feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set * feat: setup * feat: lock user on password failes * feat: render error * feat: lock user on command side * feat: auth_req tests * feat: lockout policy docs * feat: remove show lockout failures from proto * fix: console lockout * feat: tests * fix: tests * unlock function * add unlock button * fix migration version * lockout policy * lint * Update internal/auth/repository/eventsourcing/eventstore/auth_request.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err message * Update internal/command/setup_step4.go Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-11 21:37:32 +00:00 · 2021-08-11 08:36:32 +02:00
parent 272e411e27
commit bc951985ed
101 changed files with 2170 additions and 1574 deletions
--- a/internal/domain/auth_request.go
+++ b/internal/domain/auth_request.go
@@ -48,6 +48,7 @@ type AuthRequest struct {
 	AllowedExternalIDPs    []*IDPProvider
 	LabelPolicy            *LabelPolicy
 	PrivacyPolicy          *PrivacyPolicy
+	LockoutPolicy          *LockoutPolicy
 	DefaultTranslations    []*CustomText
 	OrgTranslations        []*CustomText
 }
--- a/internal/domain/iam.go
+++ b/internal/domain/iam.go
@@ -22,5 +22,5 @@ type IAM struct {
 	DefaultOrgIAMPolicy             *OrgIAMPolicy
 	DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
 	DefaultPasswordAgePolicy        *PasswordAgePolicy
-	DefaultPasswordLockoutPolicy    *PasswordLockoutPolicy
+	DefaultPasswordLockoutPolicy    *LockoutPolicy
 }
--- a/internal/domain/org.go
+++ b/internal/domain/org.go
@@ -18,7 +18,7 @@ type Org struct {
 	LabelPolicy              *LabelPolicy
 	PasswordComplexityPolicy *PasswordComplexityPolicy
 	PasswordAgePolicy        *PasswordAgePolicy
-	PasswordLockoutPolicy    *PasswordLockoutPolicy
+	PasswordLockoutPolicy    *LockoutPolicy
 	IDPs                     []*IDPConfig
 }

--- a/internal/domain/policy_password_lockout.go
+++ b/internal/domain/policy_password_lockout.go
@@ -4,9 +4,10 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 )

-type PasswordLockoutPolicy struct {
+type LockoutPolicy struct {
 	models.ObjectRoot

-	MaxAttempts         uint64
+	Default             bool
+	MaxPasswordAttempts uint64
 	ShowLockOutFailures bool
 }
--- a/internal/domain/step.go
+++ b/internal/domain/step.go
@@ -20,6 +20,7 @@ const (
 	Step15
 	Step16
 	Step17
+	Step18
 	//StepCount marks the the length of possible steps (StepCount-1 == last possible step)
 	StepCount
 )