fix: move v2 pkgs (#1331)

* fix: move eventstore pkgs * fix: move eventstore pkgs * fix: remove v2 view * fix: remove v2 view
2025-08-11 19:07:30 +00:00 · 2021-02-23 15:13:04 +01:00
parent 57b277bc7c
commit d8e42744b4
797 changed files with 2116 additions and 2224 deletions
--- a/internal/command/project_application_oidc.go
+++ b/internal/command/project_application_oidc.go
@@ -0,0 +1,202 @@
+package command
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/logging"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/repository/project"
+	"github.com/caos/zitadel/internal/telemetry/tracing"
+)
+
+func (r *CommandSide) AddOIDCApplication(ctx context.Context, application *domain.OIDCApp, resourceOwner string) (_ *domain.OIDCApp, err error) {
+	project, err := r.getProjectByID(ctx, application.AggregateID, resourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	addedApplication := NewOIDCApplicationWriteModel(application.AggregateID, resourceOwner)
+	projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
+	events, stringPw, err := r.addOIDCApplication(ctx, projectAgg, project, application, resourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	addedApplication.AppID = application.AppID
+	pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(addedApplication, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	result := oidcWriteModelToOIDCConfig(addedApplication)
+	result.ClientSecretString = stringPw
+	result.FillCompliance()
+	return result, nil
+}
+
+func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, oidcApp *domain.OIDCApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) {
+	if !oidcApp.IsValid() {
+		return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid")
+	}
+	oidcApp.AppID, err = r.idGenerator.Next()
+	if err != nil {
+		return nil, "", err
+	}
+
+	events = []eventstore.EventPusher{
+		project.NewApplicationAddedEvent(ctx, projectAgg, oidcApp.AppID, oidcApp.AppName, resourceOwner),
+	}
+
+	var stringPw string
+	err = domain.SetNewClientID(oidcApp, r.idGenerator, proj)
+	if err != nil {
+		return nil, "", err
+	}
+	stringPw, err = domain.SetNewClientSecretIfNeeded(oidcApp, r.applicationSecretGenerator)
+	if err != nil {
+		return nil, "", err
+	}
+	events = append(events, project.NewOIDCConfigAddedEvent(ctx,
+		projectAgg,
+		oidcApp.OIDCVersion,
+		oidcApp.AppID,
+		oidcApp.ClientID,
+		oidcApp.ClientSecret,
+		oidcApp.RedirectUris,
+		oidcApp.ResponseTypes,
+		oidcApp.GrantTypes,
+		oidcApp.ApplicationType,
+		oidcApp.AuthMethodType,
+		oidcApp.PostLogoutRedirectUris,
+		oidcApp.DevMode,
+		oidcApp.AccessTokenType,
+		oidcApp.AccessTokenRoleAssertion,
+		oidcApp.IDTokenRoleAssertion,
+		oidcApp.IDTokenUserinfoAssertion,
+		oidcApp.ClockSkew))
+
+	return events, stringPw, nil
+}
+
+func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
+	if !oidc.IsValid() {
+		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m900", "Errors.Project.App.OIDCConfigInvalid")
+	}
+
+	existingOIDC, err := r.getOIDCAppWriteModel(ctx, oidc.AggregateID, oidc.AppID, resourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
+		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
+	}
+	projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
+	changedEvent, hasChanged, err := existingOIDC.NewChangedEvent(
+		ctx,
+		projectAgg,
+		oidc.AppID,
+		oidc.RedirectUris,
+		oidc.PostLogoutRedirectUris,
+		oidc.ResponseTypes,
+		oidc.GrantTypes,
+		oidc.ApplicationType,
+		oidc.AuthMethodType,
+		oidc.OIDCVersion,
+		oidc.AccessTokenType,
+		oidc.DevMode,
+		oidc.AccessTokenRoleAssertion,
+		oidc.IDTokenRoleAssertion,
+		oidc.IDTokenUserinfoAssertion,
+		oidc.ClockSkew)
+	if err != nil {
+		return nil, err
+	}
+	if !hasChanged {
+		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
+	}
+
+	pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(existingOIDC, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+
+	result := oidcWriteModelToOIDCConfig(existingOIDC)
+	result.FillCompliance()
+	return result, nil
+}
+
+func (r *CommandSide) ChangeOIDCApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string) (*domain.OIDCApp, error) {
+	if projectID == "" || appID == "" {
+		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-99i83", "Errors.IDMissing")
+	}
+
+	existingOIDC, err := r.getOIDCAppWriteModel(ctx, projectID, appID, resourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
+		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
+	}
+	cryptoSecret, stringPW, err := domain.NewClientSecret(r.applicationSecretGenerator)
+	if err != nil {
+		return nil, err
+	}
+
+	projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
+
+	pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(existingOIDC, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+
+	result := oidcWriteModelToOIDCConfig(existingOIDC)
+	result.ClientSecretString = stringPW
+	return result, err
+}
+
+func (r *CommandSide) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, secret string) error {
+	app, err := r.getOIDCAppWriteModel(ctx, projectID, appID, "")
+	if err != nil {
+		return err
+	}
+	if !app.State.Exists() {
+		return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NoExisting")
+	}
+	if app.ClientSecret == nil {
+		return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid")
+	}
+
+	projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel)
+	ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash")
+	err = crypto.CompareHash(app.ClientSecret, []byte(secret), r.userPasswordAlg)
+	spanPasswordComparison.EndWithError(err)
+	if err == nil {
+		_, err = r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckSucceededEvent(ctx, projectAgg, app.AppID))
+		return err
+	}
+	_, err = r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID))
+	logging.Log("COMMAND-ADfhz").OnError(err).Error("could not push event OIDCClientSecretCheckFailed")
+	return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.OIDCSecretInvalid")
+}
+
+func (r *CommandSide) getOIDCAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*OIDCApplicationWriteModel, error) {
+	appWriteModel := NewOIDCApplicationWriteModelWithAppID(projectID, appID, resourceOwner)
+	err := r.eventstore.FilterToQueryReducer(ctx, appWriteModel)
+	if err != nil {
+		return nil, err
+	}
+	return appWriteModel, nil
+}