fix: v2 human command (#3435)

* add/register human command done * validations * crypto * move clientid * keys * fix: clientID * remove v2 package * tests * tests running * revert old code * instance domain from ctx * chore: rename zitadel app ids * comments * fix: test
2025-12-01 14:54:55 +00:00 · 2022-04-12 16:20:17 +02:00
parent 4a0d61d75a
commit cea2567e22
97 changed files with 3524 additions and 2832 deletions
--- a/cmd/admin/start/encryption_keys.go
+++ b/cmd/admin/start/encryption_keys.go
@@ -32,26 +32,20 @@ type encryptionKeys struct {
 	OIDCKey            []byte
 }

-func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyStorage) (*encryptionKeys, error) {
-	keys, err := keyStorage.ReadKeys()
+func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyStorage) (keys *encryptionKeys, err error) {
+	if err := verifyDefaultKeys(keyStorage); err != nil {
+		return nil, err
+	}
+	keys = new(encryptionKeys)
+	keys.DomainVerification, err = crypto.NewAESCrypto(keyConfig.DomainVerification, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	if len(keys) == 0 {
-		if err := createDefaultKeys(keyStorage); err != nil {
-			return nil, err
-		}
-	}
-	encryptionKeys := new(encryptionKeys)
-	encryptionKeys.DomainVerification, err = crypto.NewAESCrypto(keyConfig.DomainVerification, keyStorage)
+	keys.IDPConfig, err = crypto.NewAESCrypto(keyConfig.IDPConfig, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.IDPConfig, err = crypto.NewAESCrypto(keyConfig.IDPConfig, keyStorage)
-	if err != nil {
-		return nil, err
-	}
-	encryptionKeys.OIDC, err = crypto.NewAESCrypto(keyConfig.OIDC, keyStorage)
+	keys.OIDC, err = crypto.NewAESCrypto(keyConfig.OIDC, keyStorage)
 	if err != nil {
 		return nil, err
 	}
@@ -59,20 +53,20 @@ func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyS
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.OIDCKey = []byte(key)
-	encryptionKeys.OTP, err = crypto.NewAESCrypto(keyConfig.OTP, keyStorage)
+	keys.OIDCKey = []byte(key)
+	keys.OTP, err = crypto.NewAESCrypto(keyConfig.OTP, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.SMS, err = crypto.NewAESCrypto(keyConfig.SMS, keyStorage)
+	keys.SMS, err = crypto.NewAESCrypto(keyConfig.SMS, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.SMTP, err = crypto.NewAESCrypto(keyConfig.SMTP, keyStorage)
+	keys.SMTP, err = crypto.NewAESCrypto(keyConfig.SMTP, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.User, err = crypto.NewAESCrypto(keyConfig.User, keyStorage)
+	keys.User, err = crypto.NewAESCrypto(keyConfig.User, keyStorage)
 	if err != nil {
 		return nil, err
 	}
@@ -80,23 +74,30 @@ func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyS
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.CSRFCookieKey = []byte(key)
+	keys.CSRFCookieKey = []byte(key)
 	key, err = crypto.LoadKey(keyConfig.UserAgentCookieKeyID, keyStorage)
 	if err != nil {
 		return nil, err
 	}
-	encryptionKeys.UserAgentCookieKey = []byte(key)
-	return encryptionKeys, nil
+	keys.UserAgentCookieKey = []byte(key)
+	return keys, nil
 }

-func createDefaultKeys(keyStorage crypto.KeyStorage) error {
-	keys := make([]*crypto.Key, len(defaultKeyIDs))
-	for i, keyID := range defaultKeyIDs {
+func verifyDefaultKeys(keyStorage crypto.KeyStorage) (err error) {
+	keys := make([]*crypto.Key, 0, len(defaultKeyIDs))
+	for _, keyID := range defaultKeyIDs {
+		_, err := crypto.LoadKey(keyID, keyStorage)
+		if err == nil {
+			continue
+		}
 		key, err := crypto.NewKey(keyID)
 		if err != nil {
 			return err
 		}
-		keys[i] = key
+		keys = append(keys, key)
+	}
+	if len(keys) == 0 {
+		return nil
 	}
 	if err := keyStorage.CreateKeys(keys...); err != nil {
 		return caos_errs.ThrowInternal(err, "START-aGBq2", "cannot create default keys")
--- a/cmd/admin/start/start.go
+++ b/cmd/admin/start/start.go
@@ -21,7 +21,6 @@ import (
 	"golang.org/x/net/http2/h2c"

 	"github.com/caos/zitadel/cmd/admin/key"
-
 	admin_es "github.com/caos/zitadel/internal/admin/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/api"
 	"github.com/caos/zitadel/internal/api/assets"
@@ -118,7 +117,7 @@ func startZitadel(config *Config, masterKey string) error {
 		Origin:      http_util.BuildHTTP(config.ExternalDomain, config.ExternalPort, config.ExternalSecure),
 		DisplayName: "ZITADEL",
 	}
-	commands, err := command.StartCommands(eventstoreClient, config.SystemDefaults, config.InternalAuthZ, storage, authZRepo, webAuthNConfig, keys.IDPConfig, keys.OTP, keys.SMTP, keys.SMS, keys.DomainVerification, keys.OIDC)
+	commands, err := command.StartCommands(eventstoreClient, config.SystemDefaults, config.InternalAuthZ, storage, authZRepo, webAuthNConfig, keys.IDPConfig, keys.OTP, keys.SMTP, keys.SMS, keys.User, keys.DomainVerification, keys.OIDC)
 	if err != nil {
 		return fmt.Errorf("cannot start commands: %w", err)
 	}
--- a/cmd/admin/start/start_from_init.go
+++ b/cmd/admin/start/start_from_init.go
@@ -3,6 +3,7 @@ package start
 import (
 	"github.com/caos/logging"
 	"github.com/caos/zitadel/cmd/admin/initialise"
+	"github.com/caos/zitadel/cmd/admin/key"
 	"github.com/caos/zitadel/cmd/admin/setup"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -20,16 +21,18 @@ Last ZITADEL starts.
 Requirements:
 - cockroachdb`,
 		Run: func(cmd *cobra.Command, args []string) {
+			masterKey, err := key.MasterKey(cmd)
+			logging.OnError(err).Panic("No master key provided")
+
 			initialise.InitAll(initialise.MustNewConfig(viper.GetViper()))

 			setupConfig := setup.MustNewConfig(viper.GetViper())
 			setupSteps := setup.MustNewSteps(viper.New())
-			setup.Setup(setupConfig, setupSteps)
+			setup.Setup(setupConfig, setupSteps, masterKey)

 			startConfig := MustNewConfig(viper.GetViper())
-			startMasterKey, _ := cmd.Flags().GetString(flagMasterKey)

-			err := startZitadel(startConfig, startMasterKey)
+			err = startZitadel(startConfig, masterKey)
 			logging.OnError(err).Fatal("unable to start zitadel")
 		},
 	}