, len(idps))
for i, idp := range idps {
result[i] = IDPConfigViewToModel(idp)
}
return result
}
func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IDPConfigAdded, org_es_model.IDPConfigAdded:
switch eventstore.EventType(event.Type) {
case instance.IDPConfigAddedEventType, org.IDPConfigAddedEventType:
i.setRootData(event)
i.CreationDate = event.CreationDate
i.IDPProviderType = int32(providerType)
err = i.SetData(event)
case es_model.OIDCIDPConfigAdded, org_es_model.OIDCIDPConfigAdded:
case instance.IDPOIDCConfigAddedEventType, org.IDPOIDCConfigAddedEventType:
i.IsOIDC = true
err = i.SetData(event)
case es_model.OIDCIDPConfigChanged, org_es_model.OIDCIDPConfigChanged,
es_model.IDPConfigChanged, org_es_model.IDPConfigChanged,
models.EventType(org.IDPJWTConfigAddedEventType), models.EventType(instance.IDPJWTConfigAddedEventType),
models.EventType(org.IDPJWTConfigChangedEventType), models.EventType(instance.IDPJWTConfigChangedEventType):
case instance.IDPOIDCConfigChangedEventType, org.IDPOIDCConfigChangedEventType,
instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType,
org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType,
org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType:
err = i.SetData(event)
case es_model.IDPConfigDeactivated, org_es_model.IDPConfigDeactivated:
case instance.IDPConfigDeactivatedEventType, org.IDPConfigDeactivatedEventType:
i.IDPState = int32(model.IDPConfigStateInactive)
case es_model.IDPConfigReactivated, org_es_model.IDPConfigReactivated:
case instance.IDPConfigReactivatedEventType, org.IDPConfigReactivatedEventType:
i.IDPState = int32(model.IDPConfigStateActive)
}
return err
@ -127,7 +117,7 @@ func (r *IDPConfigView) setRootData(event *models.Event) {
func (r *IDPConfigView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Smkld").WithError(err).Error("could not unmarshal event data")
logging.New().WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil

29
internal/iam/repository/view/model/idp_provider.go
View File

@ -4,15 +4,14 @@ import (
"encoding/json"
"time"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
)
const (
@ -38,21 +37,6 @@ type IDPProviderView struct {
InstanceID string `json:"instanceID" gorm:"column:instance_id"`
}
func IDPProviderViewFromModel(provider *model.IDPProviderView) *IDPProviderView {
return &IDPProviderView{
AggregateID: provider.AggregateID,
Sequence: provider.Sequence,
CreationDate: provider.CreationDate,
ChangeDate: provider.ChangeDate,
Name: provider.Name,
StylingType: int32(provider.StylingType),
IDPConfigID: provider.IDPConfigID,
IDPConfigType: int32(provider.IDPConfigType),
IDPProviderType: int32(provider.IDPProviderType),
IDPState: int32(provider.IDPState),
}
}
func IDPProviderViewToModel(provider *IDPProviderView) *model.IDPProviderView {
return &model.IDPProviderView{
AggregateID: provider.AggregateID,
@ -79,8 +63,9 @@ func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderV
func (i *IDPProviderView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
switch eventstore.EventType(event.Type) {
case instance.LoginPolicyIDPProviderAddedEventType,
org.LoginPolicyIDPProviderAddedEventType:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
@ -95,7 +80,7 @@ func (r *IDPProviderView) setRootData(event *models.Event) {
func (r *IDPProviderView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Lso0d").WithError(err).Error("could not unmarshal event data")
logging.New().WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil

84
internal/iam/repository/view/model/label_policy.go
View File

@ -4,16 +4,14 @@ import (
"encoding/json"
"time"
"github.com/caos/zitadel/internal/domain"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
)
const (
@ -84,101 +82,85 @@ func (p *LabelPolicyView) ToDomain() *domain.LabelPolicy {
}
}
func LabelPolicyViewToModel(policy *LabelPolicyView) *model.LabelPolicyView {
return &model.LabelPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
PrimaryColor: policy.PrimaryColor,
BackgroundColor: policy.BackgroundColor,
WarnColor: policy.WarnColor,
FontColor: policy.FontColor,
LogoURL: policy.LogoURL,
IconURL: policy.IconURL,
PrimaryColorDark: policy.PrimaryColorDark,
BackgroundColorDark: policy.BackgroundColorDark,
WarnColorDark: policy.WarnColorDark,
FontColorDark: policy.FontColorDark,
LogoDarkURL: policy.LogoDarkURL,
IconDarkURL: policy.IconDarkURL,
FontURL: policy.FontURL,
HideLoginNameSuffix: policy.HideLoginNameSuffix,
ErrorMsgPopup: policy.ErrorMsgPopup,
DisableWatermark: policy.DisableWatermark,
Default: policy.Default,
}
}
func (i *LabelPolicyView) AppendEvent(event *models.Event) (err error) {
asset := &AssetView{}
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LabelPolicyAdded, org_es_model.LabelPolicyAdded:
switch eventstore.EventType(event.Type) {
case instance.LabelPolicyAddedEventType,
org.LabelPolicyAddedEventType:
i.setRootData(event)
i.CreationDate = event.CreationDate
i.State = int32(domain.LabelPolicyStatePreview)
err = i.SetData(event)
case es_model.LabelPolicyChanged, org_es_model.LabelPolicyChanged:
case instance.LabelPolicyChangedEventType,
org.LabelPolicyChangedEventType:
err = i.SetData(event)
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyLogoAdded, org_es_model.LabelPolicyLogoAdded:
case instance.LabelPolicyLogoAddedEventType,
org.LabelPolicyLogoAddedEventType:
err = asset.SetData(event)
if err != nil {
return err
}
i.LogoURL = asset.AssetURL
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyLogoRemoved, org_es_model.LabelPolicyLogoRemoved:
case instance.LabelPolicyLogoRemovedEventType,
org.LabelPolicyLogoRemovedEventType:
i.LogoURL = ""
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyIconAdded, org_es_model.LabelPolicyIconAdded:
case instance.LabelPolicyIconAddedEventType,
org.LabelPolicyIconAddedEventType:
err = asset.SetData(event)
if err != nil {
return err
}
i.IconURL = asset.AssetURL
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyIconRemoved, org_es_model.LabelPolicyIconRemoved:
case instance.LabelPolicyIconRemovedEventType,
org.LabelPolicyIconRemovedEventType:
i.IconURL = ""
case es_model.LabelPolicyLogoDarkAdded, org_es_model.LabelPolicyLogoDarkAdded:
case instance.LabelPolicyLogoDarkAddedEventType,
org.LabelPolicyLogoDarkAddedEventType:
err = asset.SetData(event)
if err != nil {
return err
}
i.LogoDarkURL = asset.AssetURL
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyLogoDarkRemoved, org_es_model.LabelPolicyLogoDarkRemoved:
case instance.LabelPolicyLogoDarkRemovedEventType,
org.LabelPolicyLogoDarkRemovedEventType:
i.LogoDarkURL = ""
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyIconDarkAdded, org_es_model.LabelPolicyIconDarkAdded:
case instance.LabelPolicyIconDarkAddedEventType,
org.LabelPolicyIconDarkAddedEventType:
err = asset.SetData(event)
if err != nil {
return err
}
i.IconDarkURL = asset.AssetURL
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyIconDarkRemoved, org_es_model.LabelPolicyIconDarkRemoved:
case instance.LabelPolicyIconDarkRemovedEventType,
org.LabelPolicyIconDarkRemovedEventType:
i.IconDarkURL = ""
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyFontAdded, org_es_model.LabelPolicyFontAdded:
case instance.LabelPolicyFontAddedEventType,
org.LabelPolicyFontAddedEventType:
err = asset.SetData(event)
if err != nil {
return err
}
i.FontURL = asset.AssetURL
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyFontRemoved, org_es_model.LabelPolicyFontRemoved:
case instance.LabelPolicyFontRemovedEventType,
org.LabelPolicyFontRemovedEventType:
i.FontURL = ""
i.State = int32(domain.LabelPolicyStatePreview)
case es_model.LabelPolicyActivated, org_es_model.LabelPolicyActivated:
case instance.LabelPolicyActivatedEventType,
org.LabelPolicyActivatedEventType:
i.State = int32(domain.LabelPolicyStateActive)
case es_model.LabelPolicyAssetsRemoved, org_es_model.LabelPolicyAssetsRemoved:
case instance.LabelPolicyAssetsRemovedEventType,
org.LabelPolicyAssetsRemovedEventType:
i.LogoURL = ""
i.IconURL = ""
i.LogoDarkURL = ""

18
internal/iam/repository/view/model/password_complexity_policy.go
View File

@ -4,15 +4,15 @@ import (
"encoding/json"
"time"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/query"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/org"
)
const (
@ -53,12 +53,14 @@ func PasswordComplexityViewToModel(policy *query.PasswordComplexityPolicy) *mode
func (i *PasswordComplexityPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.PasswordComplexityPolicyAdded, org_es_model.PasswordComplexityPolicyAdded:
switch eventstore.EventType(event.Type) {
case instance.PasswordComplexityPolicyAddedEventType,
org.PasswordComplexityPolicyAddedEventType:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.PasswordComplexityPolicyChanged, org_es_model.PasswordComplexityPolicyChanged:
case instance.PasswordComplexityPolicyChangedEventType,
org.PasswordComplexityPolicyChangedEventType:
err = i.SetData(event)
}
return err

21
internal/iam/repository/view/query.go
View File

@ -1,21 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func IAMByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
if id == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4ng8sd", "id should be filled")
}
return IAMQuery(latestSequence).
AggregateIDFilter(id), nil
}
func IAMQuery(latestSequence uint64) *es_models.SearchQuery {
return es_models.NewSearchQuery().
AggregateTypeFilter(iam_es_model.IAMAggregate).
LatestSequenceFilter(latestSequence)
}

107
internal/key/model/authn_key.go
View File

@ -1,107 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
caos_errors "github.com/caos/zitadel/internal/errors"
"time"
"github.com/caos/zitadel/internal/eventstore/v1/models"
)
const (
yearLayout = "2006-01-02"
defaultExpirationDate = "9999-01-01"
)
type AuthNKeyView struct {
ID string
ObjectID string
ObjectType ObjectType
AuthIdentifier string
Type AuthNKeyType
Sequence uint64
CreationDate time.Time
ExpirationDate time.Time
PublicKey []byte
State AuthNKeyState
}
type AuthNKey struct {
models.ObjectRoot
KeyID string
ObjectType ObjectType
Type AuthNKeyType
ExpirationDate time.Time
PrivateKey []byte
}
type AuthNKeyType int32
const (
AuthNKeyTypeNONE = iota
AuthNKeyTypeJSON
)
type AuthNKeyState int32
const (
AuthNKeyStateActive AuthNKeyState = iota
AuthNKeyStateInactive
AuthNKeyStateRemoved
)
type AuthNKeySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn AuthNKeySearchKey
Asc bool
Queries []*AuthNKeySearchQuery
}
type AuthNKeySearchKey int32
const (
AuthNKeyKeyUnspecified AuthNKeySearchKey = iota
AuthNKeyKeyID
AuthNKeyObjectID
AuthNKeyObjectType
)
type ObjectType int32
const (
AuthNKeyObjectTypeUnspecified ObjectType = iota
AuthNKeyObjectTypeUser
AuthNKeyObjectTypeApplication
)
type AuthNKeySearchQuery struct {
Key AuthNKeySearchKey
Method domain.SearchMethod
Value interface{}
}
type AuthNKeySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*AuthNKeyView
Sequence uint64
Timestamp time.Time
}
func (r *AuthNKeySearchRequest) EnsureLimit(limit uint64) error {
if r.Limit > limit {
return caos_errors.ThrowInvalidArgument(nil, "SEARCH-f9ids", "Errors.Limit.ExceedsDefault")
}
if r.Limit == 0 {
r.Limit = limit
}
return nil
}
func DefaultExpiration() (time.Time, error) {
return time.Parse(yearLayout, defaultExpirationDate)
}

46
internal/key/model/key.go
View File

@ -1,46 +0,0 @@
package model
import (
"time"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
type KeyPair struct {
es_models.ObjectRoot
Usage KeyUsage
Algorithm string
PrivateKey *Key
PublicKey *Key
}
type KeyUsage int32
const (
KeyUsageSigning KeyUsage = iota
)
func (u KeyUsage) String() string {
switch u {
case KeyUsageSigning:
return "sig"
}
return ""
}
type Key struct {
Key *crypto.CryptoValue
Expiry time.Time
}
func (k *KeyPair) IsValid() bool {
return k.Algorithm != "" &&
k.PrivateKey != nil && k.PrivateKey.IsValid() &&
k.PublicKey != nil && k.PublicKey.IsValid()
}
func (k *Key) IsValid() bool {
return k.Key != nil
}

129
internal/key/model/key_view.go
View File

@ -1,129 +0,0 @@
package model
import (
"time"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
)
type KeyView struct {
ID string
Private bool
Expiry time.Time
Algorithm string
Usage KeyUsage
Key *crypto.CryptoValue
Sequence uint64
}
type SigningKey struct {
ID string
Algorithm string
Key interface{}
Sequence uint64
}
type PublicKey struct {
ID string
Algorithm string
Usage KeyUsage
Key interface{}
}
type KeySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn KeySearchKey
Asc bool
Queries []*KeySearchQuery
}
type KeySearchKey int32
const (
KeySearchKeyUnspecified KeySearchKey = iota
KeySearchKeyID
KeySearchKeyPrivate
KeySearchKeyExpiry
KeySearchKeyUsage
)
type KeySearchQuery struct {
Key KeySearchKey
Method domain.SearchMethod
Value interface{}
}
type KeySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*KeyView
}
func (r *KeySearchRequest) EnsureLimit(limit uint64) error {
if r.Limit > limit {
return errors.ThrowInvalidArgument(nil, "SEARCH-Mf9sd", "Errors.Limit.ExceedsDefault")
}
if r.Limit == 0 {
r.Limit = limit
}
return nil
}
func SigningKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*SigningKey, error) {
if key.Usage != KeyUsageSigning || !key.Private {
return nil, errors.ThrowInvalidArgument(nil, "MODEL-5HBdh", "key must be private signing key")
}
keyData, err := crypto.Decrypt(key.Key, alg)
if err != nil {
return nil, err
}
privateKey, err := crypto.BytesToPrivateKey(keyData)
if err != nil {
return nil, err
}
return &SigningKey{
ID: key.ID,
Algorithm: key.Algorithm,
Key: privateKey,
Sequence: key.Sequence,
}, nil
}
func PublicKeysFromKeyView(keys []*KeyView, alg crypto.EncryptionAlgorithm) ([]*PublicKey, error) {
convertedKeys := make([]*PublicKey, 0, len(keys))
for _, key := range keys {
converted, err := PublicKeyFromKeyView(key, alg)
if err != nil {
logging.Log("MODEL-adB3f").WithError(err).Debug("cannot convert to public key") //TODO: change log level to warning when keys can be revoked
continue
}
convertedKeys = append(convertedKeys, converted)
}
return convertedKeys, nil
}
func PublicKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*PublicKey, error) {
if key.Private {
return nil, errors.ThrowInvalidArgument(nil, "MODEL-dTZa2", "key must be public")
}
keyData, err := crypto.Decrypt(key.Key, alg)
if err != nil {
return nil, err
}
publicKey, err := crypto.BytesToPublicKey(keyData)
if err != nil {
return nil, err
}
return &PublicKey{
ID: key.ID,
Algorithm: key.Algorithm,
Usage: key.Usage,
Key: publicKey,
}, nil
}

12
internal/key/repository/eventsourcing/key.go
View File

@ -1,12 +0,0 @@
package eventsourcing
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
)
func KeyPairQuery(latestSequence uint64) *es_models.SearchQuery {
return es_models.NewSearchQuery().
AggregateTypeFilter(model.KeyPairAggregate).
LatestSequenceFilter(latestSequence)
}

90
internal/key/repository/eventsourcing/model/key.go
View File

@ -1,90 +0,0 @@
package model
import (
"encoding/json"
"time"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/key/model"
)
const (
KeyPairVersion = "v1"
)
type KeyPair struct {
es_models.ObjectRoot
Usage int32 `json:"usage"`
Algorithm string `json:"algorithm"`
PrivateKey *Key `json:"privateKey"`
PublicKey *Key `json:"publicKey"`
}
type Key struct {
Key *crypto.CryptoValue `json:"key"`
Expiry time.Time `json:"expiry"`
}
func KeyPairFromModel(pair *model.KeyPair) *KeyPair {
return &KeyPair{
ObjectRoot: pair.ObjectRoot,
Usage: int32(pair.Usage),
Algorithm: pair.Algorithm,
PrivateKey: KeyFromModel(pair.PrivateKey),
PublicKey: KeyFromModel(pair.PublicKey),
}
}
func KeyPairToModel(pair *KeyPair) *model.KeyPair {
return &model.KeyPair{
ObjectRoot: pair.ObjectRoot,
Usage: model.KeyUsage(pair.Usage),
Algorithm: pair.Algorithm,
PrivateKey: KeyToModel(pair.PrivateKey),
PublicKey: KeyToModel(pair.PublicKey),
}
}
func KeyFromModel(key *model.Key) *Key {
return &Key{
Key: key.Key,
Expiry: key.Expiry,
}
}
func KeyToModel(key *Key) *model.Key {
return &model.Key{
Key: key.Key,
Expiry: key.Expiry,
}
}
func (k *KeyPair) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := k.AppendEvent(event); err != nil {
return err
}
}
return nil
}
func (k *KeyPair) AppendEvent(event *es_models.Event) error {
k.ObjectRoot.AppendEvent(event)
switch event.Type {
case KeyPairAdded:
return k.AppendAddKeyPair(event)
}
return nil
}
func (k *KeyPair) AppendAddKeyPair(event *es_models.Event) error {
if err := json.Unmarshal(event.Data, k); err != nil {
logging.Log("EVEN-Je92s").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

9
internal/key/repository/eventsourcing/model/types.go
View File

@ -1,9 +0,0 @@
package model
import "github.com/caos/zitadel/internal/eventstore/v1/models"
const (
KeyPairAggregate models.AggregateType = "key_pair"
KeyPairAdded models.EventType = "key_pair.added"
)

77
internal/key/repository/view/authn_key_view.go
View File

@ -1,77 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/key/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func AuthNKeyByIDs(db *gorm.DB, table, objectID, keyID string) (*model.AuthNKeyView, error) {
key := new(model.AuthNKeyView)
query := repository.PrepareGetByQuery(table,
model.AuthNKeySearchQuery{Key: key_model.AuthNKeyObjectID, Method: domain.SearchMethodEquals, Value: objectID},
model.AuthNKeySearchQuery{Key: key_model.AuthNKeyKeyID, Method: domain.SearchMethodEquals, Value: keyID},
)
err := query(db, key)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-3Dk9s", "Errors.User.KeyNotFound")
}
return key, err
}
func SearchAuthNKeys(db *gorm.DB, table string, req *key_model.AuthNKeySearchRequest) ([]*model.AuthNKeyView, uint64, error) {
keys := make([]*model.AuthNKeyView, 0)
query := repository.PrepareSearchQuery(table, model.AuthNKeySearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &keys)
if err != nil {
return nil, 0, err
}
return keys, count, nil
}
func AuthNKeysByObjectID(db *gorm.DB, table string, objectID string) ([]*model.AuthNKeyView, error) {
keys := make([]*model.AuthNKeyView, 0)
queries := []*key_model.AuthNKeySearchQuery{
{
Key: key_model.AuthNKeyObjectID,
Value: objectID,
Method: domain.SearchMethodEquals,
},
}
query := repository.PrepareSearchQuery(table, model.AuthNKeySearchRequest{Queries: queries})
_, err := query(db, &keys)
if err != nil {
return nil, err
}
return keys, nil
}
func AuthNKeyByID(db *gorm.DB, table string, keyID string) (*model.AuthNKeyView, error) {
key := new(model.AuthNKeyView)
query := repository.PrepareGetByQuery(table,
model.AuthNKeySearchQuery{Key: key_model.AuthNKeyKeyID, Method: domain.SearchMethodEquals, Value: keyID},
)
err := query(db, key)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-BjN6x", "Errors.User.KeyNotFound")
}
return key, err
}
func PutAuthNKey(db *gorm.DB, table string, role *model.AuthNKeyView) error {
save := repository.PrepareSave(table)
return save(db, role)
}
func DeleteAuthNKey(db *gorm.DB, table, keyID string) error {
delete := repository.PrepareDeleteByKey(table, model.AuthNKeySearchKey(key_model.AuthNKeyKeyID), keyID)
return delete(db)
}
func DeleteAuthNKeysByObjectID(db *gorm.DB, table, objectID string) error {
delete := repository.PrepareDeleteByKey(table, model.AuthNKeySearchKey(key_model.AuthNKeyObjectID), objectID)
return delete(db)
}

83
internal/key/repository/view/key.go
View File

@ -1,83 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/domain"
"time"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/key/repository/view/model"
)
func KeyByIDAndType(db *gorm.DB, table, keyID string, private bool) (*model.KeyView, error) {
key := new(model.KeyView)
query := repository.PrepareGetByQuery(table,
model.KeySearchQuery{Key: key_model.KeySearchKeyID, Method: domain.SearchMethodEquals, Value: keyID},
model.KeySearchQuery{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: private},
)
err := query(db, key)
return key, err
}
func GetSigningKey(db *gorm.DB, table string, expiry time.Time) (*model.KeyView, error) {
if expiry.IsZero() {
expiry = time.Now().UTC()
}
keys := make([]*model.KeyView, 0)
query := repository.PrepareSearchQuery(table,
model.KeySearchRequest{
Queries: []*key_model.KeySearchQuery{
{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: true},
{Key: key_model.KeySearchKeyUsage, Method: domain.SearchMethodEquals, Value: key_model.KeyUsageSigning},
{Key: key_model.KeySearchKeyExpiry, Method: domain.SearchMethodGreaterThan, Value: time.Now().UTC()},
},
SortingColumn: key_model.KeySearchKeyExpiry,
Limit: 1,
},
)
_, err := query(db, &keys)
if err != nil {
return nil, err
}
if len(keys) != 1 {
return nil, caos_errs.ThrowNotFound(err, "VIEW-BGD41", "key not found")
}
return keys[0], nil
}
func GetActivePublicKeys(db *gorm.DB, table string) ([]*model.KeyView, error) {
keys := make([]*model.KeyView, 0)
query := repository.PrepareSearchQuery(table,
model.KeySearchRequest{
Queries: []*key_model.KeySearchQuery{
{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: false},
{Key: key_model.KeySearchKeyUsage, Method: domain.SearchMethodEquals, Value: key_model.KeyUsageSigning},
{Key: key_model.KeySearchKeyExpiry, Method: domain.SearchMethodGreaterThan, Value: time.Now().UTC()},
},
},
)
_, err := query(db, &keys)
return keys, err
}
func PutKeys(db *gorm.DB, table string, privateKey, publicKey *model.KeyView) error {
save := repository.PrepareBulkSave(table)
return save(db, privateKey, publicKey)
}
func DeleteKey(db *gorm.DB, table, keyID string, private bool) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.KeySearchKey(key_model.KeySearchKeyID), Value: keyID},
repository.Key{Key: model.KeySearchKey(key_model.KeySearchKeyPrivate), Value: private},
)
return delete(db)
}
func DeleteKeyPair(db *gorm.DB, table, keyID string) error {
delete := repository.PrepareDeleteByKey(table, model.KeySearchKey(key_model.KeySearchKeyID), keyID)
return delete(db)
}

171
internal/key/repository/view/model/authn_key.go
View File

@ -1,171 +0,0 @@
package model
import (
"encoding/json"
"time"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/key/model"
proj_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
user_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
const (
AuthNKeyKeyID = "key_id"
AuthNKeyObjectID = "object_id"
AuthNKeyObjectType = "object_type"
)
type AuthNKeyView struct {
ID string `json:"keyId" gorm:"column:key_id;primary_key"`
ObjectID string `json:"-" gorm:"column:object_id;primary_key"`
ObjectType int32 `json:"-" gorm:"column:object_type;primary_key"`
AuthIdentifier string `json:"-" gorm:"column:auth_identifier;primary_key"`
Type int32 `json:"type" gorm:"column:key_type"`
ExpirationDate time.Time `json:"expirationDate" gorm:"column:expiration_date"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
PublicKey []byte `json:"publicKey" gorm:"column:public_key"`
State int32 `json:"-" gorm:"column:state"`
}
func AuthNKeyViewFromModel(key *model.AuthNKeyView) *AuthNKeyView {
return &AuthNKeyView{
ID: key.ID,
ObjectID: key.ObjectID,
ObjectType: int32(key.ObjectType),
Type: int32(key.Type),
ExpirationDate: key.ExpirationDate,
Sequence: key.Sequence,
CreationDate: key.CreationDate,
State: int32(key.State),
}
}
func AuthNKeyToModel(key *AuthNKeyView) *model.AuthNKeyView {
return &model.AuthNKeyView{
ID: key.ID,
ObjectID: key.ObjectID,
ObjectType: model.ObjectType(key.ObjectType),
AuthIdentifier: key.AuthIdentifier,
Type: model.AuthNKeyType(key.Type),
ExpirationDate: key.ExpirationDate,
Sequence: key.Sequence,
CreationDate: key.CreationDate,
PublicKey: key.PublicKey,
State: model.AuthNKeyState(key.State),
}
}
func AuthNKeysToModel(keys []*AuthNKeyView) []*model.AuthNKeyView {
result := make([]*model.AuthNKeyView, len(keys))
for i, key := range keys {
result[i] = AuthNKeyToModel(key)
}
return result
}
func (k *AuthNKeyView) AppendEventIfMyClientKey(event *models.Event) (err error) {
switch event.Type {
case proj_model.ApplicationDeactivated,
proj_model.ApplicationReactivated,
proj_model.ApplicationRemoved:
a := new(proj_view_model.ApplicationView)
if err := a.AppendEvent(event); err != nil {
return err
}
if a.ID == k.ObjectID {
return k.AppendEvent(event)
}
case proj_model.ProjectDeactivated,
proj_model.ProjectReactivated,
proj_model.ProjectRemoved:
return k.AppendEvent(event)
case user_model.UserLocked,
user_model.UserDeactivated,
user_model.UserUnlocked,
user_model.UserReactivated,
user_model.UserRemoved:
return k.AppendEvent(event)
case proj_model.ClientKeyRemoved,
user_model.MachineKeyRemoved:
view := new(AuthNKeyView)
if view.ID == k.ID {
return k.AppendEvent(event)
}
default:
return nil
}
return nil
}
func (k *AuthNKeyView) AppendEvent(event *models.Event) (err error) {
k.Sequence = event.Sequence
switch event.Type {
case user_model.MachineKeyAdded:
k.setRootData(event)
k.CreationDate = event.CreationDate
err = k.SetUserData(event)
case proj_model.ClientKeyAdded:
k.setRootData(event)
k.CreationDate = event.CreationDate
err = k.SetClientData(event)
case proj_model.ClientKeyRemoved,
proj_model.ApplicationRemoved,
proj_model.ProjectRemoved,
user_model.MachineKeyRemoved,
user_model.UserRemoved:
k.State = int32(model.AuthNKeyStateRemoved)
case proj_model.ProjectDeactivated,
proj_model.ApplicationDeactivated,
user_model.UserDeactivated,
user_model.UserLocked:
k.State = int32(model.AuthNKeyStateInactive)
case proj_model.ProjectReactivated,
proj_model.ApplicationReactivated,
user_model.UserReactivated,
user_model.UserUnlocked:
if k.State != int32(model.AuthNKeyStateRemoved) {
k.State = int32(model.AuthNKeyStateActive)
}
}
return err
}
func (k *AuthNKeyView) setRootData(event *models.Event) {
switch event.AggregateType {
case user_model.UserAggregate:
k.ObjectType = int32(model.AuthNKeyObjectTypeUser)
k.ObjectID = event.AggregateID
k.AuthIdentifier = event.AggregateID
case proj_model.ProjectAggregate:
k.ObjectType = int32(model.AuthNKeyObjectTypeApplication)
}
}
func (k *AuthNKeyView) SetUserData(event *models.Event) error {
if err := json.Unmarshal(event.Data, k); err != nil {
logging.Log("EVEN-Sj90d").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil
}
func (k *AuthNKeyView) SetClientData(event *models.Event) error {
key := new(proj_model.ClientKey)
if err := json.Unmarshal(event.Data, key); err != nil {
logging.Log("EVEN-Dgsgg").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-ADbfz", "Could not unmarshal data")
}
k.ObjectID = key.ApplicationID
k.AuthIdentifier = key.ClientID
k.ID = key.KeyID
k.ExpirationDate = key.ExpirationDate
k.PublicKey = key.PublicKey
k.Type = key.Type
return nil
}

63
internal/key/repository/view/model/authn_key_query.go
View File

@ -1,63 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/view/repository"
)
type AuthNKeySearchRequest key_model.AuthNKeySearchRequest
type AuthNKeySearchQuery key_model.AuthNKeySearchQuery
type AuthNKeySearchKey key_model.AuthNKeySearchKey
func (req AuthNKeySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req AuthNKeySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req AuthNKeySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == key_model.AuthNKeyKeyUnspecified {
return nil
}
return AuthNKeySearchKey(req.SortingColumn)
}
func (req AuthNKeySearchRequest) GetAsc() bool {
return req.Asc
}
func (req AuthNKeySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = AuthNKeySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req AuthNKeySearchQuery) GetKey() repository.ColumnKey {
return AuthNKeySearchKey(req.Key)
}
func (req AuthNKeySearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req AuthNKeySearchQuery) GetValue() interface{} {
return req.Value
}
func (key AuthNKeySearchKey) ToColumnName() string {
switch key_model.AuthNKeySearchKey(key) {
case key_model.AuthNKeyKeyID:
return AuthNKeyKeyID
case key_model.AuthNKeyObjectID:
return AuthNKeyObjectID
case key_model.AuthNKeyObjectType:
return AuthNKeyObjectType
default:
return ""
}
}

88
internal/key/repository/view/model/key.go
View File

@ -1,88 +0,0 @@
package model
import (
"database/sql"
"encoding/json"
"time"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/key/model"
es_model "github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
)
const (
KeyKeyID = "id"
KeyPrivate = "private"
KeyUsage = "usage"
KeyAlgorithm = "algorithm"
KeyExpiry = "expiry"
)
type KeyView struct {
ID string `json:"-" gorm:"column:id;primary_key"`
Private sql.NullBool `json:"-" gorm:"column:private;primary_key"`
Expiry time.Time `json:"-" gorm:"column:expiry"`
Algorithm string `json:"-" gorm:"column:algorithm"`
Usage int32 `json:"-" gorm:"column:usage"`
Key *crypto.CryptoValue `json:"-" gorm:"column:key"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func KeysFromPairEvent(event *models.Event) (*KeyView, *KeyView, error) {
pair := new(es_model.KeyPair)
if err := json.Unmarshal(event.Data, pair); err != nil {
logging.Log("MODEL-s3Ga1").WithError(err).Error("could not unmarshal event data")
return nil, nil, caos_errs.ThrowInternal(nil, "MODEL-G3haa", "could not unmarshal data")
}
privateKey := &KeyView{
ID: event.AggregateID,
Private: sql.NullBool{Bool: true, Valid: true},
Expiry: pair.PrivateKey.Expiry,
Algorithm: pair.Algorithm,
Usage: pair.Usage,
Key: pair.PrivateKey.Key,
Sequence: event.Sequence,
}
publicKey := &KeyView{
ID: event.AggregateID,
Private: sql.NullBool{Bool: false, Valid: true},
Expiry: pair.PublicKey.Expiry,
Algorithm: pair.Algorithm,
Usage: pair.Usage,
Key: pair.PublicKey.Key,
Sequence: event.Sequence,
}
return privateKey, publicKey, nil
}
func KeyViewsToModel(keys []*KeyView) []*model.KeyView {
converted := make([]*model.KeyView, len(keys))
for i, key := range keys {
converted[i] = KeyViewToModel(key)
}
return converted
}
func KeyViewToModel(key *KeyView) *model.KeyView {
return &model.KeyView{
ID: key.ID,
Private: key.Private.Bool,
Expiry: key.Expiry,
Algorithm: key.Algorithm,
Usage: model.KeyUsage(key.Usage),
Key: key.Key,
Sequence: key.Sequence,
}
}
func (k *KeyView) setData(event *models.Event) error {
if err := json.Unmarshal(event.Data, k); err != nil {
logging.Log("MODEL-4ag41").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(nil, "MODEL-GFQ31", "could not unmarshal data")
}
return nil
}

65
internal/key/repository/view/model/key_query.go
View File

@ -1,65 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/view/repository"
)
type KeySearchRequest key_model.KeySearchRequest
type KeySearchQuery key_model.KeySearchQuery
type KeySearchKey key_model.KeySearchKey
func (req KeySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req KeySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req KeySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == key_model.KeySearchKeyUnspecified {
return nil
}
return KeySearchKey(req.SortingColumn)
}
func (req KeySearchRequest) GetAsc() bool {
return req.Asc
}
func (req KeySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = KeySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req KeySearchQuery) GetKey() repository.ColumnKey {
return KeySearchKey(req.Key)
}
func (req KeySearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req KeySearchQuery) GetValue() interface{} {
return req.Value
}
func (key KeySearchKey) ToColumnName() string {
switch key_model.KeySearchKey(key) {
case key_model.KeySearchKeyID:
return KeyKeyID
case key_model.KeySearchKeyPrivate:
return KeyPrivate
case key_model.KeySearchKeyUsage:
return KeyUsage
case key_model.KeySearchKeyExpiry:
return KeyExpiry
default:
return ""
}
}

15
internal/key/repository/view/query.go
View File

@ -1,15 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/keypair"
)
func KeyPairQuery(latestSequence uint64) *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
AddQuery().
AggregateTypes(keypair.AggregateType).
SequenceGreater(latestSequence).
EventTypes(keypair.AddedEventType).
Builder()
}

58
internal/notification/repository/eventsourcing/handler/notification.go
View File

@ -8,22 +8,22 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/notification/channels/fs"
"github.com/caos/zitadel/internal/notification/channels/log"
"github.com/caos/zitadel/internal/notification/channels/twilio"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/command"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
queryv1 "github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
"github.com/caos/zitadel/internal/i18n"
"github.com/caos/zitadel/internal/notification/channels/fs"
"github.com/caos/zitadel/internal/notification/channels/log"
"github.com/caos/zitadel/internal/notification/channels/smtp"
"github.com/caos/zitadel/internal/notification/channels/twilio"
"github.com/caos/zitadel/internal/notification/types"
"github.com/caos/zitadel/internal/query"
user_repo "github.com/caos/zitadel/internal/repository/user"
@ -96,7 +96,7 @@ func (n *Notification) Subscription() *v1.Subscription {
}
func (_ *Notification) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.UserAggregate}
return []models.AggregateType{user_repo.AggregateType}
}
func (n *Notification) CurrentSequence() (uint64, error) {
@ -116,22 +116,22 @@ func (n *Notification) EventQuery() (*models.SearchQuery, error) {
}
func (n *Notification) Reduce(event *models.Event) (err error) {
switch event.Type {
case es_model.InitializedUserCodeAdded,
es_model.InitializedHumanCodeAdded:
switch eventstore.EventType(event.Type) {
case user_repo.UserV1InitialCodeAddedType,
user_repo.HumanInitialCodeAddedType:
err = n.handleInitUserCode(event)
case es_model.UserEmailCodeAdded,
es_model.HumanEmailCodeAdded:
case user_repo.UserV1EmailCodeAddedType,
user_repo.HumanEmailCodeAddedType:
err = n.handleEmailVerificationCode(event)
case es_model.UserPhoneCodeAdded,
es_model.HumanPhoneCodeAdded:
case user_repo.UserV1PhoneCodeAddedType,
user_repo.HumanPhoneCodeAddedType:
err = n.handlePhoneVerificationCode(event)
case es_model.UserPasswordCodeAdded,
es_model.HumanPasswordCodeAdded:
case user_repo.UserV1PasswordCodeAddedType,
user_repo.HumanPasswordCodeAddedType:
err = n.handlePasswordCode(event)
case es_model.DomainClaimed:
case user_repo.UserDomainClaimedType:
err = n.handleDomainClaimed(event)
case models.EventType(user_repo.HumanPasswordlessInitCodeRequestedType):
case user_repo.HumanPasswordlessInitCodeRequestedType:
err = n.handlePasswordlessRegistrationLink(event)
}
if err != nil {
@ -146,8 +146,8 @@ func (n *Notification) handleInitUserCode(event *models.Event) (err error) {
return err
}
alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, initCode.Expiry,
es_model.InitializedUserCodeAdded, es_model.InitializedUserCodeSent,
es_model.InitializedHumanCodeAdded, es_model.InitializedHumanCodeSent)
user_repo.UserV1InitialCodeAddedType, user_repo.UserV1InitialCodeSentType,
user_repo.HumanInitialCodeAddedType, user_repo.HumanInitialCodeSentType)
if err != nil || alreadyHandled {
return err
}
@ -185,8 +185,8 @@ func (n *Notification) handlePasswordCode(event *models.Event) (err error) {
return err
}
alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, pwCode.Expiry,
es_model.UserPasswordCodeAdded, es_model.UserPasswordCodeSent,
es_model.HumanPasswordCodeAdded, es_model.HumanPasswordCodeSent)
user_repo.UserV1PasswordCodeAddedType, user_repo.UserV1PasswordCodeSentType,
user_repo.HumanPasswordCodeAddedType, user_repo.HumanPasswordCodeSentType)
if err != nil || alreadyHandled {
return err
}
@ -223,8 +223,8 @@ func (n *Notification) handleEmailVerificationCode(event *models.Event) (err err
return err
}
alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, emailCode.Expiry,
es_model.UserEmailCodeAdded, es_model.UserEmailCodeSent,
es_model.HumanEmailCodeAdded, es_model.HumanEmailCodeSent)
user_repo.UserV1EmailCodeAddedType, user_repo.UserV1EmailCodeSentType,
user_repo.HumanEmailCodeAddedType, user_repo.HumanEmailCodeSentType)
if err != nil || alreadyHandled {
return nil
}
@ -262,8 +262,8 @@ func (n *Notification) handlePhoneVerificationCode(event *models.Event) (err err
return err
}
alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, phoneCode.Expiry,
es_model.UserPhoneCodeAdded, es_model.UserPhoneCodeSent,
es_model.HumanPhoneCodeAdded, es_model.HumanPhoneCodeSent)
user_repo.UserV1PhoneCodeAddedType, user_repo.UserV1PhoneCodeSentType,
user_repo.HumanPhoneCodeAddedType, user_repo.HumanPhoneCodeSentType)
if err != nil || alreadyHandled {
return nil
}
@ -283,7 +283,7 @@ func (n *Notification) handlePhoneVerificationCode(event *models.Event) (err err
}
func (n *Notification) handleDomainClaimed(event *models.Event) (err error) {
alreadyHandled, err := n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, es_model.DomainClaimed, es_model.DomainClaimedSent)
alreadyHandled, err := n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, user_repo.UserDomainClaimedType, user_repo.UserDomainClaimedSentType)
if err != nil || alreadyHandled {
return nil
}
@ -332,7 +332,7 @@ func (n *Notification) handlePasswordlessRegistrationLink(event *models.Event) (
return err
}
for _, e := range events {
if e.Type == models.EventType(user_repo.HumanPasswordlessInitCodeSentType) {
if eventstore.EventType(e.Type) == user_repo.HumanPasswordlessInitCodeSentType {
sentEvent := new(user_repo.HumanPasswordlessInitCodeSentEvent)
if err := json.Unmarshal(e.Data, sentEvent); err != nil {
return err
@ -369,21 +369,21 @@ func (n *Notification) handlePasswordlessRegistrationLink(event *models.Event) (
return n.command.HumanPasswordlessInitCodeSent(ctx, event.AggregateID, event.ResourceOwner, addedEvent.ID)
}
func (n *Notification) checkIfCodeAlreadyHandledOrExpired(event *models.Event, expiry time.Duration, eventTypes ...models.EventType) (bool, error) {
func (n *Notification) checkIfCodeAlreadyHandledOrExpired(event *models.Event, expiry time.Duration, eventTypes ...eventstore.EventType) (bool, error) {
if event.CreationDate.Add(expiry).Before(time.Now().UTC()) {
return true, nil
}
return n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, eventTypes...)
}
func (n *Notification) checkIfAlreadyHandled(userID string, sequence uint64, eventTypes ...models.EventType) (bool, error) {
func (n *Notification) checkIfAlreadyHandled(userID string, sequence uint64, eventTypes ...eventstore.EventType) (bool, error) {
events, err := n.getUserEvents(userID, sequence)
if err != nil {
return false, err
}
for _, event := range events {
for _, eventType := range eventTypes {
if event.Type == eventType {
if eventstore.EventType(event.Type) == eventType {
return true, nil
}
}

85
internal/notification/repository/eventsourcing/handler/notify_user.go
View File

@ -7,6 +7,7 @@ import (
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
@ -17,7 +18,7 @@ import (
org_view "github.com/caos/zitadel/internal/org/repository/view"
query2 "github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/repository/org"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/repository/user"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@ -63,7 +64,7 @@ func (p *NotifyUser) Subscription() *v1.Subscription {
}
func (_ *NotifyUser) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
return []es_models.AggregateType{user.AggregateType, org.AggregateType}
}
func (p *NotifyUser) CurrentSequence() (uint64, error) {
@ -86,9 +87,9 @@ func (p *NotifyUser) EventQuery() (*es_models.SearchQuery, error) {
func (u *NotifyUser) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case es_model.UserAggregate:
case user.AggregateType:
return u.ProcessUser(event)
case org_es_model.OrgAggregate:
case org.AggregateType:
return u.ProcessOrg(event)
default:
return nil
@ -96,48 +97,48 @@ func (u *NotifyUser) Reduce(event *es_models.Event) (err error) {
}
func (u *NotifyUser) ProcessUser(event *es_models.Event) (err error) {
user := new(view_model.NotifyUser)
switch event.Type {
case es_model.UserAdded,
es_model.UserRegistered,
es_model.HumanRegistered,
es_model.HumanAdded,
es_model.MachineAdded:
err := user.AppendEvent(event)
notifyUser := new(view_model.NotifyUser)
switch eventstore.EventType(event.Type) {
case user.UserV1AddedType,
user.UserV1RegisteredType,
user.HumanRegisteredType,
user.HumanAddedType,
user.MachineAddedEventType:
err := notifyUser.AppendEvent(event)
if err != nil {
return err
}
err = u.fillLoginNames(user)
case es_model.UserProfileChanged,
es_model.UserEmailChanged,
es_model.UserEmailVerified,
es_model.UserPhoneChanged,
es_model.UserPhoneVerified,
es_model.UserPhoneRemoved,
es_model.HumanProfileChanged,
es_model.HumanEmailChanged,
es_model.HumanEmailVerified,
es_model.HumanPhoneChanged,
es_model.HumanPhoneVerified,
es_model.HumanPhoneRemoved,
es_model.MachineChanged:
user, err = u.view.NotifyUserByID(event.AggregateID)
err = u.fillLoginNames(notifyUser)
case user.UserV1ProfileChangedType,
user.UserV1EmailChangedType,
user.UserV1EmailVerifiedType,
user.UserV1PhoneChangedType,
user.UserV1PhoneVerifiedType,
user.UserV1PhoneRemovedType,
user.HumanProfileChangedType,
user.HumanEmailChangedType,
user.HumanEmailVerifiedType,
user.HumanPhoneChangedType,
user.HumanPhoneVerifiedType,
user.HumanPhoneRemovedType,
user.MachineChangedEventType:
notifyUser, err = u.view.NotifyUserByID(event.AggregateID)
if err != nil {
return err
}
err = user.AppendEvent(event)
case es_model.DomainClaimed,
es_model.UserUserNameChanged:
user, err = u.view.NotifyUserByID(event.AggregateID)
err = notifyUser.AppendEvent(event)
case user.UserDomainClaimedType,
user.UserUserNameChangedType:
notifyUser, err = u.view.NotifyUserByID(event.AggregateID)
if err != nil {
return err
}
err = user.AppendEvent(event)
err = notifyUser.AppendEvent(event)
if err != nil {
return err
}
err = u.fillLoginNames(user)
case es_model.UserRemoved:
err = u.fillLoginNames(notifyUser)
case user.UserRemovedType:
return u.view.DeleteNotifyUser(event.AggregateID, event)
default:
return u.view.ProcessedNotifyUserSequence(event)
@ -145,18 +146,18 @@ func (u *NotifyUser) ProcessUser(event *es_models.Event) (err error) {
if err != nil {
return err
}
return u.view.PutNotifyUser(user, event)
return u.view.PutNotifyUser(notifyUser, event)
}
func (u *NotifyUser) ProcessOrg(event *es_models.Event) (err error) {
switch event.Type {
case org_es_model.OrgDomainVerified,
org_es_model.OrgDomainRemoved,
es_models.EventType(org.DomainPolicyAddedEventType),
es_models.EventType(org.DomainPolicyChangedEventType),
es_models.EventType(org.DomainPolicyRemovedEventType):
switch eventstore.EventType(event.Type) {
case org.OrgDomainVerifiedEventType,
org.OrgDomainRemovedEventType,
org.DomainPolicyAddedEventType,
org.DomainPolicyChangedEventType,
org.DomainPolicyRemovedEventType:
return u.fillLoginNamesOnOrgUsers(event)
case org_es_model.OrgDomainPrimarySet:
case org.OrgDomainPrimarySetEventType:
return u.fillPreferredLoginNamesOnOrgUsers(event)
default:
return u.view.ProcessedNotifyUserSequence(event)

10
internal/notification/repository/eventsourcing/view/label_policies.go
View File

@ -1,10 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
)
func (v *View) StylingByAggregateIDAndState(aggregateID, labelPolicyTableVar string, state int32) (*model.LabelPolicyView, error) {
return view.GetStylingByAggregateIDAndState(v.Db, labelPolicyTableVar, aggregateID, state)
}

21
internal/org/model/member.go
View File

@ -1,21 +0,0 @@
package model
import es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
type OrgMember struct {
es_models.ObjectRoot
UserID string
Roles []string
}
func NewOrgMember(orgID, userID string) *OrgMember {
return &OrgMember{ObjectRoot: es_models.ObjectRoot{AggregateID: orgID}, UserID: userID}
}
func NewOrgMemberWithRoles(orgID, userID string, roles ...string) *OrgMember {
return &OrgMember{ObjectRoot: es_models.ObjectRoot{AggregateID: orgID}, UserID: userID, Roles: roles}
}
func (member *OrgMember) IsValid() bool {
return member.AggregateID != "" && member.UserID != ""
}

55
internal/org/model/org.go
View File

@ -3,8 +3,6 @@ package model
import (
"strings"
"github.com/golang/protobuf/ptypes/timestamp"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
@ -16,32 +14,7 @@ type Org struct {
Name string
Domains []*OrgDomain
Members []*OrgMember
DomainPolicy *iam_model.DomainPolicy
LoginPolicy *iam_model.LoginPolicy
LabelPolicy *iam_model.LabelPolicy
MailTemplate *iam_model.MailTemplate
MailTexts []*iam_model.MailText
PasswordComplexityPolicy *iam_model.PasswordComplexityPolicy
PasswordAgePolicy *iam_model.PasswordAgePolicy
LockoutPolicy *iam_model.LockoutPolicy
IDPs []*iam_model.IDPConfig
}
type OrgChanges struct {
Changes []*OrgChange
LastSequence uint64
}
type OrgChange struct {
ChangeDate *timestamp.Timestamp `json:"changeDate,omitempty"`
EventType string `json:"eventType,omitempty"`
Sequence uint64 `json:"sequence,omitempty"`
ModifierId string `json:"modifierUser,omitempty"`
ModifierName string `json:"-"`
ModifierLoginName string `json:"-"`
ModifierAvatarURL string `json:"-"`
Data interface{} `json:"data,omitempty"`
DomainPolicy *iam_model.DomainPolicy
}
type OrgState int32
@ -51,18 +24,10 @@ const (
OrgStateInactive
)
func NewOrg(id string) *Org {
return &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: id}, State: OrgStateActive}
}
func (o *Org) IsActive() bool {
return o.State == OrgStateActive
}
func (o *Org) IsValid() bool {
return o.Name != ""
}
func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
for i, d := range o.Domains {
if d.Domain == domain.Domain {
@ -72,15 +37,6 @@ func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
return -1, nil
}
func (o *Org) GetIDP(idpID string) (int, *iam_model.IDPConfig) {
for i, idp := range o.IDPs {
if idp.IDPConfigID == idpID {
return i, idp
}
}
return -1, nil
}
func (o *Org) GetPrimaryDomain() *OrgDomain {
for _, d := range o.Domains {
if d.Primary {
@ -90,15 +46,6 @@ func (o *Org) GetPrimaryDomain() *OrgDomain {
return nil
}
func (o *Org) MemeberByUserID(userID string) (*OrgMember, int) {
for i, member := range o.Members {
if member.UserID == userID {
return member, i
}
}
return nil, -1
}
func (o *Org) nameForDomain(iamDomain string) string {
return strings.ToLower(strings.ReplaceAll(o.Name, " ", "-") + "." + iamDomain)
}

70
internal/org/model/org_member_view.go
View File

@ -1,70 +0,0 @@
package model
import (
"time"
"github.com/caos/zitadel/internal/domain"
caos_errors "github.com/caos/zitadel/internal/errors"
)
type OrgMemberView struct {
UserID string
OrgID string
UserName string
Email string
FirstName string
LastName string
DisplayName string
PreferredLoginName string
AvatarURL string
UserResourceOwner string
Roles []string
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type OrgMemberSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn OrgMemberSearchKey
Asc bool
Queries []*OrgMemberSearchQuery
}
type OrgMemberSearchKey int32
const (
OrgMemberSearchKeyUnspecified OrgMemberSearchKey = iota
OrgMemberSearchKeyUserName
OrgMemberSearchKeyEmail
OrgMemberSearchKeyFirstName
OrgMemberSearchKeyLastName
OrgMemberSearchKeyOrgID
OrgMemberSearchKeyUserID
)
type OrgMemberSearchQuery struct {
Key OrgMemberSearchKey
Method domain.SearchMethod
Value interface{}
}
type OrgMemberSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*OrgMemberView
Sequence uint64
Timestamp time.Time
}
func (r *OrgMemberSearchRequest) EnsureLimit(limit uint64) error {
if r.Limit > limit {
return caos_errors.ThrowInvalidArgument(nil, "SEARCH-77fu3", "Errors.Limit.ExceedsDefault")
}
if r.Limit == 0 {
r.Limit = limit
}
return nil
}

85
internal/org/repository/eventsourcing/model/idp_config.go
View File

@ -1,85 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
idp.ObjectRoot.CreationDate = event.CreationDate
o.IDPs = append(o.IDPs, idp)
return nil
}
func (o *Org) appendChangeIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
o.IDPs[i].SetData(event)
}
return nil
}
func (o *Org) appendRemoveIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
o.IDPs[i] = o.IDPs[len(o.IDPs)-1]
o.IDPs[len(o.IDPs)-1] = nil
o.IDPs = o.IDPs[:len(o.IDPs)-1]
}
return nil
}
func (o *Org) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
idpConfig.State = int32(state)
o.IDPs[i] = idpConfig
}
return nil
}
func (o *Org) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(iam_es_model.OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
o.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
o.IDPs[i].OIDCIDPConfig = config
}
return nil
}
func (o *Org) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(iam_es_model.OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
o.IDPs[i].OIDCIDPConfig.SetData(event)
}
return nil
}

252
internal/org/repository/eventsourcing/model/idp_config_test.go
View File

@ -1,252 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp config event",
args: args{
org: &Org{},
idp: &iam_es_model.IDPConfig{Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendAddIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendChangeIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
idpConfig *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
idpConfig: &iam_es_model.IDPConfig{Name: "IDPConfig Change"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig Change"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idpConfig != nil {
data, _ := json.Marshal(tt.args.idpConfig)
tt.args.event.Data = data
}
tt.args.org.appendChangeIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendRemoveIDPEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append remove idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendRemoveIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.org.IDPs))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
state model.IDPConfigState
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append deactivate application event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateInactive,
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
},
{
name: "append reactivate application event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateActive,
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
config *iam_es_model.OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add oidc idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"}}},
config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.org.appendAddOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
config *iam_es_model.OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change oidc idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.org.appendChangeOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}

24
internal/org/repository/eventsourcing/model/label_policy.go
View File

@ -1,24 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddLabelPolicyEvent(event *es_models.Event) error {
o.LabelPolicy = new(iam_es_model.LabelPolicy)
err := o.LabelPolicy.SetDataLabel(event)
if err != nil {
return err
}
o.LabelPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangeLabelPolicyEvent(event *es_models.Event) error {
return o.LabelPolicy.SetDataLabel(event)
}
func (o *Org) appendRemoveLabelPolicyEvent(event *es_models.Event) {
o.LabelPolicy = nil
}

91
internal/org/repository/eventsourcing/model/label_policy_test.go
View File

@ -1,91 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func TestAppendAddLabelPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LabelPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add label policy event",
args: args{
org: &Org{},
policy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"},
event: &es_models.Event{},
},
result: &Org{LabelPolicy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddLabelPolicyEvent(tt.args.event)
if tt.result.LabelPolicy.PrimaryColor != tt.args.org.LabelPolicy.PrimaryColor {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.PrimaryColor, tt.args.org.LabelPolicy.PrimaryColor)
}
if tt.result.LabelPolicy.BackgroundColor != tt.args.org.LabelPolicy.BackgroundColor {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.BackgroundColor, tt.args.org.LabelPolicy.BackgroundColor)
}
})
}
}
func TestAppendChangeLabelPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LabelPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change label policy event",
args: args{
org: &Org{LabelPolicy: &iam_es_model.LabelPolicy{
BackgroundColor: "FFFFF0",
PrimaryColor: "000001",
}},
policy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"},
event: &es_models.Event{},
},
result: &Org{LabelPolicy: &iam_es_model.LabelPolicy{
BackgroundColor: "FFFFFF",
PrimaryColor: "000000",
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangeLabelPolicyEvent(tt.args.event)
if tt.result.LabelPolicy.PrimaryColor != tt.args.org.LabelPolicy.PrimaryColor {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.PrimaryColor, tt.args.org.LabelPolicy.PrimaryColor)
}
if tt.result.LabelPolicy.BackgroundColor != tt.args.org.LabelPolicy.BackgroundColor {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.BackgroundColor, tt.args.org.LabelPolicy.BackgroundColor)
}
})
}
}

106
internal/org/repository/eventsourcing/model/login_policy.go
View File

@ -1,106 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddLoginPolicyEvent(event *es_models.Event) error {
o.LoginPolicy = new(iam_es_model.LoginPolicy)
err := o.LoginPolicy.SetData(event)
if err != nil {
return err
}
o.LoginPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangeLoginPolicyEvent(event *es_models.Event) error {
return o.LoginPolicy.SetData(event)
}
func (o *Org) appendRemoveLoginPolicyEvent(event *es_models.Event) {
o.LoginPolicy = nil
}
func (o *Org) appendAddIdpProviderToLoginPolicyEvent(event *es_models.Event) error {
provider := &iam_es_model.IDPProvider{}
err := provider.SetData(event)
if err != nil {
return err
}
provider.ObjectRoot.CreationDate = event.CreationDate
if o.LoginPolicy == nil {
return nil
}
o.LoginPolicy.IDPProviders = append(o.LoginPolicy.IDPProviders, provider)
return nil
}
func (o *Org) appendRemoveIdpProviderFromLoginPolicyEvent(event *es_models.Event) error {
provider := &iam_es_model.IDPProvider{}
err := provider.SetData(event)
if err != nil {
return err
}
if o.LoginPolicy == nil {
return nil
}
if i, m := iam_es_model.GetIDPProvider(o.LoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
o.LoginPolicy.IDPProviders[i] = o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1]
o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1] = nil
o.LoginPolicy.IDPProviders = o.LoginPolicy.IDPProviders[:len(o.LoginPolicy.IDPProviders)-1]
return nil
}
return nil
}
func (o *Org) appendAddSecondFactorToLoginPolicyEvent(event *es_models.Event) error {
mfa := &iam_es_model.MFA{}
err := mfa.SetData(event)
if err != nil {
return err
}
o.LoginPolicy.SecondFactors = append(o.LoginPolicy.SecondFactors, mfa.MFAType)
return nil
}
func (o *Org) appendRemoveSecondFactorFromLoginPolicyEvent(event *es_models.Event) error {
mfa := &iam_es_model.MFA{}
err := mfa.SetData(event)
if err != nil {
return err
}
if i, m := iam_es_model.GetMFA(o.LoginPolicy.SecondFactors, mfa.MFAType); m != 0 {
o.LoginPolicy.SecondFactors[i] = o.LoginPolicy.SecondFactors[len(o.LoginPolicy.SecondFactors)-1]
o.LoginPolicy.SecondFactors[len(o.LoginPolicy.SecondFactors)-1] = 0
o.LoginPolicy.SecondFactors = o.LoginPolicy.SecondFactors[:len(o.LoginPolicy.SecondFactors)-1]
return nil
}
return nil
}
func (o *Org) appendAddMultiFactorToLoginPolicyEvent(event *es_models.Event) error {
mfa := &iam_es_model.MFA{}
err := mfa.SetData(event)
if err != nil {
return err
}
o.LoginPolicy.MultiFactors = append(o.LoginPolicy.MultiFactors, mfa.MFAType)
return nil
}
func (o *Org) appendRemoveMultiFactorFromLoginPolicyEvent(event *es_models.Event) error {
mfa := &iam_es_model.MFA{}
err := mfa.SetData(event)
if err != nil {
return err
}
if i, m := iam_es_model.GetMFA(o.LoginPolicy.MultiFactors, mfa.MFAType); m != 0 {
o.LoginPolicy.MultiFactors[i] = o.LoginPolicy.MultiFactors[len(o.LoginPolicy.MultiFactors)-1]
o.LoginPolicy.MultiFactors[len(o.LoginPolicy.MultiFactors)-1] = 0
o.LoginPolicy.MultiFactors = o.LoginPolicy.MultiFactors[:len(o.LoginPolicy.MultiFactors)-1]
return nil
}
return nil
}

392
internal/org/repository/eventsourcing/model/login_policy_test.go
View File

@ -1,392 +0,0 @@
package model
import (
"encoding/json"
"testing"
"github.com/caos/zitadel/internal/domain"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func TestAppendAddLoginPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add login policy event",
args: args{
org: &Org{},
policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendChangeLoginPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: false,
AllowRegister: false,
AllowUsernamePassword: false,
}},
policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangeLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendAddIdpToPolicyEvent(t *testing.T) {
type args struct {
org *Org
provider *iam_es_model.IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp to login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.org.appendAddIdpProviderToLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
}
if tt.result.LoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
}
if tt.result.LoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
}
})
}
}
func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
type args struct {
org *Org
provider *iam_es_model.IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp to login policy event",
args: args{
org: &Org{
LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
}}},
provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.org.appendRemoveIdpProviderFromLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
}
})
}
}
func TestAppendAddSecondFactorToPolicyEvent(t *testing.T) {
type args struct {
org *Org
mfa *iam_es_model.MFA
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add second factor to login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
mfa: &iam_es_model.MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
SecondFactors: []int32{
int32(domain.SecondFactorTypeOTP),
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.mfa != nil {
data, _ := json.Marshal(tt.args.mfa)
tt.args.event.Data = data
}
tt.args.org.appendAddSecondFactorToLoginPolicyEvent(tt.args.event)
if len(tt.result.LoginPolicy.SecondFactors) != len(tt.args.org.LoginPolicy.SecondFactors) {
t.Errorf("got wrong second factor len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.SecondFactors), len(tt.args.org.LoginPolicy.SecondFactors))
}
if tt.result.LoginPolicy.SecondFactors[0] != tt.args.mfa.MFAType {
t.Errorf("got wrong second factor: expected: %v, actual: %v ", tt.result.LoginPolicy.SecondFactors[0], tt.args.mfa)
}
})
}
}
func TestRemoveSecondFactorFromPolicyEvent(t *testing.T) {
type args struct {
org *Org
mfa *iam_es_model.MFA
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append remove second factor from login policy event",
args: args{
org: &Org{
LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
SecondFactors: []int32{
int32(domain.SecondFactorTypeOTP),
}}},
mfa: &iam_es_model.MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
SecondFactors: []int32{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.mfa != nil {
data, _ := json.Marshal(tt.args.mfa)
tt.args.event.Data = data
}
tt.args.org.appendRemoveSecondFactorFromLoginPolicyEvent(tt.args.event)
if len(tt.result.LoginPolicy.SecondFactors) != len(tt.args.org.LoginPolicy.SecondFactors) {
t.Errorf("got wrong idp mfa len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.SecondFactors), len(tt.args.org.LoginPolicy.SecondFactors))
}
})
}
}
func TestAppendAddMultiFactorToPolicyEvent(t *testing.T) {
type args struct {
org *Org
mfa *iam_es_model.MFA
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add mfa to login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
mfa: &iam_es_model.MFA{MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN)},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
MultiFactors: []int32{
int32(iam_model.MultiFactorTypeU2FWithPIN),
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.mfa != nil {
data, _ := json.Marshal(tt.args.mfa)
tt.args.event.Data = data
}
tt.args.org.appendAddMultiFactorToLoginPolicyEvent(tt.args.event)
if len(tt.result.LoginPolicy.MultiFactors) != len(tt.args.org.LoginPolicy.MultiFactors) {
t.Errorf("got wrong second factor len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.MultiFactors), len(tt.args.org.LoginPolicy.MultiFactors))
}
if tt.result.LoginPolicy.MultiFactors[0] != tt.args.mfa.MFAType {
t.Errorf("got wrong second factor: expected: %v, actual: %v ", tt.result.LoginPolicy.MultiFactors[0], tt.args.mfa)
}
})
}
}
func TestRemoveMultiFactorFromPolicyEvent(t *testing.T) {
type args struct {
org *Org
mfa *iam_es_model.MFA
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append remove mfa from login policy event",
args: args{
org: &Org{
LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
MultiFactors: []int32{
int32(iam_model.MultiFactorTypeU2FWithPIN),
}}},
mfa: &iam_es_model.MFA{MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN)},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
MultiFactors: []int32{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.mfa != nil {
data, _ := json.Marshal(tt.args.mfa)
tt.args.event.Data = data
}
tt.args.org.appendRemoveMultiFactorFromLoginPolicyEvent(tt.args.event)
if len(tt.result.LoginPolicy.MultiFactors) != len(tt.args.org.LoginPolicy.MultiFactors) {
t.Errorf("got wrong idp mfa len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.MultiFactors), len(tt.args.org.LoginPolicy.MultiFactors))
}
})
}
}

31
internal/org/repository/eventsourcing/model/mail_template.go
View File

@ -1,31 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddMailTemplateEvent(event *es_models.Event) error {
o.MailTemplate = new(iam_es_model.MailTemplate)
err := o.MailTemplate.SetDataLabel(event)
if err != nil {
return err
}
o.MailTemplate.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangeMailTemplateEvent(event *es_models.Event) error {
mailTemplate := &iam_es_model.MailTemplate{}
err := mailTemplate.SetDataLabel(event)
if err != nil {
return err
}
mailTemplate.ObjectRoot.ChangeDate = event.CreationDate
o.MailTemplate = mailTemplate
return nil
}
func (o *Org) appendRemoveMailTemplateEvent(event *es_models.Event) {
o.MailTemplate = nil
}

83
internal/org/repository/eventsourcing/model/mail_template_test.go
View File

@ -1,83 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func TestAppendAddMailTemplateEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.MailTemplate
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add label policy event",
args: args{
org: &Org{},
policy: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")},
event: &es_models.Event{},
},
result: &Org{MailTemplate: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddMailTemplateEvent(tt.args.event)
if string(tt.result.MailTemplate.Template) != string(tt.args.org.MailTemplate.Template) {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.MailTemplate.Template, tt.args.org.MailTemplate.Template)
}
})
}
}
func TestAppendChangeMailTemplateEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.MailTemplate
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change label policy event",
args: args{
org: &Org{MailTemplate: &iam_es_model.MailTemplate{
Template: []byte("<x!doctype html>"),
}},
policy: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")},
event: &es_models.Event{},
},
result: &Org{MailTemplate: &iam_es_model.MailTemplate{
Template: []byte("<!doctype html>"),
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangeMailTemplateEvent(tt.args.event)
if string(tt.result.MailTemplate.Template) != string(tt.args.org.MailTemplate.Template) {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.MailTemplate.Template, tt.args.org.MailTemplate.Template)
}
})
}
}

45
internal/org/repository/eventsourcing/model/member.go
View File

@ -6,7 +6,6 @@ import (
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/org/model"
)
type OrgMember struct {
@ -50,47 +49,3 @@ func (m *OrgMember) Changes(updatedMember *OrgMember) map[string]interface{} {
return changes
}
func OrgMemberFromEvent(member *OrgMember, event *es_models.Event) (*OrgMember, error) {
if member == nil {
member = new(OrgMember)
}
member.ObjectRoot.AppendEvent(event)
err := json.Unmarshal(event.Data, member)
if err != nil {
return nil, errors.ThrowInternal(err, "EVENT-D4qxo", "invalid event data")
}
return member, nil
}
func OrgMembersFromModel(members []*model.OrgMember) []*OrgMember {
convertedMembers := make([]*OrgMember, len(members))
for i, m := range members {
convertedMembers[i] = OrgMemberFromModel(m)
}
return convertedMembers
}
func OrgMemberFromModel(member *model.OrgMember) *OrgMember {
return &OrgMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func OrgMembersToModel(members []*OrgMember) []*model.OrgMember {
convertedMembers := make([]*model.OrgMember, len(members))
for i, m := range members {
convertedMembers[i] = OrgMemberToModel(m)
}
return convertedMembers
}
func OrgMemberToModel(member *OrgMember) *model.OrgMember {
return &model.OrgMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}

183
internal/org/repository/eventsourcing/model/org.go
View File

@ -3,16 +3,12 @@ package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/model"
)
const (
OrgVersion = "v1"
"github.com/caos/zitadel/internal/repository/org"
)
type Org struct {
@ -21,16 +17,8 @@ type Org struct {
Name string `json:"name,omitempty"`
State int32 `json:"-"`
Domains []*OrgDomain `json:"-"`
Members []*OrgMember `json:"-"`
DomainPolicy *iam_es_model.DomainPolicy `json:"-"`
LabelPolicy *iam_es_model.LabelPolicy `json:"-"`
MailTemplate *iam_es_model.MailTemplate `json:"-"`
IDPs []*iam_es_model.IDPConfig `json:"-"`
LoginPolicy *iam_es_model.LoginPolicy `json:"-"`
PasswordComplexityPolicy *iam_es_model.PasswordComplexityPolicy `json:"-"`
PasswordAgePolicy *iam_es_model.PasswordAgePolicy `json:"-"`
LockoutPolicy *iam_es_model.LockoutPolicy `json:"-"`
Domains []*OrgDomain `json:"-"`
DomainPolicy *iam_es_model.DomainPolicy `json:"-"`
}
func OrgToModel(org *Org) *org_model.Org {
@ -39,30 +27,10 @@ func OrgToModel(org *Org) *org_model.Org {
Name: org.Name,
State: org_model.OrgState(org.State),
Domains: OrgDomainsToModel(org.Domains),
Members: OrgMembersToModel(org.Members),
IDPs: iam_es_model.IDPConfigsToModel(org.IDPs),
}
if org.DomainPolicy != nil {
converted.DomainPolicy = iam_es_model.DomainPolicyToModel(org.DomainPolicy)
}
if org.LoginPolicy != nil {
converted.LoginPolicy = iam_es_model.LoginPolicyToModel(org.LoginPolicy)
}
if org.LabelPolicy != nil {
converted.LabelPolicy = iam_es_model.LabelPolicyToModel(org.LabelPolicy)
}
if org.MailTemplate != nil {
converted.MailTemplate = iam_es_model.MailTemplateToModel(org.MailTemplate)
}
if org.PasswordComplexityPolicy != nil {
converted.PasswordComplexityPolicy = iam_es_model.PasswordComplexityPolicyToModel(org.PasswordComplexityPolicy)
}
if org.PasswordAgePolicy != nil {
converted.PasswordAgePolicy = iam_es_model.PasswordAgePolicyToModel(org.PasswordAgePolicy)
}
if org.LockoutPolicy != nil {
converted.LockoutPolicy = iam_es_model.LockoutPolicyToModel(org.LockoutPolicy)
}
return converted
}
@ -85,123 +53,37 @@ func (o *Org) AppendEvents(events ...*es_models.Event) error {
}
func (o *Org) AppendEvent(event *es_models.Event) (err error) {
switch event.Type {
case OrgAdded:
switch eventstore.EventType(event.Type) {
case org.OrgAddedEventType:
err = o.SetData(event)
if err != nil {
return err
}
case OrgChanged:
case org.OrgChangedEventType:
err = o.SetData(event)
if err != nil {
return err
}
case OrgDeactivated:
case org.OrgDeactivatedEventType:
o.State = int32(org_model.OrgStateInactive)
case OrgReactivated:
case org.OrgReactivatedEventType:
o.State = int32(org_model.OrgStateActive)
case OrgMemberAdded:
member, err := OrgMemberFromEvent(nil, event)
if err != nil {
return err
}
member.CreationDate = event.CreationDate
o.setMember(member)
case OrgMemberChanged:
member, err := OrgMemberFromEvent(nil, event)
if err != nil {
return err
}
existingMember := o.getMember(member.UserID)
member.CreationDate = existingMember.CreationDate
o.setMember(member)
case OrgMemberRemoved,
OrgMemberCascadeRemoved:
member, err := OrgMemberFromEvent(nil, event)
if err != nil {
return err
}
o.removeMember(member.UserID)
case OrgDomainAdded:
case org.OrgDomainAddedEventType:
err = o.appendAddDomainEvent(event)
case OrgDomainVerificationAdded:
case org.OrgDomainVerificationAddedEventType:
err = o.appendVerificationDomainEvent(event)
case OrgDomainVerified:
case org.OrgDomainVerifiedEventType:
err = o.appendVerifyDomainEvent(event)
case OrgDomainPrimarySet:
case org.OrgDomainPrimarySetEventType:
err = o.appendPrimaryDomainEvent(event)
case OrgDomainRemoved:
case org.OrgDomainRemovedEventType:
err = o.appendRemoveDomainEvent(event)
case DomainPolicyAdded:
case org.DomainPolicyAddedEventType:
err = o.appendAddDomainPolicyEvent(event)
case DomainPolicyChanged:
case org.DomainPolicyChangedEventType:
err = o.appendChangeDomainPolicyEvent(event)
case DomainPolicyRemoved:
case org.DomainPolicyRemovedEventType:
o.appendRemoveDomainPolicyEvent()
case IDPConfigAdded:
err = o.appendAddIDPConfigEvent(event)
case IDPConfigChanged:
err = o.appendChangeIDPConfigEvent(event)
case IDPConfigRemoved:
err = o.appendRemoveIDPConfigEvent(event)
case IDPConfigDeactivated:
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
case IDPConfigReactivated:
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
case OIDCIDPConfigAdded:
err = o.appendAddOIDCIDPConfigEvent(event)
case OIDCIDPConfigChanged:
err = o.appendChangeOIDCIDPConfigEvent(event)
case LabelPolicyAdded:
err = o.appendAddLabelPolicyEvent(event)
case LabelPolicyChanged:
err = o.appendChangeLabelPolicyEvent(event)
case LabelPolicyRemoved:
o.appendRemoveLabelPolicyEvent(event)
case LoginPolicyAdded:
err = o.appendAddLoginPolicyEvent(event)
case LoginPolicyChanged:
err = o.appendChangeLoginPolicyEvent(event)
case LoginPolicyRemoved:
o.appendRemoveLoginPolicyEvent(event)
case LoginPolicyIDPProviderAdded:
err = o.appendAddIdpProviderToLoginPolicyEvent(event)
case LoginPolicyIDPProviderRemoved:
err = o.appendRemoveIdpProviderFromLoginPolicyEvent(event)
case MailTemplateAdded:
err = o.appendAddMailTemplateEvent(event)
case MailTemplateChanged:
err = o.appendChangeMailTemplateEvent(event)
case MailTemplateRemoved:
o.appendRemoveMailTemplateEvent(event)
case LoginPolicySecondFactorAdded:
err = o.appendAddSecondFactorToLoginPolicyEvent(event)
case LoginPolicySecondFactorRemoved:
err = o.appendRemoveSecondFactorFromLoginPolicyEvent(event)
case LoginPolicyMultiFactorAdded:
err = o.appendAddMultiFactorToLoginPolicyEvent(event)
case LoginPolicyMultiFactorRemoved:
err = o.appendRemoveMultiFactorFromLoginPolicyEvent(event)
case PasswordComplexityPolicyAdded:
err = o.appendAddPasswordComplexityPolicyEvent(event)
case PasswordComplexityPolicyChanged:
err = o.appendChangePasswordComplexityPolicyEvent(event)
case PasswordComplexityPolicyRemoved:
o.appendRemovePasswordComplexityPolicyEvent(event)
case PasswordAgePolicyAdded:
err = o.appendAddPasswordAgePolicyEvent(event)
case PasswordAgePolicyChanged:
err = o.appendChangePasswordAgePolicyEvent(event)
case PasswordAgePolicyRemoved:
o.appendRemovePasswordAgePolicyEvent(event)
case LockoutPolicyAdded:
err = o.appendAddLockoutPolicyEvent(event)
case LockoutPolicyChanged:
err = o.appendChangeLockoutPolicyEvent(event)
case LockoutPolicyRemoved:
o.appendRemoveLockoutPolicyEvent(event)
}
if err != nil {
return err
@ -218,35 +100,6 @@ func (o *Org) SetData(event *es_models.Event) error {
return nil
}
func (o *Org) getMember(userID string) *OrgMember {
for _, member := range o.Members {
if member.UserID == userID {
return member
}
}
return nil
}
func (o *Org) setMember(member *OrgMember) {
for i, existingMember := range o.Members {
if existingMember.UserID == member.UserID {
o.Members[i] = member
return
}
}
o.Members = append(o.Members, member)
}
func (o *Org) removeMember(userID string) {
for i := len(o.Members) - 1; i >= 0; i-- {
if o.Members[i].UserID == userID {
copy(o.Members[i:], o.Members[i+1:])
o.Members[len(o.Members)-1] = nil
o.Members = o.Members[:len(o.Members)-1]
}
}
}
func (o *Org) Changes(changed *Org) map[string]interface{} {
changes := make(map[string]interface{}, 2)

13
internal/org/repository/eventsourcing/model/org_test.go
View File

@ -6,6 +6,7 @@ import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/internal/repository/org"
)
func TestOrgFromEvents(t *testing.T) {
@ -22,7 +23,7 @@ func TestOrgFromEvents(t *testing.T) {
name: "org from events, ok",
args: args{
event: []*es_models.Event{
{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
},
org: &Org{Name: "OrgName"},
},
@ -32,7 +33,7 @@ func TestOrgFromEvents(t *testing.T) {
name: "org from events, nil org",
args: args{
event: []*es_models.Event{
{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
},
org: nil,
},
@ -66,7 +67,7 @@ func TestAppendEvent(t *testing.T) {
{
name: "append added event",
args: args{
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
org: &Org{Name: "OrgName"},
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive), Name: "OrgName"},
@ -74,7 +75,7 @@ func TestAppendEvent(t *testing.T) {
{
name: "append change event",
args: args{
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgChanged, Data: []byte(`{"name": "OrgName}`)},
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgChangedEventType), Data: []byte(`{"name": "OrgName}`)},
org: &Org{Name: "OrgNameChanged"},
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive), Name: "OrgNameChanged"},
@ -82,14 +83,14 @@ func TestAppendEvent(t *testing.T) {
{
name: "append deactivate event",
args: args{
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgDeactivated},
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgDeactivatedEventType)},
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateInactive)},
},
{
name: "append reactivate event",
args: args{
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgReactivated},
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgReactivatedEventType)},
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive)},
},

24
internal/org/repository/eventsourcing/model/password_age_policy.go
View File

@ -1,24 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddPasswordAgePolicyEvent(event *es_models.Event) error {
o.PasswordAgePolicy = new(iam_es_model.PasswordAgePolicy)
err := o.PasswordAgePolicy.SetData(event)
if err != nil {
return err
}
o.PasswordAgePolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangePasswordAgePolicyEvent(event *es_models.Event) error {
return o.PasswordAgePolicy.SetData(event)
}
func (o *Org) appendRemovePasswordAgePolicyEvent(event *es_models.Event) {
o.PasswordAgePolicy = nil
}

86
internal/org/repository/eventsourcing/model/password_age_policy_test.go
View File

@ -1,86 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddPasswordAgePolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.PasswordAgePolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add password age policy event",
args: args{
org: &Org{},
policy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 10},
event: &es_models.Event{},
},
result: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 10}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddPasswordAgePolicyEvent(tt.args.event)
if tt.result.PasswordAgePolicy.MaxAgeDays != tt.args.org.PasswordAgePolicy.MaxAgeDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.MaxAgeDays, tt.args.org.PasswordAgePolicy.MaxAgeDays)
}
})
}
}
func TestAppendChangePasswordAgePolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.PasswordAgePolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change password age policy event",
args: args{
org: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
MaxAgeDays: 10,
}},
policy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 5, ExpireWarnDays: 10},
event: &es_models.Event{},
},
result: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
MaxAgeDays: 5,
ExpireWarnDays: 10,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangePasswordAgePolicyEvent(tt.args.event)
if tt.result.PasswordAgePolicy.MaxAgeDays != tt.args.org.PasswordAgePolicy.MaxAgeDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.MaxAgeDays, tt.args.org.PasswordAgePolicy.MaxAgeDays)
}
if tt.result.PasswordAgePolicy.ExpireWarnDays != tt.args.org.PasswordAgePolicy.ExpireWarnDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.ExpireWarnDays, tt.args.org.PasswordAgePolicy.ExpireWarnDays)
}
})
}
}

24
internal/org/repository/eventsourcing/model/password_complexity_policy.go
View File

@ -1,24 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddPasswordComplexityPolicyEvent(event *es_models.Event) error {
o.PasswordComplexityPolicy = new(iam_es_model.PasswordComplexityPolicy)
err := o.PasswordComplexityPolicy.SetData(event)
if err != nil {
return err
}
o.PasswordComplexityPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangePasswordComplexityPolicyEvent(event *es_models.Event) error {
return o.PasswordComplexityPolicy.SetData(event)
}
func (o *Org) appendRemovePasswordComplexityPolicyEvent(event *es_models.Event) {
o.PasswordComplexityPolicy = nil
}

86
internal/org/repository/eventsourcing/model/password_complexity_policy_test.go
View File

@ -1,86 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddPasswordComplexityPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.PasswordComplexityPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add password complexity policy event",
args: args{
org: &Org{},
policy: &iam_es_model.PasswordComplexityPolicy{MinLength: 10},
event: &es_models.Event{},
},
result: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{MinLength: 10}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddPasswordComplexityPolicyEvent(tt.args.event)
if tt.result.PasswordComplexityPolicy.MinLength != tt.args.org.PasswordComplexityPolicy.MinLength {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.MinLength, tt.args.org.PasswordComplexityPolicy.MinLength)
}
})
}
}
func TestAppendChangePasswordComplexityPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.PasswordComplexityPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change password complexity policy event",
args: args{
org: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
MinLength: 10,
}},
policy: &iam_es_model.PasswordComplexityPolicy{MinLength: 5, HasLowercase: true},
event: &es_models.Event{},
},
result: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
MinLength: 5,
HasLowercase: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangePasswordComplexityPolicyEvent(tt.args.event)
if tt.result.PasswordComplexityPolicy.MinLength != tt.args.org.PasswordComplexityPolicy.MinLength {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.MinLength, tt.args.org.PasswordComplexityPolicy.MinLength)
}
if tt.result.PasswordComplexityPolicy.HasLowercase != tt.args.org.PasswordComplexityPolicy.HasLowercase {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.HasLowercase, tt.args.org.PasswordComplexityPolicy.HasLowercase)
}
})
}
}

24
internal/org/repository/eventsourcing/model/password_lockout_policy.go
View File

@ -1,24 +0,0 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddLockoutPolicyEvent(event *es_models.Event) error {
o.LockoutPolicy = new(iam_es_model.LockoutPolicy)
err := o.LockoutPolicy.SetData(event)
if err != nil {
return err
}
o.LockoutPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangeLockoutPolicyEvent(event *es_models.Event) error {
return o.LockoutPolicy.SetData(event)
}
func (o *Org) appendRemoveLockoutPolicyEvent(event *es_models.Event) {
o.LockoutPolicy = nil
}

86
internal/org/repository/eventsourcing/model/password_lockout_policy_test.go
View File

@ -1,86 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddLockoutPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LockoutPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add lockout policy event",
args: args{
org: &Org{},
policy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 10},
event: &es_models.Event{},
},
result: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 10}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddLockoutPolicyEvent(tt.args.event)
if tt.result.LockoutPolicy.MaxPasswordAttempts != tt.args.org.LockoutPolicy.MaxPasswordAttempts {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.MaxPasswordAttempts, tt.args.org.LockoutPolicy.MaxPasswordAttempts)
}
})
}
}
func TestAppendChangeLockoutPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LockoutPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change lockout policy event",
args: args{
org: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{
MaxPasswordAttempts: 10,
}},
policy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 5, ShowLockOutFailures: true},
event: &es_models.Event{},
},
result: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{
MaxPasswordAttempts: 5,
ShowLockOutFailures: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangeLockoutPolicyEvent(tt.args.event)
if tt.result.LockoutPolicy.MaxPasswordAttempts != tt.args.org.LockoutPolicy.MaxPasswordAttempts {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.MaxPasswordAttempts, tt.args.org.LockoutPolicy.MaxPasswordAttempts)
}
if tt.result.LockoutPolicy.ShowLockOutFailures != tt.args.org.LockoutPolicy.ShowLockOutFailures {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.ShowLockOutFailures, tt.args.org.LockoutPolicy.ShowLockOutFailures)
}
})
}
}

99
internal/org/repository/eventsourcing/model/types.go
View File

@ -1,99 +0,0 @@
package model
import "github.com/caos/zitadel/internal/eventstore/v1/models"
const (
OrgAggregate models.AggregateType = "org"
OrgDomainAggregate models.AggregateType = "org.domain"
OrgNameAggregate models.AggregateType = "org.name"
OrgAdded models.EventType = "org.added"
OrgChanged models.EventType = "org.changed"
OrgDeactivated models.EventType = "org.deactivated"
OrgReactivated models.EventType = "org.reactivated"
OrgRemoved models.EventType = "org.removed"
OrgDomainAdded models.EventType = "org.domain.added"
OrgDomainVerificationAdded models.EventType = "org.domain.verification.added"
OrgDomainVerificationFailed models.EventType = "org.domain.verification.failed"
OrgDomainVerified models.EventType = "org.domain.verified"
OrgDomainRemoved models.EventType = "org.domain.removed"
OrgDomainPrimarySet models.EventType = "org.domain.primary.set"
OrgNameReserved models.EventType = "org.name.reserved"
OrgNameReleased models.EventType = "org.name.released"
OrgDomainReserved models.EventType = "org.domain.reserved"
OrgDomainReleased models.EventType = "org.domain.released"
OrgMemberAdded models.EventType = "org.member.added"
OrgMemberChanged models.EventType = "org.member.changed"
OrgMemberRemoved models.EventType = "org.member.removed"
OrgMemberCascadeRemoved models.EventType = "org.member.cascade.removed"
DomainPolicyAdded models.EventType = "org.policy.domain.added"
DomainPolicyChanged models.EventType = "org.policy.domain.changed"
DomainPolicyRemoved models.EventType = "org.policy.domain.removed"
IDPConfigAdded models.EventType = "org.idp.config.added"
IDPConfigChanged models.EventType = "org.idp.config.changed"
IDPConfigRemoved models.EventType = "org.idp.config.removed"
IDPConfigDeactivated models.EventType = "org.idp.config.deactivated"
IDPConfigReactivated models.EventType = "org.idp.config.reactivated"
OIDCIDPConfigAdded models.EventType = "org.idp.oidc.config.added"
OIDCIDPConfigChanged models.EventType = "org.idp.oidc.config.changed"
SAMLIDPConfigAdded models.EventType = "org.idp.saml.config.added"
SAMLIDPConfigChanged models.EventType = "org.idp.saml.config.changed"
LoginPolicyAdded models.EventType = "org.policy.login.added"
LoginPolicyChanged models.EventType = "org.policy.login.changed"
LoginPolicyRemoved models.EventType = "org.policy.login.removed"
LoginPolicyIDPProviderAdded models.EventType = "org.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "org.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "org.policy.login.idpprovider.cascade.removed"
LoginPolicySecondFactorAdded models.EventType = "org.policy.login.secondfactor.added"
LoginPolicySecondFactorRemoved models.EventType = "org.policy.login.secondfactor.removed"
LoginPolicyMultiFactorAdded models.EventType = "org.policy.login.multifactor.added"
LoginPolicyMultiFactorRemoved models.EventType = "org.policy.login.multifactor.removed"
LabelPolicyAdded models.EventType = "org.policy.label.added"
LabelPolicyChanged models.EventType = "org.policy.label.changed"
LabelPolicyActivated models.EventType = "org.policy.label.activated"
LabelPolicyRemoved models.EventType = "org.policy.label.removed"
LabelPolicyLogoAdded models.EventType = "org.policy.label.logo.added"
LabelPolicyLogoRemoved models.EventType = "org.policy.label.logo.removed"
LabelPolicyIconAdded models.EventType = "org.policy.label.icon.added"
LabelPolicyIconRemoved models.EventType = "org.policy.label.icon.removed"
LabelPolicyLogoDarkAdded models.EventType = "org.policy.label.logo.dark.added"
LabelPolicyLogoDarkRemoved models.EventType = "org.policy.label.logo.dark.removed"
LabelPolicyIconDarkAdded models.EventType = "org.policy.label.icon.dark.added"
LabelPolicyIconDarkRemoved models.EventType = "org.policy.label.icon.dark.removed"
LabelPolicyFontAdded models.EventType = "org.policy.label.font.added"
LabelPolicyFontRemoved models.EventType = "org.policy.label.font.removed"
LabelPolicyAssetsRemoved models.EventType = "org.policy.label.assets.removed"
MailTemplateAdded models.EventType = "org.mail.template.added"
MailTemplateChanged models.EventType = "org.mail.template.changed"
MailTemplateRemoved models.EventType = "org.mail.template.removed"
CustomTextSet models.EventType = "org.customtext.set"
CustomTextRemoved models.EventType = "org.customtext.removed"
CustomTextMessageRemoved models.EventType = "org.customtext.template.removed"
PasswordComplexityPolicyAdded models.EventType = "org.policy.password.complexity.added"
PasswordComplexityPolicyChanged models.EventType = "org.policy.password.complexity.changed"
PasswordComplexityPolicyRemoved models.EventType = "org.policy.password.complexity.removed"
PasswordAgePolicyAdded models.EventType = "org.policy.password.age.added"
PasswordAgePolicyChanged models.EventType = "org.policy.password.age.changed"
PasswordAgePolicyRemoved models.EventType = "org.policy.password.age.removed"
LockoutPolicyAdded models.EventType = "org.policy.lockout.added"
LockoutPolicyChanged models.EventType = "org.policy.lockout.changed"
LockoutPolicyRemoved models.EventType = "org.policy.lockout.removed"
PrivacyPolicyAdded models.EventType = "org.policy.privacy.added"
PrivacyPolicyChanged models.EventType = "org.policy.privacy.changed"
PrivacyPolicyRemoved models.EventType = "org.policy.privacy.removed"
)

95
internal/org/repository/view/model/org_member.go
View File

@ -1,95 +0,0 @@
package model
import (
"encoding/json"
"time"
"github.com/caos/logging"
"github.com/lib/pq"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/org/model"
es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
const (
OrgMemberKeyUserID = "user_id"
OrgMemberKeyOrgID = "org_id"
OrgMemberKeyUserName = "user_name"
OrgMemberKeyEmail = "email"
OrgMemberKeyFirstName = "first_name"
OrgMemberKeyLastName = "last_name"
)
type OrgMemberView struct {
UserID string `json:"userId" gorm:"column:user_id;primary_key"`
OrgID string `json:"-" gorm:"column:org_id;primary_key"`
UserName string `json:"-" gorm:"column:user_name"`
Email string `json:"-" gorm:"column:email_address"`
FirstName string `json:"-" gorm:"column:first_name"`
LastName string `json:"-" gorm:"column:last_name"`
DisplayName string `json:"-" gorm:"column:display_name"`
Roles pq.StringArray `json:"roles" gorm:"column:roles"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
PreferredLoginName string `json:"-" gorm:"column:preferred_login_name"`
AvatarKey string `json:"-" gorm:"column:avatar_key"`
UserResourceOwner string `json:"-" gorm:"column:user_resource_owner"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
}
func OrgMemberToModel(member *OrgMemberView, prefixAvatarURL string) *model.OrgMemberView {
return &model.OrgMemberView{
UserID: member.UserID,
OrgID: member.OrgID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
DisplayName: member.DisplayName,
PreferredLoginName: member.PreferredLoginName,
Roles: member.Roles,
AvatarURL: domain.AvatarURL(prefixAvatarURL, member.UserResourceOwner, member.AvatarKey),
UserResourceOwner: member.UserResourceOwner,
Sequence: member.Sequence,
CreationDate: member.CreationDate,
ChangeDate: member.ChangeDate,
}
}
func OrgMembersToModel(roles []*OrgMemberView, prefixAvatarURL string) []*model.OrgMemberView {
result := make([]*model.OrgMemberView, len(roles))
for i, r := range roles {
result[i] = OrgMemberToModel(r, prefixAvatarURL)
}
return result
}
func (r *OrgMemberView) AppendEvent(event *models.Event) (err error) {
r.Sequence = event.Sequence
r.ChangeDate = event.CreationDate
switch event.Type {
case es_model.OrgMemberAdded:
r.setRootData(event)
r.CreationDate = event.CreationDate
err = r.SetData(event)
case es_model.OrgMemberChanged:
err = r.SetData(event)
}
return err
}
func (r *OrgMemberView) setRootData(event *models.Event) {
r.OrgID = event.AggregateID
}
func (r *OrgMemberView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-slo9s").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil
}

69
internal/org/repository/view/model/org_member_query.go
View File

@ -1,69 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/internal/view/repository"
)
type OrgMemberSearchRequest org_model.OrgMemberSearchRequest
type OrgMemberSearchQuery org_model.OrgMemberSearchQuery
type OrgMemberSearchKey org_model.OrgMemberSearchKey
func (req OrgMemberSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req OrgMemberSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req OrgMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == org_model.OrgMemberSearchKeyUnspecified {
return nil
}
return OrgMemberSearchKey(req.SortingColumn)
}
func (req OrgMemberSearchRequest) GetAsc() bool {
return req.Asc
}
func (req OrgMemberSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = OrgMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req OrgMemberSearchQuery) GetKey() repository.ColumnKey {
return OrgMemberSearchKey(req.Key)
}
func (req OrgMemberSearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req OrgMemberSearchQuery) GetValue() interface{} {
return req.Value
}
func (key OrgMemberSearchKey) ToColumnName() string {
switch org_model.OrgMemberSearchKey(key) {
case org_model.OrgMemberSearchKeyEmail:
return OrgMemberKeyEmail
case org_model.OrgMemberSearchKeyFirstName:
return OrgMemberKeyFirstName
case org_model.OrgMemberSearchKeyLastName:
return OrgMemberKeyLastName
case org_model.OrgMemberSearchKeyUserName:
return OrgMemberKeyUserName
case org_model.OrgMemberSearchKeyUserID:
return OrgMemberKeyUserID
case org_model.OrgMemberSearchKeyOrgID:
return OrgMemberKeyOrgID
default:
return ""
}
}

Some files were not shown because too many files have changed in this diff Show More