feat: Lockout policy (#2121)

* feat: lock users if lockout policy is set * feat: setup * feat: lock user on password failes * feat: render error * feat: lock user on command side * feat: auth_req tests * feat: lockout policy docs * feat: remove show lockout failures from proto * fix: console lockout * feat: tests * fix: tests * unlock function * add unlock button * fix migration version * lockout policy * lint * Update internal/auth/repository/eventsourcing/eventstore/auth_request.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err message * Update internal/command/setup_step4.go Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-12 07:57:32 +00:00 · 2021-08-11 08:36:32 +02:00
parent 272e411e27
commit bc951985ed
101 changed files with 2170 additions and 1574 deletions
--- a/internal/repository/org/eventstore.go
+++ b/internal/repository/org/eventstore.go
@@ -53,9 +53,9 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(PasswordComplexityPolicyAddedEventType, PasswordComplexityPolicyAddedEventMapper).
 		RegisterFilterEventMapper(PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper).
 		RegisterFilterEventMapper(PasswordComplexityPolicyRemovedEventType, PasswordComplexityPolicyRemovedEventMapper).
-		RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
-		RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
-		RegisterFilterEventMapper(PasswordLockoutPolicyRemovedEventType, PasswordLockoutPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(LockoutPolicyAddedEventType, LockoutPolicyAddedEventMapper).
+		RegisterFilterEventMapper(LockoutPolicyChangedEventType, LockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(LockoutPolicyRemovedEventType, LockoutPolicyRemovedEventMapper).
 		RegisterFilterEventMapper(PrivacyPolicyAddedEventType, PrivacyPolicyAddedEventMapper).
 		RegisterFilterEventMapper(PrivacyPolicyChangedEventType, PrivacyPolicyChangedEventMapper).
 		RegisterFilterEventMapper(PrivacyPolicyRemovedEventType, PrivacyPolicyRemovedEventMapper).
--- a/internal/repository/org/policy_password_lockout.go
+++ b/internal/repository/org/policy_password_lockout.go
@@ -9,95 +9,95 @@ import (
 )

 var (
-	PasswordLockoutPolicyAddedEventType   = orgEventTypePrefix + policy.PasswordLockoutPolicyAddedEventType
-	PasswordLockoutPolicyChangedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyChangedEventType
-	PasswordLockoutPolicyRemovedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyRemovedEventType
+	LockoutPolicyAddedEventType   = orgEventTypePrefix + policy.LockoutPolicyAddedEventType
+	LockoutPolicyChangedEventType = orgEventTypePrefix + policy.LockoutPolicyChangedEventType
+	LockoutPolicyRemovedEventType = orgEventTypePrefix + policy.LockoutPolicyRemovedEventType
 )

-type PasswordLockoutPolicyAddedEvent struct {
-	policy.PasswordLockoutPolicyAddedEvent
+type LockoutPolicyAddedEvent struct {
+	policy.LockoutPolicyAddedEvent
 }

-func NewPasswordLockoutPolicyAddedEvent(
+func NewLockoutPolicyAddedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
 	maxAttempts uint64,
 	showLockoutFailure bool,
-) *PasswordLockoutPolicyAddedEvent {
-	return &PasswordLockoutPolicyAddedEvent{
-		PasswordLockoutPolicyAddedEvent: *policy.NewPasswordLockoutPolicyAddedEvent(
+) *LockoutPolicyAddedEvent {
+	return &LockoutPolicyAddedEvent{
+		LockoutPolicyAddedEvent: *policy.NewLockoutPolicyAddedEvent(
 			eventstore.NewBaseEventForPush(
 				ctx,
 				aggregate,
-				PasswordLockoutPolicyAddedEventType),
+				LockoutPolicyAddedEventType),
 			maxAttempts,
 			showLockoutFailure),
 	}
 }

-func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
-	e, err := policy.PasswordLockoutPolicyAddedEventMapper(event)
+func LockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LockoutPolicyAddedEventMapper(event)
 	if err != nil {
 		return nil, err
 	}

-	return &PasswordLockoutPolicyAddedEvent{PasswordLockoutPolicyAddedEvent: *e.(*policy.PasswordLockoutPolicyAddedEvent)}, nil
+	return &LockoutPolicyAddedEvent{LockoutPolicyAddedEvent: *e.(*policy.LockoutPolicyAddedEvent)}, nil
 }

-type PasswordLockoutPolicyChangedEvent struct {
-	policy.PasswordLockoutPolicyChangedEvent
+type LockoutPolicyChangedEvent struct {
+	policy.LockoutPolicyChangedEvent
 }

-func NewPasswordLockoutPolicyChangedEvent(
+func NewLockoutPolicyChangedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
-	changes []policy.PasswordLockoutPolicyChanges,
-) (*PasswordLockoutPolicyChangedEvent, error) {
-	changedEvent, err := policy.NewPasswordLockoutPolicyChangedEvent(
+	changes []policy.LockoutPolicyChanges,
+) (*LockoutPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewLockoutPolicyChangedEvent(
 		eventstore.NewBaseEventForPush(
 			ctx,
 			aggregate,
-			PasswordLockoutPolicyChangedEventType),
+			LockoutPolicyChangedEventType),
 		changes,
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *changedEvent}, nil
+	return &LockoutPolicyChangedEvent{LockoutPolicyChangedEvent: *changedEvent}, nil
 }

-func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
-	e, err := policy.PasswordLockoutPolicyChangedEventMapper(event)
+func LockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LockoutPolicyChangedEventMapper(event)
 	if err != nil {
 		return nil, err
 	}

-	return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *e.(*policy.PasswordLockoutPolicyChangedEvent)}, nil
+	return &LockoutPolicyChangedEvent{LockoutPolicyChangedEvent: *e.(*policy.LockoutPolicyChangedEvent)}, nil
 }

-type PasswordLockoutPolicyRemovedEvent struct {
-	policy.PasswordLockoutPolicyRemovedEvent
+type LockoutPolicyRemovedEvent struct {
+	policy.LockoutPolicyRemovedEvent
 }

-func NewPasswordLockoutPolicyRemovedEvent(
+func NewLockoutPolicyRemovedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
-) *PasswordLockoutPolicyRemovedEvent {
-	return &PasswordLockoutPolicyRemovedEvent{
-		PasswordLockoutPolicyRemovedEvent: *policy.NewPasswordLockoutPolicyRemovedEvent(
+) *LockoutPolicyRemovedEvent {
+	return &LockoutPolicyRemovedEvent{
+		LockoutPolicyRemovedEvent: *policy.NewLockoutPolicyRemovedEvent(
 			eventstore.NewBaseEventForPush(
 				ctx,
 				aggregate,
-				PasswordLockoutPolicyRemovedEventType),
+				LockoutPolicyRemovedEventType),
 		),
 	}
 }

-func PasswordLockoutPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
-	e, err := policy.PasswordLockoutPolicyRemovedEventMapper(event)
+func LockoutPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LockoutPolicyRemovedEventMapper(event)
 	if err != nil {
 		return nil, err
 	}

-	return &PasswordLockoutPolicyRemovedEvent{PasswordLockoutPolicyRemovedEvent: *e.(*policy.PasswordLockoutPolicyRemovedEvent)}, nil
+	return &LockoutPolicyRemovedEvent{LockoutPolicyRemovedEvent: *e.(*policy.LockoutPolicyRemovedEvent)}, nil
 }