mirror of
https://github.com/zitadel/zitadel.git
synced 2025-03-01 01:17:23 +00:00
fix: es bugs (#1455)
* fix app key writemodel * fix: add events to query * fix: tests * add missing project_grant_id to usergrant in proto * fix IDPOwnerTypeQueryToModel Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
GitHub
parent
7768759906
commit
ad43a10f65
@ -261,7 +261,7 @@ func IDPNameQueryToModel(query *idp_pb.IDPNameQuery) *iam_model.IDPConfigSearchQ
|
|||||||
|
|
||||||
func IDPOwnerTypeQueryToModel(query *idp_pb.IDPOwnerTypeQuery) *iam_model.IDPConfigSearchQuery {
|
func IDPOwnerTypeQueryToModel(query *idp_pb.IDPOwnerTypeQuery) *iam_model.IDPConfigSearchQuery {
|
||||||
return &iam_model.IDPConfigSearchQuery{
|
return &iam_model.IDPConfigSearchQuery{
|
||||||
Key: iam_model.IDPConfigSearchKeyName,
|
Key: iam_model.IDPConfigSearchKeyIdpProviderType,
|
||||||
Method: domain.SearchMethodEquals,
|
Method: domain.SearchMethodEquals,
|
||||||
Value: IDPProviderTypeModelFromPb(query.OwnerType),
|
Value: IDPProviderTypeModelFromPb(query.OwnerType),
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,9 +3,6 @@ package management
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"google.golang.org/grpc/codes"
|
|
||||||
"google.golang.org/grpc/status"
|
|
||||||
|
|
||||||
"github.com/caos/zitadel/internal/api/authz"
|
"github.com/caos/zitadel/internal/api/authz"
|
||||||
idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
|
idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
|
||||||
object_pb "github.com/caos/zitadel/internal/api/grpc/object"
|
object_pb "github.com/caos/zitadel/internal/api/grpc/object"
|
||||||
@ -30,7 +27,7 @@ func (s *Server) ListOrgIDPs(ctx context.Context, req *mgmt_pb.ListOrgIDPsReques
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRequest) (*mgmt_pb.AddOrgOIDCIDPResponse, error) {
|
func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRequest) (*mgmt_pb.AddOrgOIDCIDPResponse, error) {
|
||||||
config, err := s.command.AddDefaultIDPConfig(ctx, addOIDCIDPRequestToDomain(req))
|
config, err := s.command.AddIDPConfig(ctx, addOIDCIDPRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -44,14 +41,14 @@ func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRe
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
func (s *Server) DeactivateOrgIDP(ctx context.Context, req *mgmt_pb.DeactivateOrgIDPRequest) (*mgmt_pb.DeactivateOrgIDPResponse, error) {
|
func (s *Server) DeactivateOrgIDP(ctx context.Context, req *mgmt_pb.DeactivateOrgIDPRequest) (*mgmt_pb.DeactivateOrgIDPResponse, error) {
|
||||||
objectDetails, err := s.command.DeactivateDefaultIDPConfig(ctx, req.IdpId)
|
objectDetails, err := s.command.DeactivateIDPConfig(ctx, req.IdpId, authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &mgmt_pb.DeactivateOrgIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
|
return &mgmt_pb.DeactivateOrgIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
|
||||||
}
|
}
|
||||||
func (s *Server) ReactivateOrgIDP(ctx context.Context, req *mgmt_pb.ReactivateOrgIDPRequest) (*mgmt_pb.ReactivateOrgIDPResponse, error) {
|
func (s *Server) ReactivateOrgIDP(ctx context.Context, req *mgmt_pb.ReactivateOrgIDPRequest) (*mgmt_pb.ReactivateOrgIDPResponse, error) {
|
||||||
objectDetails, err := s.command.ReactivateDefaultIDPConfig(ctx, req.IdpId)
|
objectDetails, err := s.command.ReactivateIDPConfig(ctx, req.IdpId, authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -66,14 +63,14 @@ func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequ
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
_, err = s.command.RemoveDefaultIDPConfig(ctx, req.IdpId, idpProviderViewsToDomain(idpProviders), externalIDPViewsToDomain(externalIDPs)...)
|
_, err = s.command.RemoveIDPConfig(ctx, req.IdpId, authz.GetCtxData(ctx).OrgID, len(idpProviders) > 0, externalIDPViewsToDomain(externalIDPs)...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &mgmt_pb.RemoveOrgIDPResponse{}, nil
|
return &mgmt_pb.RemoveOrgIDPResponse{}, nil
|
||||||
}
|
}
|
||||||
func (s *Server) UpdateOrgIDP(ctx context.Context, req *mgmt_pb.UpdateOrgIDPRequest) (*mgmt_pb.UpdateOrgIDPResponse, error) {
|
func (s *Server) UpdateOrgIDP(ctx context.Context, req *mgmt_pb.UpdateOrgIDPRequest) (*mgmt_pb.UpdateOrgIDPResponse, error) {
|
||||||
config, err := s.command.ChangeDefaultIDPConfig(ctx, updateIDPToDomain(req))
|
config, err := s.command.ChangeIDPConfig(ctx, updateIDPToDomain(req), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -85,6 +82,17 @@ func (s *Server) UpdateOrgIDP(ctx context.Context, req *mgmt_pb.UpdateOrgIDPRequ
|
|||||||
),
|
),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) UpdateOrgIDPOIDCConfig(ctx context.Context, req *mgmt_pb.UpdateOrgIDPOIDCConfigRequest) (*mgmt_pb.UpdateOrgIDPOIDCConfigResponse, error) {
|
func (s *Server) UpdateOrgIDPOIDCConfig(ctx context.Context, req *mgmt_pb.UpdateOrgIDPOIDCConfigRequest) (*mgmt_pb.UpdateOrgIDPOIDCConfigResponse, error) {
|
||||||
return nil, status.Errorf(codes.Unimplemented, "method UpdateOrgIDPOIDCConfig not implemented")
|
config, err := s.command.ChangeIDPOIDCConfig(ctx, updateOIDCConfigToDomain(req), authz.GetCtxData(ctx).OrgID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &mgmt_pb.UpdateOrgIDPOIDCConfigResponse{
|
||||||
|
Details: object_pb.ChangeToDetailsPb(
|
||||||
|
config.Sequence,
|
||||||
|
config.ChangeDate,
|
||||||
|
config.ResourceOwner,
|
||||||
|
),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -119,7 +119,7 @@ func (s *Server) ListLoginPolicySecondFactors(ctx context.Context, req *mgmt_pb.
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddSecondFactorToLoginPolicyRequest) (*mgmt_pb.AddSecondFactorToLoginPolicyResponse, error) {
|
func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddSecondFactorToLoginPolicyRequest) (*mgmt_pb.AddSecondFactorToLoginPolicyResponse, error) {
|
||||||
_, objectDetails, err := s.command.AddSecondFactorToDefaultLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type))
|
_, objectDetails, err := s.command.AddSecondFactorToLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -129,7 +129,7 @@ func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveSecondFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveSecondFactorFromLoginPolicyResponse, error) {
|
func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveSecondFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveSecondFactorFromLoginPolicyResponse, error) {
|
||||||
objectDetails, err := s.command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type))
|
objectDetails, err := s.command.RemoveSecondFactorFromLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -151,7 +151,7 @@ func (s *Server) ListLoginPolicyMultiFactors(ctx context.Context, req *mgmt_pb.L
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddMultiFactorToLoginPolicyRequest) (*mgmt_pb.AddMultiFactorToLoginPolicyResponse, error) {
|
func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddMultiFactorToLoginPolicyRequest) (*mgmt_pb.AddMultiFactorToLoginPolicyResponse, error) {
|
||||||
_, objectDetails, err := s.command.AddMultiFactorToDefaultLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type))
|
_, objectDetails, err := s.command.AddMultiFactorToLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -161,7 +161,7 @@ func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.A
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveMultiFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveMultiFactorFromLoginPolicyResponse, error) {
|
func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveMultiFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveMultiFactorFromLoginPolicyResponse, error) {
|
||||||
objectDetails, err := s.command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type))
|
objectDetails, err := s.command.RemoveMultiFactorFromLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,20 +17,21 @@ func UserGrantsToPb(grants []*usr_grant_model.UserGrantView) []*user_pb.UserGran
|
|||||||
|
|
||||||
func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
|
func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
|
||||||
return &user_pb.UserGrant{
|
return &user_pb.UserGrant{
|
||||||
GrantId: grant.ID,
|
GrantId: grant.ID,
|
||||||
UserId: grant.UserID,
|
UserId: grant.UserID,
|
||||||
State: ModelUserGrantStateToPb(grant.State),
|
State: ModelUserGrantStateToPb(grant.State),
|
||||||
RoleKeys: grant.RoleKeys,
|
RoleKeys: grant.RoleKeys,
|
||||||
UserName: grant.UserName,
|
UserName: grant.UserName,
|
||||||
FirstName: grant.FirstName,
|
FirstName: grant.FirstName,
|
||||||
LastName: grant.LastName,
|
LastName: grant.LastName,
|
||||||
Email: grant.Email,
|
Email: grant.Email,
|
||||||
DisplayName: grant.DisplayName,
|
DisplayName: grant.DisplayName,
|
||||||
OrgId: grant.ResourceOwner,
|
OrgId: grant.ResourceOwner,
|
||||||
OrgDomain: grant.OrgPrimaryDomain,
|
OrgDomain: grant.OrgPrimaryDomain,
|
||||||
OrgName: grant.OrgName,
|
OrgName: grant.OrgName,
|
||||||
ProjectId: grant.ProjectID,
|
ProjectId: grant.ProjectID,
|
||||||
ProjectName: grant.ProjectName,
|
ProjectName: grant.ProjectName,
|
||||||
|
ProjectGrantId: grant.GrantID,
|
||||||
Details: object.ToViewDetailsPb(
|
Details: object.ToViewDetailsPb(
|
||||||
grant.Sequence,
|
grant.Sequence,
|
||||||
grant.CreationDate,
|
grant.CreationDate,
|
||||||
|
|||||||
@ -97,43 +97,57 @@ func (c *Commands) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig
|
|||||||
return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil
|
return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) error {
|
func (c *Commands) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) (*domain.ObjectDetails, error) {
|
||||||
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
if existingIDP.State != domain.IDPConfigStateActive {
|
if existingIDP.State != domain.IDPConfigStateActive {
|
||||||
return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive")
|
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive")
|
||||||
}
|
}
|
||||||
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
||||||
_, err = c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID))
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID))
|
||||||
return err
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error {
|
func (c *Commands) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) (*domain.ObjectDetails, error) {
|
||||||
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
if existingIDP.State != domain.IDPConfigStateInactive {
|
if existingIDP.State != domain.IDPConfigStateInactive {
|
||||||
return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
|
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
|
||||||
}
|
}
|
||||||
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
||||||
_, err = c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID))
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID))
|
||||||
return err
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) error {
|
func (c *Commands) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) (*domain.ObjectDetails, error) {
|
||||||
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified {
|
if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified {
|
||||||
return caos_errs.ThrowNotFound(nil, "Org-Yx9vd", "Errors.Org.IDPConfig.NotExisting")
|
return nil, caos_errs.ThrowNotFound(nil, "Org-Yx9vd", "Errors.Org.IDPConfig.NotExisting")
|
||||||
}
|
}
|
||||||
if existingIDP.State != domain.IDPConfigStateInactive {
|
if existingIDP.State != domain.IDPConfigStateInactive {
|
||||||
return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
|
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
|
||||||
}
|
}
|
||||||
|
|
||||||
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
|
||||||
@ -145,8 +159,15 @@ func (c *Commands) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cas
|
|||||||
removeIDPEvents := c.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...)
|
removeIDPEvents := c.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...)
|
||||||
events = append(events, removeIDPEvents...)
|
events = append(events, removeIDPEvents...)
|
||||||
}
|
}
|
||||||
_, err = c.eventstore.PushEvents(ctx, events...)
|
pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
|
||||||
return err
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) getOrgIDPConfigByID(ctx context.Context, idpID, orgID string) (*domain.IDPConfig, error) {
|
func (c *Commands) getOrgIDPConfigByID(ctx context.Context, idpID, orgID string) (*domain.IDPConfig, error) {
|
||||||
|
|||||||
@ -182,95 +182,118 @@ func (c *Commands) removeIDPProviderFromLoginPolicy(ctx context.Context, orgAgg
|
|||||||
return events
|
return events
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, error) {
|
func (c *Commands) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, *domain.ObjectDetails, error) {
|
||||||
if orgID == "" {
|
if orgID == "" {
|
||||||
return domain.SecondFactorTypeUnspecified, caos_errs.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing")
|
return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fs9", "Errors.ResourceOwnerMissing")
|
||||||
}
|
}
|
||||||
if !secondFactor.Valid() {
|
if !secondFactor.Valid() {
|
||||||
return domain.SecondFactorTypeUnspecified, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
||||||
}
|
}
|
||||||
secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor)
|
secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor)
|
||||||
err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
|
err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return domain.SecondFactorTypeUnspecified, err
|
return domain.SecondFactorTypeUnspecified, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if secondFactorModel.State == domain.FactorStateActive {
|
if secondFactorModel.State == domain.FactorStateActive {
|
||||||
return domain.SecondFactorTypeUnspecified, caos_errs.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.MFA.AlreadyExists")
|
return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowAlreadyExists(nil, "Org-2B0ps", "Errors.Org.LoginPolicy.MFA.AlreadyExists")
|
||||||
}
|
}
|
||||||
|
|
||||||
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
|
||||||
|
|
||||||
if _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorAddedEvent(ctx, orgAgg, secondFactor)); err != nil {
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorAddedEvent(ctx, orgAgg, secondFactor))
|
||||||
return domain.SecondFactorTypeUnspecified, err
|
if err != nil {
|
||||||
|
return domain.SecondFactorTypeUnspecified, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return secondFactorModel.MFAType, nil
|
err = AppendAndReduce(secondFactorModel, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return domain.SecondFactorTypeUnspecified, nil, err
|
||||||
|
}
|
||||||
|
return secondFactorModel.MFAType, writeModelToObjectDetails(&secondFactorModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) RemoveSecondFactorFromLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) error {
|
func (c *Commands) RemoveSecondFactorFromLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (*domain.ObjectDetails, error) {
|
||||||
if orgID == "" {
|
if orgID == "" {
|
||||||
return caos_errs.ThrowInvalidArgument(nil, "Org-fM0gs", "Errors.ResourceOwnerMissing")
|
return nil, caos_errs.ThrowInvalidArgument(nil, "Org-fM0gs", "Errors.ResourceOwnerMissing")
|
||||||
}
|
}
|
||||||
if !secondFactor.Valid() {
|
if !secondFactor.Valid() {
|
||||||
return caos_errs.ThrowInvalidArgument(nil, "Org-55n8s", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
return nil, caos_errs.ThrowInvalidArgument(nil, "Org-55n8s", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
||||||
}
|
}
|
||||||
secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor)
|
secondFactorModel := NewOrgSecondFactorWriteModel(orgID, secondFactor)
|
||||||
err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
|
err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
if secondFactorModel.State == domain.FactorStateUnspecified || secondFactorModel.State == domain.FactorStateRemoved {
|
if secondFactorModel.State == domain.FactorStateUnspecified || secondFactorModel.State == domain.FactorStateRemoved {
|
||||||
return caos_errs.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting")
|
return nil, caos_errs.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting")
|
||||||
}
|
}
|
||||||
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
|
||||||
|
|
||||||
_, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor))
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor))
|
||||||
return err
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
err = AppendAndReduce(secondFactorModel, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return writeModelToObjectDetails(&secondFactorModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, error) {
|
func (c *Commands) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, *domain.ObjectDetails, error) {
|
||||||
if orgID == "" {
|
if orgID == "" {
|
||||||
return domain.MultiFactorTypeUnspecified, caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing")
|
return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing")
|
||||||
}
|
}
|
||||||
if !multiFactor.Valid() {
|
if !multiFactor.Valid() {
|
||||||
return domain.MultiFactorTypeUnspecified, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
||||||
}
|
}
|
||||||
multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor)
|
multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor)
|
||||||
err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
|
err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return domain.MultiFactorTypeUnspecified, err
|
return domain.MultiFactorTypeUnspecified, nil, err
|
||||||
}
|
}
|
||||||
if multiFactorModel.State == domain.FactorStateActive {
|
if multiFactorModel.State == domain.FactorStateActive {
|
||||||
return domain.MultiFactorTypeUnspecified, caos_errs.ThrowAlreadyExists(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.AlreadyExists")
|
return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowAlreadyExists(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.AlreadyExists")
|
||||||
}
|
}
|
||||||
|
|
||||||
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel)
|
||||||
|
|
||||||
if _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorAddedEvent(ctx, orgAgg, multiFactor)); err != nil {
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorAddedEvent(ctx, orgAgg, multiFactor))
|
||||||
return domain.MultiFactorTypeUnspecified, err
|
if err != nil {
|
||||||
|
return domain.MultiFactorTypeUnspecified, nil, err
|
||||||
}
|
}
|
||||||
|
err = AppendAndReduce(multiFactorModel, pushedEvents...)
|
||||||
return multiFactorModel.MFAType, nil
|
if err != nil {
|
||||||
|
return domain.MultiFactorTypeUnspecified, nil, err
|
||||||
|
}
|
||||||
|
return multiFactorModel.MultiFactoryWriteModel.MFAType, writeModelToObjectDetails(&multiFactorModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Commands) RemoveMultiFactorFromLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) error {
|
func (c *Commands) RemoveMultiFactorFromLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (*domain.ObjectDetails, error) {
|
||||||
if orgID == "" {
|
if orgID == "" {
|
||||||
return caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing")
|
return nil, caos_errs.ThrowInvalidArgument(nil, "Org-M0fsf", "Errors.ResourceOwnerMissing")
|
||||||
}
|
}
|
||||||
if !multiFactor.Valid() {
|
if !multiFactor.Valid() {
|
||||||
return caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
return nil, caos_errs.ThrowInvalidArgument(nil, "Org-5m9fs", "Errors.Org.LoginPolicy.MFA.Unspecified")
|
||||||
}
|
}
|
||||||
multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor)
|
multiFactorModel := NewOrgMultiFactorWriteModel(orgID, multiFactor)
|
||||||
err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
|
err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
if multiFactorModel.State == domain.FactorStateUnspecified || multiFactorModel.State == domain.FactorStateRemoved {
|
if multiFactorModel.State == domain.FactorStateUnspecified || multiFactorModel.State == domain.FactorStateRemoved {
|
||||||
return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting")
|
return nil, caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting")
|
||||||
}
|
}
|
||||||
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
|
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
|
||||||
|
|
||||||
_, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorRemovedEvent(ctx, orgAgg, multiFactor))
|
pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorRemovedEvent(ctx, orgAgg, multiFactor))
|
||||||
return err
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
err = AppendAndReduce(multiFactorModel, pushedEvents...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return writeModelToObjectDetails(&multiFactorModel.WriteModel), nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1043,7 +1043,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) {
|
|||||||
r := &Commands{
|
r := &Commands{
|
||||||
eventstore: tt.fields.eventstore,
|
eventstore: tt.fields.eventstore,
|
||||||
}
|
}
|
||||||
got, err := r.AddSecondFactorToLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
got, _, err := r.AddSecondFactorToLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
||||||
if tt.res.err == nil {
|
if tt.res.err == nil {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
@ -1194,7 +1194,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) {
|
|||||||
r := &Commands{
|
r := &Commands{
|
||||||
eventstore: tt.fields.eventstore,
|
eventstore: tt.fields.eventstore,
|
||||||
}
|
}
|
||||||
err := r.RemoveSecondFactorFromLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
_, err := r.RemoveSecondFactorFromLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
||||||
if tt.res.err == nil {
|
if tt.res.err == nil {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
@ -1310,7 +1310,7 @@ func TestCommandSide_AddMultiFactorLoginPolicy(t *testing.T) {
|
|||||||
r := &Commands{
|
r := &Commands{
|
||||||
eventstore: tt.fields.eventstore,
|
eventstore: tt.fields.eventstore,
|
||||||
}
|
}
|
||||||
got, err := r.AddMultiFactorToLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
got, _, err := r.AddMultiFactorToLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
||||||
if tt.res.err == nil {
|
if tt.res.err == nil {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
@ -1461,7 +1461,7 @@ func TestCommandSide_RemoveMultiFactorLoginPolicy(t *testing.T) {
|
|||||||
r := &Commands{
|
r := &Commands{
|
||||||
eventstore: tt.fields.eventstore,
|
eventstore: tt.fields.eventstore,
|
||||||
}
|
}
|
||||||
err := r.RemoveMultiFactorFromLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
_, err := r.RemoveMultiFactorFromLoginPolicy(tt.args.ctx, tt.args.factor, tt.args.resourceOwner)
|
||||||
if tt.res.err == nil {
|
if tt.res.err == nil {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -93,6 +93,7 @@ func (wm *ApplicationKeyWriteModel) Reduce() error {
|
|||||||
wm.ClientID = e.ClientID
|
wm.ClientID = e.ClientID
|
||||||
wm.ExpirationDate = e.ExpirationDate
|
wm.ExpirationDate = e.ExpirationDate
|
||||||
wm.KeyType = e.KeyType
|
wm.KeyType = e.KeyType
|
||||||
|
wm.State = domain.AppStateActive
|
||||||
case *project.ApplicationKeyRemovedEvent:
|
case *project.ApplicationKeyRemovedEvent:
|
||||||
wm.State = domain.AppStateRemoved
|
wm.State = domain.AppStateRemoved
|
||||||
case *project.ProjectRemovedEvent:
|
case *project.ProjectRemovedEvent:
|
||||||
|
|||||||
@ -262,6 +262,7 @@ message UserGrant {
|
|||||||
|
|
||||||
string project_id = 14;
|
string project_id = 14;
|
||||||
string project_name = 15;
|
string project_name = 15;
|
||||||
|
string project_grant_id = 16;
|
||||||
}
|
}
|
||||||
|
|
||||||
enum UserGrantState {
|
enum UserGrantState {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user