feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set

* feat: setup

* feat: lock user on password failes

* feat: render error

* feat: lock user on command side

* feat: auth_req tests

* feat: lockout policy docs

* feat: remove show lockout failures from proto

* fix: console lockout

* feat: tests

* fix: tests

* unlock function

* add unlock button

* fix migration version

* lockout policy

* lint

* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: err message

* Update internal/command/setup_step4.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

internal/iam/model/iam.go

@@ -35,7 +35,7 @@ type IAM struct {
 	DefaultOrgIAMPolicy             *OrgIAMPolicy
 	DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
 	DefaultPasswordAgePolicy        *PasswordAgePolicy
-	DefaultPasswordLockoutPolicy    *PasswordLockoutPolicy
+	DefaultLockoutPolicy            *LockoutPolicy
 	DefaultMailTemplate             *MailTemplate
 	DefaultMailTexts                []*MailText
 }

internal/iam/model/password_lockout_policy.go

@@ -4,10 +4,10 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 )
 
-type PasswordLockoutPolicy struct {
+type LockoutPolicy struct {
 	models.ObjectRoot
 
 	State               PolicyState
-	MaxAttempts         uint64
+	MaxPasswordAttempts uint64
 	ShowLockOutFailures bool
 }

internal/iam/model/password_lockout_policy_view.go

@@ -5,9 +5,9 @@ import (
 	"time"
 )
 
-type PasswordLockoutPolicyView struct {
+type LockoutPolicyView struct {
 	AggregateID         string
-	MaxAttempts         uint64
+	MaxPasswordAttempts uint64
 	ShowLockOutFailures bool
 	Default             bool
 
@@ -16,32 +16,32 @@ type PasswordLockoutPolicyView struct {
 	Sequence     uint64
 }
 
-type PasswordLockoutPolicySearchRequest struct {
+type LockoutPolicySearchRequest struct {
 	Offset        uint64
 	Limit         uint64
-	SortingColumn PasswordLockoutPolicySearchKey
+	SortingColumn LockoutPolicySearchKey
 	Asc           bool
-	Queries       []*PasswordLockoutPolicySearchQuery
+	Queries       []*LockoutPolicySearchQuery
 }
 
-type PasswordLockoutPolicySearchKey int32
+type LockoutPolicySearchKey int32
 
 const (
-	PasswordLockoutPolicySearchKeyUnspecified PasswordLockoutPolicySearchKey = iota
-	PasswordLockoutPolicySearchKeyAggregateID
+	LockoutPolicySearchKeyUnspecified LockoutPolicySearchKey = iota
+	LockoutPolicySearchKeyAggregateID
 )
 
-type PasswordLockoutPolicySearchQuery struct {
-	Key    PasswordLockoutPolicySearchKey
+type LockoutPolicySearchQuery struct {
+	Key    LockoutPolicySearchKey
 	Method domain.SearchMethod
 	Value  interface{}
 }
 
-type PasswordLockoutPolicySearchResponse struct {
+type LockoutPolicySearchResponse struct {
 	Offset      uint64
 	Limit       uint64
 	TotalResult uint64
-	Result      []*PasswordLockoutPolicyView
+	Result      []*LockoutPolicyView
 	Sequence    uint64
 	Timestamp   time.Time
 }

internal/iam/repository/eventsourcing/model/iam.go

@@ -36,7 +36,7 @@ type IAM struct {
 	DefaultOrgIAMPolicy             *OrgIAMPolicy             `json:"-"`
 	DefaultPasswordComplexityPolicy *PasswordComplexityPolicy `json:"-"`
 	DefaultPasswordAgePolicy        *PasswordAgePolicy        `json:"-"`
-	DefaultPasswordLockoutPolicy    *PasswordLockoutPolicy    `json:"-"`
+	DefaultLockoutPolicy            *LockoutPolicy            `json:"-"`
 }
 
 func IAMToModel(iam *IAM) *model.IAM {
@@ -66,8 +66,8 @@ func IAMToModel(iam *IAM) *model.IAM {
 	if iam.DefaultPasswordAgePolicy != nil {
 		converted.DefaultPasswordAgePolicy = PasswordAgePolicyToModel(iam.DefaultPasswordAgePolicy)
 	}
-	if iam.DefaultPasswordLockoutPolicy != nil {
-		converted.DefaultPasswordLockoutPolicy = PasswordLockoutPolicyToModel(iam.DefaultPasswordLockoutPolicy)
+	if iam.DefaultLockoutPolicy != nil {
+		converted.DefaultLockoutPolicy = LockoutPolicyToModel(iam.DefaultLockoutPolicy)
 	}
 	if iam.DefaultOrgIAMPolicy != nil {
 		converted.DefaultOrgIAMPolicy = OrgIAMPolicyToModel(iam.DefaultOrgIAMPolicy)
@@ -166,10 +166,10 @@ func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
 		return i.appendAddPasswordAgePolicyEvent(event)
 	case PasswordAgePolicyChanged:
 		return i.appendChangePasswordAgePolicyEvent(event)
-	case PasswordLockoutPolicyAdded:
-		return i.appendAddPasswordLockoutPolicyEvent(event)
-	case PasswordLockoutPolicyChanged:
-		return i.appendChangePasswordLockoutPolicyEvent(event)
+	case LockoutPolicyAdded:
+		return i.appendAddLockoutPolicyEvent(event)
+	case LockoutPolicyChanged:
+		return i.appendChangeLockoutPolicyEvent(event)
 	case OrgIAMPolicyAdded:
 		return i.appendAddOrgIAMPolicyEvent(event)
 	case OrgIAMPolicyChanged:

internal/iam/repository/eventsourcing/model/lockout_policy.go

@@ -0,0 +1,60 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/caos/zitadel/internal/errors"
+	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+)
+
+type LockoutPolicy struct {
+	es_models.ObjectRoot
+
+	State               int32  `json:"-"`
+	MaxPasswordAttempts uint64 `json:"maxPasswordAttempts"`
+	ShowLockOutFailures bool   `json:"showLockOutFailures"`
+}
+
+func LockoutPolicyToModel(policy *LockoutPolicy) *iam_model.LockoutPolicy {
+	return &iam_model.LockoutPolicy{
+		ObjectRoot:          policy.ObjectRoot,
+		State:               iam_model.PolicyState(policy.State),
+		MaxPasswordAttempts: policy.MaxPasswordAttempts,
+		ShowLockOutFailures: policy.ShowLockOutFailures,
+	}
+}
+
+func (p *LockoutPolicy) Changes(changed *LockoutPolicy) map[string]interface{} {
+	changes := make(map[string]interface{}, 2)
+
+	if p.MaxPasswordAttempts != changed.MaxPasswordAttempts {
+		changes["maxAttempts"] = changed.MaxPasswordAttempts
+	}
+	if p.ShowLockOutFailures != changed.ShowLockOutFailures {
+		changes["showLockOutFailures"] = changed.ShowLockOutFailures
+	}
+	return changes
+}
+
+func (i *IAM) appendAddLockoutPolicyEvent(event *es_models.Event) error {
+	i.DefaultLockoutPolicy = new(LockoutPolicy)
+	err := i.DefaultLockoutPolicy.SetData(event)
+	if err != nil {
+		return err
+	}
+	i.DefaultLockoutPolicy.ObjectRoot.CreationDate = event.CreationDate
+	return nil
+}
+
+func (i *IAM) appendChangeLockoutPolicyEvent(event *es_models.Event) error {
+	return i.DefaultLockoutPolicy.SetData(event)
+}
+
+func (p *LockoutPolicy) SetData(event *es_models.Event) error {
+	err := json.Unmarshal(event.Data, p)
+	if err != nil {
+		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
+	}
+	return nil
+}

internal/iam/repository/eventsourcing/model/lockout_policy_test.go

@@ -8,8 +8,8 @@ import (
 
 func TestPasswordLockoutPolicyChanges(t *testing.T) {
 	type args struct {
-		existing *PasswordLockoutPolicy
-		new      *PasswordLockoutPolicy
+		existing *LockoutPolicy
+		new      *LockoutPolicy
 	}
 	type res struct {
 		changesLen int
@@ -22,8 +22,8 @@ func TestPasswordLockoutPolicyChanges(t *testing.T) {
 		{
 			name: "lockout policy all attributes change",
 			args: args{
-				existing: &PasswordLockoutPolicy{MaxAttempts: 365, ShowLockOutFailures: true},
-				new:      &PasswordLockoutPolicy{MaxAttempts: 730, ShowLockOutFailures: false},
+				existing: &LockoutPolicy{MaxPasswordAttempts: 365, ShowLockOutFailures: true},
+				new:      &LockoutPolicy{MaxPasswordAttempts: 730, ShowLockOutFailures: false},
 			},
 			res: res{
 				changesLen: 2,
@@ -32,8 +32,8 @@ func TestPasswordLockoutPolicyChanges(t *testing.T) {
 		{
 			name: "no changes",
 			args: args{
-				existing: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
-				new:      &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
+				existing: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
+				new:      &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
 			},
 			res: res{
 				changesLen: 0,
@@ -53,7 +53,7 @@ func TestPasswordLockoutPolicyChanges(t *testing.T) {
 func TestAppendAddPasswordLockoutPolicyEvent(t *testing.T) {
 	type args struct {
 		iam    *IAM
-		policy *PasswordLockoutPolicy
+		policy *LockoutPolicy
 		event  *es_models.Event
 	}
 	tests := []struct {
@@ -65,10 +65,10 @@ func TestAppendAddPasswordLockoutPolicyEvent(t *testing.T) {
 			name: "append add password lockout policy event",
 			args: args{
 				iam:    new(IAM),
-				policy: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
+				policy: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true},
 				event:  new(es_models.Event),
 			},
-			result: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true}},
+			result: &IAM{DefaultLockoutPolicy: &LockoutPolicy{MaxPasswordAttempts: 10, ShowLockOutFailures: true}},
 		},
 	}
 	for _, tt := range tests {
@@ -77,12 +77,12 @@ func TestAppendAddPasswordLockoutPolicyEvent(t *testing.T) {
 				data, _ := json.Marshal(tt.args.policy)
 				tt.args.event.Data = data
 			}
-			tt.args.iam.appendAddPasswordLockoutPolicyEvent(tt.args.event)
-			if tt.result.DefaultPasswordLockoutPolicy.MaxAttempts != tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.MaxAttempts, tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts)
+			tt.args.iam.appendAddLockoutPolicyEvent(tt.args.event)
+			if tt.result.DefaultLockoutPolicy.MaxPasswordAttempts != tt.args.iam.DefaultLockoutPolicy.MaxPasswordAttempts {
+				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLockoutPolicy.MaxPasswordAttempts, tt.args.iam.DefaultLockoutPolicy.MaxPasswordAttempts)
 			}
-			if tt.result.DefaultPasswordLockoutPolicy.ShowLockOutFailures != tt.args.iam.DefaultPasswordLockoutPolicy.ShowLockOutFailures {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.ShowLockOutFailures, tt.args.iam.DefaultPasswordLockoutPolicy.ShowLockOutFailures)
+			if tt.result.DefaultLockoutPolicy.ShowLockOutFailures != tt.args.iam.DefaultLockoutPolicy.ShowLockOutFailures {
+				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLockoutPolicy.ShowLockOutFailures, tt.args.iam.DefaultLockoutPolicy.ShowLockOutFailures)
 			}
 		})
 	}
@@ -91,7 +91,7 @@ func TestAppendAddPasswordLockoutPolicyEvent(t *testing.T) {
 func TestAppendChangePasswordLockoutPolicyEvent(t *testing.T) {
 	type args struct {
 		iam    *IAM
-		policy *PasswordLockoutPolicy
+		policy *LockoutPolicy
 		event  *es_models.Event
 	}
 	tests := []struct {
@@ -102,14 +102,14 @@ func TestAppendChangePasswordLockoutPolicyEvent(t *testing.T) {
 		{
 			name: "append change password lockout policy event",
 			args: args{
-				iam: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{
-					MaxAttempts: 10,
+				iam: &IAM{DefaultLockoutPolicy: &LockoutPolicy{
+					MaxPasswordAttempts: 10,
 				}},
-				policy: &PasswordLockoutPolicy{MaxAttempts: 5},
+				policy: &LockoutPolicy{MaxPasswordAttempts: 5},
 				event:  &es_models.Event{},
 			},
-			result: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{
-				MaxAttempts: 5,
+			result: &IAM{DefaultLockoutPolicy: &LockoutPolicy{
+				MaxPasswordAttempts: 5,
 			}},
 		},
 	}
@@ -119,9 +119,9 @@ func TestAppendChangePasswordLockoutPolicyEvent(t *testing.T) {
 				data, _ := json.Marshal(tt.args.policy)
 				tt.args.event.Data = data
 			}
-			tt.args.iam.appendChangePasswordLockoutPolicyEvent(tt.args.event)
-			if tt.result.DefaultPasswordLockoutPolicy.MaxAttempts != tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts {
-				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.MaxAttempts, tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts)
+			tt.args.iam.appendChangeLockoutPolicyEvent(tt.args.event)
+			if tt.result.DefaultLockoutPolicy.MaxPasswordAttempts != tt.args.iam.DefaultLockoutPolicy.MaxPasswordAttempts {
+				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLockoutPolicy.MaxPasswordAttempts, tt.args.iam.DefaultLockoutPolicy.MaxPasswordAttempts)
 			}
 		})
 	}

internal/iam/repository/eventsourcing/model/password_lockout_policy.go

@@ -1,69 +0,0 @@
-package model
-
-import (
-	"encoding/json"
-
-	"github.com/caos/zitadel/internal/errors"
-	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-)
-
-type PasswordLockoutPolicy struct {
-	es_models.ObjectRoot
-
-	State               int32  `json:"-"`
-	MaxAttempts         uint64 `json:"maxAttempts"`
-	ShowLockOutFailures bool   `json:"showLockOutFailures"`
-}
-
-func PasswordLockoutPolicyFromModel(policy *iam_model.PasswordLockoutPolicy) *PasswordLockoutPolicy {
-	return &PasswordLockoutPolicy{
-		ObjectRoot:          policy.ObjectRoot,
-		State:               int32(policy.State),
-		MaxAttempts:         policy.MaxAttempts,
-		ShowLockOutFailures: policy.ShowLockOutFailures,
-	}
-}
-
-func PasswordLockoutPolicyToModel(policy *PasswordLockoutPolicy) *iam_model.PasswordLockoutPolicy {
-	return &iam_model.PasswordLockoutPolicy{
-		ObjectRoot:          policy.ObjectRoot,
-		State:               iam_model.PolicyState(policy.State),
-		MaxAttempts:         policy.MaxAttempts,
-		ShowLockOutFailures: policy.ShowLockOutFailures,
-	}
-}
-
-func (p *PasswordLockoutPolicy) Changes(changed *PasswordLockoutPolicy) map[string]interface{} {
-	changes := make(map[string]interface{}, 2)
-
-	if p.MaxAttempts != changed.MaxAttempts {
-		changes["maxAttempts"] = changed.MaxAttempts
-	}
-	if p.ShowLockOutFailures != changed.ShowLockOutFailures {
-		changes["showLockOutFailures"] = changed.ShowLockOutFailures
-	}
-	return changes
-}
-
-func (i *IAM) appendAddPasswordLockoutPolicyEvent(event *es_models.Event) error {
-	i.DefaultPasswordLockoutPolicy = new(PasswordLockoutPolicy)
-	err := i.DefaultPasswordLockoutPolicy.SetData(event)
-	if err != nil {
-		return err
-	}
-	i.DefaultPasswordLockoutPolicy.ObjectRoot.CreationDate = event.CreationDate
-	return nil
-}
-
-func (i *IAM) appendChangePasswordLockoutPolicyEvent(event *es_models.Event) error {
-	return i.DefaultPasswordLockoutPolicy.SetData(event)
-}
-
-func (p *PasswordLockoutPolicy) SetData(event *es_models.Event) error {
-	err := json.Unmarshal(event.Data, p)
-	if err != nil {
-		return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
-	}
-	return nil
-}

internal/iam/repository/eventsourcing/model/types.go

@@ -65,8 +65,8 @@ const (
 	PasswordAgePolicyAdded   models.EventType = "iam.policy.password.age.added"
 	PasswordAgePolicyChanged models.EventType = "iam.policy.password.age.changed"
 
-	PasswordLockoutPolicyAdded   models.EventType = "iam.policy.password.lockout.added"
-	PasswordLockoutPolicyChanged models.EventType = "iam.policy.password.lockout.changed"
+	LockoutPolicyAdded   models.EventType = "iam.policy.lockout.added"
+	LockoutPolicyChanged models.EventType = "iam.policy.lockout.changed"
 
 	PrivacyPolicyAdded   models.EventType = "iam.policy.privacy.added"
 	PrivacyPolicyChanged models.EventType = "iam.policy.privacy.changed"

internal/iam/repository/view/model/password_lockout_policy.go

@@ -2,6 +2,7 @@ package model
 
 import (
 	"encoding/json"
+	"github.com/caos/zitadel/internal/domain"
 	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	"time"
 
@@ -14,65 +15,67 @@ import (
 )
 
 const (
-	PasswordLockoutKeyAggregateID = "aggregate_id"
+	LockoutKeyAggregateID = "aggregate_id"
 )
 
-type PasswordLockoutPolicyView struct {
+type LockoutPolicyView struct {
 	AggregateID  string    `json:"-" gorm:"column:aggregate_id;primary_key"`
 	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
 	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
 	State        int32     `json:"-" gorm:"column:lockout_policy_state"`
 
-	MaxAttempts         uint64 `json:"maxAttempts" gorm:"column:max_attempts"`
+	MaxPasswordAttempts uint64 `json:"maxPasswordAttempts" gorm:"column:max_password_attempts"`
 	ShowLockOutFailures bool   `json:"showLockOutFailures" gorm:"column:show_lockout_failures"`
 	Default             bool   `json:"-" gorm:"-"`
 
 	Sequence uint64 `json:"-" gorm:"column:sequence"`
 }
 
-func PasswordLockoutViewFromModel(policy *model.PasswordLockoutPolicyView) *PasswordLockoutPolicyView {
-	return &PasswordLockoutPolicyView{
+func LockoutViewToModel(policy *LockoutPolicyView) *model.LockoutPolicyView {
+	return &model.LockoutPolicyView{
 		AggregateID:         policy.AggregateID,
 		Sequence:            policy.Sequence,
 		CreationDate:        policy.CreationDate,
 		ChangeDate:          policy.ChangeDate,
-		MaxAttempts:         policy.MaxAttempts,
+		MaxPasswordAttempts: policy.MaxPasswordAttempts,
 		ShowLockOutFailures: policy.ShowLockOutFailures,
 		Default:             policy.Default,
 	}
 }
 
-func PasswordLockoutViewToModel(policy *PasswordLockoutPolicyView) *model.PasswordLockoutPolicyView {
-	return &model.PasswordLockoutPolicyView{
-		AggregateID:         policy.AggregateID,
-		Sequence:            policy.Sequence,
-		CreationDate:        policy.CreationDate,
-		ChangeDate:          policy.ChangeDate,
-		MaxAttempts:         policy.MaxAttempts,
-		ShowLockOutFailures: policy.ShowLockOutFailures,
-		Default:             policy.Default,
+func (p *LockoutPolicyView) ToDomain() *domain.LockoutPolicy {
+	return &domain.LockoutPolicy{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID:  p.AggregateID,
+			CreationDate: p.CreationDate,
+			ChangeDate:   p.ChangeDate,
+			Sequence:     p.Sequence,
+		},
+		MaxPasswordAttempts: p.MaxPasswordAttempts,
+		ShowLockOutFailures: p.ShowLockOutFailures,
+		Default:             p.Default,
 	}
 }
 
-func (i *PasswordLockoutPolicyView) AppendEvent(event *models.Event) (err error) {
+func (i *LockoutPolicyView) AppendEvent(event *models.Event) (err error) {
 	i.Sequence = event.Sequence
 	i.ChangeDate = event.CreationDate
 	switch event.Type {
-	case es_model.PasswordLockoutPolicyAdded, org_es_model.PasswordLockoutPolicyAdded:
+	case es_model.LockoutPolicyAdded, org_es_model.LockoutPolicyAdded:
 		i.setRootData(event)
 		i.CreationDate = event.CreationDate
 		err = i.SetData(event)
-	case es_model.PasswordLockoutPolicyChanged, org_es_model.PasswordLockoutPolicyChanged:
+	case es_model.LockoutPolicyChanged, org_es_model.LockoutPolicyChanged:
 		err = i.SetData(event)
 	}
 	return err
 }
 
-func (r *PasswordLockoutPolicyView) setRootData(event *models.Event) {
+func (r *LockoutPolicyView) setRootData(event *models.Event) {
 	r.AggregateID = event.AggregateID
 }
 
-func (r *PasswordLockoutPolicyView) SetData(event *models.Event) error {
+func (r *LockoutPolicyView) SetData(event *models.Event) error {
 	if err := json.Unmarshal(event.Data, r); err != nil {
 		logging.Log("EVEN-gHls0").WithError(err).Error("could not unmarshal event data")
 		return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")

internal/iam/repository/view/model/password_lockout_policy_query.go

@@ -6,53 +6,53 @@ import (
 	"github.com/caos/zitadel/internal/view/repository"
 )
 
-type PasswordLockoutPolicySearchRequest iam_model.PasswordLockoutPolicySearchRequest
-type PasswordLockoutPolicySearchQuery iam_model.PasswordLockoutPolicySearchQuery
-type PasswordLockoutPolicySearchKey iam_model.PasswordLockoutPolicySearchKey
+type LockoutPolicySearchRequest iam_model.LockoutPolicySearchRequest
+type LockoutPolicySearchQuery iam_model.LockoutPolicySearchQuery
+type LockoutPolicySearchKey iam_model.LockoutPolicySearchKey
 
-func (req PasswordLockoutPolicySearchRequest) GetLimit() uint64 {
+func (req LockoutPolicySearchRequest) GetLimit() uint64 {
 	return req.Limit
 }
 
-func (req PasswordLockoutPolicySearchRequest) GetOffset() uint64 {
+func (req LockoutPolicySearchRequest) GetOffset() uint64 {
 	return req.Offset
 }
 
-func (req PasswordLockoutPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == iam_model.PasswordLockoutPolicySearchKeyUnspecified {
+func (req LockoutPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
+	if req.SortingColumn == iam_model.LockoutPolicySearchKeyUnspecified {
 		return nil
 	}
-	return PasswordLockoutPolicySearchKey(req.SortingColumn)
+	return LockoutPolicySearchKey(req.SortingColumn)
 }
 
-func (req PasswordLockoutPolicySearchRequest) GetAsc() bool {
+func (req LockoutPolicySearchRequest) GetAsc() bool {
 	return req.Asc
 }
 
-func (req PasswordLockoutPolicySearchRequest) GetQueries() []repository.SearchQuery {
+func (req LockoutPolicySearchRequest) GetQueries() []repository.SearchQuery {
 	result := make([]repository.SearchQuery, len(req.Queries))
 	for i, q := range req.Queries {
-		result[i] = PasswordLockoutPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
+		result[i] = LockoutPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
 	}
 	return result
 }
 
-func (req PasswordLockoutPolicySearchQuery) GetKey() repository.ColumnKey {
-	return PasswordLockoutPolicySearchKey(req.Key)
+func (req LockoutPolicySearchQuery) GetKey() repository.ColumnKey {
+	return LockoutPolicySearchKey(req.Key)
 }
 
-func (req PasswordLockoutPolicySearchQuery) GetMethod() domain.SearchMethod {
+func (req LockoutPolicySearchQuery) GetMethod() domain.SearchMethod {
 	return req.Method
 }
 
-func (req PasswordLockoutPolicySearchQuery) GetValue() interface{} {
+func (req LockoutPolicySearchQuery) GetValue() interface{} {
 	return req.Value
 }
 
-func (key PasswordLockoutPolicySearchKey) ToColumnName() string {
-	switch iam_model.PasswordLockoutPolicySearchKey(key) {
-	case iam_model.PasswordLockoutPolicySearchKeyAggregateID:
-		return PasswordLockoutKeyAggregateID
+func (key LockoutPolicySearchKey) ToColumnName() string {
+	switch iam_model.LockoutPolicySearchKey(key) {
+	case iam_model.LockoutPolicySearchKeyAggregateID:
+		return LockoutKeyAggregateID
 	default:
 		return ""
 	}

internal/iam/repository/view/password_lockout_policy_view.go

@@ -9,24 +9,24 @@ import (
 	"github.com/jinzhu/gorm"
 )
 
-func GetPasswordLockoutPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordLockoutPolicyView, error) {
-	policy := new(model.PasswordLockoutPolicyView)
-	aggregateIDQuery := &model.PasswordLockoutPolicySearchQuery{Key: iam_model.PasswordLockoutPolicySearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals}
+func GetLockoutPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.LockoutPolicyView, error) {
+	policy := new(model.LockoutPolicyView)
+	aggregateIDQuery := &model.LockoutPolicySearchQuery{Key: iam_model.LockoutPolicySearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals}
 	query := repository.PrepareGetByQuery(table, aggregateIDQuery)
 	err := query(db, policy)
 	if caos_errs.IsNotFound(err) {
-		return nil, caos_errs.ThrowNotFound(nil, "VIEW-M9fsf", "Errors.IAM.PasswordLockoutPolicy.NotExisting")
+		return nil, caos_errs.ThrowNotFound(nil, "VIEW-M9fsf", "Errors.IAM.LockoutPolicy.NotExisting")
 	}
 	return policy, err
 }
 
-func PutPasswordLockoutPolicy(db *gorm.DB, table string, policy *model.PasswordLockoutPolicyView) error {
+func PutLockoutPolicy(db *gorm.DB, table string, policy *model.LockoutPolicyView) error {
 	save := repository.PrepareSave(table)
 	return save(db, policy)
 }
 
-func DeletePasswordLockoutPolicy(db *gorm.DB, table, aggregateID string) error {
-	delete := repository.PrepareDeleteByKey(table, model.PasswordLockoutPolicySearchKey(iam_model.PasswordLockoutPolicySearchKeyAggregateID), aggregateID)
+func DeleteLockoutPolicy(db *gorm.DB, table, aggregateID string) error {
+	delete := repository.PrepareDeleteByKey(table, model.LockoutPolicySearchKey(iam_model.LockoutPolicySearchKeyAggregateID), aggregateID)
 
 	return delete(db)
 }