feat: Config to eventstore (#3158)

* feat: add default language to eventstore * feat: add secret generator configs events * feat: tests * feat: secret generators in eventstore * feat: secret generators in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * fix: migrations * fix migration version * fix test * feat: change secret generator type to enum * feat: change smtp attribute names * feat: change smtp attribute names * feat: remove engryption algorithms from command side * feat: remove engryption algorithms from command side * feat: smtp config * feat: smtp config * format smtp from header Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 20:47:32 +00:00 · 2022-02-16 16:49:17 +01:00
parent 4272ea6fe1
commit e3528ff0b2
118 changed files with 5216 additions and 686 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -5,6 +5,7 @@ import (
 	"time"

 	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/crypto"

 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
@@ -32,6 +33,7 @@ type AuthRequestRepo struct {
 	AuthRequests cache.AuthRequestCache
 	View         *view.View
 	Eventstore   v1.Eventstore
+	UserCodeAlg  crypto.EncryptionAlgorithm

 	LabelPolicyProvider       labelPolicyProvider
 	UserSessionViewProvider   userSessionViewProvider
@@ -54,8 +56,6 @@ type AuthRequestRepo struct {
 	MFAInitSkippedLifeTime     time.Duration
 	SecondFactorCheckLifeTime  time.Duration
 	MultiFactorCheckLifeTime   time.Duration
-
-	IAMID string
 }

 type labelPolicyProvider interface {
@@ -381,13 +381,21 @@ func (repo *AuthRequestRepo) VerifyPasswordlessSetup(ctx context.Context, userID
 func (repo *AuthRequestRepo) BeginPasswordlessInitCodeSetup(ctx context.Context, userID, resourceOwner, codeID, verificationCode string, preferredPlatformType domain.AuthenticatorAttachment) (login *domain.WebAuthNToken, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	return repo.Command.HumanAddPasswordlessSetupInitCode(ctx, userID, resourceOwner, codeID, verificationCode, preferredPlatformType)
+	passwordlessInitCode, err := repo.Query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypePasswordlessInitCode, repo.UserCodeAlg)
+	if err != nil {
+		return nil, err
+	}
+	return repo.Command.HumanAddPasswordlessSetupInitCode(ctx, userID, resourceOwner, codeID, verificationCode, preferredPlatformType, passwordlessInitCode)
 }

 func (repo *AuthRequestRepo) VerifyPasswordlessInitCodeSetup(ctx context.Context, userID, resourceOwner, userAgentID, tokenName, codeID, verificationCode string, credentialData []byte) (err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	_, err = repo.Command.HumanPasswordlessSetupInitCode(ctx, userID, resourceOwner, tokenName, userAgentID, codeID, verificationCode, credentialData)
+	passwordlessInitCode, err := repo.Query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypePasswordlessInitCode, repo.UserCodeAlg)
+	if err != nil {
+		return err
+	}
+	_, err = repo.Command.HumanPasswordlessSetupInitCode(ctx, userID, resourceOwner, tokenName, userAgentID, codeID, verificationCode, credentialData, passwordlessInitCode)
 	return err
 }

@@ -447,7 +455,15 @@ func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, regis
 	if err != nil {
 		return err
 	}
-	human, err := repo.Command.RegisterHuman(ctx, resourceOwner, registerUser, externalIDP, orgMemberRoles)
+	initCodeGenerator, err := repo.Query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypeInitCode, repo.UserCodeAlg)
+	if err != nil {
+		return err
+	}
+	phoneCodeGenerator, err := repo.Query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypeVerifyPhoneCode, repo.UserCodeAlg)
+	if err != nil {
+		return err
+	}
+	human, err := repo.Command.RegisterHuman(ctx, resourceOwner, registerUser, externalIDP, orgMemberRoles, initCodeGenerator, phoneCodeGenerator)
 	if err != nil {
 		return err
 	}
@@ -519,7 +535,7 @@ func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context,
 	if !policy.AllowExternalIDPs {
 		return policy, nil, nil
 	}
-	idpProviders, err := getLoginPolicyIDPProviders(repo.IDPProviderViewProvider, repo.IAMID, orgID, policy.IsDefault)
+	idpProviders, err := getLoginPolicyIDPProviders(repo.IDPProviderViewProvider, domain.IAMID, orgID, policy.IsDefault)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -534,7 +550,7 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
 		orgID = request.UserOrgID
 	}
 	if orgID == "" {
-		orgID = repo.IAMID
+		orgID = domain.IAMID
 	}

 	loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, orgID)
--- a/internal/auth/repository/eventsourcing/eventstore/org.go
+++ b/internal/auth/repository/eventsourcing/eventstore/org.go
@@ -53,5 +53,5 @@ func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*d
 }

 func (p *OrgRepository) getIAMEvents(ctx context.Context, sequence uint64) ([]*models.Event, error) {
-	return p.Eventstore.FilterEvents(ctx, models.NewSearchQuery().AggregateIDFilter(p.SystemDefaults.IamID).AggregateTypeFilter(iam.AggregateType))
+	return p.Eventstore.FilterEvents(ctx, models.NewSearchQuery().AggregateIDFilter(domain.IAMID).AggregateTypeFilter(iam.AggregateType))
 }
--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -32,8 +32,7 @@ func (h *handler) Eventstore() v1.Eventstore {
 func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, systemDefaults sd.SystemDefaults, queries *query2.Queries) []query.Handler {
 	return []query.Handler{
 		newUser(
-			handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es},
-			systemDefaults.IamID, queries),
+			handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es}, queries),
 		newUserSession(
 			handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount, es}),
 		newToken(
--- a/internal/auth/repository/eventsourcing/handler/idp_providers.go
+++ b/internal/auth/repository/eventsourcing/handler/idp_providers.go
@@ -111,7 +111,7 @@ func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
 	case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
 		esConfig := new(iam_view_model.IDPConfigView)
 		providerType := iam_model.IDPProviderTypeSystem
-		if event.AggregateID != i.systemDefaults.IamID {
+		if event.AggregateID != domain.IAMID {
 			providerType = iam_model.IDPProviderTypeOrg
 		}
 		esConfig.AppendEvent(providerType, event)
@@ -120,7 +120,7 @@ func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
 			return err
 		}
 		config := new(query2.IDP)
-		if event.AggregateID == i.systemDefaults.IamID {
+		if event.AggregateID == domain.IAMID {
 			config, err = i.getDefaultIDPConfig(context.TODO(), esConfig.IDPConfigID)
 		} else {
 			config, err = i.getOrgIDPConfig(context.TODO(), event.AggregateID, esConfig.IDPConfigID)
--- a/internal/auth/repository/eventsourcing/handler/user.go
+++ b/internal/auth/repository/eventsourcing/handler/user.go
@@ -25,19 +25,16 @@ const (

 type User struct {
 	handler
-	iamID        string
 	subscription *v1.Subscription
 	queries      *query2.Queries
 }

 func newUser(
 	handler handler,
-	iamID string,
 	queries *query2.Queries,
 ) *User {
 	h := &User{
 		handler: handler,
-		iamID:   iamID,
 		queries: queries,
 	}

--- a/internal/auth/repository/eventsourcing/repository.go
+++ b/internal/auth/repository/eventsourcing/repository.go
@@ -33,7 +33,7 @@ type EsRepository struct {
 	eventstore.OrgRepository
 }

-func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, dbClient *sql.DB, keyConfig *crypto.KeyConfig, assetsPrefix string) (*EsRepository, error) {
+func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, dbClient *sql.DB, keyConfig *crypto.KeyConfig, assetsPrefix string, userCrypto *crypto.AESCrypto) (*EsRepository, error) {
 	es, err := v1.Start(dbClient)
 	if err != nil {
 		return nil, err
@@ -80,6 +80,7 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Comma
 			AuthRequests:               authReq,
 			View:                       view,
 			Eventstore:                 es,
+			UserCodeAlg:                userCrypto,
 			UserSessionViewProvider:    view,
 			UserViewProvider:           view,
 			UserCommandProvider:        command,
@@ -96,7 +97,6 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Comma
 			MFAInitSkippedLifeTime:     systemDefaults.VerificationLifetimes.MFAInitSkip,
 			SecondFactorCheckLifeTime:  systemDefaults.VerificationLifetimes.SecondFactorCheck,
 			MultiFactorCheckLifeTime:   systemDefaults.VerificationLifetimes.MultiFactorCheck,
-			IAMID:                      systemDefaults.IamID,
 		},
 		eventstore.TokenRepo{
 			View:       view,