fix: move v2 pkgs (#1331)

* fix: move eventstore pkgs

* fix: move eventstore pkgs

* fix: remove v2 view

* fix: remove v2 view

internal/repository/user/aggregate.go

@@ -0,0 +1,14 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+)
+
+const (
+	AggregateType    = "user"
+	AggregateVersion = "v2"
+)
+
+type Aggregate struct {
+	eventstore.Aggregate
+}

internal/repository/user/auth_request_info.go

@@ -0,0 +1,16 @@
+package user
+
+import "net"
+
+type AuthRequestInfo struct {
+	ID                  string `json:"id,omitempty"`
+	UserAgentID         string `json:"userAgentID,omitempty"`
+	SelectedIDPConfigID string `json:"selectedIDPConfigID,omitempty"`
+	*BrowserInfo
+}
+
+type BrowserInfo struct {
+	UserAgent      string `json:"userAgent,omitempty"`
+	AcceptLanguage string `json:"acceptLanguage,omitempty"`
+	RemoteIP       net.IP `json:"remoteIP,omitempty"`
+}

internal/repository/user/eventstore.go

@@ -0,0 +1,101 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+)
+
+func RegisterEventMappers(es *eventstore.Eventstore) {
+	es.RegisterFilterEventMapper(UserV1AddedType, HumanAddedEventMapper).
+		RegisterFilterEventMapper(UserV1RegisteredType, HumanRegisteredEventMapper).
+		RegisterFilterEventMapper(UserV1InitialCodeAddedType, HumanInitialCodeAddedEventMapper).
+		RegisterFilterEventMapper(UserV1InitialCodeSentType, HumanInitialCodeSentEventMapper).
+		RegisterFilterEventMapper(UserV1InitializedCheckSucceededType, HumanInitializedCheckSucceededEventMapper).
+		RegisterFilterEventMapper(UserV1InitializedCheckFailedType, HumanInitializedCheckFailedEventMapper).
+		RegisterFilterEventMapper(UserV1SignedOutType, HumanSignedOutEventMapper).
+		RegisterFilterEventMapper(UserV1PasswordChangedType, HumanPasswordChangedEventMapper).
+		RegisterFilterEventMapper(UserV1PasswordCodeAddedType, HumanPasswordCodeAddedEventMapper).
+		RegisterFilterEventMapper(UserV1PasswordCodeSentType, HumanPasswordCodeSentEventMapper).
+		RegisterFilterEventMapper(UserV1PasswordCheckSucceededType, HumanPasswordCheckSucceededEventMapper).
+		RegisterFilterEventMapper(UserV1PasswordCheckFailedType, HumanPasswordCheckFailedEventMapper).
+		RegisterFilterEventMapper(UserV1EmailChangedType, HumanEmailChangedEventMapper).
+		RegisterFilterEventMapper(UserV1EmailVerifiedType, HumanEmailVerifiedEventMapper).
+		RegisterFilterEventMapper(UserV1EmailVerificationFailedType, HumanEmailVerificationFailedEventMapper).
+		RegisterFilterEventMapper(UserV1EmailCodeAddedType, HumanEmailCodeAddedEventMapper).
+		RegisterFilterEventMapper(UserV1EmailCodeSentType, HumanEmailCodeSentEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneChangedType, HumanPhoneChangedEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneRemovedType, HumanPhoneRemovedEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneVerifiedType, HumanPhoneVerifiedEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneVerificationFailedType, HumanPhoneVerificationFailedEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneCodeAddedType, HumanPhoneCodeAddedEventMapper).
+		RegisterFilterEventMapper(UserV1PhoneCodeSentType, HumanPhoneCodeSentEventMapper).
+		RegisterFilterEventMapper(UserV1ProfileChangedType, HumanProfileChangedEventMapper).
+		RegisterFilterEventMapper(UserV1AddressChangedType, HumanAddressChangedEventMapper).
+		RegisterFilterEventMapper(UserV1MFAInitSkippedType, HumanMFAInitSkippedEventMapper).
+		RegisterFilterEventMapper(UserV1MFAOTPAddedType, HumanOTPAddedEventMapper).
+		RegisterFilterEventMapper(UserV1MFAOTPVerifiedType, HumanOTPVerifiedEventMapper).
+		RegisterFilterEventMapper(UserV1MFAOTPRemovedType, HumanOTPRemovedEventMapper).
+		RegisterFilterEventMapper(UserV1MFAOTPCheckSucceededType, HumanOTPCheckSucceededEventMapper).
+		RegisterFilterEventMapper(UserV1MFAOTPCheckFailedType, HumanOTPCheckFailedEventMapper).
+		RegisterFilterEventMapper(UserLockedType, UserLockedEventMapper).
+		RegisterFilterEventMapper(UserUnlockedType, UserUnlockedEventMapper).
+		RegisterFilterEventMapper(UserDeactivatedType, UserDeactivatedEventMapper).
+		RegisterFilterEventMapper(UserReactivatedType, UserReactivatedEventMapper).
+		RegisterFilterEventMapper(UserRemovedType, UserRemovedEventMapper).
+		RegisterFilterEventMapper(UserTokenAddedType, UserTokenAddedEventMapper).
+		RegisterFilterEventMapper(UserDomainClaimedType, DomainClaimedEventMapper).
+		RegisterFilterEventMapper(UserDomainClaimedSentType, DomainClaimedSentEventMapper).
+		RegisterFilterEventMapper(UserUserNameChangedType, UsernameChangedEventMapper).
+		RegisterFilterEventMapper(HumanAddedType, HumanAddedEventMapper).
+		RegisterFilterEventMapper(HumanRegisteredType, HumanRegisteredEventMapper).
+		RegisterFilterEventMapper(HumanInitialCodeAddedType, HumanInitialCodeAddedEventMapper).
+		RegisterFilterEventMapper(HumanInitialCodeSentType, HumanInitialCodeSentEventMapper).
+		RegisterFilterEventMapper(HumanInitializedCheckSucceededType, HumanInitializedCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanInitializedCheckFailedType, HumanInitializedCheckFailedEventMapper).
+		RegisterFilterEventMapper(HumanSignedOutType, HumanSignedOutEventMapper).
+		RegisterFilterEventMapper(HumanPasswordChangedType, HumanPasswordChangedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordCodeAddedType, HumanPasswordCodeAddedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordCodeSentType, HumanPasswordCodeSentEventMapper).
+		RegisterFilterEventMapper(HumanPasswordCheckSucceededType, HumanPasswordCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanPasswordCheckFailedType, HumanPasswordCheckFailedEventMapper).
+		RegisterFilterEventMapper(HumanExternalIDPAddedType, HumanExternalIDPAddedEventMapper).
+		RegisterFilterEventMapper(HumanExternalIDPRemovedType, HumanExternalIDPRemovedEventMapper).
+		RegisterFilterEventMapper(HumanExternalIDPCascadeRemovedType, HumanExternalIDPCascadeRemovedEventMapper).
+		RegisterFilterEventMapper(HumanExternalLoginCheckSucceededType, HumanExternalIDPCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanEmailChangedType, HumanEmailChangedEventMapper).
+		RegisterFilterEventMapper(HumanEmailVerifiedType, HumanEmailVerifiedEventMapper).
+		RegisterFilterEventMapper(HumanEmailVerificationFailedType, HumanEmailVerificationFailedEventMapper).
+		RegisterFilterEventMapper(HumanEmailCodeAddedType, HumanEmailCodeAddedEventMapper).
+		RegisterFilterEventMapper(HumanEmailCodeSentType, HumanEmailCodeSentEventMapper).
+		RegisterFilterEventMapper(HumanPhoneChangedType, HumanPhoneChangedEventMapper).
+		RegisterFilterEventMapper(HumanPhoneRemovedType, HumanPhoneRemovedEventMapper).
+		RegisterFilterEventMapper(HumanPhoneVerifiedType, HumanPhoneVerifiedEventMapper).
+		RegisterFilterEventMapper(HumanPhoneVerificationFailedType, HumanPhoneVerificationFailedEventMapper).
+		RegisterFilterEventMapper(HumanPhoneCodeAddedType, HumanPhoneCodeAddedEventMapper).
+		RegisterFilterEventMapper(HumanPhoneCodeSentType, HumanPhoneCodeSentEventMapper).
+		RegisterFilterEventMapper(HumanProfileChangedType, HumanProfileChangedEventMapper).
+		RegisterFilterEventMapper(HumanAddressChangedType, HumanAddressChangedEventMapper).
+		RegisterFilterEventMapper(HumanMFAInitSkippedType, HumanMFAInitSkippedEventMapper).
+		RegisterFilterEventMapper(HumanMFAOTPAddedType, HumanOTPAddedEventMapper).
+		RegisterFilterEventMapper(HumanMFAOTPVerifiedType, HumanOTPVerifiedEventMapper).
+		RegisterFilterEventMapper(HumanMFAOTPRemovedType, HumanOTPRemovedEventMapper).
+		RegisterFilterEventMapper(HumanMFAOTPCheckSucceededType, HumanOTPCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanMFAOTPCheckFailedType, HumanOTPCheckFailedEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenAddedType, HumanU2FAddedEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenVerifiedType, HumanU2FVerifiedEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenSignCountChangedType, HumanU2FSignCountChangedEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenRemovedType, HumanU2FRemovedEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenBeginLoginType, HumanU2FBeginLoginEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenCheckSucceededType, HumanU2FCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanU2FTokenCheckFailedType, HumanU2FCheckFailedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenAddedType, HumanPasswordlessAddedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenVerifiedType, HumanPasswordlessVerifiedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenSignCountChangedType, HumanPasswordlessSignCountChangedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenRemovedType, HumanPasswordlessRemovedEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenBeginLoginType, HumanPasswordlessBeginLoginEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenCheckSucceededType, HumanPasswordlessCheckSucceededEventMapper).
+		RegisterFilterEventMapper(HumanPasswordlessTokenCheckFailedType, HumanPasswordlessCheckFailedEventMapper).
+		RegisterFilterEventMapper(MachineAddedEventType, MachineAddedEventMapper).
+		RegisterFilterEventMapper(MachineChangedEventType, MachineChangedEventMapper).
+		RegisterFilterEventMapper(MachineKeyAddedEventType, MachineKeyAddedEventMapper).
+		RegisterFilterEventMapper(MachineKeyRemovedEventType, MachineKeyRemovedEventMapper)
+}

internal/repository/user/human.go

@@ -0,0 +1,401 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"golang.org/x/text/language"
+)
+
+const (
+	humanEventPrefix                   = userEventTypePrefix + "human."
+	HumanAddedType                     = humanEventPrefix + "added"
+	HumanRegisteredType                = humanEventPrefix + "selfregistered"
+	HumanInitialCodeAddedType          = humanEventPrefix + "initialization.code.added"
+	HumanInitialCodeSentType           = humanEventPrefix + "initialization.code.sent"
+	HumanInitializedCheckSucceededType = humanEventPrefix + "initialization.check.succeeded"
+	HumanInitializedCheckFailedType    = humanEventPrefix + "initialization.check.failed"
+	HumanSignedOutType                 = humanEventPrefix + "signed.out"
+)
+
+type HumanAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName              string `json:"userName"`
+	userLoginMustBeDomain bool
+
+	FirstName         string        `json:"firstName,omitempty"`
+	LastName          string        `json:"lastName,omitempty"`
+	NickName          string        `json:"nickName,omitempty"`
+	DisplayName       string        `json:"displayName,omitempty"`
+	PreferredLanguage language.Tag  `json:"preferredLanguage,omitempty"`
+	Gender            domain.Gender `json:"gender,omitempty"`
+
+	EmailAddress string `json:"email,omitempty"`
+
+	PhoneNumber string `json:"phone,omitempty"`
+
+	Country       string `json:"country,omitempty"`
+	Locality      string `json:"locality,omitempty"`
+	PostalCode    string `json:"postalCode,omitempty"`
+	Region        string `json:"region,omitempty"`
+	StreetAddress string `json:"streetAddress,omitempty"`
+
+	Secret         *crypto.CryptoValue `json:"secret,omitempty"`
+	ChangeRequired bool                `json:"changeRequired,omitempty"`
+}
+
+func (e *HumanAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain)}
+}
+
+func (e *HumanAddedEvent) AddAddressData(
+	country,
+	locality,
+	postalCode,
+	region,
+	streetAddress string,
+) {
+	e.Country = country
+	e.Locality = locality
+	e.PostalCode = postalCode
+	e.Region = region
+	e.StreetAddress = streetAddress
+}
+
+func (e *HumanAddedEvent) AddPhoneData(
+	phoneNumber string,
+) {
+	e.PhoneNumber = phoneNumber
+}
+
+func (e *HumanAddedEvent) AddPasswordData(
+	secret *crypto.CryptoValue,
+	changeRequired bool,
+) {
+	e.Secret = secret
+	e.ChangeRequired = changeRequired
+}
+
+func NewHumanAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+
+	userName,
+	firstName,
+	lastName,
+	nickName,
+	displayName string,
+	preferredLanguage language.Tag,
+	gender domain.Gender,
+	emailAddress string,
+	userLoginMustBeDomain bool,
+) *HumanAddedEvent {
+	return &HumanAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanAddedType,
+		),
+		UserName:              userName,
+		FirstName:             firstName,
+		LastName:              lastName,
+		NickName:              nickName,
+		DisplayName:           displayName,
+		PreferredLanguage:     preferredLanguage,
+		Gender:                gender,
+		EmailAddress:          emailAddress,
+		userLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func HumanAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanAdded := &HumanAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5Gm9s", "unable to unmarshal human added")
+	}
+
+	return humanAdded, nil
+}
+
+type HumanRegisteredEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName              string `json:"userName"`
+	userLoginMustBeDomain bool
+
+	FirstName         string        `json:"firstName,omitempty"`
+	LastName          string        `json:"lastName,omitempty"`
+	NickName          string        `json:"nickName,omitempty"`
+	DisplayName       string        `json:"displayName,omitempty"`
+	PreferredLanguage language.Tag  `json:"preferredLanguage,omitempty"`
+	Gender            domain.Gender `json:"gender,omitempty"`
+
+	EmailAddress string `json:"email,omitempty"`
+
+	PhoneNumber string `json:"phone,omitempty"`
+
+	Country       string `json:"country,omitempty"`
+	Locality      string `json:"locality,omitempty"`
+	PostalCode    string `json:"postalCode,omitempty"`
+	Region        string `json:"region,omitempty"`
+	StreetAddress string `json:"streetAddress,omitempty"`
+
+	Secret         *crypto.CryptoValue `json:"secret,omitempty"`
+	ChangeRequired bool                `json:"changeRequired,omitempty"`
+}
+
+func (e *HumanRegisteredEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanRegisteredEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain)}
+}
+
+func (e *HumanRegisteredEvent) AddAddressData(
+	country,
+	locality,
+	postalCode,
+	region,
+	streetAddress string,
+) {
+	e.Country = country
+	e.Locality = locality
+	e.PostalCode = postalCode
+	e.Region = region
+	e.StreetAddress = streetAddress
+}
+
+func (e *HumanRegisteredEvent) AddPhoneData(
+	phoneNumber string,
+) {
+	e.PhoneNumber = phoneNumber
+}
+
+func (e *HumanRegisteredEvent) AddPasswordData(
+	secret *crypto.CryptoValue,
+	changeRequired bool,
+) {
+	e.Secret = secret
+	e.ChangeRequired = changeRequired
+}
+
+func NewHumanRegisteredEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+
+	userName,
+	firstName,
+	lastName,
+	nickName,
+	displayName string,
+	preferredLanguage language.Tag,
+	gender domain.Gender,
+	emailAddress string,
+	userLoginMustBeDomain bool,
+) *HumanRegisteredEvent {
+	return &HumanRegisteredEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanRegisteredType,
+		),
+		UserName:              userName,
+		FirstName:             firstName,
+		LastName:              lastName,
+		NickName:              nickName,
+		DisplayName:           displayName,
+		PreferredLanguage:     preferredLanguage,
+		Gender:                gender,
+		EmailAddress:          emailAddress,
+		userLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func HumanRegisteredEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanRegistered := &HumanRegisteredEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanRegistered)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-3Vm9s", "unable to unmarshal human registered")
+	}
+
+	return humanRegistered, nil
+}
+
+type HumanInitialCodeAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	Code                 *crypto.CryptoValue `json:"code,omitempty"`
+	Expiry               time.Duration       `json:"expiry,omitempty"`
+}
+
+func (e *HumanInitialCodeAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanInitialCodeAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanInitialCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+) *HumanInitialCodeAddedEvent {
+	return &HumanInitialCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanInitialCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func HumanInitialCodeAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanRegistered := &HumanInitialCodeAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanRegistered)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-bM9se", "unable to unmarshal human initial code added")
+	}
+
+	return humanRegistered, nil
+}
+
+type HumanInitialCodeSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanInitialCodeSentEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanInitialCodeSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanInitialCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitialCodeSentEvent {
+	return &HumanInitialCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanInitialCodeSentType,
+		),
+	}
+}
+
+func HumanInitialCodeSentEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanInitialCodeSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanInitializedCheckSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanInitializedCheckSucceededEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanInitializedCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanInitializedCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckSucceededEvent {
+	return &HumanInitializedCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanInitializedCheckSucceededType,
+		),
+	}
+}
+
+func HumanInitializedCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanInitializedCheckSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanInitializedCheckFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanInitializedCheckFailedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanInitializedCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanInitializedCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckFailedEvent {
+	return &HumanInitializedCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanInitializedCheckFailedType,
+		),
+	}
+}
+
+func HumanInitializedCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanInitializedCheckFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanSignedOutEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserAgentID string `json:"userAgentID"`
+}
+
+func (e *HumanSignedOutEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanSignedOutEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanSignedOutEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userAgentID string,
+) *HumanSignedOutEvent {
+	return &HumanSignedOutEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanSignedOutType,
+		),
+		UserAgentID: userAgentID,
+	}
+}
+
+func HumanSignedOutEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanSignedOutEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}

internal/repository/user/human_address.go

@@ -0,0 +1,55 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	addressEventPrefix      = humanEventPrefix + "address."
+	HumanAddressChangedType = addressEventPrefix + "changed"
+)
+
+type HumanAddressChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Country       *string `json:"country,omitempty"`
+	Locality      *string `json:"locality,omitempty"`
+	PostalCode    *string `json:"postalCode,omitempty"`
+	Region        *string `json:"region,omitempty"`
+	StreetAddress *string `json:"streetAddress,omitempty"`
+}
+
+func (e *HumanAddressChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanAddressChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanAddressChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanAddressChangedEvent {
+	return &HumanAddressChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanAddressChangedType,
+		),
+	}
+}
+
+func HumanAddressChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	addressChanged := &HumanAddressChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, addressChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human address changed")
+	}
+
+	return addressChanged, nil
+}

internal/repository/user/human_email.go

@@ -0,0 +1,188 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	emailEventPrefix                 = humanEventPrefix + "email."
+	HumanEmailChangedType            = emailEventPrefix + "changed"
+	HumanEmailVerifiedType           = emailEventPrefix + "verified"
+	HumanEmailVerificationFailedType = emailEventPrefix + "verification.failed"
+	HumanEmailCodeAddedType          = emailEventPrefix + "code.added"
+	HumanEmailCodeSentType           = emailEventPrefix + "code.sent"
+)
+
+type HumanEmailChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	EmailAddress string `json:"email,omitempty"`
+}
+
+func (e *HumanEmailChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanEmailChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanEmailChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailChangedEvent {
+	return &HumanEmailChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanEmailChangedType,
+		),
+	}
+}
+
+func HumanEmailChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	emailChangedEvent := &HumanEmailChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, emailChangedEvent)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed")
+	}
+
+	return emailChangedEvent, nil
+}
+
+type HumanEmailVerifiedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IsEmailVerified bool `json:"-"`
+}
+
+func (e *HumanEmailVerifiedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanEmailVerifiedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanEmailVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailVerifiedEvent {
+	return &HumanEmailVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanEmailVerifiedType,
+		),
+	}
+}
+
+func HumanEmailVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	emailVerified := &HumanEmailVerifiedEvent{
+		BaseEvent:       *eventstore.BaseEventFromRepo(event),
+		IsEmailVerified: true,
+	}
+	return emailVerified, nil
+}
+
+type HumanEmailVerificationFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanEmailVerificationFailedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanEmailVerificationFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanEmailVerificationFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailVerificationFailedEvent {
+	return &HumanEmailVerificationFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanEmailVerificationFailedType,
+		),
+	}
+}
+
+func HumanEmailVerificationFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanEmailVerificationFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanEmailCodeAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Code   *crypto.CryptoValue `json:"code,omitempty"`
+	Expiry time.Duration       `json:"expiry,omitempty"`
+}
+
+func (e *HumanEmailCodeAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanEmailCodeAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanEmailCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration) *HumanEmailCodeAddedEvent {
+	return &HumanEmailCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanEmailCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func HumanEmailCodeAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	codeAdded := &HumanEmailCodeAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, codeAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-3M0sd", "unable to unmarshal human email code added")
+	}
+
+	return codeAdded, nil
+}
+
+type HumanEmailCodeSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanEmailCodeSentEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanEmailCodeSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanEmailCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailCodeSentEvent {
+	return &HumanEmailCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanEmailCodeSentType,
+		),
+	}
+}
+
+func HumanEmailCodeSentEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanEmailCodeSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}

internal/repository/user/human_external_idp.go

@@ -0,0 +1,213 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	UniqueExternalIDPType    = "external_idps"
+	externalIDPEventPrefix   = humanEventPrefix + "externalidp."
+	externalLoginEventPrefix = humanEventPrefix + "externallogin."
+
+	HumanExternalIDPAddedType          = externalIDPEventPrefix + "added"
+	HumanExternalIDPRemovedType        = externalIDPEventPrefix + "removed"
+	HumanExternalIDPCascadeRemovedType = externalIDPEventPrefix + "cascade.removed"
+
+	HumanExternalLoginCheckSucceededType = externalLoginEventPrefix + "check.succeeded"
+)
+
+func NewAddExternalIDPUniqueConstraint(idpConfigID, externalUserID string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewAddEventUniqueConstraint(
+		UniqueExternalIDPType,
+		idpConfigID+externalUserID,
+		"Errors.User.ExternalIDP.AlreadyExists")
+}
+
+func NewRemoveExternalIDPUniqueConstraint(idpConfigID, externalUserID string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewRemoveEventUniqueConstraint(
+		UniqueExternalIDPType,
+		idpConfigID+externalUserID)
+}
+
+type HumanExternalIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID    string `json:"idpConfigId,omitempty"`
+	ExternalUserID string `json:"userId,omitempty"`
+	DisplayName    string `json:"displayName,omitempty"`
+}
+
+func (e *HumanExternalIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanExternalIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddExternalIDPUniqueConstraint(e.IDPConfigID, e.ExternalUserID)}
+}
+
+func NewHumanExternalIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID,
+	displayName,
+	externalUserID string,
+) *HumanExternalIDPAddedEvent {
+	return &HumanExternalIDPAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanExternalIDPAddedType,
+		),
+		IDPConfigID:    idpConfigID,
+		DisplayName:    displayName,
+		ExternalUserID: externalUserID,
+	}
+}
+
+func HumanExternalIDPAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &HumanExternalIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-6M9sd", "unable to unmarshal user external idp added")
+	}
+
+	return e, nil
+}
+
+type HumanExternalIDPRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID    string `json:"idpConfigId"`
+	ExternalUserID string `json:"userId,omitempty"`
+}
+
+func (e *HumanExternalIDPRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanExternalIDPRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewRemoveExternalIDPUniqueConstraint(e.IDPConfigID, e.ExternalUserID)}
+}
+
+func NewHumanExternalIDPRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID,
+	externalUserID string,
+) *HumanExternalIDPRemovedEvent {
+	return &HumanExternalIDPRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanExternalIDPRemovedType,
+		),
+		IDPConfigID:    idpConfigID,
+		ExternalUserID: externalUserID,
+	}
+}
+
+func HumanExternalIDPRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &HumanExternalIDPRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5Gm9s", "unable to unmarshal user external idp removed")
+	}
+
+	return e, nil
+}
+
+type HumanExternalIDPCascadeRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID    string `json:"idpConfigId"`
+	ExternalUserID string `json:"userId,omitempty"`
+}
+
+func (e *HumanExternalIDPCascadeRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanExternalIDPCascadeRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewRemoveExternalIDPUniqueConstraint(e.IDPConfigID, e.ExternalUserID)}
+}
+
+func NewHumanExternalIDPCascadeRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID,
+	externalUserID string,
+) *HumanExternalIDPCascadeRemovedEvent {
+	return &HumanExternalIDPCascadeRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanExternalIDPCascadeRemovedType,
+		),
+		IDPConfigID:    idpConfigID,
+		ExternalUserID: externalUserID,
+	}
+}
+
+func HumanExternalIDPCascadeRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &HumanExternalIDPCascadeRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-2M0sd", "unable to unmarshal user external idp cascade removed")
+	}
+
+	return e, nil
+}
+
+type HumanExternalIDPCheckSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	*AuthRequestInfo
+}
+
+func (e *HumanExternalIDPCheckSucceededEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanExternalIDPCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanExternalIDPCheckSucceededEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	info *AuthRequestInfo) *HumanExternalIDPCheckSucceededEvent {
+	return &HumanExternalIDPCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanExternalLoginCheckSucceededType,
+		),
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanExternalIDPCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &HumanExternalIDPCheckSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-2M0sd", "unable to unmarshal user external idp check succeeded")
+	}
+
+	return e, nil
+}

internal/repository/user/human_mfa_events.go

@@ -0,0 +1,41 @@
+package user
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	mfaEventPrefix          = humanEventPrefix + "mfa."
+	HumanMFAInitSkippedType = mfaEventPrefix + "init.skipped"
+)
+
+type HumanMFAInitSkippedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanMFAInitSkippedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanMFAInitSkippedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanMFAInitSkippedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanMFAInitSkippedEvent {
+	return &HumanMFAInitSkippedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAInitSkippedType,
+		),
+	}
+}
+
+func HumanMFAInitSkippedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanMFAInitSkippedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}

internal/repository/user/human_mfa_otp.go

@@ -0,0 +1,203 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	otpEventPrefix                = mfaEventPrefix + "otp."
+	HumanMFAOTPAddedType          = otpEventPrefix + "added"
+	HumanMFAOTPVerifiedType       = otpEventPrefix + "verified"
+	HumanMFAOTPRemovedType        = otpEventPrefix + "removed"
+	HumanMFAOTPCheckSucceededType = otpEventPrefix + "check.succeeded"
+	HumanMFAOTPCheckFailedType    = otpEventPrefix + "check.failed"
+)
+
+type HumanOTPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Secret *crypto.CryptoValue `json:"otpSecret,omitempty"`
+}
+
+func (e *HumanOTPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanOTPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanOTPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	secret *crypto.CryptoValue,
+) *HumanOTPAddedEvent {
+	return &HumanOTPAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAOTPAddedType,
+		),
+		Secret: secret,
+	}
+}
+
+func HumanOTPAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	otpAdded := &HumanOTPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, otpAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp added")
+	}
+	return otpAdded, nil
+}
+
+type HumanOTPVerifiedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	UserAgentID          string `json:"userAgentID,omitempty"`
+}
+
+func (e *HumanOTPVerifiedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanOTPVerifiedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanOTPVerifiedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userAgentID string,
+) *HumanOTPVerifiedEvent {
+	return &HumanOTPVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAOTPVerifiedType,
+		),
+		UserAgentID: userAgentID,
+	}
+}
+
+func HumanOTPVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanOTPVerifiedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanOTPRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanOTPRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanOTPRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanOTPRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *HumanOTPRemovedEvent {
+	return &HumanOTPRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAOTPRemovedType,
+		),
+	}
+}
+
+func HumanOTPRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanOTPRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanOTPCheckSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	*AuthRequestInfo
+}
+
+func (e *HumanOTPCheckSucceededEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanOTPCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanOTPCheckSucceededEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	info *AuthRequestInfo,
+) *HumanOTPCheckSucceededEvent {
+	return &HumanOTPCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAOTPCheckSucceededType,
+		),
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanOTPCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	otpAdded := &HumanOTPCheckSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, otpAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check succeeded")
+	}
+	return otpAdded, nil
+}
+
+type HumanOTPCheckFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	*AuthRequestInfo
+}
+
+func (e *HumanOTPCheckFailedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanOTPCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanOTPCheckFailedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	info *AuthRequestInfo,
+) *HumanOTPCheckFailedEvent {
+	return &HumanOTPCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanMFAOTPCheckFailedType,
+		),
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanOTPCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	otpAdded := &HumanOTPCheckFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, otpAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-Ns9df", "unable to unmarshal human otp check failed")
+	}
+	return otpAdded, nil
+}

internal/repository/user/human_mfa_passwordless.go

@@ -0,0 +1,243 @@
+package user
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	passwordlessEventPrefix                    = humanEventPrefix + "passwordless.token."
+	HumanPasswordlessTokenAddedType            = passwordlessEventPrefix + "added"
+	HumanPasswordlessTokenVerifiedType         = passwordlessEventPrefix + "verified"
+	HumanPasswordlessTokenSignCountChangedType = passwordlessEventPrefix + "signcount.changed"
+	HumanPasswordlessTokenRemovedType          = passwordlessEventPrefix + "removed"
+	HumanPasswordlessTokenBeginLoginType       = passwordlessEventPrefix + "begin.login"
+	HumanPasswordlessTokenCheckSucceededType   = passwordlessEventPrefix + "check.succeeded"
+	HumanPasswordlessTokenCheckFailedType      = passwordlessEventPrefix + "check.failed"
+)
+
+type HumanPasswordlessAddedEvent struct {
+	HumanWebAuthNAddedEvent
+}
+
+func NewHumanPasswordlessAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID,
+	challenge string,
+) *HumanPasswordlessAddedEvent {
+	return &HumanPasswordlessAddedEvent{
+		HumanWebAuthNAddedEvent: *NewHumanWebAuthNAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenAddedType,
+			),
+			webAuthNTokenID,
+			challenge,
+		),
+	}
+}
+
+func HumanPasswordlessAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessAddedEvent{HumanWebAuthNAddedEvent: *e.(*HumanWebAuthNAddedEvent)}, nil
+}
+
+type HumanPasswordlessVerifiedEvent struct {
+	HumanWebAuthNVerifiedEvent
+}
+
+func NewHumanPasswordlessVerifiedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID,
+	webAuthNTokenName,
+	attestationType string,
+	keyID,
+	publicKey,
+	aaguid []byte,
+	signCount uint32,
+) *HumanPasswordlessVerifiedEvent {
+	return &HumanPasswordlessVerifiedEvent{
+		HumanWebAuthNVerifiedEvent: *NewHumanWebAuthNVerifiedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenVerifiedType,
+			),
+			webAuthNTokenID,
+			webAuthNTokenName,
+			attestationType,
+			keyID,
+			publicKey,
+			aaguid,
+			signCount,
+		),
+	}
+}
+
+func HumanPasswordlessVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNVerifiedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessVerifiedEvent{HumanWebAuthNVerifiedEvent: *e.(*HumanWebAuthNVerifiedEvent)}, nil
+}
+
+type HumanPasswordlessSignCountChangedEvent struct {
+	HumanWebAuthNSignCountChangedEvent
+}
+
+func NewHumanPasswordlessSignCountChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID string,
+	signCount uint32,
+) *HumanPasswordlessSignCountChangedEvent {
+	return &HumanPasswordlessSignCountChangedEvent{
+		HumanWebAuthNSignCountChangedEvent: *NewHumanWebAuthNSignCountChangedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenSignCountChangedType,
+			),
+			webAuthNTokenID,
+			signCount,
+		),
+	}
+}
+
+func HumanPasswordlessSignCountChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNSignCountChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessSignCountChangedEvent{HumanWebAuthNSignCountChangedEvent: *e.(*HumanWebAuthNSignCountChangedEvent)}, nil
+}
+
+type HumanPasswordlessRemovedEvent struct {
+	HumanWebAuthNRemovedEvent
+}
+
+func PrepareHumanPasswordlessRemovedEvent(ctx context.Context, webAuthNTokenID string) func(*eventstore.Aggregate) eventstore.EventPusher {
+	return func(a *eventstore.Aggregate) eventstore.EventPusher {
+		return NewHumanPasswordlessRemovedEvent(ctx, a, webAuthNTokenID)
+	}
+}
+
+func NewHumanPasswordlessRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID string,
+) *HumanPasswordlessRemovedEvent {
+	return &HumanPasswordlessRemovedEvent{
+		HumanWebAuthNRemovedEvent: *NewHumanWebAuthNRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenRemovedType,
+			),
+			webAuthNTokenID,
+		),
+	}
+}
+
+func HumanPasswordlessRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessRemovedEvent{HumanWebAuthNRemovedEvent: *e.(*HumanWebAuthNRemovedEvent)}, nil
+}
+
+type HumanPasswordlessBeginLoginEvent struct {
+	HumanWebAuthNBeginLoginEvent
+}
+
+func NewHumanPasswordlessBeginLoginEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	challenge string,
+	info *AuthRequestInfo,
+) *HumanPasswordlessBeginLoginEvent {
+	return &HumanPasswordlessBeginLoginEvent{
+		HumanWebAuthNBeginLoginEvent: *NewHumanWebAuthNBeginLoginEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenVerifiedType,
+			),
+			challenge,
+			info,
+		),
+	}
+}
+
+func HumanPasswordlessBeginLoginEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNBeginLoginEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessBeginLoginEvent{HumanWebAuthNBeginLoginEvent: *e.(*HumanWebAuthNBeginLoginEvent)}, nil
+}
+
+type HumanPasswordlessCheckSucceededEvent struct {
+	HumanWebAuthNCheckSucceededEvent
+}
+
+func NewHumanPasswordlessCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordlessCheckSucceededEvent {
+	return &HumanPasswordlessCheckSucceededEvent{
+		HumanWebAuthNCheckSucceededEvent: *NewHumanWebAuthNCheckSucceededEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenCheckSucceededType,
+			),
+		),
+	}
+}
+
+func HumanPasswordlessCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNCheckSucceededEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessCheckSucceededEvent{HumanWebAuthNCheckSucceededEvent: *e.(*HumanWebAuthNCheckSucceededEvent)}, nil
+}
+
+type HumanPasswordlessCheckFailedEvent struct {
+	HumanWebAuthNCheckFailedEvent
+}
+
+func NewHumanPasswordlessCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordlessCheckFailedEvent {
+	return &HumanPasswordlessCheckFailedEvent{
+		HumanWebAuthNCheckFailedEvent: *NewHumanWebAuthNCheckFailedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanPasswordlessTokenCheckFailedType,
+			),
+		),
+	}
+}
+
+func HumanPasswordlessCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNCheckFailedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordlessCheckFailedEvent{HumanWebAuthNCheckFailedEvent: *e.(*HumanWebAuthNCheckFailedEvent)}, nil
+}

internal/repository/user/human_mfa_u2f.go

@@ -0,0 +1,243 @@
+package user
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	u2fEventPrefix                    = mfaEventPrefix + "u2f.token."
+	HumanU2FTokenAddedType            = u2fEventPrefix + "added"
+	HumanU2FTokenVerifiedType         = u2fEventPrefix + "verified"
+	HumanU2FTokenSignCountChangedType = u2fEventPrefix + "signcount.changed"
+	HumanU2FTokenRemovedType          = u2fEventPrefix + "removed"
+	HumanU2FTokenBeginLoginType       = u2fEventPrefix + "begin.login"
+	HumanU2FTokenCheckSucceededType   = u2fEventPrefix + "check.succeeded"
+	HumanU2FTokenCheckFailedType      = u2fEventPrefix + "check.failed"
+)
+
+type HumanU2FAddedEvent struct {
+	HumanWebAuthNAddedEvent
+}
+
+func NewHumanU2FAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID,
+	challenge string,
+) *HumanU2FAddedEvent {
+	return &HumanU2FAddedEvent{
+		HumanWebAuthNAddedEvent: *NewHumanWebAuthNAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenAddedType,
+			),
+			webAuthNTokenID,
+			challenge,
+		),
+	}
+}
+
+func HumanU2FAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FAddedEvent{HumanWebAuthNAddedEvent: *e.(*HumanWebAuthNAddedEvent)}, nil
+}
+
+type HumanU2FVerifiedEvent struct {
+	HumanWebAuthNVerifiedEvent
+}
+
+func NewHumanU2FVerifiedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID,
+	webAuthNTokenName,
+	attestationType string,
+	keyID,
+	publicKey,
+	aaguid []byte,
+	signCount uint32,
+) *HumanU2FVerifiedEvent {
+	return &HumanU2FVerifiedEvent{
+		HumanWebAuthNVerifiedEvent: *NewHumanWebAuthNVerifiedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenVerifiedType,
+			),
+			webAuthNTokenID,
+			webAuthNTokenName,
+			attestationType,
+			keyID,
+			publicKey,
+			aaguid,
+			signCount,
+		),
+	}
+}
+
+func HumanU2FVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNVerifiedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FVerifiedEvent{HumanWebAuthNVerifiedEvent: *e.(*HumanWebAuthNVerifiedEvent)}, nil
+}
+
+type HumanU2FSignCountChangedEvent struct {
+	HumanWebAuthNSignCountChangedEvent
+}
+
+func NewHumanU2FSignCountChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID string,
+	signCount uint32,
+) *HumanU2FSignCountChangedEvent {
+	return &HumanU2FSignCountChangedEvent{
+		HumanWebAuthNSignCountChangedEvent: *NewHumanWebAuthNSignCountChangedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenSignCountChangedType,
+			),
+			webAuthNTokenID,
+			signCount,
+		),
+	}
+}
+
+func HumanU2FSignCountChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNSignCountChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FSignCountChangedEvent{HumanWebAuthNSignCountChangedEvent: *e.(*HumanWebAuthNSignCountChangedEvent)}, nil
+}
+
+type HumanU2FRemovedEvent struct {
+	HumanWebAuthNRemovedEvent
+}
+
+func PrepareHumanU2FRemovedEvent(ctx context.Context, webAuthNTokenID string) func(*eventstore.Aggregate) eventstore.EventPusher {
+	return func(a *eventstore.Aggregate) eventstore.EventPusher {
+		return NewHumanU2FRemovedEvent(ctx, a, webAuthNTokenID)
+	}
+}
+
+func NewHumanU2FRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	webAuthNTokenID string,
+) *HumanU2FRemovedEvent {
+	return &HumanU2FRemovedEvent{
+		HumanWebAuthNRemovedEvent: *NewHumanWebAuthNRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenRemovedType,
+			),
+			webAuthNTokenID,
+		),
+	}
+}
+
+func HumanU2FRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FRemovedEvent{HumanWebAuthNRemovedEvent: *e.(*HumanWebAuthNRemovedEvent)}, nil
+}
+
+type HumanU2FBeginLoginEvent struct {
+	HumanWebAuthNBeginLoginEvent
+}
+
+func NewHumanU2FBeginLoginEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	challenge string,
+	info *AuthRequestInfo,
+) *HumanU2FBeginLoginEvent {
+	return &HumanU2FBeginLoginEvent{
+		HumanWebAuthNBeginLoginEvent: *NewHumanWebAuthNBeginLoginEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenVerifiedType,
+			),
+			challenge,
+			info,
+		),
+	}
+}
+
+func HumanU2FBeginLoginEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNBeginLoginEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FBeginLoginEvent{HumanWebAuthNBeginLoginEvent: *e.(*HumanWebAuthNBeginLoginEvent)}, nil
+}
+
+type HumanU2FCheckSucceededEvent struct {
+	HumanWebAuthNCheckSucceededEvent
+}
+
+func NewHumanU2FCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanU2FCheckSucceededEvent {
+	return &HumanU2FCheckSucceededEvent{
+		HumanWebAuthNCheckSucceededEvent: *NewHumanWebAuthNCheckSucceededEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenCheckSucceededType,
+			),
+		),
+	}
+}
+
+func HumanU2FCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNCheckSucceededEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FCheckSucceededEvent{HumanWebAuthNCheckSucceededEvent: *e.(*HumanWebAuthNCheckSucceededEvent)}, nil
+}
+
+type HumanU2FCheckFailedEvent struct {
+	HumanWebAuthNCheckFailedEvent
+}
+
+func NewHumanU2FCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanU2FCheckFailedEvent {
+	return &HumanU2FCheckFailedEvent{
+		HumanWebAuthNCheckFailedEvent: *NewHumanWebAuthNCheckFailedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				HumanU2FTokenCheckFailedType,
+			),
+		),
+	}
+}
+
+func HumanU2FCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := HumanWebAuthNCheckFailedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanU2FCheckFailedEvent{HumanWebAuthNCheckFailedEvent: *e.(*HumanWebAuthNCheckFailedEvent)}, nil
+}

internal/repository/user/human_mfa_web_auth_n.go

@@ -0,0 +1,276 @@
+package user
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+type HumanWebAuthNAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	WebAuthNTokenID string `json:"webAuthNTokenId"`
+	Challenge       string `json:"challenge"`
+}
+
+func (e *HumanWebAuthNAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNAddedEvent(
+	base *eventstore.BaseEvent,
+	webAuthNTokenID,
+	challenge string,
+) *HumanWebAuthNAddedEvent {
+	return &HumanWebAuthNAddedEvent{
+		BaseEvent:       *base,
+		WebAuthNTokenID: webAuthNTokenID,
+		Challenge:       challenge,
+	}
+}
+
+func HumanWebAuthNAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webAuthNAdded := &HumanWebAuthNAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webAuthNAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-tB8sf", "unable to unmarshal human webAuthN added")
+	}
+	return webAuthNAdded, nil
+}
+
+type HumanWebAuthNVerifiedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	WebAuthNTokenID   string `json:"webAuthNTokenId"`
+	KeyID             []byte `json:"keyId"`
+	PublicKey         []byte `json:"publicKey"`
+	AttestationType   string `json:"attestationType"`
+	AAGUID            []byte `json:"aaguid"`
+	SignCount         uint32 `json:"signCount"`
+	WebAuthNTokenName string `json:"webAuthNTokenName"`
+}
+
+func (e *HumanWebAuthNVerifiedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNVerifiedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNVerifiedEvent(
+	base *eventstore.BaseEvent,
+	webAuthNTokenID,
+	webAuthNTokenName,
+	attestationType string,
+	keyID,
+	publicKey,
+	aaguid []byte,
+	signCount uint32,
+) *HumanWebAuthNVerifiedEvent {
+	return &HumanWebAuthNVerifiedEvent{
+		BaseEvent:         *base,
+		WebAuthNTokenID:   webAuthNTokenID,
+		KeyID:             keyID,
+		PublicKey:         publicKey,
+		AttestationType:   attestationType,
+		AAGUID:            aaguid,
+		SignCount:         signCount,
+		WebAuthNTokenName: webAuthNTokenName,
+	}
+}
+
+func HumanWebAuthNVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webauthNVerified := &HumanWebAuthNVerifiedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webauthNVerified)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-B0zDs", "unable to unmarshal human webAuthN verified")
+	}
+	return webauthNVerified, nil
+}
+
+type HumanWebAuthNSignCountChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	WebAuthNTokenID string `json:"webAuthNTokenId"`
+	SignCount       uint32 `json:"signCount"`
+}
+
+func (e *HumanWebAuthNSignCountChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNSignCountChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNSignCountChangedEvent(
+	base *eventstore.BaseEvent,
+	webAuthNTokenID string,
+	signCount uint32,
+) *HumanWebAuthNSignCountChangedEvent {
+	return &HumanWebAuthNSignCountChangedEvent{
+		BaseEvent:       *base,
+		WebAuthNTokenID: webAuthNTokenID,
+		SignCount:       signCount,
+	}
+}
+
+func HumanWebAuthNSignCountChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webauthNVerified := &HumanWebAuthNSignCountChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webauthNVerified)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5Gm0s", "unable to unmarshal human webAuthN sign count")
+	}
+	return webauthNVerified, nil
+}
+
+type HumanWebAuthNRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	WebAuthNTokenID string          `json:"webAuthNTokenId"`
+	State           domain.MFAState `json:"-"`
+}
+
+func (e *HumanWebAuthNRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNRemovedEvent(
+	base *eventstore.BaseEvent,
+	webAuthNTokenID string,
+) *HumanWebAuthNRemovedEvent {
+	return &HumanWebAuthNRemovedEvent{
+		BaseEvent:       *base,
+		WebAuthNTokenID: webAuthNTokenID,
+	}
+}
+
+func HumanWebAuthNRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webauthNVerified := &HumanWebAuthNRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webauthNVerified)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-gM9sd", "unable to unmarshal human webAuthN token removed")
+	}
+	return webauthNVerified, nil
+}
+
+type HumanWebAuthNBeginLoginEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Challenge string `json:"challenge"`
+	*AuthRequestInfo
+}
+
+func (e *HumanWebAuthNBeginLoginEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNBeginLoginEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNBeginLoginEvent(
+	base *eventstore.BaseEvent,
+	challenge string,
+	info *AuthRequestInfo,
+) *HumanWebAuthNBeginLoginEvent {
+	return &HumanWebAuthNBeginLoginEvent{
+		BaseEvent:       *base,
+		Challenge:       challenge,
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanWebAuthNBeginLoginEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webAuthNAdded := &HumanWebAuthNBeginLoginEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webAuthNAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-rMb8x", "unable to unmarshal human webAuthN begin login")
+	}
+	return webAuthNAdded, nil
+}
+
+type HumanWebAuthNCheckSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	//TODO: Handle Auth Req??
+	//*AuthRequest
+}
+
+func (e *HumanWebAuthNCheckSucceededEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNCheckSucceededEvent(base *eventstore.BaseEvent) *HumanWebAuthNCheckSucceededEvent {
+	return &HumanWebAuthNCheckSucceededEvent{
+		BaseEvent: *base,
+	}
+}
+
+func HumanWebAuthNCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webAuthNAdded := &HumanWebAuthNCheckSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webAuthNAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-2M0fg", "unable to unmarshal human webAuthN check succeeded")
+	}
+	return webAuthNAdded, nil
+}
+
+type HumanWebAuthNCheckFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	//TODO: Handle Auth Req??
+	//*AuthRequest
+}
+
+func (e *HumanWebAuthNCheckFailedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanWebAuthNCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanWebAuthNCheckFailedEvent(base *eventstore.BaseEvent) *HumanWebAuthNCheckFailedEvent {
+	return &HumanWebAuthNCheckFailedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func HumanWebAuthNCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	webAuthNAdded := &HumanWebAuthNCheckFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, webAuthNAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-O0dse", "unable to unmarshal human webAuthN check failed")
+	}
+	return webAuthNAdded, nil
+}

internal/repository/user/human_password.go

@@ -0,0 +1,224 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	passwordEventPrefix             = humanEventPrefix + "password."
+	HumanPasswordChangedType        = passwordEventPrefix + "changed"
+	HumanPasswordCodeAddedType      = passwordEventPrefix + "code.added"
+	HumanPasswordCodeSentType       = passwordEventPrefix + "code.sent"
+	HumanPasswordCheckSucceededType = passwordEventPrefix + "check.succeeded"
+	HumanPasswordCheckFailedType    = passwordEventPrefix + "check.failed"
+)
+
+type HumanPasswordChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Secret         *crypto.CryptoValue `json:"secret,omitempty"`
+	ChangeRequired bool                `json:"changeRequired"`
+	UserAgentID    string              `json:"userAgentID,omitempty"`
+}
+
+func (e *HumanPasswordChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPasswordChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	secret *crypto.CryptoValue,
+	changeRequired bool,
+	userAgentID string,
+) *HumanPasswordChangedEvent {
+	return &HumanPasswordChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordChangedType,
+		),
+		Secret:         secret,
+		ChangeRequired: changeRequired,
+		UserAgentID:    userAgentID,
+	}
+}
+
+func HumanPasswordChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanAdded := &HumanPasswordChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-4M0sd", "unable to unmarshal human password changed")
+	}
+
+	return humanAdded, nil
+}
+
+type HumanPasswordCodeAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Code             *crypto.CryptoValue     `json:"code,omitempty"`
+	Expiry           time.Duration           `json:"expiry,omitempty"`
+	NotificationType domain.NotificationType `json:"notificationType,omitempty"`
+}
+
+func (e *HumanPasswordCodeAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPasswordCodeAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+	notificationType domain.NotificationType,
+) *HumanPasswordCodeAddedEvent {
+	return &HumanPasswordCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordCodeAddedType,
+		),
+		Code:             code,
+		Expiry:           expiry,
+		NotificationType: notificationType,
+	}
+}
+
+func HumanPasswordCodeAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanAdded := &HumanPasswordCodeAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-Ms90d", "unable to unmarshal human password code added")
+	}
+
+	return humanAdded, nil
+}
+
+type HumanPasswordCodeSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanPasswordCodeSentEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanPasswordCodeSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordCodeSentEvent {
+	return &HumanPasswordCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordCodeSentType,
+		),
+	}
+}
+
+func HumanPasswordCodeSentEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanPasswordCodeSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanPasswordCheckSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	*AuthRequestInfo
+}
+
+func (e *HumanPasswordCheckSucceededEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPasswordCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordCheckSucceededEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	info *AuthRequestInfo,
+) *HumanPasswordCheckSucceededEvent {
+	return &HumanPasswordCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordCheckSucceededType,
+		),
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanPasswordCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanAdded := &HumanPasswordCheckSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5M9sd", "unable to unmarshal human password check succeeded")
+	}
+
+	return humanAdded, nil
+}
+
+type HumanPasswordCheckFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	*AuthRequestInfo
+}
+
+func (e *HumanPasswordCheckFailedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPasswordCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordCheckFailedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	info *AuthRequestInfo,
+) *HumanPasswordCheckFailedEvent {
+	return &HumanPasswordCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordCheckFailedType,
+		),
+		AuthRequestInfo: info,
+	}
+}
+
+func HumanPasswordCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	humanAdded := &HumanPasswordCheckFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, humanAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-4m9fs", "unable to unmarshal human password check failed")
+	}
+
+	return humanAdded, nil
+}

internal/repository/user/human_phone.go

@@ -0,0 +1,217 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	phoneEventPrefix                 = humanEventPrefix + "phone."
+	HumanPhoneChangedType            = phoneEventPrefix + "changed"
+	HumanPhoneRemovedType            = phoneEventPrefix + "removed"
+	HumanPhoneVerifiedType           = phoneEventPrefix + "verified"
+	HumanPhoneVerificationFailedType = phoneEventPrefix + "verification.failed"
+	HumanPhoneCodeAddedType          = phoneEventPrefix + "code.added"
+	HumanPhoneCodeSentType           = phoneEventPrefix + "code.sent"
+)
+
+type HumanPhoneChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PhoneNumber string `json:"phone,omitempty"`
+}
+
+func (e *HumanPhoneChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPhoneChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneChangedEvent {
+	return &HumanPhoneChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneChangedType,
+		),
+	}
+}
+
+func HumanPhoneChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	phoneChangedEvent := &HumanPhoneChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, phoneChangedEvent)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human phone changed")
+	}
+
+	return phoneChangedEvent, nil
+}
+
+type HumanPhoneRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanPhoneRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanPhoneRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneRemovedEvent {
+	return &HumanPhoneRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneRemovedType,
+		),
+	}
+}
+
+func HumanPhoneRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanPhoneChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanPhoneVerifiedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IsPhoneVerified bool `json:"-"`
+}
+
+func (e *HumanPhoneVerifiedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanPhoneVerifiedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneVerifiedEvent {
+	return &HumanPhoneVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneVerifiedType,
+		),
+	}
+}
+
+func HumanPhoneVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanPhoneVerifiedEvent{
+		BaseEvent:       *eventstore.BaseEventFromRepo(event),
+		IsPhoneVerified: true,
+	}, nil
+}
+
+type HumanPhoneVerificationFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanPhoneVerificationFailedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanPhoneVerificationFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneVerificationFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneVerificationFailedEvent {
+	return &HumanPhoneVerificationFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneVerificationFailedType,
+		),
+	}
+}
+
+func HumanPhoneVerificationFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanPhoneVerificationFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type HumanPhoneCodeAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Code   *crypto.CryptoValue `json:"code,omitempty"`
+	Expiry time.Duration       `json:"expiry,omitempty"`
+}
+
+func (e *HumanPhoneCodeAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPhoneCodeAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+) *HumanPhoneCodeAddedEvent {
+	return &HumanPhoneCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func HumanPhoneCodeAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	codeAdded := &HumanPhoneCodeAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, codeAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-6Ms9d", "unable to unmarshal human phone code added")
+	}
+
+	return codeAdded, nil
+}
+
+type HumanPhoneCodeSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanPhoneCodeSentEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanPhoneCodeSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPhoneCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneCodeSentEvent {
+	return &HumanPhoneCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPhoneCodeSentType,
+		),
+	}
+}
+
+func HumanPhoneCodeSentEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &HumanPhoneCodeSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}

internal/repository/user/human_profile.go

@@ -0,0 +1,58 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"golang.org/x/text/language"
+)
+
+const (
+	profileEventPrefix      = humanEventPrefix + "profile."
+	HumanProfileChangedType = profileEventPrefix + "changed"
+)
+
+type HumanProfileChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	FirstName         string         `json:"firstName,omitempty"`
+	LastName          string         `json:"lastName,omitempty"`
+	NickName          *string        `json:"nickName,omitempty"`
+	DisplayName       *string        `json:"displayName,omitempty"`
+	PreferredLanguage *language.Tag  `json:"preferredLanguage,omitempty"`
+	Gender            *domain.Gender `json:"gender,omitempty"`
+}
+
+func (e *HumanProfileChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *HumanProfileChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanProfileChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanProfileChangedEvent {
+	return &HumanProfileChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanProfileChangedType,
+		),
+	}
+}
+
+func HumanProfileChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	profileChanged := &HumanProfileChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, profileChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5M0pd", "unable to unmarshal human profile changed")
+	}
+
+	return profileChanged, nil
+}

internal/repository/user/machine.go

@@ -0,0 +1,109 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	machineEventPrefix      = userEventTypePrefix + "machine."
+	MachineAddedEventType   = machineEventPrefix + "added"
+	MachineChangedEventType = machineEventPrefix + "changed"
+)
+
+type MachineAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName              string `json:"userName"`
+	UserLoginMustBeDomain bool
+
+	Name        string `json:"name,omitempty"`
+	Description string `json:"description,omitempty"`
+}
+
+func (e *MachineAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MachineAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.UserLoginMustBeDomain)}
+}
+
+func NewMachineAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userName,
+	name,
+	description string,
+	userLoginMustBeDomain bool,
+) *MachineAddedEvent {
+	return &MachineAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			MachineAddedEventType,
+		),
+		UserName:              userName,
+		Name:                  name,
+		Description:           description,
+		UserLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func MachineAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	machineAdded := &MachineAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, machineAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-tMv9s", "unable to unmarshal machine added")
+	}
+
+	return machineAdded, nil
+}
+
+type MachineChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName string `json:"userName"`
+
+	Name        *string `json:"name,omitempty"`
+	Description *string `json:"description,omitempty"`
+}
+
+func (e *MachineChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MachineChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMachineChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *MachineChangedEvent {
+	return &MachineChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			MachineChangedEventType,
+		),
+	}
+}
+
+func MachineChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	machineChanged := &MachineChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, machineChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-4M9ds", "unable to unmarshal machine changed")
+	}
+
+	return machineChanged, nil
+}

internal/repository/user/machine_key.go

@@ -0,0 +1,109 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	machineKeyEventPrefix      = machineEventPrefix + "key."
+	MachineKeyAddedEventType   = machineKeyEventPrefix + "added"
+	MachineKeyRemovedEventType = machineKeyEventPrefix + "removed"
+)
+
+type MachineKeyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	KeyID          string              `json:"keyId,omitempty"`
+	KeyType        domain.AuthNKeyType `json:"type,omitempty"`
+	ExpirationDate time.Time           `json:"expirationDate,omitempty"`
+	PublicKey      []byte              `json:"publicKey,omitempty"`
+}
+
+func (e *MachineKeyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MachineKeyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMachineKeyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	keyID string,
+	keyType domain.AuthNKeyType,
+	expirationDate time.Time,
+	publicKey []byte,
+) *MachineKeyAddedEvent {
+	return &MachineKeyAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			MachineKeyAddedEventType,
+		),
+		KeyID:          keyID,
+		KeyType:        keyType,
+		ExpirationDate: expirationDate,
+		PublicKey:      publicKey,
+	}
+}
+
+func MachineKeyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	machineKeyAdded := &MachineKeyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, machineKeyAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-p0ovS", "unable to unmarshal machine key removed")
+	}
+
+	return machineKeyAdded, nil
+}
+
+type MachineKeyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	KeyID string `json:"keyId,omitempty"`
+}
+
+func (e *MachineKeyRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MachineKeyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMachineKeyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	keyID string,
+) *MachineKeyRemovedEvent {
+	return &MachineKeyRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			MachineKeyRemovedEventType,
+		),
+		KeyID: keyID,
+	}
+}
+
+func MachineKeyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	machineRemoved := &MachineKeyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, machineRemoved)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-5Gm9s", "unable to unmarshal machine key removed")
+	}
+
+	return machineRemoved, nil
+}

internal/repository/user/user.go

@@ -0,0 +1,386 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	UniqueUsername            = "usernames"
+	userEventTypePrefix       = eventstore.EventType("user.")
+	UserLockedType            = userEventTypePrefix + "locked"
+	UserUnlockedType          = userEventTypePrefix + "unlocked"
+	UserDeactivatedType       = userEventTypePrefix + "deactivated"
+	UserReactivatedType       = userEventTypePrefix + "reactivated"
+	UserRemovedType           = userEventTypePrefix + "removed"
+	UserTokenAddedType        = userEventTypePrefix + "token.added"
+	UserDomainClaimedType     = userEventTypePrefix + "domain.claimed"
+	UserDomainClaimedSentType = userEventTypePrefix + "domain.claimed.sent"
+	UserUserNameChangedType   = userEventTypePrefix + "username.changed"
+)
+
+func NewAddUsernameUniqueConstraint(userName, resourceOwner string, userLoginMustBeDomain bool) *eventstore.EventUniqueConstraint {
+	uniqueUserName := userName
+	if userLoginMustBeDomain {
+		uniqueUserName = userName + resourceOwner
+	}
+	return eventstore.NewAddEventUniqueConstraint(
+		UniqueUsername,
+		uniqueUserName,
+		"Errors.User.AlreadyExists")
+}
+
+func NewRemoveUsernameUniqueConstraint(userName, resourceOwner string, userLoginMustBeDomain bool) *eventstore.EventUniqueConstraint {
+	uniqueUserName := userName
+	if userLoginMustBeDomain {
+		uniqueUserName = userName + resourceOwner
+	}
+	return eventstore.NewRemoveEventUniqueConstraint(
+		UniqueUsername,
+		uniqueUserName)
+}
+
+type UserLockedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *UserLockedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *UserLockedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewUserLockedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *UserLockedEvent {
+	return &UserLockedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserLockedType,
+		),
+	}
+}
+
+func UserLockedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &UserLockedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UserUnlockedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *UserUnlockedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *UserUnlockedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewUserUnlockedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *UserUnlockedEvent {
+	return &UserUnlockedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserUnlockedType,
+		),
+	}
+}
+
+func UserUnlockedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &UserUnlockedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UserDeactivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *UserDeactivatedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *UserDeactivatedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewUserDeactivatedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *UserDeactivatedEvent {
+	return &UserDeactivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserDeactivatedType,
+		),
+	}
+}
+
+func UserDeactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &UserDeactivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UserReactivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *UserReactivatedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *UserReactivatedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewUserReactivatedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *UserReactivatedEvent {
+	return &UserReactivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserReactivatedType,
+		),
+	}
+}
+
+func UserReactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &UserReactivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UserRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	userName          string
+	loginMustBeDomain bool
+}
+
+func (e *UserRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *UserRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewRemoveUsernameUniqueConstraint(e.userName, e.Aggregate().ResourceOwner, e.loginMustBeDomain)}
+}
+
+func NewUserRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userName string,
+	userLoginMustBeDomain bool,
+) *UserRemovedEvent {
+	return &UserRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserRemovedType,
+		),
+		userName:          userName,
+		loginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func UserRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &UserRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UserTokenAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	TokenID           string    `json:"tokenId"`
+	ApplicationID     string    `json:"applicationId"`
+	UserAgentID       string    `json:"userAgentId"`
+	Audience          []string  `json:"audience"`
+	Scopes            []string  `json:"scopes""`
+	Expiration        time.Time `json:"expiration"`
+	PreferredLanguage string    `json:"preferredLanguage"`
+}
+
+func (e *UserTokenAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *UserTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewUserTokenAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	tokenID,
+	applicationID,
+	userAgentID,
+	preferredLanguage string,
+	audience,
+	scopes []string,
+	expiration time.Time,
+) *UserTokenAddedEvent {
+	return &UserTokenAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserTokenAddedType,
+		),
+		TokenID:           tokenID,
+		ApplicationID:     applicationID,
+		UserAgentID:       userAgentID,
+		Audience:          audience,
+		Scopes:            scopes,
+		Expiration:        expiration,
+		PreferredLanguage: preferredLanguage,
+	}
+}
+
+func UserTokenAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	tokenAdded := &UserTokenAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, tokenAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-7M9sd", "unable to unmarshal token added")
+	}
+
+	return tokenAdded, nil
+}
+
+type DomainClaimedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName              string `json:"userName"`
+	oldUserName           string `json:"-"`
+	userLoginMustBeDomain bool   `json:"-"`
+}
+
+func (e *DomainClaimedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainClaimedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{
+		NewRemoveUsernameUniqueConstraint(e.oldUserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain),
+		NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain),
+	}
+}
+
+func NewDomainClaimedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userName,
+	oldUserName string,
+	userLoginMustBeDomain bool,
+) *DomainClaimedEvent {
+	return &DomainClaimedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserDomainClaimedType,
+		),
+		UserName:              userName,
+		oldUserName:           oldUserName,
+		userLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func DomainClaimedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	domainClaimed := &DomainClaimedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, domainClaimed)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-aR8jc", "unable to unmarshal domain claimed")
+	}
+
+	return domainClaimed, nil
+}
+
+type DomainClaimedSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *DomainClaimedSentEvent) Data() interface{} {
+	return nil
+}
+
+func (e *DomainClaimedSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewDomainClaimedSentEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *DomainClaimedSentEvent {
+	return &DomainClaimedSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserDomainClaimedSentType,
+		),
+	}
+}
+
+func DomainClaimedSentEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &DomainClaimedSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type UsernameChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserName              string `json:"userName"`
+	oldUserName           string `json:"-"`
+	userLoginMustBeDomain bool   `json:"-"`
+}
+
+func (e *UsernameChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *UsernameChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{
+		NewRemoveUsernameUniqueConstraint(e.oldUserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain),
+		NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain),
+	}
+}
+
+func NewUsernameChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	oldUserName,
+	newUserName string,
+	userLoginMustBeDomain bool,
+) *UsernameChangedEvent {
+	return &UsernameChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserUserNameChangedType,
+		),
+		UserName:              newUserName,
+		oldUserName:           oldUserName,
+		userLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func UsernameChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	domainClaimed := &UsernameChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, domainClaimed)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "USER-4Bm9s", "unable to unmarshal username changed")
+	}
+
+	return domainClaimed, nil
+}

internal/repository/user/v1.go

@@ -0,0 +1,496 @@
+package user
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+	"time"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"golang.org/x/text/language"
+)
+
+const (
+	UserV1AddedType                     = userEventTypePrefix + "added"
+	UserV1RegisteredType                = userEventTypePrefix + "selfregistered"
+	UserV1InitialCodeAddedType          = userEventTypePrefix + "initialization.code.added"
+	UserV1InitialCodeSentType           = userEventTypePrefix + "initialization.code.sent"
+	UserV1InitializedCheckSucceededType = userEventTypePrefix + "initialization.check.succeeded"
+	UserV1InitializedCheckFailedType    = userEventTypePrefix + "initialization.check.failed"
+	UserV1SignedOutType                 = userEventTypePrefix + "signed.out"
+
+	userV1PasswordEventTypePrefix    = userEventTypePrefix + "password."
+	UserV1PasswordChangedType        = userV1PasswordEventTypePrefix + "changed"
+	UserV1PasswordCodeAddedType      = userV1PasswordEventTypePrefix + "code.added"
+	UserV1PasswordCodeSentType       = userV1PasswordEventTypePrefix + "code.sent"
+	UserV1PasswordCheckSucceededType = userV1PasswordEventTypePrefix + "check.succeeded"
+	UserV1PasswordCheckFailedType    = userV1PasswordEventTypePrefix + "check.failed"
+
+	userV1EmailEventTypePrefix        = userEventTypePrefix + "email."
+	UserV1EmailChangedType            = userV1EmailEventTypePrefix + "changed"
+	UserV1EmailVerifiedType           = userV1EmailEventTypePrefix + "verified"
+	UserV1EmailVerificationFailedType = userV1EmailEventTypePrefix + "verification.failed"
+	UserV1EmailCodeAddedType          = userV1EmailEventTypePrefix + "code.added"
+	UserV1EmailCodeSentType           = userV1EmailEventTypePrefix + "code.sent"
+
+	userV1PhoneEventTypePrefix        = userEventTypePrefix + "phone."
+	UserV1PhoneChangedType            = userV1PhoneEventTypePrefix + "changed"
+	UserV1PhoneRemovedType            = userV1PhoneEventTypePrefix + "removed"
+	UserV1PhoneVerifiedType           = userV1PhoneEventTypePrefix + "verified"
+	UserV1PhoneVerificationFailedType = userV1PhoneEventTypePrefix + "verification.failed"
+	UserV1PhoneCodeAddedType          = userV1PhoneEventTypePrefix + "code.added"
+	UserV1PhoneCodeSentType           = userV1PhoneEventTypePrefix + "code.sent"
+
+	userV1ProfileEventTypePrefix = userEventTypePrefix + "profile."
+	UserV1ProfileChangedType     = userV1ProfileEventTypePrefix + "changed"
+
+	userV1AddressEventTypePrefix = userEventTypePrefix + "address."
+	UserV1AddressChangedType     = userV1AddressEventTypePrefix + "changed"
+
+	userV1MFAEventTypePrefix = userEventTypePrefix + "mfa."
+	UserV1MFAInitSkippedType = userV1MFAOTPEventTypePrefix + "init.skipped"
+
+	userV1MFAOTPEventTypePrefix    = userV1MFAEventTypePrefix + "otp."
+	UserV1MFAOTPAddedType          = userV1MFAOTPEventTypePrefix + "added"
+	UserV1MFAOTPRemovedType        = userV1MFAOTPEventTypePrefix + "removed"
+	UserV1MFAOTPVerifiedType       = userV1MFAOTPEventTypePrefix + "verified"
+	UserV1MFAOTPCheckSucceededType = userV1MFAOTPEventTypePrefix + "check.succeeded"
+	UserV1MFAOTPCheckFailedType    = userV1MFAOTPEventTypePrefix + "check.failed"
+)
+
+func NewUserV1AddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+
+	userName,
+	firstName,
+	lastName,
+	nickName,
+	displayName string,
+	preferredLanguage language.Tag,
+	gender domain.Gender,
+	emailAddress,
+	phoneNumber,
+	country,
+	locality,
+	postalCode,
+	region,
+	streetAddress string,
+) *HumanAddedEvent {
+	return &HumanAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1AddedType,
+		),
+		UserName:          userName,
+		FirstName:         firstName,
+		LastName:          lastName,
+		NickName:          nickName,
+		DisplayName:       displayName,
+		PreferredLanguage: preferredLanguage,
+		Gender:            gender,
+		EmailAddress:      emailAddress,
+		PhoneNumber:       phoneNumber,
+		Country:           country,
+		Locality:          locality,
+		PostalCode:        postalCode,
+		Region:            region,
+		StreetAddress:     streetAddress,
+	}
+}
+
+func NewUserV1RegisteredEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+
+	userName,
+	firstName,
+	lastName,
+	nickName,
+	displayName string,
+	preferredLanguage language.Tag,
+	gender domain.Gender,
+	emailAddress,
+	phoneNumber,
+	country,
+	locality,
+	postalCode,
+	region,
+	streetAddress string,
+) *HumanRegisteredEvent {
+	return &HumanRegisteredEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1RegisteredType,
+		),
+		UserName:          userName,
+		FirstName:         firstName,
+		LastName:          lastName,
+		NickName:          nickName,
+		DisplayName:       displayName,
+		PreferredLanguage: preferredLanguage,
+		Gender:            gender,
+		EmailAddress:      emailAddress,
+		PhoneNumber:       phoneNumber,
+		Country:           country,
+		Locality:          locality,
+		PostalCode:        postalCode,
+		Region:            region,
+		StreetAddress:     streetAddress,
+	}
+}
+
+func NewUserV1InitialCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+) *HumanInitialCodeAddedEvent {
+	return &HumanInitialCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1InitialCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func NewUserV1InitialCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitialCodeSentEvent {
+	return &HumanInitialCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1InitialCodeSentType,
+		),
+	}
+}
+
+func NewUserV1InitializedCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckSucceededEvent {
+	return &HumanInitializedCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1InitializedCheckSucceededType,
+		),
+	}
+}
+
+func NewUserV1InitializedCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckFailedEvent {
+	return &HumanInitializedCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1InitializedCheckFailedType,
+		),
+	}
+}
+
+func NewUserV1SignedOutEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanSignedOutEvent {
+	return &HumanSignedOutEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1SignedOutType,
+		),
+	}
+}
+
+func NewUserV1PasswordChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	secret *crypto.CryptoValue,
+	changeRequired bool,
+) *HumanPasswordChangedEvent {
+	return &HumanPasswordChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PasswordChangedType,
+		),
+		Secret:         secret,
+		ChangeRequired: changeRequired,
+	}
+}
+
+func NewUserV1PasswordCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+	notificationType domain.NotificationType,
+) *HumanPasswordCodeAddedEvent {
+	return &HumanPasswordCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PasswordCodeAddedType,
+		),
+		Code:             code,
+		Expiry:           expiry,
+		NotificationType: notificationType,
+	}
+}
+
+func NewUserV1PasswordCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordCodeSentEvent {
+	return &HumanPasswordCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PasswordCodeSentType,
+		),
+	}
+}
+
+func NewUserV1PasswordCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordCheckSucceededEvent {
+	return &HumanPasswordCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PasswordCheckSucceededType,
+		),
+	}
+}
+
+func NewUserV1PasswordCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordCheckFailedEvent {
+	return &HumanPasswordCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PasswordCheckFailedType,
+		),
+	}
+}
+
+func NewUserV1EmailChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	emailAddress string,
+) *HumanEmailChangedEvent {
+	return &HumanEmailChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1EmailChangedType,
+		),
+		EmailAddress: emailAddress,
+	}
+}
+
+func NewUserV1EmailVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailVerifiedEvent {
+	return &HumanEmailVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1EmailVerifiedType,
+		),
+	}
+}
+
+func NewUserV1EmailVerificationFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailVerificationFailedEvent {
+	return &HumanEmailVerificationFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1EmailVerificationFailedType,
+		),
+	}
+}
+
+func NewUserV1EmailCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+) *HumanEmailCodeAddedEvent {
+	return &HumanEmailCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1EmailCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func NewUserV1EmailCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanEmailCodeSentEvent {
+	return &HumanEmailCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1EmailCodeSentType,
+		),
+	}
+}
+
+func NewUserV1PhoneChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	phone string,
+) *HumanPhoneChangedEvent {
+	return &HumanPhoneChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneChangedType,
+		),
+		PhoneNumber: phone,
+	}
+}
+
+func NewUserV1PhoneRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneRemovedEvent {
+	return &HumanPhoneRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneRemovedType,
+		),
+	}
+}
+
+func NewUserV1PhoneVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneVerifiedEvent {
+	return &HumanPhoneVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneVerifiedType,
+		),
+	}
+}
+
+func NewUserV1PhoneVerificationFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneVerificationFailedEvent {
+	return &HumanPhoneVerificationFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneVerificationFailedType,
+		),
+	}
+}
+
+func NewUserV1PhoneCodeAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	code *crypto.CryptoValue,
+	expiry time.Duration,
+) *HumanPhoneCodeAddedEvent {
+	return &HumanPhoneCodeAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneCodeAddedType,
+		),
+		Code:   code,
+		Expiry: expiry,
+	}
+}
+
+func NewUserV1PhoneCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPhoneCodeSentEvent {
+	return &HumanPhoneCodeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1PhoneCodeSentType,
+		),
+	}
+}
+
+func NewUserV1ProfileChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *HumanProfileChangedEvent {
+	return &HumanProfileChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1ProfileChangedType,
+		),
+	}
+}
+
+func NewUserV1AddressChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	country,
+	locality,
+	postalCode,
+	region,
+	streetAddress string,
+) *HumanAddressChangedEvent {
+	return &HumanAddressChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1AddressChangedType,
+		),
+	}
+}
+
+func NewUserV1MFAInitSkippedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanMFAInitSkippedEvent {
+	return &HumanMFAInitSkippedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAInitSkippedType,
+		),
+	}
+}
+
+func NewUserV1MFAOTPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	secret *crypto.CryptoValue,
+) *HumanOTPAddedEvent {
+	return &HumanOTPAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAOTPAddedType,
+		),
+		Secret: secret,
+	}
+}
+
+func NewUserV1MFAOTPVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanOTPVerifiedEvent {
+	return &HumanOTPVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAOTPVerifiedType,
+		),
+	}
+}
+
+func NewUserV1MFAOTPRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanOTPRemovedEvent {
+	return &HumanOTPRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAOTPRemovedType,
+		),
+	}
+}
+
+func NewUserV1MFAOTPCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanOTPCheckSucceededEvent {
+	return &HumanOTPCheckSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAOTPCheckSucceededType,
+		),
+	}
+}
+
+func NewUserV1MFAOTPCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanOTPCheckFailedEvent {
+	return &HumanOTPCheckFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			UserV1MFAOTPCheckFailedType,
+		),
+	}
+}