feat: restrict languages (#6931)

* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions
2025-08-11 20:47:32 +00:00 · 2023-12-05 12:12:01 +01:00
parent 236930f109
commit dd33538c0a
123 changed files with 4133 additions and 2058 deletions
--- a/internal/command/user_human_profile_test.go
+++ b/internal/command/user_human_profile_test.go
@@ -8,7 +8,7 @@ import (
 	"golang.org/x/text/language"

 	"github.com/zitadel/zitadel/internal/domain"
-	caos_errs "github.com/zitadel/zitadel/internal/errors"
+	zitadel_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/repository/user"
@@ -36,8 +36,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 		{
 			name: "user not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: eventstoreExpect(t,
 					expectFilter(),
 				),
 			},
@@ -51,13 +50,13 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 					LastName:          "lastname",
 					NickName:          "nickname",
 					DisplayName:       "displayname",
-					PreferredLanguage: language.German,
+					PreferredLanguage: AllowedLanguage,
 					Gender:            domain.GenderFemale,
 				},
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: caos_errs.IsPreconditionFailed,
+				err: zitadel_errs.IsPreconditionFailed,
 			},
 		},
 		{
@@ -74,7 +73,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 								"lastname",
 								"nickname",
 								"displayname",
-								language.German,
+								AllowedLanguage,
 								domain.GenderFemale,
 								"email",
 								true,
@@ -93,13 +92,13 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 					LastName:          "lastname",
 					NickName:          "nickname",
 					DisplayName:       "displayname",
-					PreferredLanguage: language.German,
+					PreferredLanguage: AllowedLanguage,
 					Gender:            domain.GenderFemale,
 				},
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: caos_errs.IsPreconditionFailed,
+				err: zitadel_errs.IsPreconditionFailed,
 			},
 		},
 		{
@@ -116,7 +115,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 								"lastname",
 								"nickname",
 								"displayname",
-								language.German,
+								DisallowedLanguage,
 								domain.GenderUnspecified,
 								"email",
 								true,
@@ -130,7 +129,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 							"lastname2",
 							"nickname2",
 							"displayname2",
-							language.English,
+							AllowedLanguage,
 							domain.GenderMale,
 						),
 					),
@@ -146,7 +145,7 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 					LastName:          "lastname2",
 					NickName:          "nickname2",
 					DisplayName:       "displayname2",
-					PreferredLanguage: language.English,
+					PreferredLanguage: AllowedLanguage,
 					Gender:            domain.GenderMale,
 				},
 				resourceOwner: "org1",
@@ -161,7 +160,133 @@ func TestCommandSide_ChangeHumanProfile(t *testing.T) {
 					LastName:          "lastname2",
 					NickName:          "nickname2",
 					DisplayName:       "displayname2",
-					PreferredLanguage: language.English,
+					PreferredLanguage: AllowedLanguage,
+					Gender:            domain.GenderMale,
+				},
+			},
+		},
+		{
+			name: "undefined preferred language, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"username",
+								"firstname",
+								"lastname",
+								"nickname",
+								"displayname",
+								DisallowedLanguage,
+								domain.GenderUnspecified,
+								"email",
+								true,
+							),
+						),
+					),
+					expectPush(
+						newProfileChangedEvent(context.Background(),
+							"user1", "org1",
+							"firstname2",
+							"lastname2",
+							"nickname2",
+							"displayname2",
+							language.Und,
+							domain.GenderMale,
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				address: &domain.Profile{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "user1",
+					},
+					FirstName:   "firstname2",
+					LastName:    "lastname2",
+					NickName:    "nickname2",
+					DisplayName: "displayname2",
+					Gender:      domain.GenderMale,
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.Profile{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					FirstName:         "firstname2",
+					LastName:          "lastname2",
+					NickName:          "nickname2",
+					DisplayName:       "displayname2",
+					PreferredLanguage: language.Und,
+					Gender:            domain.GenderMale,
+				},
+			},
+		}, {
+			name: "unsupported preferred language, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"username",
+								"firstname",
+								"lastname",
+								"nickname",
+								"displayname",
+								DisallowedLanguage,
+								domain.GenderUnspecified,
+								"email",
+								true,
+							),
+						),
+					),
+					expectPush(
+						newProfileChangedEvent(context.Background(),
+							"user1", "org1",
+							"firstname2",
+							"lastname2",
+							"nickname2",
+							"displayname2",
+							UnsupportedLanguage,
+							domain.GenderMale,
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				address: &domain.Profile{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "user1",
+					},
+					FirstName:         "firstname2",
+					LastName:          "lastname2",
+					NickName:          "nickname2",
+					DisplayName:       "displayname2",
+					PreferredLanguage: UnsupportedLanguage,
+					Gender:            domain.GenderMale,
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.Profile{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					FirstName:         "firstname2",
+					LastName:          "lastname2",
+					NickName:          "nickname2",
+					DisplayName:       "displayname2",
+					PreferredLanguage: UnsupportedLanguage,
 					Gender:            domain.GenderMale,
 				},
 			},