fix: uniqueness (#1710)

* fix: uniqueconstraint to lower * feat: change org * feat: org change test * feat: change org * fix: tests * fix: handle domain claims correctly * feat: update org Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-10-09 11:12:01 +00:00 · 2021-05-04 11:09:24 +02:00
parent 667cc30291
commit 87c1dfa3aa
28 changed files with 607 additions and 50 deletions
--- a/internal/ui/login/handler/login.go
+++ b/internal/ui/login/handler/login.go
@@ -2,11 +2,14 @@ package handler

 import (
 	"context"
-	"github.com/caos/zitadel/internal/command"
-	"github.com/caos/zitadel/internal/query"
 	"net"
 	"net/http"

+	"github.com/caos/zitadel/internal/command"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/query"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+
 	"github.com/caos/logging"
 	"github.com/gorilla/csrf"
 	"github.com/rakyll/statik/fs"
@@ -36,6 +39,7 @@ type Login struct {
 	zitadelURL          string
 	oidcAuthCallbackURL string
 	IDPConfigAesCrypto  crypto.EncryptionAlgorithm
+	iamDomain           string
 }

 type Config struct {
@@ -73,6 +77,7 @@ func CreateLogin(config Config, command *command.Commands, query *query.Queries,
 		query:               query,
 		authRepo:            authRepo,
 		IDPConfigAesCrypto:  aesCrypto,
+		iamDomain:           systemDefaults.Domain,
 	}
 	prefix := ""
 	if localDevMode {
@@ -148,6 +153,31 @@ func (l *Login) Listen(ctx context.Context) {
 	}()
 }

+func (l *Login) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgName string) ([]string, error) {
+	users, err := l.authRepo.SearchUsers(ctx, &usr_model.UserSearchRequest{
+		Queries: []*usr_model.UserSearchQuery{
+			{
+				Key:    usr_model.UserSearchKeyPreferredLoginName,
+				Method: domain.SearchMethodEndsWithIgnoreCase,
+				Value:  domain.NewIAMDomainName(orgName, l.iamDomain),
+			},
+			{
+				Key:    usr_model.UserSearchKeyResourceOwner,
+				Method: domain.SearchMethodNotEquals,
+				Value:  authz.GetCtxData(ctx).OrgID,
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	userIDs := make([]string, len(users.Result))
+	for i, user := range users.Result {
+		userIDs[i] = user.ID
+	}
+	return userIDs, nil
+}
+
 func setContext(ctx context.Context, resourceOwner string) context.Context {
 	data := authz.CtxData{
 		UserID: login,
--- a/internal/ui/login/handler/register_org_handler.go
+++ b/internal/ui/login/handler/register_org_handler.go
@@ -1,9 +1,10 @@
 package handler

 import (
-	"github.com/caos/zitadel/internal/domain"
 	"net/http"

+	"github.com/caos/zitadel/internal/domain"
+
 	caos_errs "github.com/caos/zitadel/internal/errors"
 )

@@ -58,7 +59,13 @@ func (l *Login) handleRegisterOrgCheck(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	_, err = l.command.SetUpOrg(setContext(r.Context(), ""), data.toOrgDomain(), data.toUserDomain())
+	ctx := setContext(r.Context(), "")
+	userIDs, err := l.getClaimedUserIDsOfOrgDomain(ctx, data.RegisterOrgName)
+	if err != nil {
+		l.renderRegisterOrg(w, r, authRequest, data, err)
+		return
+	}
+	_, err = l.command.SetUpOrg(ctx, data.toOrgDomain(), data.toUserDomain(), userIDs)
 	if err != nil {
 		l.renderRegisterOrg(w, r, authRequest, data, err)
 		return