mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:37:32 +00:00
feat: Policy check (#149)
* check password complexity policy * check password complexity policy * fix tests * Update internal/admin/repository/eventsourcing/setup/setup.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * changes for mr Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -10,13 +10,19 @@ import (
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
org_view "github.com/caos/zitadel/internal/org/repository/view"
|
||||
policy_es "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
||||
usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
||||
)
|
||||
|
||||
const (
|
||||
DEFAULT_POLICY = "0"
|
||||
)
|
||||
|
||||
type OrgRepo struct {
|
||||
Eventstore eventstore.Eventstore
|
||||
OrgEventstore *org_es.OrgEventstore
|
||||
UserEventstore *usr_es.UserEventstore
|
||||
Eventstore eventstore.Eventstore
|
||||
OrgEventstore *org_es.OrgEventstore
|
||||
UserEventstore *usr_es.UserEventstore
|
||||
PolicyEventstore *policy_es.PolicyEventstore
|
||||
|
||||
View *admin_view.View
|
||||
|
||||
@@ -24,12 +30,16 @@ type OrgRepo struct {
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
|
||||
policy, err := repo.PolicyEventstore.GetPasswordComplexityPolicy(ctx, DEFAULT_POLICY)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, setUp.Org)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, org.AggregateID)
|
||||
user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, policy, org.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -2,12 +2,15 @@ package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/internal/api/auth"
|
||||
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
||||
usr_model "github.com/caos/zitadel/internal/user/model"
|
||||
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type UserRepo struct {
|
||||
UserEvents *usr_event.UserEventstore
|
||||
UserEvents *usr_event.UserEventstore
|
||||
PolicyEvents *policy_event.PolicyEventstore
|
||||
}
|
||||
|
||||
func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_model.User, err error) {
|
||||
@@ -15,9 +18,21 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_mod
|
||||
}
|
||||
|
||||
func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) {
|
||||
return repo.UserEvents.CreateUser(ctx, user)
|
||||
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return repo.UserEvents.CreateUser(ctx, user, policy)
|
||||
}
|
||||
|
||||
func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*usr_model.User, error) {
|
||||
return repo.UserEvents.RegisterUser(ctx, user, resourceOwner)
|
||||
policyResourceOwner := auth.GetCtxData(ctx).OrgID
|
||||
if resourceOwner != "" {
|
||||
policyResourceOwner = resourceOwner
|
||||
}
|
||||
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return repo.UserEvents.RegisterUser(ctx, user, policy, resourceOwner)
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package eventsourcing
|
||||
|
||||
import (
|
||||
"context"
|
||||
es_policy "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
||||
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/eventstore"
|
||||
@@ -61,7 +62,13 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults) (
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
policy, err := es_policy.StartPolicy(es_policy.PolicyConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
}, systemDefaults)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sqlClient, err := conf.View.Start()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -71,7 +78,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults) (
|
||||
return nil, err
|
||||
}
|
||||
|
||||
eventstoreRepos := setup.EventstoreRepos{OrgEvents: org, UserEvents: user, ProjectEvents: project, IamEvents: iam}
|
||||
eventstoreRepos := setup.EventstoreRepos{OrgEvents: org, UserEvents: user, ProjectEvents: project, IamEvents: iam, PolicyEvents: policy}
|
||||
err = setup.StartSetup(systemDefaults, eventstoreRepos).Execute(ctx)
|
||||
logging.Log("SERVE-k280HZ").OnError(err).Panic("failed to execute setup")
|
||||
|
||||
|
||||
@@ -2,6 +2,8 @@ package setup
|
||||
|
||||
import (
|
||||
"context"
|
||||
policy_model "github.com/caos/zitadel/internal/policy/model"
|
||||
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
@@ -31,13 +33,15 @@ type EventstoreRepos struct {
|
||||
OrgEvents *org_event.OrgEventstore
|
||||
UserEvents *usr_event.UserEventstore
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
PolicyEvents *policy_event.PolicyEventstore
|
||||
}
|
||||
|
||||
type initializer struct {
|
||||
*Setup
|
||||
createdUsers map[string]*usr_model.User
|
||||
createdOrgs map[string]*org_model.Org
|
||||
createdProjects map[string]*proj_model.Project
|
||||
createdUsers map[string]*usr_model.User
|
||||
createdOrgs map[string]*org_model.Org
|
||||
createdProjects map[string]*proj_model.Project
|
||||
pwComplexityPolicy *policy_model.PasswordComplexityPolicy
|
||||
}
|
||||
|
||||
const (
|
||||
@@ -55,6 +59,7 @@ const (
|
||||
OIDCAuthMethodType_NONE = "NONE"
|
||||
OIDCAuthMethodType_BASIC = "BASIC"
|
||||
OIDCAuthMethodType_POST = "POST"
|
||||
DEFAULT_POLICY = "0"
|
||||
)
|
||||
|
||||
func StartSetup(sd systemdefaults.SystemDefaults, repos EventstoreRepos) *Setup {
|
||||
@@ -92,6 +97,13 @@ func (s *Setup) Execute(ctx context.Context) error {
|
||||
createdProjects: make(map[string]*proj_model.Project),
|
||||
}
|
||||
|
||||
pwComplexityPolicy, err := s.repos.PolicyEvents.GetPasswordComplexityPolicy(ctx, DEFAULT_POLICY)
|
||||
if err != nil {
|
||||
logging.Log("SETUP-9osWF").WithError(err).Error("unable to read complexity policy")
|
||||
return err
|
||||
}
|
||||
setUp.pwComplexityPolicy = pwComplexityPolicy
|
||||
|
||||
err = setUp.orgs(ctx, s.setUpConfig.Orgs)
|
||||
if err != nil {
|
||||
logging.Log("SETUP-p4oWq").WithError(err).Error("unable to set up orgs")
|
||||
@@ -264,7 +276,7 @@ func (setUp *initializer) user(ctx context.Context, user types.User) (*usr_model
|
||||
SecretString: user.Password,
|
||||
},
|
||||
}
|
||||
return setUp.repos.UserEvents.CreateUser(ctx, createUser)
|
||||
return setUp.repos.UserEvents.CreateUser(ctx, createUser, setUp.pwComplexityPolicy)
|
||||
}
|
||||
|
||||
func (setUp *initializer) orgOwners(ctx context.Context, org *org_model.Org, owners []string) error {
|
||||
|
||||
Reference in New Issue
Block a user