feat: allow system config changes (#3876)

* feat: run repeatable setup steps * feat: react to system config changes * renaming
2025-08-11 21:17:32 +00:00 · 2022-07-20 11:20:49 +02:00
parent 2707461ea6
commit 95481c2e0b
7 changed files with 424 additions and 47 deletions
--- a/internal/command/instance_domain.go
+++ b/internal/command/instance_domain.go
@@ -95,33 +95,68 @@ func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain strin
 			events := []eventstore.Command{
 				instance.NewDomainAddedEvent(ctx, &a.Aggregate, instanceDomain, generated),
 			}
-			appWriteModel, err := getOIDCAppWriteModel(ctx, filter, authz.GetInstance(ctx).ProjectID(), authz.GetInstance(ctx).ConsoleApplicationID(), "")
+			consoleChangeEvent, err := c.updateConsoleRedirectURIs(ctx, filter, instanceDomain)
 			if err != nil {
 				return nil, err
 			}
-			if appWriteModel.State.Exists() {
-				redirectUrls := append(appWriteModel.RedirectUris, http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure)+consoleRedirectPath)
-				logoutUrls := append(appWriteModel.PostLogoutRedirectUris, http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure)+consolePostLogoutPath)
-				consoleChangeEvent, err := project.NewOIDCConfigChangedEvent(
-					ctx,
-					ProjectAggregateFromWriteModel(&appWriteModel.WriteModel),
-					appWriteModel.AppID,
-					[]project.OIDCConfigChanges{
-						project.ChangeRedirectURIs(redirectUrls),
-						project.ChangePostLogoutRedirectURIs(logoutUrls),
-					},
-				)
-				if err != nil {
-					return nil, err
-				}
-				events = append(events, consoleChangeEvent)
-			}
-
-			return events, nil
+			return append(events, consoleChangeEvent), nil
 		}, nil
 	}
 }

+func (c *Commands) prepareUpdateConsoleRedirectURIs(instanceDomain string) preparation.Validation {
+	return func() (preparation.CreateCommands, error) {
+		if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
+			return nil, errors.ThrowInvalidArgument(nil, "INST-E3j3s", "Errors.Invalid.Argument")
+		}
+		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
+			consoleChangeEvent, err := c.updateConsoleRedirectURIs(ctx, filter, instanceDomain)
+			if err != nil {
+				return nil, err
+			}
+			return []eventstore.Command{
+				consoleChangeEvent,
+			}, nil
+		}, nil
+	}
+}
+
+func (c *Commands) updateConsoleRedirectURIs(ctx context.Context, filter preparation.FilterToQueryReducer, instanceDomain string) (*project.OIDCConfigChangedEvent, error) {
+	appWriteModel, err := getOIDCAppWriteModel(ctx, filter, authz.GetInstance(ctx).ProjectID(), authz.GetInstance(ctx).ConsoleApplicationID(), "")
+	if err != nil {
+		return nil, err
+	}
+	if !appWriteModel.State.Exists() {
+		return nil, nil
+	}
+	redirectURI := http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure) + consoleRedirectPath
+	changes := make([]project.OIDCConfigChanges, 0, 2)
+	if !containsURI(appWriteModel.RedirectUris, redirectURI) {
+		changes = append(changes, project.ChangeRedirectURIs(append(appWriteModel.RedirectUris, redirectURI)))
+	}
+	postLogoutRedirectURI := http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure) + consolePostLogoutPath
+	if !containsURI(appWriteModel.PostLogoutRedirectUris, postLogoutRedirectURI) {
+		changes = append(changes, project.ChangePostLogoutRedirectURIs(append(appWriteModel.PostLogoutRedirectUris, postLogoutRedirectURI)))
+	}
+	return project.NewOIDCConfigChangedEvent(
+		ctx,
+		ProjectAggregateFromWriteModel(&appWriteModel.WriteModel),
+		appWriteModel.AppID,
+		changes,
+	)
+}
+
+//checkUpdateConsoleRedirectURIs validates if the required console uri is present in the redirect_uris and post_logout_redirect_uris
+//it will return true only if present in both list, otherwise false
+func (c *Commands) checkUpdateConsoleRedirectURIs(instanceDomain string, redirectURIs, postLogoutRedirectURIs []string) bool {
+	redirectURI := http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure) + consoleRedirectPath
+	if !containsURI(redirectURIs, redirectURI) {
+		return false
+	}
+	postLogoutRedirectURI := http.BuildHTTP(instanceDomain, c.externalPort, c.externalSecure) + consolePostLogoutPath
+	return containsURI(postLogoutRedirectURIs, postLogoutRedirectURI)
+}
+
 func setPrimaryInstanceDomain(a *instance.Aggregate, instanceDomain string) preparation.Validation {
 	return func() (preparation.CreateCommands, error) {
 		if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
@@ -174,3 +209,12 @@ func getInstanceDomainWriteModel(ctx context.Context, filter preparation.FilterT
 	err = domainWriteModel.Reduce()
 	return domainWriteModel, err
 }
+
+func containsURI(uris []string, uri string) bool {
+	for _, u := range uris {
+		if u == uri {
+			return true
+		}
+	}
+	return false
+}