feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set

* feat: setup

* feat: lock user on password failes

* feat: render error

* feat: lock user on command side

* feat: auth_req tests

* feat: lockout policy docs

* feat: remove show lockout failures from proto

* fix: console lockout

* feat: tests

* fix: tests

* unlock function

* add unlock button

* fix migration version

* lockout policy

* lint

* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: err message

* Update internal/command/setup_step4.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

internal/api/grpc/admin/lockout.go

@@ -0,0 +1,31 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetLockoutPolicy(ctx context.Context, req *admin_pb.GetLockoutPolicyRequest) (*admin_pb.GetLockoutPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultLockoutPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetLockoutPolicyResponse{Policy: policy_grpc.ModelLockoutPolicyToPb(policy)}, nil
+}
+
+func (s *Server) UpdateLockoutPolicy(ctx context.Context, req *admin_pb.UpdateLockoutPolicyRequest) (*admin_pb.UpdateLockoutPolicyResponse, error) {
+	policy, err := s.command.ChangeDefaultLockoutPolicy(ctx, UpdateLockoutPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateLockoutPolicyResponse{
+		Details: object.ChangeToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
+}

internal/api/grpc/admin/lockout_converter.go

@@ -0,0 +1,12 @@
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func UpdateLockoutPolicyToDomain(p *admin.UpdateLockoutPolicyRequest) *domain.LockoutPolicy {
+	return &domain.LockoutPolicy{
+		MaxPasswordAttempts: uint64(p.MaxPasswordAttempts),
+	}
+}

internal/api/grpc/admin/password_lockout.go

@@ -1,31 +0,0 @@
-package admin
-
-import (
-	"context"
-
-	"github.com/caos/zitadel/internal/api/grpc/object"
-	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
-	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
-)
-
-func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, req *admin_pb.GetPasswordLockoutPolicyRequest) (*admin_pb.GetPasswordLockoutPolicyResponse, error) {
-	policy, err := s.iam.GetDefaultPasswordLockoutPolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.GetPasswordLockoutPolicyResponse{Policy: policy_grpc.ModelPasswordLockoutPolicyToPb(policy)}, nil
-}
-
-func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, req *admin_pb.UpdatePasswordLockoutPolicyRequest) (*admin_pb.UpdatePasswordLockoutPolicyResponse, error) {
-	policy, err := s.command.ChangeDefaultPasswordLockoutPolicy(ctx, UpdatePasswordLockoutPolicyToDomain(req))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.UpdatePasswordLockoutPolicyResponse{
-		Details: object.ChangeToDetailsPb(
-			policy.Sequence,
-			policy.ChangeDate,
-			policy.ResourceOwner,
-		),
-	}, nil
-}

internal/api/grpc/admin/password_lockout_converter.go

@@ -1,13 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-)
-
-func UpdatePasswordLockoutPolicyToDomain(p *admin.UpdatePasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
-	return &domain.PasswordLockoutPolicy{
-		MaxAttempts:         uint64(p.MaxAttempts),
-		ShowLockOutFailures: p.ShowLockoutFailure,
-	}
-}