feat: Login, OP Support and Auth Queries (#177)

* fix: change oidc config

* fix: change oidc config secret

* begin models

* begin repo

* fix: implement grpc app funcs

* fix: add application requests

* fix: converter

* fix: converter

* fix: converter and generate clientid

* fix: tests

* feat: project grant aggregate

* feat: project grant

* fix: project grant check if role existing

* fix: project grant requests

* fix: project grant fixes

* fix: project grant member model

* fix: project grant member aggregate

* fix: project grant member eventstore

* fix: project grant member requests

* feat: user model

* begin repo

* repo models and more

* feat: user command side

* lots of functions

* user command side

* profile requests

* commit before rebase on user

* save

* local config with gopass and more

* begin new auth command (user centric)

* Update internal/user/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/address.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/address.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/mfa.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/mfa.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/model/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/model/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/user_test.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/eventstore_mock_test.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* changes from mr review

* save files into basedir

* changes from mr review

* changes from mr review

* move to auth request

* Update internal/usergrant/repository/eventsourcing/cache.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/usergrant/repository/eventsourcing/cache.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* changes requested on mr

* fix generate codes

* fix return if no events

* password code

* email verification step

* more steps

* lot of mfa

* begin tests

* more next steps

* auth api

* auth api (user)

* auth api (user)

* auth api (user)

* differ requests

* merge

* tests

* fix compilation error

* mock for id generator

* Update internal/user/repository/eventsourcing/model/password.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* requests of mr

* check email

* begin separation of command and query

* otp

* change packages

* some cleanup and fixes

* tests for auth request / next steps

* add VerificationLifetimes to config and make it run

* tests

* fix code challenge validation

* cleanup

* fix merge

* begin view

* repackaging tests and configs

* fix startup config for auth

* add migration

* add PromptSelectAccount

* fix copy / paste

* remove user_agent files

* fixes

* fix sequences in user_session

* token commands

* token queries and signout

* fix

* fix set password test

* add token handler and table

* handle session init

* add session state

* add user view test cases

* change VerifyMyMfaOTP

* some fixes

* fix user repo in auth api

* cleanup

* add user session view test

* fix merge

* begin oidc

* user agent and more

* config

* keys

* key command and query

* add login statics

* key handler

* start login

* login handlers

* lot of fixes

* merge oidc

* add missing exports

* add missing exports

* fix some bugs

* authrequestid in htmls

* getrequest

* update auth request

* fix userid check

* add username to authrequest

* fix user session and auth request handling

* fix UserSessionsByAgentID

* fix auth request tests

* fix user session on UserPasswordChanged and MfaOtpRemoved

* fix MfaTypesSetupPossible

* handle mfa

* fill username

* auth request query checks new events

* fix userSessionByIDs

* fix tokens

* fix userSessionByIDs test

* add user selection

* init code

* user code creation date

* add init user step

* add verification failed types

* add verification failures

* verify init code

* user init code handle

* user init code handle

* fix userSessionByIDs

* update logging

* user agent cookie

* browserinfo from request

* add DeleteAuthRequest

* add static login files to binary

* add login statik to build

* move generate to separate file and remove statik.go files

* remove static dirs from startup.yaml

* generate into separate namespaces

* merge master

* auth request code

* auth request type mapping

* fix keys

* improve tokens

* improve register and basic styling

* fix ailerons font

* improve password reset

* add audience to token

* all oidc apps as audience

* fix test nextStep

* fix email texts

* remove "not set"

* lot of style changes

* improve copy to clipboard

* fix footer

* add cookie handler

* remove placeholders

* fix compilation after merge

* fix auth config

* remove comments

* typo

* use new secrets store

* change default pws to match default policy

* fixes

* add todo

* enable login

* fix db name

* Auth queries (#179)

* my usersession

* org structure/ auth handlers

* working user grant spooler

* auth internal user grants

* search my project orgs

* remove permissions file

* my zitadel permissions

* my zitadel permissions

* remove unused code

* authz

* app searches in view

* token verification

* fix user grant load

* fix tests

* fix tests

* read configs

* remove unused const

* remove todos

* env variables

* app_name

* working authz

* search projects

* global resourceowner

* Update internal/api/auth/permissions.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/api/auth/permissions.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* model2 rename

* at least it works

* check token expiry

* search my user grants

* remove token table from authz

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix test

* fix ports and enable console

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

internal/login/static/resources/themes/scss/caos/dark.scss

@@ -0,0 +1,3 @@
+@import "../variables.scss";
+@import "./variables.scss";
+@import "../main.scss";

internal/login/static/resources/themes/scss/caos/light.scss

@@ -0,0 +1,4 @@
+@import "../variables.scss";
+@import "./variables.scss";
+@import "../main.scss";
+@import "../light.scss";

internal/login/static/resources/themes/scss/caos/variables.scss

@@ -0,0 +1,24 @@
+$logoImgDark: "../logo-dark.png";
+$logoImgLight: "../logo-light.png";
+
+$footerimgDark: "../gradientdeco-full.svg";
+$footerimgLight: "../gradientdeco-full.svg";
+
+// ----- FONTS ------------
+$standardFont: Lato;
+$headerFont: Aileron;
+
+// ----- COLORS ------------
+
+// ------ DARK-THEME -------
+$backgroundColor: #282828;
+$fontColor: white;
+$primaryColor: #760038;
+$primaryColorHover: lighten($primaryColor, 25%);
+
+
+// ------ LIGHT-THEME -------
+$backgroundColorLight: $fontColor;
+$fontColorLight: $backgroundColor;
+$primaryColorLight: $primaryColor;
+$primaryColorHoverLight: lighten($primaryColorLight, 25%);

internal/login/static/resources/themes/scss/fonts.scss

@@ -0,0 +1,84 @@
+//Aileron
+@font-face {
+    font-family: Aileron;
+    src: url(../../../fonts/ailerons/ailerons.otf ) format('opentype');
+}
+
+//Lato
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Thin.ttf ) format('truetype');
+    font-style: normal;
+    font-weight: 100;
+}
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-ThinItalic.ttf ) format('truetype');
+    font-style: italic;
+    font-weight: 100;
+}
+
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Light.ttf ) format('truetype');
+    font-style: normal;
+    font-weight: 200;
+}
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-LightItalic.ttf ) format('truetype');
+    font-style: italic;
+    font-weight: 200;
+}
+
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Regular.ttf ) format('truetype');
+    font-style: normal;
+    font-weight: 400;
+}
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Italic.ttf ) format('truetype');
+    font-style: italic;
+    font-weight: 400;
+}
+
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Bold.ttf ) format('truetype');
+    font-style: normal;
+    font-weight: 700;
+}
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-BoldItalic.ttf ) format('truetype');
+    font-style: italic;
+    font-weight: 700;
+}
+
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-Black.ttf ) format('truetype');
+    font-style: normal;
+    font-weight: 800;
+}
+@font-face {
+    font-family: Lato;
+    src: url(../../../fonts/lato/Lato-BlackItalic.ttf ) format('truetype');
+    font-style: italic;
+    font-weight: 800;
+}
+
+//Material Icons
+@font-face {
+    font-family: 'Material Icons';
+    font-style: normal;
+    font-weight: 400;
+    src: url(../../../fonts/material/MaterialIcons-Regular.eot); /* For IE6-8 */
+    src: local('Material Icons'),
+    local('MaterialIcons-Regular'),
+    url(../../../fonts/material/MaterialIcons-Regular.woff2) format('woff2'),
+    url(../../../fonts/material/MaterialIcons-Regular.woff) format('woff'),
+    url(../../../fonts/material/MaterialIcons-Regular.ttf) format('truetype');
+}

internal/login/static/resources/themes/scss/light.scss

@@ -0,0 +1,53 @@
+// ---- LIGHT-THEME-------
+html {
+    background-color: $backgroundColorLight;
+    color: $fontColorLight;
+    
+    header .logo {
+        background-image: url($logoImgLight);
+    }
+
+    h1 {
+        color: $fontColorLight;
+    }
+
+    button {
+        background-color: $backgroundColorLight;
+        color: $primaryColorLight;
+        border: 2px solid $primaryColorLight;
+
+        &:hover {
+            background-color: $primaryColorHoverLight;
+            border: 2px solid $primaryColorHoverLight;
+        }
+
+        &.primary {
+            background-color: $primaryColor;
+            color: $fontColor;
+            border: none;
+            box-shadow: 0px 10px 30px $primaryColor;
+            &:hover {
+                background-color: $primaryColorHover;
+            }
+        }
+    }
+
+    input {
+        background-color: $backgroundColorLight;
+        color: $fontColorLight;
+    }
+
+    #qrcode {
+        svg rect[style*="fill:white"] {
+            fill: $backgroundColorLight !important;
+        }
+
+        svg rect[style*="fill:black"] {
+            fill: $fontColorLight !important;
+        }
+    }
+
+    footer {
+        background-image: url($footerimgLight);
+    }
+}

internal/login/static/resources/themes/scss/main.scss

@@ -0,0 +1,205 @@
+@import "fonts";
+
+*, *::before, *::after {
+    box-sizing: border-box;
+    font-family: $standardFont;
+    font-size: 18px;
+    font-weight: 400;
+}
+
+body {
+    margin: 0;
+}
+
+html {
+    background-color: $backgroundColor;
+    color: $fontColor;
+}
+
+h1 {
+    color: $fontColor;
+    font-family: $headerFont;
+    text-transform: uppercase;
+    text-align: center;
+    font-size: 40px;
+}
+
+p {
+    font-width: 300;
+}
+
+header {
+    padding: 8px;
+
+    .logo {
+        background-image: url($logoImgDark);
+        background-repeat: no-repeat;
+        background-size: contain;
+        height: 80px;
+        margin: 30px;
+    }
+}
+
+.content {
+    margin: auto;
+    padding: 20px;
+    width: 100%;
+    max-width: 500px;
+}
+
+a {
+    color: $primaryColor;
+    text-decoration: none;
+    text-transform: uppercase;
+    font-weight: 600;
+
+    &:hover {
+        color: $primaryColorHover;
+    }
+}
+
+button {
+    text-transform: uppercase;
+    background-color: $backgroundColor;
+    color: $primaryColor;
+    border: 2px solid $primaryColor;
+    border-radius: 5px;
+    width: 100%;
+    max-width: 600px;
+    height: $inputHeight;
+    transition: all 0.3s ease 0s;
+    cursor: pointer;
+    outline: none;
+    &:hover {
+        background-color: $primaryColorHover;
+        border: 2px solid $primaryColorHover;
+    }
+
+    &.primary {
+        background-color: $primaryColor;
+        color: $fontColor;
+        border: none;
+        &:hover {
+            background-color: $primaryColorHover;
+        }
+    }
+
+    & > .sessionstate {
+        text-transform: lowercase;
+    }
+}
+
+input:not([type='radio']), select {
+    background-color: $inputBackgroundColor;
+    color: $fontColor;
+    height: $inputHeight;
+    border: 2px solid $inputBorderColor;
+    border-radius: 5px;
+    padding-left: 15px;
+}
+
+form {
+    .field {
+        display: grid;
+        padding: 10px 0;
+    }
+
+    .field.radio-button {
+        display: flex;
+
+        input[type='radio'] {
+            height: 20px;
+            vertical-align: middle;
+        }
+
+        & label {
+            height: 20px;
+            display: inline-block;
+            padding: 3px 0 0 15px;
+            width: 100%;
+        }
+    }
+
+    label {
+        color: $labelColor;
+        text-transform: uppercase;
+        font-size: 0.9rem;
+        margin-bottom: 3px;
+
+        span.optional {
+            font-style: italic;
+            text-transform: none;
+        }
+    }
+
+    .actions {
+        padding: 20px 0;
+
+        .right {
+            float: right;
+        }
+
+        button, a {
+            margin: 10px 0;
+        }
+    }
+}
+
+#copy-secret {
+    visibility: hidden;
+    position: absolute;
+}
+
+#qrcode {
+    text-align: center;
+
+    svg rect[style*="fill:white"] {
+        fill: $backgroundColor !important;
+    }
+
+    svg rect[style*="fill:black"] {
+        fill: $fontColor !important;
+    }
+}
+
+#secret {
+    .copy {
+        float: right;
+        cursor: pointer;
+    }
+}
+
+footer {
+    background-image: url($footerimgDark);
+    width: 100%;
+    background-size: cover;
+    height: 44vw;
+    position: fixed;
+    bottom: 0;
+    z-index: -1;
+}
+
+.material-icons {
+    font-family: 'Material Icons';
+    font-weight: normal;
+    font-style: normal;
+    font-size: 24px;  /* Preferred icon size */
+    display: inline-block;
+    line-height: 1;
+    text-transform: none;
+    letter-spacing: normal;
+    word-wrap: normal;
+    white-space: nowrap;
+    direction: ltr;
+
+    /* Support for all WebKit browsers. */
+    -webkit-font-smoothing: antialiased;
+    /* Support for Safari and Chrome. */
+    text-rendering: optimizeLegibility;
+
+    /* Support for Firefox. */
+    -moz-osx-font-smoothing: grayscale;
+
+    /* Support for IE. */
+    font-feature-settings: 'liga';
+}

internal/login/static/resources/themes/scss/variables.scss

@@ -0,0 +1,23 @@
+// ----- FONTS ------------
+$standardFont: Lato;
+$headerFont: Aileron;
+
+// ----- LAYOUT ------------
+$inputHeight: 50px;
+
+
+// ----- DARK-THEME --------
+$backgroundColor: #282828;
+$fontColor: #FFFFFF;
+$primaryColor: #364DF6;
+$primaryColorHover: lighten($primaryColor, 10%);
+$labelColor: #898989;
+$inputBorderColor: #595959;
+$inputBackgroundColor: #252525;
+
+
+// ----- LIGHT-THEME --------
+$backgroundColorLight: $fontColor;
+$fontColorLight: $backgroundColor;
+$primaryColorLight: $primaryColor;
+$primaryColorHoverLight: lighten($primaryColorLight, 10%);

internal/login/static/resources/themes/scss/zitadel/dark.scss

@@ -0,0 +1,3 @@
+@import "../variables.scss";
+@import "./variables.scss";
+@import "../main.scss";

internal/login/static/resources/themes/scss/zitadel/light.scss

@@ -0,0 +1,4 @@
+@import "../variables.scss";
+@import "./variables.scss";
+@import "../main.scss";
+@import "../light.scss";

internal/login/static/resources/themes/scss/zitadel/variables.scss

@@ -0,0 +1,5 @@
+$logoImgDark: "../logo-dark.png";
+$logoImgLight: "../logo-light.png";
+
+$footerimgDark: "../gradientdeco-full.svg";
+$footerimgLight: "../gradientdeco-full.svg";