mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:47:33 +00:00
feat: idp and login policy configurations (#619)
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -69,7 +69,7 @@ const (
|
||||
GenderDiverse
|
||||
)
|
||||
|
||||
func (u *User) CheckOrgIamPolicy(policy *org_model.OrgIamPolicy) error {
|
||||
func (u *User) CheckOrgIAMPolicy(policy *org_model.OrgIAMPolicy) error {
|
||||
if policy == nil {
|
||||
return caos_errors.ThrowPreconditionFailed(nil, "MODEL-zSH7j", "Errors.Users.OrgIamPolicyNil")
|
||||
}
|
||||
|
||||
@@ -107,8 +107,8 @@ func (es *UserEventstore) UserEventsByID(ctx context.Context, id string, sequenc
|
||||
return es.FilterEvents(ctx, query)
|
||||
}
|
||||
|
||||
func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIamPolicy *org_model.OrgIamPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
err := user.CheckOrgIamPolicy(orgIamPolicy)
|
||||
func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
err := user.CheckOrgIAMPolicy(orgIAMPolicy)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -140,13 +140,13 @@ func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model
|
||||
repoInitCode := model.InitCodeFromModel(user.InitCode)
|
||||
repoPhoneCode := model.PhoneCodeFromModel(user.PhoneCode)
|
||||
|
||||
createAggregates, err := UserCreateAggregate(ctx, es.AggregateCreator(), repoUser, repoInitCode, repoPhoneCode, resourceOwner, orgIamPolicy.UserLoginMustBeDomain)
|
||||
createAggregates, err := UserCreateAggregate(ctx, es.AggregateCreator(), repoUser, repoInitCode, repoPhoneCode, resourceOwner, orgIAMPolicy.UserLoginMustBeDomain)
|
||||
|
||||
return repoUser, createAggregates, err
|
||||
}
|
||||
|
||||
func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIamPolicy *org_model.OrgIamPolicy) (*usr_model.User, error) {
|
||||
repoUser, aggregates, err := es.PrepareCreateUser(ctx, user, pwPolicy, orgIamPolicy, "")
|
||||
func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy) (*usr_model.User, error) {
|
||||
repoUser, aggregates, err := es.PrepareCreateUser(ctx, user, pwPolicy, orgIAMPolicy, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -160,8 +160,8 @@ func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User,
|
||||
return model.UserToModel(repoUser), nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, policy *policy_model.PasswordComplexityPolicy, orgIamPolicy *org_model.OrgIamPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
err := user.CheckOrgIamPolicy(orgIamPolicy)
|
||||
func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, policy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
err := user.CheckOrgIAMPolicy(orgIAMPolicy)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -187,12 +187,12 @@ func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_mod
|
||||
repoUser := model.UserFromModel(user)
|
||||
repoInitCode := model.InitCodeFromModel(user.InitCode)
|
||||
|
||||
aggregates, err := UserRegisterAggregate(ctx, es.AggregateCreator(), repoUser, resourceOwner, repoInitCode, orgIamPolicy.UserLoginMustBeDomain)
|
||||
aggregates, err := UserRegisterAggregate(ctx, es.AggregateCreator(), repoUser, resourceOwner, repoInitCode, orgIAMPolicy.UserLoginMustBeDomain)
|
||||
return repoUser, aggregates, err
|
||||
}
|
||||
|
||||
func (es *UserEventstore) RegisterUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIamPolicy *org_model.OrgIamPolicy, resourceOwner string) (*usr_model.User, error) {
|
||||
repoUser, createAggregates, err := es.PrepareRegisterUser(ctx, user, pwPolicy, orgIamPolicy, resourceOwner)
|
||||
func (es *UserEventstore) RegisterUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*usr_model.User, error) {
|
||||
repoUser, createAggregates, err := es.PrepareRegisterUser(ctx, user, pwPolicy, orgIAMPolicy, resourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -90,7 +90,7 @@ func TestCreateUser(t *testing.T) {
|
||||
ctx context.Context
|
||||
user *model.User
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
orgPolicy *org_model.OrgIamPolicy
|
||||
orgPolicy *org_model.OrgIAMPolicy
|
||||
}
|
||||
type res struct {
|
||||
user *model.User
|
||||
@@ -119,7 +119,7 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -151,7 +151,7 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{UserLoginMustBeDomain: false},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: false},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -188,7 +188,7 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -226,7 +226,7 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -249,7 +249,7 @@ func TestCreateUser(t *testing.T) {
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -261,7 +261,7 @@ func TestCreateUser(t *testing.T) {
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -315,7 +315,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
user *model.User
|
||||
resourceOwner string
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
orgPolicy *org_model.OrgIamPolicy
|
||||
orgPolicy *org_model.OrgIAMPolicy
|
||||
}
|
||||
type res struct {
|
||||
user *model.User
|
||||
@@ -346,7 +346,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{UserLoginMustBeDomain: true},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: true},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -380,7 +380,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{UserLoginMustBeDomain: false},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: false},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -403,7 +403,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1}},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -426,7 +426,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -449,7 +449,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -470,7 +470,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
EmailAddress: "EmailAddress",
|
||||
},
|
||||
},
|
||||
orgPolicy: &org_model.OrgIamPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
|
||||
@@ -94,7 +94,7 @@ func (u *NotifyUser) GenerateLoginName(domain string, appendDomain bool) string
|
||||
return u.UserName + "@" + domain
|
||||
}
|
||||
|
||||
func (u *NotifyUser) SetLoginNames(policy *org_model.OrgIamPolicy, domains []*org_model.OrgDomain) {
|
||||
func (u *NotifyUser) SetLoginNames(policy *org_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
loginNames := make([]string, 0)
|
||||
for _, d := range domains {
|
||||
if d.Verified {
|
||||
|
||||
@@ -152,7 +152,7 @@ func (u *UserView) GenerateLoginName(domain string, appendDomain bool) string {
|
||||
return u.UserName + "@" + domain
|
||||
}
|
||||
|
||||
func (u *UserView) SetLoginNames(policy *org_model.OrgIamPolicy, domains []*org_model.OrgDomain) {
|
||||
func (u *UserView) SetLoginNames(policy *org_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
loginNames := make([]string, 0)
|
||||
for _, d := range domains {
|
||||
if d.Verified {
|
||||
|
||||
@@ -78,10 +78,10 @@ func (u *UserMembershipView) AppendEvent(event *models.Event) (err error) {
|
||||
u.Sequence = event.Sequence
|
||||
|
||||
switch event.Type {
|
||||
case iam_es_model.IamMemberAdded:
|
||||
case iam_es_model.IAMMemberAdded:
|
||||
u.setRootData(event, model.MemberTypeIam)
|
||||
err = u.setIamMemberData(event)
|
||||
case iam_es_model.IamMemberChanged:
|
||||
case iam_es_model.IAMMemberChanged:
|
||||
err = u.setIamMemberData(event)
|
||||
case org_es_model.OrgMemberAdded:
|
||||
u.setRootData(event, model.MemberTypeOrganisation)
|
||||
@@ -111,7 +111,7 @@ func (u *UserMembershipView) setRootData(event *models.Event, memberType model.M
|
||||
}
|
||||
|
||||
func (u *UserMembershipView) setIamMemberData(event *models.Event) error {
|
||||
member := new(iam_es_model.IamMember)
|
||||
member := new(iam_es_model.IAMMember)
|
||||
if err := json.Unmarshal(event.Data, member); err != nil {
|
||||
logging.Log("MODEL-Ec9sf").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data")
|
||||
|
||||
Reference in New Issue
Block a user