TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: move v2 pkgs (#1331)

Browse Source 
* fix: move eventstore pkgs

* fix: move eventstore pkgs

* fix: remove v2 view

* fix: remove v2 view
This commit is contained in:
Fabi
2021-02-23 15:13:04 +01:00
committed by GitHub
parent 57b277bc7c
commit d8e42744b4
797 changed files with 2116 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
internal/v2/domain/application.go
View File

@@ -1,38 +0,0 @@
package domain
type Application interface {
GetAppID() string
GetApplicationName() string
GetState() AppState
}
type AppState int32
const (
AppStateUnspecified AppState = iota
AppStateActive
AppStateInactive
AppStateRemoved
)
func (a AppState) Exists() bool {
return !(a == AppStateUnspecified || a == AppStateRemoved)
}
type ChangeApp struct {
AppID string
AppName string
State AppState
}
func (a *ChangeApp) GetAppID() string {
return a.AppID
}
func (a *ChangeApp) GetApplicationName() string {
return a.AppName
}
func (a *ChangeApp) GetState() AppState {
return a.State
}

61
internal/v2/domain/application_api.go
View File

@@ -1,61 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/models"
)
type APIApp struct {
models.ObjectRoot
AppID string
AppName string
ClientID string
ClientSecret *crypto.CryptoValue
ClientSecretString string
AuthMethodType APIAuthMethodType
State AppState
}
func (a *APIApp) GetApplicationName() string {
return a.AppName
}
func (a *APIApp) GetState() AppState {
return a.State
}
type APIAuthMethodType int32
const (
APIAuthMethodTypeBasic APIAuthMethodType = iota
APIAuthMethodTypePrivateKeyJWT
)
func (a *APIApp) IsValid() bool {
return true
}
func (a *APIApp) setClientID(clientID string) {
a.ClientID = clientID
}
func (a *APIApp) setClientSecret(clientSecret *crypto.CryptoValue) {
a.ClientSecret = clientSecret
}
func (a *APIApp) requiresClientSecret() bool {
return a.AuthMethodType == APIAuthMethodTypeBasic
}
func (a *APIApp) GenerateClientSecretIfNeeded(generator crypto.Generator) (secret string, err error) {
if a.AuthMethodType == APIAuthMethodTypePrivateKeyJWT {
return "", nil
}
a.ClientSecret, secret, err = NewClientSecret(generator)
if err != nil {
return "", err
}
return secret, nil
}

60
internal/v2/domain/application_key.go
View File

@@ -1,60 +0,0 @@
package domain
import (
"encoding/json"
"time"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
)
type ApplicationKey struct {
models.ObjectRoot
ApplicationID string
ClientID string
KeyID string
Type AuthNKeyType
ExpirationDate time.Time
PrivateKey []byte
PublicKey []byte
}
func (k *ApplicationKey) setPublicKey(publicKey []byte) {
k.PublicKey = publicKey
}
func (k *ApplicationKey) setPrivateKey(privateKey []byte) {
k.PrivateKey = privateKey
}
func (k *ApplicationKey) expirationDate() time.Time {
return k.ExpirationDate
}
func (k *ApplicationKey) setExpirationDate(expiration time.Time) {
k.ExpirationDate = expiration
}
func (k *ApplicationKey) Detail() ([]byte, error) {
if k.Type == AuthNKeyTypeJSON {
return k.MarshalJSON()
}
return nil, errors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal")
}
func (k *ApplicationKey) MarshalJSON() ([]byte, error) {
return json.Marshal(struct {
Type string `json:"type"`
KeyID string `json:"keyId"`
Key string `json:"key"`
AppID string `json:"appId"`
ClientID string `json:"clientID"`
}{
Type: "application",
KeyID: k.KeyID,
Key: string(k.PrivateKey),
AppID: k.ApplicationID,
ClientID: k.ClientID,
})
}

50
internal/v2/domain/application_oauth.go
View File

@@ -1,50 +0,0 @@
package domain
import (
"fmt"
"strings"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/id"
)
type oAuthApplication interface {
setClientID(clientID string)
setClientSecret(secret *crypto.CryptoValue)
requiresClientSecret() bool
}
//ClientID random_number@projectname (eg. 495894098234@zitadel)
func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Project) error {
rndID, err := idGenerator.Next()
if err != nil {
return err
}
a.setClientID(fmt.Sprintf("%v@%v", rndID, strings.ReplaceAll(strings.ToLower(project.Name), " ", "_")))
return nil
}
func SetNewClientSecretIfNeeded(a oAuthApplication, generator crypto.Generator) (string, error) {
if !a.requiresClientSecret() {
return "", nil
}
clientSecret, secretString, err := NewClientSecret(generator)
if err != nil {
return "", err
}
a.setClientSecret(clientSecret)
return secretString, nil
}
func NewClientSecret(generator crypto.Generator) (*crypto.CryptoValue, string, error) {
cryptoValue, stringSecret, err := crypto.NewCode(generator)
if err != nil {
logging.Log("MODEL-UpnTI").OnError(err).Error("unable to create client secret")
return nil, "", errors.ThrowInternal(err, "MODEL-gH2Wl", "Errors.Project.CouldNotGenerateClientSecret")
}
return cryptoValue, stringSecret, nil
}

299
internal/v2/domain/application_oidc.go
View File

@@ -1,299 +0,0 @@
package domain
import (
"strings"
"time"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/models"
)
const (
http = "http://"
httpLocalhost = "http://localhost:"
httpLocalhost2 = "http://localhost/"
https = "https://"
)
type OIDCApp struct {
models.ObjectRoot
AppID string
AppName string
ClientID string
ClientSecret *crypto.CryptoValue
ClientSecretString string
RedirectUris []string
ResponseTypes []OIDCResponseType
GrantTypes []OIDCGrantType
ApplicationType OIDCApplicationType
AuthMethodType OIDCAuthMethodType
PostLogoutRedirectUris []string
OIDCVersion OIDCVersion
Compliance *Compliance
DevMode bool
AccessTokenType OIDCTokenType
AccessTokenRoleAssertion bool
IDTokenRoleAssertion bool
IDTokenUserinfoAssertion bool
ClockSkew time.Duration
State AppState
}
func (h OIDCApp) GetApplicationName() string {
return h.AppName
}
func (h OIDCApp) GetState() AppState {
return h.State
}
func (h OIDCApp) setClientID(clientID string) {
h.ClientID = clientID
}
func (h OIDCApp) setClientSecret(clientSecret *crypto.CryptoValue) {
h.ClientSecret = clientSecret
}
func (h OIDCApp) requiresClientSecret() bool {
return h.AuthMethodType == OIDCAuthMethodTypeBasic || h.AuthMethodType == OIDCAuthMethodTypePost
}
type OIDCVersion int32
const (
OIDCVersionV1 OIDCVersion = iota
)
type OIDCResponseType int32
const (
OIDCResponseTypeCode OIDCResponseType = iota
OIDCResponseTypeIDToken
OIDCResponseTypeIDTokenToken
)
type OIDCGrantType int32
const (
OIDCGrantTypeAuthorizationCode OIDCGrantType = iota
OIDCGrantTypeImplicit
OIDCGrantTypeRefreshToken
)
type OIDCApplicationType int32
const (
OIDCApplicationTypeWeb OIDCApplicationType = iota
OIDCApplicationTypeUserAgent
OIDCApplicationTypeNative
)
type OIDCAuthMethodType int32
const (
OIDCAuthMethodTypeBasic OIDCAuthMethodType = iota
OIDCAuthMethodTypePost
OIDCAuthMethodTypeNone
OIDCAuthMethodTypePrivateKeyJWT
)
type Compliance struct {
NoneCompliant bool
Problems []string
}
type OIDCTokenType int32
const (
OIDCTokenTypeBearer OIDCTokenType = iota
OIDCTokenTypeJWT
)
func (c *OIDCApp) IsValid() bool {
grantTypes := c.getRequiredGrantTypes()
for _, grantType := range grantTypes {
ok := containsOIDCGrantType(c.GrantTypes, grantType)
if !ok {
return false
}
}
return true
}
func (c *OIDCApp) getRequiredGrantTypes() []OIDCGrantType {
grantTypes := make([]OIDCGrantType, 0)
implicit := false
for _, r := range c.ResponseTypes {
switch r {
case OIDCResponseTypeCode:
grantTypes = append(grantTypes, OIDCGrantTypeAuthorizationCode)
case OIDCResponseTypeIDToken, OIDCResponseTypeIDTokenToken:
if !implicit {
implicit = true
grantTypes = append(grantTypes, OIDCGrantTypeImplicit)
}
}
}
return grantTypes
}
func containsOIDCGrantType(grantTypes []OIDCGrantType, grantType OIDCGrantType) bool {
for _, gt := range grantTypes {
if gt == grantType {
return true
}
}
return false
}
func (c *OIDCApp) FillCompliance() {
c.Compliance = GetOIDCCompliance(c.OIDCVersion, c.ApplicationType, c.GrantTypes, c.ResponseTypes, c.AuthMethodType, c.RedirectUris)
}
func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
switch version {
case OIDCVersionV1:
return GetOIDCV1Compliance(appType, grantTypes, authMethod, redirectUris)
}
return nil
}
func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
compliance := &Compliance{NoneCompliant: false}
if redirectUris == nil || len(redirectUris) == 0 {
compliance.NoneCompliant = true
compliance.Problems = append([]string{"Application.OIDC.V1.NoRedirectUris"}, compliance.Problems...)
}
if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
CheckRedirectUrisImplicitAndCode(compliance, appType, redirectUris)
} else {
if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) {
CheckRedirectUrisImplicit(compliance, appType, redirectUris)
}
if containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
CheckRedirectUrisCode(compliance, appType, redirectUris)
}
}
switch appType {
case OIDCApplicationTypeNative:
GetOIDCV1NativeApplicationCompliance(compliance, authMethod)
case OIDCApplicationTypeUserAgent:
GetOIDCV1UserAgentApplicationCompliance(compliance, authMethod)
}
if compliance.NoneCompliant {
compliance.Problems = append([]string{"Application.OIDC.V1.NotCompliant"}, compliance.Problems...)
}
return compliance
}
func GetOIDCV1NativeApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
if authMethod != OIDCAuthMethodTypeNone {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.AuthMethodType.NotNone")
}
}
func GetOIDCV1UserAgentApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
if authMethod != OIDCAuthMethodTypeNone {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.UserAgent.AuthMethodType.NotNone")
}
}
func CheckRedirectUrisCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
if urlsAreHttps(redirectUris) {
return
}
if urlContainsPrefix(redirectUris, http) && appType != OIDCApplicationTypeWeb {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
}
if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.CustomOnlyForNative")
}
}
func CheckRedirectUrisImplicit(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
if urlsAreHttps(redirectUris) {
return
}
if containsCustom(redirectUris) {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
}
if urlContainsPrefix(redirectUris, http) {
if appType == OIDCApplicationTypeNative {
if !onlyLocalhostIsHttp(redirectUris) {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.NativeShouldBeHttpLocalhost")
}
return
}
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.HttpNotAllowed")
}
}
func CheckRedirectUrisImplicitAndCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
if urlsAreHttps(redirectUris) {
return
}
if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
}
if (urlContainsPrefix(redirectUris, httpLocalhost) || urlContainsPrefix(redirectUris, httpLocalhost2)) && appType != OIDCApplicationTypeNative {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.HttpLocalhostOnlyForNative")
}
if urlContainsPrefix(redirectUris, http) && !(urlContainsPrefix(redirectUris, httpLocalhost) || urlContainsPrefix(redirectUris, httpLocalhost2)) && appType != OIDCApplicationTypeWeb {
compliance.NoneCompliant = true
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
}
if !compliance.NoneCompliant {
compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.NotAllCombinationsAreAllowed")
}
}
func urlsAreHttps(uris []string) bool {
for _, uri := range uris {
if !strings.HasPrefix(uri, https) {
return false
}
}
return true
}
func urlContainsPrefix(uris []string, prefix string) bool {
for _, uri := range uris {
if strings.HasPrefix(uri, prefix) {
return true
}
}
return false
}
func containsCustom(uris []string) bool {
for _, uri := range uris {
if !strings.HasPrefix(uri, http) && !strings.HasPrefix(uri, https) {
return true
}
}
return false
}
func onlyLocalhostIsHttp(uris []string) bool {
for _, uri := range uris {
if strings.HasPrefix(uri, http) {
if !strings.HasPrefix(uri, httpLocalhost) && !strings.HasPrefix(uri, httpLocalhost2) {
return false
}
}
}
return true
}

150
internal/v2/domain/auth_request.go
View File

@@ -1,150 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/errors"
"golang.org/x/text/language"
"strings"
"time"
)
type AuthRequest struct {
ID string
AgentID string
CreationDate time.Time
ChangeDate time.Time
BrowserInfo *BrowserInfo
ApplicationID string
CallbackURI string
TransferState string
Prompt Prompt
PossibleLOAs []LevelOfAssurance
UiLocales []string
LoginHint string
MaxAuthAge uint32
Request Request
levelOfAssurance LevelOfAssurance
UserID string
LoginName string
DisplayName string
UserOrgID string
RequestedOrgID string
RequestedOrgName string
SelectedIDPConfigID string
LinkingUsers []*ExternalUser
PossibleSteps []NextStep
PasswordVerified bool
MFAsVerified []MFAType
Audience []string
AuthTime time.Time
Code string
LoginPolicy *LoginPolicy
AllowedExternalIDPs []*IDPProvider
}
type ExternalUser struct {
IDPConfigID string
ExternalUserID string
DisplayName string
PreferredUsername string
FirstName string
LastName string
NickName string
Email string
IsEmailVerified bool
PreferredLanguage language.Tag
Phone string
IsPhoneVerified bool
}
type Prompt int32
const (
PromptUnspecified Prompt = iota
PromptNone
PromptLogin
PromptConsent
PromptSelectAccount
)
type LevelOfAssurance int
const (
LevelOfAssuranceNone LevelOfAssurance = iota
)
type MFAType int
const (
MFATypeOTP MFAType = iota
MFATypeU2F
MFATypeU2FUserVerification
)
type MFALevel int
const (
MFALevelNotSetUp MFALevel = iota
MFALevelSecondFactor
MFALevelMultiFactor
MFALevelMultiFactorCertified
)
func NewAuthRequestFromType(requestType AuthRequestType) (*AuthRequest, error) {
request, ok := authRequestTypeMapping[requestType]
if !ok {
return nil, errors.ThrowInvalidArgument(nil, "DOMAIN-ds2kl", "invalid request type")
}
return &AuthRequest{Request: request}, nil
}
func (a *AuthRequest) WithCurrentInfo(info *BrowserInfo) *AuthRequest {
a.BrowserInfo = info
return a
}
func (a *AuthRequest) SetUserInfo(userID, loginName, displayName, userOrgID string) {
a.UserID = userID
a.LoginName = loginName
a.DisplayName = displayName
a.UserOrgID = userOrgID
}
func (a *AuthRequest) MFALevel() MFALevel {
return -1
//PLANNED: check a.PossibleLOAs (and Prompt Login?)
}
func (a *AuthRequest) AppendAudIfNotExisting(aud string) {
for _, a := range a.Audience {
if a == aud {
return
}
}
a.Audience = append(a.Audience, aud)
}
func (a *AuthRequest) GetScopeProjectIDsForAud() []string {
projectIDs := make([]string, 0)
switch request := a.Request.(type) {
case *AuthRequestOIDC:
for _, scope := range request.Scopes {
if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
projectIDs = append(projectIDs, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
}
}
}
return projectIDs
}
func (a *AuthRequest) GetScopeOrgPrimaryDomain() string {
switch request := a.Request.(type) {
case *AuthRequestOIDC:
for _, scope := range request.Scopes {
if strings.HasPrefix(scope, OrgDomainPrimaryScope) {
return strings.TrimPrefix(scope, OrgDomainPrimaryScope)
}
}
}
return ""
}

86
internal/v2/domain/authn_key.go
View File

@@ -1,86 +0,0 @@
package domain
import (
"time"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
)
var (
//most of us won't survive until 12-31-9999 23:59:59, maybe ZITADEL does
defaultExpDate = time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC)
)
type AuthNKey interface {
}
type authNKey interface {
setPublicKey([]byte)
setPrivateKey([]byte)
expirationDate() time.Time
setExpirationDate(time.Time)
}
type AuthNKeyType int32
const (
AuthNKeyTypeNONE = iota
AuthNKeyTypeJSON
keyCount
)
func (k AuthNKeyType) Valid() bool {
return k >= 0 && k < keyCount
}
func (key *MachineKey) GenerateNewMachineKeyPair(keySize int) error {
privateKey, publicKey, err := crypto.GenerateKeyPair(keySize)
if err != nil {
return err
}
key.PublicKey, err = crypto.PublicKeyToBytes(publicKey)
if err != nil {
return err
}
key.PrivateKey = crypto.PrivateKeyToBytes(privateKey)
return nil
}
func EnsureValidExpirationDate(key authNKey) error {
if key.expirationDate().IsZero() {
key.setExpirationDate(defaultExpDate)
}
if key.expirationDate().Before(time.Now()) {
return errors.ThrowInvalidArgument(nil, "AUTHN-dv3t5", "Errors.AuthNKey.ExpireBeforeNow")
}
return nil
}
func SetNewAuthNKeyPair(key authNKey, keySize int) error {
privateKey, publicKey, err := NewAuthNKeyPair(keySize)
if err != nil {
return err
}
key.setPrivateKey(privateKey)
key.setPublicKey(publicKey)
return nil
}
func NewAuthNKeyPair(keySize int) (privateKey, publicKey []byte, err error) {
private, public, err := crypto.GenerateKeyPair(keySize)
if err != nil {
logging.Log("AUTHN-Ud51I").WithError(err).Error("unable to create authn key pair")
return nil, nil, errors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret")
}
publicKey, err = crypto.PublicKeyToBytes(public)
if err != nil {
logging.Log("AUTHN-Dbb35").WithError(err).Error("unable to convert public key")
return nil, nil, errors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret")
}
privateKey = crypto.PrivateKeyToBytes(private)
return privateKey, publicKey, nil
}

22
internal/v2/domain/browser_info.go
View File

@@ -1,22 +0,0 @@
package domain
import (
"net"
net_http "net/http"
http_util "github.com/caos/zitadel/internal/api/http"
)
type BrowserInfo struct {
UserAgent string
AcceptLanguage string
RemoteIP net.IP
}
func BrowserInfoFromRequest(r *net_http.Request) *BrowserInfo {
return &BrowserInfo{
UserAgent: r.Header.Get(http_util.UserAgentHeader),
AcceptLanguage: r.Header.Get(http_util.AcceptLanguage),
RemoteIP: http_util.RemoteIPFromRequest(r),
}
}

30
internal/v2/domain/factors.go
View File

@@ -1,30 +0,0 @@
package domain
type SecondFactorType int32
const (
SecondFactorTypeUnspecified SecondFactorType = iota
SecondFactorTypeOTP
SecondFactorTypeU2F
)
type MultiFactorType int32
const (
MultiFactorTypeUnspecified MultiFactorType = iota
MultiFactorTypeU2FWithPIN
)
type FactorState int32
const (
FactorStateUnspecified FactorState = iota
FactorStateActive
FactorStateRemoved
factorStateCount
)
func (f FactorState) Valid() bool {
return f >= 0 && f < factorStateCount
}

110
internal/v2/domain/human.go
View File

@@ -1,110 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
caos_errors "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"strings"
"time"
)
type Human struct {
es_models.ObjectRoot
Username string
State UserState
*Password
*Profile
*Email
*Phone
*Address
ExternalIDPs []*ExternalIDP
OTP *OTP
U2FTokens []*WebAuthNToken
PasswordlessTokens []*WebAuthNToken
U2FLogins []*WebAuthNLogin
PasswordlessLogins []*WebAuthNLogin
}
func (h Human) GetUsername() string {
return h.Username
}
func (h Human) GetState() UserState {
return h.State
}
type InitUserCode struct {
es_models.ObjectRoot
Code *crypto.CryptoValue
Expiry time.Duration
}
type Gender int32
const (
GenderUnspecified Gender = iota
GenderFemale
GenderMale
GenderDiverse
genderCount
)
func (f Gender) Valid() bool {
return f >= 0 && f < genderCount
}
func (u *Human) IsValid() bool {
return u.Profile != nil && u.FirstName != "" && u.LastName != "" && u.Email != nil && u.Email.IsValid() && u.Phone == nil || (u.Phone != nil && u.Phone.PhoneNumber != "" && u.Phone.IsValid())
}
func (u *Human) CheckOrgIAMPolicy(policy *OrgIAMPolicy) error {
if policy == nil {
return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.OrgIamPolicyNil")
}
if policy.UserLoginMustBeDomain && strings.Contains(u.Username, "@") {
return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-se4sJ", "Errors.User.EmailAsUsernameNotAllowed")
}
if !policy.UserLoginMustBeDomain && u.Profile != nil && u.Username == "" && u.Email != nil {
u.Username = u.EmailAddress
}
return nil
}
func (u *Human) SetNamesAsDisplayname() {
if u.Profile != nil && u.DisplayName == "" && u.FirstName != "" && u.LastName != "" {
u.DisplayName = u.FirstName + " " + u.LastName
}
}
func (u *Human) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
if u.Password != nil {
u.Password.ChangeRequired = onetime
return u.Password.HashPasswordIfExisting(policy, passwordAlg)
}
return nil
}
func (u *Human) IsInitialState() bool {
return u.Email == nil || !u.IsEmailVerified || (u.ExternalIDPs == nil || len(u.ExternalIDPs) == 0) && (u.Password == nil || u.SecretString == "")
}
func NewInitUserCode(generator crypto.Generator) (*InitUserCode, error) {
initCodeCrypto, _, err := crypto.NewCode(generator)
if err != nil {
return nil, err
}
return &InitUserCode{
Code: initCodeCrypto,
Expiry: generator.Expiry(),
}, nil
}
func GenerateLoginName(username, domain string, appendDomain bool) string {
if !appendDomain {
return username
}
return username + "@" + domain
}

27
internal/v2/domain/human_address.go
View File

@@ -1,27 +0,0 @@
package domain
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type Address struct {
es_models.ObjectRoot
Country string
Locality string
PostalCode string
Region string
StreetAddress string
}
type AddressState int32
const (
AddressStateUnspecified AddressState = iota
AddressStateActive
AddressStateRemoved
addressStateCount
)
func (s AddressState) Valid() bool {
return s >= 0 && s < addressStateCount
}

36
internal/v2/domain/human_email.go
View File

@@ -1,36 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"time"
)
type Email struct {
es_models.ObjectRoot
EmailAddress string
IsEmailVerified bool
}
type EmailCode struct {
es_models.ObjectRoot
Code *crypto.CryptoValue
Expiry time.Duration
}
func (e *Email) IsValid() bool {
return e.EmailAddress != ""
}
func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, error) {
emailCodeCrypto, _, err := crypto.NewCode(emailGenerator)
if err != nil {
return nil, err
}
return &EmailCode{
Code: emailCodeCrypto,
Expiry: emailGenerator.Expiry(),
}, nil
}

29
internal/v2/domain/human_external_idp.go
View File

@@ -1,29 +0,0 @@
package domain
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type ExternalIDP struct {
es_models.ObjectRoot
IDPConfigID string
ExternalUserID string
DisplayName string
}
func (idp *ExternalIDP) IsValid() bool {
return idp.AggregateID != "" && idp.IDPConfigID != "" && idp.ExternalUserID != ""
}
type ExternalIDPState int32
const (
ExternalIDPStateUnspecified ExternalIDPState = iota
ExternalIDPStateActive
ExternalIDPStateRemoved
externalIDPStateCount
)
func (s ExternalIDPState) Valid() bool {
return s >= 0 && s < externalIDPStateCount
}

43
internal/v2/domain/human_otp.go
View File

@@ -1,43 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/pquerna/otp"
"github.com/pquerna/otp/totp"
)
type OTP struct {
es_models.ObjectRoot
Secret *crypto.CryptoValue
SecretString string
Url string
State MFAState
}
func NewOTPKey(issuer, accountName string, cryptoAlg crypto.EncryptionAlgorithm) (*otp.Key, *crypto.CryptoValue, error) {
key, err := totp.Generate(totp.GenerateOpts{Issuer: issuer, AccountName: accountName})
if err != nil {
return nil, nil, err
}
encryptedSecret, err := crypto.Encrypt([]byte(key.Secret()), cryptoAlg)
if err != nil {
return nil, nil, err
}
return key, encryptedSecret, nil
}
func VerifyMFAOTP(code string, secret *crypto.CryptoValue, cryptoAlg crypto.EncryptionAlgorithm) error {
decrypt, err := crypto.DecryptString(secret, cryptoAlg)
if err != nil {
return err
}
valid := totp.Validate(code, decrypt)
if !valid {
return caos_errs.ThrowInvalidArgument(nil, "EVENT-8isk2", "Errors.User.MFA.OTP.InvalidCode")
}
return nil
}

59
internal/v2/domain/human_password.go
View File

@@ -1,59 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"time"
)
type Password struct {
es_models.ObjectRoot
SecretString string
SecretCrypto *crypto.CryptoValue
ChangeRequired bool
}
func NewPassword(password string) *Password {
return &Password{
SecretString: password,
}
}
type PasswordCode struct {
es_models.ObjectRoot
Code *crypto.CryptoValue
Expiry time.Duration
NotificationType NotificationType
}
func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm) error {
if p.SecretString == "" {
return nil
}
if policy == nil {
return caos_errs.ThrowPreconditionFailed(nil, "DOMAIN-s8ifS", "Errors.User.PasswordComplexityPolicy.NotFound")
}
if err := policy.Check(p.SecretString); err != nil {
return err
}
secret, err := crypto.Hash([]byte(p.SecretString), passwordAlg)
if err != nil {
return err
}
p.SecretCrypto = secret
return nil
}
func NewPasswordCode(passwordGenerator crypto.Generator) (*PasswordCode, error) {
passwordCodeCrypto, _, err := crypto.NewCode(passwordGenerator)
if err != nil {
return nil, err
}
return &PasswordCode{
Code: passwordCodeCrypto,
Expiry: passwordGenerator.Expiry(),
}, nil
}

66
internal/v2/domain/human_phone.go
View File

@@ -1,66 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/ttacon/libphonenumber"
"time"
)
const (
defaultRegion = "CH"
)
type Phone struct {
es_models.ObjectRoot
PhoneNumber string
IsPhoneVerified bool
}
type PhoneCode struct {
es_models.ObjectRoot
Code *crypto.CryptoValue
Expiry time.Duration
}
func (p *Phone) IsValid() bool {
err := p.formatPhone()
return p.PhoneNumber != "" && err == nil
}
func (p *Phone) formatPhone() error {
phoneNr, err := libphonenumber.Parse(p.PhoneNumber, defaultRegion)
if err != nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-so0wa", "Errors.User.Phone.Invalid")
}
p.PhoneNumber = libphonenumber.Format(phoneNr, libphonenumber.E164)
return nil
}
func NewPhoneCode(phoneGenerator crypto.Generator) (*PhoneCode, error) {
phoneCodeCrypto, _, err := crypto.NewCode(phoneGenerator)
if err != nil {
return nil, err
}
return &PhoneCode{
Code: phoneCodeCrypto,
Expiry: phoneGenerator.Expiry(),
}, nil
}
type PhoneState int32
const (
PhoneStateUnspecified PhoneState = iota
PhoneStateActive
PhoneStateRemoved
phoneStateCount
)
func (s PhoneState) Valid() bool {
return s >= 0 && s < phoneStateCount
}

23
internal/v2/domain/human_profile.go
View File

@@ -1,23 +0,0 @@
package domain
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
"golang.org/x/text/language"
)
type Profile struct {
es_models.ObjectRoot
FirstName string
LastName string
NickName string
DisplayName string
PreferredLanguage language.Tag
Gender Gender
PreferredLoginName string
LoginNames []string
}
func (p *Profile) IsValid() bool {
return p.FirstName != "" && p.LastName != ""
}

69
internal/v2/domain/human_web_auth_n.go
View File

@@ -1,69 +0,0 @@
package domain
import (
"bytes"
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type WebAuthNToken struct {
es_models.ObjectRoot
WebAuthNTokenID string
CredentialCreationData []byte
State MFAState
Challenge string
AllowedCredentialIDs [][]byte
UserVerification UserVerificationRequirement
KeyID []byte
PublicKey []byte
AttestationType string
AAGUID []byte
SignCount uint32
WebAuthNTokenName string
}
type WebAuthNLogin struct {
es_models.ObjectRoot
CredentialAssertionData []byte
Challenge string
AllowedCredentialIDs [][]byte
UserVerification UserVerificationRequirement
//TODO: Add Auth Request
//*model.AuthRequest
}
type UserVerificationRequirement int32
const (
UserVerificationRequirementUnspecified UserVerificationRequirement = iota
UserVerificationRequirementRequired
UserVerificationRequirementPreferred
UserVerificationRequirementDiscouraged
)
type AuthenticatorAttachment int32
const (
AuthenticatorAttachmentUnspecified AuthenticatorAttachment = iota
AuthenticatorAttachmentPlattform
AuthenticatorAttachmentCrossPlattform
)
func GetTokenToVerify(tokens []*WebAuthNToken) (int, *WebAuthNToken) {
for i, u2f := range tokens {
if u2f.State == MFAStateNotReady {
return i, u2f
}
}
return -1, nil
}
func GetTokenByKeyID(tokens []*WebAuthNToken, keyID []byte) (int, *WebAuthNToken) {
for i, token := range tokens {
if bytes.Compare(token.KeyID, keyID) == 0 {
return i, token
}
}
return -1, nil
}

26
internal/v2/domain/iam.go
View File

@@ -1,26 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
const (
IAMID = "IAM"
)
type IAM struct {
models.ObjectRoot
GlobalOrgID string
IAMProjectID string
SetUpDone Step
SetUpStarted Step
Members []*Member
IDPs []*IDPConfig
DefaultLoginPolicy *LoginPolicy
DefaultLabelPolicy *LabelPolicy
DefaultOrgIAMPolicy *OrgIAMPolicy
DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
DefaultPasswordAgePolicy *PasswordAgePolicy
DefaultPasswordLockoutPolicy *PasswordLockoutPolicy
}

100
internal/v2/domain/idp_config.go
View File

@@ -1,100 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"time"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
Type IDPConfigType
Name string
StylingType IDPConfigStylingType
State IDPConfigState
OIDCConfig *OIDCIDPConfig
}
type IDPConfigView struct {
AggregateID string
IDPConfigID string
Name string
StylingType IDPConfigStylingType
State IDPConfigState
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
IDPProviderType IdentityProviderType
IsOIDC bool
OIDCClientID string
OIDCClientSecret *crypto.CryptoValue
OIDCIssuer string
OIDCScopes []string
OIDCIDPDisplayNameMapping OIDCMappingField
OIDCUsernameMapping OIDCMappingField
}
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
ClientID string
ClientSecret *crypto.CryptoValue
ClientSecretString string
Issuer string
Scopes []string
IDPDisplayNameMapping OIDCMappingField
UsernameMapping OIDCMappingField
}
type IDPConfigType int32
const (
IDPConfigTypeOIDC IDPConfigType = iota
IDPConfigTypeSAML
//count is for validation
idpConfigTypeCount
)
func (f IDPConfigType) Valid() bool {
return f >= 0 && f < idpConfigTypeCount
}
type IDPConfigState int32
const (
IDPConfigStateUnspecified IDPConfigState = iota
IDPConfigStateActive
IDPConfigStateInactive
IDPConfigStateRemoved
idpConfigStateCount
)
func (f IDPConfigState) Valid() bool {
return f >= 0 && f < idpConfigStateCount
}
type IDPConfigStylingType int32
const (
IDPConfigStylingTypeUnspecified IDPConfigStylingType = iota
IDPConfigStylingTypeGoogle
idpConfigStylingTypeCount
)
func (f IDPConfigStylingType) Valid() bool {
return f >= 0 && f < idpConfigStylingTypeCount
}
func (st IDPConfigStylingType) GetCSSClass() string {
switch st {
case IDPConfigStylingTypeGoogle:
return "google"
default:
return ""
}
}

45
internal/v2/domain/key_pair.go
View File

@@ -1,45 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"time"
)
type KeyPair struct {
es_models.ObjectRoot
Usage KeyUsage
Algorithm string
PrivateKey *Key
PublicKey *Key
}
type KeyUsage int32
const (
KeyUsageSigning KeyUsage = iota
)
func (u KeyUsage) String() string {
switch u {
case KeyUsageSigning:
return "sig"
}
return ""
}
type Key struct {
Key *crypto.CryptoValue
Expiry time.Time
}
func (k *KeyPair) IsValid() bool {
return k.Algorithm != "" &&
k.PrivateKey != nil && k.PrivateKey.IsValid() &&
k.PublicKey != nil && k.PublicKey.IsValid()
}
func (k *Key) IsValid() bool {
return k.Key != nil
}

24
internal/v2/domain/machine.go
View File

@@ -1,24 +0,0 @@
package domain
import "github.com/caos/zitadel/internal/eventstore/models"
type Machine struct {
models.ObjectRoot
Username string
State UserState
Name string
Description string
}
func (m Machine) GetUsername() string {
return m.Username
}
func (m Machine) GetState() UserState {
return m.State
}
func (sa *Machine) IsValid() bool {
return sa.Name != ""
}

47
internal/v2/domain/machine_key.go
View File

@@ -1,47 +0,0 @@
package domain
import (
"time"
"github.com/caos/zitadel/internal/eventstore/models"
)
type MachineKey struct {
models.ObjectRoot
KeyID string
Type AuthNKeyType
ExpirationDate time.Time
PrivateKey []byte
PublicKey []byte
}
func (key *MachineKey) setPublicKey(publicKey []byte) {
key.PublicKey = publicKey
}
func (key *MachineKey) setPrivateKey(privateKey []byte) {
key.PrivateKey = privateKey
}
func (key *MachineKey) expirationDate() time.Time {
return key.ExpirationDate
}
func (key *MachineKey) setExpirationDate(expiration time.Time) {
key.ExpirationDate = expiration
}
type MachineKeyState int32
const (
MachineKeyStateUnspecified MachineKeyState = iota
MachineKeyStateActive
MachineKeyStateRemoved
machineKeyStateCount
)
func (f MachineKeyState) Valid() bool {
return f >= 0 && f < machineKeyStateCount
}

40
internal/v2/domain/member.go
View File

@@ -1,40 +0,0 @@
package domain
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type Member struct {
es_models.ObjectRoot
UserID string
Roles []string
}
func NewMember(aggregateID, userID string, roles ...string) *Member {
return &Member{
ObjectRoot: es_models.ObjectRoot{
AggregateID: aggregateID,
},
UserID: userID,
Roles: roles,
}
}
func (i *Member) IsValid() bool {
return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0
}
type MemberState int32
const (
MemberStateUnspecified MemberState = iota
MemberStateActive
MemberStateRemoved
memberStateCount
)
func (f MemberState) Valid() bool {
return f >= 0 && f < memberStateCount
}

16
internal/v2/domain/mfa.go
View File

@@ -1,16 +0,0 @@
package domain
type MFAState int32
const (
MFAStateUnspecified MFAState = iota
MFAStateNotReady
MFAStateReady
MFAStateRemoved
stateCount
)
func (f MFAState) Valid() bool {
return f >= 0 && f < stateCount
}

149
internal/v2/domain/next_step.go
View File

@@ -1,149 +0,0 @@
package domain
type NextStep interface {
Type() NextStepType
}
type NextStepType int32
const (
NextStepUnspecified NextStepType = iota
NextStepLogin
NextStepUserSelection
NextStepInitUser
NextStepPassword
NextStepChangePassword
NextStepInitPassword
NextStepVerifyEmail
NextStepMFAPrompt
NextStepMFAVerify
NextStepRedirectToCallback
NextStepChangeUsername
NextStepLinkUsers
NextStepExternalNotFoundOption
NextStepExternalLogin
NextStepGrantRequired
NextStepPasswordless
)
type LoginStep struct{}
func (s *LoginStep) Type() NextStepType {
return NextStepLogin
}
type SelectUserStep struct {
Users []UserSelection
}
func (s *SelectUserStep) Type() NextStepType {
return NextStepUserSelection
}
type UserSelection struct {
UserID string
DisplayName string
LoginName string
UserSessionState UserSessionState
SelectionPossible bool
}
type UserSessionState int32
const (
UserSessionStateActive UserSessionState = iota
UserSessionStateTerminated
)
type InitUserStep struct {
PasswordSet bool
}
func (s *InitUserStep) Type() NextStepType {
return NextStepInitUser
}
type ExternalNotFoundOptionStep struct{}
func (s *ExternalNotFoundOptionStep) Type() NextStepType {
return NextStepExternalNotFoundOption
}
type PasswordStep struct{}
func (s *PasswordStep) Type() NextStepType {
return NextStepPassword
}
type ExternalLoginStep struct {
SelectedIDPConfigID string
}
func (s *ExternalLoginStep) Type() NextStepType {
return NextStepExternalLogin
}
type PasswordlessStep struct{}
func (s *PasswordlessStep) Type() NextStepType {
return NextStepPasswordless
}
type ChangePasswordStep struct{}
func (s *ChangePasswordStep) Type() NextStepType {
return NextStepChangePassword
}
type InitPasswordStep struct{}
func (s *InitPasswordStep) Type() NextStepType {
return NextStepInitPassword
}
type ChangeUsernameStep struct{}
func (s *ChangeUsernameStep) Type() NextStepType {
return NextStepChangeUsername
}
type VerifyEMailStep struct{}
func (s *VerifyEMailStep) Type() NextStepType {
return NextStepVerifyEmail
}
type MFAPromptStep struct {
Required bool
MFAProviders []MFAType
}
func (s *MFAPromptStep) Type() NextStepType {
return NextStepMFAPrompt
}
type MFAVerificationStep struct {
MFAProviders []MFAType
}
func (s *MFAVerificationStep) Type() NextStepType {
return NextStepMFAVerify
}
type LinkUsersStep struct{}
func (s *LinkUsersStep) Type() NextStepType {
return NextStepLinkUsers
}
type GrantRequiredStep struct{}
func (s *GrantRequiredStep) Type() NextStepType {
return NextStepGrantRequired
}
type RedirectToCallbackStep struct{}
func (s *RedirectToCallbackStep) Type() NextStepType {
return NextStepRedirectToCallback
}

14
internal/v2/domain/notification.go
View File

@@ -1,14 +0,0 @@
package domain
type NotificationType int32
const (
NotificationTypeEmail NotificationType = iota
NotificationTypeSms
notificationCount
)
func (f NotificationType) Valid() bool {
return f >= 0 && f < notificationCount
}

17
internal/v2/domain/oidc_code_challenge.go
View File

@@ -1,17 +0,0 @@
package domain
type OIDCCodeChallenge struct {
Challenge string
Method OIDCCodeChallengeMethod
}
func (c *OIDCCodeChallenge) IsValid() bool {
return c.Challenge != ""
}
type OIDCCodeChallengeMethod int32
const (
CodeChallengeMethodPlain OIDCCodeChallengeMethod = iota
CodeChallengeMethodS256
)

15
internal/v2/domain/oidc_mapping_field.go
View File

@@ -1,15 +0,0 @@
package domain
type OIDCMappingField int32
const (
OIDCMappingFieldUnspecified OIDCMappingField = iota
OIDCMappingFieldPreferredLoginName
OIDCMappingFieldEmail
// count is for validation purposes
oidcMappingFieldCount
)
func (f OIDCMappingField) Valid() bool {
return f > 0 && f < oidcMappingFieldCount
}

46
internal/v2/domain/org.go
View File

@@ -1,46 +0,0 @@
package domain
import (
"strings"
"github.com/caos/zitadel/internal/eventstore/models"
)
type Org struct {
models.ObjectRoot
State OrgState
Name string
PrimaryDomain string
Domains []*OrgDomain
Members []*Member
OrgIamPolicy *OrgIAMPolicy
LoginPolicy *LoginPolicy
LabelPolicy *LabelPolicy
PasswordComplexityPolicy *PasswordComplexityPolicy
PasswordAgePolicy *PasswordAgePolicy
PasswordLockoutPolicy *PasswordLockoutPolicy
IDPs []*IDPConfig
}
func (o *Org) IsValid() bool {
return o.Name != ""
}
func (o *Org) AddIAMDomain(iamDomain string) {
o.Domains = append(o.Domains, &OrgDomain{Domain: o.nameForDomain(iamDomain), Verified: true, Primary: true})
}
func (o *Org) nameForDomain(iamDomain string) string {
return strings.ToLower(strings.ReplaceAll(o.Name, " ", "-") + "." + iamDomain)
}
type OrgState int32
const (
OrgStateUnspecified OrgState = iota
OrgStateActive
OrgStateInactive
OrgStateRemoved
)

63
internal/v2/domain/org_domain.go
View File

@@ -1,63 +0,0 @@
package domain
import (
http_util "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/models"
)
type OrgDomain struct {
models.ObjectRoot
Domain string
Primary bool
Verified bool
ValidationType OrgDomainValidationType
ValidationCode *crypto.CryptoValue
}
func (domain *OrgDomain) IsValid() bool {
return domain.AggregateID != "" && domain.Domain != ""
}
func (domain *OrgDomain) GenerateVerificationCode(codeGenerator crypto.Generator) (string, error) {
validationCodeCrypto, validationCode, err := crypto.NewCode(codeGenerator)
if err != nil {
return "", err
}
domain.ValidationCode = validationCodeCrypto
return validationCode, nil
}
type OrgDomainValidationType int32
const (
OrgDomainValidationTypeUnspecified OrgDomainValidationType = iota
OrgDomainValidationTypeHTTP
OrgDomainValidationTypeDNS
)
func (t OrgDomainValidationType) CheckType() (http_util.CheckType, bool) {
switch t {
case OrgDomainValidationTypeHTTP:
return http_util.CheckTypeHTTP, true
case OrgDomainValidationTypeDNS:
return http_util.CheckTypeDNS, true
default:
return -1, false
}
}
type OrgDomainState int32
const (
OrgDomainStateUnspecified OrgDomainState = iota
OrgDomainStateActive
OrgDomainStateRemoved
orgDomainStateCount
)
func (f OrgDomainState) Valid() bool {
return f >= 0 && f < orgDomainStateCount
}

15
internal/v2/domain/policy.go
View File

@@ -1,15 +0,0 @@
package domain
type PolicyState int32
const (
PolicyStateUnspecified PolicyState = iota
PolicyStateActive
PolicyStateRemoved
policyStateCount
)
func (f PolicyState) Valid() bool {
return f >= 0 && f < policyStateCount
}

13
internal/v2/domain/policy_label.go
View File

@@ -1,13 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type LabelPolicy struct {
models.ObjectRoot
Default bool
PrimaryColor string
SecondaryColor string
}

49
internal/v2/domain/policy_login.go
View File

@@ -1,49 +0,0 @@
package domain
import "github.com/caos/zitadel/internal/eventstore/models"
type LoginPolicy struct {
models.ObjectRoot
Default bool
AllowUsernamePassword bool
AllowRegister bool
AllowExternalIDP bool
IDPProviders []*IDPProvider
ForceMFA bool
SecondFactors []SecondFactorType
MultiFactors []MultiFactorType
PasswordlessType PasswordlessType
}
type IDPProvider struct {
models.ObjectRoot
Type IdentityProviderType
IDPConfigID string
Name string
StylingType IDPConfigStylingType
IDPConfigType IDPConfigType
IDPState IDPConfigState
}
type PasswordlessType int32
const (
PasswordlessTypeNotAllowed PasswordlessType = iota
PasswordlessTypeAllowed
passwordlessCount
)
func (f PasswordlessType) Valid() bool {
return f >= 0 && f < passwordlessCount
}
func (p *LoginPolicy) HasSecondFactors() bool {
return len(p.SecondFactors) > 0
}
func (p *LoginPolicy) HasMultiFactors() bool {
return len(p.MultiFactors) > 0
}

15
internal/v2/domain/policy_mail_template.go
View File

@@ -1,15 +0,0 @@
package domain
import "github.com/caos/zitadel/internal/eventstore/models"
type MailTemplate struct {
models.ObjectRoot
State PolicyState
Default bool
Template []byte
}
func (m *MailTemplate) IsValid() bool {
return m.Template != nil
}

22
internal/v2/domain/policy_mail_text.go
View File

@@ -1,22 +0,0 @@
package domain
import "github.com/caos/zitadel/internal/eventstore/models"
type MailText struct {
models.ObjectRoot
State PolicyState
Default bool
MailTextType string
Language string
Title string
PreHeader string
Subject string
Greeting string
Text string
ButtonText string
}
func (m *MailText) IsValid() bool {
return m.MailTextType != "" && m.Language != "" && m.Title != "" && m.PreHeader != "" && m.Subject != "" && m.Greeting != "" && m.Text != "" && m.ButtonText != ""
}

12
internal/v2/domain/policy_org_iam.go
View File

@@ -1,12 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type OrgIAMPolicy struct {
models.ObjectRoot
UserLoginMustBeDomain bool
Default bool
}

12
internal/v2/domain/policy_password_age.go
View File

@@ -1,12 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type PasswordAgePolicy struct {
models.ObjectRoot
MaxAgeDays uint64
ExpireWarnDays uint64
}

56
internal/v2/domain/policy_password_complexity.go
View File

@@ -1,56 +0,0 @@
package domain
import (
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"regexp"
)
var (
hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString
hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString
hasNumber = regexp.MustCompile(`[0-9]`).MatchString
hasSymbol = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString
)
type PasswordComplexityPolicy struct {
models.ObjectRoot
MinLength uint64
HasLowercase bool
HasUppercase bool
HasNumber bool
HasSymbol bool
Default bool
}
func (p *PasswordComplexityPolicy) IsValid() error {
if p.MinLength == 0 || p.MinLength > 72 {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed")
}
return nil
}
func (p *PasswordComplexityPolicy) Check(password string) error {
if p.MinLength != 0 && uint64(len(password)) < p.MinLength {
return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength")
}
if p.HasLowercase && !hasStringLowerCase(password) {
return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower")
}
if p.HasUppercase && !hasStringUpperCase(password) {
return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")
}
if p.HasNumber && !hasNumber(password) {
return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber")
}
if p.HasSymbol && !hasSymbol(password) {
return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol")
}
return nil
}

12
internal/v2/domain/policy_password_lockout.go
View File

@@ -1,12 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type PasswordLockoutPolicy struct {
models.ObjectRoot
MaxAttempts uint64
ShowLockOutFailures bool
}

31
internal/v2/domain/project.go
View File

@@ -1,31 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type Project struct {
models.ObjectRoot
State ProjectState
Name string
Members []*Member
Roles []*ProjectRole
//Applications []*Application
//Grants []*ProjectGrant
ProjectRoleAssertion bool
ProjectRoleCheck bool
}
type ProjectState int32
const (
ProjectStateUnspecified ProjectState = iota
ProjectStateActive
ProjectStateInactive
ProjectStateRemoved
)
func (o *Project) IsValid() bool {
return o.Name != ""
}

49
internal/v2/domain/project_grant.go
View File

@@ -1,49 +0,0 @@
package domain
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type ProjectGrant struct {
es_models.ObjectRoot
GrantID string
GrantedOrgID string
State ProjectGrantState
RoleKeys []string
}
type ProjectGrantIDs struct {
ProjectID string
GrantID string
}
type ProjectGrantState int32
const (
ProjectGrantStateUnspecified ProjectGrantState = iota
ProjectGrantStateActive
ProjectGrantStateInactive
ProjectGrantStateRemoved
)
func (p *ProjectGrant) IsValid() bool {
return p.GrantedOrgID != ""
}
func GetRemovedRoles(existingRoles, newRoles []string) []string {
removed := make([]string, 0)
for _, role := range existingRoles {
if !containsKey(newRoles, role) {
removed = append(removed, role)
}
}
return removed
}
func containsKey(roles []string, key string) bool {
for _, role := range roles {
if role == key {
return true
}
}
return false
}

28
internal/v2/domain/project_grant_member.go
View File

@@ -1,28 +0,0 @@
package domain
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type ProjectGrantMember struct {
es_models.ObjectRoot
GrantID string
UserID string
Roles []string
}
func NewProjectGrantMember(aggregateID, userID, grantID string, roles ...string) *ProjectGrantMember {
return &ProjectGrantMember{
ObjectRoot: es_models.ObjectRoot{
AggregateID: aggregateID,
},
GrantID: grantID,
UserID: userID,
Roles: roles,
}
}
func (i *ProjectGrantMember) IsValid() bool {
return i.AggregateID != "" && i.GrantID != "" && i.UserID != "" && len(i.Roles) != 0
}

29
internal/v2/domain/project_role.go
View File

@@ -1,29 +0,0 @@
package domain
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type ProjectRole struct {
models.ObjectRoot
Key string
DisplayName string
Group string
}
type ProjectRoleState int32
const (
ProjectRoleStateUnspecified ProjectRoleState = iota
ProjectRoleStateActive
ProjectRoleStateRemoved
)
func NewProjectRole(projectID, key string) *ProjectRole {
return &ProjectRole{ObjectRoot: models.ObjectRoot{AggregateID: projectID}, Key: key}
}
func (p *ProjectRole) IsValid() bool {
return p.AggregateID != "" && p.Key != ""
}

28
internal/v2/domain/provider.go
View File

@@ -1,28 +0,0 @@
package domain
type IdentityProviderType int8
const (
IdentityProviderTypeSystem IdentityProviderType = iota
IdentityProviderTypeOrg
identityProviderCount
)
func (f IdentityProviderType) Valid() bool {
return f >= 0 && f < identityProviderCount
}
type IdentityProviderState int32
const (
IdentityProviderStateUnspecified IdentityProviderState = iota
IdentityProviderStateActive
IdentityProviderStateRemoved
idpProviderState
)
func (s IdentityProviderState) Valid() bool {
return s >= 0 && s < idpProviderState
}

54
internal/v2/domain/request.go
View File

@@ -1,54 +0,0 @@
package domain
const (
OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
ProjectIDScope = "urn:zitadel:iam:org:project:id:"
AudSuffix = ":aud"
)
//TODO: Change AuthRequest to interface and let oidcauthreqesut implement it
type Request interface {
Type() AuthRequestType
IsValid() bool
}
type AuthRequestType int32
var (
authRequestTypeMapping = map[AuthRequestType]Request{
AuthRequestTypeOIDC: &AuthRequestOIDC{},
}
)
const (
AuthRequestTypeOIDC AuthRequestType = iota
AuthRequestTypeSAML
)
type AuthRequestOIDC struct {
Scopes []string
ResponseType OIDCResponseType
Nonce string
CodeChallenge *OIDCCodeChallenge
}
func (a *AuthRequestOIDC) Type() AuthRequestType {
return AuthRequestTypeOIDC
}
func (a *AuthRequestOIDC) IsValid() bool {
return len(a.Scopes) > 0 &&
a.CodeChallenge == nil || a.CodeChallenge != nil && a.CodeChallenge.IsValid()
}
type AuthRequestSAML struct {
}
func (a *AuthRequestSAML) Type() AuthRequestType {
return AuthRequestTypeSAML
}
func (a *AuthRequestSAML) IsValid() bool {
return true
}

9
internal/v2/domain/roles.go
View File

@@ -1,9 +0,0 @@
package domain
const (
RoleOrgOwner = "ORG_OWNER"
RoleOrgProjectCreator = "ORG_PROJECT_CREATOR"
RoleIAMOwner = "IAM_OWNER"
RoleProjectOwner = "PROJECT_OWNER"
RoleProjectOwnerGlobal = "PROJECT_OWNER_GLOBAL"
)

19
internal/v2/domain/step.go
View File

@@ -1,19 +0,0 @@
package domain
type Step int
const (
Step1 Step = iota + 1
Step2
Step3
Step4
Step5
Step6
Step7
Step8
Step9
Step10
Step11
//StepCount marks the the length of possible steps (StepCount-1 == last possible step)
StepCount
)

28
internal/v2/domain/token.go
View File

@@ -1,28 +0,0 @@
package domain
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
"strings"
"time"
)
type Token struct {
es_models.ObjectRoot
TokenID string
ApplicationID string
UserAgentID string
Audience []string
Expiration time.Time
Scopes []string
PreferredLanguage string
}
func AddAudScopeToAudience(audience, scopes []string) []string {
for _, scope := range scopes {
if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
audience = append(audience, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
}
}
return audience
}

9
internal/v2/domain/unique_constraint_migration.go
View File

@@ -1,9 +0,0 @@
package domain
type UniqueConstraintMigration struct {
AggregateID string
ObjectID string
UniqueType string
UniqueField string
ErrorMessage string
}

24
internal/v2/domain/user.go
View File

@@ -1,24 +0,0 @@
package domain
type User interface {
GetUsername() string
GetState() UserState
}
type UserState int32
const (
UserStateUnspecified UserState = iota
UserStateActive
UserStateInactive
UserStateDeleted
UserStateLocked
UserStateSuspend
UserStateInitial
userStateCount
)
func (f UserState) Valid() bool {
return f >= 0 && f < userStateCount
}

26
internal/v2/domain/user_grant.go
View File

@@ -1,26 +0,0 @@
package domain
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type UserGrant struct {
es_models.ObjectRoot
State UserGrantState
UserID string
ProjectID string
ProjectGrantID string
RoleKeys []string
}
type UserGrantState int32
const (
UserGrantStateUnspecified UserGrantState = iota
UserGrantStateActive
UserGrantStateInactive
UserGrantStateRemoved
)
func (u *UserGrant) IsValid() bool {
return u.ProjectID != "" && u.UserID != ""
}