feat: V2 alpha import and export of organizations (#3798)

* feat(import): add functionality to import data into an instance * feat(import): move import to admin api and additional checks for nil pointer * fix(export): export implementation with filtered members and grants * fix: export and import implementation * fix: add possibility to export hashed passwords with the user * fix(import): import with structure of v1 and v2 * docs: add v1 proto * fix(import): check im imported user is already existing * fix(import): add otp import function * fix(import): add external idps, domains, custom text and messages * fix(import): correct usage of default values from login policy * fix(export): fix renaming of add project function * fix(import): move checks for unit tests * expect filter * fix(import): move checks for unit tests * fix(import): move checks for unit tests * fix(import): produce prerelease from branch * fix(import): correctly use provided user id for machine user imports * fix(import): corrected otp import and added guide for export and import * fix: import verified and primary domains * fix(import): add reading from gcs, s3 and localfile with tracing * fix(import): gcs and s3, file size correction and error logging * Delete docker-compose.yml * fix(import): progress logging and count of resources * fix(import): progress logging and count of resources * log subscription * fix(import): incorporate review * fix(import): incorporate review * docs: add suggestion for import Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix(import): add verification otp event and handling of deleted but existing users Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2025-08-12 07:27:33 +00:00 · 2022-07-28 15:42:35 +02:00
parent d620126aab
commit bc9a85daf3
51 changed files with 4430 additions and 648 deletions
--- a/internal/command/user_human_otp.go
+++ b/internal/command/user_human_otp.go
@@ -2,6 +2,7 @@ package command

 import (
 	"context"
+	"github.com/zitadel/zitadel/internal/crypto"

 	"github.com/zitadel/logging"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,6 +12,28 @@ import (
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 )

+func (c *Commands) ImportHumanOTP(ctx context.Context, userID, userAgentID, resourceowner string, key string) error {
+	encryptedSecret, err := crypto.Encrypt([]byte(key), c.multifactors.OTP.CryptoMFA)
+	if err != nil {
+		return err
+	}
+
+	otpWriteModel, err := c.otpWriteModelByID(ctx, userID, resourceowner)
+	if err != nil {
+		return err
+	}
+	if otpWriteModel.State == domain.MFAStateReady {
+		return caos_errs.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady")
+	}
+	userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel)
+
+	_, err = c.eventstore.Push(ctx,
+		user.NewHumanOTPAddedEvent(ctx, userAgg, encryptedSecret),
+		user.NewHumanOTPVerifiedEvent(ctx, userAgg, userAgentID),
+	)
+	return err
+}
+
 func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string) (*domain.OTP, error) {
 	if userID == "" {
 		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing")
@@ -30,6 +53,7 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string
 		logging.Log("COMMAND-y5zv9").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname")
 		return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound")
 	}
+
 	otpWriteModel, err := c.otpWriteModelByID(ctx, userID, resourceowner)
 	if err != nil {
 		return nil, err
@@ -38,6 +62,7 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string
 		return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-do9se", "Errors.User.MFA.OTP.AlreadyReady")
 	}
 	userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel)
+
 	accountName := domain.GenerateLoginName(human.GetUsername(), org.PrimaryDomain, orgPolicy.UserLoginMustBeDomain)
 	if accountName == "" {
 		accountName = human.EmailAddress
@@ -46,8 +71,8 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string
 	if err != nil {
 		return nil, err
 	}
-	_, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret))

+	_, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret))
 	if err != nil {
 		return nil, err
 	}