feat: new user auth api (#1168)

* fix: correct selectors for extended writemodel

* fix: no previous checks in eventstore

* start check previous

* feat: auth user commands

* feat: auth user commands

* feat: auth user commands

* feat: otp

* feat: corrections from pr merge

* feat: webauthn

* feat: comment old webauthn

* feat: refactor user, human, machine

* feat: webauth command side

* feat: command and query side in login

* feat: fix user writemodel append events

* fix: remove creation dates on command side

* fix: remove previous sequence

* previous sequence

* fix: external idps

* Update internal/api/grpc/management/user.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/v2/command/user_human_email.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr changes

* fix: phone verification

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/api/grpc/management/application_converter.go

@@ -17,20 +17,16 @@ import (
 )
 
 func appFromModel(app *proj_model.Application) *management.Application {
-	creationDate, err := ptypes.TimestampProto(app.CreationDate)
-	logging.Log("GRPC-iejs3").OnError(err).Debug("unable to parse timestamp")
-
 	changeDate, err := ptypes.TimestampProto(app.ChangeDate)
 	logging.Log("GRPC-di7rw").OnError(err).Debug("unable to parse timestamp")
 
 	return &management.Application{
-		Id:           app.AppID,
-		State:        appStateFromModel(app.State),
-		CreationDate: creationDate,
-		ChangeDate:   changeDate,
-		Name:         app.Name,
-		Sequence:     app.Sequence,
-		AppConfig:    appConfigFromModel(app),
+		Id:         app.AppID,
+		State:      appStateFromModel(app.State),
+		ChangeDate: changeDate,
+		Name:       app.Name,
+		Sequence:   app.Sequence,
+		AppConfig:  appConfigFromModel(app),
 	}
 }
 

internal/api/grpc/management/user.go

@@ -52,43 +52,39 @@ func (s *Server) IsUserUnique(ctx context.Context, request *management.UniqueUse
 }
 
 func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.UserResponse, error) {
-	user, err := s.command.AddUser(ctx, authz.GetCtxData(ctx).OrgID, userCreateToDomain(in))
+	human, machine := userCreateToDomain(in)
+	if human != nil {
+		h, err := s.command.AddHuman(ctx, authz.GetCtxData(ctx).OrgID, human)
+		if err != nil {
+			return nil, err
+		}
+		return userHumanFromDomain(h), nil
+	}
+	m, err := s.command.AddMachine(ctx, authz.GetCtxData(ctx).OrgID, machine)
 	if err != nil {
 		return nil, err
 	}
-	return userFromDomain(user), nil
+	return userMachineFromDomain(m), nil
 }
 
-func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
-	user, err := s.command.DeactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
-	if err != nil {
-		return nil, err
-	}
-	return userFromDomain(user), nil
+func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
+	err := s.command.DeactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
+	return &empty.Empty{}, err
 }
 
-func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
-	user, err := s.command.ReactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
-	if err != nil {
-		return nil, err
-	}
-	return userFromDomain(user), nil
+func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
+	err := s.command.ReactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
+	return &empty.Empty{}, err
 }
 
-func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
-	user, err := s.command.LockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
-	if err != nil {
-		return nil, err
-	}
-	return userFromDomain(user), nil
+func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
+	err := s.command.LockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
+	return &empty.Empty{}, err
 }
 
-func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
-	user, err := s.command.UnlockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
-	if err != nil {
-		return nil, err
-	}
-	return userFromDomain(user), nil
+func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
+	err := s.command.UnlockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
+	return &empty.Empty{}, err
 }
 
 func (s *Server) DeleteUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {

internal/api/grpc/management/user_converter.go

@@ -19,48 +19,48 @@ import (
 	"github.com/caos/zitadel/pkg/grpc/message"
 )
 
-func userFromDomain(user *domain.User) *management.UserResponse {
-	creationDate, err := ptypes.TimestampProto(user.CreationDate)
-	logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp")
-
-	changeDate, err := ptypes.TimestampProto(user.ChangeDate)
+func userMachineFromDomain(machine *domain.Machine) *management.UserResponse {
+	changeDate, err := ptypes.TimestampProto(machine.ChangeDate)
 	logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
 
 	userResp := &management.UserResponse{
-		Id:           user.AggregateID,
-		State:        userStateFromDomain(user.State),
-		CreationDate: creationDate,
-		ChangeDate:   changeDate,
-		Sequence:     user.Sequence,
-		UserName:     user.UserName,
+		Id:         machine.AggregateID,
+		State:      userStateFromDomain(machine.GetState()),
+		ChangeDate: changeDate,
+		Sequence:   machine.Sequence,
+		UserName:   machine.GetUsername(),
 	}
-
-	if user.Machine != nil {
-		userResp.User = &management.UserResponse_Machine{Machine: machineFromDomain(user.Machine)}
-	}
-	if user.Human != nil {
-		userResp.User = &management.UserResponse_Human{Human: humanFromDomain(user.Human)}
-	}
-
+	userResp.User = &management.UserResponse_Machine{Machine: machineFromDomain(machine)}
 	return userResp
 }
 
-func userCreateToDomain(user *management.CreateUserRequest) *domain.User {
-	var human *domain.Human
-	var machine *domain.Machine
+func userHumanFromDomain(human *domain.Human) *management.UserResponse {
+	changeDate, err := ptypes.TimestampProto(human.ChangeDate)
+	logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
 
+	userResp := &management.UserResponse{
+		Id:         human.AggregateID,
+		State:      userStateFromDomain(human.GetState()),
+		ChangeDate: changeDate,
+		Sequence:   human.Sequence,
+		UserName:   human.GetUsername(),
+	}
+	userResp.User = &management.UserResponse_Human{Human: humanFromDomain(human)}
+	return userResp
+}
+
+func userCreateToDomain(user *management.CreateUserRequest) (*domain.Human, *domain.Machine) {
 	if h := user.GetHuman(); h != nil {
-		human = humanCreateToDomain(h)
+		human := humanCreateToDomain(h)
+		human.Username = user.UserName
+		return human, nil
 	}
 	if m := user.GetMachine(); m != nil {
-		machine = machineCreateToDomain(m)
-	}
-
-	return &domain.User{
-		UserName: user.UserName,
-		Human:    human,
-		Machine:  machine,
+		machine := machineCreateToDomain(m)
+		machine.Username = user.UserName
+		return nil, machine
 	}
+	return nil, nil
 }
 
 func passwordRequestToModel(r *management.PasswordRequest) *usr_model.Password {
@@ -212,15 +212,11 @@ func userMembershipSearchKeyToModel(key management.UserMembershipSearchKey) usr_
 }
 
 func profileFromDomain(profile *domain.Profile) *management.UserProfile {
-	creationDate, err := ptypes.TimestampProto(profile.CreationDate)
-	logging.Log("GRPC-dkso3").OnError(err).Debug("unable to parse timestamp")
-
 	changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
 	logging.Log("GRPC-ski8d").OnError(err).Debug("unable to parse timestamp")
 
 	return &management.UserProfile{
 		Id:                profile.AggregateID,
-		CreationDate:      creationDate,
 		ChangeDate:        changeDate,
 		Sequence:          profile.Sequence,
 		FirstName:         profile.FirstName,
@@ -270,15 +266,11 @@ func updateProfileToDomain(u *management.UpdateUserProfileRequest) *domain.Profi
 }
 
 func emailFromDomain(email *domain.Email) *management.UserEmail {
-	creationDate, err := ptypes.TimestampProto(email.CreationDate)
-	logging.Log("GRPC-d9ow2").OnError(err).Debug("unable to parse timestamp")
-
 	changeDate, err := ptypes.TimestampProto(email.ChangeDate)
 	logging.Log("GRPC-s0dkw").OnError(err).Debug("unable to parse timestamp")
 
 	return &management.UserEmail{
 		Id:              email.AggregateID,
-		CreationDate:    creationDate,
 		ChangeDate:      changeDate,
 		Sequence:        email.Sequence,
 		Email:           email.EmailAddress,
@@ -312,15 +304,11 @@ func updateEmailToDomain(e *management.UpdateUserEmailRequest) *domain.Email {
 }
 
 func phoneFromDomain(phone *domain.Phone) *management.UserPhone {
-	creationDate, err := ptypes.TimestampProto(phone.CreationDate)
-	logging.Log("GRPC-ps9ws").OnError(err).Debug("unable to parse timestamp")
-
 	changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
 	logging.Log("GRPC-09ewq").OnError(err).Debug("unable to parse timestamp")
 
 	return &management.UserPhone{
 		Id:              phone.AggregateID,
-		CreationDate:    creationDate,
 		ChangeDate:      changeDate,
 		Sequence:        phone.Sequence,
 		Phone:           phone.PhoneNumber,
@@ -353,15 +341,11 @@ func updatePhoneToDomain(e *management.UpdateUserPhoneRequest) *domain.Phone {
 }
 
 func addressFromDomain(address *domain.Address) *management.UserAddress {
-	creationDate, err := ptypes.TimestampProto(address.CreationDate)
-	logging.Log("GRPC-ud8w7").OnError(err).Debug("unable to parse timestamp")
-
 	changeDate, err := ptypes.TimestampProto(address.ChangeDate)
 	logging.Log("GRPC-si9ws").OnError(err).Debug("unable to parse timestamp")
 
 	return &management.UserAddress{
 		Id:            address.AggregateID,
-		CreationDate:  creationDate,
 		ChangeDate:    changeDate,
 		Sequence:      address.Sequence,
 		Country:       address.Country,