feat: Policy check (#149)

* check password complexity policy

* check password complexity policy

* fix tests

* Update internal/admin/repository/eventsourcing/setup/setup.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* changes for mr

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -7,13 +7,15 @@ import (
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
 	"github.com/caos/zitadel/internal/errors"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
+	policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/user/model"
 	user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 )
 
 type UserRepo struct {
-	UserEvents *user_event.UserEventstore
-	View       *view.View
+	UserEvents   *user_event.UserEventstore
+	PolicyEvents *policy_event.PolicyEventstore
+	View         *view.View
 }
 
 func (repo *UserRepo) Health(ctx context.Context) error {
@@ -21,7 +23,15 @@ func (repo *UserRepo) Health(ctx context.Context) error {
 }
 
 func (repo *UserRepo) Register(ctx context.Context, user *model.User, resourceOwner string) (*model.User, error) {
-	return repo.UserEvents.RegisterUser(ctx, user, resourceOwner)
+	policyResourceOwner := auth.GetCtxData(ctx).OrgID
+	if resourceOwner != "" {
+		policyResourceOwner = resourceOwner
+	}
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.RegisterUser(ctx, user, policy, resourceOwner)
 }
 
 func (repo *UserRepo) MyProfile(ctx context.Context) (*model.Profile, error) {
@@ -85,7 +95,11 @@ func (repo *UserRepo) ChangeMyAddress(ctx context.Context, address *model.Addres
 }
 
 func (repo *UserRepo) ChangeMyPassword(ctx context.Context, old, new string) error {
-	_, err := repo.UserEvents.ChangePassword(ctx, auth.GetCtxData(ctx).UserID, old, new)
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return err
+	}
+	_, err = repo.UserEvents.ChangePassword(ctx, policy, auth.GetCtxData(ctx).UserID, old, new)
 	return err
 }
 
@@ -114,7 +128,11 @@ func (repo *UserRepo) RequestPasswordReset(ctx context.Context, username string)
 }
 
 func (repo *UserRepo) SetPassword(ctx context.Context, userID, code, password string) error {
-	return repo.UserEvents.SetPassword(ctx, userID, code, password)
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return err
+	}
+	return repo.UserEvents.SetPassword(ctx, policy, userID, code, password)
 }
 
 func (repo *UserRepo) SignOut(ctx context.Context, agentID, userID string) error {

internal/auth/repository/eventsourcing/repository.go

@@ -13,6 +13,7 @@ import (
 	es_int "github.com/caos/zitadel/internal/eventstore"
 	es_spol "github.com/caos/zitadel/internal/eventstore/spooler"
 	"github.com/caos/zitadel/internal/id"
+	es_policy "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	es_user "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 )
 
@@ -44,7 +45,16 @@ func Start(conf Config, systemDefaults sd.SystemDefaults) (*EsRepository, error)
 	if err != nil {
 		return nil, err
 	}
-
+	policy, err := es_policy.StartPolicy(
+		es_policy.PolicyConfig{
+			Eventstore: es,
+			Cache:      conf.Eventstore.Cache,
+		},
+		systemDefaults,
+	)
+	if err != nil {
+		return nil, err
+	}
 	user, err := es_user.StartUser(
 		es_user.UserConfig{
 			Eventstore: es,
@@ -66,8 +76,9 @@ func Start(conf Config, systemDefaults sd.SystemDefaults) (*EsRepository, error)
 	return &EsRepository{
 		spool,
 		eventstore.UserRepo{
-			UserEvents: user,
-			View:       view,
+			UserEvents:   user,
+			PolicyEvents: policy,
+			View:         view,
 		},
 		eventstore.AuthRequestRepo{
 			UserEvents:               user,