feat: Login, OP Support and Auth Queries (#177)

* fix: change oidc config * fix: change oidc config secret * begin models * begin repo * fix: implement grpc app funcs * fix: add application requests * fix: converter * fix: converter * fix: converter and generate clientid * fix: tests * feat: project grant aggregate * feat: project grant * fix: project grant check if role existing * fix: project grant requests * fix: project grant fixes * fix: project grant member model * fix: project grant member aggregate * fix: project grant member eventstore * fix: project grant member requests * feat: user model * begin repo * repo models and more * feat: user command side * lots of functions * user command side * profile requests * commit before rebase on user * save * local config with gopass and more * begin new auth command (user centric) * Update internal/user/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/address.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/address.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/mfa.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/mfa.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/model/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/model/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/user_test.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/eventstore_mock_test.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * changes from mr review * save files into basedir * changes from mr review * changes from mr review * move to auth request * Update internal/usergrant/repository/eventsourcing/cache.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/usergrant/repository/eventsourcing/cache.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * changes requested on mr * fix generate codes * fix return if no events * password code * email verification step * more steps * lot of mfa * begin tests * more next steps * auth api * auth api (user) * auth api (user) * auth api (user) * differ requests * merge * tests * fix compilation error * mock for id generator * Update internal/user/repository/eventsourcing/model/password.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * requests of mr * check email * begin separation of command and query * otp * change packages * some cleanup and fixes * tests for auth request / next steps * add VerificationLifetimes to config and make it run * tests * fix code challenge validation * cleanup * fix merge * begin view * repackaging tests and configs * fix startup config for auth * add migration * add PromptSelectAccount * fix copy / paste * remove user_agent files * fixes * fix sequences in user_session * token commands * token queries and signout * fix * fix set password test * add token handler and table * handle session init * add session state * add user view test cases * change VerifyMyMfaOTP * some fixes * fix user repo in auth api * cleanup * add user session view test * fix merge * begin oidc * user agent and more * config * keys * key command and query * add login statics * key handler * start login * login handlers * lot of fixes * merge oidc * add missing exports * add missing exports * fix some bugs * authrequestid in htmls * getrequest * update auth request * fix userid check * add username to authrequest * fix user session and auth request handling * fix UserSessionsByAgentID * fix auth request tests * fix user session on UserPasswordChanged and MfaOtpRemoved * fix MfaTypesSetupPossible * handle mfa * fill username * auth request query checks new events * fix userSessionByIDs * fix tokens * fix userSessionByIDs test * add user selection * init code * user code creation date * add init user step * add verification failed types * add verification failures * verify init code * user init code handle * user init code handle * fix userSessionByIDs * update logging * user agent cookie * browserinfo from request * add DeleteAuthRequest * add static login files to binary * add login statik to build * move generate to separate file and remove statik.go files * remove static dirs from startup.yaml * generate into separate namespaces * merge master * auth request code * auth request type mapping * fix keys * improve tokens * improve register and basic styling * fix ailerons font * improve password reset * add audience to token * all oidc apps as audience * fix test nextStep * fix email texts * remove "not set" * lot of style changes * improve copy to clipboard * fix footer * add cookie handler * remove placeholders * fix compilation after merge * fix auth config * remove comments * typo * use new secrets store * change default pws to match default policy * fixes * add todo * enable login * fix db name * Auth queries (#179) * my usersession * org structure/ auth handlers * working user grant spooler * auth internal user grants * search my project orgs * remove permissions file * my zitadel permissions * my zitadel permissions * remove unused code * authz * app searches in view * token verification * fix user grant load * fix tests * fix tests * read configs * remove unused const * remove todos * env variables * app_name * working authz * search projects * global resourceowner * Update internal/api/auth/permissions.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/api/auth/permissions.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * model2 rename * at least it works * check token expiry * search my user grants * remove token table from authz Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix test * fix ports and enable console Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-11 21:37:32 +00:00 · 2020-06-05 07:50:04 +02:00
parent 46b60a6968
commit 8a5badddf6
293 changed files with 14189 additions and 3176 deletions
--- a/internal/auth_request/repository/cache/cache.go
+++ b/internal/auth_request/repository/cache/cache.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"errors"
+	"fmt"

 	"github.com/caos/zitadel/internal/auth_request/model"
 	"github.com/caos/zitadel/internal/config/types"
@@ -34,34 +35,62 @@ func (c *AuthRequestCache) Health(ctx context.Context) error {
 }

 func (c *AuthRequestCache) GetAuthRequestByID(_ context.Context, id string) (*model.AuthRequest, error) {
+	return c.getAuthRequest("id", id)
+}
+
+func (c *AuthRequestCache) GetAuthRequestByCode(_ context.Context, code string) (*model.AuthRequest, error) {
+	return c.getAuthRequest("code", code)
+}
+
+func (c *AuthRequestCache) SaveAuthRequest(_ context.Context, request *model.AuthRequest) error {
+	return c.saveAuthRequest(request, "INSERT INTO auth.auth_requests (id, request, request_type) VALUES($1, $2, $3)", request.Request.Type())
+}
+
+func (c *AuthRequestCache) UpdateAuthRequest(_ context.Context, request *model.AuthRequest) error {
+	return c.saveAuthRequest(request, "UPDATE auth.auth_requests SET request = $2, code = $3 WHERE id = $1", request.Code)
+}
+
+func (c *AuthRequestCache) DeleteAuthRequest(_ context.Context, id string) error {
+	_, err := c.client.Exec("DELETE FROM auth.auth_requests WHERE id = $1", id)
+	if err != nil {
+		return caos_errs.ThrowInternal(err, "CACHE-dsHw3", "unable to delete auth request")
+	}
+	return nil
+}
+
+func (c *AuthRequestCache) getAuthRequest(key, value string) (*model.AuthRequest, error) {
 	var b []byte
-	err := c.client.QueryRow("SELECT request FROM auth.authrequests WHERE id = ?", id).Scan(&b)
+	var requestType model.AuthRequestType
+	query := fmt.Sprintf("SELECT request, request_type FROM auth.auth_requests WHERE %s = $1", key)
+	err := c.client.QueryRow(query, value).Scan(&b, &requestType)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, caos_errs.ThrowNotFound(err, "CACHE-d24aD", "auth request not found")
 		}
 		return nil, caos_errs.ThrowInternal(err, "CACHE-as3kj", "unable to get auth request from database")
 	}
-	request := new(model.AuthRequest)
-	err = json.Unmarshal(b, &request)
+	request, err := model.NewAuthRequestFromType(requestType)
+	if err == nil {
+		err = json.Unmarshal(b, request)
+	}
 	if err != nil {
 		return nil, caos_errs.ThrowInternal(err, "CACHE-2wshg", "unable to unmarshal auth request")
 	}
 	return request, nil
 }

-func (c *AuthRequestCache) SaveAuthRequest(_ context.Context, request *model.AuthRequest) error {
+func (c *AuthRequestCache) saveAuthRequest(request *model.AuthRequest, query string, param interface{}) error {
 	b, err := json.Marshal(request)
 	if err != nil {
-		return caos_errs.ThrowInternal(err, "CACHE-32FH9", "unable to marshal auth request")
+		return caos_errs.ThrowInternal(err, "CACHE-os0GH", "unable to marshal auth request")
 	}
-	stmt, err := c.client.Prepare("INSERT INTO auth.authrequests (id, request) VALUES($1, $2)")
+	stmt, err := c.client.Prepare(query)
 	if err != nil {
-		return caos_errs.ThrowInternal(err, "CACHE-dswfF", "sql prepare failed")
+		return caos_errs.ThrowInternal(err, "CACHE-su3GK", "sql prepare failed")
 	}
-	_, err = stmt.Exec(request.ID, b)
+	_, err = stmt.Exec(request.ID, b, param)
 	if err != nil {
-		return caos_errs.ThrowInternal(err, "CACHE-sw4af", "unable to save auth request")
+		return caos_errs.ThrowInternal(err, "CACHE-sj8iS", "unable to save auth request")
 	}
 	return nil
 }
--- a/internal/auth_request/repository/gen_mock.go
+++ b/internal/auth_request/repository/gen_mock.go
@@ -1,3 +1,3 @@
 package repository

-//go:generate mockgen -package mock -destination ./mock/repository.mock.go github.com/caos/zitadel/internal/auth_request/repository Repository
+//go:generate mockgen -package mock -destination ./mock/repository.mock.go github.com/caos/zitadel/internal/auth_request/repository AuthRequestCache
--- a/internal/auth_request/repository/mock/repository.go
+++ b/internal/auth_request/repository/mock/repository.go
@@ -1,12 +0,0 @@
-package mock
-
-import (
-	"github.com/golang/mock/gomock"
-
-	"github.com/caos/zitadel/internal/auth_request/repository"
-)
-
-func NewMockAuthRequestRepository(ctrl *gomock.Controller) repository.Repository {
-	repo := NewMockRepository(ctrl)
-	return repo
-}
--- a/internal/auth_request/repository/mock/repository.mock.go
+++ b/internal/auth_request/repository/mock/repository.mock.go
@@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/caos/zitadel/internal/auth_request/repository (interfaces: Repository)
+// Source: github.com/caos/zitadel/internal/auth_request/repository (interfaces: AuthRequestCache)

 // Package mock is a generated GoMock package.
 package mock
@@ -11,31 +11,60 @@ import (
 	reflect "reflect"
 )

-// MockRepository is a mock of Repository interface
-type MockRepository struct {
+// MockAuthRequestCache is a mock of AuthRequestCache interface
+type MockAuthRequestCache struct {
 	ctrl     *gomock.Controller
-	recorder *MockRepositoryMockRecorder
+	recorder *MockAuthRequestCacheMockRecorder
 }

-// MockRepositoryMockRecorder is the mock recorder for MockRepository
-type MockRepositoryMockRecorder struct {
-	mock *MockRepository
+// MockAuthRequestCacheMockRecorder is the mock recorder for MockAuthRequestCache
+type MockAuthRequestCacheMockRecorder struct {
+	mock *MockAuthRequestCache
 }

-// NewMockRepository creates a new mock instance
-func NewMockRepository(ctrl *gomock.Controller) *MockRepository {
-	mock := &MockRepository{ctrl: ctrl}
-	mock.recorder = &MockRepositoryMockRecorder{mock}
+// NewMockAuthRequestCache creates a new mock instance
+func NewMockAuthRequestCache(ctrl *gomock.Controller) *MockAuthRequestCache {
+	mock := &MockAuthRequestCache{ctrl: ctrl}
+	mock.recorder = &MockAuthRequestCacheMockRecorder{mock}
 	return mock
 }

 // EXPECT returns an object that allows the caller to indicate expected use
-func (m *MockRepository) EXPECT() *MockRepositoryMockRecorder {
+func (m *MockAuthRequestCache) EXPECT() *MockAuthRequestCacheMockRecorder {
 	return m.recorder
 }

+// DeleteAuthRequest mocks base method
+func (m *MockAuthRequestCache) DeleteAuthRequest(arg0 context.Context, arg1 string) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "DeleteAuthRequest", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// DeleteAuthRequest indicates an expected call of DeleteAuthRequest
+func (mr *MockAuthRequestCacheMockRecorder) DeleteAuthRequest(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteAuthRequest", reflect.TypeOf((*MockAuthRequestCache)(nil).DeleteAuthRequest), arg0, arg1)
+}
+
+// GetAuthRequestByCode mocks base method
+func (m *MockAuthRequestCache) GetAuthRequestByCode(arg0 context.Context, arg1 string) (*model.AuthRequest, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetAuthRequestByCode", arg0, arg1)
+	ret0, _ := ret[0].(*model.AuthRequest)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetAuthRequestByCode indicates an expected call of GetAuthRequestByCode
+func (mr *MockAuthRequestCacheMockRecorder) GetAuthRequestByCode(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAuthRequestByCode", reflect.TypeOf((*MockAuthRequestCache)(nil).GetAuthRequestByCode), arg0, arg1)
+}
+
 // GetAuthRequestByID mocks base method
-func (m *MockRepository) GetAuthRequestByID(arg0 context.Context, arg1 string) (*model.AuthRequest, error) {
+func (m *MockAuthRequestCache) GetAuthRequestByID(arg0 context.Context, arg1 string) (*model.AuthRequest, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAuthRequestByID", arg0, arg1)
 	ret0, _ := ret[0].(*model.AuthRequest)
@@ -44,13 +73,13 @@ func (m *MockRepository) GetAuthRequestByID(arg0 context.Context, arg1 string) (
 }

 // GetAuthRequestByID indicates an expected call of GetAuthRequestByID
-func (mr *MockRepositoryMockRecorder) GetAuthRequestByID(arg0, arg1 interface{}) *gomock.Call {
+func (mr *MockAuthRequestCacheMockRecorder) GetAuthRequestByID(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAuthRequestByID", reflect.TypeOf((*MockRepository)(nil).GetAuthRequestByID), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAuthRequestByID", reflect.TypeOf((*MockAuthRequestCache)(nil).GetAuthRequestByID), arg0, arg1)
 }

 // Health mocks base method
-func (m *MockRepository) Health(arg0 context.Context) error {
+func (m *MockAuthRequestCache) Health(arg0 context.Context) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Health", arg0)
 	ret0, _ := ret[0].(error)
@@ -58,22 +87,35 @@ func (m *MockRepository) Health(arg0 context.Context) error {
 }

 // Health indicates an expected call of Health
-func (mr *MockRepositoryMockRecorder) Health(arg0 interface{}) *gomock.Call {
+func (mr *MockAuthRequestCacheMockRecorder) Health(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockRepository)(nil).Health), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockAuthRequestCache)(nil).Health), arg0)
 }

 // SaveAuthRequest mocks base method
-func (m *MockRepository) SaveAuthRequest(arg0 context.Context, arg1 string) (*model.AuthRequest, error) {
+func (m *MockAuthRequestCache) SaveAuthRequest(arg0 context.Context, arg1 *model.AuthRequest) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SaveAuthRequest", arg0, arg1)
-	ret0, _ := ret[0].(*model.AuthRequest)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
+	ret0, _ := ret[0].(error)
+	return ret0
 }

 // SaveAuthRequest indicates an expected call of SaveAuthRequest
-func (mr *MockRepositoryMockRecorder) SaveAuthRequest(arg0, arg1 interface{}) *gomock.Call {
+func (mr *MockAuthRequestCacheMockRecorder) SaveAuthRequest(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveAuthRequest", reflect.TypeOf((*MockRepository)(nil).SaveAuthRequest), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SaveAuthRequest", reflect.TypeOf((*MockAuthRequestCache)(nil).SaveAuthRequest), arg0, arg1)
+}
+
+// UpdateAuthRequest mocks base method
+func (m *MockAuthRequestCache) UpdateAuthRequest(arg0 context.Context, arg1 *model.AuthRequest) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "UpdateAuthRequest", arg0, arg1)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// UpdateAuthRequest indicates an expected call of UpdateAuthRequest
+func (mr *MockAuthRequestCacheMockRecorder) UpdateAuthRequest(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAuthRequest", reflect.TypeOf((*MockAuthRequestCache)(nil).UpdateAuthRequest), arg0, arg1)
 }
--- a/internal/auth_request/repository/repository.go
+++ b/internal/auth_request/repository/repository.go
@@ -6,9 +6,12 @@ import (
 	"github.com/caos/zitadel/internal/auth_request/model"
 )

-type Repository interface {
+type AuthRequestCache interface {
 	Health(ctx context.Context) error

 	GetAuthRequestByID(ctx context.Context, id string) (*model.AuthRequest, error)
-	SaveAuthRequest(ctx context.Context, id string) (*model.AuthRequest, error)
+	GetAuthRequestByCode(ctx context.Context, code string) (*model.AuthRequest, error)
+	SaveAuthRequest(ctx context.Context, request *model.AuthRequest) error
+	UpdateAuthRequest(ctx context.Context, request *model.AuthRequest) error
+	DeleteAuthRequest(ctx context.Context, id string) error
 }