feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set * feat: setup * feat: lock user on password failes * feat: render error * feat: lock user on command side * feat: auth_req tests * feat: lockout policy docs * feat: remove show lockout failures from proto * fix: console lockout * feat: tests * fix: tests * unlock function * add unlock button * fix migration version * lockout policy * lint * Update internal/auth/repository/eventsourcing/eventstore/auth_request.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err message * Update internal/command/setup_step4.go Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-12 01:37:31 +00:00 · 2021-08-11 08:36:32 +02:00
parent 272e411e27
commit bc951985ed
101 changed files with 2170 additions and 1574 deletions
--- a/internal/iam/model/iam.go
+++ b/internal/iam/model/iam.go
@@ -35,7 +35,7 @@ type IAM struct {
 	DefaultOrgIAMPolicy             *OrgIAMPolicy
 	DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
 	DefaultPasswordAgePolicy        *PasswordAgePolicy
-	DefaultPasswordLockoutPolicy    *PasswordLockoutPolicy
+	DefaultLockoutPolicy            *LockoutPolicy
 	DefaultMailTemplate             *MailTemplate
 	DefaultMailTexts                []*MailText
 }
--- a/internal/iam/model/password_lockout_policy.go
+++ b/internal/iam/model/password_lockout_policy.go
@@ -4,10 +4,10 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 )

-type PasswordLockoutPolicy struct {
+type LockoutPolicy struct {
 	models.ObjectRoot

 	State               PolicyState
-	MaxAttempts         uint64
+	MaxPasswordAttempts uint64
 	ShowLockOutFailures bool
 }
--- a/internal/iam/model/password_lockout_policy_view.go
+++ b/internal/iam/model/password_lockout_policy_view.go
@@ -5,9 +5,9 @@ import (
 	"time"
 )

-type PasswordLockoutPolicyView struct {
+type LockoutPolicyView struct {
 	AggregateID         string
-	MaxAttempts         uint64
+	MaxPasswordAttempts uint64
 	ShowLockOutFailures bool
 	Default             bool

@@ -16,32 +16,32 @@ type PasswordLockoutPolicyView struct {
 	Sequence     uint64
 }

-type PasswordLockoutPolicySearchRequest struct {
+type LockoutPolicySearchRequest struct {
 	Offset        uint64
 	Limit         uint64
-	SortingColumn PasswordLockoutPolicySearchKey
+	SortingColumn LockoutPolicySearchKey
 	Asc           bool
-	Queries       []*PasswordLockoutPolicySearchQuery
+	Queries       []*LockoutPolicySearchQuery
 }

-type PasswordLockoutPolicySearchKey int32
+type LockoutPolicySearchKey int32

 const (
-	PasswordLockoutPolicySearchKeyUnspecified PasswordLockoutPolicySearchKey = iota
-	PasswordLockoutPolicySearchKeyAggregateID
+	LockoutPolicySearchKeyUnspecified LockoutPolicySearchKey = iota
+	LockoutPolicySearchKeyAggregateID
 )

-type PasswordLockoutPolicySearchQuery struct {
-	Key    PasswordLockoutPolicySearchKey
+type LockoutPolicySearchQuery struct {
+	Key    LockoutPolicySearchKey
 	Method domain.SearchMethod
 	Value  interface{}
 }

-type PasswordLockoutPolicySearchResponse struct {
+type LockoutPolicySearchResponse struct {
 	Offset      uint64
 	Limit       uint64
 	TotalResult uint64
-	Result      []*PasswordLockoutPolicyView
+	Result      []*LockoutPolicyView
 	Sequence    uint64
 	Timestamp   time.Time
 }