feat: allow domain discovery for unknown usernames (#4484)

* fix: wait for projection initialization to be done * feat: allow domain discovery for unknown usernames * fix linting * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/en.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/fr.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix zh i18n text * fix projection table name Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2025-10-20 11:23:58 +00:00 · 2022-10-06 13:30:14 +02:00
parent ce22961d8e
commit bffb10a4b4
46 changed files with 519 additions and 370 deletions
--- a/console/src/app/modules/policies/login-policy/login-policy.component.html
+++ b/console/src/app/modules/policies/login-policy/login-policy.component.html
@@ -285,6 +285,28 @@
    </ng-template> -->
  </div>

+  <div class="login-policy-row">
+    <mat-checkbox
+      class="login-policy-toggle"
+      color="primary"
+      ngDefaultControl
+      [(ngModel)]="loginData.allowDomainDiscovery"
+      [disabled]="
+        ([
+          serviceType === PolicyComponentServiceType.ADMIN
+            ? 'iam.policy.write'
+            : serviceType === PolicyComponentServiceType.MGMT
+            ? 'policy.write'
+            : ''
+        ]
+          | hasRole
+          | async) === false
+      "
+    >
+      {{ 'POLICY.DATA.ALLOWDOMAINDISCOVERY' | translate }}
+    </mat-checkbox>
+  </div>
+
  <div class="login-policy-row">
    <mat-checkbox
      class="login-policy-toggle"
--- a/console/src/app/modules/policies/login-policy/login-policy.component.ts
+++ b/console/src/app/modules/policies/login-policy/login-policy.component.ts
@@ -11,6 +11,7 @@ import {
 import {
  AddCustomLoginPolicyRequest,
  GetLoginPolicyResponse as MgmtGetLoginPolicyResponse,
+  UpdateCustomLoginPolicyRequest,
 } from 'src/app/proto/generated/zitadel/management_pb';
 import { LoginPolicy, PasswordlessType } from 'src/app/proto/generated/zitadel/policy_pb';
 import { AdminService } from 'src/app/services/admin.service';
@@ -144,37 +145,65 @@ export class LoginPolicyComponent implements OnInit {
    if (this.loginData) {
      switch (this.serviceType) {
        case PolicyComponentServiceType.MGMT:
-          const mgmtreq = new AddCustomLoginPolicyRequest();
-          mgmtreq.setAllowExternalIdp(this.loginData.allowExternalIdp);
-          mgmtreq.setAllowRegister(this.loginData.allowRegister);
-          mgmtreq.setAllowUsernamePassword(this.loginData.allowUsernamePassword);
-          mgmtreq.setForceMfa(this.loginData.forceMfa);
-          mgmtreq.setPasswordlessType(this.loginData.passwordlessType);
-          mgmtreq.setHidePasswordReset(this.loginData.hidePasswordReset);
-          mgmtreq.setMultiFactorsList(this.loginData.multiFactorsList);
-          mgmtreq.setSecondFactorsList(this.loginData.secondFactorsList);
-
-          const pcl = new Duration().setSeconds((this.passwordCheckLifetime?.value ?? 240) * 60 * 60);
-          mgmtreq.setPasswordCheckLifetime(pcl);
-
-          const elcl = new Duration().setSeconds((this.externalLoginCheckLifetime?.value ?? 12) * 60 * 60);
-          mgmtreq.setExternalLoginCheckLifetime(elcl);
-
-          const misl = new Duration().setSeconds((this.mfaInitSkipLifetime?.value ?? 720) * 60 * 60);
-          mgmtreq.setMfaInitSkipLifetime(misl);
-
-          const sfcl = new Duration().setSeconds((this.secondFactorCheckLifetime?.value ?? 12) * 60 * 60);
-          mgmtreq.setSecondFactorCheckLifetime(sfcl);
-
-          const mficl = new Duration().setSeconds((this.multiFactorCheckLifetime?.value ?? 12) * 60 * 60);
-          mgmtreq.setMultiFactorCheckLifetime(mficl);
-
-          mgmtreq.setIgnoreUnknownUsernames(this.loginData.ignoreUnknownUsernames);
-          mgmtreq.setDefaultRedirectUri(this.loginData.defaultRedirectUri);
-
          if (this.isDefault) {
+            const mgmtreq = new AddCustomLoginPolicyRequest();
+            mgmtreq.setAllowExternalIdp(this.loginData.allowExternalIdp);
+            mgmtreq.setAllowRegister(this.loginData.allowRegister);
+            mgmtreq.setAllowUsernamePassword(this.loginData.allowUsernamePassword);
+            mgmtreq.setForceMfa(this.loginData.forceMfa);
+            mgmtreq.setPasswordlessType(this.loginData.passwordlessType);
+            mgmtreq.setHidePasswordReset(this.loginData.hidePasswordReset);
+            mgmtreq.setMultiFactorsList(this.loginData.multiFactorsList);
+            mgmtreq.setSecondFactorsList(this.loginData.secondFactorsList);
+
+            const pcl = new Duration().setSeconds((this.passwordCheckLifetime?.value ?? 240) * 60 * 60);
+            mgmtreq.setPasswordCheckLifetime(pcl);
+
+            const elcl = new Duration().setSeconds((this.externalLoginCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setExternalLoginCheckLifetime(elcl);
+
+            const misl = new Duration().setSeconds((this.mfaInitSkipLifetime?.value ?? 720) * 60 * 60);
+            mgmtreq.setMfaInitSkipLifetime(misl);
+
+            const sfcl = new Duration().setSeconds((this.secondFactorCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setSecondFactorCheckLifetime(sfcl);
+
+            const mficl = new Duration().setSeconds((this.multiFactorCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setMultiFactorCheckLifetime(mficl);
+
+            mgmtreq.setAllowDomainDiscovery(this.loginData.allowDomainDiscovery);
+            mgmtreq.setIgnoreUnknownUsernames(this.loginData.ignoreUnknownUsernames);
+            mgmtreq.setDefaultRedirectUri(this.loginData.defaultRedirectUri);
+
            return (this.service as ManagementService).addCustomLoginPolicy(mgmtreq);
          } else {
+            const mgmtreq = new UpdateCustomLoginPolicyRequest();
+            mgmtreq.setAllowExternalIdp(this.loginData.allowExternalIdp);
+            mgmtreq.setAllowRegister(this.loginData.allowRegister);
+            mgmtreq.setAllowUsernamePassword(this.loginData.allowUsernamePassword);
+            mgmtreq.setForceMfa(this.loginData.forceMfa);
+            mgmtreq.setPasswordlessType(this.loginData.passwordlessType);
+            mgmtreq.setHidePasswordReset(this.loginData.hidePasswordReset);
+
+            const pcl = new Duration().setSeconds((this.passwordCheckLifetime?.value ?? 240) * 60 * 60);
+            mgmtreq.setPasswordCheckLifetime(pcl);
+
+            const elcl = new Duration().setSeconds((this.externalLoginCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setExternalLoginCheckLifetime(elcl);
+
+            const misl = new Duration().setSeconds((this.mfaInitSkipLifetime?.value ?? 720) * 60 * 60);
+            mgmtreq.setMfaInitSkipLifetime(misl);
+
+            const sfcl = new Duration().setSeconds((this.secondFactorCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setSecondFactorCheckLifetime(sfcl);
+
+            const mficl = new Duration().setSeconds((this.multiFactorCheckLifetime?.value ?? 12) * 60 * 60);
+            mgmtreq.setMultiFactorCheckLifetime(mficl);
+
+            mgmtreq.setAllowDomainDiscovery(this.loginData.allowDomainDiscovery);
+            mgmtreq.setIgnoreUnknownUsernames(this.loginData.ignoreUnknownUsernames);
+            mgmtreq.setDefaultRedirectUri(this.loginData.defaultRedirectUri);
+
            return (this.service as ManagementService).updateCustomLoginPolicy(mgmtreq);
          }
        case PolicyComponentServiceType.ADMIN:
@@ -200,6 +229,7 @@ export class LoginPolicyComponent implements OnInit {

          const admin_mficl = new Duration().setSeconds((this.multiFactorCheckLifetime?.value ?? 12) * 60 * 60);
          adminreq.setMultiFactorCheckLifetime(admin_mficl);
+          adminreq.setAllowDomainDiscovery(this.loginData.allowDomainDiscovery);
          adminreq.setIgnoreUnknownUsernames(this.loginData.ignoreUnknownUsernames);
          adminreq.setDefaultRedirectUri(this.loginData.defaultRedirectUri);