fix: change to repository event types and removed unused code (#3386)

* fix: change to repository event types and removed unused code

* some fixes

* remove unused code

cmd/admin/setup/steps.yaml

@@ -40,6 +40,18 @@ S2DefaultInstance:
       TOSLink: https://docs.zitadel.ch/docs/legal/terms-of-service
       PrivacyLink: https://docs.zitadel.ch/docs/legal/privacy-policy
       HelpLink: ''
+    LabelPolicy:
+      PrimaryColor: '#5469d4'
+      BackgroundColor: '#fafafa'
+      WarnColor: '#f44336'
+      FontColor: '#000000'
+      PrimaryColorDark: '#5469d4'
+      BackgroundColorDark: '#212121'
+      WarnColorDark: '#f44336'
+      FontColorDark: '#ffffff'
+      HideLoginNameSuffix: false
+      ErrorMsgPopup: false
+      DisableWatermark: false
     LockoutPolicy:
       MaxAttempts: 0
       ShouldShowLockoutFailure: true

internal/admin/repository/eventsourcing/handler/styling.go

@@ -12,13 +12,14 @@ import (
 	"github.com/muesli/gamut"
 
 	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
-	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
 	"github.com/caos/zitadel/internal/static"
 )
 
@@ -62,8 +63,8 @@ func (m *Styling) Subscription() *v1.Subscription {
 	return m.subscription
 }
 
-func (_ *Styling) AggregateTypes() []es_models.AggregateType {
+func (_ *Styling) AggregateTypes() []models.AggregateType {
-	return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
+	return []models.AggregateType{org.AggregateType, instance.AggregateType}
 }
 
 func (m *Styling) CurrentSequence() (uint64, error) {
@@ -74,48 +75,62 @@ func (m *Styling) CurrentSequence() (uint64, error) {
 	return sequence.CurrentSequence, nil
 }
 
-func (m *Styling) EventQuery() (*es_models.SearchQuery, error) {
+func (m *Styling) EventQuery() (*models.SearchQuery, error) {
 	sequence, err := m.view.GetLatestStylingSequence()
 	if err != nil {
 		return nil, err
 	}
-	return es_models.NewSearchQuery().
+	return models.NewSearchQuery().
 		AggregateTypeFilter(m.AggregateTypes()...).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
-func (m *Styling) Reduce(event *es_models.Event) (err error) {
+func (m *Styling) Reduce(event *models.Event) (err error) {
 	switch event.AggregateType {
-	case model.OrgAggregate, iam_es_model.IAMAggregate:
+	case org.AggregateType, instance.AggregateType:
 		err = m.processLabelPolicy(event)
 	}
 	return err
 }
 
-func (m *Styling) processLabelPolicy(event *es_models.Event) (err error) {
+func (m *Styling) processLabelPolicy(event *models.Event) (err error) {
 	policy := new(iam_model.LabelPolicyView)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case iam_es_model.LabelPolicyAdded, model.LabelPolicyAdded:
+	case instance.LabelPolicyAddedEventType,
+		org.LabelPolicyAddedEventType:
 		err = policy.AppendEvent(event)
-	case iam_es_model.LabelPolicyChanged, model.LabelPolicyChanged,
+	case instance.LabelPolicyChangedEventType,
-		iam_es_model.LabelPolicyLogoAdded, model.LabelPolicyLogoAdded,
+		org.LabelPolicyChangedEventType,
-		iam_es_model.LabelPolicyLogoRemoved, model.LabelPolicyLogoRemoved,
+		instance.LabelPolicyLogoAddedEventType,
-		iam_es_model.LabelPolicyIconAdded, model.LabelPolicyIconAdded,
+		org.LabelPolicyLogoAddedEventType,
-		iam_es_model.LabelPolicyIconRemoved, model.LabelPolicyIconRemoved,
+		instance.LabelPolicyLogoRemovedEventType,
-		iam_es_model.LabelPolicyLogoDarkAdded, model.LabelPolicyLogoDarkAdded,
+		org.LabelPolicyLogoRemovedEventType,
-		iam_es_model.LabelPolicyLogoDarkRemoved, model.LabelPolicyLogoDarkRemoved,
+		instance.LabelPolicyIconAddedEventType,
-		iam_es_model.LabelPolicyIconDarkAdded, model.LabelPolicyIconDarkAdded,
+		org.LabelPolicyIconAddedEventType,
-		iam_es_model.LabelPolicyIconDarkRemoved, model.LabelPolicyIconDarkRemoved,
+		instance.LabelPolicyIconRemovedEventType,
-		iam_es_model.LabelPolicyFontAdded, model.LabelPolicyFontAdded,
+		org.LabelPolicyIconRemovedEventType,
-		iam_es_model.LabelPolicyFontRemoved, model.LabelPolicyFontRemoved,
+		instance.LabelPolicyLogoDarkAddedEventType,
-		iam_es_model.LabelPolicyAssetsRemoved, model.LabelPolicyAssetsRemoved:
+		org.LabelPolicyLogoDarkAddedEventType,
+		instance.LabelPolicyLogoDarkRemovedEventType,
+		org.LabelPolicyLogoDarkRemovedEventType,
+		instance.LabelPolicyIconDarkAddedEventType,
+		org.LabelPolicyIconDarkAddedEventType,
+		instance.LabelPolicyIconDarkRemovedEventType,
+		org.LabelPolicyIconDarkRemovedEventType,
+		instance.LabelPolicyFontAddedEventType,
+		org.LabelPolicyFontAddedEventType,
+		instance.LabelPolicyFontRemovedEventType,
+		org.LabelPolicyFontRemovedEventType,
+		instance.LabelPolicyAssetsRemovedEventType,
+		org.LabelPolicyAssetsRemovedEventType:
 		policy, err = m.view.StylingByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
 		if err != nil {
 			return err
 		}
 		err = policy.AppendEvent(event)
 
-	case iam_es_model.LabelPolicyActivated, model.LabelPolicyActivated:
+	case instance.LabelPolicyActivatedEventType,
+		org.LabelPolicyActivatedEventType:
 		policy, err = m.view.StylingByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
 		if err != nil {
 			return err
@@ -134,7 +149,7 @@ func (m *Styling) processLabelPolicy(event *es_models.Event) (err error) {
 	return m.view.PutStyling(policy, event)
 }
 
-func (m *Styling) OnError(event *es_models.Event, err error) error {
+func (m *Styling) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-2m9fs", "id", event.AggregateID).WithError(err).Warn("something went wrong in label policy handler")
 	return spooler.HandleError(event, err, m.view.GetLatestStylingFailedEvent, m.view.ProcessedStylingFailedEvent, m.view.ProcessedStylingSequence, m.errorCountUntilSkip)
 }

internal/api/grpc/authn/converter.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/domain"
-	key_model "github.com/caos/zitadel/internal/key/model"
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/pkg/grpc/authn"
 )
@@ -34,7 +33,7 @@ func KeyToPb(key *query.AuthNKey) *authn.Key {
 
 func KeyTypeToPb(typ domain.AuthNKeyType) authn.KeyType {
 	switch typ {
-	case key_model.AuthNKeyTypeJSON:
+	case domain.AuthNKeyTypeJSON:
 		return authn.KeyType_KEY_TYPE_JSON
 	default:
 		return authn.KeyType_KEY_TYPE_UNSPECIFIED

internal/api/grpc/project/application.go

@@ -6,7 +6,6 @@ import (
 	object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
-	proj_model "github.com/caos/zitadel/internal/project/model"
 	"github.com/caos/zitadel/internal/query"
 	app_pb "github.com/caos/zitadel/pkg/grpc/app"
 	message_pb "github.com/caos/zitadel/pkg/grpc/message"
@@ -292,11 +291,3 @@ func AppQueryToModel(appQuery *app_pb.AppQuery) (query.SearchQuery, error) {
 		return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid")
 	}
 }
-
-func AppQueryNameToModel(query *app_pb.AppNameQuery) *proj_model.ApplicationSearchQuery {
-	return &proj_model.ApplicationSearchQuery{
-		Key:    proj_model.AppSearchKeyName,
-		Method: object_grpc.TextMethodToModel(query.Method),
-		Value:  query.Name,
-	}
-}

internal/api/grpc/user/converter.go

@@ -5,7 +5,6 @@ import (
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/query"
-	usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
 	user_pb "github.com/caos/zitadel/pkg/grpc/user"
 )
 
@@ -148,17 +147,6 @@ func UserStateToPb(state domain.UserState) user_pb.UserState {
 	}
 }
 
-func ModelUserGrantStateToPb(state usr_grant_model.UserGrantState) user_pb.UserGrantState {
-	switch state {
-	case usr_grant_model.UserGrantStateActive:
-		return user_pb.UserGrantState_USER_GRANT_STATE_ACTIVE
-	case usr_grant_model.UserGrantStateInactive:
-		return user_pb.UserGrantState_USER_GRANT_STATE_INACTIVE
-	default:
-		return user_pb.UserGrantState_USER_GRANT_STATE_UNSPECIFIED
-	}
-}
-
 func GenderToPb(gender domain.Gender) user_pb.Gender {
 	switch gender {
 	case domain.GenderDiverse:

internal/api/grpc/user/session.go

@@ -2,7 +2,7 @@ package user
 
 import (
 	"github.com/caos/zitadel/internal/api/grpc/object"
-	auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
+	"github.com/caos/zitadel/internal/domain"
 	user_model "github.com/caos/zitadel/internal/user/model"
 	"github.com/caos/zitadel/pkg/grpc/user"
 )
@@ -34,11 +34,11 @@ func UserSessionToPb(session *user_model.UserSessionView) *user.Session {
 	}
 }
 
-func SessionStateToPb(state auth_req_model.UserSessionState) user.SessionState {
+func SessionStateToPb(state domain.UserSessionState) user.SessionState {
 	switch state {
-	case auth_req_model.UserSessionStateActive:
+	case domain.UserSessionStateActive:
 		return user.SessionState_SESSION_STATE_ACTIVE
-	case auth_req_model.UserSessionStateTerminated:
+	case domain.UserSessionStateTerminated:
 		return user.SessionState_SESSION_STATE_TERMINATED
 	default:
 		return user.SessionState_SESSION_STATE_UNSPECIFIED

internal/api/http/middleware/instance_interceptor.go

@@ -51,9 +51,9 @@ func setInstance(r *http.Request, verifier authz.InstanceVerifier, headerName st
 	authCtx, span := tracing.NewServerInterceptorSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	host := r.Header.Get(headerName)
+	host, err := getHost(r, headerName)
-	if host == "" {
+	if err != nil {
-		return nil, fmt.Errorf("host header %s not found", headerName)
+		return nil, err
 	}
 
 	instance, err := verifier.InstanceByHost(authCtx, host)
@@ -63,3 +63,14 @@ func setInstance(r *http.Request, verifier authz.InstanceVerifier, headerName st
 	span.End()
 	return authz.WithInstance(ctx, instance), nil
 }
+
+func getHost(r *http.Request, headerName string) (string, error) {
+	host := r.Host
+	if headerName != "host" {
+		host = r.Header.Get(headerName)
+	}
+	if host == "" {
+		return "", fmt.Errorf("host header `%s` not found", headerName)
+	}
+	return host, nil
+}

internal/api/oidc/auth_request.go

@@ -2,7 +2,6 @@ package oidc
 
 import (
 	"context"
-	"fmt"
 	"strings"
 	"time"
 
@@ -16,7 +15,6 @@ import (
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 	"github.com/caos/zitadel/internal/user/model"
-	grant_model "github.com/caos/zitadel/internal/usergrant/model"
 )
 
 func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error) {
@@ -102,16 +100,6 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
 	return resp.TokenID, resp.Expiration, nil
 }
 
-func grantsToScopes(grants []*grant_model.UserGrantView) []string {
-	scopes := make([]string, 0)
-	for _, grant := range grants {
-		for _, role := range grant.RoleKeys {
-			scopes = append(scopes, fmt.Sprintf("%v:%v", grant.ResourceOwner, role))
-		}
-	}
-	return scopes
-}
-
 func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.TokenRequest, refreshToken string) (_, _ string, _ time.Time, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()

internal/api/oidc/auth_request_converter.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/caos/zitadel/internal/api/authz"
 	http_utils "github.com/caos/zitadel/internal/api/http"
-	model2 "github.com/caos/zitadel/internal/auth_request/model"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/user/model"
@@ -207,8 +206,8 @@ func UILocalesToBusiness(tags []language.Tag) []string {
 
 func GetSelectedIDPIDFromScopes(scopes oidc.SpaceDelimitedArray) string {
 	for _, scope := range scopes {
-		if strings.HasPrefix(scope, model2.SelectIDPScope) {
+		if strings.HasPrefix(scope, domain.SelectIDPScope) {
-			return strings.TrimPrefix(scope, model2.SelectIDPScope)
+			return strings.TrimPrefix(scope, domain.SelectIDPScope)
 		}
 	}
 	return ""

internal/api/oidc/client.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/http"
-	authreq_model "github.com/caos/zitadel/internal/auth_request/model"
 	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
@@ -84,9 +83,9 @@ func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string
 	}
 	for i := len(scopes) - 1; i >= 0; i-- {
 		scope := scopes[i]
-		if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
+		if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
 			var orgID string
-			org, err := o.query.OrgByDomainGlobal(ctx, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
+			org, err := o.query.OrgByDomainGlobal(ctx, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
 			if err == nil {
 				orgID = org.ID
 			}
@@ -242,8 +241,8 @@ func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSette
 			if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
 				roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
 			}
-			if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
+			if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
-				userInfo.AppendClaims(authreq_model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
+				userInfo.AppendClaims(domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
 			}
 		}
 	}
@@ -283,8 +282,8 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
 		}
 		if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
 			roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
-		} else if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
+		} else if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
-			claims = appendClaim(claims, authreq_model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, authreq_model.OrgDomainPrimaryScope))
+			claims = appendClaim(claims, domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
 		}
 	}
 	if len(roles) == 0 || clientID == "" {

internal/api/oidc/client_converter.go

@@ -7,7 +7,6 @@ import (
 	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/op"
 
-	authreq_model "github.com/caos/zitadel/internal/auth_request/model"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/query"
@@ -101,13 +100,13 @@ func (c *Client) AccessTokenType() op.AccessTokenType {
 }
 
 func (c *Client) IsScopeAllowed(scope string) bool {
-	if strings.HasPrefix(scope, authreq_model.OrgDomainPrimaryScope) {
+	if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
 		return true
 	}
-	if strings.HasPrefix(scope, authreq_model.ProjectIDScope) {
+	if strings.HasPrefix(scope, domain.ProjectIDScope) {
 		return true
 	}
-	if strings.HasPrefix(scope, authreq_model.SelectIDPScope) {
+	if strings.HasPrefix(scope, domain.SelectIDPScope) {
 		return true
 	}
 	if strings.HasPrefix(scope, ScopeUserMetaData) {

internal/auth/repository/eventsourcing/eventstore/auth_request.go

@@ -8,12 +8,12 @@ import (
 
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
-	"github.com/caos/zitadel/internal/auth_request/model"
 	cache "github.com/caos/zitadel/internal/auth_request/repository"
 	"github.com/caos/zitadel/internal/command"
 	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
@@ -21,9 +21,9 @@ import (
 	"github.com/caos/zitadel/internal/id"
 	project_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
 	"github.com/caos/zitadel/internal/query"
+	user_repo "github.com/caos/zitadel/internal/repository/user"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 	user_model "github.com/caos/zitadel/internal/user/model"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -842,7 +842,7 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest)
 				LoginName:         session.LoginName,
 				ResourceOwner:     session.ResourceOwner,
 				AvatarKey:         session.AvatarKey,
-				UserSessionState:  model.UserSessionStateToDomain(session.State),
+				UserSessionState:  session.State,
 				SelectionPossible: request.RequestedOrgID == "" || request.RequestedOrgID == session.ResourceOwner,
 			})
 		}
@@ -888,7 +888,7 @@ func (repo *AuthRequestRepo) firstFactorChecked(request *domain.AuthRequest, use
 func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *domain.AuthRequest, user *user_model.UserView) (domain.NextStep, bool, error) {
 	mfaLevel := request.MFALevel()
 	allowedProviders, required := user.MFATypesAllowed(mfaLevel, request.LoginPolicy)
-	promptRequired := (model.MFALevelToDomain(user.MFAMaxSetUp) < mfaLevel) || (len(allowedProviders) == 0 && required)
+	promptRequired := (user.MFAMaxSetUp < mfaLevel) || (len(allowedProviders) == 0 && required)
 	if promptRequired || !repo.mfaSkippedOrSetUp(user, request) {
 		types := user.MFATypesSetupPossible(mfaLevel, request.LoginPolicy)
 		if promptRequired && len(types) == 0 {
@@ -912,14 +912,14 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
 		fallthrough
 	case domain.MFALevelSecondFactor:
 		if checkVerificationTimeMaxAge(userSession.SecondFactorVerification, request.LoginPolicy.SecondFactorCheckLifetime, request) {
-			request.MFAsVerified = append(request.MFAsVerified, model.MFATypeToDomain(userSession.SecondFactorVerificationType))
+			request.MFAsVerified = append(request.MFAsVerified, userSession.SecondFactorVerificationType)
 			request.AuthTime = userSession.SecondFactorVerification
 			return nil, true, nil
 		}
 		fallthrough
 	case domain.MFALevelMultiFactor:
 		if checkVerificationTimeMaxAge(userSession.MultiFactorVerification, request.LoginPolicy.MultiFactorCheckLifetime, request) {
-			request.MFAsVerified = append(request.MFAsVerified, model.MFATypeToDomain(userSession.MultiFactorVerificationType))
+			request.MFAsVerified = append(request.MFAsVerified, userSession.MultiFactorVerificationType)
 			request.AuthTime = userSession.MultiFactorVerification
 			return nil, true, nil
 		}
@@ -930,7 +930,7 @@ func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView,
 }
 
 func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, request *domain.AuthRequest) bool {
-	if user.MFAMaxSetUp > model.MFALevelNotSetUp {
+	if user.MFAMaxSetUp > domain.MFALevelNotSetUp {
 		return true
 	}
 	return checkVerificationTime(user.MFAInitSkipped, request.LoginPolicy.MFAInitSkipLifetime)
@@ -1094,24 +1094,24 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
 	}
 	sessionCopy := *session
 	for _, event := range events {
-		switch event.Type {
+		switch eventstore.EventType(event.Type) {
-		case es_model.UserPasswordCheckSucceeded,
+		case user_repo.UserV1PasswordCheckSucceededType,
-			es_model.UserPasswordCheckFailed,
+			user_repo.UserV1PasswordCheckFailedType,
-			es_model.MFAOTPCheckSucceeded,
+			user_repo.UserV1MFAOTPCheckSucceededType,
-			es_model.MFAOTPCheckFailed,
+			user_repo.UserV1MFAOTPCheckFailedType,
-			es_model.SignedOut,
+			user_repo.UserV1SignedOutType,
-			es_model.UserLocked,
+			user_repo.UserLockedType,
-			es_model.UserDeactivated,
+			user_repo.UserDeactivatedType,
-			es_model.HumanPasswordCheckSucceeded,
+			user_repo.HumanPasswordCheckSucceededType,
-			es_model.HumanPasswordCheckFailed,
+			user_repo.HumanPasswordCheckFailedType,
-			es_model.HumanExternalLoginCheckSucceeded,
+			user_repo.UserIDPLoginCheckSucceededType,
-			es_model.HumanMFAOTPCheckSucceeded,
+			user_repo.HumanMFAOTPCheckSucceededType,
-			es_model.HumanMFAOTPCheckFailed,
+			user_repo.HumanMFAOTPCheckFailedType,
-			es_model.HumanSignedOut,
+			user_repo.HumanSignedOutType,
-			es_model.HumanPasswordlessTokenCheckSucceeded,
+			user_repo.HumanPasswordlessTokenCheckSucceededType,
-			es_model.HumanPasswordlessTokenCheckFailed,
+			user_repo.HumanPasswordlessTokenCheckFailedType,
-			es_model.HumanMFAU2FTokenCheckSucceeded,
+			user_repo.HumanU2FTokenCheckSucceededType,
-			es_model.HumanMFAU2FTokenCheckFailed:
+			user_repo.HumanU2FTokenCheckFailedType:
 			eventData, err := user_view_model.UserSessionFromEvent(event)
 			if err != nil {
 				logging.Log("EVENT-sdgT3").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error getting event data")
@@ -1120,7 +1120,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
 			if eventData.UserAgentID != agentID {
 				continue
 			}
-		case es_model.UserRemoved:
+		case user_repo.UserRemovedType:
 			return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dG2fe", "Errors.User.NotActive")
 		}
 		err := sessionCopy.AppendEvent(event)

internal/auth/repository/eventsourcing/eventstore/auth_request_test.go

@@ -9,7 +9,6 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
-	"github.com/caos/zitadel/internal/auth_request/model"
 	"github.com/caos/zitadel/internal/auth_request/repository/cache"
 	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
@@ -17,6 +16,7 @@ import (
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
 	"github.com/caos/zitadel/internal/query"
+	user_repo "github.com/caos/zitadel/internal/repository/user"
 	user_model "github.com/caos/zitadel/internal/user/model"
 	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
@@ -431,8 +431,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{},
 				userEventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.UserDeactivated,
+						Type:          es_models.EventType(user_repo.UserDeactivatedType),
 					},
 				},
 				orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@@ -453,8 +453,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{},
 				userEventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.UserLocked,
+						Type:          es_models.EventType(user_repo.UserLockedType),
 					},
 				},
 				orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
@@ -643,7 +643,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 					PasswordlessTokens:     user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
 					PasswordChangeRequired: false,
 					IsEmailVerified:        false,
-					MFAMaxSetUp:            int32(model.MFALevelMultiFactor),
+					MFAMaxSetUp:            int32(domain.MFALevelMultiFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				lockoutPolicyProvider: &mockLockoutPolicy{
@@ -691,7 +691,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userViewProvider: &mockViewUser{
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				lockoutPolicyProvider: &mockLockoutPolicy{
@@ -724,7 +724,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userViewProvider: &mockViewUser{
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider:   &mockEventUser{},
 				orgViewProvider:     &mockViewOrg{State: domain.OrgStateActive},
@@ -785,7 +785,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider:   &mockEventUser{},
 				orgViewProvider:     &mockViewOrg{State: domain.OrgStateActive},
@@ -821,7 +821,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 					PasswordSet:        true,
 					PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
 					OTPState:           int32(user_model.MFAStateReady),
-					MFAMaxSetUp:        int32(model.MFALevelMultiFactor),
+					MFAMaxSetUp:        int32(domain.MFALevelMultiFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -854,7 +854,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet: true,
 					OTPState:    int32(user_model.MFAStateReady),
-					MFAMaxSetUp: int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -888,7 +888,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet: true,
 					OTPState:    int32(user_model.MFAStateReady),
-					MFAMaxSetUp: int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -925,7 +925,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 					PasswordSet:            true,
 					PasswordChangeRequired: true,
 					IsEmailVerified:        true,
-					MFAMaxSetUp:            int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:            int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -956,7 +956,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userViewProvider: &mockViewUser{
 					PasswordSet: true,
-					MFAMaxSetUp: int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -987,7 +987,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:            true,
 					PasswordChangeRequired: true,
-					MFAMaxSetUp:            int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:            int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1018,7 +1018,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider:   &mockEventUser{},
 				orgViewProvider:     &mockViewOrg{State: domain.OrgStateActive},
@@ -1053,7 +1053,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider:   &mockEventUser{},
 				orgViewProvider:     &mockViewOrg{State: domain.OrgStateActive},
@@ -1089,7 +1089,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider:   &mockEventUser{},
 				orgViewProvider:     &mockViewOrg{State: domain.OrgStateActive},
@@ -1125,7 +1125,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1163,7 +1163,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1202,7 +1202,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1240,7 +1240,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1278,7 +1278,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				lockoutPolicyProvider: &mockLockoutPolicy{
 					policy: &query.LockoutPolicy{
@@ -1313,7 +1313,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider: &mockViewUser{
 					PasswordSet:     true,
 					IsEmailVerified: true,
-					MFAMaxSetUp:     int32(model.MFALevelSecondFactor),
+					MFAMaxSetUp:     int32(domain.MFALevelSecondFactor),
 				},
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: domain.OrgStateActive},
@@ -1398,7 +1398,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelNotSetUp,
+						MFAMaxSetUp: domain.MFALevelNotSetUp,
 					},
 				},
 			},
@@ -1416,7 +1416,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelNotSetUp,
+						MFAMaxSetUp: domain.MFALevelNotSetUp,
 					},
 				},
 			},
@@ -1435,7 +1435,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelNotSetUp,
+						MFAMaxSetUp: domain.MFALevelNotSetUp,
 					},
 				},
 			},
@@ -1459,7 +1459,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelNotSetUp,
+						MFAMaxSetUp: domain.MFALevelNotSetUp,
 					},
 				},
 			},
@@ -1482,7 +1482,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp:    model.MFALevelNotSetUp,
+						MFAMaxSetUp:    domain.MFALevelNotSetUp,
 						MFAInitSkipped: time.Now().UTC(),
 					},
 				},
@@ -1502,7 +1502,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelSecondFactor,
+						MFAMaxSetUp: domain.MFALevelSecondFactor,
 						OTPState:    user_model.MFAStateReady,
 					},
 				},
@@ -1523,7 +1523,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelSecondFactor,
+						MFAMaxSetUp: domain.MFALevelSecondFactor,
 						OTPState:    user_model.MFAStateReady,
 					},
 				},
@@ -1573,7 +1573,7 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
 			args{
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
-						MFAMaxSetUp: model.MFALevelSecondFactor,
+						MFAMaxSetUp: domain.MFALevelSecondFactor,
 					},
 				},
 				request: &domain.AuthRequest{
@@ -1687,8 +1687,8 @@ func Test_userSessionByIDs(t *testing.T) {
 				user:    &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "FirstName"}},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.MFAOTPCheckSucceeded,
+						Type:          es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
 						CreationDate:  time.Now().UTC().Round(1 * time.Second),
 					},
 				},
@@ -1710,8 +1710,8 @@ func Test_userSessionByIDs(t *testing.T) {
 				user:    &user_model.UserView{ID: "id"},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.MFAOTPCheckSucceeded,
+						Type:          es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
 						CreationDate:  time.Now().UTC().Round(1 * time.Second),
 						Data: func() []byte {
 							data, _ := json.Marshal(&user_es_model.AuthRequest{UserAgentID: "otherID"})
@@ -1737,8 +1737,8 @@ func Test_userSessionByIDs(t *testing.T) {
 				user:    &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "FirstName"}},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.MFAOTPCheckSucceeded,
+						Type:          es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType),
 						CreationDate:  time.Now().UTC().Round(1 * time.Second),
 						Data: func() []byte {
 							data, _ := json.Marshal(&user_es_model.AuthRequest{UserAgentID: "agentID"})
@@ -1764,8 +1764,8 @@ func Test_userSessionByIDs(t *testing.T) {
 				user:    &user_model.UserView{ID: "id"},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.UserRemoved,
+						Type:          es_models.EventType(user_repo.UserRemovedType),
 					},
 				},
 			},
@@ -1834,8 +1834,8 @@ func Test_userByID(t *testing.T) {
 				},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.UserPasswordChanged,
+						Type:          es_models.EventType(user_repo.UserV1PasswordChangedType),
 						CreationDate:  time.Now().UTC().Round(1 * time.Second),
 						Data:          nil,
 					},
@@ -1860,8 +1860,8 @@ func Test_userByID(t *testing.T) {
 				},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
-						AggregateType: user_es_model.UserAggregate,
+						AggregateType: user_repo.AggregateType,
-						Type:          user_es_model.UserPasswordChanged,
+						Type:          es_models.EventType(user_repo.UserV1PasswordChangedType),
 						CreationDate:  time.Now().UTC().Round(1 * time.Second),
 						Data: func() []byte {
 							data, _ := json.Marshal(user_es_model.Password{ChangeRequired: false, Secret: &crypto.CryptoValue{}})

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -2,18 +2,10 @@ package eventstore
 
 import (
 	"context"
-	"time"
 
-	"github.com/caos/logging"
-	"github.com/golang/protobuf/ptypes"
-
-	"github.com/caos/zitadel/internal/user/model"
-
-	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
 	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/errors"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/query"
@@ -51,73 +43,6 @@ func (repo *UserRepo) UserEventsByID(ctx context.Context, id string, sequence ui
 	return repo.getUserEvents(ctx, id, sequence)
 }
 
-func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error) {
-	changes, err := repo.getUserChanges(ctx, authz.GetCtxData(ctx).UserID, lastSequence, limit, sortAscending, retention)
-	if err != nil {
-		return nil, err
-	}
-	for _, change := range changes.Changes {
-		change.ModifierName = change.ModifierID
-		change.ModifierLoginName = change.ModifierID
-		user, _ := repo.Query.GetUserByID(ctx, change.ModifierID)
-		if user != nil {
-			change.ModifierLoginName = user.PreferredLoginName
-			if user.Human != nil {
-				change.ModifierName = user.Human.DisplayName
-				change.ModifierAvatarURL = domain.AvatarURL(repo.PrefixAvatarURL, user.ResourceOwner, user.Human.AvatarKey)
-			}
-			if user.Machine != nil {
-				change.ModifierName = user.Machine.Name
-			}
-		}
-	}
-	return changes, nil
-}
-
-func (r *UserRepo) getUserChanges(ctx context.Context, userID string, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error) {
-	query := usr_view.ChangesQuery(userID, lastSequence, limit, sortAscending, retention)
-
-	events, err := r.Eventstore.FilterEvents(ctx, query)
-	if err != nil {
-		logging.Log("EVENT-g9HCv").WithError(err).Warn("eventstore unavailable")
-		return nil, errors.ThrowInternal(err, "EVENT-htuG9", "Errors.Internal")
-	}
-	if len(events) == 0 {
-		return nil, errors.ThrowNotFound(nil, "EVENT-6cAxe", "Errors.User.NoChanges")
-	}
-
-	result := make([]*model.UserChange, len(events))
-
-	for i, event := range events {
-		creationDate, err := ptypes.TimestampProto(event.CreationDate)
-		logging.Log("EVENT-8GTGS").OnError(err).Debug("unable to parse timestamp")
-		change := &model.UserChange{
-			ChangeDate: creationDate,
-			EventType:  event.Type.String(),
-			ModifierID: event.EditorUser,
-			Sequence:   event.Sequence,
-		}
-
-		//TODO: now all types should be unmarshalled, e.g. password
-		// if len(event.Data) != 0 {
-		// 	user := new(model.User)
-		// 	err := json.Unmarshal(event.Data, user)
-		// 	logging.Log("EVENT-Rkg7X").OnError(err).Debug("unable to unmarshal data")
-		// 	change.Data = user
-		// }
-
-		result[i] = change
-		if lastSequence < event.Sequence {
-			lastSequence = event.Sequence
-		}
-	}
-
-	return &model.UserChanges{
-		Changes:      result,
-		LastSequence: lastSequence,
-	}, nil
-}
-
 func (r *UserRepo) getUserEvents(ctx context.Context, userID string, sequence uint64) ([]*models.Event, error) {
 	query, err := usr_view.UserByIDQuery(userID, sequence)
 	if err != nil {

internal/auth/repository/eventsourcing/handler/idp_config.go

@@ -2,14 +2,14 @@ package handler
 
 import (
 	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/eventstore/v1"
+
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/eventstore"
+	v1 "github.com/caos/zitadel/internal/eventstore/v1"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
-	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	"github.com/caos/zitadel/internal/repository/instance"
 	"github.com/caos/zitadel/internal/repository/org"
 )
@@ -50,8 +50,8 @@ func (i *IDPConfig) Subscription() *v1.Subscription {
 	return i.subscription
 }
 
-func (_ *IDPConfig) AggregateTypes() []es_models.AggregateType {
+func (_ *IDPConfig) AggregateTypes() []models.AggregateType {
-	return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
+	return []models.AggregateType{org.AggregateType, instance.AggregateType}
 }
 
 func (i *IDPConfig) CurrentSequence() (uint64, error) {
@@ -62,37 +62,37 @@ func (i *IDPConfig) CurrentSequence() (uint64, error) {
 	return sequence.CurrentSequence, nil
 }
 
-func (i *IDPConfig) EventQuery() (*es_models.SearchQuery, error) {
+func (i *IDPConfig) EventQuery() (*models.SearchQuery, error) {
 	sequence, err := i.view.GetLatestIDPConfigSequence()
 	if err != nil {
 		return nil, err
 	}
-	return es_models.NewSearchQuery().
+	return models.NewSearchQuery().
 		AggregateTypeFilter(i.AggregateTypes()...).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
-func (i *IDPConfig) Reduce(event *es_models.Event) (err error) {
+func (i *IDPConfig) Reduce(event *models.Event) (err error) {
 	switch event.AggregateType {
-	case model.OrgAggregate:
+	case org.AggregateType:
 		err = i.processIdpConfig(iam_model.IDPProviderTypeOrg, event)
-	case iam_es_model.IAMAggregate:
+	case instance.AggregateType:
 		err = i.processIdpConfig(iam_model.IDPProviderTypeSystem, event)
 	}
 	return err
 }
 
-func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *es_models.Event) (err error) {
+func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *models.Event) (err error) {
 	idp := new(iam_view_model.IDPConfigView)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case model.IDPConfigAdded,
+	case org.IDPConfigAddedEventType,
-		iam_es_model.IDPConfigAdded:
+		instance.IDPConfigAddedEventType:
 		err = idp.AppendEvent(providerType, event)
-	case model.IDPConfigChanged, iam_es_model.IDPConfigChanged,
+	case org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType,
-		model.OIDCIDPConfigAdded, iam_es_model.OIDCIDPConfigAdded,
+		org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType,
-		model.OIDCIDPConfigChanged, iam_es_model.OIDCIDPConfigChanged,
+		org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType,
-		es_models.EventType(org.IDPJWTConfigAddedEventType), es_models.EventType(instance.IDPJWTConfigAddedEventType),
+		org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType,
-		es_models.EventType(org.IDPJWTConfigChangedEventType), es_models.EventType(instance.IDPJWTConfigChangedEventType):
+		org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType:
 		err = idp.SetData(event)
 		if err != nil {
 			return err
@@ -102,8 +102,8 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
 			return err
 		}
 		err = idp.AppendEvent(providerType, event)
-	case model.IDPConfigDeactivated, iam_es_model.IDPConfigDeactivated,
+	case org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType,
-		model.IDPConfigReactivated, iam_es_model.IDPConfigReactivated:
+		org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType:
 		err = idp.SetData(event)
 		if err != nil {
 			return err
@@ -113,7 +113,7 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
 			return err
 		}
 		err = idp.AppendEvent(providerType, event)
-	case model.IDPConfigRemoved, iam_es_model.IDPConfigRemoved:
+	case org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType:
 		err = idp.SetData(event)
 		if err != nil {
 			return err
@@ -128,7 +128,7 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
 	return i.view.PutIDPConfig(idp, event)
 }
 
-func (i *IDPConfig) OnError(event *es_models.Event, err error) error {
+func (i *IDPConfig) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-Ejf8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
 	return spooler.HandleError(event, err, i.view.GetLatestIDPConfigFailedEvent, i.view.ProcessedIDPConfigFailedEvent, i.view.ProcessedIDPConfigSequence, i.errorCountUntilSkip)
 }

internal/auth/repository/eventsourcing/handler/idp_providers.go

@@ -7,15 +7,17 @@ import (
 
 	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	query2 "github.com/caos/zitadel/internal/query"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
 )
 
 const (
@@ -62,8 +64,8 @@ func (i *IDPProvider) Subscription() *v1.Subscription {
 	return i.subscription
 }
 
-func (_ *IDPProvider) AggregateTypes() []es_models.AggregateType {
+func (_ *IDPProvider) AggregateTypes() []models.AggregateType {
-	return []es_models.AggregateType{model.IAMAggregate, org_es_model.OrgAggregate}
+	return []es_models.AggregateType{instance.AggregateType, org.AggregateType}
 }
 
 func (i *IDPProvider) CurrentSequence() (uint64, error) {
@@ -74,7 +76,7 @@ func (i *IDPProvider) CurrentSequence() (uint64, error) {
 	return sequence.CurrentSequence, nil
 }
 
-func (i *IDPProvider) EventQuery() (*es_models.SearchQuery, error) {
+func (i *IDPProvider) EventQuery() (*models.SearchQuery, error) {
 	sequence, err := i.view.GetLatestIDPProviderSequence()
 	if err != nil {
 		return nil, err
@@ -84,31 +86,31 @@ func (i *IDPProvider) EventQuery() (*es_models.SearchQuery, error) {
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
-func (i *IDPProvider) Reduce(event *es_models.Event) (err error) {
+func (i *IDPProvider) Reduce(event *models.Event) (err error) {
 	switch event.AggregateType {
-	case model.IAMAggregate, org_es_model.OrgAggregate:
+	case instance.AggregateType, org.AggregateType:
 		err = i.processIdpProvider(event)
 	}
 	return err
 }
 
-func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
+func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
 	provider := new(iam_view_model.IDPProviderView)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
+	case instance.LoginPolicyIDPProviderAddedEventType, org.LoginPolicyIDPProviderAddedEventType:
 		err = provider.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 		err = i.fillData(provider)
-	case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
+	case instance.LoginPolicyIDPProviderRemovedEventType, instance.LoginPolicyIDPProviderCascadeRemovedEventType,
-		org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
+		org.LoginPolicyIDPProviderRemovedEventType, org.LoginPolicyIDPProviderCascadeRemovedEventType:
 		err = provider.SetData(event)
 		if err != nil {
 			return err
 		}
 		return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event)
-	case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
+	case instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType:
 		esConfig := new(iam_view_model.IDPConfigView)
 		providerType := iam_model.IDPProviderTypeSystem
 		if event.AggregateID != domain.IAMID {
@@ -132,7 +134,7 @@ func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
 			i.fillConfigData(provider, config)
 		}
 		return i.view.PutIDPProviders(event, providers...)
-	case org_es_model.LoginPolicyRemoved:
+	case org.LoginPolicyRemovedEventType:
 		return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event)
 	default:
 		return i.view.ProcessedIDPProviderSequence(event)

internal/auth/repository/eventsourcing/handler/org_project_mapping.go

@@ -3,13 +3,14 @@ package handler
 import (
 	"github.com/caos/logging"
 
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
-	"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
 	proj_view "github.com/caos/zitadel/internal/project/repository/view"
 	view_model "github.com/caos/zitadel/internal/project/repository/view/model"
+	"github.com/caos/zitadel/internal/repository/project"
 )
 
 const (
@@ -51,7 +52,7 @@ func (p *OrgProjectMapping) Subscription() *v1.Subscription {
 }
 
 func (_ *OrgProjectMapping) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{model.ProjectAggregate}
+	return []es_models.AggregateType{project.AggregateType}
 }
 
 func (p *OrgProjectMapping) CurrentSequence() (uint64, error) {
@@ -72,24 +73,24 @@ func (p *OrgProjectMapping) EventQuery() (*es_models.SearchQuery, error) {
 
 func (p *OrgProjectMapping) Reduce(event *es_models.Event) (err error) {
 	mapping := new(view_model.OrgProjectMapping)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case model.ProjectAdded:
+	case project.ProjectAddedType:
 		mapping.OrgID = event.ResourceOwner
 		mapping.ProjectID = event.AggregateID
 		mapping.InstanceID = event.InstanceID
-	case model.ProjectRemoved:
+	case project.ProjectRemovedType:
 		err := p.view.DeleteOrgProjectMappingsByProjectID(event.AggregateID)
 		if err == nil {
 			return p.view.ProcessedOrgProjectMappingSequence(event)
 		}
-	case model.ProjectGrantAdded:
+	case project.GrantAddedType:
 		projectGrant := new(view_model.ProjectGrant)
 		projectGrant.SetData(event)
 		mapping.OrgID = projectGrant.GrantedOrgID
 		mapping.ProjectID = event.AggregateID
 		mapping.ProjectGrantID = projectGrant.GrantID
 		mapping.InstanceID = projectGrant.InstanceID
-	case model.ProjectGrantRemoved:
+	case project.GrantRemovedType:
 		projectGrant := new(view_model.ProjectGrant)
 		projectGrant.SetData(event)
 		err := p.view.DeleteOrgProjectMappingsByProjectGrantID(event.AggregateID)

internal/auth/repository/eventsourcing/handler/refresh_token.go

@@ -7,13 +7,12 @@ import (
 
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore"
-	"github.com/caos/zitadel/internal/eventstore/v1"
+	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
-	project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/repository/project"
-	user_repo "github.com/caos/zitadel/internal/repository/user"
+	"github.com/caos/zitadel/internal/repository/user"
-	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -56,7 +55,7 @@ func (t *RefreshToken) Subscription() *v1.Subscription {
 }
 
 func (t *RefreshToken) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{user_es_model.UserAggregate, project_es_model.ProjectAggregate}
+	return []es_models.AggregateType{user.AggregateType, project.AggregateType}
 }
 
 func (t *RefreshToken) CurrentSequence() (uint64, error) {
@@ -73,21 +72,21 @@ func (t *RefreshToken) EventQuery() (*es_models.SearchQuery, error) {
 		return nil, err
 	}
 	return es_models.NewSearchQuery().
-		AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
+		AggregateTypeFilter(user.AggregateType, project.AggregateType).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
 func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
 	switch eventstore.EventType(event.Type) {
-	case user_repo.HumanRefreshTokenAddedType:
+	case user.HumanRefreshTokenAddedType:
 		token := new(view_model.RefreshTokenView)
 		err := token.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 		return t.view.PutRefreshToken(token, event)
-	case user_repo.HumanRefreshTokenRenewedType:
+	case user.HumanRefreshTokenRenewedType:
-		e := new(user_repo.HumanRefreshTokenRenewedEvent)
+		e := new(user.HumanRefreshTokenRenewedEvent)
 		if err := json.Unmarshal(event.Data, e); err != nil {
 			logging.Log("EVEN-DBbn4").WithError(err).Error("could not unmarshal event data")
 			return caos_errs.ThrowInternal(nil, "MODEL-BHn75", "could not unmarshal data")
@@ -101,16 +100,16 @@ func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
 			return err
 		}
 		return t.view.PutRefreshToken(token, event)
-	case user_repo.HumanRefreshTokenRemovedType:
+	case user.HumanRefreshTokenRemovedType:
-		e := new(user_repo.HumanRefreshTokenRemovedEvent)
+		e := new(user.HumanRefreshTokenRemovedEvent)
 		if err := json.Unmarshal(event.Data, e); err != nil {
 			logging.Log("EVEN-BDbh3").WithError(err).Error("could not unmarshal event data")
 			return caos_errs.ThrowInternal(nil, "MODEL-Bz653", "could not unmarshal data")
 		}
 		return t.view.DeleteRefreshToken(e.TokenID, event)
-	case user_repo.UserLockedType,
+	case user.UserLockedType,
-		user_repo.UserDeactivatedType,
+		user.UserDeactivatedType,
-		user_repo.UserRemovedType:
+		user.UserRemovedType:
 		return t.view.DeleteUserRefreshTokens(event.AggregateID, event)
 	default:
 		return t.view.ProcessedRefreshTokenSequence(event)

internal/auth/repository/eventsourcing/handler/token.go

@@ -7,6 +7,7 @@ import (
 	"github.com/caos/logging"
 
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
@@ -15,8 +16,9 @@ import (
 	proj_model "github.com/caos/zitadel/internal/project/model"
 	project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
 	proj_view "github.com/caos/zitadel/internal/project/repository/view"
+	"github.com/caos/zitadel/internal/repository/project"
+	"github.com/caos/zitadel/internal/repository/user"
 	user_repo "github.com/caos/zitadel/internal/repository/user"
-	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -59,7 +61,7 @@ func (t *Token) Subscription() *v1.Subscription {
 }
 
 func (_ *Token) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{user_es_model.UserAggregate, project_es_model.ProjectAggregate}
+	return []es_models.AggregateType{user.AggregateType, project.AggregateType}
 }
 
 func (p *Token) CurrentSequence() (uint64, error) {
@@ -76,22 +78,22 @@ func (t *Token) EventQuery() (*es_models.SearchQuery, error) {
 		return nil, err
 	}
 	return es_models.NewSearchQuery().
-		AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
+		AggregateTypeFilter(user.AggregateType, project.AggregateType).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
 func (t *Token) Reduce(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case user_es_model.UserTokenAdded,
+	case user.UserTokenAddedType,
-		es_models.EventType(user_repo.PersonalAccessTokenAddedType):
+		user_repo.PersonalAccessTokenAddedType:
 		token := new(view_model.TokenView)
 		err := token.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 		return t.view.PutToken(token, event)
-	case user_es_model.UserProfileChanged,
+	case user.UserV1ProfileChangedType,
-		user_es_model.HumanProfileChanged:
+		user.HumanProfileChangedType:
 		user := new(view_model.UserView)
 		user.AppendEvent(event)
 		tokens, err := t.view.TokensByUserID(event.AggregateID)
@@ -102,39 +104,39 @@ func (t *Token) Reduce(event *es_models.Event) (err error) {
 			token.PreferredLanguage = user.PreferredLanguage
 		}
 		return t.view.PutTokens(tokens, event)
-	case user_es_model.SignedOut,
+	case user.UserV1SignedOutType,
-		user_es_model.HumanSignedOut:
+		user.HumanSignedOutType:
 		id, err := agentIDFromSession(event)
 		if err != nil {
 			return err
 		}
 		return t.view.DeleteSessionTokens(id, event.AggregateID, event)
-	case user_es_model.UserLocked,
+	case user.UserLockedType,
-		user_es_model.UserDeactivated,
+		user.UserDeactivatedType,
-		user_es_model.UserRemoved:
+		user.UserRemovedType:
 		return t.view.DeleteUserTokens(event.AggregateID, event)
-	case es_models.EventType(user_repo.UserTokenRemovedType),
+	case user_repo.UserTokenRemovedType,
-		es_models.EventType(user_repo.PersonalAccessTokenRemovedType):
+		user_repo.PersonalAccessTokenRemovedType:
 		id, err := tokenIDFromRemovedEvent(event)
 		if err != nil {
 			return err
 		}
 		return t.view.DeleteToken(id, event)
-	case es_models.EventType(user_repo.HumanRefreshTokenRemovedType):
+	case user_repo.HumanRefreshTokenRemovedType:
 		id, err := refreshTokenIDFromRemovedEvent(event)
 		if err != nil {
 			return err
 		}
 		return t.view.DeleteTokensFromRefreshToken(id, event)
-	case project_es_model.ApplicationDeactivated,
+	case project.ApplicationDeactivatedType,
-		project_es_model.ApplicationRemoved:
+		project.ApplicationRemovedType:
 		application, err := applicationFromSession(event)
 		if err != nil {
 			return err
 		}
 		return t.view.DeleteApplicationTokens(event, application.AppID)
-	case project_es_model.ProjectDeactivated,
+	case project.ProjectDeactivatedType,
-		project_es_model.ProjectRemoved:
+		project.ProjectRemovedType:
 		project, err := t.getProjectByID(context.Background(), event.AggregateID)
 		if err != nil {
 			return err

internal/auth/repository/eventsourcing/handler/user.go

@@ -6,6 +6,7 @@ import (
 	"github.com/caos/logging"
 
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
@@ -17,7 +18,6 @@ import (
 	query2 "github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/repository/org"
 	user_repo "github.com/caos/zitadel/internal/repository/user"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -62,7 +62,7 @@ func (u *User) Subscription() *v1.Subscription {
 	return u.subscription
 }
 func (_ *User) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
+	return []es_models.AggregateType{user_repo.AggregateType, org.AggregateType}
 }
 
 func (u *User) CurrentSequence() (uint64, error) {
@@ -85,9 +85,9 @@ func (u *User) EventQuery() (*es_models.SearchQuery, error) {
 
 func (u *User) Reduce(event *es_models.Event) (err error) {
 	switch event.AggregateType {
-	case es_model.UserAggregate:
+	case user_repo.AggregateType:
 		return u.ProcessUser(event)
-	case org_es_model.OrgAggregate:
+	case org.AggregateType:
 		return u.ProcessOrg(event)
 	default:
 		return nil
@@ -96,63 +96,63 @@ func (u *User) Reduce(event *es_models.Event) (err error) {
 
 func (u *User) ProcessUser(event *es_models.Event) (err error) {
 	user := new(view_model.UserView)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.UserAdded,
+	case user_repo.UserV1AddedType,
-		es_model.MachineAdded,
+		user_repo.MachineAddedEventType,
-		es_model.HumanAdded,
+		user_repo.HumanAddedType,
-		es_model.UserRegistered,
+		user_repo.UserV1RegisteredType,
-		es_model.HumanRegistered:
+		user_repo.HumanRegisteredType:
 		err = user.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 		err = u.fillLoginNames(user)
-	case es_model.UserProfileChanged,
+	case user_repo.UserV1ProfileChangedType,
-		es_model.UserEmailChanged,
+		user_repo.UserV1EmailChangedType,
-		es_model.UserEmailVerified,
+		user_repo.UserV1EmailVerifiedType,
-		es_model.UserPhoneChanged,
+		user_repo.UserV1PhoneChangedType,
-		es_model.UserPhoneVerified,
+		user_repo.UserV1PhoneVerifiedType,
-		es_model.UserPhoneRemoved,
+		user_repo.UserV1PhoneRemovedType,
-		es_model.UserAddressChanged,
+		user_repo.UserV1AddressChangedType,
-		es_model.UserDeactivated,
+		user_repo.UserDeactivatedType,
-		es_model.UserReactivated,
+		user_repo.UserReactivatedType,
-		es_model.UserLocked,
+		user_repo.UserLockedType,
-		es_model.UserUnlocked,
+		user_repo.UserUnlockedType,
-		es_model.MFAOTPAdded,
+		user_repo.UserV1MFAOTPAddedType,
-		es_model.MFAOTPVerified,
+		user_repo.UserV1MFAOTPVerifiedType,
-		es_model.MFAOTPRemoved,
+		user_repo.UserV1MFAOTPRemovedType,
-		es_model.MFAInitSkipped,
+		user_repo.UserV1MFAInitSkippedType,
-		es_model.UserPasswordChanged,
+		user_repo.UserV1PasswordChangedType,
-		es_model.HumanProfileChanged,
+		user_repo.HumanProfileChangedType,
-		es_model.HumanEmailChanged,
+		user_repo.HumanEmailChangedType,
-		es_model.HumanEmailVerified,
+		user_repo.HumanEmailVerifiedType,
-		es_model.HumanAvatarAdded,
+		user_repo.HumanAvatarAddedType,
-		es_model.HumanAvatarRemoved,
+		user_repo.HumanAvatarRemovedType,
-		es_model.HumanPhoneChanged,
+		user_repo.HumanPhoneChangedType,
-		es_model.HumanPhoneVerified,
+		user_repo.HumanPhoneVerifiedType,
-		es_model.HumanPhoneRemoved,
+		user_repo.HumanPhoneRemovedType,
-		es_model.HumanAddressChanged,
+		user_repo.HumanAddressChangedType,
-		es_model.HumanMFAOTPAdded,
+		user_repo.HumanMFAOTPAddedType,
-		es_model.HumanMFAOTPVerified,
+		user_repo.HumanMFAOTPVerifiedType,
-		es_model.HumanMFAOTPRemoved,
+		user_repo.HumanMFAOTPRemovedType,
-		es_model.HumanMFAU2FTokenAdded,
+		user_repo.HumanU2FTokenAddedType,
-		es_model.HumanMFAU2FTokenVerified,
+		user_repo.HumanU2FTokenVerifiedType,
-		es_model.HumanMFAU2FTokenRemoved,
+		user_repo.HumanU2FTokenRemovedType,
-		es_model.HumanPasswordlessTokenAdded,
+		user_repo.HumanPasswordlessTokenAddedType,
-		es_model.HumanPasswordlessTokenVerified,
+		user_repo.HumanPasswordlessTokenVerifiedType,
-		es_model.HumanPasswordlessTokenRemoved,
+		user_repo.HumanPasswordlessTokenRemovedType,
-		es_model.HumanMFAInitSkipped,
+		user_repo.HumanMFAInitSkippedType,
-		es_model.MachineChanged,
+		user_repo.MachineChangedEventType,
-		es_model.HumanPasswordChanged,
+		user_repo.HumanPasswordChangedType,
-		es_models.EventType(user_repo.HumanPasswordlessInitCodeAddedType),
+		user_repo.HumanPasswordlessInitCodeAddedType,
-		es_models.EventType(user_repo.HumanPasswordlessInitCodeRequestedType):
+		user_repo.HumanPasswordlessInitCodeRequestedType:
 		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		err = user.AppendEvent(event)
-	case es_model.DomainClaimed,
+	case user_repo.UserDomainClaimedType,
-		es_model.UserUserNameChanged:
+		user_repo.UserUserNameChangedType:
 		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
@@ -162,7 +162,7 @@ func (u *User) ProcessUser(event *es_models.Event) (err error) {
 			return err
 		}
 		err = u.fillLoginNames(user)
-	case es_model.UserRemoved:
+	case user_repo.UserRemovedType:
 		return u.view.DeleteUser(event.AggregateID, event)
 	default:
 		return u.view.ProcessedUserSequence(event)
@@ -184,14 +184,14 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
 }
 
 func (u *User) ProcessOrg(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case org_es_model.OrgDomainVerified,
+	case org.OrgDomainVerifiedEventType,
-		org_es_model.OrgDomainRemoved,
+		org.OrgDomainRemovedEventType,
-		es_models.EventType(org.DomainPolicyAddedEventType),
+		org.DomainPolicyAddedEventType,
-		es_models.EventType(org.DomainPolicyChangedEventType),
+		org.DomainPolicyChangedEventType,
-		es_models.EventType(org.DomainPolicyRemovedEventType):
+		org.DomainPolicyRemovedEventType:
 		return u.fillLoginNamesOnOrgUsers(event)
-	case org_es_model.OrgDomainPrimarySet:
+	case org.OrgDomainPrimarySetEventType:
 		return u.fillPreferredLoginNamesOnOrgUsers(event)
 	default:
 		return u.view.ProcessedUserSequence(event)

internal/auth/repository/eventsourcing/handler/user_external_idps.go

@@ -8,16 +8,17 @@ import (
 	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/domain"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	query2 "github.com/caos/zitadel/internal/query"
-	"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/user"
 	usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -66,7 +67,7 @@ func (i *ExternalIDP) Subscription() *v1.Subscription {
 }
 
 func (_ *ExternalIDP) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate}
+	return []es_models.AggregateType{user.AggregateType, instance.AggregateType, org.AggregateType}
 }
 
 func (i *ExternalIDP) CurrentSequence() (uint64, error) {
@@ -89,9 +90,9 @@ func (i *ExternalIDP) EventQuery() (*es_models.SearchQuery, error) {
 
 func (i *ExternalIDP) Reduce(event *es_models.Event) (err error) {
 	switch event.AggregateType {
-	case model.UserAggregate:
+	case user.AggregateType:
 		err = i.processUser(event)
-	case iam_es_model.IAMAggregate, org_es_model.OrgAggregate:
+	case instance.AggregateType, org.AggregateType:
 		err = i.processIdpConfig(event)
 	}
 	return err
@@ -99,20 +100,20 @@ func (i *ExternalIDP) Reduce(event *es_models.Event) (err error) {
 
 func (i *ExternalIDP) processUser(event *es_models.Event) (err error) {
 	externalIDP := new(usr_view_model.ExternalIDPView)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case model.HumanExternalIDPAdded:
+	case user.UserIDPLinkAddedType:
 		err = externalIDP.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 		err = i.fillData(externalIDP)
-	case model.HumanExternalIDPRemoved, model.HumanExternalIDPCascadeRemoved:
+	case user.UserIDPLinkRemovedType, user.UserIDPLinkCascadeRemovedType:
 		err = externalIDP.SetData(event)
 		if err != nil {
 			return err
 		}
 		return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event)
-	case model.UserRemoved:
+	case user.UserRemovedType:
 		return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event)
 	default:
 		return i.view.ProcessedExternalIDPSequence(event)
@@ -124,11 +125,11 @@ func (i *ExternalIDP) processUser(event *es_models.Event) (err error) {
 }
 
 func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case iam_es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
+	case instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType:
 		configView := new(iam_view_model.IDPConfigView)
 		config := new(query2.IDP)
-		if event.Type == iam_es_model.IDPConfigChanged {
+		if eventstore.EventType(event.Type) == instance.IDPConfigChangedEventType {
 			configView.AppendEvent(iam_model.IDPProviderTypeSystem, event)
 		} else {
 			configView.AppendEvent(iam_model.IDPProviderTypeOrg, event)
@@ -137,7 +138,7 @@ func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		if event.AggregateType == iam_es_model.IAMAggregate {
+		if event.AggregateType == instance.AggregateType {
 			config, err = i.getDefaultIDPConfig(event.InstanceID, configView.IDPConfigID)
 		} else {
 			config, err = i.getOrgIDPConfig(event.InstanceID, event.AggregateID, configView.IDPConfigID)
@@ -172,7 +173,7 @@ func (i *ExternalIDP) fillConfigData(externalIDP *usr_view_model.ExternalIDPView
 }
 
 func (i *ExternalIDP) OnError(event *es_models.Event, err error) error {
-	logging.LogWithFields("SPOOL-4Rsu8", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
+	logging.WithFields("id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
 	return spooler.HandleError(event, err, i.view.GetLatestExternalIDPFailedEvent, i.view.ProcessedExternalIDPFailedEvent, i.view.ProcessedExternalIDPSequence, i.errorCountUntilSkip)
 }
 

internal/auth/repository/eventsourcing/handler/user_session.go

@@ -3,13 +3,14 @@ package handler
 import (
 	"github.com/caos/logging"
 
-	req_model "github.com/caos/zitadel/internal/auth_request/model"
+	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/repository/user"
 	"github.com/caos/zitadel/internal/user/repository/view"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
@@ -53,7 +54,7 @@ func (u *UserSession) Subscription() *v1.Subscription {
 }
 
 func (_ *UserSession) AggregateTypes() []models.AggregateType {
-	return []models.AggregateType{es_model.UserAggregate}
+	return []models.AggregateType{user.AggregateType}
 }
 
 func (u *UserSession) CurrentSequence() (uint64, error) {
@@ -74,22 +75,22 @@ func (u *UserSession) EventQuery() (*models.SearchQuery, error) {
 
 func (u *UserSession) Reduce(event *models.Event) (err error) {
 	var session *view_model.UserSessionView
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.UserPasswordCheckSucceeded,
+	case user.UserV1PasswordCheckSucceededType,
-		es_model.UserPasswordCheckFailed,
+		user.UserV1PasswordCheckFailedType,
-		es_model.MFAOTPCheckSucceeded,
+		user.UserV1MFAOTPCheckSucceededType,
-		es_model.MFAOTPCheckFailed,
+		user.UserV1MFAOTPCheckFailedType,
-		es_model.SignedOut,
+		user.UserV1SignedOutType,
-		es_model.HumanPasswordCheckSucceeded,
+		user.HumanPasswordCheckSucceededType,
-		es_model.HumanPasswordCheckFailed,
+		user.HumanPasswordCheckFailedType,
-		es_model.HumanExternalLoginCheckSucceeded,
+		user.UserIDPLoginCheckSucceededType,
-		es_model.HumanMFAOTPCheckSucceeded,
+		user.HumanMFAOTPCheckSucceededType,
-		es_model.HumanMFAOTPCheckFailed,
+		user.HumanMFAOTPCheckFailedType,
-		es_model.HumanMFAU2FTokenCheckSucceeded,
+		user.HumanU2FTokenCheckSucceededType,
-		es_model.HumanMFAU2FTokenCheckFailed,
+		user.HumanU2FTokenCheckFailedType,
-		es_model.HumanPasswordlessTokenCheckSucceeded,
+		user.HumanPasswordlessTokenCheckSucceededType,
-		es_model.HumanPasswordlessTokenCheckFailed,
+		user.HumanPasswordlessTokenCheckFailedType,
-		es_model.HumanSignedOut:
+		user.HumanSignedOutType:
 		eventData, err := view_model.UserSessionFromEvent(event)
 		if err != nil {
 			return err
@@ -104,27 +105,27 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
 				ResourceOwner: event.ResourceOwner,
 				UserAgentID:   eventData.UserAgentID,
 				UserID:        event.AggregateID,
-				State:         int32(req_model.UserSessionStateActive),
+				State:         int32(domain.UserSessionStateActive),
 				InstanceID:    event.InstanceID,
 			}
 		}
 		return u.updateSession(session, event)
-	case es_model.UserPasswordChanged,
+	case user.UserV1PasswordChangedType,
-		es_model.MFAOTPRemoved,
+		user.UserV1MFAOTPRemovedType,
-		es_model.UserProfileChanged,
+		user.UserV1ProfileChangedType,
-		es_model.UserLocked,
+		user.UserLockedType,
-		es_model.UserDeactivated,
+		user.UserDeactivatedType,
-		es_model.HumanPasswordChanged,
+		user.HumanPasswordChangedType,
-		es_model.HumanMFAOTPRemoved,
+		user.HumanMFAOTPRemovedType,
-		es_model.HumanProfileChanged,
+		user.HumanProfileChangedType,
-		es_model.HumanAvatarAdded,
+		user.HumanAvatarAddedType,
-		es_model.HumanAvatarRemoved,
+		user.HumanAvatarRemovedType,
-		es_model.DomainClaimed,
+		user.UserDomainClaimedType,
-		es_model.UserUserNameChanged,
+		user.UserUserNameChangedType,
-		es_model.HumanExternalIDPRemoved,
+		user.UserIDPLinkRemovedType,
-		es_model.HumanExternalIDPCascadeRemoved,
+		user.UserIDPLinkCascadeRemovedType,
-		es_model.HumanPasswordlessTokenRemoved,
+		user.HumanPasswordlessTokenRemovedType,
-		es_model.HumanMFAU2FTokenRemoved:
+		user.HumanU2FTokenRemovedType:
 		sessions, err := u.view.UserSessionsByUserID(event.AggregateID)
 		if err != nil {
 			return err
@@ -141,7 +142,7 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
 			}
 		}
 		return u.view.PutUserSessions(sessions, event)
-	case es_model.UserRemoved:
+	case user.UserRemovedType:
 		return u.view.DeleteUserSessions(event.AggregateID, event)
 	default:
 		return u.view.ProcessedUserSessionSequence(event)

internal/auth/repository/eventsourcing/view/external_idps.go

@@ -3,7 +3,6 @@ package view
 import (
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	usr_model "github.com/caos/zitadel/internal/user/model"
 	"github.com/caos/zitadel/internal/user/repository/view"
 	"github.com/caos/zitadel/internal/user/repository/view/model"
 	global_view "github.com/caos/zitadel/internal/view/repository"
@@ -25,14 +24,6 @@ func (v *View) ExternalIDPsByIDPConfigID(idpConfigID string) ([]*model.ExternalI
 	return view.ExternalIDPsByIDPConfigID(v.Db, externalIDPTable, idpConfigID)
 }
 
-func (v *View) ExternalIDPsByUserID(userID string) ([]*model.ExternalIDPView, error) {
-	return view.ExternalIDPsByUserID(v.Db, externalIDPTable, userID)
-}
-
-func (v *View) SearchExternalIDPs(request *usr_model.ExternalIDPSearchRequest) ([]*model.ExternalIDPView, uint64, error) {
-	return view.SearchExternalIDPs(v.Db, externalIDPTable, request)
-}
-
 func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, event *models.Event) error {
 	err := view.PutExternalIDP(v.Db, externalIDPTable, externalIDP)
 	if err != nil {

internal/auth/repository/user.go

@@ -2,17 +2,8 @@ package repository
 
 import (
 	"context"
-	"time"
-
-	"github.com/caos/zitadel/internal/user/model"
 )
 
 type UserRepository interface {
-	myUserRepo
-
 	UserSessionUserIDsByAgentID(ctx context.Context, agentID string) ([]string, error)
 }
-
-type myUserRepo interface {
-	MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*model.UserChanges, error)
-}

internal/auth_request/model/auth_request.go

@@ -1,169 +0,0 @@
-package model
-
-import (
-	"strings"
-	"time"
-
-	"golang.org/x/text/language"
-
-	"github.com/caos/zitadel/internal/iam/model"
-
-	"github.com/caos/zitadel/internal/errors"
-)
-
-type AuthRequest struct {
-	ID            string
-	AgentID       string
-	CreationDate  time.Time
-	ChangeDate    time.Time
-	BrowserInfo   *BrowserInfo
-	ApplicationID string
-	CallbackURI   string
-	TransferState string
-	Prompt        Prompt
-	PossibleLOAs  []LevelOfAssurance
-	UiLocales     []string
-	LoginHint     string
-	MaxAuthAge    uint32
-	Request       Request
-
-	levelOfAssurance       LevelOfAssurance
-	UserID                 string
-	UserName               string
-	LoginName              string
-	DisplayName            string
-	UserOrgID              string
-	RequestedOrgID         string
-	RequestedOrgName       string
-	RequestedPrimaryDomain string
-	SelectedIDPConfigID    string
-	LinkingUsers           []*ExternalUser
-	PossibleSteps          []NextStep
-	PasswordVerified       bool
-	MFAsVerified           []MFAType
-	Audience               []string
-	AuthTime               time.Time
-	Code                   string
-	LoginPolicy            *model.LoginPolicyView
-	LabelPolicy            *model.LabelPolicyView
-	AllowedExternalIDPs    []*model.IDPProviderView
-}
-
-type ExternalUser struct {
-	IDPConfigID       string
-	ExternalUserID    string
-	DisplayName       string
-	PreferredUsername string
-	FirstName         string
-	LastName          string
-	NickName          string
-	Email             string
-	IsEmailVerified   bool
-	PreferredLanguage language.Tag
-	Phone             string
-	IsPhoneVerified   bool
-}
-
-type Prompt int32
-
-const (
-	PromptUnspecified Prompt = iota
-	PromptNone
-	PromptLogin
-	PromptConsent
-	PromptSelectAccount
-)
-
-type LevelOfAssurance int
-
-const (
-	LevelOfAssuranceNone LevelOfAssurance = iota
-)
-
-func NewAuthRequest(id, agentID string, info *BrowserInfo, applicationID, callbackURI, transferState string,
-	prompt Prompt, possibleLOAs []LevelOfAssurance, uiLocales []string, loginHint, preselectedUserID string, maxAuthAge uint32, request Request) *AuthRequest {
-	return &AuthRequest{
-		ID:            id,
-		AgentID:       agentID,
-		BrowserInfo:   info,
-		ApplicationID: applicationID,
-		CallbackURI:   callbackURI,
-		TransferState: transferState,
-		Prompt:        prompt,
-		PossibleLOAs:  possibleLOAs,
-		UiLocales:     uiLocales,
-		LoginHint:     loginHint,
-		UserID:        preselectedUserID,
-		MaxAuthAge:    maxAuthAge,
-		Request:       request,
-	}
-}
-
-func NewAuthRequestFromType(requestType AuthRequestType) (*AuthRequest, error) {
-	request, ok := authRequestTypeMapping[requestType]
-	if !ok {
-		return nil, errors.ThrowInvalidArgument(nil, "MODEL-ds2kl", "invalid request type")
-	}
-	return &AuthRequest{Request: request}, nil
-}
-
-func (a *AuthRequest) IsValid() bool {
-	return a.ID != "" &&
-		a.AgentID != "" &&
-		a.BrowserInfo != nil && a.BrowserInfo.IsValid() &&
-		a.ApplicationID != "" &&
-		a.CallbackURI != "" &&
-		a.Request != nil && a.Request.IsValid()
-}
-
-func (a *AuthRequest) MFALevel() MFALevel {
-	return -1
-	//PLANNED: check a.PossibleLOAs (and Prompt Login?)
-}
-
-func (a *AuthRequest) WithCurrentInfo(info *BrowserInfo) *AuthRequest {
-	a.BrowserInfo = info
-	return a
-}
-
-func (a *AuthRequest) SetUserInfo(userID, userName, loginName, displayName, userOrgID string) {
-	a.UserID = userID
-	a.UserName = userName
-	a.LoginName = loginName
-	a.DisplayName = displayName
-	a.UserOrgID = userOrgID
-}
-
-func (a *AuthRequest) GetScopeOrgPrimaryDomain() string {
-	switch request := a.Request.(type) {
-	case *AuthRequestOIDC:
-		for _, scope := range request.Scopes {
-			if strings.HasPrefix(scope, OrgDomainPrimaryScope) {
-				return strings.TrimPrefix(scope, OrgDomainPrimaryScope)
-			}
-		}
-	}
-	return ""
-}
-
-func (a *AuthRequest) GetScopeProjectIDsForAud() []string {
-	projectIDs := make([]string, 0)
-	switch request := a.Request.(type) {
-	case *AuthRequestOIDC:
-		for _, scope := range request.Scopes {
-			if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
-				projectIDs = append(projectIDs, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
-			}
-		}
-	}
-	return projectIDs
-}
-
-func (a *AuthRequest) AppendAudIfNotExisting(aud string) {
-	for _, a := range a.Audience {
-		if a == aud {
-			return
-		}
-	}
-	a.Audience = append(a.Audience, aud)
-}

internal/auth_request/model/auth_request_test.go

@@ -1,263 +0,0 @@
-package model
-
-import (
-	"net"
-	"reflect"
-	"testing"
-)
-
-func TestAuthRequest_IsValid(t *testing.T) {
-	type fields struct {
-		ID            string
-		AgentID       string
-		BrowserInfo   *BrowserInfo
-		ApplicationID string
-		CallbackURI   string
-		Request       Request
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   bool
-	}{
-		{
-			"missing id, false",
-			fields{},
-			false,
-		},
-		{
-			"missing agent id, false",
-			fields{
-				ID: "id",
-			},
-			false,
-		},
-		{
-			"missing browser info, false",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-			},
-			false,
-		},
-		{
-			"browser info invalid, false",
-			fields{
-				ID:          "id",
-				AgentID:     "agentID",
-				BrowserInfo: &BrowserInfo{},
-			},
-			false,
-		},
-		{
-			"missing application id, false",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "user agent",
-					AcceptLanguage: "accept language",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-			},
-			false,
-		},
-		{
-			"missing callback uri, false",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "user agent",
-					AcceptLanguage: "accept language",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-				ApplicationID: "appID",
-			},
-			false,
-		},
-		{
-			"missing request, false",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "user agent",
-					AcceptLanguage: "accept language",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-				ApplicationID: "appID",
-				CallbackURI:   "schema://callback",
-			},
-			false,
-		},
-		{
-			"request invalid, false",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "user agent",
-					AcceptLanguage: "accept language",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-				ApplicationID: "appID",
-				CallbackURI:   "schema://callback",
-				Request:       &AuthRequestOIDC{},
-			},
-			false,
-		},
-		{
-			"valid auth request, true",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "user agent",
-					AcceptLanguage: "accept language",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-				ApplicationID: "appID",
-				CallbackURI:   "schema://callback",
-				Request: &AuthRequestOIDC{
-					Scopes: []string{"openid"},
-					CodeChallenge: &OIDCCodeChallenge{
-						Challenge: "challenge",
-						Method:    CodeChallengeMethodS256,
-					},
-				},
-			},
-			true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			a := &AuthRequest{
-				ID:            tt.fields.ID,
-				AgentID:       tt.fields.AgentID,
-				BrowserInfo:   tt.fields.BrowserInfo,
-				ApplicationID: tt.fields.ApplicationID,
-				CallbackURI:   tt.fields.CallbackURI,
-				Request:       tt.fields.Request,
-			}
-			if got := a.IsValid(); got != tt.want {
-				t.Errorf("IsValid() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func TestAuthRequest_MFALevel(t *testing.T) {
-	type fields struct {
-		Prompt       Prompt
-		PossibleLOAs []LevelOfAssurance
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   MFALevel
-	}{
-		//PLANNED: Add / replace test cases when LOA is set
-		{"-1",
-			fields{},
-			-1,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			a := &AuthRequest{
-				Prompt:       tt.fields.Prompt,
-				PossibleLOAs: tt.fields.PossibleLOAs,
-			}
-			if got := a.MFALevel(); got != tt.want {
-				t.Errorf("MFALevel() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func TestAuthRequest_WithCurrentInfo(t *testing.T) {
-	type fields struct {
-		ID          string
-		AgentID     string
-		BrowserInfo *BrowserInfo
-	}
-	type args struct {
-		info *BrowserInfo
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		args   args
-		want   *AuthRequest
-	}{
-		{
-			"unchanged",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-			},
-			args{
-				&BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-			},
-			&AuthRequest{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-			},
-		},
-		{
-			"changed",
-			fields{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(29, 4, 20, 19),
-				},
-			},
-			args{
-				&BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(16, 12, 20, 19),
-				},
-			},
-			&AuthRequest{
-				ID:      "id",
-				AgentID: "agentID",
-				BrowserInfo: &BrowserInfo{
-					UserAgent:      "ua",
-					AcceptLanguage: "de",
-					RemoteIP:       net.IPv4(16, 12, 20, 19),
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			a := &AuthRequest{
-				ID:          tt.fields.ID,
-				AgentID:     tt.fields.AgentID,
-				BrowserInfo: tt.fields.BrowserInfo,
-			}
-			if got := a.WithCurrentInfo(tt.args.info); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("WithCurrentInfo() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}

internal/auth_request/model/browser_info.go

@@ -1,28 +0,0 @@
-package model
-
-import (
-	"net"
-	"net/http"
-
-	http_util "github.com/caos/zitadel/internal/api/http"
-)
-
-type BrowserInfo struct {
-	UserAgent      string
-	AcceptLanguage string
-	RemoteIP       net.IP
-}
-
-func BrowserInfoFromRequest(r *http.Request) *BrowserInfo {
-	return &BrowserInfo{
-		UserAgent:      r.Header.Get(http_util.UserAgentHeader),
-		AcceptLanguage: r.Header.Get(http_util.AcceptLanguage),
-		RemoteIP:       http_util.RemoteIPFromRequest(r),
-	}
-}
-
-func (i *BrowserInfo) IsValid() bool {
-	return i.UserAgent != "" &&
-		i.AcceptLanguage != "" &&
-		i.RemoteIP != nil && !i.RemoteIP.IsUnspecified()
-}

internal/auth_request/model/code_challenge.go

@@ -1,17 +0,0 @@
-package model
-
-type OIDCCodeChallenge struct {
-	Challenge string
-	Method    OIDCCodeChallengeMethod
-}
-
-func (c *OIDCCodeChallenge) IsValid() bool {
-	return c.Challenge != ""
-}
-
-type OIDCCodeChallengeMethod int32
-
-const (
-	CodeChallengeMethodPlain OIDCCodeChallengeMethod = iota
-	CodeChallengeMethodS256
-)

internal/auth_request/model/next_step.go

@@ -1,213 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-)
-
-type NextStep interface {
-	Type() NextStepType
-}
-
-type NextStepType int32
-
-const (
-	NextStepUnspecified NextStepType = iota
-	NextStepLogin
-	NextStepUserSelection
-	NextStepInitUser
-	NextStepPassword
-	NextStepChangePassword
-	NextStepInitPassword
-	NextStepVerifyEmail
-	NextStepMFAPrompt
-	NextStepMFAVerify
-	NextStepRedirectToCallback
-	NextStepChangeUsername
-	NextStepLinkUsers
-	NextStepExternalNotFoundOption
-	NextStepExternalLogin
-	NextStepGrantRequired
-	NextStepPasswordless
-)
-
-type UserSessionState int32
-
-const (
-	UserSessionStateActive UserSessionState = iota
-	UserSessionStateTerminated
-)
-
-type LoginStep struct{}
-
-func (s *LoginStep) Type() NextStepType {
-	return NextStepLogin
-}
-
-type SelectUserStep struct {
-	Users []UserSelection
-}
-
-func (s *SelectUserStep) Type() NextStepType {
-	return NextStepUserSelection
-}
-
-type UserSelection struct {
-	UserID            string
-	DisplayName       string
-	UserName          string
-	LoginName         string
-	UserSessionState  UserSessionState
-	SelectionPossible bool
-}
-
-type InitUserStep struct {
-	PasswordSet bool
-}
-
-type ExternalNotFoundOptionStep struct{}
-
-func (s *ExternalNotFoundOptionStep) Type() NextStepType {
-	return NextStepExternalNotFoundOption
-}
-
-func (s *InitUserStep) Type() NextStepType {
-	return NextStepInitUser
-}
-
-type PasswordStep struct{}
-
-func (s *PasswordStep) Type() NextStepType {
-	return NextStepPassword
-}
-
-type ExternalLoginStep struct {
-	SelectedIDPConfigID string
-}
-
-func (s *ExternalLoginStep) Type() NextStepType {
-	return NextStepExternalLogin
-}
-
-type PasswordlessStep struct{}
-
-func (s *PasswordlessStep) Type() NextStepType {
-	return NextStepPasswordless
-}
-
-type ChangePasswordStep struct{}
-
-func (s *ChangePasswordStep) Type() NextStepType {
-	return NextStepChangePassword
-}
-
-type InitPasswordStep struct{}
-
-func (s *InitPasswordStep) Type() NextStepType {
-	return NextStepInitPassword
-}
-
-type ChangeUsernameStep struct{}
-
-func (s *ChangeUsernameStep) Type() NextStepType {
-	return NextStepChangeUsername
-}
-
-type VerifyEMailStep struct{}
-
-func (s *VerifyEMailStep) Type() NextStepType {
-	return NextStepVerifyEmail
-}
-
-type MFAPromptStep struct {
-	Required     bool
-	MFAProviders []MFAType
-}
-
-func (s *MFAPromptStep) Type() NextStepType {
-	return NextStepMFAPrompt
-}
-
-type MFAVerificationStep struct {
-	MFAProviders []MFAType
-}
-
-func (s *MFAVerificationStep) Type() NextStepType {
-	return NextStepMFAVerify
-}
-
-type LinkUsersStep struct{}
-
-func (s *LinkUsersStep) Type() NextStepType {
-	return NextStepLinkUsers
-}
-
-type GrantRequiredStep struct{}
-
-func (s *GrantRequiredStep) Type() NextStepType {
-	return NextStepGrantRequired
-}
-
-type RedirectToCallbackStep struct{}
-
-func (s *RedirectToCallbackStep) Type() NextStepType {
-	return NextStepRedirectToCallback
-}
-
-type MFAType int
-
-const (
-	MFATypeOTP MFAType = iota
-	MFATypeU2F
-	MFATypeU2FUserVerification
-)
-
-type MFALevel int
-
-const (
-	MFALevelNotSetUp MFALevel = iota
-	MFALevelSecondFactor
-	MFALevelMultiFactor
-	MFALevelMultiFactorCertified
-)
-
-func MFATypeToDomain(mfaType MFAType) domain.MFAType {
-	switch mfaType {
-	case MFATypeOTP:
-		return domain.MFATypeOTP
-	case MFATypeU2F:
-		return domain.MFATypeU2F
-	case MFATypeU2FUserVerification:
-		return domain.MFATypeU2FUserVerification
-	default:
-		return domain.MFATypeOTP
-	}
-
-}
-
-func MFALevelToDomain(mfaLevel MFALevel) domain.MFALevel {
-	switch mfaLevel {
-	case MFALevelNotSetUp:
-		return domain.MFALevelNotSetUp
-	case MFALevelSecondFactor:
-		return domain.MFALevelSecondFactor
-	case MFALevelMultiFactor:
-		return domain.MFALevelMultiFactor
-	case MFALevelMultiFactorCertified:
-		return domain.MFALevelMultiFactorCertified
-	default:
-		return domain.MFALevelNotSetUp
-	}
-
-}
-
-func UserSessionStateToDomain(state UserSessionState) domain.UserSessionState {
-	switch state {
-	case UserSessionStateActive:
-		return domain.UserSessionStateActive
-	case UserSessionStateTerminated:
-		return domain.UserSessionStateTerminated
-	default:
-		return domain.UserSessionStateActive
-	}
-
-}

internal/auth_request/model/request.go

@@ -1,62 +0,0 @@
-package model
-
-type Request interface {
-	Type() AuthRequestType
-	IsValid() bool
-}
-
-type AuthRequestType int32
-
-var (
-	authRequestTypeMapping = map[AuthRequestType]Request{
-		AuthRequestTypeOIDC: &AuthRequestOIDC{},
-	}
-)
-
-const (
-	AuthRequestTypeOIDC AuthRequestType = iota
-	AuthRequestTypeSAML
-)
-
-const (
-	OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
-	OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
-	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
-	AudSuffix             = ":aud"
-	SelectIDPScope        = "urn:zitadel:iam:org:idp:id:"
-)
-
-type AuthRequestOIDC struct {
-	Scopes        []string
-	ResponseType  OIDCResponseType
-	Nonce         string
-	CodeChallenge *OIDCCodeChallenge
-}
-
-func (a *AuthRequestOIDC) Type() AuthRequestType {
-	return AuthRequestTypeOIDC
-}
-
-func (a *AuthRequestOIDC) IsValid() bool {
-	return len(a.Scopes) > 0 &&
-		a.CodeChallenge == nil || a.CodeChallenge != nil && a.CodeChallenge.IsValid()
-}
-
-type AuthRequestSAML struct {
-}
-
-func (a *AuthRequestSAML) Type() AuthRequestType {
-	return AuthRequestTypeSAML
-}
-
-func (a *AuthRequestSAML) IsValid() bool {
-	return true
-}
-
-type OIDCResponseType int32
-
-const (
-	OIDCResponseTypeCode OIDCResponseType = iota
-	OIDCResponseTypeIdToken
-	OIDCResponseTypeIdTokenToken
-)

internal/authz/repository/eventsourcing/eventstore/token_verifier.go

@@ -14,7 +14,6 @@ import (
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_view "github.com/caos/zitadel/internal/iam/repository/view"
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 	usr_model "github.com/caos/zitadel/internal/user/model"
@@ -259,19 +258,3 @@ func (r *TokenVerifierRepo) getUserEvents(ctx context.Context, userID string, se
 	}
 	return r.Eventstore.FilterEvents(ctx, query)
 }
-
-func (repo *TokenVerifierRepo) checkDefaultFeatures(ctx context.Context, requiredFeatures ...string) error {
-	features, err := repo.Query.DefaultFeatures(ctx)
-	if err != nil {
-		return err
-	}
-	return checkFeatures(features, requiredFeatures...)
-}
-
-func (repo *TokenVerifierRepo) getIAMEvents(ctx context.Context, sequence uint64) ([]*models.Event, error) {
-	query, err := iam_view.IAMByIDQuery(domain.IAMID, sequence)
-	if err != nil {
-		return nil, err
-	}
-	return repo.Eventstore.FilterEvents(ctx, query)
-}

internal/authz/repository/eventsourcing/handler/user_membership.go

@@ -6,20 +6,23 @@ import (
 	"github.com/caos/logging"
 
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
 	es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	org_model "github.com/caos/zitadel/internal/org/model"
 	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	org_view "github.com/caos/zitadel/internal/org/repository/view"
 	proj_model "github.com/caos/zitadel/internal/project/model"
 	proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
 	proj_view "github.com/caos/zitadel/internal/project/repository/view"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/project"
+	"github.com/caos/zitadel/internal/repository/user"
 	usr_model "github.com/caos/zitadel/internal/user/model"
-	"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 	usr_es_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -62,7 +65,7 @@ func (m *UserMembership) Subscription() *v1.Subscription {
 }
 
 func (_ *UserMembership) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate, model.UserAggregate}
+	return []es_models.AggregateType{instance.AggregateType, org.AggregateType, project.AggregateType, user.AggregateType}
 }
 
 func (m *UserMembership) CurrentSequence() (uint64, error) {
@@ -85,13 +88,13 @@ func (m *UserMembership) EventQuery() (*es_models.SearchQuery, error) {
 
 func (m *UserMembership) Reduce(event *es_models.Event) (err error) {
 	switch event.AggregateType {
-	case iam_es_model.IAMAggregate:
+	case instance.AggregateType:
 		err = m.processIAM(event)
-	case org_es_model.OrgAggregate:
+	case org.AggregateType:
 		err = m.processOrg(event)
-	case proj_es_model.ProjectAggregate:
+	case project.AggregateType:
 		err = m.processProject(event)
-	case model.UserAggregate:
+	case user.AggregateType:
 		err = m.processUser(event)
 	}
 	return err
@@ -103,17 +106,17 @@ func (m *UserMembership) processIAM(event *es_models.Event) (err error) {
 	if err != nil {
 		return err
 	}
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case iam_es_model.IAMMemberAdded:
+	case instance.MemberAddedEventType:
 		m.fillIamDisplayName(member)
-	case iam_es_model.IAMMemberChanged:
+	case instance.MemberChangedEventType:
 		member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam)
 		if err != nil {
 			return err
 		}
 		err = member.AppendEvent(event)
-	case iam_es_model.IAMMemberRemoved,
+	case instance.MemberRemovedEventType,
-		iam_es_model.IAMMemberCascadeRemoved:
+		instance.MemberCascadeRemovedEventType:
 		return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event)
 	default:
 		return m.view.ProcessedUserMembershipSequence(event)
@@ -135,19 +138,19 @@ func (m *UserMembership) processOrg(event *es_models.Event) (err error) {
 	if err != nil {
 		return err
 	}
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case org_es_model.OrgMemberAdded:
+	case org.MemberAddedEventType:
 		err = m.fillOrgName(member)
-	case org_es_model.OrgMemberChanged:
+	case org.MemberChangedEventType:
 		member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation)
 		if err != nil {
 			return err
 		}
 		err = member.AppendEvent(event)
-	case org_es_model.OrgMemberRemoved,
+	case org.MemberRemovedEventType,
-		org_es_model.OrgMemberCascadeRemoved:
+		org.MemberCascadeRemovedEventType:
 		return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event)
-	case org_es_model.OrgChanged:
+	case org.OrgChangedEventType:
 		return m.updateOrgName(event)
 	default:
 		return m.view.ProcessedUserMembershipSequence(event)
@@ -195,35 +198,35 @@ func (m *UserMembership) processProject(event *es_models.Event) (err error) {
 	if err != nil {
 		return err
 	}
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectGrantMemberAdded:
+	case project.MemberAddedType, project.GrantMemberAddedType:
 		err = m.fillProjectDisplayName(member)
 		if err != nil {
 			return err
 		}
 		err = m.fillOrgName(member)
-	case proj_es_model.ProjectMemberChanged:
+	case project.MemberChangedType:
 		member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject)
 		if err != nil {
 			return err
 		}
 		err = member.AppendEvent(event)
-	case proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
+	case project.MemberRemovedType, project.MemberCascadeRemovedType:
 		return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event)
-	case proj_es_model.ProjectGrantMemberChanged:
+	case project.GrantMemberChangedType:
 		member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant)
 		if err != nil {
 			return err
 		}
 		err = member.AppendEvent(event)
-	case proj_es_model.ProjectGrantMemberRemoved,
+	case project.GrantMemberRemovedType,
-		proj_es_model.ProjectGrantMemberCascadeRemoved:
+		project.GrantMemberCascadeRemovedType:
 		return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event)
-	case proj_es_model.ProjectChanged:
+	case project.ProjectChangedType:
 		return m.updateProjectDisplayName(event)
-	case proj_es_model.ProjectRemoved:
+	case project.ProjectRemovedType:
 		return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event)
-	case proj_es_model.ProjectGrantRemoved:
+	case project.GrantRemovedType:
 		return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event)
 	default:
 		return m.view.ProcessedUserMembershipSequence(event)
@@ -264,8 +267,8 @@ func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error
 }
 
 func (m *UserMembership) processUser(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case model.UserRemoved:
+	case user.UserRemovedType:
 		return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event)
 	default:
 		return m.view.ProcessedUserMembershipSequence(event)
@@ -273,7 +276,7 @@ func (m *UserMembership) processUser(event *es_models.Event) (err error) {
 }
 
 func (m *UserMembership) OnError(event *es_models.Event, err error) error {
-	logging.LogWithFields("SPOOL-Ms3fj", "id", event.AggregateID).WithError(err).Warn("something went wrong in user membership handler")
+	logging.WithFields("id", event.AggregateID).WithError(err).Warn("something went wrong in user membership handler")
 	return spooler.HandleError(event, err, m.view.GetLatestUserMembershipFailedEvent, m.view.ProcessedUserMembershipFailedEvent, m.view.ProcessedUserMembershipSequence, m.errorCountUntilSkip)
 }
 

internal/domain/request.go

@@ -5,6 +5,7 @@ const (
 	OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
 	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
 	AudSuffix             = ":aud"
+	SelectIDPScope        = "urn:zitadel:iam:org:idp:id:"
 )
 
 //TODO: Change AuthRequest to interface and let oidcauthreqesut implement it

internal/iam/model/custom_text_view.go

@@ -1,54 +0,0 @@
-package model
-
-import (
-	"time"
-
-	"golang.org/x/text/language"
-
-	"github.com/caos/zitadel/internal/domain"
-)
-
-type CustomTextView struct {
-	AggregateID string
-	Template    string
-	Language    language.Tag
-	Key         string
-	Text        string
-
-	CreationDate time.Time
-	ChangeDate   time.Time
-	Sequence     uint64
-}
-
-type CustomTextSearchRequest struct {
-	Offset        uint64
-	Limit         uint64
-	SortingColumn CustomTextSearchKey
-	Asc           bool
-	Queries       []*CustomTextSearchQuery
-}
-
-type CustomTextSearchKey int32
-
-const (
-	CustomTextSearchKeyUnspecified CustomTextSearchKey = iota
-	CustomTextSearchKeyAggregateID
-	CustomTextSearchKeyTemplate
-	CustomTextSearchKeyLanguage
-	CustomTextSearchKeyKey
-)
-
-type CustomTextSearchQuery struct {
-	Key    CustomTextSearchKey
-	Method domain.SearchMethod
-	Value  interface{}
-}
-
-type CustomTextSearchResponse struct {
-	Offset      uint64
-	Limit       uint64
-	TotalResult uint64
-	Result      []*CustomTextView
-	Sequence    uint64
-	Timestamp   time.Time
-}

internal/iam/model/iam_member_view.go

@@ -1,70 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	caos_errors "github.com/caos/zitadel/internal/errors"
-
-	"time"
-)
-
-type IAMMemberView struct {
-	UserID             string
-	IAMID              string
-	UserName           string
-	Email              string
-	FirstName          string
-	LastName           string
-	DisplayName        string
-	PreferredLoginName string
-	AvatarURL          string
-	UserResourceOwner  string
-	Roles              []string
-	CreationDate       time.Time
-	ChangeDate         time.Time
-	Sequence           uint64
-}
-
-type IAMMemberSearchRequest struct {
-	Offset        uint64
-	Limit         uint64
-	SortingColumn IAMMemberSearchKey
-	Asc           bool
-	Queries       []*IAMMemberSearchQuery
-}
-
-type IAMMemberSearchKey int32
-
-const (
-	IAMMemberSearchKeyUnspecified IAMMemberSearchKey = iota
-	IAMMemberSearchKeyUserName
-	IAMMemberSearchKeyEmail
-	IAMMemberSearchKeyFirstName
-	IAMMemberSearchKeyLastName
-	IAMMemberSearchKeyIamID
-	IAMMemberSearchKeyUserID
-)
-
-type IAMMemberSearchQuery struct {
-	Key    IAMMemberSearchKey
-	Method domain.SearchMethod
-	Value  interface{}
-}
-
-type IAMMemberSearchResponse struct {
-	Offset      uint64
-	Limit       uint64
-	TotalResult uint64
-	Result      []*IAMMemberView
-	Sequence    uint64
-	Timestamp   time.Time
-}
-
-func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) error {
-	if r.Limit > limit {
-		return caos_errors.ThrowInvalidArgument(nil, "SEARCH-vn8ds", "Errors.Limit.ExceedsDefault")
-	}
-	if r.Limit == 0 {
-		r.Limit = limit
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/iam.go

@@ -1,93 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/domain"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-)
-
-const (
-	IAMVersion = "v1"
-)
-
-type Step int
-
-const (
-	Step1     = Step(model.Step1)
-	Step2     = Step(model.Step2)
-	StepCount = Step(model.StepCount)
-)
-
-type IAM struct {
-	es_models.ObjectRoot
-	SetUpStarted Step   `json:"-"`
-	SetUpDone    Step   `json:"-"`
-	GlobalOrgID  string `json:"globalOrgId,omitempty"`
-	IAMProjectID string `json:"iamProjectId,omitempty"`
-}
-
-func IAMToModel(iam *IAM) *model.IAM {
-	converted := &model.IAM{
-		ObjectRoot:   iam.ObjectRoot,
-		SetUpStarted: domain.Step(iam.SetUpStarted),
-		SetUpDone:    domain.Step(iam.SetUpDone),
-		GlobalOrgID:  iam.GlobalOrgID,
-		IAMProjectID: iam.IAMProjectID,
-	}
-	return converted
-}
-
-func (i *IAM) AppendEvents(events ...*es_models.Event) error {
-	for _, event := range events {
-		if err := i.AppendEvent(event); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
-	i.ObjectRoot.AppendEvent(event)
-	switch event.Type {
-	case IAMSetupStarted:
-		if len(event.Data) == 0 {
-			i.SetUpStarted = Step(model.Step1)
-			return
-		}
-		step := new(struct{ Step Step })
-		err = json.Unmarshal(event.Data, step)
-		if err != nil {
-			return err
-		}
-		i.SetUpStarted = step.Step
-	case IAMSetupDone:
-		if len(event.Data) == 0 {
-			i.SetUpDone = Step(model.Step1)
-			return
-		}
-		step := new(struct{ Step Step })
-		err = json.Unmarshal(event.Data, step)
-		if err != nil {
-			return err
-		}
-		i.SetUpDone = step.Step
-	case IAMProjectSet,
-		GlobalOrgSet:
-		err = i.SetData(event)
-	}
-
-	return err
-}
-
-func (i *IAM) SetData(event *es_models.Event) error {
-	i.ObjectRoot.AppendEvent(event)
-	if err := json.Unmarshal(event.Data, i); err != nil {
-		logging.Log("EVEN-9sie4").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-slwi3", "could not unmarshal event")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/iam_test.go

@@ -1,75 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"testing"
-
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-)
-
-func mockIamData(iam *IAM) []byte {
-	data, _ := json.Marshal(iam)
-	return data
-}
-
-func TestProjectRoleAppendEvent(t *testing.T) {
-	type args struct {
-		event *es_models.Event
-		iam   *IAM
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *IAM
-	}{
-		{
-			name: "append set up start event",
-			args: args{
-				event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupStarted, ResourceOwner: "OrgID"},
-				iam:   &IAM{},
-			},
-			result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
-		},
-		{
-			name: "append set up done event",
-			args: args{
-				event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupDone, ResourceOwner: "OrgID"},
-				iam:   &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
-			},
-			result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, SetUpDone: Step1},
-		},
-		{
-			name: "append globalorg event",
-			args: args{
-				event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{GlobalOrgID: "GlobalOrg"})},
-				iam:   &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
-			},
-			result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, GlobalOrgID: "GlobalOrg"},
-		},
-		{
-			name: "append iamproject event",
-			args: args{
-				event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{IAMProjectID: "IamProject"})},
-				iam:   &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1},
-			},
-			result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: Step1, IAMProjectID: "IamProject"},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			tt.args.iam.AppendEvent(tt.args.event)
-			if tt.args.iam.AggregateID != tt.result.AggregateID {
-				t.Errorf("got wrong result AggregateID: expected: %v, actual: %v ", tt.result.AggregateID, tt.args.iam.AggregateID)
-			}
-			if tt.args.iam.SetUpDone != tt.result.SetUpDone {
-				t.Errorf("got wrong result SetUpDone: expected: %v, actual: %v ", tt.result.SetUpDone, tt.args.iam.SetUpDone)
-			}
-			if tt.args.iam.GlobalOrgID != tt.result.GlobalOrgID {
-				t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.result.GlobalOrgID, tt.args.iam.GlobalOrgID)
-			}
-			if tt.args.iam.IAMProjectID != tt.result.IAMProjectID {
-				t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.result.IAMProjectID, tt.args.iam.IAMProjectID)
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/idp_config.go

@@ -1,78 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/logging"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-)
-
-type IDPConfig struct {
-	es_models.ObjectRoot
-	IDPConfigID string `json:"idpConfigId"`
-	State       int32  `json:"-"`
-	Name        string `json:"name,omitempty"`
-	Type        int32  `json:"idpType,omitempty"`
-	StylingType int32  `json:"stylingType,omitempty"`
-
-	OIDCIDPConfig *OIDCIDPConfig `json:"-"`
-}
-
-type IDPConfigID struct {
-	es_models.ObjectRoot
-	IDPConfigID string `json:"idpConfigId"`
-}
-
-func GetIDPConfig(idps []*IDPConfig, id string) (int, *IDPConfig) {
-	for i, idp := range idps {
-		if idp.IDPConfigID == id {
-			return i, idp
-		}
-	}
-	return -1, nil
-}
-
-func (c *IDPConfig) Changes(changed *IDPConfig) map[string]interface{} {
-	changes := make(map[string]interface{}, 1)
-	changes["idpConfigId"] = c.IDPConfigID
-	if changed.Name != "" && c.Name != changed.Name {
-		changes["name"] = changed.Name
-	}
-	if c.StylingType != changed.StylingType {
-		changes["stylingType"] = changed.StylingType
-	}
-	return changes
-}
-
-func IDPConfigsToModel(idps []*IDPConfig) []*model.IDPConfig {
-	convertedIDPConfigs := make([]*model.IDPConfig, len(idps))
-	for i, idp := range idps {
-		convertedIDPConfigs[i] = IDPConfigToModel(idp)
-	}
-	return convertedIDPConfigs
-}
-
-func IDPConfigToModel(idp *IDPConfig) *model.IDPConfig {
-	converted := &model.IDPConfig{
-		ObjectRoot:  idp.ObjectRoot,
-		IDPConfigID: idp.IDPConfigID,
-		Name:        idp.Name,
-		StylingType: model.IDPStylingType(idp.StylingType),
-		State:       model.IDPConfigState(idp.State),
-		Type:        model.IdpConfigType(idp.Type),
-	}
-	if idp.OIDCIDPConfig != nil {
-		converted.OIDCConfig = OIDCIDPConfigToModel(idp.OIDCIDPConfig)
-	}
-	return converted
-}
-
-func (c *IDPConfig) SetData(event *es_models.Event) error {
-	c.ObjectRoot.AppendEvent(event)
-	if err := json.Unmarshal(event.Data, c); err != nil {
-		logging.Log("EVEN-Msj9w").WithError(err).Error("could not unmarshal event data")
-		return err
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/idp_config_test.go

@@ -1,49 +0,0 @@
-package model
-
-import (
-	"testing"
-)
-
-func TestIdpConfigChanges(t *testing.T) {
-	type args struct {
-		existing *IDPConfig
-		new      *IDPConfig
-	}
-	type res struct {
-		changesLen int
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			name: "idp config name changes",
-			args: args{
-				existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
-				new:      &IDPConfig{IDPConfigID: "IDPConfigID", Name: "NameChanged"},
-			},
-			res: res{
-				changesLen: 2,
-			},
-		},
-		{
-			name: "no changes",
-			args: args{
-				existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
-				new:      &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
-			},
-			res: res{
-				changesLen: 1,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			changes := tt.args.existing.Changes(tt.args.new)
-			if len(changes) != tt.res.changesLen {
-				t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/label_policy.go

@@ -1,55 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type LabelPolicy struct {
-	es_models.ObjectRoot
-	State               int32  `json:"-"`
-	PrimaryColor        string `json:"primaryColor"`
-	BackgroundColor     string `json:"backgroundColor"`
-	FontColor           string `json:"fontColor"`
-	WarnColor           string `json:"warnColor"`
-	PrimaryColorDark    string `json:"primaryColorDark"`
-	BackgroundColorDark string `json:"backgroundColorDark"`
-	FontColorDark       string `json:"fontColorDark"`
-	WarnColorDark       string `json:"warnColorDark"`
-	HideLoginNameSuffix bool   `json:"hideLoginNameSuffix"`
-}
-
-func LabelPolicyToModel(policy *LabelPolicy) *iam_model.LabelPolicy {
-	return &iam_model.LabelPolicy{
-		ObjectRoot:          policy.ObjectRoot,
-		State:               iam_model.PolicyState(policy.State),
-		PrimaryColor:        policy.PrimaryColor,
-		BackgroundColor:     policy.BackgroundColor,
-		WarnColor:           policy.WarnColor,
-		FontColor:           policy.FontColor,
-		PrimaryColorDark:    policy.PrimaryColorDark,
-		BackgroundColorDark: policy.BackgroundColorDark,
-		WarnColorDark:       policy.WarnColorDark,
-		FontColorDark:       policy.FontColorDark,
-		HideLoginNameSuffix: policy.HideLoginNameSuffix,
-	}
-}
-
-func (p *LabelPolicy) SetDataLabel(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "MODEL-Gdgwq", "unable to unmarshal data")
-	}
-	return nil
-}
-
-func (p *IDPProvider) SetDataLabel(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "MODEL-c41Hn", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/lockout_policy.go

@@ -1,46 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type LockoutPolicy struct {
-	es_models.ObjectRoot
-
-	State               int32  `json:"-"`
-	MaxPasswordAttempts uint64 `json:"maxPasswordAttempts"`
-	ShowLockOutFailures bool   `json:"showLockOutFailures"`
-}
-
-func LockoutPolicyToModel(policy *LockoutPolicy) *iam_model.LockoutPolicy {
-	return &iam_model.LockoutPolicy{
-		ObjectRoot:          policy.ObjectRoot,
-		State:               iam_model.PolicyState(policy.State),
-		MaxPasswordAttempts: policy.MaxPasswordAttempts,
-		ShowLockOutFailures: policy.ShowLockOutFailures,
-	}
-}
-
-func (p *LockoutPolicy) Changes(changed *LockoutPolicy) map[string]interface{} {
-	changes := make(map[string]interface{}, 2)
-
-	if p.MaxPasswordAttempts != changed.MaxPasswordAttempts {
-		changes["maxAttempts"] = changed.MaxPasswordAttempts
-	}
-	if p.ShowLockOutFailures != changed.ShowLockOutFailures {
-		changes["showLockOutFailures"] = changed.ShowLockOutFailures
-	}
-	return changes
-}
-
-func (p *LockoutPolicy) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/lockout_policy_test.go

@@ -1,49 +0,0 @@
-package model
-
-import (
-	"testing"
-)
-
-func TestPasswordLockoutPolicyChanges(t *testing.T) {
-	type args struct {
-		existing *LockoutPolicy
-		new      *LockoutPolicy
-	}
-	type res struct {
-		changesLen int
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			name: "lockout policy all attributes change",
-			args: args{
-				existing: &LockoutPolicy{MaxPasswordAttempts: 365, ShowLockOutFailures: true},
-				new:      &LockoutPolicy{MaxPasswordAttempts: 730, ShowLockOutFailures: false},
-			},
-			res: res{
-				changesLen: 2,
-			},
-		},
-		{
-			name: "no changes",
-			args: args{
-				existing: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
-				new:      &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
-			},
-			res: res{
-				changesLen: 0,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			changes := tt.args.existing.Changes(tt.args.new)
-			if len(changes) != tt.res.changesLen {
-				t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/login_policy.go

@@ -1,149 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type LoginPolicy struct {
-	es_models.ObjectRoot
-	State                 int32          `json:"-"`
-	AllowUsernamePassword bool           `json:"allowUsernamePassword"`
-	AllowRegister         bool           `json:"allowRegister"`
-	AllowExternalIdp      bool           `json:"allowExternalIdp"`
-	ForceMFA              bool           `json:"forceMFA"`
-	PasswordlessType      int32          `json:"passwordlessType"`
-	IDPProviders          []*IDPProvider `json:"-"`
-	SecondFactors         []int32        `json:"-"`
-	MultiFactors          []int32        `json:"-"`
-}
-
-type IDPProvider struct {
-	es_models.ObjectRoot
-	Type        int32  `json:"idpProviderType"`
-	IDPConfigID string `json:"idpConfigId"`
-}
-
-type IDPProviderID struct {
-	IDPConfigID string `json:"idpConfigId"`
-}
-
-type MFA struct {
-	MFAType int32 `json:"mfaType"`
-}
-
-func GetIDPProvider(providers []*IDPProvider, id string) (int, *IDPProvider) {
-	for i, p := range providers {
-		if p.IDPConfigID == id {
-			return i, p
-		}
-	}
-	return -1, nil
-}
-
-func GetMFA(mfas []int32, mfaType int32) (int, int32) {
-	for i, m := range mfas {
-		if m == mfaType {
-			return i, m
-		}
-	}
-	return -1, 0
-}
-func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
-	idps := IDPProvidersToModel(policy.IDPProviders)
-	secondFactors := SecondFactorsToModel(policy.SecondFactors)
-	multiFactors := MultiFactorsToModel(policy.MultiFactors)
-	return &iam_model.LoginPolicy{
-		ObjectRoot:            policy.ObjectRoot,
-		State:                 iam_model.PolicyState(policy.State),
-		AllowUsernamePassword: policy.AllowUsernamePassword,
-		AllowRegister:         policy.AllowRegister,
-		AllowExternalIdp:      policy.AllowExternalIdp,
-		IDPProviders:          idps,
-		ForceMFA:              policy.ForceMFA,
-		SecondFactors:         secondFactors,
-		MultiFactors:          multiFactors,
-		PasswordlessType:      iam_model.PasswordlessType(policy.PasswordlessType),
-	}
-}
-
-func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
-	convertedProviders := make([]*iam_model.IDPProvider, len(members))
-	for i, m := range members {
-		convertedProviders[i] = IDPProviderToModel(m)
-	}
-	return convertedProviders
-}
-
-func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
-	return &iam_model.IDPProvider{
-		ObjectRoot:  provider.ObjectRoot,
-		Type:        iam_model.IDPProviderType(provider.Type),
-		IDPConfigID: provider.IDPConfigID,
-	}
-}
-
-func SecondFactorsToModel(mfas []int32) []domain.SecondFactorType {
-	convertedMFAs := make([]domain.SecondFactorType, len(mfas))
-	for i, mfa := range mfas {
-		convertedMFAs[i] = domain.SecondFactorType(mfa)
-	}
-	return convertedMFAs
-}
-
-func MultiFactorsToModel(mfas []int32) []domain.MultiFactorType {
-	convertedMFAs := make([]domain.MultiFactorType, len(mfas))
-	for i, mfa := range mfas {
-		convertedMFAs[i] = domain.MultiFactorType(mfa)
-	}
-	return convertedMFAs
-}
-
-func (p *LoginPolicy) Changes(changed *LoginPolicy) map[string]interface{} {
-	changes := make(map[string]interface{}, 2)
-
-	if changed.AllowUsernamePassword != p.AllowUsernamePassword {
-		changes["allowUsernamePassword"] = changed.AllowUsernamePassword
-	}
-	if changed.AllowRegister != p.AllowRegister {
-		changes["allowRegister"] = changed.AllowRegister
-	}
-	if changed.AllowExternalIdp != p.AllowExternalIdp {
-		changes["allowExternalIdp"] = changed.AllowExternalIdp
-	}
-	if changed.ForceMFA != p.ForceMFA {
-		changes["forceMFA"] = changed.ForceMFA
-	}
-	if changed.PasswordlessType != p.PasswordlessType {
-		changes["passwordlessType"] = changed.PasswordlessType
-	}
-	return changes
-}
-
-func (p *LoginPolicy) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
-	}
-	return nil
-}
-
-func (p *IDPProvider) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-ldos9", "unable to unmarshal data")
-	}
-	return nil
-}
-
-func (m *MFA) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, m)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-4G9os", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/mail_template.go

@@ -1,41 +0,0 @@
-package model
-
-import (
-	b64 "encoding/base64"
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type MailTemplate struct {
-	es_models.ObjectRoot
-	State    int32 `json:"-"`
-	Template []byte
-}
-
-func MailTemplateToModel(template *MailTemplate) *iam_model.MailTemplate {
-	return &iam_model.MailTemplate{
-		ObjectRoot: template.ObjectRoot,
-		State:      iam_model.PolicyState(template.State),
-		Template:   template.Template,
-	}
-}
-
-func (p *MailTemplate) Changes(changed *MailTemplate) map[string]interface{} {
-	changes := make(map[string]interface{}, 1)
-	if b64.StdEncoding.EncodeToString(changed.Template) != b64.StdEncoding.EncodeToString(p.Template) {
-		changes["template"] = b64.StdEncoding.EncodeToString(changed.Template)
-	}
-
-	return changes
-}
-
-func (p *MailTemplate) SetDataLabel(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "MODEL-ikjhf", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/mail_template_test.go

@@ -1,49 +0,0 @@
-package model
-
-import (
-	"testing"
-)
-
-func TestMailTemplateChanges(t *testing.T) {
-	type args struct {
-		existing *MailTemplate
-		new      *MailTemplate
-	}
-	type res struct {
-		changesLen int
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			name: "mailtemplate all attributes change",
-			args: args{
-				existing: &MailTemplate{Template: []byte("<doctype html>")},
-				new:      &MailTemplate{Template: []byte("<!doctype html>")},
-			},
-			res: res{
-				changesLen: 1,
-			},
-		},
-		{
-			name: "no changes",
-			args: args{
-				existing: &MailTemplate{Template: []byte("<!doctype html>")},
-				new:      &MailTemplate{Template: []byte("<!doctype html>")},
-			},
-			res: res{
-				changesLen: 0,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			changes := tt.args.existing.Changes(tt.args.new)
-			if len(changes) != tt.res.changesLen {
-				t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/mail_text.go

@@ -1,119 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type MailText struct {
-	es_models.ObjectRoot
-	State        int32 `json:"-"`
-	MailTextType string
-	Language     string
-	Title        string
-	PreHeader    string
-	Subject      string
-	Greeting     string
-	Text         string
-	ButtonText   string
-}
-
-func GetMailText(mailTexts []*MailText, mailTextType string, language string) (int, *MailText) {
-	for i, m := range mailTexts {
-		if m.MailTextType == mailTextType && m.Language == language {
-			return i, m
-		}
-	}
-	return -1, nil
-}
-
-func MailTextsToModel(mailTexts []*MailText) []*iam_model.MailText {
-	convertedMailTexts := make([]*iam_model.MailText, len(mailTexts))
-	for i, m := range mailTexts {
-		convertedMailTexts[i] = MailTextToModel(m)
-	}
-	return convertedMailTexts
-}
-
-func MailTextToModel(mailText *MailText) *iam_model.MailText {
-	return &iam_model.MailText{
-		ObjectRoot:   mailText.ObjectRoot,
-		State:        iam_model.PolicyState(mailText.State),
-		MailTextType: mailText.MailTextType,
-		Language:     mailText.Language,
-		Title:        mailText.Title,
-		PreHeader:    mailText.PreHeader,
-		Subject:      mailText.Subject,
-		Greeting:     mailText.Greeting,
-		Text:         mailText.Text,
-		ButtonText:   mailText.ButtonText,
-	}
-}
-
-func MailTextsFromModel(mailTexts []*iam_model.MailText) []*MailText {
-	convertedMailTexts := make([]*MailText, len(mailTexts))
-	for i, m := range mailTexts {
-		convertedMailTexts[i] = MailTextFromModel(m)
-	}
-	return convertedMailTexts
-}
-
-func MailTextFromModel(mailText *iam_model.MailText) *MailText {
-	return &MailText{
-		ObjectRoot:   mailText.ObjectRoot,
-		State:        int32(mailText.State),
-		MailTextType: mailText.MailTextType,
-		Language:     mailText.Language,
-		Title:        mailText.Title,
-		PreHeader:    mailText.PreHeader,
-		Subject:      mailText.Subject,
-		Greeting:     mailText.Greeting,
-		Text:         mailText.Text,
-		ButtonText:   mailText.ButtonText,
-	}
-}
-
-func (p *MailText) Changes(changed *MailText) map[string]interface{} {
-	changes := make(map[string]interface{}, 8)
-
-	changes["mailTextType"] = changed.MailTextType
-
-	changes["language"] = changed.Language
-
-	if changed.Title != p.Title {
-		changes["title"] = changed.Title
-	}
-
-	if changed.PreHeader != p.PreHeader {
-		changes["preHeader"] = changed.PreHeader
-	}
-
-	if changed.Subject != p.Subject {
-		changes["subject"] = changed.Subject
-	}
-
-	if changed.Greeting != p.Greeting {
-		changes["greeting"] = changed.Greeting
-	}
-
-	if changed.Text != p.Text {
-		changes["text"] = changed.Text
-	}
-
-	if changed.ButtonText != p.ButtonText {
-		changes["buttonText"] = changed.ButtonText
-	}
-
-	return changes
-}
-
-func (p *MailText) SetDataLabel(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "MODEL-3FUV5", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/oidc_idp_config.go

@@ -1,69 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"reflect"
-
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/crypto"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-	"github.com/lib/pq"
-)
-
-type OIDCIDPConfig struct {
-	es_models.ObjectRoot
-	IDPConfigID           string              `json:"idpConfigId"`
-	ClientID              string              `json:"clientId"`
-	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
-	Issuer                string              `json:"issuer,omitempty"`
-	Scopes                pq.StringArray      `json:"scopes,omitempty"`
-	IDPDisplayNameMapping int32               `json:"idpDisplayNameMapping,omitempty"`
-	UsernameMapping       int32               `json:"usernameMapping,omitempty"`
-}
-
-func (c *OIDCIDPConfig) Changes(changed *OIDCIDPConfig) map[string]interface{} {
-	changes := make(map[string]interface{}, 1)
-	changes["idpConfigId"] = c.IDPConfigID
-	if c.ClientID != changed.ClientID {
-		changes["clientId"] = changed.ClientID
-	}
-	if changed.ClientSecret != nil && c.ClientSecret != changed.ClientSecret {
-		changes["clientSecret"] = changed.ClientSecret
-	}
-	if c.Issuer != changed.Issuer {
-		changes["issuer"] = changed.Issuer
-	}
-	if !reflect.DeepEqual(c.Scopes, changed.Scopes) {
-		changes["scopes"] = changed.Scopes
-	}
-	if c.IDPDisplayNameMapping != changed.IDPDisplayNameMapping {
-		changes["idpDisplayNameMapping"] = changed.IDPDisplayNameMapping
-	}
-	if c.UsernameMapping != changed.UsernameMapping {
-		changes["usernameMapping"] = changed.UsernameMapping
-	}
-	return changes
-}
-
-func OIDCIDPConfigToModel(config *OIDCIDPConfig) *model.OIDCIDPConfig {
-	return &model.OIDCIDPConfig{
-		ObjectRoot:            config.ObjectRoot,
-		IDPConfigID:           config.IDPConfigID,
-		ClientID:              config.ClientID,
-		ClientSecret:          config.ClientSecret,
-		Issuer:                config.Issuer,
-		Scopes:                config.Scopes,
-		IDPDisplayNameMapping: model.OIDCMappingField(config.IDPDisplayNameMapping),
-		UsernameMapping:       model.OIDCMappingField(config.UsernameMapping),
-	}
-}
-
-func (o *OIDCIDPConfig) SetData(event *es_models.Event) error {
-	o.ObjectRoot.AppendEvent(event)
-	if err := json.Unmarshal(event.Data, o); err != nil {
-		logging.Log("EVEN-Msh8s").WithError(err).Error("could not unmarshal event data")
-		return err
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/oidc_idp_config_test.go

@@ -1,73 +0,0 @@
-package model
-
-import (
-	"testing"
-
-	"github.com/caos/zitadel/internal/crypto"
-)
-
-func TestOIDCIdpConfigChanges(t *testing.T) {
-	type args struct {
-		existing *OIDCIDPConfig
-		new      *OIDCIDPConfig
-	}
-	type res struct {
-		changesLen int
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			name: "all possible values change",
-			args: args{
-				existing: &OIDCIDPConfig{
-					IDPConfigID:  "IDPConfigID",
-					ClientID:     "ClientID",
-					ClientSecret: &crypto.CryptoValue{KeyID: "KeyID"},
-					Issuer:       "Issuer",
-					Scopes:       []string{"scope1"},
-				},
-				new: &OIDCIDPConfig{
-					IDPConfigID:  "IDPConfigID",
-					ClientID:     "ClientID2",
-					ClientSecret: &crypto.CryptoValue{KeyID: "KeyID2"},
-					Issuer:       "Issuer2",
-					Scopes:       []string{"scope1", "scope2"},
-				},
-			},
-			res: res{
-				changesLen: 5,
-			},
-		},
-		{
-			name: "no changes",
-			args: args{
-				existing: &OIDCIDPConfig{
-					IDPConfigID: "IDPConfigID",
-					ClientID:    "ClientID",
-					Issuer:      "Issuer",
-					Scopes:      []string{"scope1"},
-				},
-				new: &OIDCIDPConfig{
-					IDPConfigID: "IDPConfigID",
-					ClientID:    "ClientID",
-					Issuer:      "Issuer",
-					Scopes:      []string{"scope1"},
-				},
-			},
-			res: res{
-				changesLen: 1,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			changes := tt.args.existing.Changes(tt.args.new)
-			if len(changes) != tt.res.changesLen {
-				t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/password_age_policy.go

@@ -1,46 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type PasswordAgePolicy struct {
-	es_models.ObjectRoot
-
-	State          int32  `json:"-"`
-	MaxAgeDays     uint64 `json:"maxAgeDays"`
-	ExpireWarnDays uint64 `json:"expireWarnDays"`
-}
-
-func PasswordAgePolicyToModel(policy *PasswordAgePolicy) *iam_model.PasswordAgePolicy {
-	return &iam_model.PasswordAgePolicy{
-		ObjectRoot:     policy.ObjectRoot,
-		State:          iam_model.PolicyState(policy.State),
-		MaxAgeDays:     policy.MaxAgeDays,
-		ExpireWarnDays: policy.ExpireWarnDays,
-	}
-}
-
-func (p *PasswordAgePolicy) Changes(changed *PasswordAgePolicy) map[string]interface{} {
-	changes := make(map[string]interface{}, 1)
-
-	if p.MaxAgeDays != changed.MaxAgeDays {
-		changes["maxAgeDays"] = changed.MaxAgeDays
-	}
-	if p.ExpireWarnDays != changed.ExpireWarnDays {
-		changes["expireWarnDays"] = changed.ExpireWarnDays
-	}
-	return changes
-}
-
-func (p *PasswordAgePolicy) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/password_age_policy_test.go

@@ -1,49 +0,0 @@
-package model
-
-import (
-	"testing"
-)
-
-func TestPasswordAgePolicyChanges(t *testing.T) {
-	type args struct {
-		existing *PasswordAgePolicy
-		new      *PasswordAgePolicy
-	}
-	type res struct {
-		changesLen int
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			name: "age policy all attributes change",
-			args: args{
-				existing: &PasswordAgePolicy{MaxAgeDays: 365, ExpireWarnDays: 5},
-				new:      &PasswordAgePolicy{MaxAgeDays: 730, ExpireWarnDays: 10},
-			},
-			res: res{
-				changesLen: 2,
-			},
-		},
-		{
-			name: "no changes",
-			args: args{
-				existing: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
-				new:      &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
-			},
-			res: res{
-				changesLen: 0,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			changes := tt.args.existing.Changes(tt.args.new)
-			if len(changes) != tt.res.changesLen {
-				t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
-			}
-		})
-	}
-}

internal/iam/repository/eventsourcing/model/password_complexity_policy.go

@@ -1,40 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type PasswordComplexityPolicy struct {
-	es_models.ObjectRoot
-
-	State        int32  `json:"-"`
-	MinLength    uint64 `json:"minLength"`
-	HasLowercase bool   `json:"hasLowercase"`
-	HasUppercase bool   `json:"hasUppercase"`
-	HasNumber    bool   `json:"hasNumber"`
-	HasSymbol    bool   `json:"hasSymbol"`
-}
-
-func PasswordComplexityPolicyToModel(policy *PasswordComplexityPolicy) *iam_model.PasswordComplexityPolicy {
-	return &iam_model.PasswordComplexityPolicy{
-		ObjectRoot:   policy.ObjectRoot,
-		State:        iam_model.PolicyState(policy.State),
-		MinLength:    policy.MinLength,
-		HasLowercase: policy.HasLowercase,
-		HasUppercase: policy.HasUppercase,
-		HasNumber:    policy.HasNumber,
-		HasSymbol:    policy.HasSymbol,
-	}
-}
-
-func (p *PasswordComplexityPolicy) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/types.go

@@ -1,76 +0,0 @@
-package model
-
-import "github.com/caos/zitadel/internal/eventstore/v1/models"
-
-const (
-	IAMAggregate models.AggregateType = "iam"
-
-	IAMSetupStarted         models.EventType = "iam.setup.started"
-	IAMSetupDone            models.EventType = "iam.setup.done"
-	GlobalOrgSet            models.EventType = "iam.global.org.set"
-	IAMProjectSet           models.EventType = "iam.project.iam.set"
-	IAMMemberAdded          models.EventType = "iam.member.added"
-	IAMMemberChanged        models.EventType = "iam.member.changed"
-	IAMMemberRemoved        models.EventType = "iam.member.removed"
-	IAMMemberCascadeRemoved models.EventType = "iam.member.cascade.removed"
-
-	IDPConfigAdded       models.EventType = "iam.idp.config.added"
-	IDPConfigChanged     models.EventType = "iam.idp.config.changed"
-	IDPConfigRemoved     models.EventType = "iam.idp.config.removed"
-	IDPConfigDeactivated models.EventType = "iam.idp.config.deactivated"
-	IDPConfigReactivated models.EventType = "iam.idp.config.reactivated"
-
-	OIDCIDPConfigAdded   models.EventType = "iam.idp.oidc.config.added"
-	OIDCIDPConfigChanged models.EventType = "iam.idp.oidc.config.changed"
-
-	SAMLIDPConfigAdded   models.EventType = "iam.idp.saml.config.added"
-	SAMLIDPConfigChanged models.EventType = "iam.idp.saml.config.changed"
-
-	LoginPolicyAdded                     models.EventType = "iam.policy.login.added"
-	LoginPolicyChanged                   models.EventType = "iam.policy.login.changed"
-	LoginPolicyIDPProviderAdded          models.EventType = "iam.policy.login.idpprovider.added"
-	LoginPolicyIDPProviderRemoved        models.EventType = "iam.policy.login.idpprovider.removed"
-	LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
-	LoginPolicySecondFactorAdded         models.EventType = "iam.policy.login.secondfactor.added"
-	LoginPolicySecondFactorRemoved       models.EventType = "iam.policy.login.secondfactor.removed"
-	LoginPolicyMultiFactorAdded          models.EventType = "iam.policy.login.multifactor.added"
-	LoginPolicyMultiFactorRemoved        models.EventType = "iam.policy.login.multifactor.removed"
-
-	LabelPolicyAdded     models.EventType = "iam.policy.label.added"
-	LabelPolicyChanged   models.EventType = "iam.policy.label.changed"
-	LabelPolicyActivated models.EventType = "iam.policy.label.activated"
-
-	LabelPolicyLogoAdded       models.EventType = "iam.policy.label.logo.added"
-	LabelPolicyLogoRemoved     models.EventType = "iam.policy.label.logo.removed"
-	LabelPolicyIconAdded       models.EventType = "iam.policy.label.icon.added"
-	LabelPolicyIconRemoved     models.EventType = "iam.policy.label.icon.removed"
-	LabelPolicyLogoDarkAdded   models.EventType = "iam.policy.label.logo.dark.added"
-	LabelPolicyLogoDarkRemoved models.EventType = "iam.policy.label.logo.dark.removed"
-	LabelPolicyIconDarkAdded   models.EventType = "iam.policy.label.icon.dark.added"
-	LabelPolicyIconDarkRemoved models.EventType = "iam.policy.label.icon.dark.removed"
-	LabelPolicyFontAdded       models.EventType = "iam.policy.label.font.added"
-	LabelPolicyFontRemoved     models.EventType = "iam.policy.label.font.removed"
-	LabelPolicyAssetsRemoved   models.EventType = "iam.policy.label.assets.removed"
-
-	MailTemplateAdded   models.EventType = "iam.mail.template.added"
-	MailTemplateChanged models.EventType = "iam.mail.template.changed"
-
-	CustomTextSet            models.EventType = "iam.customtext.set"
-	CustomTextRemoved        models.EventType = "iam.customtext.removed"
-	CustomTextMessageRemoved models.EventType = "iam.customtext.template.removed"
-
-	PasswordComplexityPolicyAdded   models.EventType = "iam.policy.password.complexity.added"
-	PasswordComplexityPolicyChanged models.EventType = "iam.policy.password.complexity.changed"
-
-	PasswordAgePolicyAdded   models.EventType = "iam.policy.password.age.added"
-	PasswordAgePolicyChanged models.EventType = "iam.policy.password.age.changed"
-
-	LockoutPolicyAdded   models.EventType = "iam.policy.lockout.added"
-	LockoutPolicyChanged models.EventType = "iam.policy.lockout.changed"
-
-	PrivacyPolicyAdded   models.EventType = "iam.policy.privacy.added"
-	PrivacyPolicyChanged models.EventType = "iam.policy.privacy.changed"
-
-	OrgIAMPolicyAdded   models.EventType = "iam.policy.org.iam.added"
-	OrgIAMPolicyChanged models.EventType = "iam.policy.org.iam.changed"
-)

internal/iam/repository/view/model/custom_text.go

@@ -1,897 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"strings"
-	"time"
-
-	"golang.org/x/text/language"
-
-	"github.com/caos/zitadel/internal/domain"
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-
-	"github.com/caos/logging"
-
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-)
-
-const (
-	CustomTextKeyAggregateID = "aggregate_id"
-	CustomTextKeyTemplate    = "template"
-	CustomTextKeyLanguage    = "language"
-	CustomTextKeyKey         = "key"
-)
-
-type CustomTextView struct {
-	AggregateID  string    `json:"-" gorm:"column:aggregate_id;primary_key"`
-	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
-	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
-
-	Template string `json:"template" gorm:"column:template;primary_key"`
-	Language string `json:"language" gorm:"column:language;primary_key"`
-	Key      string `json:"key" gorm:"column:key;primary_key"`
-	Text     string `json:"text" gorm:"column:text"`
-
-	Sequence uint64 `json:"-" gorm:"column:sequence"`
-}
-
-func (i *CustomTextView) AppendEvent(event *models.Event) (err error) {
-	i.Sequence = event.Sequence
-	switch event.Type {
-	case es_model.CustomTextSet, org_es_model.CustomTextSet:
-		i.setRootData(event)
-		err = i.SetData(event)
-		if err != nil {
-			return err
-		}
-		i.ChangeDate = event.CreationDate
-	}
-	return err
-}
-
-func (r *CustomTextView) setRootData(event *models.Event) {
-	r.AggregateID = event.AggregateID
-}
-
-func (r *CustomTextView) SetData(event *models.Event) error {
-	if err := json.Unmarshal(event.Data, r); err != nil {
-		logging.Log("MODEL-3n9fs").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-5CVaR", "Could not unmarshal data")
-	}
-	return nil
-}
-
-func (r *CustomTextView) IsMessageTemplate() bool {
-	return r.Template == domain.InitCodeMessageType ||
-		r.Template == domain.PasswordResetMessageType ||
-		r.Template == domain.VerifyEmailMessageType ||
-		r.Template == domain.VerifyPhoneMessageType ||
-		r.Template == domain.DomainClaimedMessageType ||
-		r.Template == domain.PasswordlessRegistrationMessageType
-}
-
-func CustomTextViewsToLoginDomain(aggregateID, lang string, texts []*CustomTextView) *domain.CustomLoginText {
-	langTag := language.Make(lang)
-	result := &domain.CustomLoginText{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: aggregateID,
-		},
-		Language: langTag,
-	}
-	for _, text := range texts {
-		if text.CreationDate.Before(result.CreationDate) {
-			result.CreationDate = text.CreationDate
-		}
-		if text.ChangeDate.After(result.ChangeDate) {
-			result.ChangeDate = text.ChangeDate
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeySelectAccount) {
-			selectAccountKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyLogin) {
-			loginKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPassword) {
-			passwordKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyUsernameChange) {
-			usernameChangeKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyUsernameChangeDone) {
-			usernameChangeDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitPassword) {
-			initPasswordKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitPasswordDone) {
-			initPasswordDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyEmailVerification) {
-			emailVerificationKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyEmailVerificationDone) {
-			emailVerificationDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitializeUser) {
-			initializeUserKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitUserDone) {
-			initializeUserDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAPrompt) {
-			initMFAPromptKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAOTP) {
-			initMFAOTPKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitMFAU2F) {
-			initMFAU2FKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyInitMFADone) {
-			initMFADoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyMFAProviders) {
-			mfaProvidersKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyVerifyMFAOTP) {
-			verifyMFAOTPKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyVerifyMFAU2F) {
-			verifyMFAU2FKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordless) {
-			passwordlessKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessPrompt) {
-			passwordlessPromptKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessRegistration) {
-			passwordlessRegistrationKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordlessRegistrationDone) {
-			passwordlessRegistrationDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordChange) {
-			passwordChangeKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordChangeDone) {
-			passwordChangeDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyPasswordResetDone) {
-			passwordResetDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationOption) {
-			registrationOptionKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationUser) {
-			registrationUserKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyRegistrationOrg) {
-			registrationOrgKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyLinkingUserDone) {
-			linkingUserKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyExternalNotFound) {
-			externalUserNotFoundKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeySuccessLogin) {
-			successLoginKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyLogoutDone) {
-			logoutDoneKeyToDomain(text, result)
-		}
-		if strings.HasPrefix(text.Key, domain.LoginKeyFooter) {
-			footerKeyToDomain(text, result)
-		}
-	}
-	return result
-}
-
-func selectAccountKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeySelectAccountTitle {
-		result.SelectAccount.Title = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountDescription {
-		result.SelectAccount.Description = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountTitleLinkingProcess {
-		result.SelectAccount.TitleLinking = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountDescriptionLinkingProcess {
-		result.SelectAccount.DescriptionLinking = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountOtherUser {
-		result.SelectAccount.OtherUser = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountSessionStateActive {
-		result.SelectAccount.SessionState0 = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountSessionStateInactive {
-		result.SelectAccount.SessionState1 = text.Text
-	}
-	if text.Key == domain.LoginKeySelectAccountUserMustBeMemberOfOrg {
-		result.SelectAccount.MustBeMemberOfOrg = text.Text
-	}
-}
-
-func loginKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyLoginTitle {
-		result.Login.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginDescription {
-		result.Login.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginTitleLinkingProcess {
-		result.Login.TitleLinking = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginDescriptionLinkingProcess {
-		result.Login.DescriptionLinking = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginNameLabel {
-		result.Login.LoginNameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginUsernamePlaceHolder {
-		result.Login.UsernamePlaceholder = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginLoginnamePlaceHolder {
-		result.Login.LoginnamePlaceholder = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginExternalUserDescription {
-		result.Login.ExternalUserDescription = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginUserMustBeMemberOfOrg {
-		result.Login.MustBeMemberOfOrg = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginRegisterButtonText {
-		result.Login.RegisterButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyLoginNextButtonText {
-		result.Login.NextButtonText = text.Text
-	}
-}
-
-func passwordKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordTitle {
-		result.Password.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordDescription {
-		result.Password.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordLabel {
-		result.Password.PasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordResetLinkText {
-		result.Password.ResetLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordBackButtonText {
-		result.Password.BackButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordNextButtonText {
-		result.Password.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordMinLength {
-		result.Password.MinLength = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordHasUppercase {
-		result.Password.HasUppercase = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordHasLowercase {
-		result.Password.HasLowercase = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordHasNumber {
-		result.Password.HasNumber = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordHasSymbol {
-		result.Password.HasSymbol = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordConfirmation {
-		result.Password.Confirmation = text.Text
-	}
-}
-
-func usernameChangeKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyUsernameChangeTitle {
-		result.UsernameChange.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeDescription {
-		result.UsernameChange.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeUsernameLabel {
-		result.UsernameChange.UsernameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeCancelButtonText {
-		result.UsernameChange.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeNextButtonText {
-		result.UsernameChange.NextButtonText = text.Text
-	}
-}
-
-func usernameChangeDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyUsernameChangeDoneTitle {
-		result.UsernameChangeDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeDoneDescription {
-		result.UsernameChangeDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyUsernameChangeDoneNextButtonText {
-		result.UsernameChangeDone.NextButtonText = text.Text
-	}
-}
-
-func initPasswordKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitPasswordTitle {
-		result.InitPassword.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordDescription {
-		result.InitPassword.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordCodeLabel {
-		result.InitPassword.CodeLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordNewPasswordLabel {
-		result.InitPassword.NewPasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordNewPasswordConfirmLabel {
-		result.InitPassword.NewPasswordConfirmLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordNextButtonText {
-		result.InitPassword.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordResendButtonText {
-		result.InitPassword.ResendButtonText = text.Text
-	}
-}
-
-func initPasswordDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitPasswordDoneTitle {
-		result.InitPasswordDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordDoneDescription {
-		result.InitPasswordDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordDoneNextButtonText {
-		result.InitPasswordDone.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitPasswordDoneCancelButtonText {
-		result.InitPasswordDone.CancelButtonText = text.Text
-	}
-}
-
-func emailVerificationKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyEmailVerificationTitle {
-		result.EmailVerification.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationDescription {
-		result.EmailVerification.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationCodeLabel {
-		result.EmailVerification.CodeLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationNextButtonText {
-		result.EmailVerification.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationResendButtonText {
-		result.EmailVerification.ResendButtonText = text.Text
-	}
-}
-
-func emailVerificationDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyEmailVerificationDoneTitle {
-		result.EmailVerificationDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationDoneDescription {
-		result.EmailVerificationDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationDoneNextButtonText {
-		result.EmailVerificationDone.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationDoneCancelButtonText {
-		result.EmailVerificationDone.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyEmailVerificationDoneLoginButtonText {
-		result.EmailVerificationDone.LoginButtonText = text.Text
-	}
-}
-
-func initializeUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitializeUserTitle {
-		result.InitUser.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserDescription {
-		result.InitUser.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserCodeLabel {
-		result.InitUser.CodeLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserNewPasswordLabel {
-		result.InitUser.NewPasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserNewPasswordConfirmLabel {
-		result.InitUser.NewPasswordConfirmLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserResendButtonText {
-		result.InitUser.ResendButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitializeUserNextButtonText {
-		result.InitUser.NextButtonText = text.Text
-	}
-}
-
-func initializeUserDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitUserDoneTitle {
-		result.InitUserDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitUserDoneDescription {
-		result.InitUserDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitUserDoneCancelButtonText {
-		result.InitUserDone.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitUserDoneNextButtonText {
-		result.InitUserDone.NextButtonText = text.Text
-	}
-}
-
-func initMFAPromptKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitMFAPromptTitle {
-		result.InitMFAPrompt.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAPromptDescription {
-		result.InitMFAPrompt.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAPromptOTPOption {
-		result.InitMFAPrompt.Provider0 = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAPromptU2FOption {
-		result.InitMFAPrompt.Provider1 = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAPromptSkipButtonText {
-		result.InitMFAPrompt.SkipButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAPromptNextButtonText {
-		result.InitMFAPrompt.NextButtonText = text.Text
-	}
-}
-
-func initMFAOTPKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitMFAOTPTitle {
-		result.InitMFAOTP.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPDescription {
-		result.InitMFAOTP.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPDescriptionOTP {
-		result.InitMFAOTP.OTPDescription = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPCodeLabel {
-		result.InitMFAOTP.CodeLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPSecretLabel {
-		result.InitMFAOTP.SecretLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPNextButtonText {
-		result.InitMFAOTP.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAOTPCancelButtonText {
-		result.InitMFAOTP.CancelButtonText = text.Text
-	}
-}
-
-func initMFAU2FKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitMFAU2FTitle {
-		result.InitMFAU2F.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAU2FDescription {
-		result.InitMFAU2F.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAU2FTokenNameLabel {
-		result.InitMFAU2F.TokenNameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAU2FRegisterTokenButtonText {
-		result.InitMFAU2F.RegisterTokenButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAU2FNotSupported {
-		result.InitMFAU2F.NotSupported = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFAU2FErrorRetry {
-		result.InitMFAU2F.ErrorRetry = text.Text
-	}
-}
-
-func initMFADoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyInitMFADoneTitle {
-		result.InitMFADone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFADoneDescription {
-		result.InitMFADone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFADoneCancelButtonText {
-		result.InitMFADone.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyInitMFADoneNextButtonText {
-		result.InitMFADone.NextButtonText = text.Text
-	}
-}
-
-func mfaProvidersKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyMFAProvidersChooseOther {
-		result.MFAProvider.ChooseOther = text.Text
-	}
-	if text.Key == domain.LoginKeyMFAProvidersOTP {
-		result.MFAProvider.Provider0 = text.Text
-	}
-	if text.Key == domain.LoginKeyMFAProvidersU2F {
-		result.MFAProvider.Provider1 = text.Text
-	}
-}
-
-func verifyMFAOTPKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyVerifyMFAOTPTitle {
-		result.VerifyMFAOTP.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAOTPDescription {
-		result.VerifyMFAOTP.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAOTPCodeLabel {
-		result.VerifyMFAOTP.CodeLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAOTPNextButtonText {
-		result.VerifyMFAOTP.NextButtonText = text.Text
-	}
-}
-
-func verifyMFAU2FKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyVerifyMFAU2FTitle {
-		result.VerifyMFAU2F.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAU2FDescription {
-		result.VerifyMFAU2F.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAU2FValidateTokenText {
-		result.VerifyMFAU2F.ValidateTokenButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAU2FNotSupported {
-		result.VerifyMFAU2F.NotSupported = text.Text
-	}
-	if text.Key == domain.LoginKeyVerifyMFAU2FErrorRetry {
-		result.VerifyMFAU2F.ErrorRetry = text.Text
-	}
-}
-
-func passwordlessKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordlessTitle {
-		result.Passwordless.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessDescription {
-		result.Passwordless.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessLoginWithPwButtonText {
-		result.Passwordless.LoginWithPwButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessValidateTokenButtonText {
-		result.Passwordless.ValidateTokenButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessNotSupported {
-		result.Passwordless.NotSupported = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessErrorRetry {
-		result.Passwordless.ErrorRetry = text.Text
-	}
-}
-
-func passwordlessPromptKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordlessPromptTitle {
-		result.PasswordlessPrompt.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessPromptDescription {
-		result.PasswordlessPrompt.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessPromptDescriptionInit {
-		result.PasswordlessPrompt.DescriptionInit = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessPromptPasswordlessButtonText {
-		result.PasswordlessPrompt.PasswordlessButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessPromptNextButtonText {
-		result.PasswordlessPrompt.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessPromptSkipButtonText {
-		result.PasswordlessPrompt.SkipButtonText = text.Text
-	}
-}
-
-func passwordlessRegistrationKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordlessRegistrationTitle {
-		result.PasswordlessRegistration.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDescription {
-		result.PasswordlessRegistration.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationRegisterTokenButtonText {
-		result.PasswordlessRegistration.RegisterTokenButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationTokenNameLabel {
-		result.PasswordlessRegistration.TokenNameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationNotSupported {
-		result.PasswordlessRegistration.NotSupported = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationErrorRetry {
-		result.PasswordlessRegistration.ErrorRetry = text.Text
-	}
-}
-
-func passwordlessRegistrationDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDoneTitle {
-		result.PasswordlessRegistrationDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDoneDescription {
-		result.PasswordlessRegistrationDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDoneDescriptionClose {
-		result.PasswordlessRegistrationDone.DescriptionClose = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDoneNextButtonText {
-		result.PasswordlessRegistrationDone.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordlessRegistrationDoneCancelButtonText {
-		result.PasswordlessRegistrationDone.CancelButtonText = text.Text
-	}
-}
-
-func passwordChangeKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordChangeTitle {
-		result.PasswordChange.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeDescription {
-		result.PasswordChange.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
-		result.PasswordChange.OldPasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeNewPasswordLabel {
-		result.PasswordChange.NewPasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeNewPasswordConfirmLabel {
-		result.PasswordChange.NewPasswordConfirmLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeCancelButtonText {
-		result.PasswordChange.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeNextButtonText {
-		result.PasswordChange.NextButtonText = text.Text
-	}
-}
-
-func passwordChangeDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordChangeDoneTitle {
-		result.PasswordChangeDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeDoneDescription {
-		result.PasswordChangeDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordChangeDoneNextButtonText {
-		result.PasswordChangeDone.NextButtonText = text.Text
-	}
-}
-
-func passwordResetDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyPasswordResetDoneTitle {
-		result.PasswordResetDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordResetDoneDescription {
-		result.PasswordResetDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyPasswordResetDoneNextButtonText {
-		result.PasswordResetDone.NextButtonText = text.Text
-	}
-}
-
-func registrationOptionKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyRegistrationOptionTitle {
-		result.RegisterOption.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationOptionDescription {
-		result.RegisterOption.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationOptionExternalLoginDescription {
-		result.RegisterOption.ExternalLoginDescription = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationOptionUserNameButtonText {
-		result.RegisterOption.RegisterUsernamePasswordButtonText = text.Text
-	}
-}
-
-func registrationUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyRegistrationUserTitle {
-		result.RegistrationUser.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserDescription {
-		result.RegistrationUser.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserDescriptionOrgRegister {
-		result.RegistrationUser.DescriptionOrgRegister = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserFirstnameLabel {
-		result.RegistrationUser.FirstnameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserLastnameLabel {
-		result.RegistrationUser.LastnameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserEmailLabel {
-		result.RegistrationUser.EmailLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserUsernameLabel {
-		result.RegistrationUser.UsernameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserLanguageLabel {
-		result.RegistrationUser.LanguageLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserGenderLabel {
-		result.RegistrationUser.GenderLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserPasswordLabel {
-		result.RegistrationUser.PasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserPasswordConfirmLabel {
-		result.RegistrationUser.PasswordConfirmLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserTOSAndPrivacyLabel {
-		result.RegistrationUser.TOSAndPrivacyLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserTOSConfirm {
-		result.RegistrationUser.TOSConfirm = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserTOSLinkText {
-		result.RegistrationUser.TOSLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserTOSConfirmAnd {
-		result.RegistrationUser.TOSConfirmAnd = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserPrivacyLinkText {
-		result.RegistrationUser.PrivacyLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserNextButtonText {
-		result.RegistrationUser.NextButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyRegistrationUserBackButtonText {
-		result.RegistrationUser.BackButtonText = text.Text
-	}
-}
-
-func registrationOrgKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyRegisterOrgTitle {
-		result.RegistrationOrg.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgDescription {
-		result.RegistrationOrg.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgOrgNameLabel {
-		result.RegistrationOrg.OrgNameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgFirstnameLabel {
-		result.RegistrationOrg.FirstnameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgLastnameLabel {
-		result.RegistrationOrg.LastnameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgUsernameLabel {
-		result.RegistrationOrg.UsernameLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgEmailLabel {
-		result.RegistrationOrg.EmailLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgPasswordLabel {
-		result.RegistrationOrg.PasswordLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgPasswordConfirmLabel {
-		result.RegistrationOrg.PasswordConfirmLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgTOSAndPrivacyLabel {
-		result.RegistrationOrg.TOSAndPrivacyLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgTOSConfirm {
-		result.RegistrationOrg.TOSConfirm = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgTOSLinkText {
-		result.RegistrationOrg.TOSLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgTosConfirmAnd {
-		result.RegistrationOrg.TOSConfirmAnd = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgPrivacyLinkText {
-		result.RegistrationOrg.PrivacyLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyRegisterOrgSaveButtonText {
-		result.RegistrationOrg.SaveButtonText = text.Text
-	}
-}
-
-func linkingUserKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyLinkingUserDoneTitle {
-		result.LinkingUsersDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyLinkingUserDoneDescription {
-		result.LinkingUsersDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyLinkingUserDoneCancelButtonText {
-		result.LinkingUsersDone.CancelButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyLinkingUserDoneNextButtonText {
-		result.LinkingUsersDone.NextButtonText = text.Text
-	}
-}
-
-func externalUserNotFoundKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyExternalNotFoundTitle {
-		result.ExternalNotFoundOption.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundDescription {
-		result.ExternalNotFoundOption.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundLinkButtonText {
-		result.ExternalNotFoundOption.LinkButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundAutoRegisterButtonText {
-		result.ExternalNotFoundOption.AutoRegisterButtonText = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundTOSAndPrivacyLabel {
-		result.ExternalNotFoundOption.TOSAndPrivacyLabel = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundTOSConfirm {
-		result.ExternalNotFoundOption.TOSConfirm = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundTOSLinkText {
-		result.ExternalNotFoundOption.TOSLinkText = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundTOSConfirmAnd {
-		result.ExternalNotFoundOption.TOSConfirmAnd = text.Text
-	}
-	if text.Key == domain.LoginKeyExternalNotFoundPrivacyLinkText {
-		result.ExternalNotFoundOption.PrivacyLinkText = text.Text
-	}
-}
-
-func successLoginKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeySuccessLoginTitle {
-		result.LoginSuccess.Title = text.Text
-	}
-	if text.Key == domain.LoginKeySuccessLoginAutoRedirectDescription {
-		result.LoginSuccess.AutoRedirectDescription = text.Text
-	}
-	if text.Key == domain.LoginKeySuccessLoginRedirectedDescription {
-		result.LoginSuccess.RedirectedDescription = text.Text
-	}
-	if text.Key == domain.LoginKeySuccessLoginNextButtonText {
-		result.LoginSuccess.NextButtonText = text.Text
-	}
-}
-
-func logoutDoneKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyLogoutDoneTitle {
-		result.LogoutDone.Title = text.Text
-	}
-	if text.Key == domain.LoginKeyLogoutDoneDescription {
-		result.LogoutDone.Description = text.Text
-	}
-	if text.Key == domain.LoginKeyLogoutDoneLoginButtonText {
-		result.LogoutDone.LoginButtonText = text.Text
-	}
-}
-
-func footerKeyToDomain(text *CustomTextView, result *domain.CustomLoginText) {
-	if text.Key == domain.LoginKeyFooterTOS {
-		result.Footer.TOS = text.Text
-	}
-	if text.Key == domain.LoginKeyFooterPrivacyPolicy {
-		result.Footer.PrivacyPolicy = text.Text
-	}
-	if text.Key == domain.LoginKeyFooterHelp {
-		result.Footer.Help = text.Text
-	}
-}

internal/iam/repository/view/model/custom_text_query.go

@@ -1,65 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/internal/view/repository"
-)
-
-type CustomTextSearchRequest iam_model.CustomTextSearchRequest
-type CustomTextSearchQuery iam_model.CustomTextSearchQuery
-type CustomTextSearchKey iam_model.CustomTextSearchKey
-
-func (req CustomTextSearchRequest) GetLimit() uint64 {
-	return req.Limit
-}
-
-func (req CustomTextSearchRequest) GetOffset() uint64 {
-	return req.Offset
-}
-
-func (req CustomTextSearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == iam_model.CustomTextSearchKeyUnspecified {
-		return nil
-	}
-	return CustomTextSearchKey(req.SortingColumn)
-}
-
-func (req CustomTextSearchRequest) GetAsc() bool {
-	return req.Asc
-}
-
-func (req CustomTextSearchRequest) GetQueries() []repository.SearchQuery {
-	result := make([]repository.SearchQuery, len(req.Queries))
-	for i, q := range req.Queries {
-		result[i] = CustomTextSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
-	}
-	return result
-}
-
-func (req CustomTextSearchQuery) GetKey() repository.ColumnKey {
-	return CustomTextSearchKey(req.Key)
-}
-
-func (req CustomTextSearchQuery) GetMethod() domain.SearchMethod {
-	return req.Method
-}
-
-func (req CustomTextSearchQuery) GetValue() interface{} {
-	return req.Value
-}
-
-func (key CustomTextSearchKey) ToColumnName() string {
-	switch iam_model.CustomTextSearchKey(key) {
-	case iam_model.CustomTextSearchKeyAggregateID:
-		return CustomTextKeyAggregateID
-	case iam_model.CustomTextSearchKeyTemplate:
-		return CustomTextKeyTemplate
-	case iam_model.CustomTextSearchKeyLanguage:
-		return CustomTextKeyLanguage
-	case iam_model.CustomTextSearchKeyKey:
-		return CustomTextKeyKey
-	default:
-		return ""
-	}
-}

internal/iam/repository/view/model/iam_member.go

@@ -1,95 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/caos/logging"
-	"github.com/lib/pq"
-
-	"github.com/caos/zitadel/internal/domain"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-const (
-	IAMMemberKeyUserID    = "user_id"
-	IAMMemberKeyIamID     = "iam_id"
-	IAMMemberKeyUserName  = "user_name"
-	IAMMemberKeyEmail     = "email"
-	IAMMemberKeyFirstName = "first_name"
-	IAMMemberKeyLastName  = "last_name"
-)
-
-type IAMMemberView struct {
-	UserID             string         `json:"userId" gorm:"column:user_id;primary_key"`
-	IAMID              string         `json:"-" gorm:"column:iam_id"`
-	UserName           string         `json:"-" gorm:"column:user_name"`
-	Email              string         `json:"-" gorm:"column:email_address"`
-	FirstName          string         `json:"-" gorm:"column:first_name"`
-	LastName           string         `json:"-" gorm:"column:last_name"`
-	DisplayName        string         `json:"-" gorm:"column:display_name"`
-	Roles              pq.StringArray `json:"roles" gorm:"column:roles"`
-	Sequence           uint64         `json:"-" gorm:"column:sequence"`
-	PreferredLoginName string         `json:"-" gorm:"column:preferred_login_name"`
-	AvatarKey          string         `json:"-" gorm:"column:avatar_key"`
-	UserResourceOwner  string         `json:"-" gorm:"column:user_resource_owner"`
-
-	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
-	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
-}
-
-func IAMMemberToModel(member *IAMMemberView, prefixAvatarURL string) *model.IAMMemberView {
-	return &model.IAMMemberView{
-		UserID:             member.UserID,
-		IAMID:              member.IAMID,
-		UserName:           member.UserName,
-		Email:              member.Email,
-		FirstName:          member.FirstName,
-		LastName:           member.LastName,
-		DisplayName:        member.DisplayName,
-		PreferredLoginName: member.PreferredLoginName,
-		AvatarURL:          domain.AvatarURL(prefixAvatarURL, member.UserResourceOwner, member.AvatarKey),
-		UserResourceOwner:  member.UserResourceOwner,
-		Roles:              member.Roles,
-		Sequence:           member.Sequence,
-		CreationDate:       member.CreationDate,
-		ChangeDate:         member.ChangeDate,
-	}
-}
-
-func IAMMembersToModel(roles []*IAMMemberView, prefixAvatarURL string) []*model.IAMMemberView {
-	result := make([]*model.IAMMemberView, len(roles))
-	for i, r := range roles {
-		result[i] = IAMMemberToModel(r, prefixAvatarURL)
-	}
-	return result
-}
-
-func (r *IAMMemberView) AppendEvent(event *models.Event) (err error) {
-	r.Sequence = event.Sequence
-	r.ChangeDate = event.CreationDate
-	switch event.Type {
-	case es_model.IAMMemberAdded:
-		r.setRootData(event)
-		r.CreationDate = event.CreationDate
-		err = r.SetData(event)
-	case es_model.IAMMemberChanged:
-		err = r.SetData(event)
-	}
-	return err
-}
-
-func (r *IAMMemberView) setRootData(event *models.Event) {
-	r.IAMID = event.AggregateID
-}
-
-func (r *IAMMemberView) SetData(event *models.Event) error {
-	if err := json.Unmarshal(event.Data, r); err != nil {
-		logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/view/model/iam_member_query.go

@@ -1,69 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/internal/view/repository"
-)
-
-type IAMMemberSearchRequest iam_model.IAMMemberSearchRequest
-type IAMMemberSearchQuery iam_model.IAMMemberSearchQuery
-type IAMMemberSearchKey iam_model.IAMMemberSearchKey
-
-func (req IAMMemberSearchRequest) GetLimit() uint64 {
-	return req.Limit
-}
-
-func (req IAMMemberSearchRequest) GetOffset() uint64 {
-	return req.Offset
-}
-
-func (req IAMMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == iam_model.IAMMemberSearchKeyUnspecified {
-		return nil
-	}
-	return IAMMemberSearchKey(req.SortingColumn)
-}
-
-func (req IAMMemberSearchRequest) GetAsc() bool {
-	return req.Asc
-}
-
-func (req IAMMemberSearchRequest) GetQueries() []repository.SearchQuery {
-	result := make([]repository.SearchQuery, len(req.Queries))
-	for i, q := range req.Queries {
-		result[i] = IAMMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
-	}
-	return result
-}
-
-func (req IAMMemberSearchQuery) GetKey() repository.ColumnKey {
-	return IAMMemberSearchKey(req.Key)
-}
-
-func (req IAMMemberSearchQuery) GetMethod() domain.SearchMethod {
-	return req.Method
-}
-
-func (req IAMMemberSearchQuery) GetValue() interface{} {
-	return req.Value
-}
-
-func (key IAMMemberSearchKey) ToColumnName() string {
-	switch iam_model.IAMMemberSearchKey(key) {
-	case iam_model.IAMMemberSearchKeyEmail:
-		return IAMMemberKeyEmail
-	case iam_model.IAMMemberSearchKeyFirstName:
-		return IAMMemberKeyFirstName
-	case iam_model.IAMMemberSearchKeyLastName:
-		return IAMMemberKeyLastName
-	case iam_model.IAMMemberSearchKeyUserName:
-		return IAMMemberKeyUserName
-	case iam_model.IAMMemberSearchKeyUserID:
-		return IAMMemberKeyUserID
-	case iam_model.IAMMemberSearchKeyIamID:
-		return IAMMemberKeyIamID
-	default:
-		return ""
-	}
-}

internal/iam/repository/view/model/idp_config.go

@@ -5,12 +5,10 @@ import (
 	"time"
 
 	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/repository/instance"
 	"github.com/caos/zitadel/internal/repository/org"
 
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-
 	"github.com/caos/logging"
 	"github.com/lib/pq"
 
@@ -87,34 +85,26 @@ func IDPConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
 	return view
 }
 
-func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
-	result := make([]*model.IDPConfigView, len(idps))
-	for i, idp := range idps {
-		result[i] = IDPConfigViewToModel(idp)
-	}
-	return result
-}
-
 func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event *models.Event) (err error) {
 	i.Sequence = event.Sequence
 	i.ChangeDate = event.CreationDate
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.IDPConfigAdded, org_es_model.IDPConfigAdded:
+	case instance.IDPConfigAddedEventType, org.IDPConfigAddedEventType:
 		i.setRootData(event)
 		i.CreationDate = event.CreationDate
 		i.IDPProviderType = int32(providerType)
 		err = i.SetData(event)
-	case es_model.OIDCIDPConfigAdded, org_es_model.OIDCIDPConfigAdded:
+	case instance.IDPOIDCConfigAddedEventType, org.IDPOIDCConfigAddedEventType:
 		i.IsOIDC = true
 		err = i.SetData(event)
-	case es_model.OIDCIDPConfigChanged, org_es_model.OIDCIDPConfigChanged,
+	case instance.IDPOIDCConfigChangedEventType, org.IDPOIDCConfigChangedEventType,
-		es_model.IDPConfigChanged, org_es_model.IDPConfigChanged,
+		instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType,
-		models.EventType(org.IDPJWTConfigAddedEventType), models.EventType(instance.IDPJWTConfigAddedEventType),
+		org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType,
-		models.EventType(org.IDPJWTConfigChangedEventType), models.EventType(instance.IDPJWTConfigChangedEventType):
+		org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType:
 		err = i.SetData(event)
-	case es_model.IDPConfigDeactivated, org_es_model.IDPConfigDeactivated:
+	case instance.IDPConfigDeactivatedEventType, org.IDPConfigDeactivatedEventType:
 		i.IDPState = int32(model.IDPConfigStateInactive)
-	case es_model.IDPConfigReactivated, org_es_model.IDPConfigReactivated:
+	case instance.IDPConfigReactivatedEventType, org.IDPConfigReactivatedEventType:
 		i.IDPState = int32(model.IDPConfigStateActive)
 	}
 	return err
@@ -127,7 +117,7 @@ func (r *IDPConfigView) setRootData(event *models.Event) {
 
 func (r *IDPConfigView) SetData(event *models.Event) error {
 	if err := json.Unmarshal(event.Data, r); err != nil {
-		logging.Log("EVEN-Smkld").WithError(err).Error("could not unmarshal event data")
+		logging.New().WithError(err).Error("could not unmarshal event data")
 		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
 	}
 	return nil

internal/iam/repository/view/model/idp_provider.go

@@ -4,15 +4,14 @@ import (
 	"encoding/json"
 	"time"
 
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-
 	"github.com/caos/logging"
 
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
 )
 
 const (
@@ -38,21 +37,6 @@ type IDPProviderView struct {
 	InstanceID string `json:"instanceID" gorm:"column:instance_id"`
 }
 
-func IDPProviderViewFromModel(provider *model.IDPProviderView) *IDPProviderView {
-	return &IDPProviderView{
-		AggregateID:     provider.AggregateID,
-		Sequence:        provider.Sequence,
-		CreationDate:    provider.CreationDate,
-		ChangeDate:      provider.ChangeDate,
-		Name:            provider.Name,
-		StylingType:     int32(provider.StylingType),
-		IDPConfigID:     provider.IDPConfigID,
-		IDPConfigType:   int32(provider.IDPConfigType),
-		IDPProviderType: int32(provider.IDPProviderType),
-		IDPState:        int32(provider.IDPState),
-	}
-}
-
 func IDPProviderViewToModel(provider *IDPProviderView) *model.IDPProviderView {
 	return &model.IDPProviderView{
 		AggregateID:     provider.AggregateID,
@@ -79,8 +63,9 @@ func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderV
 func (i *IDPProviderView) AppendEvent(event *models.Event) (err error) {
 	i.Sequence = event.Sequence
 	i.ChangeDate = event.CreationDate
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
+	case instance.LoginPolicyIDPProviderAddedEventType,
+		org.LoginPolicyIDPProviderAddedEventType:
 		i.setRootData(event)
 		i.CreationDate = event.CreationDate
 		err = i.SetData(event)
@@ -95,7 +80,7 @@ func (r *IDPProviderView) setRootData(event *models.Event) {
 
 func (r *IDPProviderView) SetData(event *models.Event) error {
 	if err := json.Unmarshal(event.Data, r); err != nil {
-		logging.Log("EVEN-Lso0d").WithError(err).Error("could not unmarshal event data")
+		logging.New().WithError(err).Error("could not unmarshal event data")
 		return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
 	}
 	return nil

internal/iam/repository/view/model/label_policy.go

@@ -4,16 +4,14 @@ import (
 	"encoding/json"
 	"time"
 
-	"github.com/caos/zitadel/internal/domain"
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-
 	"github.com/caos/logging"
 
+	"github.com/caos/zitadel/internal/domain"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
 )
 
 const (
@@ -84,101 +82,85 @@ func (p *LabelPolicyView) ToDomain() *domain.LabelPolicy {
 	}
 }
 
-func LabelPolicyViewToModel(policy *LabelPolicyView) *model.LabelPolicyView {
-	return &model.LabelPolicyView{
-		AggregateID:  policy.AggregateID,
-		Sequence:     policy.Sequence,
-		CreationDate: policy.CreationDate,
-		ChangeDate:   policy.ChangeDate,
-
-		PrimaryColor:    policy.PrimaryColor,
-		BackgroundColor: policy.BackgroundColor,
-		WarnColor:       policy.WarnColor,
-		FontColor:       policy.FontColor,
-		LogoURL:         policy.LogoURL,
-		IconURL:         policy.IconURL,
-
-		PrimaryColorDark:    policy.PrimaryColorDark,
-		BackgroundColorDark: policy.BackgroundColorDark,
-		WarnColorDark:       policy.WarnColorDark,
-		FontColorDark:       policy.FontColorDark,
-		LogoDarkURL:         policy.LogoDarkURL,
-		IconDarkURL:         policy.IconDarkURL,
-
-		FontURL: policy.FontURL,
-
-		HideLoginNameSuffix: policy.HideLoginNameSuffix,
-		ErrorMsgPopup:       policy.ErrorMsgPopup,
-		DisableWatermark:    policy.DisableWatermark,
-		Default:             policy.Default,
-	}
-}
-
 func (i *LabelPolicyView) AppendEvent(event *models.Event) (err error) {
 	asset := &AssetView{}
 	i.Sequence = event.Sequence
 	i.ChangeDate = event.CreationDate
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.LabelPolicyAdded, org_es_model.LabelPolicyAdded:
+	case instance.LabelPolicyAddedEventType,
+		org.LabelPolicyAddedEventType:
 		i.setRootData(event)
 		i.CreationDate = event.CreationDate
 		i.State = int32(domain.LabelPolicyStatePreview)
 		err = i.SetData(event)
-	case es_model.LabelPolicyChanged, org_es_model.LabelPolicyChanged:
+	case instance.LabelPolicyChangedEventType,
+		org.LabelPolicyChangedEventType:
 		err = i.SetData(event)
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyLogoAdded, org_es_model.LabelPolicyLogoAdded:
+	case instance.LabelPolicyLogoAddedEventType,
+		org.LabelPolicyLogoAddedEventType:
 		err = asset.SetData(event)
 		if err != nil {
 			return err
 		}
 		i.LogoURL = asset.AssetURL
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyLogoRemoved, org_es_model.LabelPolicyLogoRemoved:
+	case instance.LabelPolicyLogoRemovedEventType,
+		org.LabelPolicyLogoRemovedEventType:
 		i.LogoURL = ""
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyIconAdded, org_es_model.LabelPolicyIconAdded:
+	case instance.LabelPolicyIconAddedEventType,
+		org.LabelPolicyIconAddedEventType:
 		err = asset.SetData(event)
 		if err != nil {
 			return err
 		}
 		i.IconURL = asset.AssetURL
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyIconRemoved, org_es_model.LabelPolicyIconRemoved:
+	case instance.LabelPolicyIconRemovedEventType,
+		org.LabelPolicyIconRemovedEventType:
 		i.IconURL = ""
-	case es_model.LabelPolicyLogoDarkAdded, org_es_model.LabelPolicyLogoDarkAdded:
+	case instance.LabelPolicyLogoDarkAddedEventType,
+		org.LabelPolicyLogoDarkAddedEventType:
 		err = asset.SetData(event)
 		if err != nil {
 			return err
 		}
 		i.LogoDarkURL = asset.AssetURL
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyLogoDarkRemoved, org_es_model.LabelPolicyLogoDarkRemoved:
+	case instance.LabelPolicyLogoDarkRemovedEventType,
+		org.LabelPolicyLogoDarkRemovedEventType:
 		i.LogoDarkURL = ""
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyIconDarkAdded, org_es_model.LabelPolicyIconDarkAdded:
+	case instance.LabelPolicyIconDarkAddedEventType,
+		org.LabelPolicyIconDarkAddedEventType:
 		err = asset.SetData(event)
 		if err != nil {
 			return err
 		}
 		i.IconDarkURL = asset.AssetURL
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyIconDarkRemoved, org_es_model.LabelPolicyIconDarkRemoved:
+	case instance.LabelPolicyIconDarkRemovedEventType,
+		org.LabelPolicyIconDarkRemovedEventType:
 		i.IconDarkURL = ""
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyFontAdded, org_es_model.LabelPolicyFontAdded:
+	case instance.LabelPolicyFontAddedEventType,
+		org.LabelPolicyFontAddedEventType:
 		err = asset.SetData(event)
 		if err != nil {
 			return err
 		}
 		i.FontURL = asset.AssetURL
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyFontRemoved, org_es_model.LabelPolicyFontRemoved:
+	case instance.LabelPolicyFontRemovedEventType,
+		org.LabelPolicyFontRemovedEventType:
 		i.FontURL = ""
 		i.State = int32(domain.LabelPolicyStatePreview)
-	case es_model.LabelPolicyActivated, org_es_model.LabelPolicyActivated:
+	case instance.LabelPolicyActivatedEventType,
+		org.LabelPolicyActivatedEventType:
 		i.State = int32(domain.LabelPolicyStateActive)
-	case es_model.LabelPolicyAssetsRemoved, org_es_model.LabelPolicyAssetsRemoved:
+	case instance.LabelPolicyAssetsRemovedEventType,
+		org.LabelPolicyAssetsRemovedEventType:
 		i.LogoURL = ""
 		i.IconURL = ""
 		i.LogoDarkURL = ""

internal/iam/repository/view/model/password_complexity_policy.go

@@ -4,15 +4,15 @@ import (
 	"encoding/json"
 	"time"
 
-	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-	"github.com/caos/zitadel/internal/query"
-
-	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-
 	"github.com/caos/logging"
+
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/query"
+	"github.com/caos/zitadel/internal/repository/instance"
+	"github.com/caos/zitadel/internal/repository/org"
 )
 
 const (
@@ -53,12 +53,14 @@ func PasswordComplexityViewToModel(policy *query.PasswordComplexityPolicy) *mode
 func (i *PasswordComplexityPolicyView) AppendEvent(event *models.Event) (err error) {
 	i.Sequence = event.Sequence
 	i.ChangeDate = event.CreationDate
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.PasswordComplexityPolicyAdded, org_es_model.PasswordComplexityPolicyAdded:
+	case instance.PasswordComplexityPolicyAddedEventType,
+		org.PasswordComplexityPolicyAddedEventType:
 		i.setRootData(event)
 		i.CreationDate = event.CreationDate
 		err = i.SetData(event)
-	case es_model.PasswordComplexityPolicyChanged, org_es_model.PasswordComplexityPolicyChanged:
+	case instance.PasswordComplexityPolicyChangedEventType,
+		org.PasswordComplexityPolicyChangedEventType:
 		err = i.SetData(event)
 	}
 	return err

internal/iam/repository/view/query.go

@@ -1,21 +0,0 @@
-package view
-
-import (
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func IAMByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
-	if id == "" {
-		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4ng8sd", "id should be filled")
-	}
-	return IAMQuery(latestSequence).
-		AggregateIDFilter(id), nil
-}
-
-func IAMQuery(latestSequence uint64) *es_models.SearchQuery {
-	return es_models.NewSearchQuery().
-		AggregateTypeFilter(iam_es_model.IAMAggregate).
-		LatestSequenceFilter(latestSequence)
-}

internal/key/model/authn_key.go

@@ -1,107 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	caos_errors "github.com/caos/zitadel/internal/errors"
-
-	"time"
-
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-)
-
-const (
-	yearLayout            = "2006-01-02"
-	defaultExpirationDate = "9999-01-01"
-)
-
-type AuthNKeyView struct {
-	ID             string
-	ObjectID       string
-	ObjectType     ObjectType
-	AuthIdentifier string
-	Type           AuthNKeyType
-	Sequence       uint64
-	CreationDate   time.Time
-	ExpirationDate time.Time
-	PublicKey      []byte
-	State          AuthNKeyState
-}
-
-type AuthNKey struct {
-	models.ObjectRoot
-
-	KeyID          string
-	ObjectType     ObjectType
-	Type           AuthNKeyType
-	ExpirationDate time.Time
-	PrivateKey     []byte
-}
-
-type AuthNKeyType int32
-
-const (
-	AuthNKeyTypeNONE = iota
-	AuthNKeyTypeJSON
-)
-
-type AuthNKeyState int32
-
-const (
-	AuthNKeyStateActive AuthNKeyState = iota
-	AuthNKeyStateInactive
-	AuthNKeyStateRemoved
-)
-
-type AuthNKeySearchRequest struct {
-	Offset        uint64
-	Limit         uint64
-	SortingColumn AuthNKeySearchKey
-	Asc           bool
-	Queries       []*AuthNKeySearchQuery
-}
-
-type AuthNKeySearchKey int32
-
-const (
-	AuthNKeyKeyUnspecified AuthNKeySearchKey = iota
-	AuthNKeyKeyID
-	AuthNKeyObjectID
-	AuthNKeyObjectType
-)
-
-type ObjectType int32
-
-const (
-	AuthNKeyObjectTypeUnspecified ObjectType = iota
-	AuthNKeyObjectTypeUser
-	AuthNKeyObjectTypeApplication
-)
-
-type AuthNKeySearchQuery struct {
-	Key    AuthNKeySearchKey
-	Method domain.SearchMethod
-	Value  interface{}
-}
-
-type AuthNKeySearchResponse struct {
-	Offset      uint64
-	Limit       uint64
-	TotalResult uint64
-	Result      []*AuthNKeyView
-	Sequence    uint64
-	Timestamp   time.Time
-}
-
-func (r *AuthNKeySearchRequest) EnsureLimit(limit uint64) error {
-	if r.Limit > limit {
-		return caos_errors.ThrowInvalidArgument(nil, "SEARCH-f9ids", "Errors.Limit.ExceedsDefault")
-	}
-	if r.Limit == 0 {
-		r.Limit = limit
-	}
-	return nil
-}
-
-func DefaultExpiration() (time.Time, error) {
-	return time.Parse(yearLayout, defaultExpirationDate)
-}

internal/key/model/key.go

@@ -1,46 +0,0 @@
-package model
-
-import (
-	"time"
-
-	"github.com/caos/zitadel/internal/crypto"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-)
-
-type KeyPair struct {
-	es_models.ObjectRoot
-
-	Usage      KeyUsage
-	Algorithm  string
-	PrivateKey *Key
-	PublicKey  *Key
-}
-
-type KeyUsage int32
-
-const (
-	KeyUsageSigning KeyUsage = iota
-)
-
-func (u KeyUsage) String() string {
-	switch u {
-	case KeyUsageSigning:
-		return "sig"
-	}
-	return ""
-}
-
-type Key struct {
-	Key    *crypto.CryptoValue
-	Expiry time.Time
-}
-
-func (k *KeyPair) IsValid() bool {
-	return k.Algorithm != "" &&
-		k.PrivateKey != nil && k.PrivateKey.IsValid() &&
-		k.PublicKey != nil && k.PublicKey.IsValid()
-}
-
-func (k *Key) IsValid() bool {
-	return k.Key != nil
-}

internal/key/model/key_view.go

@@ -1,129 +0,0 @@
-package model
-
-import (
-	"time"
-
-	"github.com/caos/logging"
-
-	"github.com/caos/zitadel/internal/crypto"
-	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/errors"
-)
-
-type KeyView struct {
-	ID        string
-	Private   bool
-	Expiry    time.Time
-	Algorithm string
-	Usage     KeyUsage
-	Key       *crypto.CryptoValue
-	Sequence  uint64
-}
-
-type SigningKey struct {
-	ID        string
-	Algorithm string
-	Key       interface{}
-	Sequence  uint64
-}
-
-type PublicKey struct {
-	ID        string
-	Algorithm string
-	Usage     KeyUsage
-	Key       interface{}
-}
-
-type KeySearchRequest struct {
-	Offset        uint64
-	Limit         uint64
-	SortingColumn KeySearchKey
-	Asc           bool
-	Queries       []*KeySearchQuery
-}
-
-type KeySearchKey int32
-
-const (
-	KeySearchKeyUnspecified KeySearchKey = iota
-	KeySearchKeyID
-	KeySearchKeyPrivate
-	KeySearchKeyExpiry
-	KeySearchKeyUsage
-)
-
-type KeySearchQuery struct {
-	Key    KeySearchKey
-	Method domain.SearchMethod
-	Value  interface{}
-}
-
-type KeySearchResponse struct {
-	Offset      uint64
-	Limit       uint64
-	TotalResult uint64
-	Result      []*KeyView
-}
-
-func (r *KeySearchRequest) EnsureLimit(limit uint64) error {
-	if r.Limit > limit {
-		return errors.ThrowInvalidArgument(nil, "SEARCH-Mf9sd", "Errors.Limit.ExceedsDefault")
-	}
-	if r.Limit == 0 {
-		r.Limit = limit
-	}
-	return nil
-}
-
-func SigningKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*SigningKey, error) {
-	if key.Usage != KeyUsageSigning || !key.Private {
-		return nil, errors.ThrowInvalidArgument(nil, "MODEL-5HBdh", "key must be private signing key")
-	}
-	keyData, err := crypto.Decrypt(key.Key, alg)
-	if err != nil {
-		return nil, err
-	}
-	privateKey, err := crypto.BytesToPrivateKey(keyData)
-	if err != nil {
-		return nil, err
-	}
-	return &SigningKey{
-		ID:        key.ID,
-		Algorithm: key.Algorithm,
-		Key:       privateKey,
-		Sequence:  key.Sequence,
-	}, nil
-}
-
-func PublicKeysFromKeyView(keys []*KeyView, alg crypto.EncryptionAlgorithm) ([]*PublicKey, error) {
-	convertedKeys := make([]*PublicKey, 0, len(keys))
-	for _, key := range keys {
-		converted, err := PublicKeyFromKeyView(key, alg)
-		if err != nil {
-			logging.Log("MODEL-adB3f").WithError(err).Debug("cannot convert to public key") //TODO: change log level to warning when keys can be revoked
-			continue
-		}
-		convertedKeys = append(convertedKeys, converted)
-	}
-	return convertedKeys, nil
-
-}
-func PublicKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*PublicKey, error) {
-	if key.Private {
-		return nil, errors.ThrowInvalidArgument(nil, "MODEL-dTZa2", "key must be public")
-	}
-	keyData, err := crypto.Decrypt(key.Key, alg)
-	if err != nil {
-		return nil, err
-	}
-	publicKey, err := crypto.BytesToPublicKey(keyData)
-	if err != nil {
-		return nil, err
-	}
-	return &PublicKey{
-		ID:        key.ID,
-		Algorithm: key.Algorithm,
-		Usage:     key.Usage,
-		Key:       publicKey,
-	}, nil
-}

internal/key/repository/eventsourcing/key.go

@@ -1,12 +0,0 @@
-package eventsourcing
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
-)
-
-func KeyPairQuery(latestSequence uint64) *es_models.SearchQuery {
-	return es_models.NewSearchQuery().
-		AggregateTypeFilter(model.KeyPairAggregate).
-		LatestSequenceFilter(latestSequence)
-}

internal/key/repository/eventsourcing/model/key.go

@@ -1,90 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/caos/logging"
-
-	"github.com/caos/zitadel/internal/crypto"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/key/model"
-)
-
-const (
-	KeyPairVersion = "v1"
-)
-
-type KeyPair struct {
-	es_models.ObjectRoot
-
-	Usage      int32  `json:"usage"`
-	Algorithm  string `json:"algorithm"`
-	PrivateKey *Key   `json:"privateKey"`
-	PublicKey  *Key   `json:"publicKey"`
-}
-
-type Key struct {
-	Key    *crypto.CryptoValue `json:"key"`
-	Expiry time.Time           `json:"expiry"`
-}
-
-func KeyPairFromModel(pair *model.KeyPair) *KeyPair {
-	return &KeyPair{
-		ObjectRoot: pair.ObjectRoot,
-		Usage:      int32(pair.Usage),
-		Algorithm:  pair.Algorithm,
-		PrivateKey: KeyFromModel(pair.PrivateKey),
-		PublicKey:  KeyFromModel(pair.PublicKey),
-	}
-}
-
-func KeyPairToModel(pair *KeyPair) *model.KeyPair {
-	return &model.KeyPair{
-		ObjectRoot: pair.ObjectRoot,
-		Usage:      model.KeyUsage(pair.Usage),
-		Algorithm:  pair.Algorithm,
-		PrivateKey: KeyToModel(pair.PrivateKey),
-		PublicKey:  KeyToModel(pair.PublicKey),
-	}
-}
-
-func KeyFromModel(key *model.Key) *Key {
-	return &Key{
-		Key:    key.Key,
-		Expiry: key.Expiry,
-	}
-}
-
-func KeyToModel(key *Key) *model.Key {
-	return &model.Key{
-		Key:    key.Key,
-		Expiry: key.Expiry,
-	}
-}
-
-func (k *KeyPair) AppendEvents(events ...*es_models.Event) error {
-	for _, event := range events {
-		if err := k.AppendEvent(event); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (k *KeyPair) AppendEvent(event *es_models.Event) error {
-	k.ObjectRoot.AppendEvent(event)
-	switch event.Type {
-	case KeyPairAdded:
-		return k.AppendAddKeyPair(event)
-	}
-	return nil
-}
-
-func (k *KeyPair) AppendAddKeyPair(event *es_models.Event) error {
-	if err := json.Unmarshal(event.Data, k); err != nil {
-		logging.Log("EVEN-Je92s").WithError(err).Error("could not unmarshal event data")
-		return err
-	}
-	return nil
-}

internal/key/repository/eventsourcing/model/types.go

@@ -1,9 +0,0 @@
-package model
-
-import "github.com/caos/zitadel/internal/eventstore/v1/models"
-
-const (
-	KeyPairAggregate models.AggregateType = "key_pair"
-
-	KeyPairAdded models.EventType = "key_pair.added"
-)

internal/key/repository/view/authn_key_view.go

@@ -1,77 +0,0 @@
-package view
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	key_model "github.com/caos/zitadel/internal/key/model"
-	"github.com/caos/zitadel/internal/key/repository/view/model"
-	"github.com/caos/zitadel/internal/view/repository"
-	"github.com/jinzhu/gorm"
-)
-
-func AuthNKeyByIDs(db *gorm.DB, table, objectID, keyID string) (*model.AuthNKeyView, error) {
-	key := new(model.AuthNKeyView)
-	query := repository.PrepareGetByQuery(table,
-		model.AuthNKeySearchQuery{Key: key_model.AuthNKeyObjectID, Method: domain.SearchMethodEquals, Value: objectID},
-		model.AuthNKeySearchQuery{Key: key_model.AuthNKeyKeyID, Method: domain.SearchMethodEquals, Value: keyID},
-	)
-	err := query(db, key)
-	if caos_errs.IsNotFound(err) {
-		return nil, caos_errs.ThrowNotFound(nil, "VIEW-3Dk9s", "Errors.User.KeyNotFound")
-	}
-	return key, err
-}
-
-func SearchAuthNKeys(db *gorm.DB, table string, req *key_model.AuthNKeySearchRequest) ([]*model.AuthNKeyView, uint64, error) {
-	keys := make([]*model.AuthNKeyView, 0)
-	query := repository.PrepareSearchQuery(table, model.AuthNKeySearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
-	count, err := query(db, &keys)
-	if err != nil {
-		return nil, 0, err
-	}
-	return keys, count, nil
-}
-
-func AuthNKeysByObjectID(db *gorm.DB, table string, objectID string) ([]*model.AuthNKeyView, error) {
-	keys := make([]*model.AuthNKeyView, 0)
-	queries := []*key_model.AuthNKeySearchQuery{
-		{
-			Key:    key_model.AuthNKeyObjectID,
-			Value:  objectID,
-			Method: domain.SearchMethodEquals,
-		},
-	}
-	query := repository.PrepareSearchQuery(table, model.AuthNKeySearchRequest{Queries: queries})
-	_, err := query(db, &keys)
-	if err != nil {
-		return nil, err
-	}
-	return keys, nil
-}
-
-func AuthNKeyByID(db *gorm.DB, table string, keyID string) (*model.AuthNKeyView, error) {
-	key := new(model.AuthNKeyView)
-	query := repository.PrepareGetByQuery(table,
-		model.AuthNKeySearchQuery{Key: key_model.AuthNKeyKeyID, Method: domain.SearchMethodEquals, Value: keyID},
-	)
-	err := query(db, key)
-	if caos_errs.IsNotFound(err) {
-		return nil, caos_errs.ThrowNotFound(nil, "VIEW-BjN6x", "Errors.User.KeyNotFound")
-	}
-	return key, err
-}
-
-func PutAuthNKey(db *gorm.DB, table string, role *model.AuthNKeyView) error {
-	save := repository.PrepareSave(table)
-	return save(db, role)
-}
-
-func DeleteAuthNKey(db *gorm.DB, table, keyID string) error {
-	delete := repository.PrepareDeleteByKey(table, model.AuthNKeySearchKey(key_model.AuthNKeyKeyID), keyID)
-	return delete(db)
-}
-
-func DeleteAuthNKeysByObjectID(db *gorm.DB, table, objectID string) error {
-	delete := repository.PrepareDeleteByKey(table, model.AuthNKeySearchKey(key_model.AuthNKeyObjectID), objectID)
-	return delete(db)
-}

internal/key/repository/view/key.go

@@ -1,83 +0,0 @@
-package view
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	"time"
-
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/view/repository"
-
-	"github.com/jinzhu/gorm"
-
-	key_model "github.com/caos/zitadel/internal/key/model"
-	"github.com/caos/zitadel/internal/key/repository/view/model"
-)
-
-func KeyByIDAndType(db *gorm.DB, table, keyID string, private bool) (*model.KeyView, error) {
-	key := new(model.KeyView)
-	query := repository.PrepareGetByQuery(table,
-		model.KeySearchQuery{Key: key_model.KeySearchKeyID, Method: domain.SearchMethodEquals, Value: keyID},
-		model.KeySearchQuery{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: private},
-	)
-	err := query(db, key)
-	return key, err
-}
-
-func GetSigningKey(db *gorm.DB, table string, expiry time.Time) (*model.KeyView, error) {
-	if expiry.IsZero() {
-		expiry = time.Now().UTC()
-	}
-	keys := make([]*model.KeyView, 0)
-	query := repository.PrepareSearchQuery(table,
-		model.KeySearchRequest{
-			Queries: []*key_model.KeySearchQuery{
-				{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: true},
-				{Key: key_model.KeySearchKeyUsage, Method: domain.SearchMethodEquals, Value: key_model.KeyUsageSigning},
-				{Key: key_model.KeySearchKeyExpiry, Method: domain.SearchMethodGreaterThan, Value: time.Now().UTC()},
-			},
-			SortingColumn: key_model.KeySearchKeyExpiry,
-			Limit:         1,
-		},
-	)
-	_, err := query(db, &keys)
-	if err != nil {
-		return nil, err
-	}
-	if len(keys) != 1 {
-		return nil, caos_errs.ThrowNotFound(err, "VIEW-BGD41", "key not found")
-	}
-	return keys[0], nil
-}
-
-func GetActivePublicKeys(db *gorm.DB, table string) ([]*model.KeyView, error) {
-	keys := make([]*model.KeyView, 0)
-	query := repository.PrepareSearchQuery(table,
-		model.KeySearchRequest{
-			Queries: []*key_model.KeySearchQuery{
-				{Key: key_model.KeySearchKeyPrivate, Method: domain.SearchMethodEquals, Value: false},
-				{Key: key_model.KeySearchKeyUsage, Method: domain.SearchMethodEquals, Value: key_model.KeyUsageSigning},
-				{Key: key_model.KeySearchKeyExpiry, Method: domain.SearchMethodGreaterThan, Value: time.Now().UTC()},
-			},
-		},
-	)
-	_, err := query(db, &keys)
-	return keys, err
-}
-
-func PutKeys(db *gorm.DB, table string, privateKey, publicKey *model.KeyView) error {
-	save := repository.PrepareBulkSave(table)
-	return save(db, privateKey, publicKey)
-}
-
-func DeleteKey(db *gorm.DB, table, keyID string, private bool) error {
-	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{Key: model.KeySearchKey(key_model.KeySearchKeyID), Value: keyID},
-		repository.Key{Key: model.KeySearchKey(key_model.KeySearchKeyPrivate), Value: private},
-	)
-	return delete(db)
-}
-
-func DeleteKeyPair(db *gorm.DB, table, keyID string) error {
-	delete := repository.PrepareDeleteByKey(table, model.KeySearchKey(key_model.KeySearchKeyID), keyID)
-	return delete(db)
-}

internal/key/repository/view/model/authn_key.go

@@ -1,171 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/caos/logging"
-
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/key/model"
-	proj_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
-	proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model"
-	user_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
-)
-
-const (
-	AuthNKeyKeyID      = "key_id"
-	AuthNKeyObjectID   = "object_id"
-	AuthNKeyObjectType = "object_type"
-)
-
-type AuthNKeyView struct {
-	ID             string    `json:"keyId" gorm:"column:key_id;primary_key"`
-	ObjectID       string    `json:"-" gorm:"column:object_id;primary_key"`
-	ObjectType     int32     `json:"-" gorm:"column:object_type;primary_key"`
-	AuthIdentifier string    `json:"-" gorm:"column:auth_identifier;primary_key"`
-	Type           int32     `json:"type" gorm:"column:key_type"`
-	ExpirationDate time.Time `json:"expirationDate" gorm:"column:expiration_date"`
-	Sequence       uint64    `json:"-" gorm:"column:sequence"`
-	CreationDate   time.Time `json:"-" gorm:"column:creation_date"`
-	PublicKey      []byte    `json:"publicKey" gorm:"column:public_key"`
-	State          int32     `json:"-" gorm:"column:state"`
-}
-
-func AuthNKeyViewFromModel(key *model.AuthNKeyView) *AuthNKeyView {
-	return &AuthNKeyView{
-		ID:             key.ID,
-		ObjectID:       key.ObjectID,
-		ObjectType:     int32(key.ObjectType),
-		Type:           int32(key.Type),
-		ExpirationDate: key.ExpirationDate,
-		Sequence:       key.Sequence,
-		CreationDate:   key.CreationDate,
-		State:          int32(key.State),
-	}
-}
-
-func AuthNKeyToModel(key *AuthNKeyView) *model.AuthNKeyView {
-	return &model.AuthNKeyView{
-		ID:             key.ID,
-		ObjectID:       key.ObjectID,
-		ObjectType:     model.ObjectType(key.ObjectType),
-		AuthIdentifier: key.AuthIdentifier,
-		Type:           model.AuthNKeyType(key.Type),
-		ExpirationDate: key.ExpirationDate,
-		Sequence:       key.Sequence,
-		CreationDate:   key.CreationDate,
-		PublicKey:      key.PublicKey,
-		State:          model.AuthNKeyState(key.State),
-	}
-}
-
-func AuthNKeysToModel(keys []*AuthNKeyView) []*model.AuthNKeyView {
-	result := make([]*model.AuthNKeyView, len(keys))
-	for i, key := range keys {
-		result[i] = AuthNKeyToModel(key)
-	}
-	return result
-}
-
-func (k *AuthNKeyView) AppendEventIfMyClientKey(event *models.Event) (err error) {
-	switch event.Type {
-	case proj_model.ApplicationDeactivated,
-		proj_model.ApplicationReactivated,
-		proj_model.ApplicationRemoved:
-		a := new(proj_view_model.ApplicationView)
-		if err := a.AppendEvent(event); err != nil {
-			return err
-		}
-		if a.ID == k.ObjectID {
-			return k.AppendEvent(event)
-		}
-	case proj_model.ProjectDeactivated,
-		proj_model.ProjectReactivated,
-		proj_model.ProjectRemoved:
-		return k.AppendEvent(event)
-	case user_model.UserLocked,
-		user_model.UserDeactivated,
-		user_model.UserUnlocked,
-		user_model.UserReactivated,
-		user_model.UserRemoved:
-		return k.AppendEvent(event)
-	case proj_model.ClientKeyRemoved,
-		user_model.MachineKeyRemoved:
-		view := new(AuthNKeyView)
-		if view.ID == k.ID {
-			return k.AppendEvent(event)
-		}
-	default:
-		return nil
-	}
-	return nil
-}
-
-func (k *AuthNKeyView) AppendEvent(event *models.Event) (err error) {
-	k.Sequence = event.Sequence
-	switch event.Type {
-	case user_model.MachineKeyAdded:
-		k.setRootData(event)
-		k.CreationDate = event.CreationDate
-		err = k.SetUserData(event)
-	case proj_model.ClientKeyAdded:
-		k.setRootData(event)
-		k.CreationDate = event.CreationDate
-		err = k.SetClientData(event)
-	case proj_model.ClientKeyRemoved,
-		proj_model.ApplicationRemoved,
-		proj_model.ProjectRemoved,
-		user_model.MachineKeyRemoved,
-		user_model.UserRemoved:
-		k.State = int32(model.AuthNKeyStateRemoved)
-	case proj_model.ProjectDeactivated,
-		proj_model.ApplicationDeactivated,
-		user_model.UserDeactivated,
-		user_model.UserLocked:
-		k.State = int32(model.AuthNKeyStateInactive)
-	case proj_model.ProjectReactivated,
-		proj_model.ApplicationReactivated,
-		user_model.UserReactivated,
-		user_model.UserUnlocked:
-		if k.State != int32(model.AuthNKeyStateRemoved) {
-			k.State = int32(model.AuthNKeyStateActive)
-		}
-	}
-	return err
-}
-
-func (k *AuthNKeyView) setRootData(event *models.Event) {
-	switch event.AggregateType {
-	case user_model.UserAggregate:
-		k.ObjectType = int32(model.AuthNKeyObjectTypeUser)
-		k.ObjectID = event.AggregateID
-		k.AuthIdentifier = event.AggregateID
-	case proj_model.ProjectAggregate:
-		k.ObjectType = int32(model.AuthNKeyObjectTypeApplication)
-	}
-}
-
-func (k *AuthNKeyView) SetUserData(event *models.Event) error {
-	if err := json.Unmarshal(event.Data, k); err != nil {
-		logging.Log("EVEN-Sj90d").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
-	}
-	return nil
-}
-
-func (k *AuthNKeyView) SetClientData(event *models.Event) error {
-	key := new(proj_model.ClientKey)
-	if err := json.Unmarshal(event.Data, key); err != nil {
-		logging.Log("EVEN-Dgsgg").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-ADbfz", "Could not unmarshal data")
-	}
-	k.ObjectID = key.ApplicationID
-	k.AuthIdentifier = key.ClientID
-	k.ID = key.KeyID
-	k.ExpirationDate = key.ExpirationDate
-	k.PublicKey = key.PublicKey
-	k.Type = key.Type
-	return nil
-}

internal/key/repository/view/model/authn_key_query.go

@@ -1,63 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	key_model "github.com/caos/zitadel/internal/key/model"
-	"github.com/caos/zitadel/internal/view/repository"
-)
-
-type AuthNKeySearchRequest key_model.AuthNKeySearchRequest
-type AuthNKeySearchQuery key_model.AuthNKeySearchQuery
-type AuthNKeySearchKey key_model.AuthNKeySearchKey
-
-func (req AuthNKeySearchRequest) GetLimit() uint64 {
-	return req.Limit
-}
-
-func (req AuthNKeySearchRequest) GetOffset() uint64 {
-	return req.Offset
-}
-
-func (req AuthNKeySearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == key_model.AuthNKeyKeyUnspecified {
-		return nil
-	}
-	return AuthNKeySearchKey(req.SortingColumn)
-}
-
-func (req AuthNKeySearchRequest) GetAsc() bool {
-	return req.Asc
-}
-
-func (req AuthNKeySearchRequest) GetQueries() []repository.SearchQuery {
-	result := make([]repository.SearchQuery, len(req.Queries))
-	for i, q := range req.Queries {
-		result[i] = AuthNKeySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
-	}
-	return result
-}
-
-func (req AuthNKeySearchQuery) GetKey() repository.ColumnKey {
-	return AuthNKeySearchKey(req.Key)
-}
-
-func (req AuthNKeySearchQuery) GetMethod() domain.SearchMethod {
-	return req.Method
-}
-
-func (req AuthNKeySearchQuery) GetValue() interface{} {
-	return req.Value
-}
-
-func (key AuthNKeySearchKey) ToColumnName() string {
-	switch key_model.AuthNKeySearchKey(key) {
-	case key_model.AuthNKeyKeyID:
-		return AuthNKeyKeyID
-	case key_model.AuthNKeyObjectID:
-		return AuthNKeyObjectID
-	case key_model.AuthNKeyObjectType:
-		return AuthNKeyObjectType
-	default:
-		return ""
-	}
-}

internal/key/repository/view/model/key.go

@@ -1,88 +0,0 @@
-package model
-
-import (
-	"database/sql"
-	"encoding/json"
-	"time"
-
-	"github.com/caos/logging"
-
-	"github.com/caos/zitadel/internal/crypto"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/key/model"
-	es_model "github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
-)
-
-const (
-	KeyKeyID     = "id"
-	KeyPrivate   = "private"
-	KeyUsage     = "usage"
-	KeyAlgorithm = "algorithm"
-	KeyExpiry    = "expiry"
-)
-
-type KeyView struct {
-	ID        string              `json:"-" gorm:"column:id;primary_key"`
-	Private   sql.NullBool        `json:"-" gorm:"column:private;primary_key"`
-	Expiry    time.Time           `json:"-" gorm:"column:expiry"`
-	Algorithm string              `json:"-" gorm:"column:algorithm"`
-	Usage     int32               `json:"-" gorm:"column:usage"`
-	Key       *crypto.CryptoValue `json:"-" gorm:"column:key"`
-	Sequence  uint64              `json:"-" gorm:"column:sequence"`
-}
-
-func KeysFromPairEvent(event *models.Event) (*KeyView, *KeyView, error) {
-	pair := new(es_model.KeyPair)
-	if err := json.Unmarshal(event.Data, pair); err != nil {
-		logging.Log("MODEL-s3Ga1").WithError(err).Error("could not unmarshal event data")
-		return nil, nil, caos_errs.ThrowInternal(nil, "MODEL-G3haa", "could not unmarshal data")
-	}
-	privateKey := &KeyView{
-		ID:        event.AggregateID,
-		Private:   sql.NullBool{Bool: true, Valid: true},
-		Expiry:    pair.PrivateKey.Expiry,
-		Algorithm: pair.Algorithm,
-		Usage:     pair.Usage,
-		Key:       pair.PrivateKey.Key,
-		Sequence:  event.Sequence,
-	}
-	publicKey := &KeyView{
-		ID:        event.AggregateID,
-		Private:   sql.NullBool{Bool: false, Valid: true},
-		Expiry:    pair.PublicKey.Expiry,
-		Algorithm: pair.Algorithm,
-		Usage:     pair.Usage,
-		Key:       pair.PublicKey.Key,
-		Sequence:  event.Sequence,
-	}
-	return privateKey, publicKey, nil
-}
-
-func KeyViewsToModel(keys []*KeyView) []*model.KeyView {
-	converted := make([]*model.KeyView, len(keys))
-	for i, key := range keys {
-		converted[i] = KeyViewToModel(key)
-	}
-	return converted
-}
-
-func KeyViewToModel(key *KeyView) *model.KeyView {
-	return &model.KeyView{
-		ID:        key.ID,
-		Private:   key.Private.Bool,
-		Expiry:    key.Expiry,
-		Algorithm: key.Algorithm,
-		Usage:     model.KeyUsage(key.Usage),
-		Key:       key.Key,
-		Sequence:  key.Sequence,
-	}
-}
-
-func (k *KeyView) setData(event *models.Event) error {
-	if err := json.Unmarshal(event.Data, k); err != nil {
-		logging.Log("MODEL-4ag41").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(nil, "MODEL-GFQ31", "could not unmarshal data")
-	}
-	return nil
-}

internal/key/repository/view/model/key_query.go

@@ -1,65 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	key_model "github.com/caos/zitadel/internal/key/model"
-	"github.com/caos/zitadel/internal/view/repository"
-)
-
-type KeySearchRequest key_model.KeySearchRequest
-type KeySearchQuery key_model.KeySearchQuery
-type KeySearchKey key_model.KeySearchKey
-
-func (req KeySearchRequest) GetLimit() uint64 {
-	return req.Limit
-}
-
-func (req KeySearchRequest) GetOffset() uint64 {
-	return req.Offset
-}
-
-func (req KeySearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == key_model.KeySearchKeyUnspecified {
-		return nil
-	}
-	return KeySearchKey(req.SortingColumn)
-}
-
-func (req KeySearchRequest) GetAsc() bool {
-	return req.Asc
-}
-
-func (req KeySearchRequest) GetQueries() []repository.SearchQuery {
-	result := make([]repository.SearchQuery, len(req.Queries))
-	for i, q := range req.Queries {
-		result[i] = KeySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
-	}
-	return result
-}
-
-func (req KeySearchQuery) GetKey() repository.ColumnKey {
-	return KeySearchKey(req.Key)
-}
-
-func (req KeySearchQuery) GetMethod() domain.SearchMethod {
-	return req.Method
-}
-
-func (req KeySearchQuery) GetValue() interface{} {
-	return req.Value
-}
-
-func (key KeySearchKey) ToColumnName() string {
-	switch key_model.KeySearchKey(key) {
-	case key_model.KeySearchKeyID:
-		return KeyKeyID
-	case key_model.KeySearchKeyPrivate:
-		return KeyPrivate
-	case key_model.KeySearchKeyUsage:
-		return KeyUsage
-	case key_model.KeySearchKeyExpiry:
-		return KeyExpiry
-	default:
-		return ""
-	}
-}

internal/key/repository/view/query.go

@@ -1,15 +0,0 @@
-package view
-
-import (
-	"github.com/caos/zitadel/internal/eventstore"
-	"github.com/caos/zitadel/internal/repository/keypair"
-)
-
-func KeyPairQuery(latestSequence uint64) *eventstore.SearchQueryBuilder {
-	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
-		AddQuery().
-		AggregateTypes(keypair.AggregateType).
-		SequenceGreater(latestSequence).
-		EventTypes(keypair.AddedEventType).
-		Builder()
-}

internal/notification/repository/eventsourcing/handler/notification.go

@@ -8,22 +8,22 @@ import (
 
 	"github.com/caos/logging"
 
-	"github.com/caos/zitadel/internal/notification/channels/fs"
-	"github.com/caos/zitadel/internal/notification/channels/log"
-	"github.com/caos/zitadel/internal/notification/channels/twilio"
-
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/command"
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	queryv1 "github.com/caos/zitadel/internal/eventstore/v1/query"
 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	"github.com/caos/zitadel/internal/i18n"
+	"github.com/caos/zitadel/internal/notification/channels/fs"
+	"github.com/caos/zitadel/internal/notification/channels/log"
 	"github.com/caos/zitadel/internal/notification/channels/smtp"
+	"github.com/caos/zitadel/internal/notification/channels/twilio"
 	"github.com/caos/zitadel/internal/notification/types"
 	"github.com/caos/zitadel/internal/query"
 	user_repo "github.com/caos/zitadel/internal/repository/user"
@@ -96,7 +96,7 @@ func (n *Notification) Subscription() *v1.Subscription {
 }
 
 func (_ *Notification) AggregateTypes() []models.AggregateType {
-	return []models.AggregateType{es_model.UserAggregate}
+	return []models.AggregateType{user_repo.AggregateType}
 }
 
 func (n *Notification) CurrentSequence() (uint64, error) {
@@ -116,22 +116,22 @@ func (n *Notification) EventQuery() (*models.SearchQuery, error) {
 }
 
 func (n *Notification) Reduce(event *models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.InitializedUserCodeAdded,
+	case user_repo.UserV1InitialCodeAddedType,
-		es_model.InitializedHumanCodeAdded:
+		user_repo.HumanInitialCodeAddedType:
 		err = n.handleInitUserCode(event)
-	case es_model.UserEmailCodeAdded,
+	case user_repo.UserV1EmailCodeAddedType,
-		es_model.HumanEmailCodeAdded:
+		user_repo.HumanEmailCodeAddedType:
 		err = n.handleEmailVerificationCode(event)
-	case es_model.UserPhoneCodeAdded,
+	case user_repo.UserV1PhoneCodeAddedType,
-		es_model.HumanPhoneCodeAdded:
+		user_repo.HumanPhoneCodeAddedType:
 		err = n.handlePhoneVerificationCode(event)
-	case es_model.UserPasswordCodeAdded,
+	case user_repo.UserV1PasswordCodeAddedType,
-		es_model.HumanPasswordCodeAdded:
+		user_repo.HumanPasswordCodeAddedType:
 		err = n.handlePasswordCode(event)
-	case es_model.DomainClaimed:
+	case user_repo.UserDomainClaimedType:
 		err = n.handleDomainClaimed(event)
-	case models.EventType(user_repo.HumanPasswordlessInitCodeRequestedType):
+	case user_repo.HumanPasswordlessInitCodeRequestedType:
 		err = n.handlePasswordlessRegistrationLink(event)
 	}
 	if err != nil {
@@ -146,8 +146,8 @@ func (n *Notification) handleInitUserCode(event *models.Event) (err error) {
 		return err
 	}
 	alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, initCode.Expiry,
-		es_model.InitializedUserCodeAdded, es_model.InitializedUserCodeSent,
+		user_repo.UserV1InitialCodeAddedType, user_repo.UserV1InitialCodeSentType,
-		es_model.InitializedHumanCodeAdded, es_model.InitializedHumanCodeSent)
+		user_repo.HumanInitialCodeAddedType, user_repo.HumanInitialCodeSentType)
 	if err != nil || alreadyHandled {
 		return err
 	}
@@ -185,8 +185,8 @@ func (n *Notification) handlePasswordCode(event *models.Event) (err error) {
 		return err
 	}
 	alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, pwCode.Expiry,
-		es_model.UserPasswordCodeAdded, es_model.UserPasswordCodeSent,
+		user_repo.UserV1PasswordCodeAddedType, user_repo.UserV1PasswordCodeSentType,
-		es_model.HumanPasswordCodeAdded, es_model.HumanPasswordCodeSent)
+		user_repo.HumanPasswordCodeAddedType, user_repo.HumanPasswordCodeSentType)
 	if err != nil || alreadyHandled {
 		return err
 	}
@@ -223,8 +223,8 @@ func (n *Notification) handleEmailVerificationCode(event *models.Event) (err err
 		return err
 	}
 	alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, emailCode.Expiry,
-		es_model.UserEmailCodeAdded, es_model.UserEmailCodeSent,
+		user_repo.UserV1EmailCodeAddedType, user_repo.UserV1EmailCodeSentType,
-		es_model.HumanEmailCodeAdded, es_model.HumanEmailCodeSent)
+		user_repo.HumanEmailCodeAddedType, user_repo.HumanEmailCodeSentType)
 	if err != nil || alreadyHandled {
 		return nil
 	}
@@ -262,8 +262,8 @@ func (n *Notification) handlePhoneVerificationCode(event *models.Event) (err err
 		return err
 	}
 	alreadyHandled, err := n.checkIfCodeAlreadyHandledOrExpired(event, phoneCode.Expiry,
-		es_model.UserPhoneCodeAdded, es_model.UserPhoneCodeSent,
+		user_repo.UserV1PhoneCodeAddedType, user_repo.UserV1PhoneCodeSentType,
-		es_model.HumanPhoneCodeAdded, es_model.HumanPhoneCodeSent)
+		user_repo.HumanPhoneCodeAddedType, user_repo.HumanPhoneCodeSentType)
 	if err != nil || alreadyHandled {
 		return nil
 	}
@@ -283,7 +283,7 @@ func (n *Notification) handlePhoneVerificationCode(event *models.Event) (err err
 }
 
 func (n *Notification) handleDomainClaimed(event *models.Event) (err error) {
-	alreadyHandled, err := n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, es_model.DomainClaimed, es_model.DomainClaimedSent)
+	alreadyHandled, err := n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, user_repo.UserDomainClaimedType, user_repo.UserDomainClaimedSentType)
 	if err != nil || alreadyHandled {
 		return nil
 	}
@@ -332,7 +332,7 @@ func (n *Notification) handlePasswordlessRegistrationLink(event *models.Event) (
 		return err
 	}
 	for _, e := range events {
-		if e.Type == models.EventType(user_repo.HumanPasswordlessInitCodeSentType) {
+		if eventstore.EventType(e.Type) == user_repo.HumanPasswordlessInitCodeSentType {
 			sentEvent := new(user_repo.HumanPasswordlessInitCodeSentEvent)
 			if err := json.Unmarshal(e.Data, sentEvent); err != nil {
 				return err
@@ -369,21 +369,21 @@ func (n *Notification) handlePasswordlessRegistrationLink(event *models.Event) (
 	return n.command.HumanPasswordlessInitCodeSent(ctx, event.AggregateID, event.ResourceOwner, addedEvent.ID)
 }
 
-func (n *Notification) checkIfCodeAlreadyHandledOrExpired(event *models.Event, expiry time.Duration, eventTypes ...models.EventType) (bool, error) {
+func (n *Notification) checkIfCodeAlreadyHandledOrExpired(event *models.Event, expiry time.Duration, eventTypes ...eventstore.EventType) (bool, error) {
 	if event.CreationDate.Add(expiry).Before(time.Now().UTC()) {
 		return true, nil
 	}
 	return n.checkIfAlreadyHandled(event.AggregateID, event.Sequence, eventTypes...)
 }
 
-func (n *Notification) checkIfAlreadyHandled(userID string, sequence uint64, eventTypes ...models.EventType) (bool, error) {
+func (n *Notification) checkIfAlreadyHandled(userID string, sequence uint64, eventTypes ...eventstore.EventType) (bool, error) {
 	events, err := n.getUserEvents(userID, sequence)
 	if err != nil {
 		return false, err
 	}
 	for _, event := range events {
 		for _, eventType := range eventTypes {
-			if event.Type == eventType {
+			if eventstore.EventType(event.Type) == eventType {
 				return true, nil
 			}
 		}

internal/notification/repository/eventsourcing/handler/notify_user.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/caos/zitadel/internal/api/authz"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
@@ -17,7 +18,7 @@ import (
 	org_view "github.com/caos/zitadel/internal/org/repository/view"
 	query2 "github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/repository/org"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/repository/user"
 	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
@@ -63,7 +64,7 @@ func (p *NotifyUser) Subscription() *v1.Subscription {
 }
 
 func (_ *NotifyUser) AggregateTypes() []es_models.AggregateType {
-	return []es_models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
+	return []es_models.AggregateType{user.AggregateType, org.AggregateType}
 }
 
 func (p *NotifyUser) CurrentSequence() (uint64, error) {
@@ -86,9 +87,9 @@ func (p *NotifyUser) EventQuery() (*es_models.SearchQuery, error) {
 
 func (u *NotifyUser) Reduce(event *es_models.Event) (err error) {
 	switch event.AggregateType {
-	case es_model.UserAggregate:
+	case user.AggregateType:
 		return u.ProcessUser(event)
-	case org_es_model.OrgAggregate:
+	case org.AggregateType:
 		return u.ProcessOrg(event)
 	default:
 		return nil
@@ -96,48 +97,48 @@ func (u *NotifyUser) Reduce(event *es_models.Event) (err error) {
 }
 
 func (u *NotifyUser) ProcessUser(event *es_models.Event) (err error) {
-	user := new(view_model.NotifyUser)
+	notifyUser := new(view_model.NotifyUser)
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case es_model.UserAdded,
+	case user.UserV1AddedType,
-		es_model.UserRegistered,
+		user.UserV1RegisteredType,
-		es_model.HumanRegistered,
+		user.HumanRegisteredType,
-		es_model.HumanAdded,
+		user.HumanAddedType,
-		es_model.MachineAdded:
+		user.MachineAddedEventType:
-		err := user.AppendEvent(event)
+		err := notifyUser.AppendEvent(event)
 		if err != nil {
 			return err
 		}
-		err = u.fillLoginNames(user)
+		err = u.fillLoginNames(notifyUser)
-	case es_model.UserProfileChanged,
+	case user.UserV1ProfileChangedType,
-		es_model.UserEmailChanged,
+		user.UserV1EmailChangedType,
-		es_model.UserEmailVerified,
+		user.UserV1EmailVerifiedType,
-		es_model.UserPhoneChanged,
+		user.UserV1PhoneChangedType,
-		es_model.UserPhoneVerified,
+		user.UserV1PhoneVerifiedType,
-		es_model.UserPhoneRemoved,
+		user.UserV1PhoneRemovedType,
-		es_model.HumanProfileChanged,
+		user.HumanProfileChangedType,
-		es_model.HumanEmailChanged,
+		user.HumanEmailChangedType,
-		es_model.HumanEmailVerified,
+		user.HumanEmailVerifiedType,
-		es_model.HumanPhoneChanged,
+		user.HumanPhoneChangedType,
-		es_model.HumanPhoneVerified,
+		user.HumanPhoneVerifiedType,
-		es_model.HumanPhoneRemoved,
+		user.HumanPhoneRemovedType,
-		es_model.MachineChanged:
+		user.MachineChangedEventType:
-		user, err = u.view.NotifyUserByID(event.AggregateID)
+		notifyUser, err = u.view.NotifyUserByID(event.AggregateID)
 		if err != nil {
 			return err
 		}
-		err = user.AppendEvent(event)
+		err = notifyUser.AppendEvent(event)
-	case es_model.DomainClaimed,
+	case user.UserDomainClaimedType,
-		es_model.UserUserNameChanged:
+		user.UserUserNameChangedType:
-		user, err = u.view.NotifyUserByID(event.AggregateID)
+		notifyUser, err = u.view.NotifyUserByID(event.AggregateID)
 		if err != nil {
 			return err
 		}
-		err = user.AppendEvent(event)
+		err = notifyUser.AppendEvent(event)
 		if err != nil {
 			return err
 		}
-		err = u.fillLoginNames(user)
+		err = u.fillLoginNames(notifyUser)
-	case es_model.UserRemoved:
+	case user.UserRemovedType:
 		return u.view.DeleteNotifyUser(event.AggregateID, event)
 	default:
 		return u.view.ProcessedNotifyUserSequence(event)
@@ -145,18 +146,18 @@ func (u *NotifyUser) ProcessUser(event *es_models.Event) (err error) {
 	if err != nil {
 		return err
 	}
-	return u.view.PutNotifyUser(user, event)
+	return u.view.PutNotifyUser(notifyUser, event)
 }
 
 func (u *NotifyUser) ProcessOrg(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case org_es_model.OrgDomainVerified,
+	case org.OrgDomainVerifiedEventType,
-		org_es_model.OrgDomainRemoved,
+		org.OrgDomainRemovedEventType,
-		es_models.EventType(org.DomainPolicyAddedEventType),
+		org.DomainPolicyAddedEventType,
-		es_models.EventType(org.DomainPolicyChangedEventType),
+		org.DomainPolicyChangedEventType,
-		es_models.EventType(org.DomainPolicyRemovedEventType):
+		org.DomainPolicyRemovedEventType:
 		return u.fillLoginNamesOnOrgUsers(event)
-	case org_es_model.OrgDomainPrimarySet:
+	case org.OrgDomainPrimarySetEventType:
 		return u.fillPreferredLoginNamesOnOrgUsers(event)
 	default:
 		return u.view.ProcessedNotifyUserSequence(event)

internal/notification/repository/eventsourcing/view/label_policies.go

@@ -1,10 +0,0 @@
-package view
-
-import (
-	"github.com/caos/zitadel/internal/iam/repository/view"
-	"github.com/caos/zitadel/internal/iam/repository/view/model"
-)
-
-func (v *View) StylingByAggregateIDAndState(aggregateID, labelPolicyTableVar string, state int32) (*model.LabelPolicyView, error) {
-	return view.GetStylingByAggregateIDAndState(v.Db, labelPolicyTableVar, aggregateID, state)
-}

internal/org/model/member.go

@@ -1,21 +0,0 @@
-package model
-
-import es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-
-type OrgMember struct {
-	es_models.ObjectRoot
-	UserID string
-	Roles  []string
-}
-
-func NewOrgMember(orgID, userID string) *OrgMember {
-	return &OrgMember{ObjectRoot: es_models.ObjectRoot{AggregateID: orgID}, UserID: userID}
-}
-
-func NewOrgMemberWithRoles(orgID, userID string, roles ...string) *OrgMember {
-	return &OrgMember{ObjectRoot: es_models.ObjectRoot{AggregateID: orgID}, UserID: userID, Roles: roles}
-}
-
-func (member *OrgMember) IsValid() bool {
-	return member.AggregateID != "" && member.UserID != ""
-}

internal/org/model/org.go

@@ -3,8 +3,6 @@ package model
 import (
 	"strings"
 
-	"github.com/golang/protobuf/ptypes/timestamp"
-
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
 )
@@ -16,32 +14,7 @@ type Org struct {
 	Name    string
 	Domains []*OrgDomain
 
-	Members                  []*OrgMember
+	DomainPolicy *iam_model.DomainPolicy
-	DomainPolicy             *iam_model.DomainPolicy
-	LoginPolicy              *iam_model.LoginPolicy
-	LabelPolicy              *iam_model.LabelPolicy
-	MailTemplate             *iam_model.MailTemplate
-	MailTexts                []*iam_model.MailText
-	PasswordComplexityPolicy *iam_model.PasswordComplexityPolicy
-	PasswordAgePolicy        *iam_model.PasswordAgePolicy
-	LockoutPolicy            *iam_model.LockoutPolicy
-
-	IDPs []*iam_model.IDPConfig
-}
-type OrgChanges struct {
-	Changes      []*OrgChange
-	LastSequence uint64
-}
-
-type OrgChange struct {
-	ChangeDate        *timestamp.Timestamp `json:"changeDate,omitempty"`
-	EventType         string               `json:"eventType,omitempty"`
-	Sequence          uint64               `json:"sequence,omitempty"`
-	ModifierId        string               `json:"modifierUser,omitempty"`
-	ModifierName      string               `json:"-"`
-	ModifierLoginName string               `json:"-"`
-	ModifierAvatarURL string               `json:"-"`
-	Data              interface{}          `json:"data,omitempty"`
 }
 
 type OrgState int32
@@ -51,18 +24,10 @@ const (
 	OrgStateInactive
 )
 
-func NewOrg(id string) *Org {
-	return &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: id}, State: OrgStateActive}
-}
-
 func (o *Org) IsActive() bool {
 	return o.State == OrgStateActive
 }
 
-func (o *Org) IsValid() bool {
-	return o.Name != ""
-}
-
 func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
 	for i, d := range o.Domains {
 		if d.Domain == domain.Domain {
@@ -72,15 +37,6 @@ func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
 	return -1, nil
 }
 
-func (o *Org) GetIDP(idpID string) (int, *iam_model.IDPConfig) {
-	for i, idp := range o.IDPs {
-		if idp.IDPConfigID == idpID {
-			return i, idp
-		}
-	}
-	return -1, nil
-}
-
 func (o *Org) GetPrimaryDomain() *OrgDomain {
 	for _, d := range o.Domains {
 		if d.Primary {
@@ -90,15 +46,6 @@ func (o *Org) GetPrimaryDomain() *OrgDomain {
 	return nil
 }
 
-func (o *Org) MemeberByUserID(userID string) (*OrgMember, int) {
-	for i, member := range o.Members {
-		if member.UserID == userID {
-			return member, i
-		}
-	}
-	return nil, -1
-}
-
 func (o *Org) nameForDomain(iamDomain string) string {
 	return strings.ToLower(strings.ReplaceAll(o.Name, " ", "-") + "." + iamDomain)
 }

internal/org/model/org_member_view.go

@@ -1,70 +0,0 @@
-package model
-
-import (
-	"time"
-
-	"github.com/caos/zitadel/internal/domain"
-	caos_errors "github.com/caos/zitadel/internal/errors"
-)
-
-type OrgMemberView struct {
-	UserID             string
-	OrgID              string
-	UserName           string
-	Email              string
-	FirstName          string
-	LastName           string
-	DisplayName        string
-	PreferredLoginName string
-	AvatarURL          string
-	UserResourceOwner  string
-	Roles              []string
-	CreationDate       time.Time
-	ChangeDate         time.Time
-	Sequence           uint64
-}
-
-type OrgMemberSearchRequest struct {
-	Offset        uint64
-	Limit         uint64
-	SortingColumn OrgMemberSearchKey
-	Asc           bool
-	Queries       []*OrgMemberSearchQuery
-}
-
-type OrgMemberSearchKey int32
-
-const (
-	OrgMemberSearchKeyUnspecified OrgMemberSearchKey = iota
-	OrgMemberSearchKeyUserName
-	OrgMemberSearchKeyEmail
-	OrgMemberSearchKeyFirstName
-	OrgMemberSearchKeyLastName
-	OrgMemberSearchKeyOrgID
-	OrgMemberSearchKeyUserID
-)
-
-type OrgMemberSearchQuery struct {
-	Key    OrgMemberSearchKey
-	Method domain.SearchMethod
-	Value  interface{}
-}
-
-type OrgMemberSearchResponse struct {
-	Offset      uint64
-	Limit       uint64
-	TotalResult uint64
-	Result      []*OrgMemberView
-	Sequence    uint64
-	Timestamp   time.Time
-}
-
-func (r *OrgMemberSearchRequest) EnsureLimit(limit uint64) error {
-	if r.Limit > limit {
-		return caos_errors.ThrowInvalidArgument(nil, "SEARCH-77fu3", "Errors.Limit.ExceedsDefault")
-	}
-	if r.Limit == 0 {
-		r.Limit = limit
-	}
-	return nil
-}

internal/org/repository/eventsourcing/model/idp_config.go

@@ -1,85 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddIDPConfigEvent(event *es_models.Event) error {
-	idp := new(iam_es_model.IDPConfig)
-	err := idp.SetData(event)
-	if err != nil {
-		return err
-	}
-	idp.ObjectRoot.CreationDate = event.CreationDate
-	o.IDPs = append(o.IDPs, idp)
-	return nil
-}
-
-func (o *Org) appendChangeIDPConfigEvent(event *es_models.Event) error {
-	idp := new(iam_es_model.IDPConfig)
-	err := idp.SetData(event)
-	if err != nil {
-		return err
-	}
-	if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
-		o.IDPs[i].SetData(event)
-	}
-	return nil
-}
-
-func (o *Org) appendRemoveIDPConfigEvent(event *es_models.Event) error {
-	idp := new(iam_es_model.IDPConfig)
-	err := idp.SetData(event)
-	if err != nil {
-		return err
-	}
-	if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
-		o.IDPs[i] = o.IDPs[len(o.IDPs)-1]
-		o.IDPs[len(o.IDPs)-1] = nil
-		o.IDPs = o.IDPs[:len(o.IDPs)-1]
-	}
-	return nil
-}
-
-func (o *Org) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
-	idp := new(iam_es_model.IDPConfig)
-	err := idp.SetData(event)
-	if err != nil {
-		return err
-	}
-
-	if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
-		idpConfig.State = int32(state)
-		o.IDPs[i] = idpConfig
-	}
-	return nil
-}
-
-func (o *Org) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
-	config := new(iam_es_model.OIDCIDPConfig)
-	err := config.SetData(event)
-	if err != nil {
-		return err
-	}
-	config.ObjectRoot.CreationDate = event.CreationDate
-	if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
-		o.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
-		o.IDPs[i].OIDCIDPConfig = config
-	}
-	return nil
-}
-
-func (o *Org) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
-	config := new(iam_es_model.OIDCIDPConfig)
-	err := config.SetData(event)
-	if err != nil {
-		return err
-	}
-
-	if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
-		o.IDPs[i].OIDCIDPConfig.SetData(event)
-	}
-	return nil
-}

internal/org/repository/eventsourcing/model/idp_config_test.go

@@ -1,252 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	"testing"
-)
-
-func TestAppendAddIdpConfigEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		idp   *iam_es_model.IDPConfig
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add idp config event",
-			args: args{
-				org:   &Org{},
-				idp:   &iam_es_model.IDPConfig{Name: "IDPConfig"},
-				event: &es_models.Event{},
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.idp != nil {
-				data, _ := json.Marshal(tt.args.idp)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddIDPConfigEvent(tt.args.event)
-			if len(tt.args.org.IDPs) != 1 {
-				t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
-			}
-			if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
-			}
-		})
-	}
-}
-
-func TestAppendChangeIdpConfigEvent(t *testing.T) {
-	type args struct {
-		org       *Org
-		idpConfig *iam_es_model.IDPConfig
-		event     *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change idp config event",
-			args: args{
-				org:       &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
-				idpConfig: &iam_es_model.IDPConfig{Name: "IDPConfig Change"},
-				event:     &es_models.Event{},
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig Change"}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.idpConfig != nil {
-				data, _ := json.Marshal(tt.args.idpConfig)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeIDPConfigEvent(tt.args.event)
-			if len(tt.args.org.IDPs) != 1 {
-				t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
-			}
-			if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
-			}
-		})
-	}
-}
-
-func TestAppendRemoveIDPEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		idp   *iam_es_model.IDPConfig
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append remove idp config event",
-			args: args{
-				org:   &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
-				idp:   &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
-				event: &es_models.Event{},
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.idp != nil {
-				data, _ := json.Marshal(tt.args.idp)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendRemoveIDPConfigEvent(tt.args.event)
-			if len(tt.args.org.IDPs) != 0 {
-				t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.org.IDPs))
-			}
-		})
-	}
-}
-
-func TestAppendAppStateEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		idp   *iam_es_model.IDPConfig
-		event *es_models.Event
-		state model.IDPConfigState
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append deactivate application event",
-			args: args{
-				org:   &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
-				idp:   &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
-				event: &es_models.Event{},
-				state: model.IDPConfigStateInactive,
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
-		},
-		{
-			name: "append reactivate application event",
-			args: args{
-				org:   &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
-				idp:   &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
-				event: &es_models.Event{},
-				state: model.IDPConfigStateActive,
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.idp != nil {
-				data, _ := json.Marshal(tt.args.idp)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
-			if len(tt.args.org.IDPs) != 1 {
-				t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
-			}
-			if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
-			}
-		})
-	}
-}
-
-func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		config *iam_es_model.OIDCIDPConfig
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add oidc idp config event",
-			args: args{
-				org:    &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"}}},
-				config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
-				event:  &es_models.Event{},
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.config != nil {
-				data, _ := json.Marshal(tt.args.config)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddOIDCIDPConfigEvent(tt.args.event)
-			if len(tt.args.org.IDPs) != 1 {
-				t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
-			}
-			if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
-				t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
-			}
-			if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
-			}
-		})
-	}
-}
-
-func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		config *iam_es_model.OIDCIDPConfig
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change oidc idp config event",
-			args: args{
-				org:    &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
-				config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
-				event:  &es_models.Event{},
-			},
-			result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.config != nil {
-				data, _ := json.Marshal(tt.args.config)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeOIDCIDPConfigEvent(tt.args.event)
-			if len(tt.args.org.IDPs) != 1 {
-				t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
-			}
-			if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
-				t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
-			}
-			if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/label_policy.go

@@ -1,24 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddLabelPolicyEvent(event *es_models.Event) error {
-	o.LabelPolicy = new(iam_es_model.LabelPolicy)
-	err := o.LabelPolicy.SetDataLabel(event)
-	if err != nil {
-		return err
-	}
-	o.LabelPolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangeLabelPolicyEvent(event *es_models.Event) error {
-	return o.LabelPolicy.SetDataLabel(event)
-}
-
-func (o *Org) appendRemoveLabelPolicyEvent(event *es_models.Event) {
-	o.LabelPolicy = nil
-}

internal/org/repository/eventsourcing/model/label_policy_test.go

@@ -1,91 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"testing"
-
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func TestAppendAddLabelPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LabelPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add label policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LabelPolicy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddLabelPolicyEvent(tt.args.event)
-			if tt.result.LabelPolicy.PrimaryColor != tt.args.org.LabelPolicy.PrimaryColor {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.PrimaryColor, tt.args.org.LabelPolicy.PrimaryColor)
-			}
-			if tt.result.LabelPolicy.BackgroundColor != tt.args.org.LabelPolicy.BackgroundColor {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.BackgroundColor, tt.args.org.LabelPolicy.BackgroundColor)
-			}
-		})
-	}
-}
-
-func TestAppendChangeLabelPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LabelPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change label policy event",
-			args: args{
-				org: &Org{LabelPolicy: &iam_es_model.LabelPolicy{
-					BackgroundColor: "FFFFF0",
-					PrimaryColor:    "000001",
-				}},
-				policy: &iam_es_model.LabelPolicy{PrimaryColor: "000000", BackgroundColor: "FFFFFF"},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LabelPolicy: &iam_es_model.LabelPolicy{
-				BackgroundColor: "FFFFFF",
-				PrimaryColor:    "000000",
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeLabelPolicyEvent(tt.args.event)
-			if tt.result.LabelPolicy.PrimaryColor != tt.args.org.LabelPolicy.PrimaryColor {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.PrimaryColor, tt.args.org.LabelPolicy.PrimaryColor)
-			}
-			if tt.result.LabelPolicy.BackgroundColor != tt.args.org.LabelPolicy.BackgroundColor {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LabelPolicy.BackgroundColor, tt.args.org.LabelPolicy.BackgroundColor)
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/login_policy.go

@@ -1,106 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddLoginPolicyEvent(event *es_models.Event) error {
-	o.LoginPolicy = new(iam_es_model.LoginPolicy)
-	err := o.LoginPolicy.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.LoginPolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangeLoginPolicyEvent(event *es_models.Event) error {
-	return o.LoginPolicy.SetData(event)
-}
-
-func (o *Org) appendRemoveLoginPolicyEvent(event *es_models.Event) {
-	o.LoginPolicy = nil
-}
-
-func (o *Org) appendAddIdpProviderToLoginPolicyEvent(event *es_models.Event) error {
-	provider := &iam_es_model.IDPProvider{}
-	err := provider.SetData(event)
-	if err != nil {
-		return err
-	}
-	provider.ObjectRoot.CreationDate = event.CreationDate
-	if o.LoginPolicy == nil {
-		return nil
-	}
-	o.LoginPolicy.IDPProviders = append(o.LoginPolicy.IDPProviders, provider)
-	return nil
-}
-
-func (o *Org) appendRemoveIdpProviderFromLoginPolicyEvent(event *es_models.Event) error {
-	provider := &iam_es_model.IDPProvider{}
-	err := provider.SetData(event)
-	if err != nil {
-		return err
-	}
-	if o.LoginPolicy == nil {
-		return nil
-	}
-	if i, m := iam_es_model.GetIDPProvider(o.LoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
-		o.LoginPolicy.IDPProviders[i] = o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1]
-		o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1] = nil
-		o.LoginPolicy.IDPProviders = o.LoginPolicy.IDPProviders[:len(o.LoginPolicy.IDPProviders)-1]
-		return nil
-	}
-	return nil
-}
-
-func (o *Org) appendAddSecondFactorToLoginPolicyEvent(event *es_models.Event) error {
-	mfa := &iam_es_model.MFA{}
-	err := mfa.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.LoginPolicy.SecondFactors = append(o.LoginPolicy.SecondFactors, mfa.MFAType)
-	return nil
-}
-
-func (o *Org) appendRemoveSecondFactorFromLoginPolicyEvent(event *es_models.Event) error {
-	mfa := &iam_es_model.MFA{}
-	err := mfa.SetData(event)
-	if err != nil {
-		return err
-	}
-	if i, m := iam_es_model.GetMFA(o.LoginPolicy.SecondFactors, mfa.MFAType); m != 0 {
-		o.LoginPolicy.SecondFactors[i] = o.LoginPolicy.SecondFactors[len(o.LoginPolicy.SecondFactors)-1]
-		o.LoginPolicy.SecondFactors[len(o.LoginPolicy.SecondFactors)-1] = 0
-		o.LoginPolicy.SecondFactors = o.LoginPolicy.SecondFactors[:len(o.LoginPolicy.SecondFactors)-1]
-		return nil
-	}
-	return nil
-}
-
-func (o *Org) appendAddMultiFactorToLoginPolicyEvent(event *es_models.Event) error {
-	mfa := &iam_es_model.MFA{}
-	err := mfa.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.LoginPolicy.MultiFactors = append(o.LoginPolicy.MultiFactors, mfa.MFAType)
-	return nil
-}
-
-func (o *Org) appendRemoveMultiFactorFromLoginPolicyEvent(event *es_models.Event) error {
-	mfa := &iam_es_model.MFA{}
-	err := mfa.SetData(event)
-	if err != nil {
-		return err
-	}
-	if i, m := iam_es_model.GetMFA(o.LoginPolicy.MultiFactors, mfa.MFAType); m != 0 {
-		o.LoginPolicy.MultiFactors[i] = o.LoginPolicy.MultiFactors[len(o.LoginPolicy.MultiFactors)-1]
-		o.LoginPolicy.MultiFactors[len(o.LoginPolicy.MultiFactors)-1] = 0
-		o.LoginPolicy.MultiFactors = o.LoginPolicy.MultiFactors[:len(o.LoginPolicy.MultiFactors)-1]
-		return nil
-	}
-	return nil
-}

internal/org/repository/eventsourcing/model/login_policy_test.go

@@ -1,392 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"testing"
-
-	"github.com/caos/zitadel/internal/domain"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func TestAppendAddLoginPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LoginPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add login policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddLoginPolicyEvent(tt.args.event)
-			if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
-			}
-			if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
-			}
-			if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
-			}
-		})
-	}
-}
-
-func TestAppendChangeLoginPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LoginPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change login policy event",
-			args: args{
-				org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-					AllowExternalIdp:      false,
-					AllowRegister:         false,
-					AllowUsernamePassword: false,
-				}},
-				policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeLoginPolicyEvent(tt.args.event)
-			if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
-			}
-			if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
-			}
-			if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
-			}
-		})
-	}
-}
-
-func TestAppendAddIdpToPolicyEvent(t *testing.T) {
-	type args struct {
-		org      *Org
-		provider *iam_es_model.IDPProvider
-		event    *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add idp to login policy event",
-			args: args{
-				org:      &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
-				provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
-				event:    &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				IDPProviders: []*iam_es_model.IDPProvider{
-					{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
-				}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.provider != nil {
-				data, _ := json.Marshal(tt.args.provider)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddIdpProviderToLoginPolicyEvent(tt.args.event)
-			if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
-				t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
-			}
-			if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
-				t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
-			}
-			if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
-				t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
-			}
-			if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
-				t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
-			}
-			if tt.result.LoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
-				t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
-			}
-			if tt.result.LoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
-				t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
-			}
-		})
-	}
-}
-
-func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
-	type args struct {
-		org      *Org
-		provider *iam_es_model.IDPProvider
-		event    *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add idp to login policy event",
-			args: args{
-				org: &Org{
-					LoginPolicy: &iam_es_model.LoginPolicy{
-						AllowExternalIdp:      true,
-						AllowRegister:         true,
-						AllowUsernamePassword: true,
-						IDPProviders: []*iam_es_model.IDPProvider{
-							{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
-						}}},
-				provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
-				event:    &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				IDPProviders:          []*iam_es_model.IDPProvider{}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.provider != nil {
-				data, _ := json.Marshal(tt.args.provider)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendRemoveIdpProviderFromLoginPolicyEvent(tt.args.event)
-			if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
-				t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
-			}
-			if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
-				t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
-			}
-			if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
-				t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
-			}
-			if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
-				t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
-			}
-		})
-	}
-}
-
-func TestAppendAddSecondFactorToPolicyEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		mfa   *iam_es_model.MFA
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add second factor to login policy event",
-			args: args{
-				org:   &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
-				mfa:   &iam_es_model.MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
-				event: &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				SecondFactors: []int32{
-					int32(domain.SecondFactorTypeOTP),
-				}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.mfa != nil {
-				data, _ := json.Marshal(tt.args.mfa)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddSecondFactorToLoginPolicyEvent(tt.args.event)
-			if len(tt.result.LoginPolicy.SecondFactors) != len(tt.args.org.LoginPolicy.SecondFactors) {
-				t.Errorf("got wrong second factor len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.SecondFactors), len(tt.args.org.LoginPolicy.SecondFactors))
-			}
-			if tt.result.LoginPolicy.SecondFactors[0] != tt.args.mfa.MFAType {
-				t.Errorf("got wrong second factor: expected: %v, actual: %v ", tt.result.LoginPolicy.SecondFactors[0], tt.args.mfa)
-			}
-		})
-	}
-}
-
-func TestRemoveSecondFactorFromPolicyEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		mfa   *iam_es_model.MFA
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append remove second factor from login policy event",
-			args: args{
-				org: &Org{
-					LoginPolicy: &iam_es_model.LoginPolicy{
-						AllowExternalIdp:      true,
-						AllowRegister:         true,
-						AllowUsernamePassword: true,
-						SecondFactors: []int32{
-							int32(domain.SecondFactorTypeOTP),
-						}}},
-				mfa:   &iam_es_model.MFA{MFAType: int32(domain.SecondFactorTypeOTP)},
-				event: &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				SecondFactors:         []int32{}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.mfa != nil {
-				data, _ := json.Marshal(tt.args.mfa)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendRemoveSecondFactorFromLoginPolicyEvent(tt.args.event)
-			if len(tt.result.LoginPolicy.SecondFactors) != len(tt.args.org.LoginPolicy.SecondFactors) {
-				t.Errorf("got wrong idp mfa len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.SecondFactors), len(tt.args.org.LoginPolicy.SecondFactors))
-			}
-		})
-	}
-}
-
-func TestAppendAddMultiFactorToPolicyEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		mfa   *iam_es_model.MFA
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add mfa to login policy event",
-			args: args{
-				org:   &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
-				mfa:   &iam_es_model.MFA{MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN)},
-				event: &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				MultiFactors: []int32{
-					int32(iam_model.MultiFactorTypeU2FWithPIN),
-				}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.mfa != nil {
-				data, _ := json.Marshal(tt.args.mfa)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddMultiFactorToLoginPolicyEvent(tt.args.event)
-			if len(tt.result.LoginPolicy.MultiFactors) != len(tt.args.org.LoginPolicy.MultiFactors) {
-				t.Errorf("got wrong second factor len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.MultiFactors), len(tt.args.org.LoginPolicy.MultiFactors))
-			}
-			if tt.result.LoginPolicy.MultiFactors[0] != tt.args.mfa.MFAType {
-				t.Errorf("got wrong second factor: expected: %v, actual: %v ", tt.result.LoginPolicy.MultiFactors[0], tt.args.mfa)
-			}
-		})
-	}
-}
-
-func TestRemoveMultiFactorFromPolicyEvent(t *testing.T) {
-	type args struct {
-		org   *Org
-		mfa   *iam_es_model.MFA
-		event *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append remove mfa from login policy event",
-			args: args{
-				org: &Org{
-					LoginPolicy: &iam_es_model.LoginPolicy{
-						AllowExternalIdp:      true,
-						AllowRegister:         true,
-						AllowUsernamePassword: true,
-						MultiFactors: []int32{
-							int32(iam_model.MultiFactorTypeU2FWithPIN),
-						}}},
-				mfa:   &iam_es_model.MFA{MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN)},
-				event: &es_models.Event{},
-			},
-			result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
-				AllowExternalIdp:      true,
-				AllowRegister:         true,
-				AllowUsernamePassword: true,
-				MultiFactors:          []int32{}}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.mfa != nil {
-				data, _ := json.Marshal(tt.args.mfa)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendRemoveMultiFactorFromLoginPolicyEvent(tt.args.event)
-			if len(tt.result.LoginPolicy.MultiFactors) != len(tt.args.org.LoginPolicy.MultiFactors) {
-				t.Errorf("got wrong idp mfa len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.MultiFactors), len(tt.args.org.LoginPolicy.MultiFactors))
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/mail_template.go

@@ -1,31 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddMailTemplateEvent(event *es_models.Event) error {
-	o.MailTemplate = new(iam_es_model.MailTemplate)
-	err := o.MailTemplate.SetDataLabel(event)
-	if err != nil {
-		return err
-	}
-	o.MailTemplate.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangeMailTemplateEvent(event *es_models.Event) error {
-	mailTemplate := &iam_es_model.MailTemplate{}
-	err := mailTemplate.SetDataLabel(event)
-	if err != nil {
-		return err
-	}
-	mailTemplate.ObjectRoot.ChangeDate = event.CreationDate
-	o.MailTemplate = mailTemplate
-	return nil
-}
-
-func (o *Org) appendRemoveMailTemplateEvent(event *es_models.Event) {
-	o.MailTemplate = nil
-}

internal/org/repository/eventsourcing/model/mail_template_test.go

@@ -1,83 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"testing"
-
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func TestAppendAddMailTemplateEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.MailTemplate
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add label policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")},
-				event:  &es_models.Event{},
-			},
-			result: &Org{MailTemplate: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddMailTemplateEvent(tt.args.event)
-			if string(tt.result.MailTemplate.Template) != string(tt.args.org.MailTemplate.Template) {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.MailTemplate.Template, tt.args.org.MailTemplate.Template)
-			}
-		})
-	}
-}
-
-func TestAppendChangeMailTemplateEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.MailTemplate
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change label policy event",
-			args: args{
-				org: &Org{MailTemplate: &iam_es_model.MailTemplate{
-					Template: []byte("<x!doctype html>"),
-				}},
-				policy: &iam_es_model.MailTemplate{Template: []byte("<!doctype html>")},
-				event:  &es_models.Event{},
-			},
-			result: &Org{MailTemplate: &iam_es_model.MailTemplate{
-				Template: []byte("<!doctype html>"),
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeMailTemplateEvent(tt.args.event)
-			if string(tt.result.MailTemplate.Template) != string(tt.args.org.MailTemplate.Template) {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.MailTemplate.Template, tt.args.org.MailTemplate.Template)
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/member.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/caos/zitadel/internal/errors"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/org/model"
 )
 
 type OrgMember struct {
@@ -50,47 +49,3 @@ func (m *OrgMember) Changes(updatedMember *OrgMember) map[string]interface{} {
 
 	return changes
 }
-
-func OrgMemberFromEvent(member *OrgMember, event *es_models.Event) (*OrgMember, error) {
-	if member == nil {
-		member = new(OrgMember)
-	}
-	member.ObjectRoot.AppendEvent(event)
-	err := json.Unmarshal(event.Data, member)
-	if err != nil {
-		return nil, errors.ThrowInternal(err, "EVENT-D4qxo", "invalid event data")
-	}
-	return member, nil
-}
-
-func OrgMembersFromModel(members []*model.OrgMember) []*OrgMember {
-	convertedMembers := make([]*OrgMember, len(members))
-	for i, m := range members {
-		convertedMembers[i] = OrgMemberFromModel(m)
-	}
-	return convertedMembers
-}
-
-func OrgMemberFromModel(member *model.OrgMember) *OrgMember {
-	return &OrgMember{
-		ObjectRoot: member.ObjectRoot,
-		UserID:     member.UserID,
-		Roles:      member.Roles,
-	}
-}
-
-func OrgMembersToModel(members []*OrgMember) []*model.OrgMember {
-	convertedMembers := make([]*model.OrgMember, len(members))
-	for i, m := range members {
-		convertedMembers[i] = OrgMemberToModel(m)
-	}
-	return convertedMembers
-}
-
-func OrgMemberToModel(member *OrgMember) *model.OrgMember {
-	return &model.OrgMember{
-		ObjectRoot: member.ObjectRoot,
-		UserID:     member.UserID,
-		Roles:      member.Roles,
-	}
-}

internal/org/repository/eventsourcing/model/org.go

@@ -3,16 +3,12 @@ package model
 import (
 	"encoding/json"
 
-	"github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	org_model "github.com/caos/zitadel/internal/org/model"
-)
+	"github.com/caos/zitadel/internal/repository/org"
-
-const (
-	OrgVersion = "v1"
 )
 
 type Org struct {
@@ -21,16 +17,8 @@ type Org struct {
 	Name  string `json:"name,omitempty"`
 	State int32  `json:"-"`
 
-	Domains                  []*OrgDomain                           `json:"-"`
+	Domains      []*OrgDomain               `json:"-"`
-	Members                  []*OrgMember                           `json:"-"`
+	DomainPolicy *iam_es_model.DomainPolicy `json:"-"`
-	DomainPolicy             *iam_es_model.DomainPolicy             `json:"-"`
-	LabelPolicy              *iam_es_model.LabelPolicy              `json:"-"`
-	MailTemplate             *iam_es_model.MailTemplate             `json:"-"`
-	IDPs                     []*iam_es_model.IDPConfig              `json:"-"`
-	LoginPolicy              *iam_es_model.LoginPolicy              `json:"-"`
-	PasswordComplexityPolicy *iam_es_model.PasswordComplexityPolicy `json:"-"`
-	PasswordAgePolicy        *iam_es_model.PasswordAgePolicy        `json:"-"`
-	LockoutPolicy            *iam_es_model.LockoutPolicy            `json:"-"`
 }
 
 func OrgToModel(org *Org) *org_model.Org {
@@ -39,30 +27,10 @@ func OrgToModel(org *Org) *org_model.Org {
 		Name:       org.Name,
 		State:      org_model.OrgState(org.State),
 		Domains:    OrgDomainsToModel(org.Domains),
-		Members:    OrgMembersToModel(org.Members),
-		IDPs:       iam_es_model.IDPConfigsToModel(org.IDPs),
 	}
 	if org.DomainPolicy != nil {
 		converted.DomainPolicy = iam_es_model.DomainPolicyToModel(org.DomainPolicy)
 	}
-	if org.LoginPolicy != nil {
-		converted.LoginPolicy = iam_es_model.LoginPolicyToModel(org.LoginPolicy)
-	}
-	if org.LabelPolicy != nil {
-		converted.LabelPolicy = iam_es_model.LabelPolicyToModel(org.LabelPolicy)
-	}
-	if org.MailTemplate != nil {
-		converted.MailTemplate = iam_es_model.MailTemplateToModel(org.MailTemplate)
-	}
-	if org.PasswordComplexityPolicy != nil {
-		converted.PasswordComplexityPolicy = iam_es_model.PasswordComplexityPolicyToModel(org.PasswordComplexityPolicy)
-	}
-	if org.PasswordAgePolicy != nil {
-		converted.PasswordAgePolicy = iam_es_model.PasswordAgePolicyToModel(org.PasswordAgePolicy)
-	}
-	if org.LockoutPolicy != nil {
-		converted.LockoutPolicy = iam_es_model.LockoutPolicyToModel(org.LockoutPolicy)
-	}
 	return converted
 }
 
@@ -85,123 +53,37 @@ func (o *Org) AppendEvents(events ...*es_models.Event) error {
 }
 
 func (o *Org) AppendEvent(event *es_models.Event) (err error) {
-	switch event.Type {
+	switch eventstore.EventType(event.Type) {
-	case OrgAdded:
+	case org.OrgAddedEventType:
 		err = o.SetData(event)
 		if err != nil {
 			return err
 		}
-	case OrgChanged:
+	case org.OrgChangedEventType:
 		err = o.SetData(event)
 		if err != nil {
 			return err
 		}
-	case OrgDeactivated:
+	case org.OrgDeactivatedEventType:
 		o.State = int32(org_model.OrgStateInactive)
-	case OrgReactivated:
+	case org.OrgReactivatedEventType:
 		o.State = int32(org_model.OrgStateActive)
-	case OrgMemberAdded:
+	case org.OrgDomainAddedEventType:
-		member, err := OrgMemberFromEvent(nil, event)
-		if err != nil {
-			return err
-		}
-		member.CreationDate = event.CreationDate
-
-		o.setMember(member)
-	case OrgMemberChanged:
-		member, err := OrgMemberFromEvent(nil, event)
-		if err != nil {
-			return err
-		}
-		existingMember := o.getMember(member.UserID)
-		member.CreationDate = existingMember.CreationDate
-
-		o.setMember(member)
-	case OrgMemberRemoved,
-		OrgMemberCascadeRemoved:
-		member, err := OrgMemberFromEvent(nil, event)
-		if err != nil {
-			return err
-		}
-		o.removeMember(member.UserID)
-	case OrgDomainAdded:
 		err = o.appendAddDomainEvent(event)
-	case OrgDomainVerificationAdded:
+	case org.OrgDomainVerificationAddedEventType:
 		err = o.appendVerificationDomainEvent(event)
-	case OrgDomainVerified:
+	case org.OrgDomainVerifiedEventType:
 		err = o.appendVerifyDomainEvent(event)
-	case OrgDomainPrimarySet:
+	case org.OrgDomainPrimarySetEventType:
 		err = o.appendPrimaryDomainEvent(event)
-	case OrgDomainRemoved:
+	case org.OrgDomainRemovedEventType:
 		err = o.appendRemoveDomainEvent(event)
-	case DomainPolicyAdded:
+	case org.DomainPolicyAddedEventType:
 		err = o.appendAddDomainPolicyEvent(event)
-	case DomainPolicyChanged:
+	case org.DomainPolicyChangedEventType:
 		err = o.appendChangeDomainPolicyEvent(event)
-	case DomainPolicyRemoved:
+	case org.DomainPolicyRemovedEventType:
 		o.appendRemoveDomainPolicyEvent()
-	case IDPConfigAdded:
-		err = o.appendAddIDPConfigEvent(event)
-	case IDPConfigChanged:
-		err = o.appendChangeIDPConfigEvent(event)
-	case IDPConfigRemoved:
-		err = o.appendRemoveIDPConfigEvent(event)
-	case IDPConfigDeactivated:
-		err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
-	case IDPConfigReactivated:
-		err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
-	case OIDCIDPConfigAdded:
-		err = o.appendAddOIDCIDPConfigEvent(event)
-	case OIDCIDPConfigChanged:
-		err = o.appendChangeOIDCIDPConfigEvent(event)
-	case LabelPolicyAdded:
-		err = o.appendAddLabelPolicyEvent(event)
-	case LabelPolicyChanged:
-		err = o.appendChangeLabelPolicyEvent(event)
-	case LabelPolicyRemoved:
-		o.appendRemoveLabelPolicyEvent(event)
-	case LoginPolicyAdded:
-		err = o.appendAddLoginPolicyEvent(event)
-	case LoginPolicyChanged:
-		err = o.appendChangeLoginPolicyEvent(event)
-	case LoginPolicyRemoved:
-		o.appendRemoveLoginPolicyEvent(event)
-	case LoginPolicyIDPProviderAdded:
-		err = o.appendAddIdpProviderToLoginPolicyEvent(event)
-	case LoginPolicyIDPProviderRemoved:
-		err = o.appendRemoveIdpProviderFromLoginPolicyEvent(event)
-	case MailTemplateAdded:
-		err = o.appendAddMailTemplateEvent(event)
-	case MailTemplateChanged:
-		err = o.appendChangeMailTemplateEvent(event)
-	case MailTemplateRemoved:
-		o.appendRemoveMailTemplateEvent(event)
-	case LoginPolicySecondFactorAdded:
-		err = o.appendAddSecondFactorToLoginPolicyEvent(event)
-	case LoginPolicySecondFactorRemoved:
-		err = o.appendRemoveSecondFactorFromLoginPolicyEvent(event)
-	case LoginPolicyMultiFactorAdded:
-		err = o.appendAddMultiFactorToLoginPolicyEvent(event)
-	case LoginPolicyMultiFactorRemoved:
-		err = o.appendRemoveMultiFactorFromLoginPolicyEvent(event)
-	case PasswordComplexityPolicyAdded:
-		err = o.appendAddPasswordComplexityPolicyEvent(event)
-	case PasswordComplexityPolicyChanged:
-		err = o.appendChangePasswordComplexityPolicyEvent(event)
-	case PasswordComplexityPolicyRemoved:
-		o.appendRemovePasswordComplexityPolicyEvent(event)
-	case PasswordAgePolicyAdded:
-		err = o.appendAddPasswordAgePolicyEvent(event)
-	case PasswordAgePolicyChanged:
-		err = o.appendChangePasswordAgePolicyEvent(event)
-	case PasswordAgePolicyRemoved:
-		o.appendRemovePasswordAgePolicyEvent(event)
-	case LockoutPolicyAdded:
-		err = o.appendAddLockoutPolicyEvent(event)
-	case LockoutPolicyChanged:
-		err = o.appendChangeLockoutPolicyEvent(event)
-	case LockoutPolicyRemoved:
-		o.appendRemoveLockoutPolicyEvent(event)
 	}
 	if err != nil {
 		return err
@@ -218,35 +100,6 @@ func (o *Org) SetData(event *es_models.Event) error {
 	return nil
 }
 
-func (o *Org) getMember(userID string) *OrgMember {
-	for _, member := range o.Members {
-		if member.UserID == userID {
-			return member
-		}
-	}
-	return nil
-}
-
-func (o *Org) setMember(member *OrgMember) {
-	for i, existingMember := range o.Members {
-		if existingMember.UserID == member.UserID {
-			o.Members[i] = member
-			return
-		}
-	}
-	o.Members = append(o.Members, member)
-}
-
-func (o *Org) removeMember(userID string) {
-	for i := len(o.Members) - 1; i >= 0; i-- {
-		if o.Members[i].UserID == userID {
-			copy(o.Members[i:], o.Members[i+1:])
-			o.Members[len(o.Members)-1] = nil
-			o.Members = o.Members[:len(o.Members)-1]
-		}
-	}
-}
-
 func (o *Org) Changes(changed *Org) map[string]interface{} {
 	changes := make(map[string]interface{}, 2)
 

internal/org/repository/eventsourcing/model/org_test.go

@@ -6,6 +6,7 @@ import (
 
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/org/model"
+	"github.com/caos/zitadel/internal/repository/org"
 )
 
 func TestOrgFromEvents(t *testing.T) {
@@ -22,7 +23,7 @@ func TestOrgFromEvents(t *testing.T) {
 			name: "org from events, ok",
 			args: args{
 				event: []*es_models.Event{
-					{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
+					{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
 				},
 				org: &Org{Name: "OrgName"},
 			},
@@ -32,7 +33,7 @@ func TestOrgFromEvents(t *testing.T) {
 			name: "org from events, nil org",
 			args: args{
 				event: []*es_models.Event{
-					{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
+					{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
 				},
 				org: nil,
 			},
@@ -66,7 +67,7 @@ func TestAppendEvent(t *testing.T) {
 		{
 			name: "append added event",
 			args: args{
-				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgAdded},
+				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgAddedEventType)},
 				org:   &Org{Name: "OrgName"},
 			},
 			result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive), Name: "OrgName"},
@@ -74,7 +75,7 @@ func TestAppendEvent(t *testing.T) {
 		{
 			name: "append change event",
 			args: args{
-				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgChanged, Data: []byte(`{"name": "OrgName}`)},
+				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgChangedEventType), Data: []byte(`{"name": "OrgName}`)},
 				org:   &Org{Name: "OrgNameChanged"},
 			},
 			result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive), Name: "OrgNameChanged"},
@@ -82,14 +83,14 @@ func TestAppendEvent(t *testing.T) {
 		{
 			name: "append deactivate event",
 			args: args{
-				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgDeactivated},
+				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgDeactivatedEventType)},
 			},
 			result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateInactive)},
 		},
 		{
 			name: "append reactivate event",
 			args: args{
-				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgReactivated},
+				event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: es_models.EventType(org.OrgReactivatedEventType)},
 			},
 			result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive)},
 		},

internal/org/repository/eventsourcing/model/password_age_policy.go

@@ -1,24 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddPasswordAgePolicyEvent(event *es_models.Event) error {
-	o.PasswordAgePolicy = new(iam_es_model.PasswordAgePolicy)
-	err := o.PasswordAgePolicy.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.PasswordAgePolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangePasswordAgePolicyEvent(event *es_models.Event) error {
-	return o.PasswordAgePolicy.SetData(event)
-}
-
-func (o *Org) appendRemovePasswordAgePolicyEvent(event *es_models.Event) {
-	o.PasswordAgePolicy = nil
-}

internal/org/repository/eventsourcing/model/password_age_policy_test.go

@@ -1,86 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	"testing"
-)
-
-func TestAppendAddPasswordAgePolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.PasswordAgePolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add password age policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 10},
-				event:  &es_models.Event{},
-			},
-			result: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 10}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddPasswordAgePolicyEvent(tt.args.event)
-			if tt.result.PasswordAgePolicy.MaxAgeDays != tt.args.org.PasswordAgePolicy.MaxAgeDays {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.MaxAgeDays, tt.args.org.PasswordAgePolicy.MaxAgeDays)
-			}
-		})
-	}
-}
-
-func TestAppendChangePasswordAgePolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.PasswordAgePolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change password age policy event",
-			args: args{
-				org: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
-					MaxAgeDays: 10,
-				}},
-				policy: &iam_es_model.PasswordAgePolicy{MaxAgeDays: 5, ExpireWarnDays: 10},
-				event:  &es_models.Event{},
-			},
-			result: &Org{PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
-				MaxAgeDays:     5,
-				ExpireWarnDays: 10,
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangePasswordAgePolicyEvent(tt.args.event)
-			if tt.result.PasswordAgePolicy.MaxAgeDays != tt.args.org.PasswordAgePolicy.MaxAgeDays {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.MaxAgeDays, tt.args.org.PasswordAgePolicy.MaxAgeDays)
-			}
-			if tt.result.PasswordAgePolicy.ExpireWarnDays != tt.args.org.PasswordAgePolicy.ExpireWarnDays {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordAgePolicy.ExpireWarnDays, tt.args.org.PasswordAgePolicy.ExpireWarnDays)
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/password_complexity_policy.go

@@ -1,24 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddPasswordComplexityPolicyEvent(event *es_models.Event) error {
-	o.PasswordComplexityPolicy = new(iam_es_model.PasswordComplexityPolicy)
-	err := o.PasswordComplexityPolicy.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.PasswordComplexityPolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangePasswordComplexityPolicyEvent(event *es_models.Event) error {
-	return o.PasswordComplexityPolicy.SetData(event)
-}
-
-func (o *Org) appendRemovePasswordComplexityPolicyEvent(event *es_models.Event) {
-	o.PasswordComplexityPolicy = nil
-}

internal/org/repository/eventsourcing/model/password_complexity_policy_test.go

@@ -1,86 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	"testing"
-)
-
-func TestAppendAddPasswordComplexityPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.PasswordComplexityPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add password complexity policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.PasswordComplexityPolicy{MinLength: 10},
-				event:  &es_models.Event{},
-			},
-			result: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{MinLength: 10}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddPasswordComplexityPolicyEvent(tt.args.event)
-			if tt.result.PasswordComplexityPolicy.MinLength != tt.args.org.PasswordComplexityPolicy.MinLength {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.MinLength, tt.args.org.PasswordComplexityPolicy.MinLength)
-			}
-		})
-	}
-}
-
-func TestAppendChangePasswordComplexityPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.PasswordComplexityPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change password complexity policy event",
-			args: args{
-				org: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
-					MinLength: 10,
-				}},
-				policy: &iam_es_model.PasswordComplexityPolicy{MinLength: 5, HasLowercase: true},
-				event:  &es_models.Event{},
-			},
-			result: &Org{PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
-				MinLength:    5,
-				HasLowercase: true,
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangePasswordComplexityPolicyEvent(tt.args.event)
-			if tt.result.PasswordComplexityPolicy.MinLength != tt.args.org.PasswordComplexityPolicy.MinLength {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.MinLength, tt.args.org.PasswordComplexityPolicy.MinLength)
-			}
-			if tt.result.PasswordComplexityPolicy.HasLowercase != tt.args.org.PasswordComplexityPolicy.HasLowercase {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.PasswordComplexityPolicy.HasLowercase, tt.args.org.PasswordComplexityPolicy.HasLowercase)
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/password_lockout_policy.go

@@ -1,24 +0,0 @@
-package model
-
-import (
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-)
-
-func (o *Org) appendAddLockoutPolicyEvent(event *es_models.Event) error {
-	o.LockoutPolicy = new(iam_es_model.LockoutPolicy)
-	err := o.LockoutPolicy.SetData(event)
-	if err != nil {
-		return err
-	}
-	o.LockoutPolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (o *Org) appendChangeLockoutPolicyEvent(event *es_models.Event) error {
-	return o.LockoutPolicy.SetData(event)
-}
-
-func (o *Org) appendRemoveLockoutPolicyEvent(event *es_models.Event) {
-	o.LockoutPolicy = nil
-}

internal/org/repository/eventsourcing/model/password_lockout_policy_test.go

@@ -1,86 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	"testing"
-)
-
-func TestAppendAddLockoutPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LockoutPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append add lockout policy event",
-			args: args{
-				org:    &Org{},
-				policy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 10},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 10}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendAddLockoutPolicyEvent(tt.args.event)
-			if tt.result.LockoutPolicy.MaxPasswordAttempts != tt.args.org.LockoutPolicy.MaxPasswordAttempts {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.MaxPasswordAttempts, tt.args.org.LockoutPolicy.MaxPasswordAttempts)
-			}
-		})
-	}
-}
-
-func TestAppendChangeLockoutPolicyEvent(t *testing.T) {
-	type args struct {
-		org    *Org
-		policy *iam_es_model.LockoutPolicy
-		event  *es_models.Event
-	}
-	tests := []struct {
-		name   string
-		args   args
-		result *Org
-	}{
-		{
-			name: "append change lockout policy event",
-			args: args{
-				org: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{
-					MaxPasswordAttempts: 10,
-				}},
-				policy: &iam_es_model.LockoutPolicy{MaxPasswordAttempts: 5, ShowLockOutFailures: true},
-				event:  &es_models.Event{},
-			},
-			result: &Org{LockoutPolicy: &iam_es_model.LockoutPolicy{
-				MaxPasswordAttempts: 5,
-				ShowLockOutFailures: true,
-			}},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.args.policy != nil {
-				data, _ := json.Marshal(tt.args.policy)
-				tt.args.event.Data = data
-			}
-			tt.args.org.appendChangeLockoutPolicyEvent(tt.args.event)
-			if tt.result.LockoutPolicy.MaxPasswordAttempts != tt.args.org.LockoutPolicy.MaxPasswordAttempts {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.MaxPasswordAttempts, tt.args.org.LockoutPolicy.MaxPasswordAttempts)
-			}
-			if tt.result.LockoutPolicy.ShowLockOutFailures != tt.args.org.LockoutPolicy.ShowLockOutFailures {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LockoutPolicy.ShowLockOutFailures, tt.args.org.LockoutPolicy.ShowLockOutFailures)
-			}
-		})
-	}
-}

internal/org/repository/eventsourcing/model/types.go

@@ -1,99 +0,0 @@
-package model
-
-import "github.com/caos/zitadel/internal/eventstore/v1/models"
-
-const (
-	OrgAggregate       models.AggregateType = "org"
-	OrgDomainAggregate models.AggregateType = "org.domain"
-	OrgNameAggregate   models.AggregateType = "org.name"
-
-	OrgAdded                    models.EventType = "org.added"
-	OrgChanged                  models.EventType = "org.changed"
-	OrgDeactivated              models.EventType = "org.deactivated"
-	OrgReactivated              models.EventType = "org.reactivated"
-	OrgRemoved                  models.EventType = "org.removed"
-	OrgDomainAdded              models.EventType = "org.domain.added"
-	OrgDomainVerificationAdded  models.EventType = "org.domain.verification.added"
-	OrgDomainVerificationFailed models.EventType = "org.domain.verification.failed"
-	OrgDomainVerified           models.EventType = "org.domain.verified"
-	OrgDomainRemoved            models.EventType = "org.domain.removed"
-	OrgDomainPrimarySet         models.EventType = "org.domain.primary.set"
-
-	OrgNameReserved models.EventType = "org.name.reserved"
-	OrgNameReleased models.EventType = "org.name.released"
-
-	OrgDomainReserved models.EventType = "org.domain.reserved"
-	OrgDomainReleased models.EventType = "org.domain.released"
-
-	OrgMemberAdded          models.EventType = "org.member.added"
-	OrgMemberChanged        models.EventType = "org.member.changed"
-	OrgMemberRemoved        models.EventType = "org.member.removed"
-	OrgMemberCascadeRemoved models.EventType = "org.member.cascade.removed"
-
-	DomainPolicyAdded   models.EventType = "org.policy.domain.added"
-	DomainPolicyChanged models.EventType = "org.policy.domain.changed"
-	DomainPolicyRemoved models.EventType = "org.policy.domain.removed"
-
-	IDPConfigAdded       models.EventType = "org.idp.config.added"
-	IDPConfigChanged     models.EventType = "org.idp.config.changed"
-	IDPConfigRemoved     models.EventType = "org.idp.config.removed"
-	IDPConfigDeactivated models.EventType = "org.idp.config.deactivated"
-	IDPConfigReactivated models.EventType = "org.idp.config.reactivated"
-
-	OIDCIDPConfigAdded   models.EventType = "org.idp.oidc.config.added"
-	OIDCIDPConfigChanged models.EventType = "org.idp.oidc.config.changed"
-
-	SAMLIDPConfigAdded   models.EventType = "org.idp.saml.config.added"
-	SAMLIDPConfigChanged models.EventType = "org.idp.saml.config.changed"
-
-	LoginPolicyAdded                     models.EventType = "org.policy.login.added"
-	LoginPolicyChanged                   models.EventType = "org.policy.login.changed"
-	LoginPolicyRemoved                   models.EventType = "org.policy.login.removed"
-	LoginPolicyIDPProviderAdded          models.EventType = "org.policy.login.idpprovider.added"
-	LoginPolicyIDPProviderRemoved        models.EventType = "org.policy.login.idpprovider.removed"
-	LoginPolicyIDPProviderCascadeRemoved models.EventType = "org.policy.login.idpprovider.cascade.removed"
-	LoginPolicySecondFactorAdded         models.EventType = "org.policy.login.secondfactor.added"
-	LoginPolicySecondFactorRemoved       models.EventType = "org.policy.login.secondfactor.removed"
-	LoginPolicyMultiFactorAdded          models.EventType = "org.policy.login.multifactor.added"
-	LoginPolicyMultiFactorRemoved        models.EventType = "org.policy.login.multifactor.removed"
-
-	LabelPolicyAdded           models.EventType = "org.policy.label.added"
-	LabelPolicyChanged         models.EventType = "org.policy.label.changed"
-	LabelPolicyActivated       models.EventType = "org.policy.label.activated"
-	LabelPolicyRemoved         models.EventType = "org.policy.label.removed"
-	LabelPolicyLogoAdded       models.EventType = "org.policy.label.logo.added"
-	LabelPolicyLogoRemoved     models.EventType = "org.policy.label.logo.removed"
-	LabelPolicyIconAdded       models.EventType = "org.policy.label.icon.added"
-	LabelPolicyIconRemoved     models.EventType = "org.policy.label.icon.removed"
-	LabelPolicyLogoDarkAdded   models.EventType = "org.policy.label.logo.dark.added"
-	LabelPolicyLogoDarkRemoved models.EventType = "org.policy.label.logo.dark.removed"
-	LabelPolicyIconDarkAdded   models.EventType = "org.policy.label.icon.dark.added"
-	LabelPolicyIconDarkRemoved models.EventType = "org.policy.label.icon.dark.removed"
-	LabelPolicyFontAdded       models.EventType = "org.policy.label.font.added"
-	LabelPolicyFontRemoved     models.EventType = "org.policy.label.font.removed"
-	LabelPolicyAssetsRemoved   models.EventType = "org.policy.label.assets.removed"
-
-	MailTemplateAdded   models.EventType = "org.mail.template.added"
-	MailTemplateChanged models.EventType = "org.mail.template.changed"
-	MailTemplateRemoved models.EventType = "org.mail.template.removed"
-
-	CustomTextSet            models.EventType = "org.customtext.set"
-	CustomTextRemoved        models.EventType = "org.customtext.removed"
-	CustomTextMessageRemoved models.EventType = "org.customtext.template.removed"
-
-	PasswordComplexityPolicyAdded   models.EventType = "org.policy.password.complexity.added"
-	PasswordComplexityPolicyChanged models.EventType = "org.policy.password.complexity.changed"
-	PasswordComplexityPolicyRemoved models.EventType = "org.policy.password.complexity.removed"
-
-	PasswordAgePolicyAdded   models.EventType = "org.policy.password.age.added"
-	PasswordAgePolicyChanged models.EventType = "org.policy.password.age.changed"
-	PasswordAgePolicyRemoved models.EventType = "org.policy.password.age.removed"
-
-	LockoutPolicyAdded   models.EventType = "org.policy.lockout.added"
-	LockoutPolicyChanged models.EventType = "org.policy.lockout.changed"
-	LockoutPolicyRemoved models.EventType = "org.policy.lockout.removed"
-
-	PrivacyPolicyAdded   models.EventType = "org.policy.privacy.added"
-	PrivacyPolicyChanged models.EventType = "org.policy.privacy.changed"
-	PrivacyPolicyRemoved models.EventType = "org.policy.privacy.removed"
-)

internal/org/repository/view/model/org_member.go

@@ -1,95 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/caos/logging"
-	"github.com/lib/pq"
-
-	"github.com/caos/zitadel/internal/domain"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	"github.com/caos/zitadel/internal/org/model"
-	es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
-)
-
-const (
-	OrgMemberKeyUserID    = "user_id"
-	OrgMemberKeyOrgID     = "org_id"
-	OrgMemberKeyUserName  = "user_name"
-	OrgMemberKeyEmail     = "email"
-	OrgMemberKeyFirstName = "first_name"
-	OrgMemberKeyLastName  = "last_name"
-)
-
-type OrgMemberView struct {
-	UserID             string         `json:"userId" gorm:"column:user_id;primary_key"`
-	OrgID              string         `json:"-" gorm:"column:org_id;primary_key"`
-	UserName           string         `json:"-" gorm:"column:user_name"`
-	Email              string         `json:"-" gorm:"column:email_address"`
-	FirstName          string         `json:"-" gorm:"column:first_name"`
-	LastName           string         `json:"-" gorm:"column:last_name"`
-	DisplayName        string         `json:"-" gorm:"column:display_name"`
-	Roles              pq.StringArray `json:"roles" gorm:"column:roles"`
-	Sequence           uint64         `json:"-" gorm:"column:sequence"`
-	PreferredLoginName string         `json:"-" gorm:"column:preferred_login_name"`
-	AvatarKey          string         `json:"-" gorm:"column:avatar_key"`
-	UserResourceOwner  string         `json:"-" gorm:"column:user_resource_owner"`
-
-	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
-	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
-}
-
-func OrgMemberToModel(member *OrgMemberView, prefixAvatarURL string) *model.OrgMemberView {
-	return &model.OrgMemberView{
-		UserID:             member.UserID,
-		OrgID:              member.OrgID,
-		UserName:           member.UserName,
-		Email:              member.Email,
-		FirstName:          member.FirstName,
-		LastName:           member.LastName,
-		DisplayName:        member.DisplayName,
-		PreferredLoginName: member.PreferredLoginName,
-		Roles:              member.Roles,
-		AvatarURL:          domain.AvatarURL(prefixAvatarURL, member.UserResourceOwner, member.AvatarKey),
-		UserResourceOwner:  member.UserResourceOwner,
-		Sequence:           member.Sequence,
-		CreationDate:       member.CreationDate,
-		ChangeDate:         member.ChangeDate,
-	}
-}
-
-func OrgMembersToModel(roles []*OrgMemberView, prefixAvatarURL string) []*model.OrgMemberView {
-	result := make([]*model.OrgMemberView, len(roles))
-	for i, r := range roles {
-		result[i] = OrgMemberToModel(r, prefixAvatarURL)
-	}
-	return result
-}
-
-func (r *OrgMemberView) AppendEvent(event *models.Event) (err error) {
-	r.Sequence = event.Sequence
-	r.ChangeDate = event.CreationDate
-	switch event.Type {
-	case es_model.OrgMemberAdded:
-		r.setRootData(event)
-		r.CreationDate = event.CreationDate
-		err = r.SetData(event)
-	case es_model.OrgMemberChanged:
-		err = r.SetData(event)
-	}
-	return err
-}
-
-func (r *OrgMemberView) setRootData(event *models.Event) {
-	r.OrgID = event.AggregateID
-}
-
-func (r *OrgMemberView) SetData(event *models.Event) error {
-	if err := json.Unmarshal(event.Data, r); err != nil {
-		logging.Log("EVEN-slo9s").WithError(err).Error("could not unmarshal event data")
-		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
-	}
-	return nil
-}

internal/org/repository/view/model/org_member_query.go

@@ -1,69 +0,0 @@
-package model
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	org_model "github.com/caos/zitadel/internal/org/model"
-	"github.com/caos/zitadel/internal/view/repository"
-)
-
-type OrgMemberSearchRequest org_model.OrgMemberSearchRequest
-type OrgMemberSearchQuery org_model.OrgMemberSearchQuery
-type OrgMemberSearchKey org_model.OrgMemberSearchKey
-
-func (req OrgMemberSearchRequest) GetLimit() uint64 {
-	return req.Limit
-}
-
-func (req OrgMemberSearchRequest) GetOffset() uint64 {
-	return req.Offset
-}
-
-func (req OrgMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == org_model.OrgMemberSearchKeyUnspecified {
-		return nil
-	}
-	return OrgMemberSearchKey(req.SortingColumn)
-}
-
-func (req OrgMemberSearchRequest) GetAsc() bool {
-	return req.Asc
-}
-
-func (req OrgMemberSearchRequest) GetQueries() []repository.SearchQuery {
-	result := make([]repository.SearchQuery, len(req.Queries))
-	for i, q := range req.Queries {
-		result[i] = OrgMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
-	}
-	return result
-}
-
-func (req OrgMemberSearchQuery) GetKey() repository.ColumnKey {
-	return OrgMemberSearchKey(req.Key)
-}
-
-func (req OrgMemberSearchQuery) GetMethod() domain.SearchMethod {
-	return req.Method
-}
-
-func (req OrgMemberSearchQuery) GetValue() interface{} {
-	return req.Value
-}
-
-func (key OrgMemberSearchKey) ToColumnName() string {
-	switch org_model.OrgMemberSearchKey(key) {
-	case org_model.OrgMemberSearchKeyEmail:
-		return OrgMemberKeyEmail
-	case org_model.OrgMemberSearchKeyFirstName:
-		return OrgMemberKeyFirstName
-	case org_model.OrgMemberSearchKeyLastName:
-		return OrgMemberKeyLastName
-	case org_model.OrgMemberSearchKeyUserName:
-		return OrgMemberKeyUserName
-	case org_model.OrgMemberSearchKeyUserID:
-		return OrgMemberKeyUserID
-	case org_model.OrgMemberSearchKeyOrgID:
-		return OrgMemberKeyOrgID
-	default:
-		return ""
-	}
-}