chore: move the go code into a subfolder

2025-08-23 09:48:04 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/idp/providers/ldap/ldap.go
+++ b/apps/api/internal/idp/providers/ldap/ldap.go
@@ -0,0 +1,290 @@
+package ldap
+
+import (
+	"context"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/idp"
+)
+
+const DefaultPort = "389"
+
+var _ idp.Provider = (*Provider)(nil)
+
+// Provider is the [idp.Provider] implementation for a generic LDAP provider
+type Provider struct {
+	name              string
+	servers           []string
+	startTLS          bool
+	baseDN            string
+	bindDN            string
+	bindPassword      string
+	userBase          string
+	userObjectClasses []string
+	userFilters       []string
+	timeout           time.Duration
+	rootCA            []byte
+
+	loginUrl string
+
+	isLinkingAllowed  bool
+	isCreationAllowed bool
+	isAutoCreation    bool
+	isAutoUpdate      bool
+
+	idAttribute                string
+	firstNameAttribute         string
+	lastNameAttribute          string
+	displayNameAttribute       string
+	nickNameAttribute          string
+	preferredUsernameAttribute string
+	emailAttribute             string
+	emailVerifiedAttribute     string
+	phoneAttribute             string
+	phoneVerifiedAttribute     string
+	preferredLanguageAttribute string
+	avatarURLAttribute         string
+	profileAttribute           string
+}
+
+type ProviderOpts func(provider *Provider)
+
+// WithLinkingAllowed allows end users to link the federated user to an existing one.
+func WithLinkingAllowed() ProviderOpts {
+	return func(p *Provider) {
+		p.isLinkingAllowed = true
+	}
+}
+
+// WithCreationAllowed allows end users to create a new user using the federated information.
+func WithCreationAllowed() ProviderOpts {
+	return func(p *Provider) {
+		p.isCreationAllowed = true
+	}
+}
+
+// WithAutoCreation enables that federated users are automatically created if not already existing.
+func WithAutoCreation() ProviderOpts {
+	return func(p *Provider) {
+		p.isAutoCreation = true
+	}
+}
+
+// WithAutoUpdate enables that information retrieved from the provider is automatically used to update
+// the existing user on each authentication.
+func WithAutoUpdate() ProviderOpts {
+	return func(p *Provider) {
+		p.isAutoUpdate = true
+	}
+}
+
+// WithoutStartTLS configures to communication insecure with the LDAP server without startTLS
+func WithoutStartTLS() ProviderOpts {
+	return func(p *Provider) {
+		p.startTLS = false
+	}
+}
+
+// WithCustomIDAttribute configures to map the LDAP attribute to the user, default is the uniqueUserAttribute
+func WithCustomIDAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.idAttribute = name
+	}
+}
+
+// WithFirstNameAttribute configures to map the LDAP attribute to the user
+func WithFirstNameAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.firstNameAttribute = name
+	}
+}
+
+// WithLastNameAttribute configures to map the LDAP attribute to the user
+func WithLastNameAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.lastNameAttribute = name
+	}
+}
+
+// WithDisplayNameAttribute configures to map the LDAP attribute to the user
+func WithDisplayNameAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.displayNameAttribute = name
+	}
+}
+
+// WithNickNameAttribute configures to map the LDAP attribute to the user
+func WithNickNameAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.nickNameAttribute = name
+	}
+}
+
+// WithPreferredUsernameAttribute configures to map the LDAP attribute to the user
+func WithPreferredUsernameAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.preferredUsernameAttribute = name
+	}
+}
+
+// WithEmailAttribute configures to map the LDAP attribute to the user
+func WithEmailAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.emailAttribute = name
+	}
+}
+
+// WithEmailVerifiedAttribute configures to map the LDAP attribute to the user
+func WithEmailVerifiedAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.emailVerifiedAttribute = name
+	}
+}
+
+// WithPhoneAttribute configures to map the LDAP attribute to the user
+func WithPhoneAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.phoneAttribute = name
+	}
+}
+
+// WithPhoneVerifiedAttribute configures to map the LDAP attribute to the user
+func WithPhoneVerifiedAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.phoneVerifiedAttribute = name
+	}
+}
+
+// WithPreferredLanguageAttribute configures to map the LDAP attribute to the user
+func WithPreferredLanguageAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.preferredLanguageAttribute = name
+	}
+}
+
+// WithAvatarURLAttribute configures to map the LDAP attribute to the user
+func WithAvatarURLAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.avatarURLAttribute = name
+	}
+}
+
+// WithProfileAttribute configures to map the LDAP attribute to the user
+func WithProfileAttribute(name string) ProviderOpts {
+	return func(p *Provider) {
+		p.profileAttribute = name
+	}
+}
+
+func New(
+	name string,
+	servers []string,
+	baseDN string,
+	bindDN string,
+	bindPassword string,
+	userBase string,
+	userObjectClasses []string,
+	userFilters []string,
+	timeout time.Duration,
+	rootCA []byte,
+	loginUrl string,
+	options ...ProviderOpts,
+) *Provider {
+	provider := &Provider{
+		name:              name,
+		servers:           servers,
+		startTLS:          true,
+		baseDN:            baseDN,
+		bindDN:            bindDN,
+		bindPassword:      bindPassword,
+		userBase:          userBase,
+		userObjectClasses: userObjectClasses,
+		userFilters:       userFilters,
+		timeout:           timeout,
+		rootCA:            rootCA,
+		loginUrl:          loginUrl,
+	}
+	for _, option := range options {
+		option(provider)
+	}
+	return provider
+}
+
+func (p *Provider) Name() string {
+	return p.name
+}
+
+func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...idp.Parameter) (idp.Session, error) {
+	return &Session{
+		Provider: p,
+		loginUrl: p.loginUrl + state,
+	}, nil
+}
+
+func (p *Provider) GetSession(username, password string) *Session {
+	return &Session{
+		Provider: p,
+		User:     username,
+		Password: password,
+	}
+}
+
+func (p *Provider) IsLinkingAllowed() bool {
+	return p.isLinkingAllowed
+}
+
+func (p *Provider) IsCreationAllowed() bool {
+	return p.isCreationAllowed
+}
+
+func (p *Provider) IsAutoCreation() bool {
+	return p.isAutoCreation
+}
+
+func (p *Provider) IsAutoUpdate() bool {
+	return p.isAutoUpdate
+}
+
+func (p *Provider) getNecessaryAttributes() []string {
+	attributes := []string{p.userBase}
+	if p.idAttribute != "" {
+		attributes = append(attributes, p.idAttribute)
+	}
+	if p.firstNameAttribute != "" {
+		attributes = append(attributes, p.firstNameAttribute)
+	}
+	if p.lastNameAttribute != "" {
+		attributes = append(attributes, p.lastNameAttribute)
+	}
+	if p.displayNameAttribute != "" {
+		attributes = append(attributes, p.displayNameAttribute)
+	}
+	if p.nickNameAttribute != "" {
+		attributes = append(attributes, p.nickNameAttribute)
+	}
+	if p.preferredUsernameAttribute != "" {
+		attributes = append(attributes, p.preferredUsernameAttribute)
+	}
+	if p.emailAttribute != "" {
+		attributes = append(attributes, p.emailAttribute)
+	}
+	if p.emailVerifiedAttribute != "" {
+		attributes = append(attributes, p.emailVerifiedAttribute)
+	}
+	if p.phoneAttribute != "" {
+		attributes = append(attributes, p.phoneAttribute)
+	}
+	if p.phoneVerifiedAttribute != "" {
+		attributes = append(attributes, p.phoneVerifiedAttribute)
+	}
+	if p.preferredLanguageAttribute != "" {
+		attributes = append(attributes, p.preferredLanguageAttribute)
+	}
+	if p.avatarURLAttribute != "" {
+		attributes = append(attributes, p.avatarURLAttribute)
+	}
+	if p.profileAttribute != "" {
+		attributes = append(attributes, p.profileAttribute)
+	}
+	return attributes
+}