diff --git a/cmd/zitadel/main.go b/cmd/zitadel/main.go index d36b3bbc5c..477dadc5ad 100644 --- a/cmd/zitadel/main.go +++ b/cmd/zitadel/main.go @@ -4,6 +4,8 @@ import ( "context" "flag" metrics "github.com/caos/zitadel/internal/telemetry/metrics/config" + "github.com/caos/zitadel/internal/v2/command" + "github.com/caos/zitadel/internal/v2/query" "github.com/caos/logging" admin_es "github.com/caos/zitadel/internal/admin/repository/eventsourcing" @@ -93,6 +95,19 @@ func startZitadel(configPaths []string) { logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config") ctx := context.Background() + es, err := es_int.Start(conf.Admin.Eventstore) + if err != nil { + return + } + esV2 := es.V2() + command, err := command.StartCommandSide(&command.Config{Eventstore: esV2, SystemDefaults: conf.SystemDefaults}) + if err != nil { + return + } + query, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: conf.SystemDefaults}) + if err != nil { + return + } authZRepo, err := authz.Start(ctx, conf.AuthZ, conf.InternalAuthZ, conf.SystemDefaults) logging.Log("MAIN-s9KOw").OnError(err).Fatal("error starting authz repo") var authRepo *auth_es.EsRepository @@ -101,7 +116,7 @@ func startZitadel(configPaths []string) { logging.Log("MAIN-9oRw6").OnError(err).Fatal("error starting auth repo") } - startAPI(ctx, conf, authZRepo, authRepo) + startAPI(ctx, conf, authZRepo, authRepo, command, query) startUI(ctx, conf, authRepo) if *notificationEnabled { @@ -126,23 +141,23 @@ func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository) uis.Start(ctx) } -func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository) { +func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository, command *command.CommandSide, query *query.QuerySide) { roles := make([]string, len(conf.InternalAuthZ.RolePermissionMappings)) for i, role := range conf.InternalAuthZ.RolePermissionMappings { roles[i] = role.Role } - adminRepo, err := admin_es.Start(ctx, conf.Admin, conf.SystemDefaults, roles) + repo, err := admin_es.Start(ctx, conf.Admin, conf.SystemDefaults, roles) logging.Log("API-D42tq").OnError(err).Fatal("error starting auth repo") - apis := api.Create(conf.API, conf.InternalAuthZ, authZRepo, authRepo, adminRepo, conf.SystemDefaults) + apis := api.Create(conf.API, conf.InternalAuthZ, authZRepo, authRepo, repo, conf.SystemDefaults) if *adminEnabled { - apis.RegisterServer(ctx, admin.CreateServer(adminRepo)) + apis.RegisterServer(ctx, admin.CreateServer(command, query, repo)) } if *managementEnabled { managementRepo, err := mgmt_es.Start(conf.Mgmt, conf.SystemDefaults, roles) logging.Log("API-Gd2qq").OnError(err).Fatal("error starting management repo") - apis.RegisterServer(ctx, management.CreateServer(managementRepo, conf.SystemDefaults)) + apis.RegisterServer(ctx, management.CreateServer(command, query, managementRepo, conf.SystemDefaults)) } if *authEnabled { apis.RegisterServer(ctx, auth.CreateServer(authRepo)) diff --git a/internal/admin/repository/eventsourcing/eventstore/iam.go b/internal/admin/repository/eventsourcing/eventstore/iam.go index a35046b606..515e752024 100644 --- a/internal/admin/repository/eventsourcing/eventstore/iam.go +++ b/internal/admin/repository/eventsourcing/eventstore/iam.go @@ -2,7 +2,6 @@ package eventstore import ( "context" - "github.com/caos/zitadel/internal/v2/query" "strings" caos_errs "github.com/caos/zitadel/internal/errors" @@ -19,7 +18,6 @@ import ( "github.com/caos/zitadel/internal/telemetry/tracing" usr_model "github.com/caos/zitadel/internal/user/model" usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing" - "github.com/caos/zitadel/internal/v2/command" ) type IAMRepository struct { @@ -30,9 +28,6 @@ type IAMRepository struct { View *admin_view.View SystemDefaults systemdefaults.SystemDefaults Roles []string - - IAMV2Command *command.CommandSide - IAMV2Query *query.QuerySide } func (repo *IAMRepository) IAMMemberByID(ctx context.Context, iamID, userID string) (*iam_model.IAMMemberView, error) { @@ -43,30 +38,6 @@ func (repo *IAMRepository) IAMMemberByID(ctx context.Context, iamID, userID stri return iam_es_model.IAMMemberToModel(member), nil } -func (repo *IAMRepository) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) { - member.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddIAMMember(ctx, member) - } - return repo.IAMEventstore.AddIAMMember(ctx, member) -} - -func (repo *IAMRepository) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) { - member.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeIAMMember(ctx, member) - } - return repo.IAMEventstore.ChangeIAMMember(ctx, member) -} - -func (repo *IAMRepository) RemoveIAMMember(ctx context.Context, userID string) error { - member := iam_model.NewIAMMember(repo.SystemDefaults.IamID, userID) - if repo.IAMV2Command != nil { - return repo.IAMV2Command.RemoveIAMMember(ctx, member) - } - return repo.IAMEventstore.RemoveIAMMember(ctx, member) -} - func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) { request.EnsureLimit(repo.SearchLimit) sequence, err := repo.View.GetLatestIAMMemberSequence("") @@ -98,48 +69,6 @@ func (repo *IAMRepository) GetIAMMemberRoles() []string { return roles } -func (repo *IAMRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) { - if repo.IAMV2Command != nil { - return repo.IAMV2Query.DefaultIDPConfigByID(ctx, repo.SystemDefaults.IamID, idpConfigID) - } - - idp, err := repo.View.IDPConfigByID(idpConfigID) - if err != nil { - return nil, err - } - return iam_es_model.IDPConfigViewToModel(idp), nil -} - -func (repo *IAMRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) { - idp.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultIDPConfig(ctx, idp) - } - return repo.IAMEventstore.AddIDPConfig(ctx, idp) -} - -func (repo *IAMRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) { - idp.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultIDPConfig(ctx, idp) - } - return repo.IAMEventstore.ChangeIDPConfig(ctx, idp) -} - -func (repo *IAMRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.DeactivateDefaultIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID) - } - return repo.IAMEventstore.DeactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID) -} - -func (repo *IAMRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ReactivateDefaultIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID) - } - return repo.IAMEventstore.ReactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID) -} - func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error { // if repo.IAMV2Command != nil { // return repo.IAMV2Command. @@ -184,14 +113,6 @@ func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID stri return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...) } -func (repo *IAMRepository) ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) { - oidcConfig.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultIDPOIDCConfig(ctx, oidcConfig) - } - return repo.IAMEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig) -} - func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) { request.EnsureLimit(repo.SearchLimit) sequence, err := repo.View.GetLatestIDPConfigSequence("") @@ -238,22 +159,6 @@ func (repo *IAMRepository) GetDefaultLabelPolicy(ctx context.Context) (*iam_mode return iam_es_model.LabelPolicyViewToModel(policy), nil } -func (repo *IAMRepository) AddDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultLabelPolicy(ctx, policy) - } - return repo.IAMEventstore.AddLabelPolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultLabelPolicy(ctx, policy) - } - return repo.IAMEventstore.ChangeLabelPolicy(ctx, policy) -} - func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) { policy, viewErr := repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { @@ -279,22 +184,6 @@ func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_mode return iam_es_model.LoginPolicyViewToModel(policy), nil } -func (repo *IAMRepository) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultLoginPolicy(ctx, policy) - } - return repo.IAMEventstore.AddLoginPolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultLoginPolicy(ctx, policy) - } - return repo.IAMEventstore.ChangeLoginPolicy(ctx, policy) -} - func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) { request.EnsureLimit(repo.SearchLimit) request.AppendAggregateIDQuery(repo.SystemDefaults.IamID) @@ -317,14 +206,6 @@ func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, reques return result, nil } -func (repo *IAMRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) { - provider.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddIDPProviderToDefaultLoginPolicy(ctx, provider) - } - return repo.IAMEventstore.AddIDPProviderToLoginPolicy(ctx, provider) -} - func (repo *IAMRepository) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error { aggregates := make([]*es_models.Aggregate, 0) provider.AggregateID = repo.SystemDefaults.IamID @@ -361,20 +242,6 @@ func (repo *IAMRepository) SearchDefaultSecondFactors(ctx context.Context) (*iam }, nil } -func (repo *IAMRepository) AddSecondFactorToLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddSecondFactorToDefaultLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) - } - return repo.IAMEventstore.AddSecondFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) -} - -func (repo *IAMRepository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) error { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) - } - return repo.IAMEventstore.RemoveSecondFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) -} - func (repo *IAMRepository) SearchDefaultMultiFactors(ctx context.Context) (*iam_model.MultiFactorsSearchResponse, error) { policy, err := repo.GetDefaultLoginPolicy(ctx) if err != nil { @@ -386,20 +253,6 @@ func (repo *IAMRepository) SearchDefaultMultiFactors(ctx context.Context) (*iam_ }, nil } -func (repo *IAMRepository) AddMultiFactorToLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) (iam_model.MultiFactorType, error) { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddMultiFactorToDefaultLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) - } - return repo.IAMEventstore.AddMultiFactorToLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) -} - -func (repo *IAMRepository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) error { - if repo.IAMV2Command != nil { - return repo.IAMV2Command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) - } - return repo.IAMEventstore.RemoveMultiFactorFromLoginPolicy(ctx, repo.SystemDefaults.IamID, mfa) -} - func (repo *IAMRepository) GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) { policy, viewErr := repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { @@ -425,22 +278,6 @@ func (repo *IAMRepository) GetDefaultPasswordComplexityPolicy(ctx context.Contex return iam_es_model.PasswordComplexityViewToModel(policy), nil } -func (repo *IAMRepository) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultPasswordComplexityPolicy(ctx, policy) - } - return repo.IAMEventstore.AddPasswordComplexityPolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultPasswordComplexityPolicy(ctx, policy) - } - return repo.IAMEventstore.ChangePasswordComplexityPolicy(ctx, policy) -} - func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) { policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { @@ -466,22 +303,6 @@ func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*ia return iam_es_model.PasswordAgeViewToModel(policy), nil } -func (repo *IAMRepository) AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultPasswordAgePolicy(ctx, policy) - } - return repo.IAMEventstore.AddPasswordAgePolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultPasswordAgePolicy(ctx, policy) - } - return repo.IAMEventstore.ChangePasswordAgePolicy(ctx, policy) -} - func (repo *IAMRepository) GetDefaultPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error) { policy, viewErr := repo.View.PasswordLockoutPolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { @@ -507,22 +328,6 @@ func (repo *IAMRepository) GetDefaultPasswordLockoutPolicy(ctx context.Context) return iam_es_model.PasswordLockoutViewToModel(policy), nil } -func (repo *IAMRepository) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultPasswordLockoutPolicy(ctx, policy) - } - return repo.IAMEventstore.AddPasswordLockoutPolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultPasswordLockoutPolicy(ctx, policy) - } - return repo.IAMEventstore.ChangePasswordLockoutPolicy(ctx, policy) -} - func (repo *IAMRepository) GetOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) { policy, viewErr := repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { @@ -547,19 +352,3 @@ func (repo *IAMRepository) GetOrgIAMPolicy(ctx context.Context) (*iam_model.OrgI } return iam_es_model.OrgIAMViewToModel(policy), nil } - -func (repo *IAMRepository) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.AddDefaultOrgIAMPolicy(ctx, policy) - } - return repo.IAMEventstore.AddOrgIAMPolicy(ctx, policy) -} - -func (repo *IAMRepository) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { - policy.AggregateID = repo.SystemDefaults.IamID - if repo.IAMV2Command != nil { - return repo.IAMV2Command.ChangeDefaultOrgIAMPolicy(ctx, policy) - } - return repo.IAMEventstore.ChangeOrgIAMPolicy(ctx, policy) -} diff --git a/internal/admin/repository/eventsourcing/repository.go b/internal/admin/repository/eventsourcing/repository.go index 384c39be28..f75c1cf20c 100644 --- a/internal/admin/repository/eventsourcing/repository.go +++ b/internal/admin/repository/eventsourcing/repository.go @@ -2,9 +2,6 @@ package eventsourcing import ( "context" - "github.com/caos/zitadel/internal/v2/command" - "github.com/caos/zitadel/internal/v2/query" - "github.com/caos/zitadel/internal/admin/repository/eventsourcing/eventstore" "github.com/caos/zitadel/internal/admin/repository/eventsourcing/handler" "github.com/caos/zitadel/internal/admin/repository/eventsourcing/spooler" @@ -39,8 +36,6 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r if err != nil { return nil, err } - esV2 := es.V2() - iam, err := es_iam.StartIAM(es_iam.IAMConfig{ Eventstore: es, Cache: conf.Eventstore.Cache, @@ -66,14 +61,6 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r if err != nil { return nil, err } - iamV2Command, err := command.StartCommandSide(&command.Config{Eventstore: esV2, SystemDefaults: systemDefaults}) - if err != nil { - return nil, err - } - iamV2Query, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: systemDefaults}) - if err != nil { - return nil, err - } spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org, IamEvents: iam}, systemDefaults) @@ -95,8 +82,6 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r SystemDefaults: systemDefaults, SearchLimit: conf.SearchLimit, Roles: roles, - IAMV2Command: iamV2Command, - IAMV2Query: iamV2Query, }, AdministratorRepo: eventstore.AdministratorRepo{ View: view, diff --git a/internal/admin/repository/iam.go b/internal/admin/repository/iam.go index 1d664f56df..fbef0ab270 100644 --- a/internal/admin/repository/iam.go +++ b/internal/admin/repository/iam.go @@ -8,51 +8,25 @@ import ( type IAMRepository interface { SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) - AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) - ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) - RemoveIAMMember(ctx context.Context, userID string) error GetIAMMemberRoles() []string SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) - IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error) - AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) - ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) - DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) - ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) RemoveIDPConfig(ctx context.Context, idpConfigID string) error - ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) - AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) - ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) - AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error SearchDefaultSecondFactors(ctx context.Context) (*iam_model.SecondFactorsSearchResponse, error) - AddSecondFactorToLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) - RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) error SearchDefaultMultiFactors(ctx context.Context) (*iam_model.MultiFactorsSearchResponse, error) - AddMultiFactorToLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) (iam_model.MultiFactorType, error) - RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) error GetDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) - AddDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) - ChangeDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) - AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) - ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) - AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) - ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) GetDefaultPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error) - AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) - ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) - AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) - ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) } diff --git a/internal/api/grpc/admin/iam_member.go b/internal/api/grpc/admin/iam_member.go index fb171108f2..e25d8df192 100644 --- a/internal/api/grpc/admin/iam_member.go +++ b/internal/api/grpc/admin/iam_member.go @@ -21,23 +21,23 @@ func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearch } func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) { - addedMember, err := s.iam.AddIAMMember(ctx, addIamMemberToModel(member)) + addedMember, err := s.command.AddIAMMember(ctx, addIamMemberToDomain(member)) if err != nil { return nil, err } - return iamMemberFromModel(addedMember), nil + return iamMemberFromDomain(addedMember), nil } func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) { - changedMember, err := s.iam.ChangeIAMMember(ctx, changeIamMemberToModel(member)) + changedMember, err := s.command.ChangeIAMMember(ctx, changeIamMemberToDomain(member)) if err != nil { return nil, err } - return iamMemberFromModel(changedMember), nil + return iamMemberFromDomain(changedMember), nil } func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) { - err := s.iam.RemoveIAMMember(ctx, member.UserId) + err := s.command.RemoveIAMMember(ctx, member.UserId) return &empty.Empty{}, err } diff --git a/internal/api/grpc/admin/iam_member_converter.go b/internal/api/grpc/admin/iam_member_converter.go index bd5297b31a..abaa1f4baf 100644 --- a/internal/api/grpc/admin/iam_member_converter.go +++ b/internal/api/grpc/admin/iam_member_converter.go @@ -2,6 +2,7 @@ package admin import ( "github.com/caos/logging" + "github.com/caos/zitadel/internal/v2/domain" "github.com/golang/protobuf/ptypes" iam_model "github.com/caos/zitadel/internal/iam/model" @@ -9,25 +10,21 @@ import ( "github.com/caos/zitadel/pkg/grpc/admin" ) -func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IAMMember { - memberModel := &iam_model.IAMMember{ +func addIamMemberToDomain(member *admin.AddIamMemberRequest) *domain.IAMMember { + return &domain.IAMMember{ UserID: member.UserId, + Roles: member.Roles, } - memberModel.Roles = member.Roles - - return memberModel } -func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IAMMember { - memberModel := &iam_model.IAMMember{ +func changeIamMemberToDomain(member *admin.ChangeIamMemberRequest) *domain.IAMMember { + return &domain.IAMMember{ UserID: member.UserId, + Roles: member.Roles, } - memberModel.Roles = member.Roles - - return memberModel } -func iamMemberFromModel(member *iam_model.IAMMember) *admin.IamMember { +func iamMemberFromDomain(member *domain.IAMMember) *admin.IamMember { creationDate, err := ptypes.TimestampProto(member.CreationDate) logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed") diff --git a/internal/api/grpc/admin/idp_config.go b/internal/api/grpc/admin/idp_config.go index e0e6d6fe37..5558f609bb 100644 --- a/internal/api/grpc/admin/idp_config.go +++ b/internal/api/grpc/admin/idp_config.go @@ -8,56 +8,57 @@ import ( ) func (s *Server) IdpByID(ctx context.Context, id *admin.IdpID) (*admin.IdpView, error) { - config, err := s.iam.IDPConfigByID(ctx, id.Id) + config, err := s.query.DefaultIDPConfigByID(ctx, id.Id) if err != nil { return nil, err } - return idpViewFromModel(config), nil + return idpViewFromDomain(config), nil } func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *admin.OidcIdpConfigCreate) (*admin.Idp, error) { - config, err := s.iam.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig)) + config, err := s.command.AddDefaultIDPConfig(ctx, createOIDCIDPToDomain(oidcIdpConfig)) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate) (*admin.Idp, error) { - config, err := s.iam.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig)) + config, err := s.command.ChangeDefaultIDPConfig(ctx, updateIdpToDomain(idpConfig)) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) { - config, err := s.iam.DeactivateIDPConfig(ctx, id.Id) + config, err := s.command.DeactivateDefaultIDPConfig(ctx, id.Id) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) { - config, err := s.iam.ReactivateIDPConfig(ctx, id.Id) + config, err := s.command.ReactivateDefaultIDPConfig(ctx, id.Id) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } +//TODO: Change To V2 func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) { err := s.iam.RemoveIDPConfig(ctx, id.Id) return &empty.Empty{}, err } func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *admin.OidcIdpConfigUpdate) (*admin.OidcIdpConfig, error) { - config, err := s.iam.ChangeOidcIDPConfig(ctx, updateOidcIdpToModel(request)) + config, err := s.command.ChangeDefaultIDPOIDCConfig(ctx, updateOIDCIDPToDomain(request)) if err != nil { return nil, err } - return oidcIdpConfigFromModel(config), nil + return oidcIDPConfigFromDomain(config), nil } func (s *Server) SearchIdps(ctx context.Context, request *admin.IdpSearchRequest) (*admin.IdpSearchResponse, error) { diff --git a/internal/api/grpc/admin/idp_config_converter.go b/internal/api/grpc/admin/idp_config_converter.go index 9539a05609..4a78c7b2a0 100644 --- a/internal/api/grpc/admin/idp_config_converter.go +++ b/internal/api/grpc/admin/idp_config_converter.go @@ -3,47 +3,48 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func createOidcIdpToModel(idp *admin.OidcIdpConfigCreate) *iam_model.IDPConfig { - return &iam_model.IDPConfig{ +func createOIDCIDPToDomain(idp *admin.OidcIdpConfigCreate) *domain.IDPConfig { + return &domain.IDPConfig{ Name: idp.Name, - StylingType: idpConfigStylingTypeToModel(idp.StylingType), - Type: iam_model.IDPConfigTypeOIDC, - OIDCConfig: &iam_model.OIDCIDPConfig{ + StylingType: idpConfigStylingTypeToDomain(idp.StylingType), + Type: domain.IDPConfigTypeOIDC, + OIDCConfig: &domain.OIDCIDPConfig{ ClientID: idp.ClientId, ClientSecretString: idp.ClientSecret, Issuer: idp.Issuer, Scopes: idp.Scopes, - IDPDisplayNameMapping: oidcMappingFieldToModel(idp.IdpDisplayNameMapping), - UsernameMapping: oidcMappingFieldToModel(idp.UsernameMapping), + IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping), + UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping), }, } } -func updateIdpToModel(idp *admin.IdpUpdate) *iam_model.IDPConfig { - return &iam_model.IDPConfig{ +func updateIdpToDomain(idp *admin.IdpUpdate) *domain.IDPConfig { + return &domain.IDPConfig{ IDPConfigID: idp.Id, Name: idp.Name, - StylingType: idpConfigStylingTypeToModel(idp.StylingType), + StylingType: idpConfigStylingTypeToDomain(idp.StylingType), } } -func updateOidcIdpToModel(idp *admin.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig { - return &iam_model.OIDCIDPConfig{ +func updateOIDCIDPToDomain(idp *admin.OidcIdpConfigUpdate) *domain.OIDCIDPConfig { + return &domain.OIDCIDPConfig{ IDPConfigID: idp.IdpId, ClientID: idp.ClientId, ClientSecretString: idp.ClientSecret, Issuer: idp.Issuer, Scopes: idp.Scopes, - IDPDisplayNameMapping: oidcMappingFieldToModel(idp.IdpDisplayNameMapping), - UsernameMapping: oidcMappingFieldToModel(idp.UsernameMapping), + IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping), + UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping), } } -func idpFromModel(idp *iam_model.IDPConfig) *admin.Idp { +func idpFromDomain(idp *domain.IDPConfig) *admin.Idp { creationDate, err := ptypes.TimestampProto(idp.CreationDate) logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed") @@ -56,9 +57,28 @@ func idpFromModel(idp *iam_model.IDPConfig) *admin.Idp { ChangeDate: changeDate, Sequence: idp.Sequence, Name: idp.Name, - StylingType: idpConfigStylingTypeFromModel(idp.StylingType), - State: idpConfigStateFromModel(idp.State), - IdpConfig: idpConfigFromModel(idp), + StylingType: idpConfigStylingTypeFromDomain(idp.StylingType), + State: idpConfigStateFromDomain(idp.State), + IdpConfig: idpConfigFromDomain(idp), + } +} + +func idpViewFromDomain(idp *domain.IDPConfigView) *admin.IdpView { + creationDate, err := ptypes.TimestampProto(idp.CreationDate) + logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed") + + changeDate, err := ptypes.TimestampProto(idp.ChangeDate) + logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed") + + return &admin.IdpView{ + Id: idp.IDPConfigID, + CreationDate: creationDate, + ChangeDate: changeDate, + Sequence: idp.Sequence, + Name: idp.Name, + StylingType: admin.IdpStylingType(idp.StylingType), + State: admin.IdpState(idp.State), + IdpConfigView: idpConfigViewFromDomain(idp), } } @@ -75,22 +95,22 @@ func idpViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView { ChangeDate: changeDate, Sequence: idp.Sequence, Name: idp.Name, - StylingType: idpConfigStylingTypeFromModel(idp.StylingType), - State: idpConfigStateFromModel(idp.State), + StylingType: admin.IdpStylingType(idp.StylingType), + State: admin.IdpState(idp.State), IdpConfigView: idpConfigViewFromModel(idp), } } -func idpConfigFromModel(idp *iam_model.IDPConfig) *admin.Idp_OidcConfig { - if idp.Type == iam_model.IDPConfigTypeOIDC { +func idpConfigFromDomain(idp *domain.IDPConfig) *admin.Idp_OidcConfig { + if idp.Type == domain.IDPConfigTypeOIDC { return &admin.Idp_OidcConfig{ - OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig), + OidcConfig: oidcIDPConfigFromDomain(idp.OIDCConfig), } } return nil } -func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *admin.OidcIdpConfig { +func oidcIDPConfigFromDomain(idp *domain.OIDCIDPConfig) *admin.OidcIdpConfig { return &admin.OidcIdpConfig{ ClientId: idp.ClientID, Issuer: idp.Issuer, @@ -98,6 +118,15 @@ func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *admin.OidcIdpConfig { } } +func idpConfigViewFromDomain(idp *domain.IDPConfigView) *admin.IdpView_OidcConfig { + if idp.IsOIDC { + return &admin.IdpView_OidcConfig{ + OidcConfig: oidcIdpConfigViewFromDomain(idp), + } + } + return nil +} + func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcConfig { if idp.IsOIDC { return &admin.IdpView_OidcConfig{ @@ -107,46 +136,56 @@ func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcCon return nil } +func oidcIdpConfigViewFromDomain(idp *domain.IDPConfigView) *admin.OidcIdpConfigView { + return &admin.OidcIdpConfigView{ + ClientId: idp.OIDCClientID, + Issuer: idp.OIDCIssuer, + Scopes: idp.OIDCScopes, + IdpDisplayNameMapping: oidcMappingFieldFromDomain(idp.OIDCIDPDisplayNameMapping), + UsernameMapping: oidcMappingFieldFromDomain(idp.OIDCUsernameMapping), + } +} + func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.OidcIdpConfigView { return &admin.OidcIdpConfigView{ ClientId: idp.OIDCClientID, Issuer: idp.OIDCIssuer, Scopes: idp.OIDCScopes, - IdpDisplayNameMapping: oidcMappingFieldFromModel(idp.OIDCIDPDisplayNameMapping), - UsernameMapping: oidcMappingFieldFromModel(idp.OIDCUsernameMapping), + IdpDisplayNameMapping: admin.OIDCMappingField(idp.OIDCIDPDisplayNameMapping), + UsernameMapping: admin.OIDCMappingField(idp.OIDCUsernameMapping), } } -func idpConfigStateFromModel(state iam_model.IDPConfigState) admin.IdpState { +func idpConfigStateFromDomain(state domain.IDPConfigState) admin.IdpState { switch state { - case iam_model.IDPConfigStateActive: + case domain.IDPConfigStateActive: return admin.IdpState_IDPCONFIGSTATE_ACTIVE - case iam_model.IDPConfigStateInactive: + case domain.IDPConfigStateInactive: return admin.IdpState_IDPCONFIGSTATE_INACTIVE default: return admin.IdpState_IDPCONFIGSTATE_UNSPECIFIED } } -func oidcMappingFieldFromModel(field iam_model.OIDCMappingField) admin.OIDCMappingField { +func oidcMappingFieldFromDomain(field domain.OIDCMappingField) admin.OIDCMappingField { switch field { - case iam_model.OIDCMappingFieldPreferredLoginName: + case domain.OIDCMappingFieldPreferredLoginName: return admin.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME - case iam_model.OIDCMappingFieldEmail: + case domain.OIDCMappingFieldEmail: return admin.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL default: return admin.OIDCMappingField_OIDCMAPPINGFIELD_UNSPECIFIED } } -func oidcMappingFieldToModel(field admin.OIDCMappingField) iam_model.OIDCMappingField { +func oidcMappingFieldToDomain(field admin.OIDCMappingField) domain.OIDCMappingField { switch field { case admin.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME: - return iam_model.OIDCMappingFieldPreferredLoginName + return domain.OIDCMappingFieldPreferredLoginName case admin.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL: - return iam_model.OIDCMappingFieldEmail + return domain.OIDCMappingFieldEmail default: - return iam_model.OIDCMappingFieldUnspecified + return domain.OIDCMappingFieldPreferredLoginName } } @@ -207,20 +246,20 @@ func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*admin.IdpView { return idps } -func idpConfigStylingTypeFromModel(stylingType iam_model.IDPStylingType) admin.IdpStylingType { +func idpConfigStylingTypeFromDomain(stylingType domain.IDPConfigStylingType) admin.IdpStylingType { switch stylingType { - case iam_model.IDPStylingTypeGoogle: + case domain.IDPConfigStylingTypeGoogle: return admin.IdpStylingType_IDPSTYLINGTYPE_GOOGLE default: return admin.IdpStylingType_IDPSTYLINGTYPE_UNSPECIFIED } } -func idpConfigStylingTypeToModel(stylingType admin.IdpStylingType) iam_model.IDPStylingType { +func idpConfigStylingTypeToDomain(stylingType admin.IdpStylingType) domain.IDPConfigStylingType { switch stylingType { case admin.IdpStylingType_IDPSTYLINGTYPE_GOOGLE: - return iam_model.IDPStylingTypeGoogle + return domain.IDPConfigStylingTypeGoogle default: - return iam_model.IDPStylingTypeUnspecified + return domain.IDPConfigStylingTypeUnspecified } } diff --git a/internal/api/grpc/admin/label_policy.go b/internal/api/grpc/admin/label_policy.go index 1d1befa260..a0f6c56635 100644 --- a/internal/api/grpc/admin/label_policy.go +++ b/internal/api/grpc/admin/label_policy.go @@ -16,9 +16,9 @@ func (s *Server) GetDefaultLabelPolicy(ctx context.Context, _ *empty.Empty) (*ad } func (s *Server) UpdateDefaultLabelPolicy(ctx context.Context, policy *admin.DefaultLabelPolicyUpdate) (*admin.DefaultLabelPolicy, error) { - result, err := s.iam.ChangeDefaultLabelPolicy(ctx, labelPolicyToModel(policy)) + result, err := s.command.ChangeDefaultLabelPolicy(ctx, labelPolicyToDomain(policy)) if err != nil { return nil, err } - return labelPolicyFromModel(result), nil + return labelPolicyFromDomain(result), nil } diff --git a/internal/api/grpc/admin/label_policy_converter.go b/internal/api/grpc/admin/label_policy_converter.go index a5e0f09745..e2cd9effcb 100644 --- a/internal/api/grpc/admin/label_policy_converter.go +++ b/internal/api/grpc/admin/label_policy_converter.go @@ -3,18 +3,19 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func labelPolicyToModel(policy *admin.DefaultLabelPolicyUpdate) *iam_model.LabelPolicy { - return &iam_model.LabelPolicy{ +func labelPolicyToDomain(policy *admin.DefaultLabelPolicyUpdate) *domain.LabelPolicy { + return &domain.LabelPolicy{ PrimaryColor: policy.PrimaryColor, SecondaryColor: policy.SecondaryColor, } } -func labelPolicyFromModel(policy *iam_model.LabelPolicy) *admin.DefaultLabelPolicy { +func labelPolicyFromDomain(policy *domain.LabelPolicy) *admin.DefaultLabelPolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("ADMIN-QwQG9").OnError(err).Debug("date parse failed") diff --git a/internal/api/grpc/admin/login_policy.go b/internal/api/grpc/admin/login_policy.go index efc0f438b2..101c9f5c8a 100644 --- a/internal/api/grpc/admin/login_policy.go +++ b/internal/api/grpc/admin/login_policy.go @@ -15,11 +15,11 @@ func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*ad } func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicyRequest) (*admin.DefaultLoginPolicy, error) { - result, err := s.iam.ChangeDefaultLoginPolicy(ctx, loginPolicyToModel(policy)) + result, err := s.command.ChangeDefaultLoginPolicy(ctx, loginPolicyToDomain(policy)) if err != nil { return nil, err } - return loginPolicyFromModel(result), nil + return loginPolicyFromDomain(result), nil } func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request *admin.IdpProviderSearchRequest) (*admin.IdpProviderSearchResponse, error) { @@ -31,13 +31,14 @@ func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request } func (s *Server) AddIdpProviderToDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*admin.IdpProviderID, error) { - result, err := s.iam.AddIDPProviderToLoginPolicy(ctx, idpProviderToModel(provider)) + result, err := s.command.AddIDPProviderToDefaultLoginPolicy(ctx, idpProviderToDomain(provider)) if err != nil { return nil, err } - return idpProviderFromModel(result), nil + return idpProviderFromDomain(result), nil } +//TODO: Change to v2 func (s *Server) RemoveIdpProviderFromDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*empty.Empty, error) { err := s.iam.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider)) return &empty.Empty{}, err @@ -52,7 +53,7 @@ func (s *Server) GetDefaultLoginPolicySecondFactors(ctx context.Context, _ *empt } func (s *Server) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, mfa *admin.SecondFactor) (*admin.SecondFactor, error) { - result, err := s.iam.AddSecondFactorToLoginPolicy(ctx, secondFactorTypeToModel(mfa)) + result, err := s.command.AddSecondFactorToDefaultLoginPolicy(ctx, secondFactorTypeToModel(mfa)) if err != nil { return nil, err } @@ -60,7 +61,7 @@ func (s *Server) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, mfa *a } func (s *Server) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, mfa *admin.SecondFactor) (*empty.Empty, error) { - err := s.iam.RemoveSecondFactorFromLoginPolicy(ctx, secondFactorTypeToModel(mfa)) + err := s.command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, secondFactorTypeToModel(mfa)) return &empty.Empty{}, err } @@ -73,7 +74,7 @@ func (s *Server) GetDefaultLoginPolicyMultiFactors(ctx context.Context, _ *empty } func (s *Server) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, mfa *admin.MultiFactor) (*admin.MultiFactor, error) { - result, err := s.iam.AddMultiFactorToLoginPolicy(ctx, multiFactorTypeToModel(mfa)) + result, err := s.command.AddMultiFactorToDefaultLoginPolicy(ctx, multiFactorTypeToModel(mfa)) if err != nil { return nil, err } @@ -81,6 +82,6 @@ func (s *Server) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, mfa *ad } func (s *Server) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, mfa *admin.MultiFactor) (*empty.Empty, error) { - err := s.iam.RemoveMultiFactorFromLoginPolicy(ctx, multiFactorTypeToModel(mfa)) + err := s.command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, multiFactorTypeToModel(mfa)) return &empty.Empty{}, err } diff --git a/internal/api/grpc/admin/login_policy_converter.go b/internal/api/grpc/admin/login_policy_converter.go index f9a78b590c..5fd57b57ba 100644 --- a/internal/api/grpc/admin/login_policy_converter.go +++ b/internal/api/grpc/admin/login_policy_converter.go @@ -3,21 +3,22 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func loginPolicyToModel(policy *admin.DefaultLoginPolicyRequest) *iam_model.LoginPolicy { - return &iam_model.LoginPolicy{ +func loginPolicyToDomain(policy *admin.DefaultLoginPolicyRequest) *domain.LoginPolicy { + return &domain.LoginPolicy{ AllowUsernamePassword: policy.AllowUsernamePassword, AllowExternalIdp: policy.AllowExternalIdp, AllowRegister: policy.AllowRegister, ForceMFA: policy.ForceMfa, - PasswordlessType: passwordlessTypeToModel(policy.PasswordlessType), + PasswordlessType: passwordlessTypeToDomain(policy.PasswordlessType), } } -func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPolicy { +func loginPolicyFromDomain(policy *domain.LoginPolicy) *admin.DefaultLoginPolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("GRPC-3Fsm9").OnError(err).Debug("date parse failed") @@ -29,7 +30,7 @@ func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPoli AllowExternalIdp: policy.AllowExternalIdp, AllowRegister: policy.AllowRegister, ForceMfa: policy.ForceMFA, - PasswordlessType: passwordlessTypeFromModel(policy.PasswordlessType), + PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType), CreationDate: creationDate, ChangeDate: changeDate, } @@ -47,7 +48,7 @@ func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultL AllowExternalIdp: policy.AllowExternalIDP, AllowRegister: policy.AllowRegister, ForceMfa: policy.ForceMFA, - PasswordlessType: passwordlessTypeFromModel(policy.PasswordlessType), + PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType), CreationDate: creationDate, ChangeDate: changeDate, } @@ -69,6 +70,13 @@ func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchRes } } +func idpProviderToDomain(provider *admin.IdpProviderID) *domain.IDPProvider { + return &domain.IDPProvider{ + IDPConfigID: provider.IdpConfigId, + Type: domain.IdentityProviderTypeSystem, + } +} + func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider { return &iam_model.IDPProvider{ IDPConfigID: provider.IdpConfigId, @@ -76,7 +84,7 @@ func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider { } } -func idpProviderFromModel(provider *iam_model.IDPProvider) *admin.IdpProviderID { +func idpProviderFromDomain(provider *domain.IDPProvider) *admin.IdpProviderID { return &admin.IdpProviderID{ IdpConfigId: provider.IDPConfigID, } @@ -148,21 +156,21 @@ func secondFactorTypeToModel(mfaType *admin.SecondFactor) iam_model.SecondFactor } } -func passwordlessTypeFromModel(passwordlessType iam_model.PasswordlessType) admin.PasswordlessType { +func passwordlessTypeFromDomain(passwordlessType domain.PasswordlessType) admin.PasswordlessType { switch passwordlessType { - case iam_model.PasswordlessTypeAllowed: + case domain.PasswordlessTypeAllowed: return admin.PasswordlessType_PASSWORDLESSTYPE_ALLOWED default: return admin.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED } } -func passwordlessTypeToModel(passwordlessType admin.PasswordlessType) iam_model.PasswordlessType { +func passwordlessTypeToDomain(passwordlessType admin.PasswordlessType) domain.PasswordlessType { switch passwordlessType { case admin.PasswordlessType_PASSWORDLESSTYPE_ALLOWED: - return iam_model.PasswordlessTypeAllowed + return domain.PasswordlessTypeAllowed default: - return iam_model.PasswordlessTypeNotAllowed + return domain.PasswordlessTypeNotAllowed } } diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go index 936cec13a7..d813fa0a51 100644 --- a/internal/api/grpc/admin/org.go +++ b/internal/api/grpc/admin/org.go @@ -47,11 +47,11 @@ func (s *Server) GetDefaultOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ } func (s *Server) UpdateDefaultOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) { - policy, err := s.iam.ChangeDefaultOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in)) + policy, err := s.command.ChangeDefaultOrgIAMPolicy(ctx, orgIAMPolicyRequestToDomain(in)) if err != nil { return nil, err } - return orgIAMPolicyFromModel(policy), err + return orgIAMPolicyFromDomain(policy), err } func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *admin.OrgIamPolicyView, err error) { @@ -63,19 +63,19 @@ func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) } func (s *Server) CreateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) { - policy, err := s.org.CreateOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in)) + policy, err := s.command.AddOrgIAMPolicy(ctx, orgIAMPolicyRequestToDomain(in)) if err != nil { return nil, err } - return orgIAMPolicyFromModel(policy), err + return orgIAMPolicyFromDomain(policy), err } func (s *Server) UpdateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) { - policy, err := s.org.ChangeOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in)) + policy, err := s.command.ChangeOrgIAMPolicy(ctx, orgIAMPolicyRequestToDomain(in)) if err != nil { return nil, err } - return orgIAMPolicyFromModel(policy), err + return orgIAMPolicyFromDomain(policy), err } func (s *Server) RemoveOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *empty.Empty, err error) { diff --git a/internal/api/grpc/admin/org_converter.go b/internal/api/grpc/admin/org_converter.go index 9d157227b9..5084273fe4 100644 --- a/internal/api/grpc/admin/org_converter.go +++ b/internal/api/grpc/admin/org_converter.go @@ -3,6 +3,7 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/golang/protobuf/ptypes" admin_model "github.com/caos/zitadel/internal/admin/model" @@ -197,7 +198,7 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod { } } -func orgIAMPolicyFromModel(policy *iam_model.OrgIAMPolicy) *admin.OrgIamPolicy { +func orgIAMPolicyFromDomain(policy *domain.OrgIAMPolicy) *admin.OrgIamPolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time") @@ -227,8 +228,8 @@ func orgIAMPolicyViewFromModel(policy *iam_model.OrgIAMPolicyView) *admin.OrgIam } } -func orgIAMPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *iam_model.OrgIAMPolicy { - return &iam_model.OrgIAMPolicy{ +func orgIAMPolicyRequestToDomain(policy *admin.OrgIamPolicyRequest) *domain.OrgIAMPolicy { + return &domain.OrgIAMPolicy{ ObjectRoot: models.ObjectRoot{ AggregateID: policy.OrgId, }, diff --git a/internal/api/grpc/admin/password_age_policy.go b/internal/api/grpc/admin/password_age_policy.go index 1656b0f27a..46e2389c83 100644 --- a/internal/api/grpc/admin/password_age_policy.go +++ b/internal/api/grpc/admin/password_age_policy.go @@ -15,9 +15,9 @@ func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, _ *empty.Empty } func (s *Server) UpdateDefaultPasswordAgePolicy(ctx context.Context, policy *admin.DefaultPasswordAgePolicyRequest) (*admin.DefaultPasswordAgePolicy, error) { - result, err := s.iam.ChangeDefaultPasswordAgePolicy(ctx, passwordAgePolicyToModel(policy)) + result, err := s.command.ChangeDefaultPasswordAgePolicy(ctx, passwordAgePolicyToDomain(policy)) if err != nil { return nil, err } - return passwordAgePolicyFromModel(result), nil + return passwordAgePolicyFromDomain(result), nil } diff --git a/internal/api/grpc/admin/password_age_policy_converter.go b/internal/api/grpc/admin/password_age_policy_converter.go index 44e413b25e..f1ba6e0467 100644 --- a/internal/api/grpc/admin/password_age_policy_converter.go +++ b/internal/api/grpc/admin/password_age_policy_converter.go @@ -3,18 +3,19 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func passwordAgePolicyToModel(policy *admin.DefaultPasswordAgePolicyRequest) *iam_model.PasswordAgePolicy { - return &iam_model.PasswordAgePolicy{ +func passwordAgePolicyToDomain(policy *admin.DefaultPasswordAgePolicyRequest) *domain.PasswordAgePolicy { + return &domain.PasswordAgePolicy{ MaxAgeDays: policy.MaxAgeDays, ExpireWarnDays: policy.ExpireWarnDays, } } -func passwordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *admin.DefaultPasswordAgePolicy { +func passwordAgePolicyFromDomain(policy *domain.PasswordAgePolicy) *admin.DefaultPasswordAgePolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("GRPC-mH9os").OnError(err).Debug("date parse failed") diff --git a/internal/api/grpc/admin/password_complexity_policy.go b/internal/api/grpc/admin/password_complexity_policy.go index 7b4bb8901e..b784c78fa9 100644 --- a/internal/api/grpc/admin/password_complexity_policy.go +++ b/internal/api/grpc/admin/password_complexity_policy.go @@ -15,9 +15,9 @@ func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empt } func (s *Server) UpdateDefaultPasswordComplexityPolicy(ctx context.Context, policy *admin.DefaultPasswordComplexityPolicyRequest) (*admin.DefaultPasswordComplexityPolicy, error) { - result, err := s.iam.ChangeDefaultPasswordComplexityPolicy(ctx, passwordComplexityPolicyToModel(policy)) + result, err := s.command.ChangeDefaultPasswordComplexityPolicy(ctx, passwordComplexityPolicyToDomain(policy)) if err != nil { return nil, err } - return passwordComplexityPolicyFromModel(result), nil + return passwordComplexityPolicyFromDomain(result), nil } diff --git a/internal/api/grpc/admin/password_complexity_policy_converter.go b/internal/api/grpc/admin/password_complexity_policy_converter.go index 7cf538af85..d2a3609cbf 100644 --- a/internal/api/grpc/admin/password_complexity_policy_converter.go +++ b/internal/api/grpc/admin/password_complexity_policy_converter.go @@ -3,12 +3,13 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func passwordComplexityPolicyToModel(policy *admin.DefaultPasswordComplexityPolicyRequest) *iam_model.PasswordComplexityPolicy { - return &iam_model.PasswordComplexityPolicy{ +func passwordComplexityPolicyToDomain(policy *admin.DefaultPasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy { + return &domain.PasswordComplexityPolicy{ MinLength: policy.MinLength, HasUppercase: policy.HasUppercase, HasLowercase: policy.HasLowercase, @@ -17,7 +18,7 @@ func passwordComplexityPolicyToModel(policy *admin.DefaultPasswordComplexityPoli } } -func passwordComplexityPolicyFromModel(policy *iam_model.PasswordComplexityPolicy) *admin.DefaultPasswordComplexityPolicy { +func passwordComplexityPolicyFromDomain(policy *domain.PasswordComplexityPolicy) *admin.DefaultPasswordComplexityPolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("GRPC-6Zhs9").OnError(err).Debug("date parse failed") diff --git a/internal/api/grpc/admin/password_lockout_policy.go b/internal/api/grpc/admin/password_lockout_policy.go index 6bffb269ea..a32d82539b 100644 --- a/internal/api/grpc/admin/password_lockout_policy.go +++ b/internal/api/grpc/admin/password_lockout_policy.go @@ -15,9 +15,9 @@ func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, _ *empty.E } func (s *Server) UpdateDefaultPasswordLockoutPolicy(ctx context.Context, policy *admin.DefaultPasswordLockoutPolicyRequest) (*admin.DefaultPasswordLockoutPolicy, error) { - result, err := s.iam.ChangeDefaultPasswordLockoutPolicy(ctx, passwordLockoutPolicyToModel(policy)) + result, err := s.command.ChangeDefaultPasswordLockoutPolicy(ctx, passwordLockoutPolicyToDomain(policy)) if err != nil { return nil, err } - return passwordLockoutPolicyFromModel(result), nil + return passwordLockoutPolicyFromDomain(result), nil } diff --git a/internal/api/grpc/admin/password_lockout_policy_converter.go b/internal/api/grpc/admin/password_lockout_policy_converter.go index ad0cb7fb97..3fd8ddde32 100644 --- a/internal/api/grpc/admin/password_lockout_policy_converter.go +++ b/internal/api/grpc/admin/password_lockout_policy_converter.go @@ -3,18 +3,19 @@ package admin import ( "github.com/caos/logging" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" ) -func passwordLockoutPolicyToModel(policy *admin.DefaultPasswordLockoutPolicyRequest) *iam_model.PasswordLockoutPolicy { - return &iam_model.PasswordLockoutPolicy{ +func passwordLockoutPolicyToDomain(policy *admin.DefaultPasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy { + return &domain.PasswordLockoutPolicy{ MaxAttempts: policy.MaxAttempts, ShowLockOutFailures: policy.ShowLockoutFailure, } } -func passwordLockoutPolicyFromModel(policy *iam_model.PasswordLockoutPolicy) *admin.DefaultPasswordLockoutPolicy { +func passwordLockoutPolicyFromDomain(policy *domain.PasswordLockoutPolicy) *admin.DefaultPasswordLockoutPolicy { creationDate, err := ptypes.TimestampProto(policy.CreationDate) logging.Log("GRPC-4Gsm9f").OnError(err).Debug("date parse failed") diff --git a/internal/api/grpc/admin/server.go b/internal/api/grpc/admin/server.go index 7c95226637..41e69e0c69 100644 --- a/internal/api/grpc/admin/server.go +++ b/internal/api/grpc/admin/server.go @@ -1,6 +1,8 @@ package admin import ( + "github.com/caos/zitadel/internal/v2/command" + "github.com/caos/zitadel/internal/v2/query" "google.golang.org/grpc" "github.com/caos/zitadel/internal/admin/repository" @@ -17,6 +19,8 @@ const ( var _ admin.AdminServiceServer = (*Server)(nil) type Server struct { + command *command.CommandSide + query *query.QuerySide org repository.OrgRepository iam repository.IAMRepository administrator repository.AdministratorRepository @@ -27,8 +31,10 @@ type Config struct { Repository eventsourcing.Config } -func CreateServer(repo repository.Repository) *Server { +func CreateServer(command *command.CommandSide, query *query.QuerySide, repo repository.Repository) *Server { return &Server{ + command: command, + query: query, org: repo, iam: repo, administrator: repo, diff --git a/internal/api/grpc/management/server.go b/internal/api/grpc/management/server.go index ec446f7732..7e9aad842d 100644 --- a/internal/api/grpc/management/server.go +++ b/internal/api/grpc/management/server.go @@ -1,6 +1,8 @@ package management import ( + "github.com/caos/zitadel/internal/v2/command" + "github.com/caos/zitadel/internal/v2/query" "google.golang.org/grpc" "github.com/caos/zitadel/internal/api/authz" @@ -18,6 +20,8 @@ const ( var _ management.ManagementServiceServer = (*Server)(nil) type Server struct { + command *command.CommandSide + query *query.QuerySide project repository.ProjectRepository org repository.OrgRepository user repository.UserRepository @@ -31,8 +35,10 @@ type Config struct { Repository eventsourcing.Config } -func CreateServer(repo repository.Repository, sd systemdefaults.SystemDefaults) *Server { +func CreateServer(command *command.CommandSide, query *query.QuerySide, repo repository.Repository, sd systemdefaults.SystemDefaults) *Server { return &Server{ + command: command, + query: query, project: repo, org: repo, user: repo, diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go index b7151f070d..14af284176 100644 --- a/internal/api/grpc/management/user.go +++ b/internal/api/grpc/management/user.go @@ -52,11 +52,11 @@ func (s *Server) IsUserUnique(ctx context.Context, request *management.UniqueUse } func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.UserResponse, error) { - user, err := s.user.CreateUser(ctx, userCreateToModel(in)) + user, err := s.command.AddUser(ctx, userCreateToDomain(in)) if err != nil { return nil, err } - return userFromModel(user), nil + return userFromDomain(user), nil } func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) { diff --git a/internal/api/grpc/management/user_converter.go b/internal/api/grpc/management/user_converter.go index ced79f4948..b62bd2b8c4 100644 --- a/internal/api/grpc/management/user_converter.go +++ b/internal/api/grpc/management/user_converter.go @@ -4,6 +4,7 @@ import ( "encoding/json" "github.com/caos/logging" + "github.com/caos/zitadel/internal/v2/domain" "github.com/golang/protobuf/ptypes" "golang.org/x/text/language" "google.golang.org/protobuf/encoding/protojson" @@ -16,6 +17,32 @@ import ( "github.com/caos/zitadel/pkg/grpc/message" ) +func userFromDomain(user *domain.User) *management.UserResponse { + creationDate, err := ptypes.TimestampProto(user.CreationDate) + logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp") + + changeDate, err := ptypes.TimestampProto(user.ChangeDate) + logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp") + + userResp := &management.UserResponse{ + Id: user.AggregateID, + State: userStateFromDomain(user.State), + CreationDate: creationDate, + ChangeDate: changeDate, + Sequence: user.Sequence, + UserName: user.UserName, + } + + if user.Machine != nil { + userResp.User = &management.UserResponse_Machine{Machine: machineFromDomain(user.Machine)} + } + if user.Human != nil { + userResp.User = &management.UserResponse_Human{Human: humanFromDomain(user.Human)} + } + + return userResp +} + func userFromModel(user *usr_model.User) *management.UserResponse { creationDate, err := ptypes.TimestampProto(user.CreationDate) logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp") @@ -25,7 +52,7 @@ func userFromModel(user *usr_model.User) *management.UserResponse { userResp := &management.UserResponse{ Id: user.AggregateID, - State: userStateFromModel(user.State), + State: management.UserState(user.State), CreationDate: creationDate, ChangeDate: changeDate, Sequence: user.Sequence, @@ -42,18 +69,18 @@ func userFromModel(user *usr_model.User) *management.UserResponse { return userResp } -func userCreateToModel(user *management.CreateUserRequest) *usr_model.User { - var human *usr_model.Human - var machine *usr_model.Machine +func userCreateToDomain(user *management.CreateUserRequest) *domain.User { + var human *domain.Human + var machine *domain.Machine if h := user.GetHuman(); h != nil { - human = humanCreateToModel(h) + human = humanCreateToDomain(h) } if m := user.GetMachine(); m != nil { - machine = machineCreateToModel(m) + machine = machineCreateToDomain(m) } - return &usr_model.User{ + return &domain.User{ UserName: user.UserName, Human: human, Machine: machine, @@ -222,7 +249,7 @@ func profileFromModel(profile *usr_model.Profile) *management.UserProfile { DisplayName: profile.DisplayName, NickName: profile.NickName, PreferredLanguage: profile.PreferredLanguage.String(), - Gender: genderFromModel(profile.Gender), + Gender: management.Gender(profile.Gender), } } @@ -243,7 +270,7 @@ func profileViewFromModel(profile *usr_model.Profile) *management.UserProfileVie DisplayName: profile.DisplayName, NickName: profile.NickName, PreferredLanguage: profile.PreferredLanguage.String(), - Gender: genderFromModel(profile.Gender), + Gender: management.Gender(profile.Gender), LoginNames: profile.LoginNames, PreferredLoginName: profile.PreferredLoginName, } @@ -259,7 +286,7 @@ func updateProfileToModel(u *management.UpdateUserProfileRequest) *usr_model.Pro LastName: u.LastName, NickName: u.NickName, PreferredLanguage: preferredLanguage, - Gender: genderToModel(u.Gender), + Gender: usr_model.Gender(u.Gender), } } @@ -430,7 +457,7 @@ func userViewFromModel(user *usr_model.UserView) *management.UserView { userView := &management.UserView{ Id: user.ID, - State: userStateFromModel(user.State), + State: management.UserState(user.State), CreationDate: creationDate, ChangeDate: changeDate, LastLogin: lastLogin, @@ -520,30 +547,30 @@ func notifyTypeToModel(state management.NotificationType) usr_model.Notification } } -func userStateFromModel(state usr_model.UserState) management.UserState { +func userStateFromDomain(state domain.UserState) management.UserState { switch state { - case usr_model.UserStateActive: + case domain.UserStateActive: return management.UserState_USERSTATE_ACTIVE - case usr_model.UserStateInactive: + case domain.UserStateInactive: return management.UserState_USERSTATE_INACTIVE - case usr_model.UserStateLocked: + case domain.UserStateLocked: return management.UserState_USERSTATE_LOCKED - case usr_model.UserStateInitial: + case domain.UserStateInitial: return management.UserState_USERSTATE_INITIAL - case usr_model.UserStateSuspend: + case domain.UserStateSuspend: return management.UserState_USERSTATE_SUSPEND default: return management.UserState_USERSTATE_UNSPECIFIED } } -func genderFromModel(gender usr_model.Gender) management.Gender { +func genderFromDomain(gender domain.Gender) management.Gender { switch gender { - case usr_model.GenderFemale: + case domain.GenderFemale: return management.Gender_GENDER_FEMALE - case usr_model.GenderMale: + case domain.GenderMale: return management.Gender_GENDER_MALE - case usr_model.GenderDiverse: + case domain.GenderDiverse: return management.Gender_GENDER_DIVERSE default: return management.Gender_GENDER_UNSPECIFIED @@ -562,16 +589,17 @@ func memberTypeFromModel(memberType usr_model.MemberType) management.MemberType return management.MemberType_MEMBERTYPE_UNSPECIFIED } } -func genderToModel(gender management.Gender) usr_model.Gender { + +func genderToDomain(gender management.Gender) domain.Gender { switch gender { case management.Gender_GENDER_FEMALE: - return usr_model.GenderFemale + return domain.GenderFemale case management.Gender_GENDER_MALE: - return usr_model.GenderMale + return domain.GenderMale case management.Gender_GENDER_DIVERSE: - return usr_model.GenderDiverse + return domain.GenderDiverse default: - return usr_model.GenderUnspecified + return domain.GenderUnspecified } } diff --git a/internal/api/grpc/management/user_human_converter.go b/internal/api/grpc/management/user_human_converter.go index 253d16c00d..b6c277ff56 100644 --- a/internal/api/grpc/management/user_human_converter.go +++ b/internal/api/grpc/management/user_human_converter.go @@ -3,11 +3,40 @@ package management import ( "github.com/caos/logging" usr_model "github.com/caos/zitadel/internal/user/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/management" "github.com/golang/protobuf/ptypes" "golang.org/x/text/language" ) +func humanFromDomain(user *domain.Human) *management.HumanResponse { + human := &management.HumanResponse{ + FirstName: user.FirstName, + LastName: user.LastName, + DisplayName: user.DisplayName, + NickName: user.NickName, + PreferredLanguage: user.PreferredLanguage.String(), + Gender: genderFromDomain(user.Gender), + } + + if user.Email != nil { + human.Email = user.EmailAddress + human.IsEmailVerified = user.IsEmailVerified + } + if user.Phone != nil { + human.Phone = user.PhoneNumber + human.IsPhoneVerified = user.IsPhoneVerified + } + if user.Address != nil { + human.Country = user.Country + human.Locality = user.Locality + human.PostalCode = user.PostalCode + human.Region = user.Region + human.StreetAddress = user.StreetAddress + } + return human +} + func humanFromModel(user *usr_model.Human) *management.HumanResponse { human := &management.HumanResponse{ FirstName: user.FirstName, @@ -15,7 +44,8 @@ func humanFromModel(user *usr_model.Human) *management.HumanResponse { DisplayName: user.DisplayName, NickName: user.NickName, PreferredLanguage: user.PreferredLanguage.String(), - Gender: genderFromModel(user.Gender), + //TODO: User Converter + Gender: management.Gender(user.Gender), } if user.Email != nil { @@ -46,37 +76,38 @@ func humanViewFromModel(user *usr_model.HumanView) *management.HumanView { DisplayName: user.DisplayName, NickName: user.NickName, PreferredLanguage: user.PreferredLanguage, - Gender: genderFromModel(user.Gender), - Email: user.Email, - IsEmailVerified: user.IsEmailVerified, - Phone: user.Phone, - IsPhoneVerified: user.IsPhoneVerified, - Country: user.Country, - Locality: user.Locality, - PostalCode: user.PostalCode, - Region: user.Region, - StreetAddress: user.StreetAddress, - PasswordChanged: passwordChanged, + //TODO: User converter + Gender: management.Gender(user.Gender), + Email: user.Email, + IsEmailVerified: user.IsEmailVerified, + Phone: user.Phone, + IsPhoneVerified: user.IsPhoneVerified, + Country: user.Country, + Locality: user.Locality, + PostalCode: user.PostalCode, + Region: user.Region, + StreetAddress: user.StreetAddress, + PasswordChanged: passwordChanged, } } -func humanCreateToModel(u *management.CreateHumanRequest) *usr_model.Human { +func humanCreateToDomain(u *management.CreateHumanRequest) *domain.Human { preferredLanguage, err := language.Parse(u.PreferredLanguage) logging.Log("GRPC-cK5k2").OnError(err).Debug("language malformed") - human := &usr_model.Human{ - Profile: &usr_model.Profile{ + human := &domain.Human{ + Profile: &domain.Profile{ FirstName: u.FirstName, LastName: u.LastName, NickName: u.NickName, PreferredLanguage: preferredLanguage, - Gender: genderToModel(u.Gender), + Gender: genderToDomain(u.Gender), }, - Email: &usr_model.Email{ + Email: &domain.Email{ EmailAddress: u.Email, IsEmailVerified: u.IsEmailVerified, }, - Address: &usr_model.Address{ + Address: &domain.Address{ Country: u.Country, Locality: u.Locality, PostalCode: u.PostalCode, @@ -85,10 +116,10 @@ func humanCreateToModel(u *management.CreateHumanRequest) *usr_model.Human { }, } if u.Password != "" { - human.Password = &usr_model.Password{SecretString: u.Password} + human.Password = &domain.Password{SecretString: u.Password} } if u.Phone != "" { - human.Phone = &usr_model.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified} + human.Phone = &domain.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified} } return human } diff --git a/internal/api/grpc/management/user_machine_converter.go b/internal/api/grpc/management/user_machine_converter.go index cc53440691..9d46a2f107 100644 --- a/internal/api/grpc/management/user_machine_converter.go +++ b/internal/api/grpc/management/user_machine_converter.go @@ -2,6 +2,7 @@ package management import ( "encoding/json" + "github.com/caos/zitadel/internal/v2/domain" "time" "github.com/caos/logging" @@ -12,8 +13,8 @@ import ( "github.com/golang/protobuf/ptypes" ) -func machineCreateToModel(machine *management.CreateMachineRequest) *usr_model.Machine { - return &usr_model.Machine{ +func machineCreateToDomain(machine *management.CreateMachineRequest) *domain.Machine { + return &domain.Machine{ Name: machine.Name, Description: machine.Description, } @@ -26,6 +27,13 @@ func updateMachineToModel(machine *management.UpdateMachineRequest) *usr_model.M } } +func machineFromDomain(account *domain.Machine) *management.MachineResponse { + return &management.MachineResponse{ + Name: account.Name, + Description: account.Description, + } +} + func machineFromModel(account *usr_model.Machine) *management.MachineResponse { return &management.MachineResponse{ Name: account.Name, diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml index 41d3b104bf..8b67dd2b6a 100644 --- a/internal/static/i18n/de.yaml +++ b/internal/static/i18n/de.yaml @@ -28,9 +28,10 @@ Errors: Invalid: Email ist ungültig AlreadyVerified: Email ist bereits verifiziert NotChanged: Email wurde nicht geändert - PhoneNotFound: Telfonnummer nicht gefunden - PhoneInvalid: Telefonnummer ist ungültig - PhoneAlreadyVerified: Telefonnummer bereits verifiziert + Phone: + NotFound: Telfonnummer nicht gefunden + Invalid: Telefonnummer ist ungültig + AlreadyVerified: Telefonnummer bereits verifiziert Address: NotFound: Addresse nicht gefunden NotChanged: Addresse wurde nicht geändert diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index d2a7c1f4bb..29947a8af9 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -28,9 +28,10 @@ Errors: Invalid: Email is invalid AlreadyVerified: Email is alredy verified NotChanged: Email not changed - PhoneNotFound: Phone not found - PhoneInvalid: Phone is invalid - PhoneAlreadyVerified: Phone already verified + Phone: + NotFound: Phone not found + Invalid: Phone is invalid + AlreadyVerified: Phone already verified Address: NotFound: Address not found NotChanged: Address not changed diff --git a/internal/user/model/user_human.go b/internal/user/model/user_human.go index 838f3b753f..c5e8269da5 100644 --- a/internal/user/model/user_human.go +++ b/internal/user/model/user_human.go @@ -3,6 +3,7 @@ package model import ( "bytes" caos_errors "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/v2/domain" "strings" "time" @@ -48,7 +49,7 @@ const ( GenderDiverse ) -func (u *Human) CheckOrgIAMPolicy(userName string, policy *iam_model.OrgIAMPolicy) error { +func (u *Human) CheckOrgIAMPolicy(userName string, policy *domain.OrgIAMPolicy) error { if policy == nil { return caos_errors.ThrowPreconditionFailed(nil, "MODEL-zSH7j", "Errors.Users.OrgIamPolicyNil") } diff --git a/internal/user/repository/eventsourcing/eventstore.go b/internal/user/repository/eventsourcing/eventstore.go index 922e6bf77a..342c700e92 100644 --- a/internal/user/repository/eventsourcing/eventstore.go +++ b/internal/user/repository/eventsourcing/eventstore.go @@ -1024,12 +1024,12 @@ func (es *UserEventstore) PhoneByID(ctx context.Context, userID string) (*usr_mo if user.Phone != nil { return user.Phone, nil } - return nil, caos_errs.ThrowNotFound(nil, "EVENT-pos9e", "Errors.User.PhoneNotFound") + return nil, caos_errs.ThrowNotFound(nil, "EVENT-pos9e", "Errors.User.Phone.NotFound") } func (es *UserEventstore) ChangePhone(ctx context.Context, phone *usr_model.Phone) (*usr_model.Phone, error) { if !phone.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-do9s4", "Errors.User.PhoneInvalid") + return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-do9s4", "Errors.User.Phone.Invalid") } user, err := es.HumanByID(ctx, phone.AggregateID) if err != nil { @@ -1093,10 +1093,10 @@ func (es *UserEventstore) CreatePhoneVerificationCode(ctx context.Context, userI return err } if user.Phone == nil { - return caos_errs.ThrowPreconditionFailed(nil, "EVENT-sp9fs", "Errors.User.PhoneNotFound") + return caos_errs.ThrowPreconditionFailed(nil, "EVENT-sp9fs", "Errors.User.Phone.NotFound") } if user.IsPhoneVerified { - return caos_errs.ThrowPreconditionFailed(nil, "EVENT-sleis", "Errors.User.PhoneAlreadyVerified") + return caos_errs.ThrowPreconditionFailed(nil, "EVENT-sleis", "Errors.User.Phone.AlreadyVerified") } phoneCode := new(usr_model.PhoneCode) diff --git a/internal/v2/command/iam_converter.go b/internal/v2/command/iam_converter.go index da7fb73564..4b5dc289b4 100644 --- a/internal/v2/command/iam_converter.go +++ b/internal/v2/command/iam_converter.go @@ -4,6 +4,7 @@ import ( "github.com/caos/zitadel/internal/eventstore/models" "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" ) func writeModelToObjectRoot(writeModel eventstore.WriteModel) models.ObjectRoot { @@ -25,50 +26,50 @@ func writeModelToIAM(wm *IAMWriteModel) *model.IAM { } } -func writeModelToMember(writeModel *IAMMemberWriteModel) *model.IAMMember { - return &model.IAMMember{ +func writeModelToMember(writeModel *IAMMemberWriteModel) *domain.IAMMember { + return &domain.IAMMember{ ObjectRoot: writeModelToObjectRoot(writeModel.MemberWriteModel.WriteModel), Roles: writeModel.Roles, UserID: writeModel.UserID, } } -func writeModelToLoginPolicy(wm *IAMLoginPolicyWriteModel) *model.LoginPolicy { - return &model.LoginPolicy{ +func writeModelToLoginPolicy(wm *IAMLoginPolicyWriteModel) *domain.LoginPolicy { + return &domain.LoginPolicy{ ObjectRoot: writeModelToObjectRoot(wm.LoginPolicyWriteModel.WriteModel), AllowUsernamePassword: wm.AllowUserNamePassword, AllowRegister: wm.AllowRegister, AllowExternalIdp: wm.AllowExternalIDP, ForceMFA: wm.ForceMFA, - PasswordlessType: model.PasswordlessType(wm.PasswordlessType), + PasswordlessType: wm.PasswordlessType, } } -func writeModelToLabelPolicy(wm *IAMLabelPolicyWriteModel) *model.LabelPolicy { - return &model.LabelPolicy{ +func writeModelToLabelPolicy(wm *IAMLabelPolicyWriteModel) *domain.LabelPolicy { + return &domain.LabelPolicy{ ObjectRoot: writeModelToObjectRoot(wm.LabelPolicyWriteModel.WriteModel), PrimaryColor: wm.PrimaryColor, SecondaryColor: wm.SecondaryColor, } } -func writeModelToOrgIAMPolicy(wm *IAMOrgIAMPolicyWriteModel) *model.OrgIAMPolicy { - return &model.OrgIAMPolicy{ +func writeModelToOrgIAMPolicy(wm *IAMOrgIAMPolicyWriteModel) *domain.OrgIAMPolicy { + return &domain.OrgIAMPolicy{ ObjectRoot: writeModelToObjectRoot(wm.PolicyOrgIAMWriteModel.WriteModel), UserLoginMustBeDomain: wm.UserLoginMustBeDomain, } } -func writeModelToPasswordAgePolicy(wm *IAMPasswordAgePolicyWriteModel) *model.PasswordAgePolicy { - return &model.PasswordAgePolicy{ +func writeModelToPasswordAgePolicy(wm *IAMPasswordAgePolicyWriteModel) *domain.PasswordAgePolicy { + return &domain.PasswordAgePolicy{ ObjectRoot: writeModelToObjectRoot(wm.PasswordAgePolicyWriteModel.WriteModel), MaxAgeDays: wm.MaxAgeDays, ExpireWarnDays: wm.ExpireWarnDays, } } -func writeModelToPasswordComplexityPolicy(wm *IAMPasswordComplexityPolicyWriteModel) *model.PasswordComplexityPolicy { - return &model.PasswordComplexityPolicy{ +func writeModelToPasswordComplexityPolicy(wm *IAMPasswordComplexityPolicyWriteModel) *domain.PasswordComplexityPolicy { + return &domain.PasswordComplexityPolicy{ ObjectRoot: writeModelToObjectRoot(wm.PasswordComplexityPolicyWriteModel.WriteModel), MinLength: wm.MinLength, HasLowercase: wm.HasLowercase, @@ -78,41 +79,41 @@ func writeModelToPasswordComplexityPolicy(wm *IAMPasswordComplexityPolicyWriteMo } } -func writeModelToPasswordLockoutPolicy(wm *IAMPasswordLockoutPolicyWriteModel) *model.PasswordLockoutPolicy { - return &model.PasswordLockoutPolicy{ +func writeModelToPasswordLockoutPolicy(wm *IAMPasswordLockoutPolicyWriteModel) *domain.PasswordLockoutPolicy { + return &domain.PasswordLockoutPolicy{ ObjectRoot: writeModelToObjectRoot(wm.PasswordLockoutPolicyWriteModel.WriteModel), MaxAttempts: wm.MaxAttempts, ShowLockOutFailures: wm.ShowLockOutFailures, } } -func writeModelToIDPConfig(wm *IAMIDPConfigWriteModel) *model.IDPConfig { - return &model.IDPConfig{ +func writeModelToIDPConfig(wm *IAMIDPConfigWriteModel) *domain.IDPConfig { + return &domain.IDPConfig{ ObjectRoot: writeModelToObjectRoot(wm.WriteModel), OIDCConfig: writeModelToIDPOIDCConfig(wm.OIDCConfig), IDPConfigID: wm.ConfigID, Name: wm.Name, - State: model.IDPConfigState(wm.State), - StylingType: model.IDPStylingType(wm.StylingType), + State: wm.State, + StylingType: wm.StylingType, } } -func writeModelToIDPOIDCConfig(wm *OIDCConfigWriteModel) *model.OIDCIDPConfig { - return &model.OIDCIDPConfig{ +func writeModelToIDPOIDCConfig(wm *OIDCConfigWriteModel) *domain.OIDCIDPConfig { + return &domain.OIDCIDPConfig{ ObjectRoot: writeModelToObjectRoot(wm.WriteModel), ClientID: wm.ClientID, IDPConfigID: wm.IDPConfigID, - IDPDisplayNameMapping: model.OIDCMappingField(wm.IDPDisplayNameMapping), + IDPDisplayNameMapping: wm.IDPDisplayNameMapping, Issuer: wm.Issuer, Scopes: wm.Scopes, - UsernameMapping: model.OIDCMappingField(wm.UserNameMapping), + UsernameMapping: wm.UserNameMapping, } } -func writeModelToIDPProvider(wm *IAMIdentityProviderWriteModel) *model.IDPProvider { - return &model.IDPProvider{ +func writeModelToIDPProvider(wm *IAMIdentityProviderWriteModel) *domain.IDPProvider { + return &domain.IDPProvider{ ObjectRoot: writeModelToObjectRoot(wm.IdentityProviderWriteModel.WriteModel), IDPConfigID: wm.IDPConfigID, - Type: model.IDPProviderType(wm.IDPProviderType), + Type: wm.IDPProviderType, } } diff --git a/internal/v2/command/iam_idp_config.go b/internal/v2/command/iam_idp_config.go index 382a954ea2..68a89f0040 100644 --- a/internal/v2/command/iam_idp_config.go +++ b/internal/v2/command/iam_idp_config.go @@ -8,12 +8,11 @@ import ( "github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *iam_model.IDPConfig) (*iam_model.IDPConfig, error) { +func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { if config.OIDCConfig == nil { return nil, errors.ThrowInvalidArgument(nil, "IAM-eUpQU", "Errors.idp.config.notset") } @@ -36,8 +35,8 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *iam_model ctx, idpConfigID, config.Name, - domain.IDPConfigType(config.Type), - domain.IDPConfigStylingType(config.StylingType), + config.Type, + config.StylingType, ), ) iamAgg.PushEvents( @@ -46,8 +45,8 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *iam_model idpConfigID, config.OIDCConfig.Issuer, clientSecret, - domain.OIDCMappingField(config.OIDCConfig.IDPDisplayNameMapping), - domain.OIDCMappingField(config.OIDCConfig.UsernameMapping), + config.OIDCConfig.IDPDisplayNameMapping, + config.OIDCConfig.UsernameMapping, config.OIDCConfig.Scopes..., ), ) @@ -58,7 +57,7 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *iam_model return writeModelToIDPConfig(addedConfig), nil } -func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *iam_model.IDPConfig) (*iam_model.IDPConfig, error) { +func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, config.AggregateID, config.IDPConfigID) if err != nil { return nil, err @@ -67,7 +66,7 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *iam_mo return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotExisting") } - changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, config.IDPConfigID, config.Name, domain.IDPConfigStylingType(config.StylingType)) + changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, config.IDPConfigID, config.Name, config.StylingType) if !hasChanged { return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") } @@ -81,8 +80,8 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *iam_mo return writeModelToIDPConfig(existingIDP), nil } -func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) { - existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, iamID, idpID) +func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.IDPConfig, error) { + existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, r.iamID, idpID) if err != nil { return nil, err } @@ -99,8 +98,8 @@ func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, iamID, idp return writeModelToIDPConfig(existingIDP), nil } -func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) { - existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, iamID, idpID) +func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.IDPConfig, error) { + existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, r.iamID, idpID) if err != nil { return nil, err } @@ -118,7 +117,7 @@ func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, iamID, idp return writeModelToIDPConfig(existingIDP), nil } -func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) { +func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, iamID, idpID string) (*domain.IDPConfig, error) { writeModel, err := r.pushDefaultIDPWriteModel(ctx, iamID, idpID, func(a *iam.Aggregate, _ *IAMIDPConfigWriteModel) *iam.Aggregate { a.Aggregate = *a.PushEvents(iam_repo.NewIDPConfigRemovedEvent(ctx, idpID)) return a diff --git a/internal/v2/command/iam_idp_oidc_config.go b/internal/v2/command/iam_idp_oidc_config.go index d78ef231a0..fa4aa3d8be 100644 --- a/internal/v2/command/iam_idp_oidc_config.go +++ b/internal/v2/command/iam_idp_oidc_config.go @@ -4,11 +4,9 @@ import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/v2/domain" - - iam_model "github.com/caos/zitadel/internal/iam/model" ) -func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) { +func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) { existingConfig := NewIDPOIDCConfigWriteModel(config.AggregateID, config.IDPConfigID) err := r.eventstore.FilterToQueryReducer(ctx, existingConfig) if err != nil { @@ -25,8 +23,8 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *ia config.Issuer, config.ClientSecretString, r.idpConfigSecretCrypto, - domain.OIDCMappingField(config.IDPDisplayNameMapping), - domain.OIDCMappingField(config.UsernameMapping), + config.IDPDisplayNameMapping, + config.UsernameMapping, config.Scopes...) if err != nil { return nil, err diff --git a/internal/v2/command/iam_member.go b/internal/v2/command/iam_member.go index 40e604385b..2b5db224a6 100644 --- a/internal/v2/command/iam_member.go +++ b/internal/v2/command/iam_member.go @@ -2,16 +2,16 @@ package command import ( "context" + "github.com/caos/zitadel/internal/v2/domain" "reflect" "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) { +func (r *CommandSide) AddIAMMember(ctx context.Context, member *domain.IAMMember) (*domain.IAMMember, error) { //TODO: check if roles valid if !member.IsValid() { @@ -39,7 +39,7 @@ func (r *CommandSide) AddIAMMember(ctx context.Context, member *iam_model.IAMMem } //ChangeIAMMember updates an existing member -func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) { +func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *domain.IAMMember) (*domain.IAMMember, error) { //TODO: check if roles valid if !member.IsValid() { @@ -70,8 +70,8 @@ func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *iam_model.IAM return writeModelToMember(existingMember), nil } -func (r *CommandSide) RemoveIAMMember(ctx context.Context, member *iam_model.IAMMember) error { - m, err := r.iamMemberWriteModelByID(ctx, member.AggregateID, member.UserID) +func (r *CommandSide) RemoveIAMMember(ctx context.Context, userID string) error { + m, err := r.iamMemberWriteModelByID(ctx, r.iamID, userID) if err != nil && !errors.IsNotFound(err) { return err } @@ -80,7 +80,7 @@ func (r *CommandSide) RemoveIAMMember(ctx context.Context, member *iam_model.IAM } iamAgg := IAMAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) - iamAgg.PushEvents(iam_repo.NewMemberRemovedEvent(ctx, member.UserID)) + iamAgg.PushEvents(iam_repo.NewMemberRemovedEvent(ctx, userID)) return r.eventstore.PushAggregate(ctx, m, iamAgg) } diff --git a/internal/v2/command/iam_policy_label.go b/internal/v2/command/iam_policy_label.go index 1d44e1942c..50bb152105 100644 --- a/internal/v2/command/iam_policy_label.go +++ b/internal/v2/command/iam_policy_label.go @@ -3,16 +3,13 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) { - if !policy.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mv0s", "Errors.IAM.LabelPolicyInvalid") - } - +func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMLabelPolicyWriteModel(policy.AggregateID) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { @@ -33,11 +30,8 @@ func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *iam_mod return writeModelToLabelPolicy(addedPolicy), nil } -func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) { - if !policy.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-6M0od", "Errors.IAM.LabelPolicyInvalid") - } - +func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { + policy.AggregateID = r.iamID existingPolicy, err := r.defaultLabelPolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err diff --git a/internal/v2/command/iam_policy_login.go b/internal/v2/command/iam_policy_login.go index 61bfaf05a8..64f4c5f7ca 100644 --- a/internal/v2/command/iam_policy_login.go +++ b/internal/v2/command/iam_policy_login.go @@ -9,7 +9,8 @@ import ( iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) { +func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMLoginPolicyWriteModel(policy.AggregateID) iamAgg, err := r.addDefaultLoginPolicy(ctx, addedPolicy, policy) if err != nil { @@ -23,7 +24,7 @@ func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *iam_mod return writeModelToLoginPolicy(addedPolicy), nil } -func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, addedPolicy *IAMLoginPolicyWriteModel, policy *iam_model.LoginPolicy) (*iam_repo.Aggregate, error) { +func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, addedPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (*iam_repo.Aggregate, error) { err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { return nil, err @@ -33,16 +34,13 @@ func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, addedPolicy *IA } iamAgg := IAMAggregateFromWriteModel(&addedPolicy.LoginPolicyWriteModel.WriteModel) - iamAgg.PushEvents(iam_repo.NewLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, domain.PasswordlessType(policy.PasswordlessType))) + iamAgg.PushEvents(iam_repo.NewLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIdp, policy.ForceMFA, policy.PasswordlessType)) return iamAgg, nil } -func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) { - if !policy.IsValid() { - return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-6M0od", "Errors.IAM.LoginPolicyInvalid") - } - +func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { + policy.AggregateID = r.iamID existingPolicy, err := r.defaultLoginPolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err @@ -65,7 +63,8 @@ func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_ return writeModelToLoginPolicy(existingPolicy), nil } -func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) { +func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { + idpProvider.AggregateID = r.iamID idpModel := NewIAMIdentityProviderWriteModel(idpProvider.AggregateID, idpProvider.IDPConfigID) err := r.eventstore.FilterToQueryReducer(ctx, idpModel) if err != nil { @@ -86,6 +85,7 @@ func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, id } func (r *CommandSide) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) error { + idpProvider.AggregateID = r.iamID idpModel := NewIAMIdentityProviderWriteModel(idpProvider.AggregateID, idpProvider.IDPConfigID) err := r.eventstore.FilterToQueryReducer(ctx, idpModel) if err != nil { @@ -100,8 +100,8 @@ func (r *CommandSide) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Contex return r.eventstore.PushAggregate(ctx, idpModel, iamAgg) } -func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.SecondFactorType) (iam_model.SecondFactorType, error) { - secondFactorModel := NewIAMSecondFactorWriteModel(iamID) +func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, secondFactor iam_model.SecondFactorType) (iam_model.SecondFactorType, error) { + secondFactorModel := NewIAMSecondFactorWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) if err != nil { return iam_model.SecondFactorTypeUnspecified, err @@ -121,8 +121,8 @@ func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, i return iam_model.SecondFactorType(secondFactorModel.MFAType), nil } -func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, iamID string, secondFactor iam_model.SecondFactorType) error { - secondFactorModel := NewIAMSecondFactorWriteModel(iamID) +func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor iam_model.SecondFactorType) error { + secondFactorModel := NewIAMSecondFactorWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) if err != nil { return err @@ -136,8 +136,8 @@ func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Conte return r.eventstore.PushAggregate(ctx, secondFactorModel, iamAgg) } -func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, iamID string, multiFactor iam_model.MultiFactorType) (iam_model.MultiFactorType, error) { - multiFactorModel := NewIAMMultiFactorWriteModel(iamID) +func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multiFactor iam_model.MultiFactorType) (iam_model.MultiFactorType, error) { + multiFactorModel := NewIAMMultiFactorWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) if err != nil { return iam_model.MultiFactorTypeUnspecified, err @@ -155,8 +155,8 @@ func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, ia return iam_model.MultiFactorType(multiFactorModel.MultiFactoryWriteModel.MFAType), nil } -func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, iamID string, multiFactor iam_model.MultiFactorType) error { - multiFactorModel := NewIAMMultiFactorWriteModel(iamID) +func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor iam_model.MultiFactorType) error { + multiFactorModel := NewIAMMultiFactorWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) if err != nil { return err diff --git a/internal/v2/command/iam_policy_login_identity_provider.go b/internal/v2/command/iam_policy_login_identity_provider_model.go similarity index 100% rename from internal/v2/command/iam_policy_login_identity_provider.go rename to internal/v2/command/iam_policy_login_identity_provider_model.go diff --git a/internal/v2/command/iam_policy_org_iam.go b/internal/v2/command/iam_policy_org_iam.go index 8c328cccaa..ed0894a26e 100644 --- a/internal/v2/command/iam_policy_org_iam.go +++ b/internal/v2/command/iam_policy_org_iam.go @@ -3,13 +3,13 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) GetDefaultOrgIAMPolicy(ctx context.Context, aggregateID string) (*iam_model.OrgIAMPolicy, error) { - policyWriteModel := NewIAMOrgIAMPolicyWriteModel(aggregateID) +func (r *CommandSide) GetDefaultOrgIAMPolicy(ctx context.Context) (*domain.OrgIAMPolicy, error) { + policyWriteModel := NewIAMOrgIAMPolicyWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, policyWriteModel) if err != nil { return nil, err @@ -19,7 +19,8 @@ func (r *CommandSide) GetDefaultOrgIAMPolicy(ctx context.Context, aggregateID st return policy, nil } -func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { +func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMOrgIAMPolicyWriteModel(policy.AggregateID) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { @@ -39,7 +40,8 @@ func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_mo return writeModelToOrgIAMPolicy(addedPolicy), nil } -func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { +func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { + policy.AggregateID = r.iamID existingPolicy, err := r.defaultOrgIAMPolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err diff --git a/internal/v2/command/iam_policy_password_age.go b/internal/v2/command/iam_policy_password_age.go index 8946b8cc9e..80f07e0edd 100644 --- a/internal/v2/command/iam_policy_password_age.go +++ b/internal/v2/command/iam_policy_password_age.go @@ -3,12 +3,13 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) { +func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMPasswordAgePolicyWriteModel(policy.AggregateID) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { @@ -29,7 +30,8 @@ func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *i return writeModelToPasswordAgePolicy(addedPolicy), nil } -func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) { +func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { + policy.AggregateID = r.iamID existingPolicy, err := r.defaultPasswordAgePolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err diff --git a/internal/v2/command/iam_policy_password_complexity.go b/internal/v2/command/iam_policy_password_complexity.go index 274e4a3c38..450016175a 100644 --- a/internal/v2/command/iam_policy_password_complexity.go +++ b/internal/v2/command/iam_policy_password_complexity.go @@ -3,13 +3,13 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) GetDefaultPasswordComplexityPolicy(ctx context.Context, aggregateID string) (*iam_model.PasswordComplexityPolicy, error) { - policyWriteModel := NewIAMPasswordComplexityPolicyWriteModel(aggregateID) +func (r *CommandSide) GetDefaultPasswordComplexityPolicy(ctx context.Context) (*domain.PasswordComplexityPolicy, error) { + policyWriteModel := NewIAMPasswordComplexityPolicyWriteModel(r.iamID) err := r.eventstore.FilterToQueryReducer(ctx, policyWriteModel) if err != nil { return nil, err @@ -19,7 +19,8 @@ func (r *CommandSide) GetDefaultPasswordComplexityPolicy(ctx context.Context, ag return policy, nil } -func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) { +func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMPasswordComplexityPolicyWriteModel(policy.AggregateID) iamAgg, err := r.addDefaultPasswordComplexityPolicy(ctx, addedPolicy, policy) if err != nil { @@ -34,7 +35,7 @@ func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, po return writeModelToPasswordComplexityPolicy(addedPolicy), nil } -func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *iam_model.PasswordComplexityPolicy) (*iam_repo.Aggregate, error) { +func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) (*iam_repo.Aggregate, error) { if err := policy.IsValid(); err != nil { return nil, err } @@ -53,7 +54,8 @@ func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, ad return iamAgg, nil } -func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) { +func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { + policy.AggregateID = r.iamID if err := policy.IsValid(); err != nil { return nil, err } diff --git a/internal/v2/command/iam_policy_password_lockout.go b/internal/v2/command/iam_policy_password_lockout.go index 3ac9f03946..2448e34c86 100644 --- a/internal/v2/command/iam_policy_password_lockout.go +++ b/internal/v2/command/iam_policy_password_lockout.go @@ -3,12 +3,13 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) { +func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { + policy.AggregateID = r.iamID addedPolicy := NewIAMPasswordLockoutPolicyWriteModel(policy.AggregateID) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { @@ -29,7 +30,8 @@ func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, polic return writeModelToPasswordLockoutPolicy(addedPolicy), nil } -func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) { +func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { + policy.AggregateID = r.iamID existingPolicy, err := r.defaultPasswordLockoutPolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err diff --git a/internal/v2/command/org_converter.go b/internal/v2/command/org_converter.go index 466d44dcf0..9d3e0f120e 100644 --- a/internal/v2/command/org_converter.go +++ b/internal/v2/command/org_converter.go @@ -1,18 +1,18 @@ package command import ( - "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" ) -func orgWriteModelToOrgIAMPolicy(wm *ORGOrgIAMPolicyWriteModel) *model.OrgIAMPolicy { - return &model.OrgIAMPolicy{ +func orgWriteModelToOrgIAMPolicy(wm *ORGOrgIAMPolicyWriteModel) *domain.OrgIAMPolicy { + return &domain.OrgIAMPolicy{ ObjectRoot: writeModelToObjectRoot(wm.PolicyOrgIAMWriteModel.WriteModel), UserLoginMustBeDomain: wm.UserLoginMustBeDomain, } } -func orgWriteModelToPasswordComplexityPolicy(wm *OrgPasswordComplexityPolicyWriteModel) *model.PasswordComplexityPolicy { - return &model.PasswordComplexityPolicy{ +func orgWriteModelToPasswordComplexityPolicy(wm *OrgPasswordComplexityPolicyWriteModel) *domain.PasswordComplexityPolicy { + return &domain.PasswordComplexityPolicy{ ObjectRoot: writeModelToObjectRoot(wm.PasswordComplexityPolicyWriteModel.WriteModel), MinLength: wm.MinLength, HasLowercase: wm.HasLowercase, diff --git a/internal/v2/command/org_policy_org_iam.go b/internal/v2/command/org_policy_org_iam.go index c71450705b..32293730d5 100644 --- a/internal/v2/command/org_policy_org_iam.go +++ b/internal/v2/command/org_policy_org_iam.go @@ -3,12 +3,12 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) -func (r *CommandSide) GetOrgIAMPolicy(ctx context.Context, orgID string) (*iam_model.OrgIAMPolicy, error) { +func (r *CommandSide) GetOrgIAMPolicy(ctx context.Context, orgID string) (*domain.OrgIAMPolicy, error) { policy := NewORGOrgIAMPolicyWriteModel(orgID) err := r.eventstore.FilterToQueryReducer(ctx, policy) if err != nil { @@ -17,10 +17,10 @@ func (r *CommandSide) GetOrgIAMPolicy(ctx context.Context, orgID string) (*iam_m if policy.IsActive { return orgWriteModelToOrgIAMPolicy(policy), nil } - return r.GetDefaultOrgIAMPolicy(ctx, r.iamID) + return r.GetDefaultOrgIAMPolicy(ctx) } -func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { +func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { addedPolicy := NewORGOrgIAMPolicyWriteModel(policy.AggregateID) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { @@ -40,7 +40,7 @@ func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, policy *iam_model.Org return orgWriteModelToOrgIAMPolicy(addedPolicy), nil } -func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) { +func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { existingPolicy, err := r.orgIAMPolicyWriteModelByID(ctx, policy.AggregateID) if err != nil { return nil, err @@ -65,11 +65,11 @@ func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model. return orgWriteModelToOrgIAMPolicy(existingPolicy), nil } -func (r *CommandSide) orgIAMPolicyWriteModelByID(ctx context.Context, iamID string) (policy *ORGOrgIAMPolicyWriteModel, err error) { +func (r *CommandSide) orgIAMPolicyWriteModelByID(ctx context.Context, orgID string) (policy *ORGOrgIAMPolicyWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - writeModel := NewORGOrgIAMPolicyWriteModel(iamID) + writeModel := NewORGOrgIAMPolicyWriteModel(orgID) err = r.eventstore.FilterToQueryReducer(ctx, writeModel) if err != nil { return nil, err diff --git a/internal/v2/command/org_policy_password_complexity.go b/internal/v2/command/org_policy_password_complexity.go index 534897cfa5..309ef6cdd0 100644 --- a/internal/v2/command/org_policy_password_complexity.go +++ b/internal/v2/command/org_policy_password_complexity.go @@ -2,10 +2,10 @@ package command import ( "context" - iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" ) -func (r *CommandSide) GetOrgPasswordComplexityPolicy(ctx context.Context, orgID string) (*iam_model.PasswordComplexityPolicy, error) { +func (r *CommandSide) GetOrgPasswordComplexityPolicy(ctx context.Context, orgID string) (*domain.PasswordComplexityPolicy, error) { policy := NewOrgPasswordComplexityPolicyWriteModel(orgID) err := r.eventstore.FilterToQueryReducer(ctx, policy) if err != nil { @@ -14,5 +14,5 @@ func (r *CommandSide) GetOrgPasswordComplexityPolicy(ctx context.Context, orgID if policy.IsActive { return orgWriteModelToPasswordComplexityPolicy(policy), nil } - return r.GetDefaultPasswordComplexityPolicy(ctx, r.iamID) + return r.GetDefaultPasswordComplexityPolicy(ctx) } diff --git a/internal/v2/command/setup_step1.go b/internal/v2/command/setup_step1.go index 0782403e8f..67b740c5bb 100644 --- a/internal/v2/command/setup_step1.go +++ b/internal/v2/command/setup_step1.go @@ -4,7 +4,6 @@ import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/v2/domain" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" ) @@ -72,7 +71,7 @@ func (r *CommandSide) SetupStep1(ctx context.Context, iamID string, step1 Step1) //create default login policy iamAgg, err := r.addDefaultLoginPolicy(ctx, NewIAMLoginPolicyWriteModel(iam.AggregateID), - &iam_model.LoginPolicy{ + &domain.LoginPolicy{ AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword, AllowRegister: step1.DefaultLoginPolicy.AllowRegister, AllowExternalIdp: step1.DefaultLoginPolicy.AllowExternalIdp, diff --git a/internal/v2/command/setup_step2.go b/internal/v2/command/setup_step2.go index 46d5ff24af..298a2076e5 100644 --- a/internal/v2/command/setup_step2.go +++ b/internal/v2/command/setup_step2.go @@ -18,7 +18,7 @@ func (r *CommandSide) SetupStep2(ctx context.Context, iamID string, step Step2) if err != nil && !caos_errs.IsNotFound(err) { return err } - iamAgg, err := r.addDefaultPasswordComplexityPolicy(ctx, NewIAMPasswordComplexityPolicyWriteModel(iam.AggregateID), &iam_model.PasswordComplexityPolicy{ + iamAgg, err := r.addDefaultPasswordComplexityPolicy(ctx, NewIAMPasswordComplexityPolicyWriteModel(iam.AggregateID), &domain.PasswordComplexityPolicy{ MinLength: step.DefaultPasswordComplexityPolicy.MinLength, HasLowercase: step.DefaultPasswordComplexityPolicy.HasLowercase, HasUppercase: step.DefaultPasswordComplexityPolicy.HasUppercase, diff --git a/internal/v2/command/user.go b/internal/v2/command/user.go index 9da407266c..5ef65bd812 100644 --- a/internal/v2/command/user.go +++ b/internal/v2/command/user.go @@ -4,12 +4,11 @@ import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/telemetry/tracing" - usr_model "github.com/caos/zitadel/internal/user/model" "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/repository/user" ) -func (r *CommandSide) AddUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) { +func (r *CommandSide) AddUser(ctx context.Context, user *domain.User) (*domain.User, error) { if !user.IsValid() { return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.User.Invalid") } @@ -19,14 +18,27 @@ func (r *CommandSide) AddUser(ctx context.Context, user *usr_model.User) (*usr_m if err != nil { return nil, err } - return &usr_model.User{UserName: user.UserName, Human: human}, nil + return &domain.User{UserName: user.UserName, Human: human}, nil } else if user.Machine != nil { } return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-8K0df", "Errors.User.TypeUndefined") } -func (r *CommandSide) DeactivateUser(ctx context.Context, userID string) (*usr_model.User, error) { +func (r *CommandSide) RegisterUser(ctx context.Context, user *domain.User) (*domain.User, error) { + if !user.IsValid() { + return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.User.Invalid") + } + + if user.Human != nil { + + } else if user.Machine != nil { + + } + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-8K0df", "Errors.User.TypeUndefined") +} + +func (r *CommandSide) DeactivateUser(ctx context.Context, userID string) (*domain.User, error) { existingUser, err := r.userWriteModelByID(ctx, userID) if err != nil { return nil, err @@ -47,7 +59,7 @@ func (r *CommandSide) DeactivateUser(ctx context.Context, userID string) (*usr_m return writeModelToUser(existingUser), nil } -func (r *CommandSide) ReactivateUser(ctx context.Context, userID string) (*usr_model.User, error) { +func (r *CommandSide) ReactivateUser(ctx context.Context, userID string) (*domain.User, error) { existingUser, err := r.userWriteModelByID(ctx, userID) if err != nil { return nil, err @@ -68,7 +80,7 @@ func (r *CommandSide) ReactivateUser(ctx context.Context, userID string) (*usr_m return writeModelToUser(existingUser), nil } -func (r *CommandSide) LockUser(ctx context.Context, userID string) (*usr_model.User, error) { +func (r *CommandSide) LockUser(ctx context.Context, userID string) (*domain.User, error) { existingUser, err := r.userWriteModelByID(ctx, userID) if err != nil { return nil, err @@ -89,7 +101,7 @@ func (r *CommandSide) LockUser(ctx context.Context, userID string) (*usr_model.U return writeModelToUser(existingUser), nil } -func (r *CommandSide) UnlockUser(ctx context.Context, userID string) (*usr_model.User, error) { +func (r *CommandSide) UnlockUser(ctx context.Context, userID string) (*domain.User, error) { existingUser, err := r.userWriteModelByID(ctx, userID) if err != nil { return nil, err diff --git a/internal/v2/command/user_converter.go b/internal/v2/command/user_converter.go index bf9a9d4f64..241fc7eea2 100644 --- a/internal/v2/command/user_converter.go +++ b/internal/v2/command/user_converter.go @@ -2,31 +2,39 @@ package command import ( "github.com/caos/zitadel/internal/user/model" + "github.com/caos/zitadel/internal/v2/domain" ) -func writeModelToUser(wm *UserWriteModel) *model.User { - return &model.User{ +func writeModelToUser(wm *UserWriteModel) *domain.User { + return &domain.User{ ObjectRoot: writeModelToObjectRoot(wm.WriteModel), UserName: wm.UserName, - State: model.UserState(wm.UserState), + State: wm.UserState, } } -func writeModelToHuman(wm *HumanWriteModel) *model.Human { - return &model.Human{ +func writeModelToHuman(wm *HumanWriteModel) *domain.Human { + return &domain.Human{ ObjectRoot: writeModelToObjectRoot(wm.WriteModel), - Profile: &model.Profile{ + Profile: &domain.Profile{ FirstName: wm.FirstName, LastName: wm.LastName, NickName: wm.NickName, DisplayName: wm.DisplayName, PreferredLanguage: wm.PreferredLanguage, - Gender: model.Gender(wm.Gender), + Gender: wm.Gender, }, - Email: &model.Email{ + Email: &domain.Email{ EmailAddress: wm.Email, IsEmailVerified: wm.IsEmailVerified, }, + Address: &domain.Address{ + Country: wm.Country, + Locality: wm.Locality, + PostalCode: wm.PostalCode, + Region: wm.Region, + StreetAddress: wm.StreetAddress, + }, } } diff --git a/internal/v2/command/user_human.go b/internal/v2/command/user_human.go index 88736f43f2..5587c32f32 100644 --- a/internal/v2/command/user_human.go +++ b/internal/v2/command/user_human.go @@ -3,12 +3,11 @@ package command import ( "context" caos_errs "github.com/caos/zitadel/internal/errors" - usr_model "github.com/caos/zitadel/internal/user/model" "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/repository/user" ) -func (r *CommandSide) AddHuman(ctx context.Context, orgID, username string, human *usr_model.Human) (*usr_model.Human, error) { +func (r *CommandSide) AddHuman(ctx context.Context, orgID, username string, human *domain.Human) (*domain.Human, error) { if !human.IsValid() { return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid") } @@ -21,16 +20,16 @@ func (r *CommandSide) AddHuman(ctx context.Context, orgID, username string, huma if err != nil { return nil, err } - //pwPolicy, err := r.GetOrgPasswordComplexityPolicy(ctx, orgID) - //if err != nil { - // return nil, err - //} + pwPolicy, err := r.GetOrgPasswordComplexityPolicy(ctx, orgID) + if err != nil { + return nil, err + } addedHuman := NewHumanWriteModel(human.AggregateID) //TODO: Check Unique Username human.CheckOrgIAMPolicy(username, orgIAMPolicy) human.SetNamesAsDisplayname() - //human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true) + human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true) userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel) userAgg.PushEvents( @@ -42,7 +41,7 @@ func (r *CommandSide) AddHuman(ctx context.Context, orgID, username string, huma human.NickName, human.DisplayName, human.PreferredLanguage, - domain.Gender(human.Gender), + human.Gender, human.EmailAddress, human.PhoneNumber, human.Country, diff --git a/internal/v2/domain/human.go b/internal/v2/domain/human.go index 1644604962..7f4a1ff340 100644 --- a/internal/v2/domain/human.go +++ b/internal/v2/domain/human.go @@ -1,5 +1,40 @@ package domain +import ( + "github.com/caos/zitadel/internal/crypto" + caos_errors "github.com/caos/zitadel/internal/errors" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "strings" + "time" +) + +type Human struct { + es_models.ObjectRoot + + *Password + *Profile + *Email + *Phone + *Address + ExternalIDPs []*ExternalIDP + InitCode *InitUserCode + EmailCode *EmailCode + PhoneCode *PhoneCode + PasswordCode *PasswordCode + OTP *OTP + U2FTokens []*WebAuthNToken + PasswordlessTokens []*WebAuthNToken + U2FLogins []*WebAuthNLogin + PasswordlessLogins []*WebAuthNLogin +} + +type InitUserCode struct { + es_models.ObjectRoot + + Code *crypto.CryptoValue + Expiry time.Duration +} + type Gender int32 const ( @@ -14,3 +49,33 @@ const ( func (f Gender) Valid() bool { return f >= 0 && f < genderCount } + +func (u *Human) IsValid() bool { + return u.Profile != nil && u.FirstName != "" && u.LastName != "" && u.Email != nil && u.Email.IsValid() && u.Phone == nil || (u.Phone != nil && u.Phone.PhoneNumber != "" && u.Phone.IsValid()) +} + +func (u *Human) CheckOrgIAMPolicy(userName string, policy *OrgIAMPolicy) error { + if policy == nil { + return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-zSH7j", "Errors.Users.OrgIamPolicyNil") + } + if policy.UserLoginMustBeDomain && strings.Contains(userName, "@") { + return caos_errors.ThrowPreconditionFailed(nil, "DOMAIN-se4sJ", "Errors.User.EmailAsUsernameNotAllowed") + } + if !policy.UserLoginMustBeDomain && u.Profile != nil && userName == "" && u.Email != nil { + userName = u.EmailAddress + } + return nil +} + +func (u *Human) SetNamesAsDisplayname() { + if u.Profile != nil && u.DisplayName == "" && u.FirstName != "" && u.LastName != "" { + u.DisplayName = u.FirstName + " " + u.LastName + } +} + +func (u *Human) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error { + if u.Password != nil { + return u.Password.HashPasswordIfExisting(policy, passwordAlg, onetime) + } + return nil +} diff --git a/internal/v2/domain/human_address.go b/internal/v2/domain/human_address.go new file mode 100644 index 0000000000..b216b0bb63 --- /dev/null +++ b/internal/v2/domain/human_address.go @@ -0,0 +1,13 @@ +package domain + +import es_models "github.com/caos/zitadel/internal/eventstore/models" + +type Address struct { + es_models.ObjectRoot + + Country string + Locality string + PostalCode string + Region string + StreetAddress string +} diff --git a/internal/v2/domain/human_email.go b/internal/v2/domain/human_email.go new file mode 100644 index 0000000000..344fb4069b --- /dev/null +++ b/internal/v2/domain/human_email.go @@ -0,0 +1,25 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/crypto" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "time" +) + +type Email struct { + es_models.ObjectRoot + + EmailAddress string + IsEmailVerified bool +} + +type EmailCode struct { + es_models.ObjectRoot + + Code *crypto.CryptoValue + Expiry time.Duration +} + +func (e *Email) IsValid() bool { + return e.EmailAddress != "" +} diff --git a/internal/v2/domain/human_external_idp.go b/internal/v2/domain/human_external_idp.go new file mode 100644 index 0000000000..0c7c1f1f52 --- /dev/null +++ b/internal/v2/domain/human_external_idp.go @@ -0,0 +1,11 @@ +package domain + +import es_models "github.com/caos/zitadel/internal/eventstore/models" + +type ExternalIDP struct { + es_models.ObjectRoot + + IDPConfigID string + UserID string + DisplayName string +} diff --git a/internal/v2/domain/human_otp.go b/internal/v2/domain/human_otp.go new file mode 100644 index 0000000000..28051da1fd --- /dev/null +++ b/internal/v2/domain/human_otp.go @@ -0,0 +1,15 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/crypto" + es_models "github.com/caos/zitadel/internal/eventstore/models" +) + +type OTP struct { + es_models.ObjectRoot + + Secret *crypto.CryptoValue + SecretString string + Url string + State MFAState +} diff --git a/internal/v2/domain/human_password.go b/internal/v2/domain/human_password.go new file mode 100644 index 0000000000..24f3b257f6 --- /dev/null +++ b/internal/v2/domain/human_password.go @@ -0,0 +1,43 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/crypto" + caos_errs "github.com/caos/zitadel/internal/errors" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "time" +) + +type Password struct { + es_models.ObjectRoot + + SecretString string + SecretCrypto *crypto.CryptoValue + ChangeRequired bool +} + +type PasswordCode struct { + es_models.ObjectRoot + + Code *crypto.CryptoValue + Expiry time.Duration + NotificationType NotificationType +} + +func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error { + if p.SecretString == "" { + return nil + } + if policy == nil { + return caos_errs.ThrowPreconditionFailed(nil, "DOMAIN-s8ifS", "Errors.User.PasswordComplexityPolicy.NotFound") + } + if err := policy.Check(p.SecretString); err != nil { + return err + } + secret, err := crypto.Hash([]byte(p.SecretString), passwordAlg) + if err != nil { + return err + } + p.SecretCrypto = secret + p.ChangeRequired = onetime + return nil +} diff --git a/internal/v2/domain/human_phone.go b/internal/v2/domain/human_phone.go new file mode 100644 index 0000000000..448c8b703f --- /dev/null +++ b/internal/v2/domain/human_phone.go @@ -0,0 +1,41 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/crypto" + caos_errs "github.com/caos/zitadel/internal/errors" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "github.com/ttacon/libphonenumber" + "time" +) + +const ( + defaultRegion = "CH" +) + +type Phone struct { + es_models.ObjectRoot + + PhoneNumber string + IsPhoneVerified bool +} + +type PhoneCode struct { + es_models.ObjectRoot + + Code *crypto.CryptoValue + Expiry time.Duration +} + +func (p *Phone) IsValid() bool { + err := p.formatPhone() + return p.PhoneNumber != "" && err == nil +} + +func (p *Phone) formatPhone() error { + phoneNr, err := libphonenumber.Parse(p.PhoneNumber, defaultRegion) + if err != nil { + return caos_errs.ThrowPreconditionFailed(nil, "EVENT-so0wa", "Errors.User.Phone.Invalid") + } + p.PhoneNumber = libphonenumber.Format(phoneNr, libphonenumber.E164) + return nil +} diff --git a/internal/v2/domain/human_profile.go b/internal/v2/domain/human_profile.go new file mode 100644 index 0000000000..c90a8a6902 --- /dev/null +++ b/internal/v2/domain/human_profile.go @@ -0,0 +1,19 @@ +package domain + +import ( + es_models "github.com/caos/zitadel/internal/eventstore/models" + "golang.org/x/text/language" +) + +type Profile struct { + es_models.ObjectRoot + + FirstName string + LastName string + NickName string + DisplayName string + PreferredLanguage language.Tag + Gender Gender + PreferredLoginName string + LoginNames []string +} diff --git a/internal/v2/domain/human_web_auth_n.go b/internal/v2/domain/human_web_auth_n.go new file mode 100644 index 0000000000..69c43972ae --- /dev/null +++ b/internal/v2/domain/human_web_auth_n.go @@ -0,0 +1,40 @@ +package domain + +import es_models "github.com/caos/zitadel/internal/eventstore/models" + +type WebAuthNToken struct { + es_models.ObjectRoot + + WebAuthNTokenID string + CredentialCreationData []byte + State MFAState + Challenge string + AllowedCredentialIDs [][]byte + UserVerification UserVerificationRequirement + KeyID []byte + PublicKey []byte + AttestationType string + AAGUID []byte + SignCount uint32 + WebAuthNTokenName string +} + +type WebAuthNLogin struct { + es_models.ObjectRoot + + CredentialAssertionData []byte + Challenge string + AllowedCredentialIDs [][]byte + UserVerification UserVerificationRequirement + //TODO: Add Auth Request + //*model.AuthRequest +} + +type UserVerificationRequirement int32 + +const ( + UserVerificationRequirementUnspecified UserVerificationRequirement = iota + UserVerificationRequirementRequired + UserVerificationRequirementPreferred + UserVerificationRequirementDiscouraged +) diff --git a/internal/v2/domain/iam_member.go b/internal/v2/domain/iam_member.go new file mode 100644 index 0000000000..a4f8941197 --- /dev/null +++ b/internal/v2/domain/iam_member.go @@ -0,0 +1,16 @@ +package domain + +import ( + es_models "github.com/caos/zitadel/internal/eventstore/models" +) + +type IAMMember struct { + es_models.ObjectRoot + + UserID string + Roles []string +} + +func (i *IAMMember) IsValid() bool { + return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0 +} diff --git a/internal/v2/domain/idp_config.go b/internal/v2/domain/idp_config.go index 48f03b8057..7a45182f81 100644 --- a/internal/v2/domain/idp_config.go +++ b/internal/v2/domain/idp_config.go @@ -1,5 +1,53 @@ package domain +import ( + "github.com/caos/zitadel/internal/crypto" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "time" +) + +type IDPConfig struct { + es_models.ObjectRoot + IDPConfigID string + Type IDPConfigType + Name string + StylingType IDPConfigStylingType + State IDPConfigState + OIDCConfig *OIDCIDPConfig +} + +type IDPConfigView struct { + AggregateID string + IDPConfigID string + Name string + StylingType IDPConfigStylingType + State IDPConfigState + CreationDate time.Time + ChangeDate time.Time + Sequence uint64 + IDPProviderType IdentityProviderType + + IsOIDC bool + OIDCClientID string + OIDCClientSecret *crypto.CryptoValue + OIDCIssuer string + OIDCScopes []string + OIDCIDPDisplayNameMapping OIDCMappingField + OIDCUsernameMapping OIDCMappingField +} + +type OIDCIDPConfig struct { + es_models.ObjectRoot + IDPConfigID string + ClientID string + ClientSecret *crypto.CryptoValue + ClientSecretString string + Issuer string + Scopes []string + IDPDisplayNameMapping OIDCMappingField + UsernameMapping OIDCMappingField +} + type IDPConfigType int32 const ( @@ -32,7 +80,8 @@ func (f IDPConfigState) Valid() bool { type IDPConfigStylingType int32 const ( - IDPConfigStylingTypeGoogle IDPConfigStylingType = iota + 1 + IDPConfigStylingTypeUnspecified IDPConfigStylingType = iota + IDPConfigStylingTypeGoogle idpConfigStylingTypeCount ) diff --git a/internal/v2/domain/machine.go b/internal/v2/domain/machine.go new file mode 100644 index 0000000000..8913792498 --- /dev/null +++ b/internal/v2/domain/machine.go @@ -0,0 +1,14 @@ +package domain + +import "github.com/caos/zitadel/internal/eventstore/models" + +type Machine struct { + models.ObjectRoot + + Name string + Description string +} + +func (sa *Machine) IsValid() bool { + return sa.Name != "" +} diff --git a/internal/v2/domain/policy_label.go b/internal/v2/domain/policy_label.go new file mode 100644 index 0000000000..53548acf47 --- /dev/null +++ b/internal/v2/domain/policy_label.go @@ -0,0 +1,13 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/eventstore/models" +) + +type LabelPolicy struct { + models.ObjectRoot + + Default bool + PrimaryColor string + SecondaryColor string +} diff --git a/internal/v2/domain/policy_login.go b/internal/v2/domain/policy_login.go index b98f718460..ee6eeab0db 100644 --- a/internal/v2/domain/policy_login.go +++ b/internal/v2/domain/policy_login.go @@ -1,5 +1,27 @@ package domain +import "github.com/caos/zitadel/internal/eventstore/models" + +type LoginPolicy struct { + models.ObjectRoot + + Default bool + AllowUsernamePassword bool + AllowRegister bool + AllowExternalIdp bool + IDPProviders []*IDPProvider + ForceMFA bool + SecondFactors []SecondFactorType + MultiFactors []MultiFactorType + PasswordlessType PasswordlessType +} + +type IDPProvider struct { + models.ObjectRoot + Type IdentityProviderType + IDPConfigID string +} + type PasswordlessType int32 const ( diff --git a/internal/v2/domain/policy_org_iam.go b/internal/v2/domain/policy_org_iam.go new file mode 100644 index 0000000000..bcde9ec26d --- /dev/null +++ b/internal/v2/domain/policy_org_iam.go @@ -0,0 +1,12 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/eventstore/models" +) + +type OrgIAMPolicy struct { + models.ObjectRoot + + UserLoginMustBeDomain bool + Default bool +} diff --git a/internal/v2/domain/policy_password_age.go b/internal/v2/domain/policy_password_age.go new file mode 100644 index 0000000000..92bf8a4d7b --- /dev/null +++ b/internal/v2/domain/policy_password_age.go @@ -0,0 +1,12 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/eventstore/models" +) + +type PasswordAgePolicy struct { + models.ObjectRoot + + MaxAgeDays uint64 + ExpireWarnDays uint64 +} diff --git a/internal/v2/domain/policy_password_complexity.go b/internal/v2/domain/policy_password_complexity.go new file mode 100644 index 0000000000..318691425a --- /dev/null +++ b/internal/v2/domain/policy_password_complexity.go @@ -0,0 +1,56 @@ +package domain + +import ( + caos_errs "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore/models" + "regexp" +) + +var ( + hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString + hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString + hasNumber = regexp.MustCompile(`[0-9]`).MatchString + hasSymbol = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString +) + +type PasswordComplexityPolicy struct { + models.ObjectRoot + + MinLength uint64 + HasLowercase bool + HasUppercase bool + HasNumber bool + HasSymbol bool + + Default bool +} + +func (p *PasswordComplexityPolicy) IsValid() error { + if p.MinLength == 0 || p.MinLength > 72 { + return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed") + } + return nil +} + +func (p *PasswordComplexityPolicy) Check(password string) error { + if p.MinLength != 0 && uint64(len(password)) < p.MinLength { + return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength") + } + + if p.HasLowercase && !hasStringLowerCase(password) { + return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower") + } + + if p.HasUppercase && !hasStringUpperCase(password) { + return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper") + } + + if p.HasNumber && !hasNumber(password) { + return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber") + } + + if p.HasSymbol && !hasSymbol(password) { + return caos_errs.ThrowInvalidArgument(nil, "DOMAIN-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol") + } + return nil +} diff --git a/internal/v2/domain/policy_password_lockout.go b/internal/v2/domain/policy_password_lockout.go new file mode 100644 index 0000000000..b6ab37746a --- /dev/null +++ b/internal/v2/domain/policy_password_lockout.go @@ -0,0 +1,12 @@ +package domain + +import ( + "github.com/caos/zitadel/internal/eventstore/models" +) + +type PasswordLockoutPolicy struct { + models.ObjectRoot + + MaxAttempts uint64 + ShowLockOutFailures bool +} diff --git a/internal/v2/domain/user.go b/internal/v2/domain/user.go index b836434f04..ef23506cce 100644 --- a/internal/v2/domain/user.go +++ b/internal/v2/domain/user.go @@ -1,5 +1,16 @@ package domain +import es_models "github.com/caos/zitadel/internal/eventstore/models" + +type User struct { + es_models.ObjectRoot + State UserState + UserName string + + *Human + *Machine +} + type UserState int32 const ( @@ -17,3 +28,13 @@ const ( func (f UserState) Valid() bool { return f >= 0 && f < userStateCount } + +func (u *User) IsValid() bool { + if u.Human == nil && u.Machine == nil || u.UserName == "" { + return false + } + if u.Human != nil { + return u.Human.IsValid() + } + return u.Machine.IsValid() +} diff --git a/internal/v2/query/converter.go b/internal/v2/query/converter.go index 24efe2f1a7..72e0635d1e 100644 --- a/internal/v2/query/converter.go +++ b/internal/v2/query/converter.go @@ -4,6 +4,7 @@ import ( "github.com/caos/zitadel/internal/eventstore/models" "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" ) func readModelToIAM(readModel *ReadModel) *model.IAM { @@ -24,25 +25,28 @@ func readModelToIAM(readModel *ReadModel) *model.IAM { } } -func readModelToIDPConfigView(rm *IAMIDPConfigReadModel) *model.IDPConfigView { - return &model.IDPConfigView{ - AggregateID: rm.AggregateID, - ChangeDate: rm.ChangeDate, - CreationDate: rm.CreationDate, - IDPConfigID: rm.ConfigID, - IDPProviderType: model.IDPProviderType(rm.ProviderType), - IsOIDC: rm.OIDCConfig != nil, - Name: rm.Name, - OIDCClientID: rm.OIDCConfig.ClientID, - OIDCClientSecret: rm.OIDCConfig.ClientSecret, - OIDCIDPDisplayNameMapping: model.OIDCMappingField(rm.OIDCConfig.IDPDisplayNameMapping), - OIDCIssuer: rm.OIDCConfig.Issuer, - OIDCScopes: rm.OIDCConfig.Scopes, - OIDCUsernameMapping: model.OIDCMappingField(rm.OIDCConfig.UserNameMapping), - Sequence: rm.ProcessedSequence, - State: model.IDPConfigState(rm.State), - StylingType: model.IDPStylingType(rm.StylingType), +func readModelToIDPConfigView(rm *IAMIDPConfigReadModel) *domain.IDPConfigView { + converted := &domain.IDPConfigView{ + AggregateID: rm.AggregateID, + ChangeDate: rm.ChangeDate, + CreationDate: rm.CreationDate, + IDPConfigID: rm.ConfigID, + IDPProviderType: rm.ProviderType, + IsOIDC: rm.OIDCConfig != nil, + Name: rm.Name, + Sequence: rm.ProcessedSequence, + State: rm.State, + StylingType: rm.StylingType, } + if rm.OIDCConfig != nil { + converted.OIDCClientID = rm.OIDCConfig.ClientID + converted.OIDCClientSecret = rm.OIDCConfig.ClientSecret + converted.OIDCIDPDisplayNameMapping = rm.OIDCConfig.IDPDisplayNameMapping + converted.OIDCIssuer = rm.OIDCConfig.Issuer + converted.OIDCScopes = rm.OIDCConfig.Scopes + converted.OIDCUsernameMapping = rm.OIDCConfig.UserNameMapping + } + return converted } func readModelToMember(readModel *MemberReadModel) *model.IAMMember { diff --git a/internal/v2/query/iam_idp_config.go b/internal/v2/query/iam_idp_config.go new file mode 100644 index 0000000000..24a562fc63 --- /dev/null +++ b/internal/v2/query/iam_idp_config.go @@ -0,0 +1,16 @@ +package query + +import ( + "context" + "github.com/caos/zitadel/internal/v2/domain" +) + +func (r *QuerySide) DefaultIDPConfigByID(ctx context.Context, idpConfigID string) (*domain.IDPConfigView, error) { + idpConfig := NewIAMIDPConfigReadModel(r.iamID, idpConfigID) + err := r.eventstore.FilterToQueryReducer(ctx, idpConfig) + if err != nil { + return nil, err + } + + return readModelToIDPConfigView(idpConfig), nil +} diff --git a/internal/v2/query/idp_config.go b/internal/v2/query/idp_config.go deleted file mode 100644 index baff84ab32..0000000000 --- a/internal/v2/query/idp_config.go +++ /dev/null @@ -1,16 +0,0 @@ -package query - -import ( - "context" - "github.com/caos/zitadel/internal/iam/model" -) - -func (r *QuerySide) DefaultIDPConfigByID(ctx context.Context, iamID, idpConfigID string) (*model.IDPConfigView, error) { - idpConfig := NewIAMIDPConfigReadModel(iamID, idpConfigID) - err := r.eventstore.FilterToQueryReducer(ctx, idpConfig) - if err != nil { - return nil, err - } - - return readModelToIDPConfigView(idpConfig), nil -} diff --git a/internal/v2/query/query.go b/internal/v2/query/query.go index d650300761..464491dc7e 100644 --- a/internal/v2/query/query.go +++ b/internal/v2/query/query.go @@ -13,6 +13,7 @@ import ( ) type QuerySide struct { + iamID string eventstore *eventstore.Eventstore idGenerator id.Generator secretCrypto crypto.Crypto @@ -25,6 +26,7 @@ type Config struct { func StartQuerySide(config *Config) (repo *QuerySide, err error) { repo = &QuerySide{ + iamID: config.SystemDefaults.IamID, eventstore: config.Eventstore, idGenerator: id.SonyFlakeGenerator, }