feat: Policy check (#149)

* check password complexity policy * check password complexity policy * fix tests * Update internal/admin/repository/eventsourcing/setup/setup.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * changes for mr Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-10-18 00:42:29 +00:00 · 2020-05-29 08:44:01 +02:00
parent 5a7d44327e
commit a4c7b39552
15 changed files with 477 additions and 61 deletions
--- a/internal/management/repository/eventsourcing/eventstore/user.go
+++ b/internal/management/repository/eventsourcing/eventstore/user.go
@@ -2,16 +2,19 @@ package eventstore

 import (
 	"context"
+	"github.com/caos/zitadel/internal/api/auth"
 	"github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
+	policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	usr_model "github.com/caos/zitadel/internal/user/model"
 	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/user/repository/view/model"
 )

 type UserRepo struct {
-	SearchLimit uint64
-	UserEvents  *usr_event.UserEventstore
-	View        *view.View
+	SearchLimit  uint64
+	UserEvents   *usr_event.UserEventstore
+	PolicyEvents *policy_event.PolicyEventstore
+	View         *view.View
 }

 func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_model.User, err error) {
@@ -19,11 +22,23 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_mod
 }

 func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) {
-	return repo.UserEvents.CreateUser(ctx, user)
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.CreateUser(ctx, user, policy)
 }

 func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*usr_model.User, error) {
-	return repo.UserEvents.RegisterUser(ctx, user, resourceOwner)
+	policyResourceOwner := auth.GetCtxData(ctx).OrgID
+	if resourceOwner != "" {
+		policyResourceOwner = resourceOwner
+	}
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.RegisterUser(ctx, user, policy, resourceOwner)
 }

 func (repo *UserRepo) DeactivateUser(ctx context.Context, id string) (*usr_model.User, error) {
@@ -73,7 +88,11 @@ func (repo *UserRepo) UserMfas(ctx context.Context, userID string) ([]*usr_model
 }

 func (repo *UserRepo) SetOneTimePassword(ctx context.Context, password *usr_model.Password) (*usr_model.Password, error) {
-	return repo.UserEvents.SetOneTimePassword(ctx, password)
+	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.SetOneTimePassword(ctx, policy, password)
 }

 func (repo *UserRepo) RequestSetPassword(ctx context.Context, id string, notifyType usr_model.NotificationType) error {
--- a/internal/management/repository/eventsourcing/repository.go
+++ b/internal/management/repository/eventsourcing/repository.go
@@ -86,7 +86,7 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
 		spooler:       spool,
 		OrgRepository: eventstore.OrgRepository{conf.SearchLimit, org, view, roles},
 		ProjectRepo:   eventstore.ProjectRepo{conf.SearchLimit, project, view, roles},
-		UserRepo:      eventstore.UserRepo{conf.SearchLimit, user, view},
+		UserRepo:      eventstore.UserRepo{conf.SearchLimit, user, policy, view},
 		UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, usergrant, view},
 		PolicyRepo:    eventstore.PolicyRepo{policy},
 	}, nil