feat: add apple as idp (#6442)

* feat: manage apple idp * handle apple idp callback * add tests for provider * basic console implementation * implement flow for login UI and add logos / styling * tests * cleanup * add upload button * begin i18n * apple logo positioning, file upload component * fix add apple instance idp * add missing apple logos for login * update to go 1.21 * fix slice compare * revert permission changes * concrete error messages * translate login apple logo -y-2px * change form parsing * sign in button * fix tests * lint console --------- Co-authored-by: peintnermax <max@caos.ch>
2025-08-11 21:17:32 +00:00 · 2023-08-31 08:39:16 +02:00
parent 0d94947d3c
commit e17b49e4ca
89 changed files with 4384 additions and 64 deletions
--- a/internal/query/idp_template.go
+++ b/internal/query/idp_template.go
@@ -43,6 +43,7 @@ type IDPTemplate struct {
 	*GitLabSelfHostedIDPTemplate
 	*GoogleIDPTemplate
 	*LDAPIDPTemplate
+	*AppleIDPTemplate
 }

 type IDPTemplates struct {
@@ -140,6 +141,15 @@ type LDAPIDPTemplate struct {
 	idp.LDAPAttributes
 }

+type AppleIDPTemplate struct {
+	IDPID      string
+	ClientID   string
+	TeamID     string
+	KeyID      string
+	PrivateKey *crypto.CryptoValue
+	Scopes     database.StringArray
+}
+
 var (
 	idpTemplateTable = table{
 		name:          projection.IDPTemplateTable,
@@ -605,6 +615,41 @@ var (
 	}
 )

+var (
+	appleIdpTemplateTable = table{
+		name:          projection.IDPTemplateAppleTable,
+		instanceIDCol: projection.AppleInstanceIDCol,
+	}
+	AppleIDCol = Column{
+		name:  projection.AppleIDCol,
+		table: appleIdpTemplateTable,
+	}
+	AppleInstanceIDCol = Column{
+		name:  projection.AppleInstanceIDCol,
+		table: appleIdpTemplateTable,
+	}
+	AppleClientIDCol = Column{
+		name:  projection.AppleClientIDCol,
+		table: appleIdpTemplateTable,
+	}
+	AppleTeamIDCol = Column{
+		name:  projection.AppleTeamIDCol,
+		table: appleIdpTemplateTable,
+	}
+	AppleKeyIDCol = Column{
+		name:  projection.AppleKeyIDCol,
+		table: appleIdpTemplateTable,
+	}
+	ApplePrivateKeyCol = Column{
+		name:  projection.ApplePrivateKeyCol,
+		table: appleIdpTemplateTable,
+	}
+	AppleScopesCol = Column{
+		name:  projection.AppleScopesCol,
+		table: appleIdpTemplateTable,
+	}
+)
+
 // IDPTemplateByID searches for the requested id
 func (q *Queries) IDPTemplateByID(ctx context.Context, shouldTriggerBulk bool, id string, withOwnerRemoved bool, queries ...SearchQuery) (template *IDPTemplate, err error) {
 	ctx, span := tracing.NewSpan(ctx)
@@ -799,6 +844,13 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 			LDAPPreferredLanguageAttributeCol.identifier(),
 			LDAPAvatarURLAttributeCol.identifier(),
 			LDAPProfileAttributeCol.identifier(),
+			// apple
+			AppleIDCol.identifier(),
+			AppleClientIDCol.identifier(),
+			AppleTeamIDCol.identifier(),
+			AppleKeyIDCol.identifier(),
+			ApplePrivateKeyCol.identifier(),
+			AppleScopesCol.identifier(),
 		).From(idpTemplateTable.identifier()).
 			LeftJoin(join(OAuthIDCol, IDPTemplateIDCol)).
 			LeftJoin(join(OIDCIDCol, IDPTemplateIDCol)).
@@ -809,7 +861,8 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 			LeftJoin(join(GitLabIDCol, IDPTemplateIDCol)).
 			LeftJoin(join(GitLabSelfHostedIDCol, IDPTemplateIDCol)).
 			LeftJoin(join(GoogleIDCol, IDPTemplateIDCol)).
-			LeftJoin(join(LDAPIDCol, IDPTemplateIDCol) + db.Timetravel(call.Took(ctx))).
+			LeftJoin(join(LDAPIDCol, IDPTemplateIDCol)).
+			LeftJoin(join(AppleIDCol, IDPTemplateIDCol) + db.Timetravel(call.Took(ctx))).
 			PlaceholderFormat(sq.Dollar),
 		func(row *sql.Row) (*IDPTemplate, error) {
 			idpTemplate := new(IDPTemplate)
@@ -898,6 +951,13 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 			ldapAvatarURLAttribute := sql.NullString{}
 			ldapProfileAttribute := sql.NullString{}

+			appleID := sql.NullString{}
+			appleClientID := sql.NullString{}
+			appleTeamID := sql.NullString{}
+			appleKeyID := sql.NullString{}
+			applePrivateKey := new(crypto.CryptoValue)
+			appleScopes := database.StringArray{}
+
 			err := row.Scan(
 				&idpTemplate.ID,
 				&idpTemplate.ResourceOwner,
@@ -994,6 +1054,13 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 				&ldapPreferredLanguageAttribute,
 				&ldapAvatarURLAttribute,
 				&ldapProfileAttribute,
+				// apple
+				&appleID,
+				&appleClientID,
+				&appleTeamID,
+				&appleKeyID,
+				&applePrivateKey,
+				&appleScopes,
 			)
 			if err != nil {
 				if errs.Is(err, sql.ErrNoRows) {
@@ -1118,6 +1185,16 @@ func prepareIDPTemplateByIDQuery(ctx context.Context, db prepareDatabase) (sq.Se
 					},
 				}
 			}
+			if appleID.Valid {
+				idpTemplate.AppleIDPTemplate = &AppleIDPTemplate{
+					IDPID:      appleID.String,
+					ClientID:   appleClientID.String,
+					TeamID:     appleTeamID.String,
+					KeyID:      appleKeyID.String,
+					PrivateKey: applePrivateKey,
+					Scopes:     appleScopes,
+				}
+			}

 			return idpTemplate, nil
 		}
@@ -1220,6 +1297,14 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 			LDAPPreferredLanguageAttributeCol.identifier(),
 			LDAPAvatarURLAttributeCol.identifier(),
 			LDAPProfileAttributeCol.identifier(),
+			// apple
+			AppleIDCol.identifier(),
+			AppleClientIDCol.identifier(),
+			AppleTeamIDCol.identifier(),
+			AppleKeyIDCol.identifier(),
+			ApplePrivateKeyCol.identifier(),
+			AppleScopesCol.identifier(),
+			// count
 			countColumn.identifier(),
 		).From(idpTemplateTable.identifier()).
 			LeftJoin(join(OAuthIDCol, IDPTemplateIDCol)).
@@ -1231,7 +1316,8 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 			LeftJoin(join(GitLabIDCol, IDPTemplateIDCol)).
 			LeftJoin(join(GitLabSelfHostedIDCol, IDPTemplateIDCol)).
 			LeftJoin(join(GoogleIDCol, IDPTemplateIDCol)).
-			LeftJoin(join(LDAPIDCol, IDPTemplateIDCol) + db.Timetravel(call.Took(ctx))).
+			LeftJoin(join(LDAPIDCol, IDPTemplateIDCol)).
+			LeftJoin(join(AppleIDCol, IDPTemplateIDCol) + db.Timetravel(call.Took(ctx))).
 			PlaceholderFormat(sq.Dollar),
 		func(rows *sql.Rows) (*IDPTemplates, error) {
 			templates := make([]*IDPTemplate, 0)
@@ -1323,6 +1409,13 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 				ldapAvatarURLAttribute := sql.NullString{}
 				ldapProfileAttribute := sql.NullString{}

+				appleID := sql.NullString{}
+				appleClientID := sql.NullString{}
+				appleTeamID := sql.NullString{}
+				appleKeyID := sql.NullString{}
+				applePrivateKey := new(crypto.CryptoValue)
+				appleScopes := database.StringArray{}
+
 				err := rows.Scan(
 					&idpTemplate.ID,
 					&idpTemplate.ResourceOwner,
@@ -1419,6 +1512,13 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 					&ldapPreferredLanguageAttribute,
 					&ldapAvatarURLAttribute,
 					&ldapProfileAttribute,
+					// apple
+					&appleID,
+					&appleClientID,
+					&appleTeamID,
+					&appleKeyID,
+					&applePrivateKey,
+					&appleScopes,
 					&count,
 				)

@@ -1542,6 +1642,16 @@ func prepareIDPTemplatesQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 						},
 					}
 				}
+				if appleID.Valid {
+					idpTemplate.AppleIDPTemplate = &AppleIDPTemplate{
+						IDPID:      appleID.String,
+						ClientID:   appleClientID.String,
+						TeamID:     appleTeamID.String,
+						KeyID:      appleKeyID.String,
+						PrivateKey: applePrivateKey,
+						Scopes:     appleScopes,
+					}
+				}
 				templates = append(templates, idpTemplate)
 			}