TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 20:17:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: remove org (#4148)

Browse Source 
* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Silvan 2022-11-30 17:01:17 +01:00 committed by GitHub
parent 21a4e73bb6
commit f3e6f3b23b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
304 changed files with 7293 additions and 3286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/defaults.yaml
View File

@ -566,6 +566,7 @@ InternalAuthZ:
- "org.global.read"
- "org.create"
- "org.write"
- "org.delete"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
@ -639,6 +640,7 @@ InternalAuthZ:
- "org.global.read"
- "org.create"
- "org.write"
- "org.delete"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
@ -710,6 +712,7 @@ InternalAuthZ:
- "org.global.read"
- "org.create"
- "org.write"
- "org.delete"
- "org.member.read"
- "org.member.write"
- "org.member.delete"

28
cmd/setup/06.go Normal file
View File

@ -0,0 +1,28 @@
package setup
import (
"context"
"database/sql"
_ "embed"
)
var (
//go:embed 06/adminapi.sql
createAdminViews06 string
//go:embed 06/auth.sql
createAuthViews06 string
)
type OwnerRemoveColumns struct {
dbClient *sql.DB
}
func (mig *OwnerRemoveColumns) Execute(ctx context.Context) error {
stmt := createAdminViews06 + createAuthViews06
_, err := mig.dbClient.ExecContext(ctx, stmt)
return err
}
func (mig *OwnerRemoveColumns) String() string {
return "06_resource_owner_columns"
}

30
cmd/setup/06/adminapi.sql Normal file
View File

@ -0,0 +1,30 @@
CREATE TABLE adminapi.styling2 (
aggregate_id TEXT NOT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
label_policy_state INT2 NOT NULL DEFAULT 0::INT2,
sequence INT8 NULL,
primary_color TEXT NULL,
background_color TEXT NULL,
warn_color TEXT NULL,
font_color TEXT NULL,
primary_color_dark TEXT NULL,
background_color_dark TEXT NULL,
warn_color_dark TEXT NULL,
font_color_dark TEXT NULL,
logo_url TEXT NULL,
icon_url TEXT NULL,
logo_dark_url TEXT NULL,
icon_dark_url TEXT NULL,
font_url TEXT NULL,
err_msg_popup BOOL NULL,
disable_watermark BOOL NULL,
hide_login_name_suffix BOOL NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, aggregate_id, label_policy_state)
);
CREATE INDEX owner_removed_idx ON adminapi.styling2 (owner_removed);

124
cmd/setup/06/auth.sql Normal file
View File

@ -0,0 +1,124 @@
CREATE TABLE auth.users2 (
id TEXT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
resource_owner TEXT NULL,
user_state INT2 NULL,
password_set BOOL NULL,
password_change_required BOOL NULL,
password_change TIMESTAMPTZ NULL,
last_login TIMESTAMPTZ NULL,
user_name TEXT NULL,
login_names TEXT[] NULL,
preferred_login_name TEXT NULL,
first_name TEXT NULL,
last_name TEXT NULL,
nick_name TEXT NULL,
display_name TEXT NULL,
preferred_language TEXT NULL,
gender INT2 NULL,
email TEXT NULL,
is_email_verified BOOL NULL,
phone TEXT NULL,
is_phone_verified BOOL NULL,
country TEXT NULL,
locality TEXT NULL,
postal_code TEXT NULL,
region TEXT NULL,
street_address TEXT NULL,
otp_state INT2 NULL,
mfa_max_set_up INT2 NULL,
mfa_init_skipped TIMESTAMPTZ NULL,
sequence INT8 NULL,
init_required BOOL NULL,
username_change_required BOOL NULL,
machine_name TEXT NULL,
machine_description TEXT NULL,
user_type TEXT NULL,
u2f_tokens BYTEA NULL,
passwordless_tokens BYTEA NULL,
avatar_key TEXT NULL,
passwordless_init_required BOOL NULL,
password_init_required BOOL NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, id)
);
CREATE INDEX owner_removed_idx ON auth.users2 (owner_removed);
CREATE TABLE auth.user_external_idps2 (
external_user_id TEXT NOT NULL,
idp_config_id TEXT NOT NULL,
user_id TEXT NULL,
idp_name TEXT NULL,
user_display_name TEXT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
sequence INT8 NULL,
resource_owner TEXT NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, external_user_id, idp_config_id)
);
CREATE INDEX owner_removed_idx ON auth.user_external_idps2 (owner_removed);
CREATE TABLE auth.org_project_mapping2 (
org_id TEXT NOT NULL,
project_id TEXT NOT NULL,
project_grant_id TEXT NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, org_id, project_id)
);
CREATE INDEX owner_removed_idx ON auth.org_project_mapping2 (owner_removed);
CREATE TABLE auth.idp_providers2 (
aggregate_id TEXT NOT NULL,
idp_config_id TEXT NOT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
sequence INT8 NULL,
name TEXT NULL,
idp_config_type INT2 NULL,
idp_provider_type INT2 NULL,
idp_state INT2 NULL,
styling_type INT2 NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, aggregate_id, idp_config_id)
);
CREATE INDEX owner_removed_idx ON auth.idp_providers2 (owner_removed);
CREATE TABLE auth.idp_configs2 (
idp_config_id TEXT NOT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
sequence INT8 NULL,
aggregate_id TEXT NULL,
name TEXT NULL,
idp_state INT2 NULL,
idp_provider_type INT2 NULL,
is_oidc BOOL NULL,
oidc_client_id TEXT NULL,
oidc_client_secret JSONB NULL,
oidc_issuer TEXT NULL,
oidc_scopes TEXT[] NULL,
oidc_idp_display_name_mapping INT2 NULL,
oidc_idp_username_mapping INT2 NULL,
styling_type INT2 NULL,
oauth_authorization_endpoint TEXT NULL,
oauth_token_endpoint TEXT NULL,
auto_register BOOL NULL,
jwt_endpoint TEXT NULL,
jwt_keys_endpoint TEXT NULL,
jwt_header_name TEXT NULL,
instance_id TEXT NOT NULL,
owner_removed BOOL DEFAULT false,
PRIMARY KEY (instance_id, idp_config_id)
);
CREATE INDEX owner_removed_idx ON auth.idp_configs2 (owner_removed);

11
cmd/setup/config.go
View File

@ -54,11 +54,12 @@ func MustNewConfig(v *viper.Viper) *Config {
}
type Steps struct {
s1ProjectionTable *ProjectionTable
s2AssetsTable *AssetTable
FirstInstance *FirstInstance
s4EventstoreIndexes *EventstoreIndexes
s5LastFailed *LastFailed
s1ProjectionTable *ProjectionTable
s2AssetsTable *AssetTable
FirstInstance *FirstInstance
s4EventstoreIndexes *EventstoreIndexes
s5LastFailed *LastFailed
s6OwnerRemoveColumns *OwnerRemoveColumns
}
type encryptionKeyConfig struct {

3
cmd/setup/setup.go
View File

@ -83,6 +83,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
steps.s4EventstoreIndexes = &EventstoreIndexes{dbClient: dbClient, dbType: config.Database.Type()}
steps.s5LastFailed = &LastFailed{dbClient: dbClient}
steps.s6OwnerRemoveColumns = &OwnerRemoveColumns{dbClient: dbClient}
err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil)
logging.OnError(err).Fatal("unable to start projections")
@ -110,6 +111,8 @@ func Setup(config *Config, steps *Steps, masterKey string) {
logging.OnError(err).Fatal("unable to migrate step 4")
err = migration.Migrate(ctx, eventstoreClient, steps.s5LastFailed)
logging.OnError(err).Fatal("unable to migrate step 5")
err = migration.Migrate(ctx, eventstoreClient, steps.s6OwnerRemoveColumns)
logging.OnError(err).Fatal("unable to migrate step 6")
for _, repeatableStep := range repeatableSteps {
err = migration.Migrate(ctx, eventstoreClient, repeatableStep)

3
console/src/assets/i18n/de.json
View File

@ -829,7 +829,8 @@
"STATE": {
"0": "Nicht definiert",
"1": "Aktiv",
"2": "Inaktiv"
"2": "Inaktiv",
"3": "Entfernt"
},
"MEMBER": {
"TITLE": "Manager der Organisation verwalten",

3
console/src/assets/i18n/en.json
View File

@ -829,7 +829,8 @@
"STATE": {
"0": "Not defined",
"1": "Active",
"2": "Deactivated"
"2": "Deactivated",
"3": "Removed"
},
"MEMBER": {
"TITLE": "Organization Managers",

3
console/src/assets/i18n/fr.json
View File

@ -829,7 +829,8 @@
"STATE": {
"0": "Non défini",
"1": "Actif",
"2": "Désactivé"
"2": "Désactivé",
"3": "Supprimé"
},
"MEMBER": {
"TITLE": "Gestionnaires de l'organisation",

3
console/src/assets/i18n/it.json
View File

@ -829,7 +829,8 @@
"STATE": {
"0": "Non definito",
"1": "Attivo",
"2": "Disattivato"
"2": "Disattivato",
"3": "Rimosso"
},
"MEMBER": {
"TITLE": "Manager dell'organizzazione",

3
console/src/assets/i18n/zh.json
View File

@ -829,7 +829,8 @@
"STATE": {
"0": "未定义",
"1": "启用",
"2": "停用"
"2": "停用",
"3": "移除"
},
"MEMBER": {
"TITLE": "组织管理者",

30
docs/docs/apis/proto/management.md
View File

@ -804,6 +804,19 @@ Sets the state of my organisation to active
POST: /orgs/me/_reactivate
### RemoveOrg
> **rpc** RemoveOrg([RemoveOrgRequest](#removeorgrequest))
[RemoveOrgResponse](#removeorgresponse)
Sets the state of my organisation and all its resource (Users, Projects, Grants to and from the org) to removed
Users of this organisation will not be able login
DELETE: /orgs/me
### SetOrgMetadata
> **rpc** SetOrgMetadata([SetOrgMetadataRequest](#setorgmetadatarequest))
@ -7051,6 +7064,23 @@ This is an empty response
### RemoveOrgRequest
### RemoveOrgResponse
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| details | zitadel.v1.ObjectDetails | - | |
### RemovePersonalAccessTokenRequest

1
docs/docs/apis/proto/org.md
View File

@ -135,6 +135,7 @@ title: zitadel/org.proto
| ORG_STATE_UNSPECIFIED | 0 | - |
| ORG_STATE_ACTIVE | 1 | - |
| ORG_STATE_INACTIVE | 2 | - |
| ORG_STATE_REMOVED | 3 | - |

4
internal/admin/repository/eventsourcing/handler/styling.go
View File

@ -25,7 +25,7 @@ import (
)
const (
stylingTable = "adminapi.styling"
stylingTable = "adminapi.styling2"
)
type Styling struct {
@ -156,6 +156,8 @@ func (m *Styling) processLabelPolicy(event *models.Event) (err error) {
return err
}
return m.view.DeleteInstanceStyling(event)
case org.OrgRemovedEventType:
return m.view.UpdateOrgOwnerRemovedStyling(event)
default:
return m.view.ProcessedStylingSequence(event)
}

10
internal/admin/repository/eventsourcing/view/styling.go
View File

@ -8,7 +8,7 @@ import (
)
const (
stylingTyble = "adminapi.styling"
stylingTyble = "adminapi.styling2"
)
func (v *View) StylingByAggregateIDAndState(aggregateID, instanceID string, state int32) (*model.LabelPolicyView, error) {
@ -31,6 +31,14 @@ func (v *View) DeleteInstanceStyling(event *models.Event) error {
return v.ProcessedStylingSequence(event)
}
func (v *View) UpdateOrgOwnerRemovedStyling(event *models.Event) error {
err := view.UpdateOrgOwnerRemovedStyling(v.Db, stylingTyble, event.InstanceID, event.AggregateID)
if err != nil {
return err
}
return v.ProcessedStylingSequence(event)
}
func (v *View) GetLatestStylingSequence(instanceID string) (*global_view.CurrentSequence, error) {
return v.latestSequence(stylingTyble, instanceID)
}

2
internal/api/assets/login_policy.go
View File

@ -376,7 +376,7 @@ func getLabelPolicy(ctx context.Context, defaultPolicy, preview bool, queries *q
if preview {
return queries.PreviewLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
}
return queries.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
return queries.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID, false)
}
func getLabelPolicyResourceOwner(ctx context.Context, defaultPolicy, preview bool, queries *query.Queries) string {

12
internal/api/grpc/admin/custom_text.go
View File

@ -23,7 +23,7 @@ func (s *Server) GetDefaultInitMessageText(ctx context.Context, req *admin_pb.Ge
}
func (s *Server) GetCustomInitMessageText(ctx context.Context, req *admin_pb.GetCustomInitMessageTextRequest) (*admin_pb.GetCustomInitMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.InitCodeMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.InitCodeMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -71,7 +71,7 @@ func (s *Server) GetDefaultPasswordResetMessageText(ctx context.Context, req *ad
}
func (s *Server) GetCustomPasswordResetMessageText(ctx context.Context, req *admin_pb.GetCustomPasswordResetMessageTextRequest) (*admin_pb.GetCustomPasswordResetMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordResetMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordResetMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -119,7 +119,7 @@ func (s *Server) GetDefaultVerifyEmailMessageText(ctx context.Context, req *admi
}
func (s *Server) GetCustomVerifyEmailMessageText(ctx context.Context, req *admin_pb.GetCustomVerifyEmailMessageTextRequest) (*admin_pb.GetCustomVerifyEmailMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyEmailMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyEmailMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -167,7 +167,7 @@ func (s *Server) GetDefaultVerifyPhoneMessageText(ctx context.Context, req *admi
}
func (s *Server) GetCustomVerifyPhoneMessageText(ctx context.Context, req *admin_pb.GetCustomVerifyPhoneMessageTextRequest) (*admin_pb.GetCustomVerifyPhoneMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyPhoneMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyPhoneMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -215,7 +215,7 @@ func (s *Server) GetDefaultDomainClaimedMessageText(ctx context.Context, req *ad
}
func (s *Server) GetCustomDomainClaimedMessageText(ctx context.Context, req *admin_pb.GetCustomDomainClaimedMessageTextRequest) (*admin_pb.GetCustomDomainClaimedMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.DomainClaimedMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.DomainClaimedMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -263,7 +263,7 @@ func (s *Server) GetDefaultPasswordlessRegistrationMessageText(ctx context.Conte
}
func (s *Server) GetCustomPasswordlessRegistrationMessageText(ctx context.Context, req *admin_pb.GetCustomPasswordlessRegistrationMessageTextRequest) (*admin_pb.GetCustomPasswordlessRegistrationMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordlessRegistrationMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordlessRegistrationMessageType, req.Language, false)
if err != nil {
return nil, err
}

4
internal/api/grpc/admin/domain_policy.go
View File

@ -19,7 +19,7 @@ func (s *Server) GetDomainPolicy(ctx context.Context, _ *admin_pb.GetDomainPolic
}
func (s *Server) GetCustomDomainPolicy(ctx context.Context, req *admin_pb.GetCustomDomainPolicyRequest) (*admin_pb.GetCustomDomainPolicyResponse, error) {
policy, err := s.query.DomainPolicyByOrg(ctx, true, req.OrgId)
policy, err := s.query.DomainPolicyByOrg(ctx, true, req.OrgId, false)
if err != nil {
return nil, err
}
@ -154,7 +154,7 @@ func (s *Server) GetOrgIAMPolicy(ctx context.Context, _ *admin_pb.GetOrgIAMPolic
}
func (s *Server) GetCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.GetCustomOrgIAMPolicyRequest) (*admin_pb.GetCustomOrgIAMPolicyResponse, error) {
policy, err := s.query.DomainPolicyByOrg(ctx, true, req.OrgId)
policy, err := s.query.DomainPolicyByOrg(ctx, true, req.OrgId, false)
if err != nil {
return nil, err
}

62
internal/api/grpc/admin/export.go
View File

@ -254,7 +254,7 @@ func (s *Server) getDomainPolicy(ctx context.Context, orgID string) (_ *admin_pb
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedDomain, err := s.query.DomainPolicyByOrg(ctx, true, orgID)
queriedDomain, err := s.query.DomainPolicyByOrg(ctx, true, orgID, false)
if err != nil {
return nil, err
}
@ -277,7 +277,7 @@ func (s *Server) getDomains(ctx context.Context, orgID string) (_ []*org_pb.Doma
if err != nil {
return nil, err
}
orgDomainsQuery, err := s.query.SearchOrgDomains(ctx, &query.OrgDomainSearchQueries{Queries: []query.SearchQuery{orgDomainOrgIDQuery}})
orgDomainsQuery, err := s.query.SearchOrgDomains(ctx, &query.OrgDomainSearchQueries{Queries: []query.SearchQuery{orgDomainOrgIDQuery}}, false)
if err != nil {
return nil, err
}
@ -306,7 +306,7 @@ func (s *Server) getIDPs(ctx context.Context, orgID string) (_ []*v1_pb.DataOIDC
if err != nil {
return nil, nil, err
}
idps, err := s.query.IDPs(ctx, &query.IDPSearchQueries{Queries: []query.SearchQuery{idpQuery, ownerType}})
idps, err := s.query.IDPs(ctx, &query.IDPSearchQueries{Queries: []query.SearchQuery{idpQuery, ownerType}}, false)
if err != nil {
return nil, nil, err
}
@ -314,7 +314,7 @@ func (s *Server) getIDPs(ctx context.Context, orgID string) (_ []*v1_pb.DataOIDC
jwtIdps := make([]*v1_pb.DataJWTIDP, 0)
for _, idp := range idps.IDPs {
if idp.OIDCIDP != nil {
clientSecret, err := s.query.GetOIDCIDPClientSecret(ctx, false, orgID, idp.ID)
clientSecret, err := s.query.GetOIDCIDPClientSecret(ctx, false, orgID, idp.ID, false)
if err != nil && !caos_errors.IsNotFound(err) {
return nil, nil, err
}
@ -354,7 +354,7 @@ func (s *Server) getLabelPolicy(ctx context.Context, orgID string) (_ *managemen
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedLabel, err := s.query.ActiveLabelPolicyByOrg(ctx, orgID)
queriedLabel, err := s.query.ActiveLabelPolicyByOrg(ctx, orgID, false)
if err != nil {
return nil, err
}
@ -379,7 +379,7 @@ func (s *Server) getLoginPolicy(ctx context.Context, orgID string, orgIDPs []str
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedLogin, err := s.query.LoginPolicyByID(ctx, false, orgID)
queriedLogin, err := s.query.LoginPolicyByID(ctx, false, orgID, false)
if err != nil {
return nil, err
}
@ -400,7 +400,7 @@ func (s *Server) getLoginPolicy(ctx context.Context, orgID string, orgIDPs []str
multiFactors = append(multiFactors, policy_pb.MultiFactorType(factor))
}
idpLinksQuery, err := s.query.IDPLoginPolicyLinks(ctx, orgID, &query.IDPLoginPolicyLinksSearchQuery{})
idpLinksQuery, err := s.query.IDPLoginPolicyLinks(ctx, orgID, &query.IDPLoginPolicyLinksSearchQuery{}, false)
if err != nil {
return nil, err
}
@ -456,7 +456,7 @@ func (s *Server) getUserLinks(ctx context.Context, orgID string) (_ []*idp_pb.ID
if err != nil {
return nil, err
}
idpUserLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userLinksResourceOwner}})
idpUserLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userLinksResourceOwner}}, false)
if err != nil {
return nil, err
}
@ -479,7 +479,7 @@ func (s *Server) getLockoutPolicy(ctx context.Context, orgID string) (_ *managem
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedLockout, err := s.query.LockoutPolicyByOrg(ctx, false, orgID)
queriedLockout, err := s.query.LockoutPolicyByOrg(ctx, false, orgID, false)
if err != nil {
return nil, err
}
@ -495,7 +495,7 @@ func (s *Server) getPasswordComplexityPolicy(ctx context.Context, orgID string)
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedPasswordComplexity, err := s.query.PasswordComplexityPolicyByOrg(ctx, false, orgID)
queriedPasswordComplexity, err := s.query.PasswordComplexityPolicyByOrg(ctx, false, orgID, false)
if err != nil {
return nil, err
}
@ -515,7 +515,7 @@ func (s *Server) getPrivacyPolicy(ctx context.Context, orgID string) (_ *managem
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedPrivacy, err := s.query.PrivacyPolicyByOrg(ctx, false, orgID)
queriedPrivacy, err := s.query.PrivacyPolicyByOrg(ctx, false, orgID, false)
if err != nil {
return nil, err
}
@ -537,7 +537,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
if err != nil {
return nil, nil, nil, nil, err
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}})
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, false)
if err != nil {
return nil, nil, nil, nil, err
}
@ -619,7 +619,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
return nil, nil, nil, nil, err
}
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{userIDQuery, orgIDQuery}})
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{userIDQuery, orgIDQuery}}, false)
if err != nil {
return nil, nil, nil, nil, err
}
@ -640,7 +640,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
if err != nil {
return nil, nil, nil, nil, err
}
metadataList, err := s.query.SearchUserMetadata(ctx, false, user.ID, &query.UserMetadataSearchQueries{Queries: []query.SearchQuery{metadataOrgSearch}})
metadataList, err := s.query.SearchUserMetadata(ctx, false, user.ID, &query.UserMetadataSearchQueries{Queries: []query.SearchQuery{metadataOrgSearch}}, false)
metaspan.EndWithError(err)
if err != nil {
return nil, nil, nil, nil, err
@ -663,7 +663,7 @@ func (s *Server) getTriggerActions(ctx context.Context, org string, processedAct
triggerActions := make([]*management_pb.SetTriggerActionsRequest, 0)
for _, flowType := range flowTypes {
flow, err := s.query.GetFlow(ctx, flowType, org)
flow, err := s.query.GetFlow(ctx, flowType, org, false)
if err != nil {
return nil, err
}
@ -693,7 +693,7 @@ func (s *Server) getActions(ctx context.Context, org string) ([]*v1_pb.DataActio
if err != nil {
return nil, err
}
queriedActions, err := s.query.SearchActions(ctx, &query.ActionSearchQueries{Queries: []query.SearchQuery{actionSearch}})
queriedActions, err := s.query.SearchActions(ctx, &query.ActionSearchQueries{Queries: []query.SearchQuery{actionSearch}}, false)
if err != nil {
return nil, err
}
@ -720,7 +720,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
if err != nil {
return nil, nil, nil, nil, nil, err
}
queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}})
queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}}, false)
if err != nil {
return nil, nil, nil, nil, nil, err
}
@ -747,7 +747,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
return nil, nil, nil, nil, nil, err
}
queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}})
queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}}, false)
if err != nil {
return nil, nil, nil, nil, nil, err
}
@ -764,7 +764,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
if err != nil {
return nil, nil, nil, nil, nil, err
}
apps, err := s.query.SearchApps(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{appSearch}})
apps, err := s.query.SearchApps(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{appSearch}}, false)
if err != nil {
return nil, nil, nil, nil, nil, err
}
@ -824,7 +824,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
if err != nil {
return nil, nil, nil, nil, nil, err
}
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{appIDQuery, projectIDQuery, orgIDQuery}})
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{appIDQuery, projectIDQuery, orgIDQuery}}, false)
if err != nil {
return nil, nil, nil, nil, nil, err
}
@ -854,7 +854,7 @@ func (s *Server) getNecessaryProjectGrantMembersForOrg(ctx context.Context, org
return nil, err
}
queriedProjectMembers, err := s.query.ProjectGrantMembers(ctx, &query.ProjectGrantMembersQuery{ProjectID: projectID, OrgID: org, GrantID: grantID, MembersQuery: query.MembersQuery{Queries: []query.SearchQuery{search}}})
queriedProjectMembers, err := s.query.ProjectGrantMembers(ctx, &query.ProjectGrantMembersQuery{ProjectID: projectID, OrgID: org, GrantID: grantID, MembersQuery: query.MembersQuery{Queries: []query.SearchQuery{search}}}, false)
if err != nil {
return nil, err
}
@ -882,7 +882,7 @@ func (s *Server) getNecessaryProjectMembersForOrg(ctx context.Context, processed
projectMembers := make([]*management_pb.AddProjectMemberRequest, 0)
for _, projectID := range processedProjects {
queriedProjectMembers, err := s.query.ProjectMembers(ctx, &query.ProjectMembersQuery{ProjectID: projectID})
queriedProjectMembers, err := s.query.ProjectMembers(ctx, &query.ProjectMembersQuery{ProjectID: projectID}, false)
if err != nil {
return nil, err
}
@ -903,7 +903,7 @@ func (s *Server) getNecessaryProjectMembersForOrg(ctx context.Context, processed
}
func (s *Server) getNecessaryOrgMembersForOrg(ctx context.Context, org string, processedUsers []string) ([]*management_pb.AddOrgMemberRequest, error) {
queriedOrgMembers, err := s.query.OrgMembers(ctx, &query.OrgMembersQuery{OrgID: org})
queriedOrgMembers, err := s.query.OrgMembers(ctx, &query.OrgMembersQuery{OrgID: org}, false)
if err != nil {
return nil, err
}
@ -928,7 +928,7 @@ func (s *Server) getNecessaryProjectGrantsForOrg(ctx context.Context, org string
if err != nil {
return nil, err
}
queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}})
queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}}, false)
if err != nil {
return nil, err
}
@ -966,7 +966,7 @@ func (s *Server) getNecessaryUserGrantsForOrg(ctx context.Context, org string, p
return nil, err
}
queriedUserGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantSearchOrg}})
queriedUserGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantSearchOrg}}, false)
if err != nil {
return nil, err
}
@ -1061,7 +1061,7 @@ func (s *Server) getCustomLoginTexts(ctx context.Context, org string, languages
func (s *Server) getCustomInitMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomInitMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomInitMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.InitCodeMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.InitCodeMessageType, lang, false)
if err != nil {
return nil, err
}
@ -1086,7 +1086,7 @@ func (s *Server) getCustomInitMessageTexts(ctx context.Context, org string, lang
func (s *Server) getCustomPasswordResetMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomPasswordResetMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomPasswordResetMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.PasswordResetMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.PasswordResetMessageType, lang, false)
if err != nil {
return nil, err
}
@ -1111,7 +1111,7 @@ func (s *Server) getCustomPasswordResetMessageTexts(ctx context.Context, org str
func (s *Server) getCustomVerifyEmailMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomVerifyEmailMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomVerifyEmailMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.VerifyEmailMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.VerifyEmailMessageType, lang, false)
if err != nil {
return nil, err
}
@ -1136,7 +1136,7 @@ func (s *Server) getCustomVerifyEmailMessageTexts(ctx context.Context, org strin
func (s *Server) getCustomVerifyPhoneMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomVerifyPhoneMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomVerifyPhoneMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.VerifyPhoneMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.VerifyPhoneMessageType, lang, false)
if err != nil {
return nil, err
}
@ -1161,7 +1161,7 @@ func (s *Server) getCustomVerifyPhoneMessageTexts(ctx context.Context, org strin
func (s *Server) getCustomDomainClaimedMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomDomainClaimedMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomDomainClaimedMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.DomainClaimedMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.DomainClaimedMessageType, lang, false)
if err != nil {
return nil, err
}
@ -1186,7 +1186,7 @@ func (s *Server) getCustomDomainClaimedMessageTexts(ctx context.Context, org str
func (s *Server) getCustomPasswordlessRegistrationMessageTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomPasswordlessRegistrationMessageTextRequest, error) {
customTexts := make([]*management_pb.SetCustomPasswordlessRegistrationMessageTextRequest, 0, len(languages))
for _, lang := range languages {
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.DomainClaimedMessageType, lang)
text, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, org, domain.DomainClaimedMessageType, lang, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/admin/iam_member.go
View File

@ -22,7 +22,7 @@ func (s *Server) ListIAMMembers(ctx context.Context, req *admin_pb.ListIAMMember
if err != nil {
return nil, err
}
res, err := s.query.IAMMembers(ctx, queries)
res, err := s.query.IAMMembers(ctx, queries, false)
if err != nil {
return nil, err
}

8
internal/api/grpc/admin/idp.go
View File

@ -11,7 +11,7 @@ import (
)
func (s *Server) GetIDPByID(ctx context.Context, req *admin_pb.GetIDPByIDRequest) (*admin_pb.GetIDPByIDResponse, error) {
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.Id, authz.GetInstance(ctx).InstanceID())
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.Id, authz.GetInstance(ctx).InstanceID(), false)
if err != nil {
return nil, err
}
@ -23,7 +23,7 @@ func (s *Server) ListIDPs(ctx context.Context, req *admin_pb.ListIDPsRequest) (*
if err != nil {
return nil, err
}
resp, err := s.query.IDPs(ctx, queries)
resp, err := s.query.IDPs(ctx, queries, false)
if err != nil {
return nil, err
}
@ -100,7 +100,7 @@ func (s *Server) RemoveIDP(ctx context.Context, req *admin_pb.RemoveIDPRequest)
}
idps, err := s.query.IDPs(ctx, &query.IDPSearchQueries{
Queries: []query.SearchQuery{providerQuery},
})
}, true)
if err != nil {
return nil, err
}
@ -111,7 +111,7 @@ func (s *Server) RemoveIDP(ctx context.Context, req *admin_pb.RemoveIDPRequest)
}
userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery},
})
}, true)
if err != nil {
return nil, err
}

4
internal/api/grpc/admin/login_policy.go
View File

@ -36,7 +36,7 @@ func (s *Server) UpdateLoginPolicy(ctx context.Context, p *admin_pb.UpdateLoginP
}
func (s *Server) ListLoginPolicyIDPs(ctx context.Context, req *admin_pb.ListLoginPolicyIDPsRequest) (*admin_pb.ListLoginPolicyIDPsResponse, error) {
res, err := s.query.IDPLoginPolicyLinks(ctx, authz.GetInstance(ctx).InstanceID(), ListLoginPolicyIDPsRequestToQuery(req))
res, err := s.query.IDPLoginPolicyLinks(ctx, authz.GetInstance(ctx).InstanceID(), ListLoginPolicyIDPsRequestToQuery(req), false)
if err != nil {
return nil, err
}
@ -67,7 +67,7 @@ func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *admin_pb.Rem
}
idps, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery},
})
}, true)
if err != nil {
return nil, err

2
internal/api/grpc/admin/org.go
View File

@ -83,7 +83,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain str
if err != nil {
return nil, err
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}})
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/email.go
View File

@ -11,7 +11,7 @@ import (
)
func (s *Server) GetMyEmail(ctx context.Context, _ *auth_pb.GetMyEmailRequest) (*auth_pb.GetMyEmailResponse, error) {
email, err := s.query.GetHumanEmail(ctx, authz.GetCtxData(ctx).UserID)
email, err := s.query.GetHumanEmail(ctx, authz.GetCtxData(ctx).UserID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/idp.go
View File

@ -13,7 +13,7 @@ func (s *Server) ListMyLinkedIDPs(ctx context.Context, req *auth_pb.ListMyLinked
if err != nil {
return nil, err
}
links, err := s.query.IDPUserLinks(ctx, q)
links, err := s.query.IDPUserLinks(ctx, q, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/multi_factor.go
View File

@ -26,7 +26,7 @@ func (s *Server) ListMyAuthFactors(ctx context.Context, _ *auth_pb.ListMyAuthFac
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/password_complexity.go
View File

@ -9,7 +9,7 @@ import (
)
func (s *Server) GetMyPasswordComplexityPolicy(ctx context.Context, _ *auth_pb.GetMyPasswordComplexityPolicyRequest) (*auth_pb.GetMyPasswordComplexityPolicyResponse, error) {
policy, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/passwordless.go
View File

@ -30,7 +30,7 @@ func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswo
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
if err != nil {
return nil, err
}

4
internal/api/grpc/auth/permission.go
View File

@ -34,7 +34,7 @@ func (s *Server) ListMyProjectPermissions(ctx context.Context, _ *auth_pb.ListMy
if err != nil {
return nil, err
}
userGrant, err := s.query.UserGrant(ctx, true, userGrantOrgID, userGrantProjectID, userGrantUserID)
userGrant, err := s.query.UserGrant(ctx, true, false, userGrantOrgID, userGrantProjectID, userGrantUserID)
if err != nil {
return nil, err
}
@ -48,7 +48,7 @@ func (s *Server) ListMyMemberships(ctx context.Context, req *auth_pb.ListMyMembe
if err != nil {
return nil, err
}
response, err := s.query.Memberships(ctx, request)
response, err := s.query.Memberships(ctx, request, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/phone.go
View File

@ -11,7 +11,7 @@ import (
)
func (s *Server) GetMyPhone(ctx context.Context, _ *auth_pb.GetMyPhoneRequest) (*auth_pb.GetMyPhoneResponse, error) {
phone, err := s.query.GetHumanPhone(ctx, authz.GetCtxData(ctx).UserID)
phone, err := s.query.GetHumanPhone(ctx, authz.GetCtxData(ctx).UserID, false)
if err != nil {
return nil, err
}

4
internal/api/grpc/auth/policy.go
View File

@ -9,7 +9,7 @@ import (
)
func (s *Server) GetMyLabelPolicy(ctx context.Context, _ *auth_pb.GetMyLabelPolicyRequest) (*auth_pb.GetMyLabelPolicyResponse, error) {
policy, err := s.query.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -19,7 +19,7 @@ func (s *Server) GetMyLabelPolicy(ctx context.Context, _ *auth_pb.GetMyLabelPoli
}
func (s *Server) GetMyPrivacyPolicy(ctx context.Context, _ *auth_pb.GetMyPrivacyPolicyRequest) (*auth_pb.GetMyPrivacyPolicyResponse, error) {
policy, err := s.query.PrivacyPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.PrivacyPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/profile.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetMyProfile(ctx context.Context, req *auth_pb.GetMyProfileRequest) (*auth_pb.GetMyProfileResponse, error) {
profile, err := s.query.GetHumanProfile(ctx, authz.GetCtxData(ctx).UserID)
profile, err := s.query.GetHumanProfile(ctx, authz.GetCtxData(ctx).UserID, false)
if err != nil {
return nil, err
}

16
internal/api/grpc/auth/user.go
View File

@ -17,7 +17,7 @@ import (
)
func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*auth_pb.GetMyUserResponse, error) {
user, err := s.query.GetUserByID(ctx, true, authz.GetCtxData(ctx).UserID)
user, err := s.query.GetUserByID(ctx, true, authz.GetCtxData(ctx).UserID, false)
if err != nil {
return nil, err
}
@ -31,7 +31,7 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
return nil, err
}
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID}}
grants, err := s.query.UserGrants(ctx, queries)
grants, err := s.query.UserGrants(ctx, queries, false)
if err != nil {
return nil, err
}
@ -42,7 +42,7 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
}
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
Queries: []query.SearchQuery{userQuery},
})
}, false)
if err != nil {
return nil, err
}
@ -71,7 +71,7 @@ func (s *Server) ListMyMetadata(ctx context.Context, req *auth_pb.ListMyMetadata
if err != nil {
return nil, err
}
res, err := s.query.SearchUserMetadata(ctx, true, authz.GetCtxData(ctx).UserID, queries)
res, err := s.query.SearchUserMetadata(ctx, true, authz.GetCtxData(ctx).UserID, queries, false)
if err != nil {
return nil, err
}
@ -82,7 +82,7 @@ func (s *Server) ListMyMetadata(ctx context.Context, req *auth_pb.ListMyMetadata
}
func (s *Server) GetMyMetadata(ctx context.Context, req *auth_pb.GetMyMetadataRequest) (*auth_pb.GetMyMetadataResponse, error) {
data, err := s.query.GetUserMetadataByKey(ctx, true, authz.GetCtxData(ctx).UserID, req.Key)
data, err := s.query.GetUserMetadataByKey(ctx, true, authz.GetCtxData(ctx).UserID, req.Key, false)
if err != nil {
return nil, err
}
@ -125,7 +125,7 @@ func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGr
if err != nil {
return nil, err
}
res, err := s.query.UserGrants(ctx, queries)
res, err := s.query.UserGrants(ctx, queries, false)
if err != nil {
return nil, err
}
@ -154,7 +154,7 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje
return nil, err
}
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantProjectID, userGrantUserID}})
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantProjectID, userGrantUserID}}, false)
if err != nil {
return nil, err
}
@ -210,7 +210,7 @@ func (s *Server) myOrgsQuery(ctx context.Context, ctxData authz.CtxData) (*query
}
return s.query.Memberships(ctx, &query.MembershipSearchQuery{
Queries: []query.SearchQuery{userQuery},
})
}, false)
}
func isIAMAdmin(memberships []*query.Membership) bool {

6
internal/api/grpc/management/actions.go
View File

@ -14,7 +14,7 @@ func (s *Server) ListActions(ctx context.Context, req *mgmt_pb.ListActionsReques
if err != nil {
return nil, err
}
actions, err := s.query.SearchActions(ctx, query)
actions, err := s.query.SearchActions(ctx, query, false)
if err != nil {
return nil, err
}
@ -25,7 +25,7 @@ func (s *Server) ListActions(ctx context.Context, req *mgmt_pb.ListActionsReques
}
func (s *Server) GetAction(ctx context.Context, req *mgmt_pb.GetActionRequest) (*mgmt_pb.GetActionResponse, error) {
action, err := s.query.GetActionByID(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
action, err := s.query.GetActionByID(ctx, req.Id, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -89,7 +89,7 @@ func (s *Server) ReactivateAction(ctx context.Context, req *mgmt_pb.ReactivateAc
}
func (s *Server) DeleteAction(ctx context.Context, req *mgmt_pb.DeleteActionRequest) (*mgmt_pb.DeleteActionResponse, error) {
flowTypes, err := s.query.GetFlowTypesOfActionID(ctx, req.Id)
flowTypes, err := s.query.GetFlowTypesOfActionID(ctx, req.Id, false)
if err != nil {
return nil, err
}

12
internal/api/grpc/management/custom_text.go
View File

@ -13,7 +13,7 @@ import (
)
func (s *Server) GetCustomInitMessageText(ctx context.Context, req *mgmt_pb.GetCustomInitMessageTextRequest) (*mgmt_pb.GetCustomInitMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.InitCodeMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.InitCodeMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -61,7 +61,7 @@ func (s *Server) ResetCustomInitMessageTextToDefault(ctx context.Context, req *m
}
func (s *Server) GetCustomPasswordResetMessageText(ctx context.Context, req *mgmt_pb.GetCustomPasswordResetMessageTextRequest) (*mgmt_pb.GetCustomPasswordResetMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.PasswordResetMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.PasswordResetMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -109,7 +109,7 @@ func (s *Server) ResetCustomPasswordResetMessageTextToDefault(ctx context.Contex
}
func (s *Server) GetCustomVerifyEmailMessageText(ctx context.Context, req *mgmt_pb.GetCustomVerifyEmailMessageTextRequest) (*mgmt_pb.GetCustomVerifyEmailMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.VerifyEmailMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.VerifyEmailMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -157,7 +157,7 @@ func (s *Server) ResetCustomVerifyEmailMessageTextToDefault(ctx context.Context,
}
func (s *Server) GetCustomVerifyPhoneMessageText(ctx context.Context, req *mgmt_pb.GetCustomVerifyPhoneMessageTextRequest) (*mgmt_pb.GetCustomVerifyPhoneMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.VerifyPhoneMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.VerifyPhoneMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -205,7 +205,7 @@ func (s *Server) ResetCustomVerifyPhoneMessageTextToDefault(ctx context.Context,
}
func (s *Server) GetCustomDomainClaimedMessageText(ctx context.Context, req *mgmt_pb.GetCustomDomainClaimedMessageTextRequest) (*mgmt_pb.GetCustomDomainClaimedMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.DomainClaimedMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.DomainClaimedMessageType, req.Language, false)
if err != nil {
return nil, err
}
@ -253,7 +253,7 @@ func (s *Server) ResetCustomDomainClaimedMessageTextToDefault(ctx context.Contex
}
func (s *Server) GetCustomPasswordlessRegistrationMessageText(ctx context.Context, req *mgmt_pb.GetCustomPasswordlessRegistrationMessageTextRequest) (*mgmt_pb.GetCustomPasswordlessRegistrationMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.PasswordlessRegistrationMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetCtxData(ctx).OrgID, domain.PasswordlessRegistrationMessageType, req.Language, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/flow.go
View File

@ -32,7 +32,7 @@ func (s *Server) ListFlowTriggerTypes(ctx context.Context, req *mgmt_pb.ListFlow
}
func (s *Server) GetFlow(ctx context.Context, req *mgmt_pb.GetFlowRequest) (*mgmt_pb.GetFlowResponse, error) {
flow, err := s.query.GetFlow(ctx, action_grpc.FlowTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
flow, err := s.query.GetFlow(ctx, action_grpc.FlowTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

8
internal/api/grpc/management/idp.go
View File

@ -11,7 +11,7 @@ import (
)
func (s *Server) GetOrgIDPByID(ctx context.Context, req *mgmt_pb.GetOrgIDPByIDRequest) (*mgmt_pb.GetOrgIDPByIDResponse, error) {
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.Id, authz.GetCtxData(ctx).OrgID)
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.Id, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -23,7 +23,7 @@ func (s *Server) ListOrgIDPs(ctx context.Context, req *mgmt_pb.ListOrgIDPsReques
if err != nil {
return nil, err
}
resp, err := s.query.IDPs(ctx, queries)
resp, err := s.query.IDPs(ctx, queries, false)
if err != nil {
return nil, err
}
@ -80,7 +80,7 @@ func (s *Server) ReactivateOrgIDP(ctx context.Context, req *mgmt_pb.ReactivateOr
}
func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequest) (*mgmt_pb.RemoveOrgIDPResponse, error) {
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.IdpId, authz.GetCtxData(ctx).OrgID)
idp, err := s.query.IDPByIDAndResourceOwner(ctx, true, req.IdpId, authz.GetCtxData(ctx).OrgID, true)
if err != nil {
return nil, err
}
@ -90,7 +90,7 @@ func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequ
}
userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery},
})
}, true)
if err != nil {
return nil, err
}

23
internal/api/grpc/management/org.go
View File

@ -100,8 +100,17 @@ func (s *Server) ReactivateOrg(ctx context.Context, req *mgmt_pb.ReactivateOrgRe
}, err
}
func (s *Server) RemoveOrg(ctx context.Context, req *mgmt_pb.RemoveOrgRequest) (*mgmt_pb.RemoveOrgResponse, error) {
details, err := s.command.RemoveOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveOrgResponse{Details: object.DomainToChangeDetailsPb(details)}, nil
}
func (s *Server) GetDomainPolicy(ctx context.Context, req *mgmt_pb.GetDomainPolicyRequest) (*mgmt_pb.GetDomainPolicyResponse, error) {
policy, err := s.query.DomainPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.DomainPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -111,7 +120,7 @@ func (s *Server) GetDomainPolicy(ctx context.Context, req *mgmt_pb.GetDomainPoli
}
func (s *Server) GetOrgIAMPolicy(ctx context.Context, _ *mgmt_pb.GetOrgIAMPolicyRequest) (*mgmt_pb.GetOrgIAMPolicyResponse, error) {
policy, err := s.query.DomainPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.DomainPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -131,7 +140,7 @@ func (s *Server) ListOrgDomains(ctx context.Context, req *mgmt_pb.ListOrgDomains
}
queries.Queries = append(queries.Queries, orgIDQuery)
domains, err := s.query.SearchOrgDomains(ctx, queries)
domains, err := s.query.SearchOrgDomains(ctx, queries, false)
if err != nil {
return nil, err
}
@ -227,7 +236,7 @@ func (s *Server) ListOrgMembers(ctx context.Context, req *mgmt_pb.ListOrgMembers
if err != nil {
return nil, err
}
members, err := s.query.OrgMembers(ctx, queries)
members, err := s.query.OrgMembers(ctx, queries, false)
if err != nil {
return nil, err
}
@ -289,7 +298,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, or
}
queries = append(queries, owner)
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries})
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, false)
if err != nil {
return nil, err
}
@ -305,7 +314,7 @@ func (s *Server) ListOrgMetadata(ctx context.Context, req *mgmt_pb.ListOrgMetada
if err != nil {
return nil, err
}
res, err := s.query.SearchOrgMetadata(ctx, true, authz.GetCtxData(ctx).OrgID, metadataQueries)
res, err := s.query.SearchOrgMetadata(ctx, true, authz.GetCtxData(ctx).OrgID, metadataQueries, false)
if err != nil {
return nil, err
}
@ -316,7 +325,7 @@ func (s *Server) ListOrgMetadata(ctx context.Context, req *mgmt_pb.ListOrgMetada
}
func (s *Server) GetOrgMetadata(ctx context.Context, req *mgmt_pb.GetOrgMetadataRequest) (*mgmt_pb.GetOrgMetadataResponse, error) {
data, err := s.query.GetOrgMetadataByKey(ctx, true, authz.GetCtxData(ctx).OrgID, req.Key)
data, err := s.query.GetOrgMetadataByKey(ctx, true, authz.GetCtxData(ctx).OrgID, req.Key, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/policy_label.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetLabelPolicy(ctx context.Context, req *mgmt_pb.GetLabelPolicyRequest) (*mgmt_pb.GetLabelPolicyResponse, error) {
policy, err := s.query.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/policy_lockout.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetLockoutPolicy(ctx context.Context, req *mgmt_pb.GetLockoutPolicyRequest) (*mgmt_pb.GetLockoutPolicyResponse, error) {
policy, err := s.query.LockoutPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.LockoutPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

6
internal/api/grpc/management/policy_login.go
View File

@ -14,7 +14,7 @@ import (
)
func (s *Server) GetLoginPolicy(ctx context.Context, req *mgmt_pb.GetLoginPolicyRequest) (*mgmt_pb.GetLoginPolicyResponse, error) {
policy, err := s.query.LoginPolicyByID(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.LoginPolicyByID(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -68,7 +68,7 @@ func (s *Server) ResetLoginPolicyToDefault(ctx context.Context, req *mgmt_pb.Res
}
func (s *Server) ListLoginPolicyIDPs(ctx context.Context, req *mgmt_pb.ListLoginPolicyIDPsRequest) (*mgmt_pb.ListLoginPolicyIDPsResponse, error) {
res, err := s.query.IDPLoginPolicyLinks(ctx, authz.GetCtxData(ctx).OrgID, ListLoginPolicyIDPsRequestToQuery(req))
res, err := s.query.IDPLoginPolicyLinks(ctx, authz.GetCtxData(ctx).OrgID, ListLoginPolicyIDPsRequestToQuery(req), false)
if err != nil {
return nil, err
}
@ -99,7 +99,7 @@ func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.Remo
}
userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery},
})
}, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/policy_password_age.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetPasswordAgePolicyRequest) (*mgmt_pb.GetPasswordAgePolicyResponse, error) {
policy, err := s.query.PasswordAgePolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.PasswordAgePolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/policy_password_complexity.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, req *mgmt_pb.GetPasswordComplexityPolicyRequest) (*mgmt_pb.GetPasswordComplexityPolicyResponse, error) {
policy, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/policy_privacy.go
View File

@ -10,7 +10,7 @@ import (
)
func (s *Server) GetPrivacyPolicy(ctx context.Context, _ *mgmt_pb.GetPrivacyPolicyRequest) (*mgmt_pb.GetPrivacyPolicyResponse, error) {
policy, err := s.query.PrivacyPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := s.query.PrivacyPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}

20
internal/api/grpc/management/project.go
View File

@ -13,7 +13,7 @@ import (
)
func (s *Server) GetProjectByID(ctx context.Context, req *mgmt_pb.GetProjectByIDRequest) (*mgmt_pb.GetProjectByIDResponse, error) {
project, err := s.query.ProjectByID(ctx, true, req.Id)
project, err := s.query.ProjectByID(ctx, true, req.Id, false)
if err != nil {
return nil, err
}
@ -23,7 +23,7 @@ func (s *Server) GetProjectByID(ctx context.Context, req *mgmt_pb.GetProjectByID
}
func (s *Server) GetGrantedProjectByID(ctx context.Context, req *mgmt_pb.GetGrantedProjectByIDRequest) (*mgmt_pb.GetGrantedProjectByIDResponse, error) {
grant, err := s.query.ProjectGrantByID(ctx, true, req.GrantId)
grant, err := s.query.ProjectGrantByID(ctx, true, req.GrantId, false)
if err != nil {
return nil, err
}
@ -45,7 +45,7 @@ func (s *Server) ListProjects(ctx context.Context, req *mgmt_pb.ListProjectsRequ
if err != nil {
return nil, err
}
projects, err := s.query.SearchProjects(ctx, queries)
projects, err := s.query.SearchProjects(ctx, queries, false)
if err != nil {
return nil, err
}
@ -79,7 +79,7 @@ func (s *Server) ListGrantedProjects(ctx context.Context, req *mgmt_pb.ListGrant
if err != nil {
return nil, err
}
projects, err := s.query.SearchProjectGrants(ctx, queries)
projects, err := s.query.SearchProjectGrants(ctx, queries, false)
if err != nil {
return nil, err
}
@ -98,7 +98,7 @@ func (s *Server) ListGrantedProjectRoles(ctx context.Context, req *mgmt_pb.ListG
if err != nil {
return nil, err
}
roles, err := s.query.SearchGrantedProjectRoles(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID, queries)
roles, err := s.query.SearchGrantedProjectRoles(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID, queries, false)
if err != nil {
return nil, err
}
@ -172,7 +172,7 @@ func (s *Server) RemoveProject(ctx context.Context, req *mgmt_pb.RemoveProjectRe
}
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{projectQuery},
})
}, false)
if err != nil {
return nil, err
}
@ -198,7 +198,7 @@ func (s *Server) ListProjectRoles(ctx context.Context, req *mgmt_pb.ListProjectR
if err != nil {
return nil, err
}
roles, err := s.query.SearchProjectRoles(ctx, true, queries)
roles, err := s.query.SearchProjectRoles(ctx, true, queries, false)
if err != nil {
return nil, err
}
@ -257,12 +257,12 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProje
}
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{projectQuery, rolesQuery},
})
}, false)
if err != nil {
return nil, err
}
projectGrants, err := s.query.SearchProjectGrantsByProjectIDAndRoleKey(ctx, req.ProjectId, req.RoleKey)
projectGrants, err := s.query.SearchProjectGrantsByProjectIDAndRoleKey(ctx, req.ProjectId, req.RoleKey, false)
if err != nil {
return nil, err
}
@ -288,7 +288,7 @@ func (s *Server) ListProjectMembers(ctx context.Context, req *mgmt_pb.ListProjec
if err != nil {
return nil, err
}
members, err := s.query.ProjectMembers(ctx, queries)
members, err := s.query.ProjectMembers(ctx, queries, false)
if err != nil {
return nil, err
}

8
internal/api/grpc/management/project_application.go
View File

@ -14,7 +14,7 @@ import (
)
func (s *Server) GetAppByID(ctx context.Context, req *mgmt_pb.GetAppByIDRequest) (*mgmt_pb.GetAppByIDResponse, error) {
app, err := s.query.AppByProjectAndAppID(ctx, true, req.ProjectId, req.AppId)
app, err := s.query.AppByProjectAndAppID(ctx, true, req.ProjectId, req.AppId, false)
if err != nil {
return nil, err
}
@ -28,7 +28,7 @@ func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*m
if err != nil {
return nil, err
}
apps, err := s.query.SearchApps(ctx, queries)
apps, err := s.query.SearchApps(ctx, queries, false)
if err != nil {
return nil, err
}
@ -228,7 +228,7 @@ func (s *Server) GetAppKey(ctx context.Context, req *mgmt_pb.GetAppKeyRequest) (
if err != nil {
return nil, err
}
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, resourceOwner, aggregateID, objectID)
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, false, resourceOwner, aggregateID, objectID)
if err != nil {
return nil, err
}
@ -242,7 +242,7 @@ func (s *Server) ListAppKeys(ctx context.Context, req *mgmt_pb.ListAppKeysReques
if err != nil {
return nil, err
}
keys, err := s.query.SearchAuthNKeys(ctx, queries)
keys, err := s.query.SearchAuthNKeys(ctx, queries, false)
if err != nil {
return nil, err
}

12
internal/api/grpc/management/project_grant.go
View File

@ -13,7 +13,7 @@ import (
)
func (s *Server) GetProjectGrantByID(ctx context.Context, req *mgmt_pb.GetProjectGrantByIDRequest) (*mgmt_pb.GetProjectGrantByIDResponse, error) {
grant, err := s.query.ProjectGrantByID(ctx, true, req.GrantId)
grant, err := s.query.ProjectGrantByID(ctx, true, req.GrantId, false)
if err != nil {
return nil, err
}
@ -31,7 +31,7 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProject
if err != nil {
return nil, err
}
grants, err := s.query.SearchProjectGrants(ctx, queries)
grants, err := s.query.SearchProjectGrants(ctx, queries, false)
if err != nil {
return nil, err
}
@ -54,7 +54,7 @@ func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllP
if err != nil {
return nil, err
}
grants, err := s.query.SearchProjectGrants(ctx, queries)
grants, err := s.query.SearchProjectGrants(ctx, queries, false)
if err != nil {
return nil, err
}
@ -90,7 +90,7 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProj
}
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{projectQuery, grantQuery},
})
}, false)
if err != nil {
return nil, err
}
@ -138,7 +138,7 @@ func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProj
}
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{projectQuery, grantQuery},
})
}, true)
if err != nil {
return nil, err
}
@ -164,7 +164,7 @@ func (s *Server) ListProjectGrantMembers(ctx context.Context, req *mgmt_pb.ListP
if err != nil {
return nil, err
}
response, err := s.query.ProjectGrantMembers(ctx, queries)
response, err := s.query.ProjectGrantMembers(ctx, queries, false)
if err != nil {
return nil, err
}

80
internal/api/grpc/management/user.go
View File

@ -30,7 +30,7 @@ func (s *Server) GetUserByID(ctx context.Context, req *mgmt_pb.GetUserByIDReques
if err != nil {
return nil, err
}
user, err := s.query.GetUserByID(ctx, true, req.Id, owner)
user, err := s.query.GetUserByID(ctx, true, req.Id, false, owner)
if err != nil {
return nil, err
}
@ -44,7 +44,7 @@ func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetU
if err != nil {
return nil, err
}
user, err := s.query.GetUser(ctx, true, loginName)
user, err := s.query.GetUser(ctx, true, false, loginName)
if err != nil {
return nil, err
}
@ -63,7 +63,7 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
if err != nil {
return nil, err
}
res, err := s.query.SearchUsers(ctx, queries)
res, err := s.query.SearchUsers(ctx, queries, false)
if err != nil {
return nil, err
}
@ -86,14 +86,14 @@ func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChang
func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequest) (*mgmt_pb.IsUserUniqueResponse, error) {
orgID := authz.GetCtxData(ctx).OrgID
policy, err := s.query.DomainPolicyByOrg(ctx, true, orgID)
policy, err := s.query.DomainPolicyByOrg(ctx, true, orgID, false)
if err != nil {
return nil, err
}
if !policy.UserLoginMustBeDomain {
orgID = ""
}
unique, err := s.query.IsUserUnique(ctx, req.UserName, req.Email, orgID)
unique, err := s.query.IsUserUnique(ctx, req.UserName, req.Email, orgID, false)
if err != nil {
return nil, err
}
@ -111,7 +111,7 @@ func (s *Server) ListUserMetadata(ctx context.Context, req *mgmt_pb.ListUserMeta
if err != nil {
return nil, err
}
res, err := s.query.SearchUserMetadata(ctx, true, req.Id, metadataQueries)
res, err := s.query.SearchUserMetadata(ctx, true, req.Id, metadataQueries, false)
if err != nil {
return nil, err
}
@ -126,7 +126,7 @@ func (s *Server) GetUserMetadata(ctx context.Context, req *mgmt_pb.GetUserMetada
if err != nil {
return nil, err
}
data, err := s.query.GetUserMetadataByKey(ctx, true, req.Id, req.Key, owner)
data, err := s.query.GetUserMetadataByKey(ctx, true, req.Id, req.Key, false, owner)
if err != nil {
return nil, err
}
@ -323,27 +323,11 @@ func (s *Server) UnlockUser(ctx context.Context, req *mgmt_pb.UnlockUserRequest)
}
func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest) (*mgmt_pb.RemoveUserResponse, error) {
userGrantUserQuery, err := query.NewUserGrantUserIDSearchQuery(req.Id)
memberships, grants, err := s.removeUserDependencies(ctx, req.Id)
if err != nil {
return nil, err
}
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{userGrantUserQuery},
})
if err != nil {
return nil, err
}
membershipsUserQuery, err := query.NewMembershipUserIDQuery(req.Id)
if err != nil {
return nil, err
}
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
Queries: []query.SearchQuery{membershipsUserQuery},
})
if err != nil {
return nil, err
}
objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, cascadingMemberships(memberships.Memberships), userGrantsToIDs(grants.UserGrants)...)
objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, memberships, grants...)
if err != nil {
return nil, err
}
@ -352,6 +336,30 @@ func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest)
}, nil
}
func (s *Server) removeUserDependencies(ctx context.Context, userID string) ([]*command.CascadingMembership, []string, error) {
userGrantUserQuery, err := query.NewUserGrantUserIDSearchQuery(userID)
if err != nil {
return nil, nil, err
}
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{userGrantUserQuery},
}, true)
if err != nil {
return nil, nil, err
}
membershipsUserQuery, err := query.NewMembershipUserIDQuery(userID)
if err != nil {
return nil, nil, err
}
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
Queries: []query.SearchQuery{membershipsUserQuery},
}, true)
if err != nil {
return nil, nil, err
}
return cascadingMemberships(memberships.Memberships), userGrantsToIDs(grants.UserGrants), nil
}
func (s *Server) UpdateUserName(ctx context.Context, req *mgmt_pb.UpdateUserNameRequest) (*mgmt_pb.UpdateUserNameResponse, error) {
objectDetails, err := s.command.ChangeUsername(ctx, authz.GetCtxData(ctx).OrgID, req.UserId, req.UserName)
if err != nil {
@ -367,7 +375,7 @@ func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfi
if err != nil {
return nil, err
}
profile, err := s.query.GetHumanProfile(ctx, req.UserId, owner)
profile, err := s.query.GetHumanProfile(ctx, req.UserId, false, owner)
if err != nil {
return nil, err
}
@ -401,7 +409,7 @@ func (s *Server) GetHumanEmail(ctx context.Context, req *mgmt_pb.GetHumanEmailRe
if err != nil {
return nil, err
}
email, err := s.query.GetHumanEmail(ctx, req.UserId, owner)
email, err := s.query.GetHumanEmail(ctx, req.UserId, false, owner)
if err != nil {
return nil, err
}
@ -467,7 +475,7 @@ func (s *Server) GetHumanPhone(ctx context.Context, req *mgmt_pb.GetHumanPhoneRe
if err != nil {
return nil, err
}
phone, err := s.query.GetHumanPhone(ctx, req.UserId, owner)
phone, err := s.query.GetHumanPhone(ctx, req.UserId, false, owner)
if err != nil {
return nil, err
}
@ -583,7 +591,7 @@ func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHuma
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
if err != nil {
return nil, err
}
@ -626,7 +634,7 @@ func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHum
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
if err != nil {
return nil, err
}
@ -698,7 +706,7 @@ func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachine
if err != nil {
return nil, err
}
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, resourceOwner, aggregateID)
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, false, resourceOwner, aggregateID)
if err != nil {
return nil, err
}
@ -712,7 +720,7 @@ func (s *Server) ListMachineKeys(ctx context.Context, req *mgmt_pb.ListMachineKe
if err != nil {
return nil, err
}
result, err := s.query.SearchAuthNKeys(ctx, query)
result, err := s.query.SearchAuthNKeys(ctx, query, false)
if err != nil {
return nil, err
}
@ -761,7 +769,7 @@ func (s *Server) GetPersonalAccessTokenByIDs(ctx context.Context, req *mgmt_pb.G
if err != nil {
return nil, err
}
token, err := s.query.PersonalAccessTokenByID(ctx, true, req.TokenId, resourceOwner, aggregateID)
token, err := s.query.PersonalAccessTokenByID(ctx, true, req.TokenId, false, resourceOwner, aggregateID)
if err != nil {
return nil, err
}
@ -775,7 +783,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *mgmt_pb.List
if err != nil {
return nil, err
}
result, err := s.query.SearchPersonalAccessTokens(ctx, queries)
result, err := s.query.SearchPersonalAccessTokens(ctx, queries, false)
if err != nil {
return nil, err
}
@ -821,7 +829,7 @@ func (s *Server) ListHumanLinkedIDPs(ctx context.Context, req *mgmt_pb.ListHuman
if err != nil {
return nil, err
}
res, err := s.query.IDPUserLinks(ctx, queries)
res, err := s.query.IDPUserLinks(ctx, queries, false)
if err != nil {
return nil, err
}
@ -845,7 +853,7 @@ func (s *Server) ListUserMemberships(ctx context.Context, req *mgmt_pb.ListUserM
if err != nil {
return nil, err
}
response, err := s.query.Memberships(ctx, request)
response, err := s.query.Memberships(ctx, request, false)
if err != nil {
return nil, err
}

4
internal/api/grpc/management/user_grant.go
View File

@ -19,7 +19,7 @@ func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrant
if err != nil {
return nil, err
}
grant, err := s.query.UserGrant(ctx, true, idQuery, ownerQuery)
grant, err := s.query.UserGrant(ctx, true, false, idQuery, ownerQuery)
if err != nil {
return nil, err
}
@ -33,7 +33,7 @@ func (s *Server) ListUserGrants(ctx context.Context, req *mgmt_pb.ListUserGrantR
if err != nil {
return nil, err
}
res, err := s.query.UserGrants(ctx, queries)
res, err := s.query.UserGrants(ctx, queries, false)
if err != nil {
return nil, err
}

2
internal/api/grpc/org/converter.go
View File

@ -99,6 +99,8 @@ func OrgStateToPb(state domain.OrgState) org_pb.OrgState {
return org_pb.OrgState_ORG_STATE_ACTIVE
case domain.OrgStateInactive:
return org_pb.OrgState_ORG_STATE_INACTIVE
case domain.OrgStateRemoved:
return org_pb.OrgState_ORG_STATE_REMOVED
default:
return org_pb.OrgState_ORG_STATE_UNSPECIFIED
}

10
internal/api/oidc/auth_request.go
View File

@ -209,11 +209,11 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string
return scopes, nil
}
}
projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, clientID)
projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, clientID, false)
if err != nil {
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-AEG4d", "Errors.Internal")
}
project, err := o.query.ProjectByID(ctx, false, projectID)
project, err := o.query.ProjectByID(ctx, false, projectID, false)
if err != nil {
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-w4wIn", "Errors.Internal")
}
@ -224,7 +224,7 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string
if err != nil {
return nil, errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
}
roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
if err != nil {
return nil, err
}
@ -236,7 +236,7 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string
func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.TokenView, clientID string) error {
token.Audience = append(token.Audience, clientID)
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID)
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID, false)
if err != nil {
return errors.ThrowPreconditionFailed(nil, "OIDC-AEG4d", "Errors.Internal")
}
@ -244,7 +244,7 @@ func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.T
if err != nil {
return errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
}
roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
if err != nil {
return err
}

34
internal/api/oidc/client.go
View File

@ -39,7 +39,7 @@ const (
func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Client, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
client, err := o.query.AppByOIDCClientID(ctx, id)
client, err := o.query.AppByOIDCClientID(ctx, id, false)
if err != nil {
return nil, err
}
@ -50,7 +50,7 @@ func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Cl
if err != nil {
return nil, errors.ThrowInternal(err, "OIDC-mPxqP", "Errors.Internal")
}
projectRoles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
projectRoles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
if err != nil {
return nil, err
}
@ -74,7 +74,7 @@ func (o *OPStorage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID strin
func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer string) (_ *jose.JSONWebKey, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
publicKeyData, err := o.query.GetAuthNKeyPublicKeyByIDAndIdentifier(ctx, keyID, issuer)
publicKeyData, err := o.query.GetAuthNKeyPublicKeyByIDAndIdentifier(ctx, keyID, issuer, false)
if err != nil {
return nil, err
}
@ -90,7 +90,7 @@ func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer strin
}
func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string, scopes []string) ([]string, error) {
user, err := o.query.GetUserByID(ctx, true, subject)
user, err := o.query.GetUserByID(ctx, true, subject, false)
if err != nil {
return nil, err
}
@ -126,7 +126,7 @@ func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secr
UserID: oidcCtx,
OrgID: oidcCtx,
})
app, err := o.query.AppByClientID(ctx, id)
app, err := o.query.AppByClientID(ctx, id, false)
if err != nil {
return err
}
@ -144,7 +144,7 @@ func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo oidc.User
return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
}
if token.ApplicationID != "" {
app, err := o.query.AppByOIDCClientID(ctx, token.ApplicationID)
app, err := o.query.AppByOIDCClientID(ctx, token.ApplicationID, false)
if err != nil {
return err
}
@ -159,7 +159,7 @@ func (o *OPStorage) SetUserinfoFromScopes(ctx context.Context, userInfo oidc.Use
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
if applicationID != "" {
app, err := o.query.AppByOIDCClientID(ctx, applicationID)
app, err := o.query.AppByOIDCClientID(ctx, applicationID, false)
if err != nil {
return err
}
@ -178,7 +178,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
if err != nil {
return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
}
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID)
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID, false)
if err != nil {
return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
}
@ -212,7 +212,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSetter, userID, applicationID string, scopes []string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
user, err := o.query.GetUserByID(ctx, true, userID)
user, err := o.query.GetUserByID(ctx, true, userID, false)
if err != nil {
return err
}
@ -299,7 +299,7 @@ func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSette
}
func (o *OPStorage) userinfoFlows(ctx context.Context, resourceOwner string, userInfo oidc.UserInfoSetter) error {
queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, resourceOwner)
queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, resourceOwner, false)
if err != nil {
return err
}
@ -319,6 +319,7 @@ func (o *OPStorage) userinfoFlows(ctx context.Context, resourceOwner string, use
true,
userInfo.GetSubject(),
&query.UserMetadataSearchQueries{Queries: []query.SearchQuery{resourceOwnerQuery}},
false,
)
if err != nil {
logging.WithError(err).Info("unable to get md in action")
@ -451,11 +452,11 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
}
func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, claims map[string]interface{}) (map[string]interface{}, error) {
user, err := o.query.GetUserByID(ctx, true, userID)
user, err := o.query.GetUserByID(ctx, true, userID, false)
if err != nil {
return nil, err
}
queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreAccessTokenCreation, user.ResourceOwner)
queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreAccessTokenCreation, user.ResourceOwner, false)
if err != nil {
return nil, err
}
@ -475,6 +476,7 @@ func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, claim
true,
userID,
&query.UserMetadataSearchQueries{Queries: []query.SearchQuery{resourceOwnerQuery}},
false,
)
if err != nil {
logging.WithError(err).Info("unable to get md in action")
@ -554,7 +556,7 @@ func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, claim
}
func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles []string) (map[string]map[string]string, error) {
projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID)
projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID, false)
if err != nil {
return nil, err
}
@ -568,7 +570,7 @@ func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID strin
}
grants, err := o.query.UserGrants(ctx, &query.UserGrantsQueries{
Queries: []query.SearchQuery{projectQuery, userIDQuery},
})
}, false)
if err != nil {
return nil, err
}
@ -582,7 +584,7 @@ func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID strin
}
func (o *OPStorage) assertUserMetaData(ctx context.Context, userID string) (map[string]string, error) {
metaData, err := o.query.SearchUserMetadata(ctx, true, userID, &query.UserMetadataSearchQueries{})
metaData, err := o.query.SearchUserMetadata(ctx, true, userID, &query.UserMetadataSearchQueries{}, false)
if err != nil {
return nil, err
}
@ -595,7 +597,7 @@ func (o *OPStorage) assertUserMetaData(ctx context.Context, userID string) (map[
}
func (o *OPStorage) assertUserResourceOwner(ctx context.Context, userID string) (map[string]string, error) {
user, err := o.query.GetUserByID(ctx, true, userID)
user, err := o.query.GetUserByID(ctx, true, userID, false)
if err != nil {
return nil, err
}

1
internal/api/oidc/key.go
View File

@ -92,6 +92,7 @@ func (o *OPStorage) KeySet(ctx context.Context) (keys []op.Key, err error) {
func (o *OPStorage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error) {
key, err := o.SigningKey(ctx)
if err != nil {
logging.WithError(err).Warn("unable to fetch signing key")
return nil, err
}
return []jose.SignatureAlgorithm{key.SignatureAlgorithm()}, nil

8
internal/api/saml/storage.go
View File

@ -49,7 +49,7 @@ type Storage struct {
}
func (p *Storage) GetEntityByID(ctx context.Context, entityID string) (*serviceprovider.ServiceProvider, error) {
app, err := p.query.AppBySAMLEntityID(ctx, entityID)
app, err := p.query.AppBySAMLEntityID(ctx, entityID, false)
if err != nil {
return nil, err
}
@ -63,7 +63,7 @@ func (p *Storage) GetEntityByID(ctx context.Context, entityID string) (*servicep
}
func (p *Storage) GetEntityIDByAppID(ctx context.Context, appID string) (string, error) {
app, err := p.query.AppByID(ctx, appID)
app, err := p.query.AppByID(ctx, appID, false)
if err != nil {
return "", err
}
@ -121,7 +121,7 @@ func (p *Storage) AuthRequestByID(ctx context.Context, id string) (_ models.Auth
func (p *Storage) SetUserinfoWithUserID(ctx context.Context, userinfo models.AttributeSetter, userID string, attributes []int) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
user, err := p.query.GetUserByID(ctx, true, userID)
user, err := p.query.GetUserByID(ctx, true, userID, false)
if err != nil {
return err
}
@ -138,7 +138,7 @@ func (p *Storage) SetUserinfoWithLoginName(ctx context.Context, userinfo models.
if err != nil {
return err
}
user, err := p.query.GetUser(ctx, true, loginNameSQ)
user, err := p.query.GetUser(ctx, true, false, loginNameSQ)
if err != nil {
return err
}

4
internal/api/ui/login/change_password_handler.go
View File

@ -42,7 +42,7 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
}
translator := l.getTranslator(r.Context(), authReq)
data := passwordData{
baseData: l.getBaseData(r, authReq, "PasswordChange.Title","PasswordChange.Description", errID, errMessage),
baseData: l.getBaseData(r, authReq, "PasswordChange.Title", "PasswordChange.Description", errID, errMessage),
profileData: l.getProfileData(authReq),
}
policy := l.getPasswordComplexityPolicy(r, authReq.UserOrgID)
@ -67,6 +67,6 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
func (l *Login) renderChangePasswordDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
var errType, errMessage string
translator := l.getTranslator(r.Context(), authReq)
data := l.getUserData(r, authReq, "PasswordChange.Title","PasswordChange.Description", errType, errMessage)
data := l.getUserData(r, authReq, "PasswordChange.Title", "PasswordChange.Description", errType, errMessage)
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangePasswordDone], data, nil)
}

8
internal/api/ui/login/custom_action.go
View File

@ -25,7 +25,7 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte
if resourceOwner == instance.InstanceID() {
resourceOwner = instance.DefaultOrganisationID()
}
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostAuthentication, resourceOwner)
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostAuthentication, resourceOwner, false)
if err != nil {
return nil, err
}
@ -126,7 +126,7 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte
}
func (l *Login) customExternalUserToLoginUserMapping(ctx context.Context, user *domain.Human, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, metadata []*domain.Metadata, resourceOwner string) (*domain.Human, []*domain.Metadata, error) {
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePreCreation, resourceOwner)
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePreCreation, resourceOwner, false)
if err != nil {
return nil, nil, err
}
@ -230,7 +230,7 @@ func (l *Login) customExternalUserToLoginUserMapping(ctx context.Context, user *
}
func (l *Login) customGrants(ctx context.Context, userID string, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, resourceOwner string) ([]*domain.UserGrant, error) {
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostCreation, resourceOwner)
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostCreation, resourceOwner, false)
if err != nil {
return nil, err
}
@ -287,7 +287,7 @@ func (l *Login) customGrants(ctx context.Context, userID string, tokens *oidc.To
actions.SetFields("v1",
actions.SetFields("getUser", func(c *actions.FieldConfig) interface{} {
return func(call goja.FunctionCall) goja.Value {
user, err := l.query.GetUserByID(actionCtx, true, userID)
user, err := l.query.GetUserByID(actionCtx, true, userID, false)
if err != nil {
panic(err)
}

6
internal/api/ui/login/init_password_handler.go
View File

@ -106,7 +106,7 @@ func (l *Login) resendPasswordSet(w http.ResponseWriter, r *http.Request, authRe
l.renderInitPassword(w, r, authReq, authReq.UserID, "", err)
return
}
user, err := l.query.GetUser(setContext(r.Context(), userOrg), false, loginName)
user, err := l.query.GetUser(setContext(r.Context(), userOrg), false, false, loginName)
if err != nil {
l.renderInitPassword(w, r, authReq, authReq.UserID, "", err)
return
@ -127,7 +127,7 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR
translator := l.getTranslator(r.Context(), authReq)
data := initPasswordData{
baseData: l.getBaseData(r, authReq, "InitPassword.Title","InitPassword.Description", errID, errMessage),
baseData: l.getBaseData(r, authReq, "InitPassword.Title", "InitPassword.Description", errID, errMessage),
profileData: l.getProfileData(authReq),
UserID: userID,
Code: code,
@ -149,7 +149,7 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR
}
}
if authReq == nil {
user, err := l.query.GetUserByID(r.Context(), false, userID)
user, err := l.query.GetUserByID(r.Context(), false, userID, false)
if err == nil {
l.customTexts(r.Context(), translator, user.ResourceOwner)
}

22
internal/api/ui/login/init_user_handler.go
View File

@ -10,10 +10,10 @@ import (
)
const (
queryInitUserCode = "code"
queryInitUserUserID = "userID"
queryInitUserCode = "code"
queryInitUserUserID = "userID"
queryInitUserLoginName = "loginname"
queryInitUserPassword = "passwordset"
queryInitUserPassword = "passwordset"
tmplInitUser = "inituser"
tmplInitUserDone = "inituserdone"
@ -73,7 +73,7 @@ func (l *Login) handleInitUserCheck(w http.ResponseWriter, r *http.Request) {
func (l *Login) checkUserInitCode(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *initUserFormData, err error) {
if data.Password != data.PasswordConfirm {
err := caos_errs.ThrowInvalidArgument(nil, "VIEW-fsdfd", "Errors.User.Password.ConfirmationWrong")
l.renderInitUser(w, r, authReq, data.UserID,data.LoginName, data.Code, data.PasswordSet, err)
l.renderInitUser(w, r, authReq, data.UserID, data.LoginName, data.Code, data.PasswordSet, err)
return
}
userOrgID := ""
@ -82,32 +82,32 @@ func (l *Login) checkUserInitCode(w http.ResponseWriter, r *http.Request, authRe
}
initCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeInitCode, l.userCodeAlg)
if err != nil {
l.renderInitUser(w, r, authReq, data.UserID,data.LoginName, "", data.PasswordSet, err)
l.renderInitUser(w, r, authReq, data.UserID, data.LoginName, "", data.PasswordSet, err)
return
}
err = l.command.HumanVerifyInitCode(setContext(r.Context(), userOrgID), data.UserID, userOrgID, data.Code, data.Password, initCodeGenerator)
if err != nil {
l.renderInitUser(w, r, authReq, data.UserID,data.LoginName, "", data.PasswordSet, err)
l.renderInitUser(w, r, authReq, data.UserID, data.LoginName, "", data.PasswordSet, err)
return
}
l.renderInitUserDone(w, r, authReq, userOrgID)
}
func (l *Login) resendUserInit(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, userID string,loginName string, showPassword bool) {
func (l *Login) resendUserInit(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, userID string, loginName string, showPassword bool) {
userOrgID := ""
if authReq != nil {
userOrgID = authReq.UserOrgID
}
initCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeInitCode, l.userCodeAlg)
if err != nil {
l.renderInitUser(w, r, authReq, userID,loginName, "", showPassword, err)
l.renderInitUser(w, r, authReq, userID, loginName, "", showPassword, err)
return
}
_, err = l.command.ResendInitialMail(setContext(r.Context(), userOrgID), userID, "", userOrgID, initCodeGenerator)
l.renderInitUser(w, r, authReq, userID, loginName, "", showPassword, err)
}
func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, userID,loginName string, code string, passwordSet bool, err error) {
func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, userID, loginName string, code string, passwordSet bool, err error) {
var errID, errMessage string
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
@ -142,7 +142,7 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *
}
}
if authReq == nil {
user, err := l.query.GetUserByID(r.Context(), false, userID)
user, err := l.query.GetUserByID(r.Context(), false, userID, false)
if err == nil {
l.customTexts(r.Context(), translator, user.ResourceOwner)
}
@ -151,7 +151,7 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *
}
func (l *Login) renderInitUserDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) {
data := l.getUserData(r, authReq,"InitUserDone.Title" ,"InitUserDone.Description", "", "")
data := l.getUserData(r, authReq, "InitUserDone.Title", "InitUserDone.Description", "", "")
translator := l.getTranslator(r.Context(), authReq)
if authReq == nil {
l.customTexts(r.Context(), translator, orgID)

2
internal/api/ui/login/login.go
View File

@ -152,7 +152,7 @@ func (l *Login) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgName string
if err != nil {
return nil, err
}
users, err := l.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}})
users, err := l.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, false)
if err != nil {
return nil, err
}

2
internal/api/ui/login/login_handler.go
View File

@ -99,7 +99,7 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
l.handleIDP(w, r, authReq, authReq.AllowedExternalIDPs[0].IDPConfigID)
return
}
data := l.getUserData(r, authReq, "Login.Title","Login.Description", errID, errMessage)
data := l.getUserData(r, authReq, "Login.Title", "Login.Description", errID, errMessage)
funcs := map[string]interface{}{
"hasUsernamePasswordLogin": func() bool {
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword

2
internal/api/ui/login/login_success_handler.go
View File

@ -41,7 +41,7 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request,
errID, errMessage = l.getErrorMessage(r, err)
}
data := loginSuccessData{
userData: l.getUserData(r, authReq, "LoginSuccess.Title","", errID, errMessage),
userData: l.getUserData(r, authReq, "LoginSuccess.Title", "", errID, errMessage),
}
if authReq != nil {
//the id will be set via the html (maybe change this with the login refactoring)

2
internal/api/ui/login/logout_handler.go
View File

@ -13,6 +13,6 @@ func (l *Login) handleLogoutDone(w http.ResponseWriter, r *http.Request) {
}
func (l *Login) renderLogoutDone(w http.ResponseWriter, r *http.Request) {
data := l.getUserData(r, nil, "LogoutDone.Title","LogoutDone.Description", "", "")
data := l.getUserData(r, nil, "LogoutDone.Title", "LogoutDone.Description", "", "")
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), nil), l.renderer.Templates[tmplLogoutDone], data, nil)
}

6
internal/api/ui/login/mail_verify_handler.go
View File

@ -95,12 +95,12 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a
translator := l.getTranslator(r.Context(), authReq)
data := mailVerificationData{
baseData: l.getBaseData(r, authReq, "EmailVerification.Title","EmailVerification.Description", errID, errMessage),
baseData: l.getBaseData(r, authReq, "EmailVerification.Title", "EmailVerification.Description", errID, errMessage),
UserID: userID,
profileData: l.getProfileData(authReq),
}
if authReq == nil {
user, err := l.query.GetUserByID(r.Context(), false, userID)
user, err := l.query.GetUserByID(r.Context(), false, userID, false)
if err == nil {
l.customTexts(r.Context(), translator, user.ResourceOwner)
}
@ -111,7 +111,7 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a
func (l *Login) renderMailVerified(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) {
translator := l.getTranslator(r.Context(), authReq)
data := mailVerificationData{
baseData: l.getBaseData(r, authReq, "EmailVerificationDone.Title","EmailVerificationDone.Description", "", ""),
baseData: l.getBaseData(r, authReq, "EmailVerificationDone.Title", "EmailVerificationDone.Description", "", ""),
profileData: l.getProfileData(authReq),
}
if authReq == nil {

2
internal/api/ui/login/mfa_init_done_handler.go
View File

@ -16,7 +16,7 @@ type mfaInitDoneData struct {
func (l *Login) renderMFAInitDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaDoneData) {
var errType, errMessage string
translator := l.getTranslator(r.Context(), authReq)
data.baseData = l.getBaseData(r, authReq, "InitMFADone.Title","InitMFADone.Description", errType, errMessage)
data.baseData = l.getBaseData(r, authReq, "InitMFADone.Title", "InitMFADone.Description", errType, errMessage)
data.profileData = l.getProfileData(authReq)
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAInitDone], data, nil)
}

2
internal/api/ui/login/mfa_init_u2f.go
View File

@ -31,7 +31,7 @@ func (l *Login) renderRegisterU2F(w http.ResponseWriter, r *http.Request, authRe
}
data := &u2fInitData{
webAuthNData: webAuthNData{
userData: l.getUserData(r, authReq, "InitMFAU2F.Title","InitMFAU2F.Description", errID, errMessage),
userData: l.getUserData(r, authReq, "InitMFAU2F.Title", "InitMFAU2F.Description", errID, errMessage),
CredentialCreationData: credentialData,
},
MFAType: domain.MFATypeU2F,

2
internal/api/ui/login/mfa_prompt_handler.go
View File

@ -56,7 +56,7 @@ func (l *Login) renderMFAPrompt(w http.ResponseWriter, r *http.Request, authReq
}
translator := l.getTranslator(r.Context(), authReq)
data := mfaData{
baseData: l.getBaseData(r, authReq, "InitMFAPrompt.Title","InitMFAPrompt.Description", errID, errMessage),
baseData: l.getBaseData(r, authReq, "InitMFAPrompt.Title", "InitMFAPrompt.Description", errID, errMessage),
profileData: l.getProfileData(authReq),
}

2
internal/api/ui/login/mfa_verify_handler.go
View File

@ -58,7 +58,7 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request,
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
data := l.getUserData(r, authReq, "","", errID, errMessage)
data := l.getUserData(r, authReq, "", "", errID, errMessage)
if verificationStep == nil {
l.renderError(w, r, authReq, err)
return

2
internal/api/ui/login/mfa_verify_u2f_handler.go
View File

@ -39,7 +39,7 @@ func (l *Login) renderU2FVerification(w http.ResponseWriter, r *http.Request, au
}
data := &mfaU2FData{
webAuthNData: webAuthNData{
userData: l.getUserData(r, authReq, "VerifyMFAU2F.Title","VerifyMFAU2F.Description", errID, errMessage),
userData: l.getUserData(r, authReq, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage),
CredentialCreationData: credentialData,
},
MFAProviders: providers,

2
internal/api/ui/login/password_complexity_policy_handler.go
View File

@ -22,7 +22,7 @@ func (l *Login) getPasswordComplexityPolicy(r *http.Request, orgID string) *iam_
}
func (l *Login) getPasswordComplexityPolicyByUserID(r *http.Request, userID string) *iam_model.PasswordComplexityPolicyView {
user, err := l.query.GetUserByID(r.Context(), false, userID)
user, err := l.query.GetUserByID(r.Context(), false, userID, false)
if err != nil {
logging.WithFields("userID", userID).OnError(err).Error("could not load user for password complexity policy")
return nil

2
internal/api/ui/login/password_handler.go
View File

@ -19,7 +19,7 @@ func (l *Login) renderPassword(w http.ResponseWriter, r *http.Request, authReq *
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
data := l.getUserData(r, authReq, "Password.Title","Password.Description", errID, errMessage)
data := l.getUserData(r, authReq, "Password.Title", "Password.Description", errID, errMessage)
funcs := map[string]interface{}{
"showPasswordReset": func() bool {
if authReq.LoginPolicy != nil {

4
internal/api/ui/login/password_reset_handler.go
View File

@ -23,7 +23,7 @@ func (l *Login) handlePasswordReset(w http.ResponseWriter, r *http.Request) {
l.renderInitPassword(w, r, authReq, authReq.UserID, "", err)
return
}
user, err := l.query.GetUser(setContext(r.Context(), authReq.UserOrgID), true, loginName)
user, err := l.query.GetUser(setContext(r.Context(), authReq.UserOrgID), true, false, loginName)
if err != nil {
l.renderPasswordResetDone(w, r, authReq, err)
return
@ -45,6 +45,6 @@ func (l *Login) renderPasswordResetDone(w http.ResponseWriter, r *http.Request,
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
data := l.getUserData(r, authReq, "PasswordResetDone.Title","PasswordResetDone.Description", errID, errMessage)
data := l.getUserData(r, authReq, "PasswordResetDone.Title", "PasswordResetDone.Description", errID, errMessage)
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplPasswordResetDone], data, nil)
}

2
internal/api/ui/login/passwordless_login_handler.go
View File

@ -38,7 +38,7 @@ func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Re
}
data := &passwordlessData{
webAuthNData{
userData: l.getUserData(r, authReq, "Passwordless.Title","Passwordless.Description", errID, errMessage),
userData: l.getUserData(r, authReq, "Passwordless.Title", "Passwordless.Description", errID, errMessage),
CredentialCreationData: credentialData,
},
passwordSet,

2
internal/api/ui/login/passwordless_prompt_handler.go
View File

@ -32,7 +32,7 @@ func (l *Login) renderPasswordlessPrompt(w http.ResponseWriter, r *http.Request,
errID, errMessage = l.getErrorMessage(r, err)
}
data := &passwordlessPromptData{
userData: l.getUserData(r, authReq, "PasswordlessPrompt.Title","PasswordlessPrompt.Description", errID, errMessage),
userData: l.getUserData(r, authReq, "PasswordlessPrompt.Title", "PasswordlessPrompt.Description", errID, errMessage),
}
translator := l.getTranslator(r.Context(), authReq)

4
internal/api/ui/login/passwordless_registration_handler.go
View File

@ -114,7 +114,7 @@ func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Re
disabled,
}
if authReq == nil {
policy, err := l.query.ActiveLabelPolicyByOrg(r.Context(), orgID)
policy, err := l.query.ActiveLabelPolicyByOrg(r.Context(), orgID, false)
logging.Log("HANDL-XjWKE").OnError(err).Error("unable to get active label policy")
data.LabelPolicy = labelPolicyToDomain(policy)
@ -195,7 +195,7 @@ func (l *Login) renderPasswordlessRegistrationDone(w http.ResponseWriter, r *htt
translator := l.getTranslator(r.Context(), authReq)
data := passwordlessRegistrationDoneDate{
userData: l.getUserData(r, authReq, "PasswordlessRegistrationDone.Title","PasswordlessRegistrationDone.Description", errID, errMessage),
userData: l.getUserData(r, authReq, "PasswordlessRegistrationDone.Title", "PasswordlessRegistrationDone.Description", errID, errMessage),
HideNextButton: authReq == nil,
}
if authReq == nil {

6
internal/api/ui/login/policy_handler.go
View File

@ -15,7 +15,7 @@ func (l *Login) getOrgDomainPolicy(r *http.Request, orgID string) (*query.Domain
if orgID == "" {
return l.query.DefaultDomainPolicy(r.Context())
}
return l.query.DomainPolicyByOrg(r.Context(), false, orgID)
return l.query.DomainPolicyByOrg(r.Context(), false, orgID, false)
}
func (l *Login) getIDPConfigByID(r *http.Request, idpConfigID string) (*iam_model.IDPConfigView, error) {
@ -26,12 +26,12 @@ func (l *Login) getLoginPolicy(r *http.Request, orgID string) (*query.LoginPolic
if orgID == "" {
return l.query.DefaultLoginPolicy(r.Context())
}
return l.query.LoginPolicyByID(r.Context(), false, orgID)
return l.query.LoginPolicyByID(r.Context(), false, orgID, false)
}
func (l *Login) getLabelPolicy(r *http.Request, orgID string) (*query.LabelPolicy, error) {
if orgID == "" {
return l.query.DefaultActiveLabelPolicy(r.Context())
}
return l.query.ActiveLabelPolicyByOrg(r.Context(), orgID)
return l.query.ActiveLabelPolicyByOrg(r.Context(), orgID, false)
}

2
internal/api/ui/login/register_handler.go
View File

@ -124,7 +124,7 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
}
data := registerData{
baseData: l.getBaseData(r, authRequest, "RegistrationUser.Title","RegistrationUser.Description", errID, errMessage),
baseData: l.getBaseData(r, authRequest, "RegistrationUser.Title", "RegistrationUser.Description", errID, errMessage),
registerFormData: *formData,
}

4
internal/api/ui/login/register_option_handler.go
View File

@ -54,7 +54,7 @@ func (l *Login) renderRegisterOption(w http.ResponseWriter, r *http.Request, aut
}
translator := l.getTranslator(r.Context(), authReq)
data := registerOptionData{
baseData: l.getBaseData(r, authReq, "RegisterOption.Title","RegisterOption.Description", errID, errMessage),
baseData: l.getBaseData(r, authReq, "RegisterOption.Title", "RegisterOption.Description", errID, errMessage),
}
funcs := map[string]interface{}{
"hasRegistration": func() bool {
@ -109,7 +109,7 @@ func (l *Login) passLoginHintToRegistration(r *http.Request, authReq *domain.Aut
logging.WithFields("authRequest", authReq.ID, "org", authReq.RequestedOrgID).Error("unable to search query for registration loginHint")
return data
}
domains, err := l.query.SearchOrgDomains(r.Context(), &query.OrgDomainSearchQueries{Queries: []query.SearchQuery{searchQuery}})
domains, err := l.query.SearchOrgDomains(r.Context(), &query.OrgDomainSearchQueries{Queries: []query.SearchQuery{searchQuery}}, false)
if err != nil {
logging.WithFields("authRequest", authReq.ID, "org", authReq.RequestedOrgID).Error("unable to load domains for registration loginHint")
return data

2
internal/api/ui/login/register_org_handler.go
View File

@ -88,7 +88,7 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe
}
translator := l.getTranslator(r.Context(), authRequest)
data := registerOrgData{
baseData: l.getBaseData(r, authRequest, "RegistrationOrg.Title","RegistrationOrg.Description", errID, errMessage),
baseData: l.getBaseData(r, authRequest, "RegistrationOrg.Title", "RegistrationOrg.Description", errID, errMessage),
registerOrgFormData: *formData,
}
pwPolicy := l.getPasswordComplexityPolicy(r, "0")

16
internal/api/ui/login/renderer.go
View File

@ -325,7 +325,7 @@ func (l *Login) renderInternalError(w http.ResponseWriter, r *http.Request, auth
if err != nil {
_, msg = l.getErrorMessage(r, err)
}
data := l.getBaseData(r, authReq, "Errors.Internal","", "Internal", msg)
data := l.getBaseData(r, authReq, "Errors.Internal", "", "Internal", msg)
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplError], data, nil)
}
@ -342,7 +342,7 @@ func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, titleI
func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) baseData {
translator := l.getTranslator(r.Context(), authReq)
title := ""
if titleI18nKey != "" {
title = translator.LocalizeWithoutArgs(titleI18nKey)
@ -350,9 +350,9 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI
description := ""
if descriptionI18nKey != "" {
description = translator.LocalizeWithoutArgs(descriptionI18nKey)
description = translator.LocalizeWithoutArgs(descriptionI18nKey)
}
lang, _ := l.renderer.ReqLang(translator, r).Base()
baseData := baseData{
errorData: errorData{
@ -361,7 +361,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI
},
Lang: lang.String(),
Title: title,
Description: description,
Description: description,
Theme: l.getTheme(r),
ThemeMode: l.getThemeMode(r),
DarkMode: l.isDarkMode(r),
@ -384,7 +384,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI
}
privacyPolicy = authReq.PrivacyPolicy
} else {
labelPolicy, _ := l.query.ActiveLabelPolicyByOrg(r.Context(), baseData.PrivateLabelingOrgID)
labelPolicy, _ := l.query.ActiveLabelPolicyByOrg(r.Context(), baseData.PrivateLabelingOrgID, false)
if labelPolicy != nil {
baseData.LabelPolicy = labelPolicy.ToDomain()
}
@ -549,7 +549,7 @@ func (l *Login) addLoginTranslations(translator *i18n.Translator, customTexts []
func (l *Login) customTexts(ctx context.Context, translator *i18n.Translator, orgID string) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceTexts, err := l.query.CustomTextListByTemplate(ctx, instanceID, domain.LoginCustomText)
instanceTexts, err := l.query.CustomTextListByTemplate(ctx, instanceID, domain.LoginCustomText, false)
if err != nil {
logging.WithFields("instanceID", instanceID).Warn("unable to load custom texts for instance")
return
@ -558,7 +558,7 @@ func (l *Login) customTexts(ctx context.Context, translator *i18n.Translator, or
if orgID == "" {
return
}
orgTexts, err := l.query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText)
orgTexts, err := l.query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText, false)
if err != nil {
logging.WithFields("instanceID", instanceID, "org", orgID).Warn("unable to load custom texts for org")
return

4
internal/api/ui/login/select_user_handler.go
View File

@ -18,7 +18,7 @@ type userSelectionFormData struct {
func (l *Login) renderUserSelection(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, selectionData *domain.SelectUserStep) {
translator := l.getTranslator(r.Context(), authReq)
linking := len(authReq.LinkingUsers) > 0
titleI18nKey := "SelectAccount.Title"
@ -28,7 +28,7 @@ func (l *Login) renderUserSelection(w http.ResponseWriter, r *http.Request, auth
descriptionI18nKey = "SelectAccount.DescriptionLinking"
}
data := userSelectionData{
baseData: l.getBaseData(r, authReq, titleI18nKey,descriptionI18nKey, "", ""),
baseData: l.getBaseData(r, authReq, titleI18nKey, descriptionI18nKey, "", ""),
Users: selectionData.Users,
Linking: linking,
}

4
internal/api/ui/login/username_change_handler.go
View File

@ -21,7 +21,7 @@ func (l *Login) renderChangeUsername(w http.ResponseWriter, r *http.Request, aut
errID, errMessage = l.getErrorMessage(r, err)
}
translator := l.getTranslator(r.Context(), authReq)
data := l.getUserData(r, authReq, "UsernameChange.Title","UsernameChange.Description", errID, errMessage)
data := l.getUserData(r, authReq, "UsernameChange.Title", "UsernameChange.Description", errID, errMessage)
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsername], data, nil)
}
@ -43,6 +43,6 @@ func (l *Login) handleChangeUsername(w http.ResponseWriter, r *http.Request) {
func (l *Login) renderChangeUsernameDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
var errType, errMessage string
translator := l.getTranslator(r.Context(), authReq)
data := l.getUserData(r, authReq, "UsernameChangeDone.Title","UsernameChangeDone.Description", errType, errMessage)
data := l.getUserData(r, authReq, "UsernameChangeDone.Title", "UsernameChangeDone.Description", errType, errMessage)
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsernameDone], data, nil)
}

42
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -57,11 +57,11 @@ type AuthRequestRepo struct {
}
type labelPolicyProvider interface {
ActiveLabelPolicyByOrg(context.Context, string) (*query.LabelPolicy, error)
ActiveLabelPolicyByOrg(context.Context, string, bool) (*query.LabelPolicy, error)
}
type privacyPolicyProvider interface {
PrivacyPolicyByOrg(context.Context, bool, string) (*query.PrivacyPolicy, error)
PrivacyPolicyByOrg(context.Context, bool, string, bool) (*query.PrivacyPolicy, error)
}
type userSessionViewProvider interface {
@ -73,11 +73,11 @@ type userViewProvider interface {
}
type loginPolicyViewProvider interface {
LoginPolicyByID(context.Context, bool, string) (*query.LoginPolicy, error)
LoginPolicyByID(context.Context, bool, string, bool) (*query.LoginPolicy, error)
}
type lockoutPolicyViewProvider interface {
LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error)
LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error)
}
type idpProviderViewProvider interface {
@ -85,7 +85,7 @@ type idpProviderViewProvider interface {
}
type idpUserLinksProvider interface {
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error)
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error)
}
type userEventProvider interface {
@ -102,17 +102,17 @@ type orgViewProvider interface {
}
type userGrantProvider interface {
ProjectByClientID(context.Context, string) (*query.Project, error)
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
UserGrantsByProjectAndUserID(context.Context, string, string) ([]*query.UserGrant, error)
}
type projectProvider interface {
ProjectByClientID(context.Context, string) (*query.Project, error)
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
OrgProjectMappingByIDs(orgID, projectID, instanceID string) (*project_view_model.OrgProjectMapping, error)
}
type applicationProvider interface {
AppByOIDCClientID(context.Context, string) (*query.App, error)
AppByOIDCClientID(context.Context, string, bool) (*query.App, error)
}
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
@ -127,7 +127,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
return nil, err
}
request.ID = reqID
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID)
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
if err != nil {
return nil, err
}
@ -135,7 +135,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
if err != nil {
return nil, err
}
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
if err != nil {
return nil, err
}
@ -547,7 +547,7 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID
}
func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context, orgID string) (*query.LoginPolicy, []*domain.IDPProvider, error) {
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID)
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID, false)
if err != nil {
return nil, nil, err
}
@ -710,7 +710,7 @@ func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *
return false
}
// and if the login policy allows domain discovery
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID)
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID, false)
if err != nil || !policy.AllowDomainDiscovery {
return false
}
@ -997,7 +997,7 @@ func checkExternalIDPsOfUser(ctx context.Context, idpUserLinksProvider idpUserLi
if err != nil {
return nil, err
}
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}})
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}}, false)
}
func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest) ([]domain.UserSelection, error) {
@ -1113,7 +1113,7 @@ func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, reques
}
func (repo *AuthRequestRepo) GetPrivacyPolicy(ctx context.Context, orgID string) (*domain.PrivacyPolicy, error) {
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID)
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID, false)
if errors.IsNotFound(err) {
return new(domain.PrivacyPolicy), nil
}
@ -1141,7 +1141,7 @@ func privacyPolicyToDomain(p *query.PrivacyPolicy) *domain.PrivacyPolicy {
}
func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string) (*query.LockoutPolicy, error) {
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID)
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID, false)
if err != nil {
return nil, err
}
@ -1149,7 +1149,7 @@ func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string)
}
func (repo *AuthRequestRepo) getLabelPolicy(ctx context.Context, orgID string) (*domain.LabelPolicy, error) {
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID)
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID, false)
if err != nil {
return nil, err
}
@ -1187,7 +1187,7 @@ func labelPolicyToDomain(p *query.LabelPolicy) *domain.LabelPolicy {
}
func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID string) ([]*domain.CustomText, error) {
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText)
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText, false)
if err != nil {
return nil, err
}
@ -1198,7 +1198,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
if _, ok := request.Request.(*domain.AuthRequestOIDC); !ok {
return false, nil
}
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID)
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID, false)
if err != nil {
return false, err
}
@ -1206,7 +1206,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
}
func (repo *AuthRequestRepo) getDomainPolicy(ctx context.Context, orgID string) (*query.DomainPolicy, error) {
return repo.Query.DomainPolicyByOrg(ctx, false, orgID)
return repo.Query.DomainPolicyByOrg(ctx, false, orgID, false)
}
func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
@ -1420,7 +1420,7 @@ func userGrantRequired(ctx context.Context, request *domain.AuthRequest, user *u
var project *query.Project
switch request.Request.Type() {
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID)
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID, false)
if err != nil {
return false, err
}
@ -1441,7 +1441,7 @@ func projectRequired(ctx context.Context, request *domain.AuthRequest, projectPr
var project *query.Project
switch request.Request.Type() {
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID)
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
if err != nil {
return false, err
}

12
internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
View File

@ -132,7 +132,7 @@ type mockLoginPolicy struct {
policy *query.LoginPolicy
}
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string) (*query.LoginPolicy, error) {
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string, _ bool) (*query.LoginPolicy, error) {
return m.policy, nil
}
@ -140,7 +140,7 @@ type mockLockoutPolicy struct {
policy *query.LockoutPolicy
}
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error) {
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error) {
return m.policy, nil
}
@ -195,7 +195,7 @@ type mockUserGrants struct {
userGrants int
}
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
return &query.Project{ProjectRoleCheck: m.roleCheck}, nil
}
@ -212,7 +212,7 @@ type mockProject struct {
projectCheck bool
}
func (m *mockProject) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
func (m *mockProject) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
return &query.Project{HasProjectCheck: m.projectCheck}, nil
}
@ -227,7 +227,7 @@ type mockApp struct {
app *query.App
}
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string) (*query.App, error) {
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string, _ bool) (*query.App, error) {
if m.app != nil {
return m.app, nil
}
@ -238,7 +238,7 @@ type mockIDPUserLinks struct {
idps []*query.IDPUserLink
}
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error) {
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error) {
return &query.IDPUserLinks{Links: m.idps}, nil
}

6
internal/auth/repository/eventsourcing/eventstore/org.go
View File

@ -31,7 +31,7 @@ func (repo *OrgRepository) GetIDPConfigByID(ctx context.Context, idpConfigID str
}
func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
if err != nil {
return nil, err
}
@ -39,11 +39,11 @@ func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*
}
func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*domain.CustomText, error) {
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText)
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText, false)
if err != nil {
return nil, err
}
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText)
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText, false)
if err != nil {
return nil, err
}

4
internal/auth/repository/eventsourcing/handler/idp_config.go
View File

@ -17,7 +17,7 @@ import (
)
const (
idpConfigTable = "auth.idp_configs"
idpConfigTable = "auth.idp_configs2"
)
type IDPConfig struct {
@ -121,6 +121,8 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
return i.view.DeleteIDPConfig(idp.IDPConfigID, event)
case instance.InstanceRemovedEventType:
return i.view.DeleteInstanceIDPs(event)
case org.OrgRemovedEventType:
return i.view.UpdateOrgOwnerRemovedIDPs(event)
default:
return i.view.ProcessedIDPConfigSequence(event)
}

10
internal/auth/repository/eventsourcing/handler/idp_providers.go
View File

@ -21,7 +21,7 @@ import (
)
const (
idpProviderTable = "auth.idp_providers"
idpProviderTable = "auth.idp_providers2"
)
type IDPProvider struct {
@ -140,7 +140,9 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
case org.LoginPolicyRemovedEventType:
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event.InstanceID, event)
case instance.InstanceRemovedEventType:
return i.view.DeleteInstanceIDPs(event)
return i.view.DeleteInstanceIDPProviders(event)
case org.OrgRemovedEventType:
return i.view.UpdateOrgOwnerRemovedIDPProviders(event)
default:
return i.view.ProcessedIDPProviderSequence(event)
}
@ -194,9 +196,9 @@ func (i *IDPProvider) OnSuccess(instanceIDs []string) error {
}
func (i *IDPProvider) getOrgIDPConfig(instanceID, aggregateID, idpConfigID string) (*query2.IDP, error) {
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID)
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID, false)
}
func (i *IDPProvider) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID)
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID, false)
}

5
internal/auth/repository/eventsourcing/handler/org_project_mapping.go
View File

@ -12,11 +12,12 @@ import (
"github.com/zitadel/zitadel/internal/eventstore/v1/spooler"
view_model "github.com/zitadel/zitadel/internal/project/repository/view/model"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
)
const (
orgProjectMappingTable = "auth.org_project_mapping"
orgProjectMappingTable = "auth.org_project_mapping2"
)
type OrgProjectMapping struct {
@ -108,6 +109,8 @@ func (p *OrgProjectMapping) Reduce(event *es_models.Event) (err error) {
}
case instance.InstanceRemovedEventType:
return p.view.DeleteInstanceOrgProjectMappings(event)
case org.OrgRemovedEventType:
return p.view.UpdateOwnerRemovedOrgProjectMappings(event)
default:
return p.view.ProcessedOrgProjectMappingSequence(event)
}

3
internal/auth/repository/eventsourcing/handler/refresh_token.go
View File

@ -13,6 +13,7 @@ import (
"github.com/zitadel/zitadel/internal/eventstore/v1/query"
"github.com/zitadel/zitadel/internal/eventstore/v1/spooler"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/repository/user"
view_model "github.com/zitadel/zitadel/internal/user/repository/view/model"
@ -114,6 +115,8 @@ func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
return t.view.DeleteUserRefreshTokens(event.AggregateID, event.InstanceID, event)
case instance.InstanceRemovedEventType:
return t.view.DeleteInstanceRefreshTokens(event)
case org.OrgRemovedEventType:
return t.view.DeleteOrgRefreshTokens(event)
default:
return t.view.ProcessedRefreshTokenSequence(event)
}

6
internal/auth/repository/eventsourcing/handler/token.go
View File

@ -17,6 +17,7 @@ import (
project_es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model"
proj_view "github.com/zitadel/zitadel/internal/project/repository/view"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/repository/user"
user_repo "github.com/zitadel/zitadel/internal/repository/user"
@ -151,6 +152,11 @@ func (t *Token) Reduce(event *es_models.Event) (err error) {
return t.view.DeleteApplicationTokens(event, applicationsIDs...)
case instance.InstanceRemovedEventType:
return t.view.DeleteInstanceTokens(event)
case org.OrgRemovedEventType:
// deletes all tokens including PATs, which is expected for now
// if there is an undo of the org deletion in the future,
// we will need to have a look on how to handle the deleted PATs
return t.view.DeleteOrgTokens(event)
default:
return t.view.ProcessedTokenSequence(event)
}

4
internal/auth/repository/eventsourcing/handler/user.go
View File

@ -24,7 +24,7 @@ import (
)
const (
userTable = "auth.users"
userTable = "auth.users2"
)
type User struct {
@ -228,6 +228,8 @@ func (u *User) ProcessOrg(event *es_models.Event) (err error) {
return u.fillLoginNamesOnOrgUsers(event)
case org.OrgDomainPrimarySetEventType:
return u.fillPreferredLoginNamesOnOrgUsers(event)
case org.OrgRemovedEventType:
return u.view.UpdateOrgOwnerRemovedUsers(event)
default:
return u.view.ProcessedUserSequence(event)
}

8
internal/auth/repository/eventsourcing/handler/user_external_idps.go
View File

@ -22,7 +22,7 @@ import (
)
const (
externalIDPTable = "auth.user_external_idps"
externalIDPTable = "auth.user_external_idps2"
)
type ExternalIDP struct {
@ -153,6 +153,8 @@ func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
return i.view.PutExternalIDPs(event, exterinalIDPs...)
case instance.InstanceRemovedEventType:
return i.view.DeleteInstanceExternalIDPs(event)
case org.OrgRemovedEventType:
return i.view.UpdateOrgOwnerRemovedExternalIDPs(event)
default:
return i.view.ProcessedExternalIDPSequence(event)
}
@ -184,9 +186,9 @@ func (i *ExternalIDP) OnSuccess(instanceIDs []string) error {
}
func (i *ExternalIDP) getOrgIDPConfig(instanceID, aggregateID, idpConfigID string) (*query2.IDP, error) {
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID)
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID, false)
}
func (i *ExternalIDP) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID)
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID, false)
}

2
internal/auth/repository/eventsourcing/handler/user_session.go
View File

@ -156,6 +156,8 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
return u.view.DeleteUserSessions(event.AggregateID, event.InstanceID, event)
case instance.InstanceRemovedEventType:
return u.view.DeleteInstanceUserSessions(event)
case org.OrgRemovedEventType:
return u.view.DeleteOrgUserSessions(event)
default:
return u.view.ProcessedUserSessionSequence(event)
}

2
internal/auth/repository/eventsourcing/repository.go
View File

@ -127,7 +127,7 @@ func (q queryViewWrapper) UserGrantsByProjectAndUserID(ctx context.Context, proj
return nil, err
}
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID, userGrantProjectID}}
grants, err := q.Queries.UserGrants(ctx, queries)
grants, err := q.Queries.UserGrants(ctx, queries, false)
if err != nil {
return nil, err
}

10
internal/auth/repository/eventsourcing/view/external_idps.go
View File

@ -9,7 +9,7 @@ import (
)
const (
externalIDPTable = "auth.user_external_idps"
externalIDPTable = "auth.user_external_idps2"
)
func (v *View) ExternalIDPByExternalUserIDAndIDPConfigID(externalUserID, idpConfigID, instanceID string) (*model.ExternalIDPView, error) {
@ -64,6 +64,14 @@ func (v *View) DeleteInstanceExternalIDPs(event *models.Event) error {
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) UpdateOrgOwnerRemovedExternalIDPs(event *models.Event) error {
err := view.UpdateOrgOwnerRemovedExternalIDPs(v.Db, externalIDPTable, event.InstanceID, event.ResourceOwner)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) GetLatestExternalIDPSequence(instanceID string) (*global_view.CurrentSequence, error) {
return v.latestSequence(externalIDPTable, instanceID)
}

10
internal/auth/repository/eventsourcing/view/idp_configs.go
View File

@ -10,7 +10,7 @@ import (
)
const (
idpConfigTable = "auth.idp_configs"
idpConfigTable = "auth.idp_configs2"
)
func (v *View) IDPConfigByID(idpID, instanceID string) (*iam_es_model.IDPConfigView, error) {
@ -49,6 +49,14 @@ func (v *View) DeleteInstanceIDPs(event *models.Event) error {
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) UpdateOrgOwnerRemovedIDPs(event *models.Event) error {
err := view.UpdateOrgOwnerRemovedIDPs(v.Db, idpConfigTable, event.InstanceID, event.AggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) GetLatestIDPConfigSequence(instanceID string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable, instanceID)
}

10
internal/auth/repository/eventsourcing/view/idp_providers.go
View File

@ -10,7 +10,7 @@ import (
)
const (
idpProviderTable = "auth.idp_providers"
idpProviderTable = "auth.idp_providers2"
)
func (v *View) IDPProviderByAggregateAndIDPConfigID(aggregateID, idpConfigID, instanceID string) (*model.IDPProviderView, error) {
@ -69,6 +69,14 @@ func (v *View) DeleteInstanceIDPProviders(event *models.Event) error {
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) UpdateOrgOwnerRemovedIDPProviders(event *models.Event) error {
err := view.UpdateOrgOwnerRemovedIDPProviders(v.Db, idpProviderTable, event.InstanceID, event.AggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) GetLatestIDPProviderSequence(instanceID string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable, instanceID)
}

32
internal/auth/repository/eventsourcing/view/org_project_mapping.go
View File

@ -9,15 +9,15 @@ import (
)
const (
orgPrgojectMappingTable = "auth.org_project_mapping"
orgProjectMappingTable = "auth.org_project_mapping2"
)
func (v *View) OrgProjectMappingByIDs(orgID, projectID, instanceID string) (*model.OrgProjectMapping, error) {
return view.OrgProjectMappingByIDs(v.Db, orgPrgojectMappingTable, orgID, projectID, instanceID)
return view.OrgProjectMappingByIDs(v.Db, orgProjectMappingTable, orgID, projectID, instanceID)
}
func (v *View) PutOrgProjectMapping(mapping *model.OrgProjectMapping, event *models.Event) error {
err := view.PutOrgProjectMapping(v.Db, orgPrgojectMappingTable, mapping)
err := view.PutOrgProjectMapping(v.Db, orgProjectMappingTable, mapping)
if err != nil {
return err
}
@ -25,7 +25,7 @@ func (v *View) PutOrgProjectMapping(mapping *model.OrgProjectMapping, event *mod
}
func (v *View) DeleteOrgProjectMapping(orgID, projectID, instanceID string, event *models.Event) error {
err := view.DeleteOrgProjectMapping(v.Db, orgPrgojectMappingTable, orgID, projectID, instanceID)
err := view.DeleteOrgProjectMapping(v.Db, orgProjectMappingTable, orgID, projectID, instanceID)
if err != nil && !errors.IsNotFound(err) {
return err
}
@ -33,7 +33,15 @@ func (v *View) DeleteOrgProjectMapping(orgID, projectID, instanceID string, even
}
func (v *View) DeleteInstanceOrgProjectMappings(event *models.Event) error {
err := view.DeleteInstanceOrgProjectMappings(v.Db, orgPrgojectMappingTable, event.InstanceID)
err := view.DeleteInstanceOrgProjectMappings(v.Db, orgProjectMappingTable, event.InstanceID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedOrgProjectMappingSequence(event)
}
func (v *View) UpdateOwnerRemovedOrgProjectMappings(event *models.Event) error {
err := view.UpdateOwnerRemovedOrgProjectMappings(v.Db, orgProjectMappingTable, event.InstanceID, event.AggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
@ -41,31 +49,31 @@ func (v *View) DeleteInstanceOrgProjectMappings(event *models.Event) error {
}
func (v *View) DeleteOrgProjectMappingsByProjectID(projectID, instanceID string) error {
return view.DeleteOrgProjectMappingsByProjectID(v.Db, orgPrgojectMappingTable, projectID, instanceID)
return view.DeleteOrgProjectMappingsByProjectID(v.Db, orgProjectMappingTable, projectID, instanceID)
}
func (v *View) DeleteOrgProjectMappingsByProjectGrantID(projectGrantID, instanceID string) error {
return view.DeleteOrgProjectMappingsByProjectGrantID(v.Db, orgPrgojectMappingTable, projectGrantID, instanceID)
return view.DeleteOrgProjectMappingsByProjectGrantID(v.Db, orgProjectMappingTable, projectGrantID, instanceID)
}
func (v *View) GetLatestOrgProjectMappingSequence(instanceID string) (*repository.CurrentSequence, error) {
return v.latestSequence(orgPrgojectMappingTable, instanceID)
return v.latestSequence(orgProjectMappingTable, instanceID)
}
func (v *View) GetLatestOrgProjectMappingSequences(instanceIDs []string) ([]*repository.CurrentSequence, error) {
return v.latestSequences(orgPrgojectMappingTable, instanceIDs)
return v.latestSequences(orgProjectMappingTable, instanceIDs)
}
func (v *View) ProcessedOrgProjectMappingSequence(event *models.Event) error {
return v.saveCurrentSequence(orgPrgojectMappingTable, event)
return v.saveCurrentSequence(orgProjectMappingTable, event)
}
func (v *View) UpdateOrgProjectMappingSpoolerRunTimestamp(instanceIDs []string) error {
return v.updateSpoolerRunSequence(orgPrgojectMappingTable, instanceIDs)
return v.updateSpoolerRunSequence(orgProjectMappingTable, instanceIDs)
}
func (v *View) GetLatestOrgProjectMappingFailedEvent(sequence uint64, instanceID string) (*repository.FailedEvent, error) {
return v.latestFailedEvent(orgPrgojectMappingTable, instanceID, sequence)
return v.latestFailedEvent(orgProjectMappingTable, instanceID, sequence)
}
func (v *View) ProcessedOrgProjectMappingFailedEvent(failedEvent *repository.FailedEvent) error {

8
internal/auth/repository/eventsourcing/view/refresh_token.go
View File

@ -73,6 +73,14 @@ func (v *View) DeleteInstanceRefreshTokens(event *models.Event) error {
return v.ProcessedRefreshTokenSequence(event)
}
func (v *View) DeleteOrgRefreshTokens(event *models.Event) error {
err := usr_view.DeleteOrgRefreshTokens(v.Db, refreshTokenTable, event.InstanceID, event.ResourceOwner)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedRefreshTokenSequence(event)
}
func (v *View) GetLatestRefreshTokenSequence(instanceID string) (*repository.CurrentSequence, error) {
return v.latestSequence(refreshTokenTable, instanceID)
}

8
internal/auth/repository/eventsourcing/view/token.go
View File

@ -84,6 +84,14 @@ func (v *View) DeleteInstanceTokens(event *models.Event) error {
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteOrgTokens(event *models.Event) error {
err := usr_view.DeleteOrgTokens(v.Db, tokenTable, event.InstanceID, event.ResourceOwner)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(event)
}
func (v *View) GetLatestTokenSequence(instanceID string) (*repository.CurrentSequence, error) {
return v.latestSequence(tokenTable, instanceID)
}

12
internal/auth/repository/eventsourcing/view/user.go
View File

@ -14,7 +14,7 @@ import (
)
const (
userTable = "auth.users"
userTable = "auth.users2"
)
func (v *View) UserByID(userID, instanceID string) (*model.UserView, error) {
@ -97,7 +97,7 @@ func (v *View) UserByPhoneAndResourceOwner(phone, resourceOwner, instanceID stri
func (v *View) userByID(instanceID string, queries ...query.SearchQuery) (*model.UserView, error) {
ctx := authz.WithInstanceID(context.Background(), instanceID)
queriedUser, err := v.query.GetNotifyUser(ctx, true, queries...)
queriedUser, err := v.query.GetNotifyUser(ctx, true, false, queries...)
if err != nil {
return nil, err
}
@ -189,6 +189,14 @@ func (v *View) DeleteInstanceUsers(event *models.Event) error {
return v.ProcessedUserSequence(event)
}
func (v *View) UpdateOrgOwnerRemovedUsers(event *models.Event) error {
err := view.UpdateOrgOwnerRemovedUsers(v.Db, userTable, event.InstanceID, event.AggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserSequence(event)
}
func (v *View) GetLatestUserSequence(instanceID string) (*repository.CurrentSequence, error) {
return v.latestSequence(userTable, instanceID)
}

Some files were not shown because too many files have changed in this diff Show More