feat: cascade changes and removes (#1239)

* chore(site): dependabot deps (#1148) * chore(deps): bump highlight.js from 10.4.1 to 10.5.0 in /site (#1143) Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.1 to 10.5.0. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.1...10.5.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/plugin-transform-runtime in /site (#1144) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.12.1 to 7.12.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.12.10/packages/babel-plugin-transform-runtime) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sirv from 1.0.7 to 1.0.10 in /site (#1145) Bumps [sirv](https://github.com/lukeed/sirv) from 1.0.7 to 1.0.10. - [Release notes](https://github.com/lukeed/sirv/releases) - [Commits](https://github.com/lukeed/sirv/compare/v1.0.7...v1.0.10) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump rollup from 2.34.0 to 2.35.1 in /site (#1142) Bumps [rollup](https://github.com/rollup/rollup) from 2.34.0 to 2.35.1. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v2.34.0...v2.35.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @rollup/plugin-node-resolve in /site (#1141) Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins) from 10.0.0 to 11.0.1. - [Release notes](https://github.com/rollup/plugins/releases) - [Commits](https://github.com/rollup/plugins/compare/node-resolve-v10.0.0...commonjs-v11.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump marked from 1.2.5 to 1.2.7 in /site (#1140) Bumps [marked](https://github.com/markedjs/marked) from 1.2.5 to 1.2.7. - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js) - [Commits](https://github.com/markedjs/marked/compare/v1.2.5...v1.2.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/core from 7.12.9 to 7.12.10 in /site (#1139) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.9 to 7.12.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.12.10/packages/babel-core) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump rollup-plugin-svelte from 6.1.1 to 7.0.0 in /site (#1138) Bumps [rollup-plugin-svelte](https://github.com/sveltejs/rollup-plugin-svelte) from 6.1.1 to 7.0.0. - [Release notes](https://github.com/sveltejs/rollup-plugin-svelte/releases) - [Changelog](https://github.com/sveltejs/rollup-plugin-svelte/blob/master/CHANGELOG.md) - [Commits](https://github.com/sveltejs/rollup-plugin-svelte/compare/v6.1.1...v7.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/preset-env from 7.12.1 to 7.12.11 in /site (#1137) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.11. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.12.11/packages/babel-preset-env) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * downgrade svelte plugin Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(console): dependabot deps (#1147) * chore(deps-dev): bump @types/node from 14.14.13 to 14.14.19 in /console (#1146) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.13 to 14.14.19. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.13.0 to 0.14.0 in /console (#1129) Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.13.0...0.14.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service in /console (#1128) Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.4 to 11.0.5. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.0.5/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/cli from 11.0.4 to 11.0.5 in /console (#1127) Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.4 to 11.0.5. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.0.4...v11.0.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular in /console (#1126) Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.4 to 0.1100.5. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * audit Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: e-mail templates (#1158) * View definition added * Get templates and texts from the database. * Fill in texts in templates * Fill in texts in templates * Client API added * Weekly backup * Weekly backup * Daily backup * Weekly backup * Tests added * Corrections from merge branch * Fixes from pull request review * chore(console): dependencies (#1189) * chore(deps-dev): bump @angular/language-service in /console (#1187) Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.5 to 11.0.9. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.0.9/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google-proto-files from 2.3.0 to 2.4.0 in /console (#1186) Bumps [google-proto-files](https://github.com/googleapis/nodejs-proto-files) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/googleapis/nodejs-proto-files/releases) - [Changelog](https://github.com/googleapis/nodejs-proto-files/blob/master/CHANGELOG.md) - [Commits](https://github.com/googleapis/nodejs-proto-files/compare/v2.3.0...v2.4.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.19 to 14.14.21 in /console (#1185) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.19 to 14.14.21. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/cli from 11.0.5 to 11.0.7 in /console (#1184) Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.5 to 11.0.7. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.0.5...v11.0.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump karma from 5.2.3 to 6.0.0 in /console (#1183) Bumps [karma](https://github.com/karma-runner/karma) from 5.2.3 to 6.0.0. - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](https://github.com/karma-runner/karma/compare/v5.2.3...v6.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular in /console (#1182) Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.5 to 0.1100.7. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: change login to command side * feat: change login to command side * fix: fix push on user * fix(console): trigger unauthenticated dialog only once (#1170) * fix: trigger dialog once * remove log * typed trigger * chore(console): dependencies (#1205) * chore(deps-dev): bump stylelint from 13.8.0 to 13.9.0 in /console (#1204) Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.8.0 to 13.9.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.8.0...13.9.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service in /console (#1203) Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.9 to 11.1.0. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.1.0/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump karma from 6.0.0 to 6.0.1 in /console (#1202) Bumps [karma](https://github.com/karma-runner/karma) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](https://github.com/karma-runner/karma/compare/v6.0.0...v6.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/cli from 11.0.7 to 11.1.1 in /console (#1201) Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.7 to 11.1.1. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.0.7...v11.1.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.2 to 3.6.3 in /console (#1200) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps-dev): bump @types/node from 14.14.21 to 14.14.22 in /console (#1199) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.21 to 14.14.22. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular in /console (#1198) Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.7 to 0.1101.1. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps): bump angularx-qrcode from 10.0.11 to 11.0.0 in /console (#1197) Bumps [angularx-qrcode](https://github.com/cordobo/angularx-qrcode) from 10.0.11 to 11.0.0. - [Release notes](https://github.com/cordobo/angularx-qrcode/releases) - [Commits](https://github.com/cordobo/angularx-qrcode/compare/10.0.11...11.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix pack lock Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: handle sequence correctly in subscription (#1209) * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * fix: correct master after merges again (#1230) * chore(docs): correct `iss` claim of jwt profile (#1229) * core(docs): correct `iss` claim of jwt profile * fix: correct master after merges again (#1230) * feat(login): new palette based styles (#1149) * chore(deps-dev): bump rollup from 2.33.2 to 2.34.0 in /site (#1040) Bumps [rollup](https://github.com/rollup/rollup) from 2.33.2 to 2.34.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v2.33.2...v2.34.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump svelte-i18n from 3.2.5 to 3.3.0 in /site (#1039) Bumps [svelte-i18n](https://github.com/kaisermann/svelte-i18n) from 3.2.5 to 3.3.0. - [Release notes](https://github.com/kaisermann/svelte-i18n/releases) - [Changelog](https://github.com/kaisermann/svelte-i18n/blob/main/CHANGELOG.md) - [Commits](https://github.com/kaisermann/svelte-i18n/compare/v3.2.5...v3.3.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @rollup/plugin-url from 5.0.1 to 6.0.0 in /site (#1038) Bumps [@rollup/plugin-url](https://github.com/rollup/plugins) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/rollup/plugins/releases) - [Commits](https://github.com/rollup/plugins/compare/url-v5.0.1...url-v6.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump svelte from 3.29.7 to 3.30.1 in /site (#1037) Bumps [svelte](https://github.com/sveltejs/svelte) from 3.29.7 to 3.30.1. - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/master/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/compare/v3.29.7...v3.30.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump marked from 1.2.4 to 1.2.5 in /site (#1036) Bumps [marked](https://github.com/markedjs/marked) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/release.config.js) - [Commits](https://github.com/markedjs/marked/compare/v1.2.4...v1.2.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/core from 7.12.3 to 7.12.9 in /site (#1035) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.3 to 7.12.9. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.12.9/packages/babel-core) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump rollup-plugin-svelte from 6.1.1 to 7.0.0 in /site (#1034) Bumps [rollup-plugin-svelte](https://github.com/sveltejs/rollup-plugin-svelte) from 6.1.1 to 7.0.0. - [Release notes](https://github.com/sveltejs/rollup-plugin-svelte/releases) - [Changelog](https://github.com/sveltejs/rollup-plugin-svelte/blob/master/CHANGELOG.md) - [Commits](https://github.com/sveltejs/rollup-plugin-svelte/compare/v6.1.1...v7.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @rollup/plugin-commonjs in /site (#1033) Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins) from 15.1.0 to 17.0.0. - [Release notes](https://github.com/rollup/plugins/releases) - [Commits](https://github.com/rollup/plugins/compare/commonjs-v15.1.0...commonjs-v17.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @rollup/plugin-node-resolve in /site (#1032) Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins) from 10.0.0 to 11.0.0. - [Release notes](https://github.com/rollup/plugins/releases) - [Commits](https://github.com/rollup/plugins/compare/node-resolve-v10.0.0...commonjs-v11.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/preset-env from 7.12.1 to 7.12.7 in /site (#1031) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-preset-env) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go * bundle files, lgn-color, legacy theme * remove old references * light dark context, button styles, zitadel brand * button theme, edit templates * typography theme mixins * input styles, container, extend light dark palette * footer, palette, container * container, label, assets, header * action container, input, typography label, adapt button theme * a and footer styles, adapt palette * user log profile, resourcetempurl * postinstall againnn * wrochage * rm local grpc * button elevation, helper for components * radio * radio button mixins, bundle * qr code styles, secret clipboard, icon pack * stroked buttons, icon buttons, header action, typography * fix password policy styles * account selection * account selection, lgn avatar * mocks * template fixes, animations scss * checkbox, register temp * checkbox appr * fix checkbox, remove input interference * select theme * avatar script, user selection, password policy validation fix * fix formfield state for register and change pwd * footer, main style, qr code fix, mfa type fix, account sel, checkbox * fotter tos, user select * reverse buttons for intial submit action * theme script, themed error messages, header img source * content wrapper, i18n, mobile * emptyline * idp mixins, fix unstyled html * register container * register layout, list themes, policy theme, register org * massive asset cleanup * fix source path, add missing icon, fix complexity refs, prefix * remove material icons, unused assets, fix icon font * move icon pack * avatar, contrast theme, error fix * zitadel css map * revert go mod * fix mfa verify actions * add idp styles * fix google colors, idp styles * fix: bugs * fix register options, google * fix script, mobile layout * precompile font selection * go mod tidy * assets and cleanup * input suffix, fix alignment, actions, add progress bar themes * progress bar mixins, layout fixes * remove test from loginname * cleanup comments, scripts * clear comments * fix external back button * fix mfa alignment * fix actions layout, on dom change listener for suffix * free tier change, success label * fix: button font line-height * remove tabindex * remove comment * remove comment * Update internal/ui/login/handler/password_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Maximilian Peintner <csaq7175@uibk.ac.at> Co-authored-by: Livio Amstutz <livio.a@gmail.com> * feat: external users * chore(console): dependencies (#1233) * chore(deps-dev): bump @angular-devkit/build-angular in /console (#1214) Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1101.1 to 0.1101.2. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump karma from 6.0.1 to 6.0.3 in /console (#1215) Bumps [karma](https://github.com/karma-runner/karma) from 6.0.1 to 6.0.3. - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](https://github.com/karma-runner/karma/compare/v6.0.1...v6.0.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service in /console (#1216) Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.1.0 to 11.1.1. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.1.1/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/cli from 11.1.1 to 11.1.2 in /console (#1217) Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.1.1 to 11.1.2. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.1.1...v11.1.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * lock * site deps Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * feat: cascade remove user grants on user remove * feat: cascade remove roles * feat: verified domain * feat: cascade remove on idp config remove * feat: cascade remove on system idp config remove * fix: get email texts with default language (#1238) * fix: login policy * fix: login policy * fix: cascade delete on remove idp from default policy * fix(login): mail verification (#1237) * fix: mail verification * not block, stroked * fix: issues of new login ui (#1241) * fix: i18n of register * fix: autofocus * feat(operator): zitadel and database operator (#1208) * feat(operator): add base for zitadel operator * fix(operator): changed pipeline to release operator * fix(operator): fmt with only one parameter * fix(operator): corrected workflow job name * fix(zitadelctl): added restore and backuplist command * fix(zitadelctl): scale for restore * chore(container): use scratch for deploy container * fix(zitadelctl): limit image to scratch * fix(migration): added migration scripts for newer version * fix(operator): changed handling of kubeconfig in operator logic * fix(operator): changed handling of secrets in operator logic * fix(operator): use new version of zitadel * fix(operator): added path for migrations * fix(operator): delete doublets of migration scripts * fix(operator): delete subpaths and integrate logic into init container * fix(operator): corrected path in dockerfile for local migrations * fix(operator): added migrations for cockroachdb-secure * fix(operator): delete logic for ambassador module * fix(operator): added read and write secret commands * fix(operator): correct and align operator pipeline with zitadel pipeline * fix(operator): correct yaml error in operator pipeline * fix(operator): correct action name in operator pipeline * fix(operator): correct case-sensitive filename in operator pipeline * fix(operator): upload artifacts from buildx output * fix(operator): corrected attribute spelling error * fix(operator): combined jobs for operator binary and image * fix(operator): added missing comma in operator pipeline * fix(operator): added codecov for operator image * fix(operator): added codecov for operator image * fix(testing): code changes for testing and several unit-tests (#1009) * fix(operator): usage of interface of kubernetes client for testing and several unit-tests * fix(operator): several unit-tests * fix(operator): several unit-tests * fix(operator): changed order for the operator logic * fix(operator): added version of zitadelctl from semantic release * fix(operator): corrected function call with version of zitadelctl * fix(operator): corrected function call with version of zitadelctl * fix(operator): add check output to operator release pipeline * fix(operator): set --short length everywhere to 12 * fix(operator): zitadel setup in job instead of exec with several unit tests * fix(operator): fixes to combine newest zitadel and testing branch * fix(operator): corrected path in Dockerfile * fix(operator): fixed unit-test that was ignored during changes * fix(operator): fixed unit-test that was ignored during changes * fix(operator): corrected Dockerfile to correctly use env variable * fix(operator): quickfix takeoff deployment * fix(operator): corrected the clusterrolename in the applied artifacts * fix: update secure migrations * fix(operator): migrations (#1057) * fix(operator): copied migrations from orbos repository * fix(operator): newest migrations * chore: use cockroach-secure * fix: rename migration * fix: remove insecure cockroach migrations Co-authored-by: Stefan Benz <stefan@caos.ch> * fix: finalize labels * fix(operator): cli logging concurrent and fixe deployment of operator during restore * fix: finalize labels and cli commands * fix: restore * chore: cockroachdb is always secure * chore: use orbos consistent-labels latest commit * test: make tests compatible with new labels * fix: default to sa token for start command * fix: use cockroachdb v12.02 * fix: don't delete flyway user * test: fix migration test * fix: use correct table qualifiers * fix: don't alter sequence ownership * fix: upgrade flyway * fix: change ownership of all dbs and tables to admin user * fix: change defaultdb user * fix: treat clientid status codes >= 400 as errors * fix: reconcile specified ZITADEL version, not binary version * fix: add ca-certs * fix: use latest orbos code * fix: use orbos with fixed race condition * fix: use latest ORBOS code * fix: use latest ORBOS code * fix: make migration and scaling around restoring work * fix(operator): move zitadel operator * chore(migrations): include owner change migration * feat(db): add code base for database operator * fix(db): change used image registry for database operator * fix(db): generated mock * fix(db): add accidentally ignored file * fix(db): add cockroachdb backup image to pipeline * fix(db): correct pipeline and image versions * fix(db): correct version of used orbos * fix(db): correct database import * fix(db): go mod tidy * fix(db): use new version for orbos * fix(migrations): include migrations into zitadelctl binary (#1211) * fix(db): use statik to integrate migrations into binary * fix(migrations): corrections unit tests and pipeline for integrated migrations into zitadelctl binary * fix(migrations): correction in dockerfile for pipeline build * fix(migrations): correction in dockerfile for pipeline build * fix(migrations): dockerfile changes for cache optimization * fix(database): correct used part-of label in database operator * fix(database): correct used selectable label in zitadel operator * fix(operator): correct lables for user secrets in zitadel operator * fix(operator): correct lables for service test in zitadel operator * fix: don't enable database features for user operations (#1227) * fix: don't enable database features for user operations * fix: omit database feature for connection info adapter * fix: use latest orbos version * fix: update ORBOS (#1240) Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Elio Bischof <eliobischof@gmail.com> * Merge branch 'new-eventstore' into cascades # Conflicts: # internal/auth/repository/auth_request.go # internal/auth/repository/eventsourcing/eventstore/auth_request.go # internal/management/repository/eventsourcing/eventstore/user_grant.go # internal/management/repository/user_grant.go # internal/ui/login/handler/external_login_handler.go # internal/ui/login/handler/external_register_handler.go # internal/ui/login/handler/init_password_handler.go # internal/ui/login/handler/register_handler.go # internal/user/repository/view/model/notify_user.go # internal/v2/command/org_policy_login.go # internal/v2/command/project.go # internal/v2/command/user.go # internal/v2/command/user_human.go # internal/v2/command/user_human_externalidp.go # internal/v2/command/user_human_init.go # internal/v2/command/user_human_password.go # internal/v2/command/user_human_webauthn.go # internal/v2/domain/next_step.go # internal/v2/domain/policy_login.go # internal/v2/domain/request.go * Merge branch 'new-eventstore' into cascades # Conflicts: # internal/auth/repository/auth_request.go # internal/auth/repository/eventsourcing/eventstore/auth_request.go # internal/management/repository/eventsourcing/eventstore/user_grant.go # internal/management/repository/user_grant.go # internal/ui/login/handler/external_login_handler.go # internal/ui/login/handler/external_register_handler.go # internal/ui/login/handler/init_password_handler.go # internal/ui/login/handler/register_handler.go # internal/user/repository/view/model/notify_user.go # internal/v2/command/org_policy_login.go # internal/v2/command/project.go # internal/v2/command/user.go # internal/v2/command/user_human.go # internal/v2/command/user_human_externalidp.go # internal/v2/command/user_human_init.go # internal/v2/command/user_human_password.go # internal/v2/command/user_human_webauthn.go # internal/v2/domain/next_step.go # internal/v2/domain/policy_login.go # internal/v2/domain/request.go * chore: add local migrate_local.go again (#1261) * fix: logging on cascade removes * fix: migrations * fix: tests * fix: tests * chore: pass params in migrate_local.go * migrations * fix query * fix tests * fix tests Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Michael Waeger <49439088+michaelulrichwaeger@users.noreply.github.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Maximilian Peintner <csaq7175@uibk.ac.at> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Elio Bischof <eliobischof@gmail.com>
2025-08-11 21:17:32 +00:00 · 2021-02-09 10:14:40 +01:00
parent db11cf1da3
commit b0bcc13a92
75 changed files with 1381 additions and 426 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -696,13 +696,6 @@ func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView) bool {

 func (repo *AuthRequestRepo) getLoginPolicy(ctx context.Context, orgID string) (*iam_model.LoginPolicyView, error) {
 	policy, err := repo.View.LoginPolicyByAggregateID(orgID)
-	if errors.IsNotFound(err) {
-		policy, err = repo.View.LoginPolicyByAggregateID(repo.IAMID)
-		if err != nil {
-			return nil, err
-		}
-		policy.Default = true
-	}
 	if err != nil {
 		return nil, err
 	}
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
@@ -3,6 +3,7 @@ package eventstore
 import (
 	"context"
 	"encoding/json"
+	"github.com/caos/zitadel/internal/v2/domain"
 	"testing"
 	"time"

@@ -213,14 +214,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 		MultiFactorCheckLifeTime   time.Duration
 	}
 	type args struct {
-		request       *model.AuthRequest
+		request       *domain.AuthRequest
 		checkLoggedIn bool
 	}
 	tests := []struct {
 		name    string
 		fields  fields
 		args    args
-		want    []model.NextStep
+		want    []domain.NextStep
 		wantErr func(error) bool
 	}{
 		{
@@ -233,8 +234,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 		{
 			"prompt none and checkLoggedIn false, callback step",
 			fields{},
-			args{&model.AuthRequest{Prompt: model.PromptNone}, false},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			args{&domain.AuthRequest{Prompt: domain.PromptNone}, false},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -242,8 +243,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			fields{
 				userSessionViewProvider: &mockViewNoUserSession{},
 			},
-			args{&model.AuthRequest{}, false},
-			[]model.NextStep{&model.LoginStep{}},
+			args{&domain.AuthRequest{}, false},
+			[]domain.NextStep{&domain.LoginStep{}},
 			nil,
 		},
 		{
@@ -251,8 +252,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			fields{
 				userSessionViewProvider: &mockViewNoUserSession{},
 			},
-			args{&model.AuthRequest{LinkingUsers: []*model.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "ExternalUserID"}}}, false},
-			[]model.NextStep{&model.ExternalNotFoundOptionStep{}},
+			args{&domain.AuthRequest{LinkingUsers: []*domain.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "ExternalUserID"}}}, false},
+			[]domain.NextStep{&domain.ExternalNotFoundOptionStep{}},
 			nil,
 		},
 		{
@@ -260,7 +261,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			fields{
 				userSessionViewProvider: &mockViewErrUserSession{},
 			},
-			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
+			args{&domain.AuthRequest{Prompt: domain.PromptSelectAccount}, false},
 			nil,
 			errors.IsInternal,
 		},
@@ -283,11 +284,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userEventProvider: &mockEventUser{},
 			},
-			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
-			[]model.NextStep{
-				&model.LoginStep{},
-				&model.SelectUserStep{
-					Users: []model.UserSelection{
+			args{&domain.AuthRequest{Prompt: domain.PromptSelectAccount}, false},
+			[]domain.NextStep{
+				&domain.LoginStep{},
+				&domain.SelectUserStep{
+					Users: []domain.UserSelection{
 						{
 							UserID:            "id1",
 							LoginName:         "loginname1",
@@ -321,11 +322,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userEventProvider: &mockEventUser{},
 			},
-			args{&model.AuthRequest{Prompt: model.PromptSelectAccount, RequestedOrgID: "orgID1"}, false},
-			[]model.NextStep{
-				&model.LoginStep{},
-				&model.SelectUserStep{
-					Users: []model.UserSelection{
+			args{&domain.AuthRequest{Prompt: domain.PromptSelectAccount, RequestedOrgID: "orgID1"}, false},
+			[]domain.NextStep{
+				&domain.LoginStep{},
+				&domain.SelectUserStep{
+					Users: []domain.UserSelection{
 						{
 							UserID:            "id1",
 							LoginName:         "loginname1",
@@ -348,11 +349,11 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				userEventProvider: &mockEventUser{},
 			},
-			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
-			[]model.NextStep{
-				&model.LoginStep{},
-				&model.SelectUserStep{
-					Users: []model.UserSelection{},
+			args{&domain.AuthRequest{Prompt: domain.PromptSelectAccount}, false},
+			[]domain.NextStep{
+				&domain.LoginStep{},
+				&domain.SelectUserStep{
+					Users: []domain.UserSelection{},
 				}},
 			nil,
 		},
@@ -362,7 +363,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userViewProvider:  &mockViewNoUser{},
 				userEventProvider: &mockEventUser{},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsNotFound,
 		},
@@ -378,7 +379,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsPreconditionFailed,
 		},
@@ -394,7 +395,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				},
 				orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsPreconditionFailed,
 		},
@@ -405,7 +406,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewErrOrg{},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsInternal,
 		},
@@ -416,7 +417,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: org_model.OrgStateInactive},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsPreconditionFailed,
 		},
@@ -430,8 +431,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
-			[]model.NextStep{&model.PasswordStep{}},
+			args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false},
+			[]domain.NextStep{&domain.PasswordStep{}},
 			nil,
 		},
 		{
@@ -442,7 +443,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider:       &mockEventUser{},
 				orgViewProvider:         &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
 			nil,
 			errors.IsInternal,
 		},
@@ -457,8 +458,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider: &mockEventUser{},
 				orgViewProvider:   &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID"}, false},
-			[]model.NextStep{&model.InitUserStep{
+			args{&domain.AuthRequest{UserID: "UserID"}, false},
+			[]domain.NextStep{&domain.InitUserStep{
 				PasswordSet: true,
 			}},
 			nil,
@@ -475,8 +476,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				orgViewProvider:          &mockViewOrg{State: org_model.OrgStateActive},
 				MultiFactorCheckLifeTime: 10 * time.Hour,
 			},
-			args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{PasswordlessType: iam_model.PasswordlessTypeAllowed}}, false},
-			[]model.NextStep{&model.PasswordlessStep{}},
+			args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{PasswordlessType: domain.PasswordlessTypeAllowed}}, false},
+			[]domain.NextStep{&domain.PasswordlessStep{}},
 			nil,
 		},
 		{
@@ -497,14 +498,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				orgViewProvider:          &mockViewOrg{State: org_model.OrgStateActive},
 				MultiFactorCheckLifeTime: 10 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID: "UserID",
-				LoginPolicy: &iam_model.LoginPolicyView{
-					PasswordlessType: iam_model.PasswordlessTypeAllowed,
-					MultiFactors:     []iam_model.MultiFactorType{iam_model.MultiFactorTypeU2FWithPIN},
+				LoginPolicy: &domain.LoginPolicy{
+					PasswordlessType: domain.PasswordlessTypeAllowed,
+					MultiFactors:     []domain.MultiFactorType{domain.MultiFactorTypeU2FWithPIN},
 				},
 			}, false},
-			[]model.NextStep{&model.VerifyEMailStep{}},
+			[]domain.NextStep{&domain.VerifyEMailStep{}},
 			nil,
 		},
 		{
@@ -515,8 +516,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				userEventProvider:       &mockEventUser{},
 				orgViewProvider:         &mockViewOrg{State: org_model.OrgStateActive},
 			},
-			args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
-			[]model.NextStep{&model.InitPasswordStep{}},
+			args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false},
+			[]domain.NextStep{&domain.InitPasswordStep{}},
 			nil,
 		},
 		{
@@ -533,8 +534,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				orgViewProvider:           &mockViewOrg{State: org_model.OrgStateActive},
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{UserID: "UserID", SelectedIDPConfigID: "IDPConfigID"}, false},
-			[]model.NextStep{&model.ExternalLoginStep{SelectedIDPConfigID: "IDPConfigID"}},
+			args{&domain.AuthRequest{UserID: "UserID", SelectedIDPConfigID: "IDPConfigID"}, false},
+			[]domain.NextStep{&domain.ExternalLoginStep{SelectedIDPConfigID: "IDPConfigID"}},
 			nil,
 		},
 		{
@@ -558,14 +559,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime:  18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID:              "UserID",
 					SelectedIDPConfigID: "IDPConfigID",
-					Request:             &model.AuthRequestOIDC{},
-					LoginPolicy:         &iam_model.LoginPolicyView{},
+					Request:             &domain.AuthRequestOIDC{},
+					LoginPolicy:         &domain.LoginPolicy{},
 				},
 				false},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -579,8 +580,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				orgViewProvider:       &mockViewOrg{State: org_model.OrgStateActive},
 				PasswordCheckLifeTime: 10 * 24 * time.Hour,
 			},
-			args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
-			[]model.NextStep{&model.PasswordStep{}},
+			args{&domain.AuthRequest{UserID: "UserID", LoginPolicy: &domain.LoginPolicy{}}, false},
+			[]domain.NextStep{&domain.PasswordStep{}},
 			nil,
 		},
 		{
@@ -602,13 +603,13 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				ExternalLoginCheckLifeTime: 10 * 24 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID:              "UserID",
 					SelectedIDPConfigID: "IDPConfigID",
-					Request:             &model.AuthRequestOIDC{},
-					LoginPolicy:         &iam_model.LoginPolicyView{},
+					Request:             &domain.AuthRequestOIDC{},
+					LoginPolicy:         &domain.LoginPolicy{},
 				}, false},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -629,14 +630,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID: "UserID",
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				}, false},
-			[]model.NextStep{&model.MFAVerificationStep{
-				MFAProviders: []model.MFAType{model.MFATypeOTP},
+			[]domain.NextStep{&domain.MFAVerificationStep{
+				MFAProviders: []domain.MFAType{domain.MFATypeOTP},
 			}},
 			nil,
 		},
@@ -657,14 +658,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID: "UserID",
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				}, false},
-			[]model.NextStep{&model.MFAVerificationStep{
-				MFAProviders: []model.MFAType{model.MFATypeOTP},
+			[]domain.NextStep{&domain.MFAVerificationStep{
+				MFAProviders: []domain.MFAType{domain.MFATypeOTP},
 			}},
 			nil,
 		},
@@ -687,15 +688,15 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime:  18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID:              "UserID",
 					SelectedIDPConfigID: "IDPConfigID",
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				}, false},
-			[]model.NextStep{&model.MFAVerificationStep{
-				MFAProviders: []model.MFAType{model.MFATypeOTP},
+			[]domain.NextStep{&domain.MFAVerificationStep{
+				MFAProviders: []domain.MFAType{domain.MFATypeOTP},
 			}},
 			nil,
 		},
@@ -718,13 +719,13 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID: "UserID",
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				}, false},
-			[]model.NextStep{&model.ChangePasswordStep{}},
+			[]domain.NextStep{&domain.ChangePasswordStep{}},
 			nil,
 		},
 		{
@@ -743,13 +744,13 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID: "UserID",
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, false},
-			[]model.NextStep{&model.VerifyEMailStep{}},
+			[]domain.NextStep{&domain.VerifyEMailStep{}},
 			nil,
 		},
 		{
@@ -769,13 +770,13 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID: "UserID",
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, false},
-			[]model.NextStep{&model.ChangePasswordStep{}, &model.VerifyEMailStep{}},
+			[]domain.NextStep{&domain.ChangePasswordStep{}, &domain.VerifyEMailStep{}},
 			nil,
 		},
 		{
@@ -796,14 +797,14 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID:  "UserID",
-				Request: &model.AuthRequestOIDC{},
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				Request: &domain.AuthRequestOIDC{},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, false},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -824,15 +825,15 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID:  "UserID",
-				Prompt:  model.PromptNone,
-				Request: &model.AuthRequestOIDC{},
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				Prompt:  domain.PromptNone,
+				Request: &domain.AuthRequestOIDC{},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, true},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -856,15 +857,15 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID:  "UserID",
-				Prompt:  model.PromptNone,
-				Request: &model.AuthRequestOIDC{},
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				Prompt:  domain.PromptNone,
+				Request: &domain.AuthRequestOIDC{},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, true},
-			[]model.NextStep{&model.GrantRequiredStep{}},
+			[]domain.NextStep{&domain.GrantRequiredStep{}},
 			nil,
 		},
 		{
@@ -888,15 +889,15 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
-			args{&model.AuthRequest{
+			args{&domain.AuthRequest{
 				UserID:  "UserID",
-				Prompt:  model.PromptNone,
-				Request: &model.AuthRequestOIDC{},
-				LoginPolicy: &iam_model.LoginPolicyView{
-					SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				Prompt:  domain.PromptNone,
+				Request: &domain.AuthRequestOIDC{},
+				LoginPolicy: &domain.LoginPolicy{
+					SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 				},
 			}, true},
-			[]model.NextStep{&model.RedirectToCallbackStep{}},
+			[]domain.NextStep{&domain.RedirectToCallbackStep{}},
 			nil,
 		},
 		{
@@ -915,13 +916,13 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID:              "UserID",
-					LoginPolicy:         &iam_model.LoginPolicyView{},
+					LoginPolicy:         &domain.LoginPolicy{},
 					SelectedIDPConfigID: "IDPConfigID",
-					LinkingUsers:        []*model.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}},
+					LinkingUsers:        []*domain.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}},
 				}, false},
-			[]model.NextStep{&model.PasswordStep{}},
+			[]domain.NextStep{&domain.PasswordStep{}},
 			nil,
 		},
 		{
@@ -942,15 +943,15 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				PasswordCheckLifeTime:     10 * 24 * time.Hour,
 			},
 			args{
-				&model.AuthRequest{
+				&domain.AuthRequest{
 					UserID:              "UserID",
 					SelectedIDPConfigID: "IDPConfigID",
-					LinkingUsers:        []*model.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}},
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+					LinkingUsers:        []*domain.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}},
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				}, false},
-			[]model.NextStep{&model.LinkUsersStep{}},
+			[]domain.NextStep{&domain.LinkUsersStep{}},
 			nil,
 		},
 	}
@@ -990,7 +991,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 	}
 	type args struct {
 		userSession *user_model.UserSessionView
-		request     *model.AuthRequest
+		request     *domain.AuthRequest
 		user        *user_model.UserView
 		policy      *iam_model.LoginPolicyView
 	}
@@ -998,7 +999,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 		name        string
 		fields      fields
 		args        args
-		want        model.NextStep
+		want        domain.NextStep
 		wantChecked bool
 		errFunc     func(err error) bool
 	}{
@@ -1006,7 +1007,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 		//	"required, prompt and false", //TODO: enable when LevelsOfAssurance is checked
 		//	fields{},
 		//	args{
-		//		request: &model.AuthRequest{PossibleLOAs: []model.LevelOfAssurance{}},
+		//		request: &domain.AuthRequest{PossibleLOAs: []model.LevelOfAssurance{}},
 		//		user: &user_model.UserView{
 		//			OTPState: user_model.MFAStateReady,
 		//		},
@@ -1019,8 +1020,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{
 						ForceMFA: true,
 					},
 				},
@@ -1040,8 +1041,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{},
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{},
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
@@ -1059,9 +1060,9 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				},
 				user: &user_model.UserView{
@@ -1070,9 +1071,9 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 					},
 				},
 			},
-			&model.MFAPromptStep{
-				MFAProviders: []model.MFAType{
-					model.MFATypeOTP,
+			&domain.MFAPromptStep{
+				MFAProviders: []domain.MFAType{
+					domain.MFATypeOTP,
 				},
 			},
 			false,
@@ -1084,10 +1085,10 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{
 						ForceMFA:      true,
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				},
 				user: &user_model.UserView{
@@ -1096,10 +1097,10 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 					},
 				},
 			},
-			&model.MFAPromptStep{
+			&domain.MFAPromptStep{
 				Required: true,
-				MFAProviders: []model.MFAType{
-					model.MFATypeOTP,
+				MFAProviders: []domain.MFAType{
+					domain.MFATypeOTP,
 				},
 			},
 			false,
@@ -1111,8 +1112,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				MFAInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{},
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{},
 				},
 				user: &user_model.UserView{
 					HumanView: &user_model.HumanView{
@@ -1131,9 +1132,9 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				},
 				user: &user_model.UserView{
@@ -1154,9 +1155,9 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				SecondFactorCheckLifeTime: 18 * time.Hour,
 			},
 			args{
-				request: &model.AuthRequest{
-					LoginPolicy: &iam_model.LoginPolicyView{
-						SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
+				request: &domain.AuthRequest{
+					LoginPolicy: &domain.LoginPolicy{
+						SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP},
 					},
 				},
 				user: &user_model.UserView{
@@ -1168,8 +1169,8 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 				userSession: &user_model.UserSessionView{},
 			},

-			&model.MFAVerificationStep{
-				MFAProviders: []model.MFAType{model.MFATypeOTP},
+			&domain.MFAVerificationStep{
+				MFAProviders: []domain.MFAType{domain.MFATypeOTP},
 			},
 			false,
 			nil,
--- a/internal/auth/repository/eventsourcing/handler/login_policy.go
+++ b/internal/auth/repository/eventsourcing/handler/login_policy.go
@@ -1,9 +1,13 @@
 package handler

 import (
+	"context"
 	"github.com/caos/logging"
+	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
 	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/v2/domain"

 	"github.com/caos/zitadel/internal/eventstore/models"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
@@ -78,20 +82,48 @@ func (p *LoginPolicy) Reduce(event *models.Event) (err error) {
 func (p *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
 	policy := new(iam_model.LoginPolicyView)
 	switch event.Type {
+	case model.OrgAdded:
+		policy, err = p.getDefaultLoginPolicy()
+		if err != nil {
+			return err
+		}
+		policy.AggregateID = event.AggregateID
+		policy.Default = true
 	case iam_es_model.LoginPolicyAdded, model.LoginPolicyAdded:
 		err = policy.AppendEvent(event)
-	case iam_es_model.LoginPolicyChanged, model.LoginPolicyChanged,
-		iam_es_model.LoginPolicySecondFactorAdded, model.LoginPolicySecondFactorAdded,
-		iam_es_model.LoginPolicySecondFactorRemoved, model.LoginPolicySecondFactorRemoved,
-		iam_es_model.LoginPolicyMultiFactorAdded, model.LoginPolicyMultiFactorAdded,
-		iam_es_model.LoginPolicyMultiFactorRemoved, model.LoginPolicyMultiFactorRemoved:
+	case iam_es_model.LoginPolicyChanged,
+		iam_es_model.LoginPolicySecondFactorAdded,
+		iam_es_model.LoginPolicySecondFactorRemoved,
+		iam_es_model.LoginPolicyMultiFactorAdded,
+		iam_es_model.LoginPolicyMultiFactorRemoved:
+		policies, err := p.view.AllDefaultLoginPolicies()
+		if err != nil {
+			return err
+		}
+		for _, policy := range policies {
+			err = policy.AppendEvent(event)
+			if err != nil {
+				return err
+			}
+		}
+		return p.view.PutLoginPolicies(policies, event)
+	case model.LoginPolicyChanged,
+		model.LoginPolicySecondFactorAdded,
+		model.LoginPolicySecondFactorRemoved,
+		model.LoginPolicyMultiFactorAdded,
+		model.LoginPolicyMultiFactorRemoved:
 		policy, err = p.view.LoginPolicyByAggregateID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		err = policy.AppendEvent(event)
 	case model.LoginPolicyRemoved:
-		return p.view.DeleteLoginPolicy(event.AggregateID, event)
+		policy, err = p.getDefaultLoginPolicy()
+		if err != nil {
+			return err
+		}
+		policy.AggregateID = event.AggregateID
+		policy.Default = true
 	default:
 		return p.view.ProcessedLoginPolicySequence(event)
 	}
@@ -109,3 +141,33 @@ func (p *LoginPolicy) OnError(event *models.Event, err error) error {
 func (p *LoginPolicy) OnSuccess() error {
 	return spooler.HandleSuccess(p.view.UpdateLoginPolicySpoolerRunTimestamp)
 }
+
+func (p *LoginPolicy) getDefaultLoginPolicy() (*iam_model.LoginPolicyView, error) {
+	policy, policyErr := p.view.LoginPolicyByAggregateID(domain.IAMID)
+	if policyErr != nil && !caos_errs.IsNotFound(policyErr) {
+		return nil, policyErr
+	}
+	if policy == nil {
+		policy = &iam_model.LoginPolicyView{}
+	}
+	events, err := p.getIAMEvents(policy.Sequence)
+	if err != nil {
+		return policy, policyErr
+	}
+	policyCopy := *policy
+	for _, event := range events {
+		if err := policyCopy.AppendEvent(event); err != nil {
+			return policy, nil
+		}
+	}
+	return &policyCopy, nil
+}
+
+func (p *LoginPolicy) getIAMEvents(sequence uint64) ([]*models.Event, error) {
+	query, err := eventsourcing.IAMByIDQuery(domain.IAMID, sequence)
+	if err != nil {
+		return nil, err
+	}
+
+	return p.es.FilterEvents(context.Background(), query)
+}
--- a/internal/auth/repository/eventsourcing/view/login_policies.go
+++ b/internal/auth/repository/eventsourcing/view/login_policies.go
@@ -16,6 +16,10 @@ func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyV
 	return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
 }

+func (v *View) AllDefaultLoginPolicies() ([]*model.LoginPolicyView, error) {
+	return view.GetDefaultLoginPolicies(v.Db, loginPolicyTable)
+}
+
 func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, event *models.Event) error {
 	err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
 	if err != nil {
@@ -24,6 +28,14 @@ func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, event *models.Event
 	return v.ProcessedLoginPolicySequence(event)
 }

+func (v *View) PutLoginPolicies(policies []*model.LoginPolicyView, event *models.Event) error {
+	err := view.PutLoginPolicies(v.Db, loginPolicyTable, policies...)
+	if err != nil {
+		return err
+	}
+	return v.ProcessedLoginPolicySequence(event)
+}
+
 func (v *View) DeleteLoginPolicy(aggregateID string, event *models.Event) error {
 	err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
 	if err != nil && !errors.IsNotFound(err) {