TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 17:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login): correctly reload policies on auth request (#7839)

Browse Source
This commit is contained in:
Livio Spring
2024-04-24 10:44:55 +02:00
committed by GitHub
parent 25030c69b9
commit ac985e2dfb
3 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -656,7 +656,7 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
}
}
if request.LoginPolicy == nil || len(request.AllowedExternalIDPs) == 0 {
if request.LoginPolicy == nil || len(request.AllowedExternalIDPs) == 0 || request.PolicyOrgID() != orgID {
loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, orgID)
if err != nil {
return err
@@ -666,21 +666,21 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
request.AllowedExternalIDPs = idpProviders
}
}
if request.LockoutPolicy == nil {
if request.LockoutPolicy == nil || request.PolicyOrgID() != orgID {
lockoutPolicy, err := repo.getLockoutPolicy(ctx, orgID)
if err != nil {
return err
}
request.LockoutPolicy = lockoutPolicyToDomain(lockoutPolicy)
}
if request.PrivacyPolicy == nil {
if request.PrivacyPolicy == nil || request.PolicyOrgID() != orgID {
privacyPolicy, err := repo.GetPrivacyPolicy(ctx, orgID)
if err != nil {
return err
}
request.PrivacyPolicy = privacyPolicy
}
if request.LabelPolicy == nil {
if request.LabelPolicy == nil || request.PolicyOrgID() != orgID {
labelPolicy, err := repo.getLabelPolicy(ctx, request.PrivateLabelingOrgID(orgID))
if err != nil {
return err
@@ -694,13 +694,14 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
}
request.DefaultTranslations = defaultLoginTranslations
}
if len(request.OrgTranslations) == 0 {
if len(request.OrgTranslations) == 0 || request.PolicyOrgID() != orgID {
orgLoginTranslations, err := repo.getLoginTexts(ctx, orgID)
if err != nil {
return err
}
request.OrgTranslations = orgLoginTranslations
}
request.SetPolicyOrgID(orgID)
repo.AuthRequests.CacheAuthRequest(ctx, request)
return nil
}
@@ -887,7 +888,7 @@ func (repo *AuthRequestRepo) checkLoginNameInputForResourceOwner(ctx context.Con
}
func (repo *AuthRequestRepo) checkLoginPolicyWithResourceOwner(ctx context.Context, request *domain.AuthRequest, resourceOwner string) (err error) {
if request.LoginPolicy == nil {
if request.LoginPolicy == nil || request.PolicyOrgID() != resourceOwner {
loginPolicy, idps, err := repo.getLoginPolicyAndIDPProviders(ctx, resourceOwner)
if err != nil {
return err