mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 04:07:31 +00:00
feat: allow domain discovery for unknown usernames (#4484)
* fix: wait for projection initialization to be done * feat: allow domain discovery for unknown usernames * fix linting * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/en.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/fr.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix zh i18n text * fix projection table name Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
This commit is contained in:
Livio Spring
@@ -30,6 +30,7 @@ type LoginPolicy struct {
|
||||
IsDefault bool
|
||||
HidePasswordReset bool
|
||||
IgnoreUnknownUsernames bool
|
||||
AllowDomainDiscovery bool
|
||||
DefaultRedirectURI string
|
||||
PasswordCheckLifetime time.Duration
|
||||
ExternalLoginCheckLifetime time.Duration
|
||||
@@ -113,6 +114,10 @@ var (
|
||||
name: projection.IgnoreUnknownUsernames,
|
||||
table: loginPolicyTable,
|
||||
}
|
||||
LoginPolicyColumnAllowDomainDiscovery = Column{
|
||||
name: projection.AllowDomainDiscovery,
|
||||
table: loginPolicyTable,
|
||||
}
|
||||
LoginPolicyColumnDefaultRedirectURI = Column{
|
||||
name: projection.DefaultRedirectURI,
|
||||
table: loginPolicyTable,
|
||||
@@ -305,6 +310,7 @@ func prepareLoginPolicyQuery() (sq.SelectBuilder, func(*sql.Rows) (*LoginPolicy,
|
||||
LoginPolicyColumnIsDefault.identifier(),
|
||||
LoginPolicyColumnHidePasswordReset.identifier(),
|
||||
LoginPolicyColumnIgnoreUnknownUsernames.identifier(),
|
||||
LoginPolicyColumnAllowDomainDiscovery.identifier(),
|
||||
LoginPolicyColumnDefaultRedirectURI.identifier(),
|
||||
LoginPolicyColumnPasswordCheckLifetime.identifier(),
|
||||
LoginPolicyColumnExternalLoginCheckLifetime.identifier(),
|
||||
@@ -343,6 +349,7 @@ func prepareLoginPolicyQuery() (sq.SelectBuilder, func(*sql.Rows) (*LoginPolicy,
|
||||
&p.IsDefault,
|
||||
&p.HidePasswordReset,
|
||||
&p.IgnoreUnknownUsernames,
|
||||
&p.AllowDomainDiscovery,
|
||||
&defaultRedirectURI,
|
||||
&p.PasswordCheckLifetime,
|
||||
&p.ExternalLoginCheckLifetime,
|
||||
|
||||
@@ -30,32 +30,33 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQueries(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.aggregate_id,`+
|
||||
` projections.login_policies.creation_date,`+
|
||||
` projections.login_policies.change_date,`+
|
||||
` projections.login_policies.sequence,`+
|
||||
` projections.login_policies.allow_register,`+
|
||||
` projections.login_policies.allow_username_password,`+
|
||||
` projections.login_policies.allow_external_idps,`+
|
||||
` projections.login_policies.force_mfa,`+
|
||||
` projections.login_policies.second_factors,`+
|
||||
` projections.login_policies.multi_factors,`+
|
||||
` projections.login_policies.passwordless_type,`+
|
||||
` projections.login_policies.is_default,`+
|
||||
` projections.login_policies.hide_password_reset,`+
|
||||
` projections.login_policies.ignore_unknown_usernames,`+
|
||||
` projections.login_policies.default_redirect_uri,`+
|
||||
` projections.login_policies.password_check_lifetime,`+
|
||||
` projections.login_policies.external_login_check_lifetime,`+
|
||||
` projections.login_policies.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies.second_factor_check_lifetime,`+
|
||||
` projections.login_policies.multi_factor_check_lifetime,`+
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.aggregate_id,`+
|
||||
` projections.login_policies2.creation_date,`+
|
||||
` projections.login_policies2.change_date,`+
|
||||
` projections.login_policies2.sequence,`+
|
||||
` projections.login_policies2.allow_register,`+
|
||||
` projections.login_policies2.allow_username_password,`+
|
||||
` projections.login_policies2.allow_external_idps,`+
|
||||
` projections.login_policies2.force_mfa,`+
|
||||
` projections.login_policies2.second_factors,`+
|
||||
` projections.login_policies2.multi_factors,`+
|
||||
` projections.login_policies2.passwordless_type,`+
|
||||
` projections.login_policies2.is_default,`+
|
||||
` projections.login_policies2.hide_password_reset,`+
|
||||
` projections.login_policies2.ignore_unknown_usernames,`+
|
||||
` projections.login_policies2.allow_domain_discovery,`+
|
||||
` projections.login_policies2.default_redirect_uri,`+
|
||||
` projections.login_policies2.password_check_lifetime,`+
|
||||
` projections.login_policies2.external_login_check_lifetime,`+
|
||||
` projections.login_policies2.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies2.second_factor_check_lifetime,`+
|
||||
` projections.login_policies2.multi_factor_check_lifetime,`+
|
||||
` projections.idp_login_policy_links3.idp_id,`+
|
||||
` projections.idps2.name,`+
|
||||
` projections.idps2.type`+
|
||||
` FROM projections.login_policies`+
|
||||
` FROM projections.login_policies2`+
|
||||
` LEFT JOIN projections.idp_login_policy_links3 ON `+
|
||||
` projections.login_policies.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` projections.login_policies2.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` LEFT JOIN projections.idps2 ON`+
|
||||
` projections.idp_login_policy_links3.idp_id = projections.idps2.id`),
|
||||
nil,
|
||||
@@ -75,32 +76,33 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.aggregate_id,`+
|
||||
` projections.login_policies.creation_date,`+
|
||||
` projections.login_policies.change_date,`+
|
||||
` projections.login_policies.sequence,`+
|
||||
` projections.login_policies.allow_register,`+
|
||||
` projections.login_policies.allow_username_password,`+
|
||||
` projections.login_policies.allow_external_idps,`+
|
||||
` projections.login_policies.force_mfa,`+
|
||||
` projections.login_policies.second_factors,`+
|
||||
` projections.login_policies.multi_factors,`+
|
||||
` projections.login_policies.passwordless_type,`+
|
||||
` projections.login_policies.is_default,`+
|
||||
` projections.login_policies.hide_password_reset,`+
|
||||
` projections.login_policies.ignore_unknown_usernames,`+
|
||||
` projections.login_policies.default_redirect_uri,`+
|
||||
` projections.login_policies.password_check_lifetime,`+
|
||||
` projections.login_policies.external_login_check_lifetime,`+
|
||||
` projections.login_policies.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies.second_factor_check_lifetime,`+
|
||||
` projections.login_policies.multi_factor_check_lifetime,`+
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.aggregate_id,`+
|
||||
` projections.login_policies2.creation_date,`+
|
||||
` projections.login_policies2.change_date,`+
|
||||
` projections.login_policies2.sequence,`+
|
||||
` projections.login_policies2.allow_register,`+
|
||||
` projections.login_policies2.allow_username_password,`+
|
||||
` projections.login_policies2.allow_external_idps,`+
|
||||
` projections.login_policies2.force_mfa,`+
|
||||
` projections.login_policies2.second_factors,`+
|
||||
` projections.login_policies2.multi_factors,`+
|
||||
` projections.login_policies2.passwordless_type,`+
|
||||
` projections.login_policies2.is_default,`+
|
||||
` projections.login_policies2.hide_password_reset,`+
|
||||
` projections.login_policies2.ignore_unknown_usernames,`+
|
||||
` projections.login_policies2.allow_domain_discovery,`+
|
||||
` projections.login_policies2.default_redirect_uri,`+
|
||||
` projections.login_policies2.password_check_lifetime,`+
|
||||
` projections.login_policies2.external_login_check_lifetime,`+
|
||||
` projections.login_policies2.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies2.second_factor_check_lifetime,`+
|
||||
` projections.login_policies2.multi_factor_check_lifetime,`+
|
||||
` projections.idp_login_policy_links3.idp_id,`+
|
||||
` projections.idps2.name,`+
|
||||
` projections.idps2.type`+
|
||||
` FROM projections.login_policies`+
|
||||
` FROM projections.login_policies2`+
|
||||
` LEFT JOIN projections.idp_login_policy_links3 ON `+
|
||||
` projections.login_policies.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` projections.login_policies2.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` LEFT JOIN projections.idps2 ON`+
|
||||
` projections.idp_login_policy_links3.idp_id = projections.idps2.id`),
|
||||
[]string{
|
||||
@@ -118,6 +120,7 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
"is_default",
|
||||
"hide_password_reset",
|
||||
"ignore_unknown_usernames",
|
||||
"allow_domain_discovery",
|
||||
"default_redirect_uri",
|
||||
"password_check_lifetime",
|
||||
"external_login_check_lifetime",
|
||||
@@ -143,6 +146,7 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
"https://example.com/redirect",
|
||||
time.Hour * 2,
|
||||
time.Hour * 2,
|
||||
@@ -170,6 +174,7 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
IsDefault: true,
|
||||
HidePasswordReset: true,
|
||||
IgnoreUnknownUsernames: true,
|
||||
AllowDomainDiscovery: true,
|
||||
DefaultRedirectURI: "https://example.com/redirect",
|
||||
PasswordCheckLifetime: time.Hour * 2,
|
||||
ExternalLoginCheckLifetime: time.Hour * 2,
|
||||
@@ -190,32 +195,33 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQueryErr(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.aggregate_id,`+
|
||||
` projections.login_policies.creation_date,`+
|
||||
` projections.login_policies.change_date,`+
|
||||
` projections.login_policies.sequence,`+
|
||||
` projections.login_policies.allow_register,`+
|
||||
` projections.login_policies.allow_username_password,`+
|
||||
` projections.login_policies.allow_external_idps,`+
|
||||
` projections.login_policies.force_mfa,`+
|
||||
` projections.login_policies.second_factors,`+
|
||||
` projections.login_policies.multi_factors,`+
|
||||
` projections.login_policies.passwordless_type,`+
|
||||
` projections.login_policies.is_default,`+
|
||||
` projections.login_policies.hide_password_reset,`+
|
||||
` projections.login_policies.ignore_unknown_usernames,`+
|
||||
` projections.login_policies.default_redirect_uri,`+
|
||||
` projections.login_policies.password_check_lifetime,`+
|
||||
` projections.login_policies.external_login_check_lifetime,`+
|
||||
` projections.login_policies.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies.second_factor_check_lifetime,`+
|
||||
` projections.login_policies.multi_factor_check_lifetime,`+
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.aggregate_id,`+
|
||||
` projections.login_policies2.creation_date,`+
|
||||
` projections.login_policies2.change_date,`+
|
||||
` projections.login_policies2.sequence,`+
|
||||
` projections.login_policies2.allow_register,`+
|
||||
` projections.login_policies2.allow_username_password,`+
|
||||
` projections.login_policies2.allow_external_idps,`+
|
||||
` projections.login_policies2.force_mfa,`+
|
||||
` projections.login_policies2.second_factors,`+
|
||||
` projections.login_policies2.multi_factors,`+
|
||||
` projections.login_policies2.passwordless_type,`+
|
||||
` projections.login_policies2.is_default,`+
|
||||
` projections.login_policies2.hide_password_reset,`+
|
||||
` projections.login_policies2.ignore_unknown_usernames,`+
|
||||
` projections.login_policies2.allow_domain_discovery,`+
|
||||
` projections.login_policies2.default_redirect_uri,`+
|
||||
` projections.login_policies2.password_check_lifetime,`+
|
||||
` projections.login_policies2.external_login_check_lifetime,`+
|
||||
` projections.login_policies2.mfa_init_skip_lifetime,`+
|
||||
` projections.login_policies2.second_factor_check_lifetime,`+
|
||||
` projections.login_policies2.multi_factor_check_lifetime,`+
|
||||
` projections.idp_login_policy_links3.idp_id,`+
|
||||
` projections.idps2.name,`+
|
||||
` projections.idps2.type`+
|
||||
` FROM projections.login_policies`+
|
||||
` FROM projections.login_policies2`+
|
||||
` LEFT JOIN projections.idp_login_policy_links3 ON `+
|
||||
` projections.login_policies.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` projections.login_policies2.aggregate_id = projections.idp_login_policy_links3.aggregate_id`+
|
||||
` LEFT JOIN projections.idps2 ON`+
|
||||
` projections.idp_login_policy_links3.idp_id = projections.idps2.id`),
|
||||
sql.ErrConnDone,
|
||||
@@ -234,8 +240,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicy2FAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.second_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.second_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"second_factors",
|
||||
},
|
||||
@@ -255,8 +261,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicy2FAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.second_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.second_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"second_factors",
|
||||
},
|
||||
@@ -277,8 +283,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicy2FAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.second_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.second_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"second_factors",
|
||||
},
|
||||
@@ -294,8 +300,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicy2FAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQueryErr(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.second_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.second_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
sql.ErrConnDone,
|
||||
),
|
||||
err: func(err error) (error, bool) {
|
||||
@@ -312,8 +318,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyMFAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.multi_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.multi_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"multi_factors",
|
||||
},
|
||||
@@ -333,8 +339,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyMFAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.multi_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.multi_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"multi_factors",
|
||||
},
|
||||
@@ -355,8 +361,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyMFAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQuery(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.multi_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.multi_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
[]string{
|
||||
"multi_factors",
|
||||
},
|
||||
@@ -372,8 +378,8 @@ func Test_LoginPolicyPrepares(t *testing.T) {
|
||||
prepare: prepareLoginPolicyMFAsQuery,
|
||||
want: want{
|
||||
sqlExpectations: mockQueryErr(
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies.multi_factors`+
|
||||
` FROM projections.login_policies`),
|
||||
regexp.QuoteMeta(`SELECT projections.login_policies2.multi_factors`+
|
||||
` FROM projections.login_policies2`),
|
||||
sql.ErrConnDone,
|
||||
),
|
||||
err: func(err error) (error, bool) {
|
||||
|
||||
@@ -104,7 +104,7 @@ func (q *Queries) OrgByID(ctx context.Context, shouldTriggerBulk bool, id string
|
||||
return scan(row)
|
||||
}
|
||||
|
||||
func (q *Queries) OrgByDomainGlobal(ctx context.Context, domain string) (*Org, error) {
|
||||
func (q *Queries) OrgByPrimaryDomain(ctx context.Context, domain string) (*Org, error) {
|
||||
stmt, scan := prepareOrgQuery()
|
||||
query, args, err := stmt.Where(sq.Eq{
|
||||
OrgColumnDomain.identifier(): domain,
|
||||
@@ -118,6 +118,21 @@ func (q *Queries) OrgByDomainGlobal(ctx context.Context, domain string) (*Org, e
|
||||
return scan(row)
|
||||
}
|
||||
|
||||
func (q *Queries) OrgByVerifiedDomain(ctx context.Context, domain string) (*Org, error) {
|
||||
stmt, scan := prepareOrgWithDomainsQuery()
|
||||
query, args, err := stmt.Where(sq.Eq{
|
||||
OrgDomainDomainCol.identifier(): domain,
|
||||
OrgDomainIsVerifiedCol.identifier(): true,
|
||||
OrgColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
||||
}).ToSql()
|
||||
if err != nil {
|
||||
return nil, errors.ThrowInternal(err, "QUERY-TYUCE", "Errors.Query.SQLStatement")
|
||||
}
|
||||
|
||||
row := q.client.QueryRowContext(ctx, query, args...)
|
||||
return scan(row)
|
||||
}
|
||||
|
||||
func (q *Queries) IsOrgUnique(ctx context.Context, name, domain string) (isUnique bool, err error) {
|
||||
if name == "" && domain == "" {
|
||||
return false, errors.ThrowInvalidArgument(nil, "QUERY-DGqfd", "Errors.Query.InvalidRequest")
|
||||
@@ -268,6 +283,42 @@ func prepareOrgQuery() (sq.SelectBuilder, func(*sql.Row) (*Org, error)) {
|
||||
}
|
||||
}
|
||||
|
||||
func prepareOrgWithDomainsQuery() (sq.SelectBuilder, func(*sql.Row) (*Org, error)) {
|
||||
return sq.Select(
|
||||
OrgColumnID.identifier(),
|
||||
OrgColumnCreationDate.identifier(),
|
||||
OrgColumnChangeDate.identifier(),
|
||||
OrgColumnResourceOwner.identifier(),
|
||||
OrgColumnState.identifier(),
|
||||
OrgColumnSequence.identifier(),
|
||||
OrgColumnName.identifier(),
|
||||
OrgColumnDomain.identifier(),
|
||||
).
|
||||
From(orgsTable.identifier()).
|
||||
LeftJoin(join(OrgDomainOrgIDCol, OrgColumnID)).
|
||||
PlaceholderFormat(sq.Dollar),
|
||||
func(row *sql.Row) (*Org, error) {
|
||||
o := new(Org)
|
||||
err := row.Scan(
|
||||
&o.ID,
|
||||
&o.CreationDate,
|
||||
&o.ChangeDate,
|
||||
&o.ResourceOwner,
|
||||
&o.State,
|
||||
&o.Sequence,
|
||||
&o.Name,
|
||||
&o.Domain,
|
||||
)
|
||||
if err != nil {
|
||||
if errs.Is(err, sql.ErrNoRows) {
|
||||
return nil, errors.ThrowNotFound(err, "QUERY-iTTGJ", "Errors.Org.NotFound")
|
||||
}
|
||||
return nil, errors.ThrowInternal(err, "QUERY-pWS5H", "Errors.Internal")
|
||||
}
|
||||
return o, nil
|
||||
}
|
||||
}
|
||||
|
||||
func prepareOrgUniqueQuery() (sq.SelectBuilder, func(*sql.Row) (bool, error)) {
|
||||
return sq.Select(uniqueColumn.identifier()).
|
||||
From(orgsTable.identifier()).PlaceholderFormat(sq.Dollar),
|
||||
|
||||
@@ -13,7 +13,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
LoginPolicyTable = "projections.login_policies"
|
||||
LoginPolicyTable = "projections.login_policies2"
|
||||
|
||||
LoginPolicyIDCol = "aggregate_id"
|
||||
LoginPolicyInstanceIDCol = "instance_id"
|
||||
@@ -30,6 +30,7 @@ const (
|
||||
LoginPolicyPasswordlessTypeCol = "passwordless_type"
|
||||
LoginPolicyHidePWResetCol = "hide_password_reset"
|
||||
IgnoreUnknownUsernames = "ignore_unknown_usernames"
|
||||
AllowDomainDiscovery = "allow_domain_discovery"
|
||||
DefaultRedirectURI = "default_redirect_uri"
|
||||
PasswordCheckLifetimeCol = "password_check_lifetime"
|
||||
ExternalLoginCheckLifetimeCol = "external_login_check_lifetime"
|
||||
@@ -63,6 +64,7 @@ func newLoginPolicyProjection(ctx context.Context, config crdb.StatementHandlerC
|
||||
crdb.NewColumn(LoginPolicyPasswordlessTypeCol, crdb.ColumnTypeEnum),
|
||||
crdb.NewColumn(LoginPolicyHidePWResetCol, crdb.ColumnTypeBool),
|
||||
crdb.NewColumn(IgnoreUnknownUsernames, crdb.ColumnTypeBool),
|
||||
crdb.NewColumn(AllowDomainDiscovery, crdb.ColumnTypeBool),
|
||||
crdb.NewColumn(DefaultRedirectURI, crdb.ColumnTypeText, crdb.Nullable()),
|
||||
crdb.NewColumn(PasswordCheckLifetimeCol, crdb.ColumnTypeInt64),
|
||||
crdb.NewColumn(ExternalLoginCheckLifetimeCol, crdb.ColumnTypeInt64),
|
||||
@@ -172,6 +174,7 @@ func (p *loginPolicyProjection) reduceLoginPolicyAdded(event eventstore.Event) (
|
||||
handler.NewCol(LoginPolicyIsDefaultCol, isDefault),
|
||||
handler.NewCol(LoginPolicyHidePWResetCol, policyEvent.HidePasswordReset),
|
||||
handler.NewCol(IgnoreUnknownUsernames, policyEvent.IgnoreUnknownUsernames),
|
||||
handler.NewCol(AllowDomainDiscovery, policyEvent.AllowDomainDiscovery),
|
||||
handler.NewCol(DefaultRedirectURI, policyEvent.DefaultRedirectURI),
|
||||
handler.NewCol(PasswordCheckLifetimeCol, policyEvent.PasswordCheckLifetime),
|
||||
handler.NewCol(ExternalLoginCheckLifetimeCol, policyEvent.ExternalLoginCheckLifetime),
|
||||
@@ -217,6 +220,9 @@ func (p *loginPolicyProjection) reduceLoginPolicyChanged(event eventstore.Event)
|
||||
if policyEvent.IgnoreUnknownUsernames != nil {
|
||||
cols = append(cols, handler.NewCol(IgnoreUnknownUsernames, *policyEvent.IgnoreUnknownUsernames))
|
||||
}
|
||||
if policyEvent.AllowDomainDiscovery != nil {
|
||||
cols = append(cols, handler.NewCol(AllowDomainDiscovery, *policyEvent.AllowDomainDiscovery))
|
||||
}
|
||||
if policyEvent.DefaultRedirectURI != nil {
|
||||
cols = append(cols, handler.NewCol(DefaultRedirectURI, *policyEvent.DefaultRedirectURI))
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
want wantReduce
|
||||
}{
|
||||
{
|
||||
name: "org.reduceLoginPolicyAdded",
|
||||
name: "org reduceLoginPolicyAdded",
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
repository.EventType(org.LoginPolicyAddedEventType),
|
||||
@@ -36,6 +36,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
"forceMFA": false,
|
||||
"hidePasswordReset": true,
|
||||
"ignoreUnknownUsernames": true,
|
||||
"allowDomainDiscovery": true,
|
||||
"passwordlessType": 1,
|
||||
"defaultRedirectURI": "https://example.com/redirect",
|
||||
"passwordCheckLifetime": 10000000,
|
||||
@@ -55,7 +56,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.login_policies (aggregate_id, instance_id, creation_date, change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, is_default, hide_password_reset, ignore_unknown_usernames, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19)",
|
||||
expectedStmt: "INSERT INTO projections.login_policies2 (aggregate_id, instance_id, creation_date, change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, is_default, hide_password_reset, ignore_unknown_usernames, allow_domain_discovery, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -70,6 +71,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
false,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
"https://example.com/redirect",
|
||||
time.Millisecond * 10,
|
||||
time.Millisecond * 10,
|
||||
@@ -83,7 +85,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduceLoginPolicyChanged",
|
||||
name: "org reduceLoginPolicyChanged",
|
||||
reduce: (&loginPolicyProjection{}).reduceLoginPolicyChanged,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -96,6 +98,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
"forceMFA": true,
|
||||
"hidePasswordReset": true,
|
||||
"ignoreUnknownUsernames": true,
|
||||
"allowDomainDiscovery": true,
|
||||
"passwordlessType": 1,
|
||||
"defaultRedirectURI": "https://example.com/redirect",
|
||||
"passwordCheckLifetime": 10000000,
|
||||
@@ -114,7 +117,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, hide_password_reset, ignore_unknown_usernames, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15) WHERE (aggregate_id = $16)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, hide_password_reset, ignore_unknown_usernames, allow_domain_discovery, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16) WHERE (aggregate_id = $17)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -125,6 +128,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
domain.PasswordlessTypeAllowed,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
"https://example.com/redirect",
|
||||
time.Millisecond * 10,
|
||||
time.Millisecond * 10,
|
||||
@@ -139,7 +143,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduceMFAAdded",
|
||||
name: "org reduceMFAAdded",
|
||||
reduce: (&loginPolicyProjection{}).reduceMFAAdded,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -158,7 +162,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, multi_factors) = ($1, $2, array_append(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, multi_factors) = ($1, $2, array_append(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -171,7 +175,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduceMFARemoved",
|
||||
name: "org reduceMFARemoved",
|
||||
reduce: (&loginPolicyProjection{}).reduceMFARemoved,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -190,7 +194,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, multi_factors) = ($1, $2, array_remove(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, multi_factors) = ($1, $2, array_remove(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -203,7 +207,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduceLoginPolicyRemoved",
|
||||
name: "org reduceLoginPolicyRemoved",
|
||||
reduce: (&loginPolicyProjection{}).reduceLoginPolicyRemoved,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -220,7 +224,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.login_policies WHERE (aggregate_id = $1)",
|
||||
expectedStmt: "DELETE FROM projections.login_policies2 WHERE (aggregate_id = $1)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
},
|
||||
@@ -230,7 +234,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduce2FAAdded",
|
||||
name: "org reduce2FAAdded",
|
||||
reduce: (&loginPolicyProjection{}).reduce2FAAdded,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -249,7 +253,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, second_factors) = ($1, $2, array_append(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, second_factors) = ($1, $2, array_append(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -262,7 +266,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "org.reduce2FARemoved",
|
||||
name: "org reduce2FARemoved",
|
||||
reduce: (&loginPolicyProjection{}).reduce2FARemoved,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -281,7 +285,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, second_factors) = ($1, $2, array_remove(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, second_factors) = ($1, $2, array_remove(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -294,7 +298,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduceLoginPolicyAdded",
|
||||
name: "instance reduceLoginPolicyAdded",
|
||||
reduce: (&loginPolicyProjection{}).reduceLoginPolicyAdded,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -307,6 +311,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
"forceMFA": false,
|
||||
"hidePasswordReset": true,
|
||||
"ignoreUnknownUsernames": true,
|
||||
"allowDomainDiscovery": true,
|
||||
"passwordlessType": 1,
|
||||
"defaultRedirectURI": "https://example.com/redirect",
|
||||
"passwordCheckLifetime": 10000000,
|
||||
@@ -325,7 +330,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.login_policies (aggregate_id, instance_id, creation_date, change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, is_default, hide_password_reset, ignore_unknown_usernames, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19)",
|
||||
expectedStmt: "INSERT INTO projections.login_policies2 (aggregate_id, instance_id, creation_date, change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, is_default, hide_password_reset, ignore_unknown_usernames, allow_domain_discovery, default_redirect_uri, password_check_lifetime, external_login_check_lifetime, mfa_init_skip_lifetime, second_factor_check_lifetime, multi_factor_check_lifetime) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -340,6 +345,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
"https://example.com/redirect",
|
||||
time.Millisecond * 10,
|
||||
time.Millisecond * 10,
|
||||
@@ -353,7 +359,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduceLoginPolicyChanged",
|
||||
name: "instance reduceLoginPolicyChanged",
|
||||
reduce: (&loginPolicyProjection{}).reduceLoginPolicyChanged,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -366,6 +372,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
"forceMFA": true,
|
||||
"hidePasswordReset": true,
|
||||
"ignoreUnknownUsernames": true,
|
||||
"allowDomainDiscovery": true,
|
||||
"passwordlessType": 1,
|
||||
"defaultRedirectURI": "https://example.com/redirect"
|
||||
}`),
|
||||
@@ -379,7 +386,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, hide_password_reset, ignore_unknown_usernames, default_redirect_uri) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) WHERE (aggregate_id = $11)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, allow_register, allow_username_password, allow_external_idps, force_mfa, passwordless_type, hide_password_reset, ignore_unknown_usernames, allow_domain_discovery, default_redirect_uri) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) WHERE (aggregate_id = $12)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -390,6 +397,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
domain.PasswordlessTypeAllowed,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
"https://example.com/redirect",
|
||||
"agg-id",
|
||||
},
|
||||
@@ -399,7 +407,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduceMFAAdded",
|
||||
name: "instance reduceMFAAdded",
|
||||
reduce: (&loginPolicyProjection{}).reduceMFAAdded,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -418,7 +426,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, multi_factors) = ($1, $2, array_append(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, multi_factors) = ($1, $2, array_append(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -431,7 +439,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduceMFARemoved",
|
||||
name: "instance reduceMFARemoved",
|
||||
reduce: (&loginPolicyProjection{}).reduceMFARemoved,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -450,7 +458,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, multi_factors) = ($1, $2, array_remove(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, multi_factors) = ($1, $2, array_remove(multi_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -463,7 +471,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduce2FAAdded",
|
||||
name: "instance reduce2FAAdded",
|
||||
reduce: (&loginPolicyProjection{}).reduce2FAAdded,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -482,7 +490,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, second_factors) = ($1, $2, array_append(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, second_factors) = ($1, $2, array_append(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -495,7 +503,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance.reduce2FARemoved",
|
||||
name: "instance reduce2FARemoved",
|
||||
reduce: (&loginPolicyProjection{}).reduce2FARemoved,
|
||||
args: args{
|
||||
event: getEvent(testEvent(
|
||||
@@ -514,7 +522,7 @@ func TestLoginPolicyProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.login_policies SET (change_date, sequence, second_factors) = ($1, $2, array_remove(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedStmt: "UPDATE projections.login_policies2 SET (change_date, sequence, second_factors) = ($1, $2, array_remove(second_factors, $3)) WHERE (aggregate_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
|
||||
Reference in New Issue
Block a user