feat(actions): local users (#5089)

Actions are extended to to local users. It's possible to run custom code during registration and authentication of local users.

internal/actions/object/auth_request.go

@@ -0,0 +1,122 @@
+package object
+
+import (
+	"net"
+	"time"
+
+	"github.com/dop251/goja"
+
+	"github.com/zitadel/zitadel/internal/actions"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+// AuthRequestField accepts the domain.AuthRequest by value, so its not mutated
+func AuthRequestField(authRequest *domain.AuthRequest) func(c *actions.FieldConfig) interface{} {
+	return func(c *actions.FieldConfig) interface{} {
+		return AuthRequestFromDomain(c, authRequest)
+	}
+}
+
+func AuthRequestFromDomain(c *actions.FieldConfig, request *domain.AuthRequest) goja.Value {
+	return c.Runtime.ToValue(&authRequest{
+		Id:           request.ID,
+		AgentId:      request.AgentID,
+		CreationDate: request.CreationDate,
+		ChangeDate:   request.ChangeDate,
+		BrowserInfo: &browserInfo{
+			UserAgent:      request.BrowserInfo.UserAgent,
+			AcceptLanguage: request.BrowserInfo.AcceptLanguage,
+			RemoteIp:       request.BrowserInfo.RemoteIP,
+		},
+		ApplicationId:            request.ApplicationID,
+		CallbackUri:              request.CallbackURI,
+		TransferState:            request.TransferState,
+		Prompt:                   request.Prompt,
+		UiLocales:                request.UiLocales,
+		LoginHint:                request.LoginHint,
+		MaxAuthAge:               request.MaxAuthAge,
+		InstanceId:               request.InstanceID,
+		Request:                  requestFromDomain(request.Request),
+		UserId:                   request.UserID,
+		UserName:                 request.UserName,
+		LoginName:                request.LoginName,
+		DisplayName:              request.DisplayName,
+		ResourceOwner:            request.UserOrgID,
+		RequestedOrgId:           request.RequestedOrgID,
+		RequestedOrgName:         request.RequestedOrgName,
+		RequestedPrimaryDomain:   request.RequestedPrimaryDomain,
+		RequestedOrgDomain:       request.RequestedOrgDomain,
+		ApplicationResourceOwner: request.ApplicationResourceOwner,
+		PrivateLabelingSetting:   request.PrivateLabelingSetting,
+		SelectedIdpConfigId:      request.SelectedIDPConfigID,
+		LinkingUsers:             externalUsersFromDomain(request.LinkingUsers),
+		PasswordVerified:         request.PasswordVerified,
+		MfasVerified:             request.MFAsVerified,
+		Audience:                 request.Audience,
+		AuthTime:                 request.AuthTime,
+	})
+}
+
+type authRequest struct {
+	Id            string
+	AgentId       string
+	CreationDate  time.Time
+	ChangeDate    time.Time
+	BrowserInfo   *browserInfo
+	ApplicationId string
+	CallbackUri   string
+	TransferState string
+	Prompt        []domain.Prompt
+	UiLocales     []string
+	LoginHint     string
+	MaxAuthAge    *time.Duration
+	InstanceId    string
+	Request       *request
+	UserId        string
+	UserName      string
+	LoginName     string
+	DisplayName   string
+	// UserOrgID string
+	ResourceOwner string
+	// requested by scope
+	RequestedOrgId string
+	// requested by scope
+	RequestedOrgName string
+	// requested by scope
+	RequestedPrimaryDomain string
+	// requested by scope
+	RequestedOrgDomain bool
+	// client
+	ApplicationResourceOwner string
+	PrivateLabelingSetting   domain.PrivateLabelingSetting
+	SelectedIdpConfigId      string
+	LinkingUsers             []*externalUser
+	PasswordVerified         bool
+	MfasVerified             []domain.MFAType
+	Audience                 []string
+	AuthTime                 time.Time
+}
+
+func requestFromDomain(req domain.Request) *request {
+	r := new(request)
+
+	if oidcRequest, ok := req.(*domain.AuthRequestOIDC); ok {
+		r.Oidc = OIDCRequest{Scopes: oidcRequest.Scopes}
+	}
+
+	return r
+}
+
+type request struct {
+	Oidc OIDCRequest
+}
+
+type OIDCRequest struct {
+	Scopes []string
+}
+
+type browserInfo struct {
+	UserAgent      string
+	AcceptLanguage string
+	RemoteIp       net.IP
+}