feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set

* feat: setup

* feat: lock user on password failes

* feat: render error

* feat: lock user on command side

* feat: auth_req tests

* feat: lockout policy docs

* feat: remove show lockout failures from proto

* fix: console lockout

* feat: tests

* fix: tests

* unlock function

* add unlock button

* fix migration version

* lockout policy

* lint

* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: err message

* Update internal/command/setup_step4.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

internal/command/iam_policy_password_lockout_test.go

@@ -13,16 +13,16 @@ import (
 	"testing"
 )
 
-func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
+func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) {
 	type fields struct {
 		eventstore *eventstore.Eventstore
 	}
 	type args struct {
 		ctx    context.Context
-		policy *domain.PasswordLockoutPolicy
+		policy *domain.LockoutPolicy
 	}
 	type res struct {
-		want *domain.PasswordLockoutPolicy
+		want *domain.LockoutPolicy
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -32,13 +32,13 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 		res    res
 	}{
 		{
-			name: "password lockout policy already existing, already exists error",
+			name: "lockout policy already existing, already exists error",
 			fields: fields{
 				eventstore: eventstoreExpect(
 					t,
 					expectFilter(
 						eventFromEventPusher(
-							iam.NewPasswordLockoutPolicyAddedEvent(context.Background(),
+							iam.NewLockoutPolicyAddedEvent(context.Background(),
 								&iam.NewAggregate().Aggregate,
 								10,
 								true,
@@ -49,8 +49,8 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
-				policy: &domain.PasswordLockoutPolicy{
-					MaxAttempts:         10,
+				policy: &domain.LockoutPolicy{
+					MaxPasswordAttempts: 10,
 					ShowLockOutFailures: true,
 				},
 			},
@@ -67,7 +67,7 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								iam.NewPasswordLockoutPolicyAddedEvent(context.Background(),
+								iam.NewLockoutPolicyAddedEvent(context.Background(),
 									&iam.NewAggregate().Aggregate,
 									10,
 									true,
@@ -79,18 +79,18 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
-				policy: &domain.PasswordLockoutPolicy{
-					MaxAttempts:         10,
+				policy: &domain.LockoutPolicy{
+					MaxPasswordAttempts: 10,
 					ShowLockOutFailures: true,
 				},
 			},
 			res: res{
-				want: &domain.PasswordLockoutPolicy{
+				want: &domain.LockoutPolicy{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "IAM",
 						ResourceOwner: "IAM",
 					},
-					MaxAttempts:         10,
+					MaxPasswordAttempts: 10,
 					ShowLockOutFailures: true,
 				},
 			},
@@ -101,7 +101,7 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 			r := &Commands{
 				eventstore: tt.fields.eventstore,
 			}
-			got, err := r.AddDefaultPasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
+			got, err := r.AddDefaultLockoutPolicy(tt.args.ctx, tt.args.policy)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -115,16 +115,16 @@ func TestCommandSide_AddDefaultPasswordLockoutPolicy(t *testing.T) {
 	}
 }
 
-func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
+func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) {
 	type fields struct {
 		eventstore *eventstore.Eventstore
 	}
 	type args struct {
 		ctx    context.Context
-		policy *domain.PasswordLockoutPolicy
+		policy *domain.LockoutPolicy
 	}
 	type res struct {
-		want *domain.PasswordLockoutPolicy
+		want *domain.LockoutPolicy
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -134,7 +134,7 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 		res    res
 	}{
 		{
-			name: "password lockout policy not existing, not found error",
+			name: "lockout policy not existing, not found error",
 			fields: fields{
 				eventstore: eventstoreExpect(
 					t,
@@ -143,8 +143,8 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
-				policy: &domain.PasswordLockoutPolicy{
-					MaxAttempts:         10,
+				policy: &domain.LockoutPolicy{
+					MaxPasswordAttempts: 10,
 					ShowLockOutFailures: true,
 				},
 			},
@@ -159,7 +159,7 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 					t,
 					expectFilter(
 						eventFromEventPusher(
-							iam.NewPasswordLockoutPolicyAddedEvent(context.Background(),
+							iam.NewLockoutPolicyAddedEvent(context.Background(),
 								&iam.NewAggregate().Aggregate,
 								10,
 								true,
@@ -170,8 +170,8 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
-				policy: &domain.PasswordLockoutPolicy{
-					MaxAttempts:         10,
+				policy: &domain.LockoutPolicy{
+					MaxPasswordAttempts: 10,
 					ShowLockOutFailures: true,
 				},
 			},
@@ -186,7 +186,7 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 					t,
 					expectFilter(
 						eventFromEventPusher(
-							iam.NewPasswordLockoutPolicyAddedEvent(context.Background(),
+							iam.NewLockoutPolicyAddedEvent(context.Background(),
 								&iam.NewAggregate().Aggregate,
 								10,
 								true,
@@ -196,7 +196,7 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newDefaultPasswordLockoutPolicyChangedEvent(context.Background(), 20, false),
+								newDefaultLockoutPolicyChangedEvent(context.Background(), 20, false),
 							),
 						},
 					),
@@ -204,18 +204,18 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
-				policy: &domain.PasswordLockoutPolicy{
-					MaxAttempts:         20,
+				policy: &domain.LockoutPolicy{
+					MaxPasswordAttempts: 20,
 					ShowLockOutFailures: false,
 				},
 			},
 			res: res{
-				want: &domain.PasswordLockoutPolicy{
+				want: &domain.LockoutPolicy{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "IAM",
 						ResourceOwner: "IAM",
 					},
-					MaxAttempts:         20,
+					MaxPasswordAttempts: 20,
 					ShowLockOutFailures: false,
 				},
 			},
@@ -226,7 +226,7 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 			r := &Commands{
 				eventstore: tt.fields.eventstore,
 			}
-			got, err := r.ChangeDefaultPasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
+			got, err := r.ChangeDefaultLockoutPolicy(tt.args.ctx, tt.args.policy)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -240,10 +240,10 @@ func TestCommandSide_ChangeDefaultPasswordLockoutPolicy(t *testing.T) {
 	}
 }
 
-func newDefaultPasswordLockoutPolicyChangedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) *iam.PasswordLockoutPolicyChangedEvent {
-	event, _ := iam.NewPasswordLockoutPolicyChangedEvent(ctx,
+func newDefaultLockoutPolicyChangedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) *iam.LockoutPolicyChangedEvent {
+	event, _ := iam.NewLockoutPolicyChangedEvent(ctx,
 		&iam.NewAggregate().Aggregate,
-		[]policy.PasswordLockoutPolicyChanges{
+		[]policy.LockoutPolicyChanges{
 			policy.ChangeMaxAttempts(maxAttempts),
 			policy.ChangeShowLockOutFailures(showLockoutFailure),
 		},