feat: V2 alpha import and export of organizations (#3798)

* feat(import): add functionality to import data into an instance * feat(import): move import to admin api and additional checks for nil pointer * fix(export): export implementation with filtered members and grants * fix: export and import implementation * fix: add possibility to export hashed passwords with the user * fix(import): import with structure of v1 and v2 * docs: add v1 proto * fix(import): check im imported user is already existing * fix(import): add otp import function * fix(import): add external idps, domains, custom text and messages * fix(import): correct usage of default values from login policy * fix(export): fix renaming of add project function * fix(import): move checks for unit tests * expect filter * fix(import): move checks for unit tests * fix(import): move checks for unit tests * fix(import): produce prerelease from branch * fix(import): correctly use provided user id for machine user imports * fix(import): corrected otp import and added guide for export and import * fix: import verified and primary domains * fix(import): add reading from gcs, s3 and localfile with tracing * fix(import): gcs and s3, file size correction and error logging * Delete docker-compose.yml * fix(import): progress logging and count of resources * fix(import): progress logging and count of resources * log subscription * fix(import): incorporate review * fix(import): incorporate review * docs: add suggestion for import Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix(import): add verification otp event and handling of deleted but existing users Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2025-08-12 10:27:33 +00:00 · 2022-07-28 15:42:35 +02:00
parent d620126aab
commit bc9a85daf3
51 changed files with 4430 additions and 648 deletions
--- a/internal/query/user_otp.go
+++ b/internal/query/user_otp.go
@@ -0,0 +1,91 @@
+package query
+
+import (
+	"context"
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/user"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func (q *Queries) GetHumanOTPSecret(ctx context.Context, userID, resourceowner string) (string, error) {
+	if userID == "" {
+		return "", caos_errs.ThrowPreconditionFailed(nil, "QUERY-8N9ds", "Errors.User.UserIDMissing")
+	}
+	existingOTP, err := q.otpWriteModelByID(ctx, userID, resourceowner)
+	if err != nil {
+		return "", err
+	}
+	if existingOTP.State != domain.MFAStateReady {
+		return "", caos_errs.ThrowNotFound(nil, "QUERY-01982h", "Errors.User.NotFound")
+	}
+
+	return crypto.DecryptString(existingOTP.Secret, q.multifactors.OTP.CryptoMFA)
+}
+
+func (q *Queries) otpWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPWriteModel, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	writeModel = NewHumanOTPWriteModel(userID, resourceOwner)
+	err = q.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return nil, err
+	}
+	return writeModel, nil
+}
+
+type HumanOTPWriteModel struct {
+	eventstore.WriteModel
+
+	State  domain.MFAState
+	Secret *crypto.CryptoValue
+}
+
+func NewHumanOTPWriteModel(userID, resourceOwner string) *HumanOTPWriteModel {
+	return &HumanOTPWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   userID,
+			ResourceOwner: resourceOwner,
+		},
+	}
+}
+
+func (wm *HumanOTPWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *user.HumanOTPAddedEvent:
+			wm.Secret = e.Secret
+			wm.State = domain.MFAStateNotReady
+		case *user.HumanOTPVerifiedEvent:
+			wm.State = domain.MFAStateReady
+		case *user.HumanOTPRemovedEvent:
+			wm.State = domain.MFAStateRemoved
+		case *user.UserRemovedEvent:
+			wm.State = domain.MFAStateRemoved
+		}
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *HumanOTPWriteModel) Query() *eventstore.SearchQueryBuilder {
+	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		AddQuery().
+		AggregateTypes(user.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		EventTypes(user.HumanMFAOTPAddedType,
+			user.HumanMFAOTPVerifiedType,
+			user.HumanMFAOTPRemovedType,
+			user.UserRemovedType,
+			user.UserV1MFAOTPAddedType,
+			user.UserV1MFAOTPVerifiedType,
+			user.UserV1MFAOTPRemovedType).
+		Builder()
+
+	if wm.ResourceOwner != "" {
+		query.ResourceOwner(wm.ResourceOwner)
+	}
+	return query
+}