mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-04 23:45:07 +00:00
feat: password age policy (#8132)
# Which Problems Are Solved Some organizations / customers have the requirement, that there users regularly need to change their password. ZITADEL already had the possibility to manage a `password age policy` ( thought the API) with the maximum amount of days a password should be valid, resp. days after with the user should be warned of the upcoming expiration. The policy could not be managed though the Console UI and was not checked in the Login UI. # How the Problems Are Solved - The policy can be managed in the Console UI's settings sections on an instance and organization level. - During an authentication in the Login UI, if a policy is set with an expiry (>0) and the user's last password change exceeds the amount of days set, the user will be prompted to change their password. - The prompt message of the Login UI can be customized in the Custom Login Texts though the Console and API on the instance and each organization. - The information when the user last changed their password is returned in the Auth, Management and User V2 API. - The policy can be retrieved in the settings service as `password expiry settings`. # Additional Changes None. # Additional Context - closes #8081 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This commit is contained in:
Livio Spring
GitHub
parent
65f787cc02
commit
fb8cd18f93
@ -23,5 +23,5 @@ func (mig *User11AddLowerFieldsToVerifiedEmail) Execute(ctx context.Context, _ e
|
||||
}
|
||||
|
||||
func (mig *User11AddLowerFieldsToVerifiedEmail) String() string {
|
||||
return "25_user12_add_lower_fields_to_verified_email"
|
||||
return "25_user13_add_lower_fields_to_verified_email"
|
||||
}
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
ALTER TABLE IF EXISTS projections.users12_notifications ADD COLUMN IF NOT EXISTS verified_email_lower TEXT GENERATED ALWAYS AS (lower(verified_email)) STORED;
|
||||
CREATE INDEX IF NOT EXISTS users12_notifications_email_search ON projections.users12_notifications (instance_id, verified_email_lower);
|
||||
ALTER TABLE IF EXISTS projections.users13_notifications ADD COLUMN IF NOT EXISTS verified_email_lower TEXT GENERATED ALWAYS AS (lower(verified_email)) STORED;
|
||||
CREATE INDEX IF NOT EXISTS users13_notifications_email_search ON projections.users13_notifications (instance_id, verified_email_lower);
|
||||
|
||||
@ -188,6 +188,7 @@ export function mapRequestValues(map: Partial<Map>, req: Req): Req {
|
||||
|
||||
const r17 = new PasswordChangeScreenText();
|
||||
r17.setDescription(map.passwordChangeText?.description ?? '');
|
||||
r17.setExpiredDescription(map.passwordChangeText?.expiredDescription ?? '');
|
||||
r17.setNextButtonText(map.passwordChangeText?.nextButtonText ?? '');
|
||||
r17.setTitle(map.passwordChangeText?.title ?? '');
|
||||
r17.setNewPasswordLabel(map.passwordChangeText?.newPasswordLabel ?? '');
|
||||
|
||||
@ -0,0 +1,20 @@
|
||||
import { NgModule } from '@angular/core';
|
||||
import { RouterModule, Routes } from '@angular/router';
|
||||
|
||||
import { PasswordAgePolicyComponent } from './password-age-policy.component';
|
||||
|
||||
const routes: Routes = [
|
||||
{
|
||||
path: '',
|
||||
component: PasswordAgePolicyComponent,
|
||||
data: {
|
||||
animation: 'DetailPage',
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
@NgModule({
|
||||
imports: [RouterModule.forChild(routes)],
|
||||
exports: [RouterModule],
|
||||
})
|
||||
export class PasswordAgePolicyRoutingModule {}
|
||||
@ -0,0 +1,50 @@
|
||||
<h2>{{ 'POLICY.PWD_AGE.TITLE' | translate }}</h2>
|
||||
<p class="cnsl-secondary-text">{{ 'POLICY.PWD_AGE.DESCRIPTION' | translate }}</p>
|
||||
|
||||
<div *ngIf="loading" class="spinner-wr">
|
||||
<mat-spinner diameter="30" color="primary"></mat-spinner>
|
||||
</div>
|
||||
|
||||
<ng-template cnslHasRole [hasRole]="['policy.delete']">
|
||||
<button
|
||||
*ngIf="serviceType === PolicyComponentServiceType.MGMT && !isDefault"
|
||||
matTooltip="{{ 'POLICY.RESET' | translate }}"
|
||||
color="warn"
|
||||
(click)="resetPolicy()"
|
||||
mat-stroked-button
|
||||
>
|
||||
{{ 'POLICY.RESET' | translate }}
|
||||
</button>
|
||||
</ng-template>
|
||||
|
||||
<form class="lifetime-form" (ngSubmit)="savePolicy()" [formGroup]="passwordAgeForm" autocomplete="off">
|
||||
<cnsl-card *ngIf="passwordAgeData">
|
||||
<div class="age-content">
|
||||
<div class="row">
|
||||
<cnsl-form-field class="pwd-age-form-field" required="true">
|
||||
<cnsl-label>{{ 'POLICY.DATA.MAXAGEDAYS' | translate }}</cnsl-label>
|
||||
<input cnslInput type="number" name="maxAgeDays" formControlName="maxAgeDays" />
|
||||
</cnsl-form-field>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<cnsl-form-field class="pwd-age-form-field" required="true">
|
||||
<cnsl-label>{{ 'POLICY.DATA.EXPIREWARNDAYS' | translate }}</cnsl-label>
|
||||
<input cnslInput type="number" name="expireWarnDays" formControlName="expireWarnDays" />
|
||||
</cnsl-form-field>
|
||||
</div>
|
||||
</div>
|
||||
</cnsl-card>
|
||||
</form>
|
||||
|
||||
<div class="btn-container">
|
||||
<button
|
||||
(click)="savePolicy()"
|
||||
[disabled]="(['policy.write'] | hasRole | async) === false"
|
||||
color="primary"
|
||||
type="submit"
|
||||
mat-raised-button
|
||||
>
|
||||
{{ 'ACTIONS.SAVE' | translate }}
|
||||
</button>
|
||||
</div>
|
||||
@ -0,0 +1,37 @@
|
||||
.default {
|
||||
display: block;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
.policy-applied-to {
|
||||
margin: -1rem 0 0 0;
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
.age-content {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
width: 100%;
|
||||
|
||||
.row {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
padding: 0.3rem 0;
|
||||
|
||||
.pwd-age-form-field {
|
||||
width: 100%;
|
||||
max-width: 300px;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
.btn-container {
|
||||
display: flex;
|
||||
justify-content: flex-start;
|
||||
width: 100%;
|
||||
|
||||
button {
|
||||
display: block;
|
||||
margin-right: 1rem;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,24 @@
|
||||
import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
|
||||
|
||||
import { PasswordAgePolicyComponent } from './password-age-policy.component';
|
||||
|
||||
describe('PasswordLockoutPolicyComponent', () => {
|
||||
let component: PasswordAgePolicyComponent;
|
||||
let fixture: ComponentFixture<PasswordAgePolicyComponent>;
|
||||
|
||||
beforeEach(waitForAsync(() => {
|
||||
TestBed.configureTestingModule({
|
||||
declarations: [PasswordAgePolicyComponent],
|
||||
}).compileComponents();
|
||||
}));
|
||||
|
||||
beforeEach(() => {
|
||||
fixture = TestBed.createComponent(PasswordAgePolicyComponent);
|
||||
component = fixture.componentInstance;
|
||||
fixture.detectChanges();
|
||||
});
|
||||
|
||||
it('should create', () => {
|
||||
expect(component).toBeTruthy();
|
||||
});
|
||||
});
|
||||
@ -0,0 +1,178 @@
|
||||
import { Component, Injector, Input, OnInit, Type } from '@angular/core';
|
||||
import { AbstractControl, UntypedFormBuilder, UntypedFormControl, UntypedFormGroup } from '@angular/forms';
|
||||
import { MatDialog } from '@angular/material/dialog';
|
||||
import { GetPasswordAgePolicyResponse as AdminGetPasswordAgePolicyResponse } from 'src/app/proto/generated/zitadel/admin_pb';
|
||||
import { GetPasswordAgePolicyResponse as MgmtGetPasswordAgePolicyResponse } from 'src/app/proto/generated/zitadel/management_pb';
|
||||
import { PasswordAgePolicy } from 'src/app/proto/generated/zitadel/policy_pb';
|
||||
import { AdminService } from 'src/app/services/admin.service';
|
||||
import { ManagementService } from 'src/app/services/mgmt.service';
|
||||
import { ToastService } from 'src/app/services/toast.service';
|
||||
|
||||
import { InfoSectionType } from '../../info-section/info-section.component';
|
||||
import { WarnDialogComponent } from '../../warn-dialog/warn-dialog.component';
|
||||
import { PolicyComponentServiceType } from '../policy-component-types.enum';
|
||||
import { requiredValidator } from '../../form-field/validators/validators';
|
||||
import { Observable } from 'rxjs';
|
||||
import { GrpcAuthService } from '../../../services/grpc-auth.service';
|
||||
import { take } from 'rxjs/operators';
|
||||
|
||||
@Component({
|
||||
selector: 'cnsl-password-age-policy',
|
||||
templateUrl: './password-age-policy.component.html',
|
||||
styleUrls: ['./password-age-policy.component.scss'],
|
||||
})
|
||||
export class PasswordAgePolicyComponent implements OnInit {
|
||||
@Input() public service!: ManagementService | AdminService;
|
||||
@Input() public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT;
|
||||
|
||||
public passwordAgeForm!: UntypedFormGroup;
|
||||
public passwordAgeData?: PasswordAgePolicy.AsObject;
|
||||
public PolicyComponentServiceType: any = PolicyComponentServiceType;
|
||||
public InfoSectionType: any = InfoSectionType;
|
||||
public loading: boolean = false;
|
||||
|
||||
public canWrite$: Observable<boolean> = this.authService.isAllowed([
|
||||
this.serviceType === PolicyComponentServiceType.ADMIN
|
||||
? 'iam.policy.write'
|
||||
: this.serviceType === PolicyComponentServiceType.MGMT
|
||||
? 'policy.write'
|
||||
: '',
|
||||
]);
|
||||
|
||||
constructor(
|
||||
private authService: GrpcAuthService,
|
||||
private toast: ToastService,
|
||||
private injector: Injector,
|
||||
private dialog: MatDialog,
|
||||
private fb: UntypedFormBuilder,
|
||||
) {
|
||||
this.passwordAgeForm = this.fb.group({
|
||||
maxAgeDays: ['', []],
|
||||
expireWarnDays: ['', []],
|
||||
});
|
||||
|
||||
this.canWrite$.pipe(take(1)).subscribe((canWrite) => {
|
||||
if (canWrite) {
|
||||
this.passwordAgeForm.enable();
|
||||
} else {
|
||||
this.passwordAgeForm.disable();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public ngOnInit(): void {
|
||||
switch (this.serviceType) {
|
||||
case PolicyComponentServiceType.MGMT:
|
||||
this.service = this.injector.get(ManagementService as Type<ManagementService>);
|
||||
break;
|
||||
case PolicyComponentServiceType.ADMIN:
|
||||
this.service = this.injector.get(AdminService as Type<AdminService>);
|
||||
break;
|
||||
}
|
||||
this.fetchData();
|
||||
}
|
||||
|
||||
private fetchData(): void {
|
||||
this.loading = true;
|
||||
|
||||
this.getData().then((resp) => {
|
||||
if (resp.policy) {
|
||||
this.passwordAgeData = resp.policy;
|
||||
this.passwordAgeForm.patchValue(this.passwordAgeData);
|
||||
this.loading = false;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private getData(): Promise<AdminGetPasswordAgePolicyResponse.AsObject | MgmtGetPasswordAgePolicyResponse.AsObject> {
|
||||
switch (this.serviceType) {
|
||||
case PolicyComponentServiceType.MGMT:
|
||||
return (this.service as ManagementService).getPasswordAgePolicy();
|
||||
case PolicyComponentServiceType.ADMIN:
|
||||
return (this.service as AdminService).getPasswordAgePolicy();
|
||||
}
|
||||
}
|
||||
|
||||
public resetPolicy(): void {
|
||||
if (this.service instanceof ManagementService) {
|
||||
const dialogRef = this.dialog.open(WarnDialogComponent, {
|
||||
data: {
|
||||
confirmKey: 'ACTIONS.RESET',
|
||||
cancelKey: 'ACTIONS.CANCEL',
|
||||
titleKey: 'SETTING.DIALOG.RESET.DEFAULTTITLE',
|
||||
descriptionKey: 'SETTING.DIALOG.RESET.DEFAULTDESCRIPTION',
|
||||
},
|
||||
width: '400px',
|
||||
});
|
||||
|
||||
dialogRef.afterClosed().subscribe((resp) => {
|
||||
if (resp) {
|
||||
(this.service as ManagementService)
|
||||
.resetPasswordAgePolicyToDefault()
|
||||
.then(() => {
|
||||
this.toast.showInfo('POLICY.TOAST.RESETSUCCESS', true);
|
||||
this.fetchData();
|
||||
})
|
||||
.catch((error) => {
|
||||
this.toast.showError(error);
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public savePolicy(): void {
|
||||
let promise: Promise<any>;
|
||||
if (this.passwordAgeData) {
|
||||
if (this.service instanceof AdminService) {
|
||||
promise = this.service
|
||||
.updatePasswordAgePolicy(this.maxAgeDays?.value ?? 0, this.expireWarnDays?.value ?? 0)
|
||||
.then(() => {
|
||||
this.toast.showInfo('POLICY.TOAST.SET', true);
|
||||
this.fetchData();
|
||||
})
|
||||
.catch((error) => {
|
||||
this.toast.showError(error);
|
||||
});
|
||||
} else {
|
||||
if ((this.passwordAgeData as PasswordAgePolicy.AsObject).isDefault) {
|
||||
promise = (this.service as ManagementService)
|
||||
.addCustomPasswordAgePolicy(this.maxAgeDays?.value ?? 0, this.expireWarnDays?.value ?? 0)
|
||||
.then(() => {
|
||||
this.toast.showInfo('POLICY.TOAST.SET', true);
|
||||
this.fetchData();
|
||||
})
|
||||
.catch((error) => {
|
||||
this.toast.showError(error);
|
||||
});
|
||||
} else {
|
||||
promise = (this.service as ManagementService)
|
||||
.updateCustomPasswordAgePolicy(this.maxAgeDays?.value ?? 0, this.expireWarnDays?.value ?? 0)
|
||||
.then(() => {
|
||||
this.toast.showInfo('POLICY.TOAST.SET', true);
|
||||
this.fetchData();
|
||||
})
|
||||
.catch((error) => {
|
||||
this.toast.showError(error);
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public get isDefault(): boolean {
|
||||
if (this.passwordAgeData && this.serviceType === PolicyComponentServiceType.MGMT) {
|
||||
return (this.passwordAgeData as PasswordAgePolicy.AsObject).isDefault;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public get maxAgeDays(): AbstractControl | null {
|
||||
return this.passwordAgeForm.get('maxAgeDays');
|
||||
}
|
||||
|
||||
public get expireWarnDays(): AbstractControl | null {
|
||||
return this.passwordAgeForm.get('expireWarnDays');
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,46 @@
|
||||
import { CommonModule } from '@angular/common';
|
||||
import { NgModule } from '@angular/core';
|
||||
import { FormsModule, ReactiveFormsModule } from '@angular/forms';
|
||||
import { MatButtonModule } from '@angular/material/button';
|
||||
import { MatDialogModule } from '@angular/material/dialog';
|
||||
import { MatIconModule } from '@angular/material/icon';
|
||||
import { MatSlideToggleModule } from '@angular/material/slide-toggle';
|
||||
import { MatTooltipModule } from '@angular/material/tooltip';
|
||||
import { TranslateModule } from '@ngx-translate/core';
|
||||
import { HasRoleModule } from 'src/app/directives/has-role/has-role.module';
|
||||
import { DetailLayoutModule } from 'src/app/modules/detail-layout/detail-layout.module';
|
||||
import { InputModule } from 'src/app/modules/input/input.module';
|
||||
import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.module';
|
||||
|
||||
import { CardModule } from '../../card/card.module';
|
||||
import { InfoSectionModule } from '../../info-section/info-section.module';
|
||||
import { WarnDialogModule } from '../../warn-dialog/warn-dialog.module';
|
||||
import { PasswordAgePolicyRoutingModule } from './password-age-policy-routing.module';
|
||||
import { PasswordAgePolicyComponent } from './password-age-policy.component';
|
||||
import { MatProgressSpinnerModule } from '@angular/material/progress-spinner';
|
||||
|
||||
@NgModule({
|
||||
declarations: [PasswordAgePolicyComponent],
|
||||
imports: [
|
||||
PasswordAgePolicyRoutingModule,
|
||||
CommonModule,
|
||||
FormsModule,
|
||||
InputModule,
|
||||
MatButtonModule,
|
||||
MatSlideToggleModule,
|
||||
HasRolePipeModule,
|
||||
MatDialogModule,
|
||||
WarnDialogModule,
|
||||
MatIconModule,
|
||||
HasRoleModule,
|
||||
MatTooltipModule,
|
||||
CardModule,
|
||||
TranslateModule,
|
||||
DetailLayoutModule,
|
||||
InfoSectionModule,
|
||||
ReactiveFormsModule,
|
||||
MatProgressSpinnerModule,
|
||||
],
|
||||
exports: [PasswordAgePolicyComponent],
|
||||
})
|
||||
export class PasswordAgePolicyModule {}
|
||||
@ -18,6 +18,9 @@
|
||||
<ng-container *ngIf="currentSetting === 'complexity'">
|
||||
<cnsl-password-complexity-policy [serviceType]="serviceType"></cnsl-password-complexity-policy>
|
||||
</ng-container>
|
||||
<ng-container *ngIf="currentSetting === 'age'">
|
||||
<cnsl-password-age-policy [serviceType]="serviceType"></cnsl-password-age-policy>
|
||||
</ng-container>
|
||||
<ng-container *ngIf="currentSetting === 'lockout'">
|
||||
<cnsl-password-lockout-policy [serviceType]="serviceType"></cnsl-password-lockout-policy>
|
||||
</ng-container>
|
||||
|
||||
@ -16,6 +16,7 @@ import { NotificationPolicyModule } from '../policies/notification-policy/notifi
|
||||
import { NotificationSMSProviderModule } from '../policies/notification-sms-provider/notification-sms-provider.module';
|
||||
import { OIDCConfigurationModule } from '../policies/oidc-configuration/oidc-configuration.module';
|
||||
import { PasswordComplexityPolicyModule } from '../policies/password-complexity-policy/password-complexity-policy.module';
|
||||
import { PasswordAgePolicyModule } from '../policies/password-age-policy/password-age-policy.module';
|
||||
import { PasswordLockoutPolicyModule } from '../policies/password-lockout-policy/password-lockout-policy.module';
|
||||
import { PrivacyPolicyModule } from '../policies/privacy-policy/privacy-policy.module';
|
||||
import { PrivateLabelingPolicyModule } from '../policies/private-labeling-policy/private-labeling-policy.module';
|
||||
@ -40,6 +41,7 @@ import OrgListModule from 'src/app/pages/org-list/org-list.module';
|
||||
LoginPolicyModule,
|
||||
CardModule,
|
||||
PasswordComplexityPolicyModule,
|
||||
PasswordAgePolicyModule,
|
||||
PasswordLockoutPolicyModule,
|
||||
PrivateLabelingPolicyModule,
|
||||
LanguageSettingsModule,
|
||||
|
||||
@ -117,6 +117,16 @@ export const LOCKOUT: SidenavSetting = {
|
||||
},
|
||||
};
|
||||
|
||||
export const AGE: SidenavSetting = {
|
||||
id: 'age',
|
||||
i18nKey: 'SETTINGS.LIST.AGE',
|
||||
groupI18nKey: 'SETTINGS.GROUPS.LOGIN',
|
||||
requiredRoles: {
|
||||
[PolicyComponentServiceType.MGMT]: ['policy.read'],
|
||||
[PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
|
||||
},
|
||||
};
|
||||
|
||||
export const COMPLEXITY: SidenavSetting = {
|
||||
id: 'complexity',
|
||||
i18nKey: 'SETTINGS.LIST.COMPLEXITY',
|
||||
|
||||
@ -18,6 +18,7 @@ import {
|
||||
LANGUAGES,
|
||||
IDP,
|
||||
LOCKOUT,
|
||||
AGE,
|
||||
LOGIN,
|
||||
LOGINTEXTS,
|
||||
MESSAGETEXTS,
|
||||
@ -64,6 +65,7 @@ export class InstanceComponent implements OnInit, OnDestroy {
|
||||
LOGIN,
|
||||
IDP,
|
||||
COMPLEXITY,
|
||||
AGE,
|
||||
LOCKOUT,
|
||||
|
||||
DOMAIN,
|
||||
|
||||
@ -7,6 +7,7 @@ import { Breadcrumb, BreadcrumbService, BreadcrumbType } from 'src/app/services/
|
||||
|
||||
import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
|
||||
import {
|
||||
AGE,
|
||||
BRANDING,
|
||||
COMPLEXITY,
|
||||
DOMAIN,
|
||||
@ -33,6 +34,7 @@ export class OrgSettingsComponent implements OnInit {
|
||||
LOGIN,
|
||||
IDP,
|
||||
COMPLEXITY,
|
||||
AGE,
|
||||
LOCKOUT,
|
||||
NOTIFICATIONS,
|
||||
VERIFIED_DOMAINS,
|
||||
|
||||
@ -1319,6 +1319,7 @@
|
||||
"LANGUAGES": "Езици",
|
||||
"LOGIN": "Поведение при влизане и сигурност",
|
||||
"LOCKOUT": "Блокиране",
|
||||
"AGE": "Изтичане на паролата",
|
||||
"COMPLEXITY": "Сложност на паролата",
|
||||
"NOTIFICATIONS": "Настройки за известията",
|
||||
"SMTP_PROVIDER": "SMTP доставчик",
|
||||
@ -1539,8 +1540,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Остаряване на паролата",
|
||||
"DESCRIPTION": "Можете да зададете политика за остаряването на паролите. "
|
||||
"TITLE": "Изтичане на паролата",
|
||||
"DESCRIPTION": "Можете да зададете политика за изтичане на паролите. Тази политика ще принуди потребителя да смени паролата при следващото влизане след изтичането. Няма автоматични предупреждения и известия."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Политика за блокиране",
|
||||
@ -1693,8 +1694,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "показва грешки при блокиране",
|
||||
"MAXPASSWORDATTEMPTS": "Максимален брой опити за парола",
|
||||
"MAXOTPATTEMPTS": "Максимален брой опити за OTP",
|
||||
"EXPIREWARNDAYS": "Предупреждение за изтичане след ден",
|
||||
"MAXAGEDAYS": "Максимална възраст в дни",
|
||||
"EXPIREWARNDAYS": "Предупреждение за изтичане след дни",
|
||||
"MAXAGEDAYS": "Максимална валидност в дни",
|
||||
"USERLOGINMUSTBEDOMAIN": "Добавяне на домейн на организация като суфикс към имената за вход",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Ако активирате тази настройка, всички имена за вход ще имат суфикс с домейна на организацията. ",
|
||||
"VALIDATEORGDOMAINS": "Верификация на домейна на организацията е необходима (DNS или HTTP предизвикателство)",
|
||||
|
||||
@ -1326,6 +1326,7 @@
|
||||
"LANGUAGES": "Jazyky",
|
||||
"LOGIN": "Chování při přihlášení a bezpečnost",
|
||||
"LOCKOUT": "Blokování",
|
||||
"AGE": "Expirace hesla",
|
||||
"COMPLEXITY": "Složitost hesla",
|
||||
"NOTIFICATIONS": "Oznámení",
|
||||
"SMTP_PROVIDER": "Poskytovatel SMTP",
|
||||
@ -1546,8 +1547,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Stáří hesla",
|
||||
"DESCRIPTION": "Můžete nastavit politiku pro stáří hesel. Tato politika vydá varování po uplynutí konkrétního času stáří."
|
||||
"TITLE": "Expirace hesla",
|
||||
"DESCRIPTION": "Můžete nastavit pravidlo pro vypršení platnosti hesel. Toto pravidlo donutí uživatele změnit heslo při dalším přihlášení po uplynutí platnosti. Neexistují žádná automatická varování a upozornění."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Politika uzamčení",
|
||||
@ -1700,8 +1701,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "zobrazit neúspěšné pokusy o uzamčení",
|
||||
"MAXPASSWORDATTEMPTS": "Maximální počet pokusů o heslo",
|
||||
"MAXOTPATTEMPTS": "Maximální počet pokusů o OTP",
|
||||
"EXPIREWARNDAYS": "Upozornění na expiraci po dni",
|
||||
"MAXAGEDAYS": "Maximální stáří v dnech",
|
||||
"EXPIREWARNDAYS": "Upozornění na uplynutí po dnech",
|
||||
"MAXAGEDAYS": "Maximální platnost v dnech",
|
||||
"USERLOGINMUSTBEDOMAIN": "Přidat doménu organizace jako příponu k přihlašovacím jménům",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Pokud povolíte toto nastavení, všechna přihlašovací jména budou doplněna o doménu organizace. Pokud je toto nastavení zakázáno, musíte zajistit, aby byla uživatelská jména jedinečná napříč všemi organizacemi.",
|
||||
"VALIDATEORGDOMAINS": "Požadováno ověření domény organizace (DNS nebo HTTP výzva)",
|
||||
|
||||
@ -1325,6 +1325,7 @@
|
||||
"LANGUAGES": "Sprachen",
|
||||
"LOGIN": "Loginverhalten und Sicherheit",
|
||||
"LOCKOUT": "Sperrmechanismen",
|
||||
"AGE": "Passwortgültigkeitsdauer",
|
||||
"COMPLEXITY": "Passwordkomplexität",
|
||||
"NOTIFICATIONS": "Benachrichtigungseinstellungen",
|
||||
"SMTP_PROVIDER": "SMTP-Anbieter",
|
||||
@ -1546,7 +1547,7 @@
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Gültigkeitsdauer für Passwörter",
|
||||
"DESCRIPTION": "Du kannst eine Richtlinie für die maximale Gültigkeitsdauer von Passwörtern festlegen. Diese Richtlinie löst eine Warnung nach Ablauf einer festgelegten Gültigkeitsdauer aus."
|
||||
"DESCRIPTION": "Du kannst eine Richtlinie für die maximale Gültigkeitsdauer von Passwörtern festlegen. Diese Richtlinie zwingt den Benutzer dazu, das Passwort bei der nächsten Anmeldung nach dem Ablauf zu ändern. Es gibt keine automatischen Warnungen und Benachrichtigungen."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Passwortsperre",
|
||||
|
||||
@ -1326,6 +1326,7 @@
|
||||
"LANGUAGES": "Languages",
|
||||
"LOGIN": "Login Behavior and Security",
|
||||
"LOCKOUT": "Lockout",
|
||||
"AGE": "Password expiry",
|
||||
"COMPLEXITY": "Password complexity",
|
||||
"NOTIFICATIONS": "Notifications",
|
||||
"SMTP_PROVIDER": "SMTP Provider",
|
||||
@ -1546,8 +1547,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Password Aging",
|
||||
"DESCRIPTION": "You can set a policy for the aging of passwords. This policy emits a warning after the specific aging time has elapsed."
|
||||
"TITLE": "Password Expiry",
|
||||
"DESCRIPTION": "You can set a policy for the expiry of passwords. This policy will force the user to change the password on the next login after the expiration. There are no automatic warnings and notifications."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Lockout Policy",
|
||||
@ -1700,8 +1701,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "show lockout failures",
|
||||
"MAXPASSWORDATTEMPTS": "Password maximum attempts",
|
||||
"MAXOTPATTEMPTS": "OTP maximum attempts",
|
||||
"EXPIREWARNDAYS": "Expiration Warning after day",
|
||||
"MAXAGEDAYS": "Max Age in days",
|
||||
"EXPIREWARNDAYS": "Expiration Warning after days",
|
||||
"MAXAGEDAYS": "Maximum validity in days",
|
||||
"USERLOGINMUSTBEDOMAIN": "Add organization domain as suffix to loginnames",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "If you enable this setting, all loginnames will be suffixed with the organization domain. If this settings is disabled, you have to ensure that usernames are unique over all organizations.",
|
||||
"VALIDATEORGDOMAINS": "Organization domain verification required (DNS or HTTP challenge)",
|
||||
|
||||
@ -1327,6 +1327,7 @@
|
||||
"LANGUAGES": "Idiomas",
|
||||
"LOGIN": "Comportamiento del inicio de sesión y de la seguridad",
|
||||
"LOCKOUT": "Bloqueo",
|
||||
"AGE": "Caducidad de la contraseña",
|
||||
"COMPLEXITY": "Complejidad de contraseña",
|
||||
"NOTIFICATIONS": "Ajustes de notificación",
|
||||
"SMTP_PROVIDER": "Proveedor SMTP",
|
||||
@ -1547,8 +1548,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Antigüedad de la contraseña",
|
||||
"DESCRIPTION": "Puedes establecer una política para la antigüedad de las contraseñas. Esta política emite un aviso después de que la antigüedad máxima se haya superado."
|
||||
"TITLE": "Caducidad de la contraseña",
|
||||
"DESCRIPTION": "Puedes establecer una política para la caducidad de las contraseñas. Esta política obligará al usuario a cambiar la contraseña en el próximo inicio de sesión después de la caducidad. No hay avisos ni notificaciones automáticos."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Política de bloqueo",
|
||||
@ -1701,8 +1702,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "mostrar fallos de bloqueo",
|
||||
"MAXPASSWORDATTEMPTS": "Intentos máximos de contraseña",
|
||||
"MAXOTPATTEMPTS": "Intentos máximos de OTP",
|
||||
"EXPIREWARNDAYS": "Aviso de expiración después de estos días: ",
|
||||
"MAXAGEDAYS": "Antigüedad máxima en días",
|
||||
"EXPIREWARNDAYS": "Aviso de caducidad después de días",
|
||||
"MAXAGEDAYS": "Validez máxima en días",
|
||||
"USERLOGINMUSTBEDOMAIN": "Añadir el dominio de la organización como sufijo de los nombres de inicio de sesión",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Si activas esta opción, todos los nombres de inicio de sesión tendrán como sufijo el dominio de esta organización. Si esta opción está desactivada, tendrás que asegurarte de que los nombres de usuario son únicos para todas las organizaciones.",
|
||||
"VALIDATEORGDOMAINS": "Verificación de dominio de la organización requerida (desafío DNS o HTTP)",
|
||||
|
||||
@ -1325,6 +1325,7 @@
|
||||
"LANGUAGES": "Langues",
|
||||
"LOGIN": "Comportement de connexion et sécurité",
|
||||
"LOCKOUT": "Verrouillage",
|
||||
"AGE": "Expiration du mot de passe",
|
||||
"COMPLEXITY": "Complexité du mot de passe",
|
||||
"NOTIFICATIONS": "Paramètres de notification",
|
||||
"SMTP_PROVIDER": "Fournisseur SMTP",
|
||||
@ -1545,8 +1546,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Vieillissement des mots de passe",
|
||||
"DESCRIPTION": "Vous pouvez définir une politique pour le vieillissement des mots de passe. Cette politique émet un avertissement après que le temps de vieillissement spécifique se soit écoulé."
|
||||
"TITLE": "Expiration du mot de passe",
|
||||
"DESCRIPTION": "Vous pouvez définir une politique d'expiration des mots de passe. Cette politique obligera l'utilisateur à changer son mot de passe lors de la prochaine connexion après l'expiration. Il n'y a pas d'avertissements ni de notifications automatiques."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Politique de verrouillage",
|
||||
@ -1699,8 +1700,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "montrer les échecs de verrouillage",
|
||||
"MAXPASSWORDATTEMPTS": "Tentatives maximales du mot de passe",
|
||||
"MAXOTPATTEMPTS": "Tentatives maximales de l'OTP",
|
||||
"EXPIREWARNDAYS": "Avertissement d'expiration après le jour",
|
||||
"MAXAGEDAYS": "Âge maximum en jours",
|
||||
"EXPIREWARNDAYS": "Avertissement d'expiration après jours",
|
||||
"MAXAGEDAYS": "Validité maximale en jours",
|
||||
"USERLOGINMUSTBEDOMAIN": "Le nom de connexion de l'utilisateur doit contenir le nom de domaine de l'organisation",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Si vous activez ce paramètre, tous les noms de connexion seront suffixés avec le domaine de l'organisation. Si ce paramètre est désactivé, vous devez vous assurer que les noms d'utilisateur sont uniques pour toutes les organisations.",
|
||||
"VALIDATEORGDOMAINS": "Vérification du domaine de l'organisation requise (challenge DNS ou HTTP)",
|
||||
|
||||
@ -1325,6 +1325,7 @@
|
||||
"LANGUAGES": "Lingue",
|
||||
"LOGIN": "Comportamento login e sicurezza",
|
||||
"LOCKOUT": "Meccanismi di bloccaggio",
|
||||
"AGE": "Scadenza password",
|
||||
"COMPLEXITY": "Complessità della password",
|
||||
"NOTIFICATIONS": "Impostazioni di notifica",
|
||||
"SMTP_PROVIDER": "Fornitore SMTP",
|
||||
@ -1545,8 +1546,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Impostazioni di validità della password",
|
||||
"DESCRIPTION": "È possibile impostare una impostazone per la validità delle password. Questa emette un avviso dopo che il tempo di invecchiamento specifico è trascorso."
|
||||
"TITLE": "Scadenza password",
|
||||
"DESCRIPTION": "Puoi impostare una policy per la scadenza delle password. Questa policy obbligherà l'utente a cambiare la password al prossimo accesso dopo la scadenza. Non ci sono avvisi e notifiche automatiche."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Impostazioni di blocco",
|
||||
@ -1699,8 +1700,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "mostra i fallimenti del blocco",
|
||||
"MAXPASSWORDATTEMPTS": "Massimo numero di tentativi di password",
|
||||
"MAXOTPATTEMPTS": "Massimo numero di tentativi di OTP",
|
||||
"EXPIREWARNDAYS": "Avviso scadenza dopo il giorno",
|
||||
"MAXAGEDAYS": "Lunghezza massima in giorni",
|
||||
"EXPIREWARNDAYS": "Avviso di scadenza dopo giorni",
|
||||
"MAXAGEDAYS": "Validità massima in giorni",
|
||||
"USERLOGINMUSTBEDOMAIN": "Nome utente deve contenere il dominio dell' organizzazione",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se abiliti questa impostazione, a tutti i nomi di accesso verrà aggiunto il suffisso del dominio dell'organizzazione. Se questa impostazione è disabilitata, devi assicurarti che i nomi utente siano univoci per tutte le organizzazioni.",
|
||||
"VALIDATEORGDOMAINS": "Verifica del dominio dell'organizzazione richiesta (challenge DNS o HTTP)",
|
||||
|
||||
@ -1326,6 +1326,7 @@
|
||||
"LANGUAGES": "一般設定",
|
||||
"LOGIN": "ログイン動作とセキュリティ",
|
||||
"LOCKOUT": "ロックアウト",
|
||||
"AGE": "パスワードの有効期限",
|
||||
"COMPLEXITY": "パスワードの複雑さ",
|
||||
"NOTIFICATIONS": "通知設定",
|
||||
"SMTP_PROVIDER": "SMTPプロバイダー",
|
||||
@ -1542,8 +1543,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "パスワードエージング",
|
||||
"DESCRIPTION": "パスワードエージングに関するポリシーを設定できます。このポリシーは、特定のエージング時間が経過した後に警告を発します。"
|
||||
"TITLE": "パスワードの有効期限",
|
||||
"DESCRIPTION": "パスワードの有効期限ポリシーを設定できます。 このポリシーにより、有効期限が切れた後にユーザーは次回のログイン時にパスワードを変更することを求められます。 自動的な警告や通知はない。"
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "ロックアウトポリシー",
|
||||
@ -1696,8 +1697,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "ロックアウトの失敗を表示する",
|
||||
"MAXPASSWORDATTEMPTS": "パスワードの最大試行",
|
||||
"MAXOTPATTEMPTS": "最大OTP試行回数",
|
||||
"EXPIREWARNDAYS": "有効期限の翌日以降の警告",
|
||||
"MAXAGEDAYS": "最大有効期限",
|
||||
"EXPIREWARNDAYS": "数日後に有効期限が切れます",
|
||||
"MAXAGEDAYS": "最大有効期限 (日数)",
|
||||
"USERLOGINMUSTBEDOMAIN": "ログイン名の接尾辞として組織ドメインを追加する",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "この設定を有効にすると、すべてのログイン名が組織ドメインで接尾辞が付けられます。この設定が無効になっている場合、ユーザー名がすべての組織で一意であることを確認する必要があります。",
|
||||
"VALIDATEORGDOMAINS": "組織のドメイン検証が必要です (DNSまたはHTTPチャレンジ)",
|
||||
|
||||
@ -1327,6 +1327,7 @@
|
||||
"LANGUAGES": "Општо",
|
||||
"LOGIN": "Правила и безбедност при најава",
|
||||
"LOCKOUT": "Забрана на пристап",
|
||||
"AGE": "Истекување на лозинката",
|
||||
"COMPLEXITY": "Сложеност на лозинката",
|
||||
"NOTIFICATIONS": "Подесувања за известувања",
|
||||
"SMTP_PROVIDER": "SMTP провајдер",
|
||||
@ -1547,8 +1548,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Важност на лозинка",
|
||||
"DESCRIPTION": "Можете да поставите политика за истекување на лозинките. Оваа политика издава предупредување откако ќе помени одреденото време на истекување."
|
||||
"TITLE": "Истекување на лозинката",
|
||||
"DESCRIPTION": "Можете да поставите политика за истекување на лозинките. Оваа политика ќе го принуди корисникот да ја смени лозинката при следлогото влегување по истекувањето. Нема автоматски предупредувања и известувања."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Политика за забрана на пристап",
|
||||
@ -1701,8 +1702,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "прикажи неуспешни заклучувања",
|
||||
"MAXPASSWORDATTEMPTS": "Максимален број на обиди за лозинка",
|
||||
"MAXOTPATTEMPTS": "Максимални обиди за OTP",
|
||||
"EXPIREWARNDAYS": "Предупредување за истекување по ден",
|
||||
"MAXAGEDAYS": "Максимална возраст во денови",
|
||||
"EXPIREWARNDAYS": "Предупредување за истекување по денови",
|
||||
"MAXAGEDAYS": "Максимална валидност во денови",
|
||||
"USERLOGINMUSTBEDOMAIN": "Додади организациски домен како суфикс на корисничките имиња",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Ако го овозможите ова подесување, сите кориснички имиња ќе имаат суфикс на организацискиот домен. Доколку ова подесување е оневозможено, морате да се осигурате дека корисничките имиња се уникатни низ сите организации.",
|
||||
"VALIDATEORGDOMAINS": "Потврда на доменот на организацијата е неопходна (DNS или HTTP предизвик)",
|
||||
|
||||
@ -1326,6 +1326,7 @@
|
||||
"LANGUAGES": "Talen",
|
||||
"LOGIN": "Login Gedrag en Beveiliging",
|
||||
"LOCKOUT": "Lockout",
|
||||
"AGE": "Wachtwoord verloopt",
|
||||
"COMPLEXITY": "Wachtwoord complexiteit",
|
||||
"NOTIFICATIONS": "Notificaties",
|
||||
"SMTP_PROVIDER": "SMTP Provider",
|
||||
@ -1546,8 +1547,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Wachtwoord Veroudering",
|
||||
"DESCRIPTION": "U kunt een beleid instellen voor de veroudering van wachtwoorden. Dit beleid geeft een waarschuwing nadat de specifieke verouderingstijd is verstreken."
|
||||
"TITLE": "Wachtwoord verloopt",
|
||||
"DESCRIPTION": "U kunt een beleid instellen voor het verlopen van wachtwoorden. Dit beleid dwingt de gebruiker om het wachtwoord te wijzigen bij de volgende aanmelding na het verlopen. Er zijn geen automatische waarschuwingen en meldingen."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Lockout Beleid",
|
||||
@ -1700,8 +1701,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "toon lockout mislukkingen",
|
||||
"MAXPASSWORDATTEMPTS": "Maximum pogingen voor wachtwoord",
|
||||
"MAXOTPATTEMPTS": "Maximale OTP-pogingen",
|
||||
"EXPIREWARNDAYS": "Vervaldatum Waarschuwing na dag",
|
||||
"MAXAGEDAYS": "Maximale Leeftijd in dagen",
|
||||
"EXPIREWARNDAYS": "Waarschuwing voor verlopen na dagen",
|
||||
"MAXAGEDAYS": "Maximale geldigheid in dagen",
|
||||
"USERLOGINMUSTBEDOMAIN": "Voeg organisatie domein toe als achtervoegsel aan inlognamen",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Als u deze instelling inschakelt, worden alle inlognamen voorzien van een achtervoegsel met het domein van de organisatie. Als deze instelling is uitgeschakeld, moet u ervoor zorgen dat gebruikersnamen uniek zijn over alle organisaties.",
|
||||
"VALIDATEORGDOMAINS": "Verificatie van organisatiedomeinen vereist (DNS of HTTP-uitdaging)",
|
||||
|
||||
@ -1325,6 +1325,7 @@
|
||||
"LANGUAGES": "Języki",
|
||||
"LOGIN": "Zachowanie logowania i bezpieczeństwo",
|
||||
"LOCKOUT": "Blokada",
|
||||
"AGE": "Wygaśnięcie hasła",
|
||||
"COMPLEXITY": "Złożoność hasła",
|
||||
"NOTIFICATIONS": "Ustawienia powiadomień",
|
||||
"SMTP_PROVIDER": "Dostawca SMTP",
|
||||
@ -1545,8 +1546,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Starzenie się hasła",
|
||||
"DESCRIPTION": "Możesz ustawić politykę dotyczącą starzenia się haseł. Ta polityka emituje ostrzeżenie po upływie określonego czasu starzenia."
|
||||
"TITLE": "Wygaśnięcie hasła",
|
||||
"DESCRIPTION": "Możesz ustawić zasady wygasania haseł. Ta zasada zmusi użytkownika do zmiany hasła przy następnym logowaniu po jego wygaśnięciu. Nie ma automatycznych ostrzeżeń i powiadomień."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Polityka blokowania",
|
||||
@ -1699,8 +1700,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "pokaż blokady nieudanych prób",
|
||||
"MAXPASSWORDATTEMPTS": "Maksymalna liczba prób wprowadzenia hasła",
|
||||
"MAXOTPATTEMPTS": "Maksymalna liczba prób OTP",
|
||||
"EXPIREWARNDAYS": "Ostrzeżenie o wygaśnięciu po dniu",
|
||||
"MAXAGEDAYS": "Maksymalny wiek w dniach",
|
||||
"EXPIREWARNDAYS": "Ostrzeżenie o wygaśnięciu po dniach",
|
||||
"MAXAGEDAYS": "Maksymalna ważność w dniach",
|
||||
"USERLOGINMUSTBEDOMAIN": "Dodaj domenę organizacji jako przyrostek do nazw logowania",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Jeśli włączysz to ustawienie, wszystkie nazwy logowania będą miały przyrostek z domeną organizacji. Jeśli to ustawienie jest wyłączone, musisz zapewnić unikalność nazw użytkowników we wszystkich organizacjach.",
|
||||
"VALIDATEORGDOMAINS": "Weryfikacja domeny organizacji jest wymagana (wyzwanie DNS lub HTTP)",
|
||||
|
||||
@ -1327,6 +1327,7 @@
|
||||
"LANGUAGES": "Idiomas",
|
||||
"LOGIN": "Comportamento de Login e Segurança",
|
||||
"LOCKOUT": "Bloqueio",
|
||||
"AGE": "Expiração da senha",
|
||||
"COMPLEXITY": "Complexidade de Senha",
|
||||
"NOTIFICATIONS": "Configurações de Notificação",
|
||||
"SMTP_PROVIDER": "Provedor SMTP",
|
||||
@ -1547,8 +1548,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Envelhecimento de senha",
|
||||
"DESCRIPTION": "Você pode definir uma política para o envelhecimento de senhas. Essa política emite um aviso após o tempo de envelhecimento específico ter passado."
|
||||
"TITLE": "Expiração da senha",
|
||||
"DESCRIPTION": "Você pode definir uma política para a expiração de senhas. Esta política forçará o usuário a alterar a senha no próximo login após a expiração. Não existem avisos e notificações automáticas."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Política de bloqueio",
|
||||
@ -1702,7 +1703,7 @@
|
||||
"MAXPASSWORDATTEMPTS": "Máximo de tentativas de senha",
|
||||
"MAXOTPATTEMPTS": "Máximo de tentativas de OTP",
|
||||
"EXPIREWARNDAYS": "Aviso de expiração após dias",
|
||||
"MAXAGEDAYS": "Idade máxima em dias",
|
||||
"MAXAGEDAYS": "Validade máxima em dias",
|
||||
"USERLOGINMUSTBEDOMAIN": "Adicionar domínio da organização como sufixo aos nomes de login",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se você habilitar essa configuração, todos os nomes de login serão sufixados com o domínio da organização. Se essa configuração estiver desabilitada, você deve garantir que os nomes de usuário sejam exclusivos em todas as organizações.",
|
||||
"VALIDATEORGDOMAINS": "Verificação de domínio da organização necessária (desafio DNS ou HTTP)",
|
||||
|
||||
@ -1373,6 +1373,7 @@
|
||||
"LANGUAGES": "Языки",
|
||||
"LOGIN": "Действия при входе и безопасность",
|
||||
"LOCKOUT": "Блокировка",
|
||||
"AGE": "Срок действия пароля",
|
||||
"COMPLEXITY": "Сложность пароля",
|
||||
"NOTIFICATIONS": "Настройки уведомлений",
|
||||
"NOTIFICATIONS_DESC": "Настройки SMTP и SMS",
|
||||
@ -1596,7 +1597,7 @@
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Срок действия пароля",
|
||||
"DESCRIPTION": "Вы можете установить политику срока действия паролей. Данная политика предупреждает об истечении определённого времени срока действия."
|
||||
"DESCRIPTION": "Вы можете установить политику истечения срока действия паролей. Эта политика вынудит пользователя изменить пароль при следующем входе в систему после истечения срока его действия. Нет никаких автоматических предупреждений и уведомлений."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Политика блокировки",
|
||||
@ -1767,8 +1768,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "Показать ошибки блокировки",
|
||||
"MAXPASSWORDATTEMPTS": "Максимальное количество попыток пароля",
|
||||
"MAXOTPATTEMPTS": "Максимальное количество попыток OTP",
|
||||
"EXPIREWARNDAYS": "Предупреждение об истечении срока действия после дня",
|
||||
"MAXAGEDAYS": "Максимальный возраст в днях",
|
||||
"EXPIREWARNDAYS": "Предупреждение об истечении срока действия через несколько дней",
|
||||
"MAXAGEDAYS": "Максимальная продолжительность действия (дни)",
|
||||
"USERLOGINMUSTBEDOMAIN": "Добавить домен организации в качестве суффикса к именам логина",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Если вы включите данный параметр, все имена входа будут иметь суффикс домена организации. Если данный параметр отключен, вы должны убедиться, что имена пользователей уникальны для всех организаций.",
|
||||
"VALIDATEORGDOMAINS": "Проверка доменов организации",
|
||||
|
||||
@ -1326,6 +1326,7 @@
|
||||
"LANGUAGES": "Språk",
|
||||
"LOGIN": "Inloggningsbeteende och säkerhet",
|
||||
"LOCKOUT": "Låsning",
|
||||
"AGE": "Lösenordets utgång",
|
||||
"COMPLEXITY": "Lösenordskomplexitet",
|
||||
"NOTIFICATIONS": "Meddelanden",
|
||||
"SMTP_PROVIDER": "SMTP-leverantör",
|
||||
@ -1546,8 +1547,8 @@
|
||||
}
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "Lösenordsåldrande",
|
||||
"DESCRIPTION": "Du kan ställa in en policy för lösenordsåldrande. Denna policy avger en varning efter den specifika åldringstiden har passerat."
|
||||
"TITLE": "Lösenordets utgång",
|
||||
"DESCRIPTION": "Du kan ställa in en policy för utgångsdatum för lösenord. Den här policyn tvingar användaren att byta lösenord vid nästa inloggning efter att lösenordet har löpt ut. Det finns inga automatiska varningar eller meddelanden."
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "Låsning av lösenordspolicy",
|
||||
@ -1700,8 +1701,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "visa låsning misslyckanden",
|
||||
"MAXPASSWORDATTEMPTS": "Maximalt antal lösenordsförsök",
|
||||
"MAXOTPATTEMPTS": "Maximalt antal OTP-försök",
|
||||
"EXPIREWARNDAYS": "Utgångsvarning efter dag",
|
||||
"MAXAGEDAYS": "Max ålder i dagar",
|
||||
"EXPIREWARNDAYS": "Utgångsvarning efter dagar",
|
||||
"MAXAGEDAYS": "Maximal giltighetstid i dagar",
|
||||
"USERLOGINMUSTBEDOMAIN": "Lägg till organisationsdomän som suffix till inloggningsnamn",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Om du aktiverar denna inställning kommer alla inloggningsnamn att ha organisationsdomänen som suffix. Om denna inställning är inaktiverad måste du säkerställa att användarnamn är unika över alla organisationer.",
|
||||
"VALIDATEORGDOMAINS": "Organisationsdomänverifiering krävs (DNS eller HTTP-utmaning)",
|
||||
|
||||
@ -1325,6 +1325,7 @@
|
||||
"LANGUAGES": "语言",
|
||||
"LOGIN": "登录行为和安全",
|
||||
"LOCKOUT": "安全锁策略",
|
||||
"AGE": "密码过期",
|
||||
"COMPLEXITY": "密码复杂性",
|
||||
"NOTIFICATIONS": "通知设置",
|
||||
"SMTP_PROVIDER": "SMTP 提供商",
|
||||
@ -1545,7 +1546,7 @@
|
||||
},
|
||||
"PWD_AGE": {
|
||||
"TITLE": "密码过期",
|
||||
"DESCRIPTION": "您可以设置密码过期策略。此策略会在特定过期时间过后发出警告。"
|
||||
"DESCRIPTION": "您可以设置密码过期策略。此策略将强制用户在密码过期后下次登录时更改密码。没有自动警告和通知。"
|
||||
},
|
||||
"PWD_LOCKOUT": {
|
||||
"TITLE": "锁定策略",
|
||||
@ -1698,8 +1699,8 @@
|
||||
"SHOWLOCKOUTFAILURES": "显示锁定失败",
|
||||
"MAXPASSWORDATTEMPTS": "密码最大尝试次数",
|
||||
"MAXOTPATTEMPTS": "最多尝试 OTP 次数",
|
||||
"EXPIREWARNDAYS": "密码过期警告",
|
||||
"MAXAGEDAYS": "Max Age in days",
|
||||
"EXPIREWARNDAYS": "密码将在几天后过期",
|
||||
"MAXAGEDAYS": "最大有效期 (天)",
|
||||
"USERLOGINMUSTBEDOMAIN": "用户名必须包含组织域名",
|
||||
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "如果启用此设置,所有登录名都将以组织域为后缀。如果禁用此设置,您必须确保用户名在所有组织中都是唯一的。",
|
||||
"VALIDATEORGDOMAINS": "组织域名验证需要 (DNS 或 HTTP 挑战)",
|
||||
|
||||
@ -35,7 +35,22 @@ func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *setting
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordComplexitySettingsResponse{
|
||||
Settings: passwordSettingsToPb(current),
|
||||
Settings: passwordComplexitySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
ResourceOwner: current.ResourceOwner,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
|
||||
current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &settings.GetPasswordExpirySettingsResponse{
|
||||
Settings: passwordExpirySettingsToPb(current),
|
||||
Details: &object_pb.Details{
|
||||
Sequence: current.Sequence,
|
||||
ChangeDate: timestamppb.New(current.ChangeDate),
|
||||
|
||||
@ -91,7 +91,7 @@ func multiFactorTypeToPb(typ domain.MultiFactorType) settings.MultiFactorType {
|
||||
}
|
||||
}
|
||||
|
||||
func passwordSettingsToPb(current *query.PasswordComplexityPolicy) *settings.PasswordComplexitySettings {
|
||||
func passwordComplexitySettingsToPb(current *query.PasswordComplexityPolicy) *settings.PasswordComplexitySettings {
|
||||
return &settings.PasswordComplexitySettings{
|
||||
MinLength: current.MinLength,
|
||||
RequiresUppercase: current.HasUppercase,
|
||||
@ -102,6 +102,14 @@ func passwordSettingsToPb(current *query.PasswordComplexityPolicy) *settings.Pas
|
||||
}
|
||||
}
|
||||
|
||||
func passwordExpirySettingsToPb(current *query.PasswordAgePolicy) *settings.PasswordExpirySettings {
|
||||
return &settings.PasswordExpirySettings{
|
||||
MaxAgeDays: current.MaxAgeDays,
|
||||
ExpireWarnDays: current.ExpireWarnDays,
|
||||
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
|
||||
}
|
||||
}
|
||||
|
||||
func brandingSettingsToPb(current *query.LabelPolicy, assetPrefix string) *settings.BrandingSettings {
|
||||
return &settings.BrandingSettings{
|
||||
LightTheme: themeToPb(current.Light, assetPrefix, current.ResourceOwner),
|
||||
|
||||
@ -213,7 +213,7 @@ func Test_multiFactorTypeToPb(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func Test_passwordSettingsToPb(t *testing.T) {
|
||||
func Test_passwordComplexitySettingsToPb(t *testing.T) {
|
||||
arg := &query.PasswordComplexityPolicy{
|
||||
MinLength: 12,
|
||||
HasUppercase: true,
|
||||
@ -231,10 +231,29 @@ func Test_passwordSettingsToPb(t *testing.T) {
|
||||
ResourceOwnerType: settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE,
|
||||
}
|
||||
|
||||
got := passwordSettingsToPb(arg)
|
||||
got := passwordComplexitySettingsToPb(arg)
|
||||
grpc.AllFieldsSet(t, got.ProtoReflect(), ignoreTypes...)
|
||||
if !proto.Equal(got, want) {
|
||||
t.Errorf("passwordSettingsToPb() =\n%v\nwant\n%v", got, want)
|
||||
t.Errorf("passwordComplexitySettingsToPb() =\n%v\nwant\n%v", got, want)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_passwordExpirySettingsToPb(t *testing.T) {
|
||||
arg := &query.PasswordAgePolicy{
|
||||
ExpireWarnDays: 80,
|
||||
MaxAgeDays: 90,
|
||||
IsDefault: true,
|
||||
}
|
||||
want := &settings.PasswordExpirySettings{
|
||||
ExpireWarnDays: 80,
|
||||
MaxAgeDays: 90,
|
||||
ResourceOwnerType: settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE,
|
||||
}
|
||||
|
||||
got := passwordExpirySettingsToPb(arg)
|
||||
grpc.AllFieldsSet(t, got.ProtoReflect(), ignoreTypes...)
|
||||
if !proto.Equal(got, want) {
|
||||
t.Errorf("passwordExpirySettingsToPb() =\n%v\nwant\n%v", got, want)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -316,6 +316,7 @@ func PasswordChangeScreenTextToPb(text domain.PasswordChangeScreenText) *text_pb
|
||||
return &text_pb.PasswordChangeScreenText{
|
||||
Title: text.Title,
|
||||
Description: text.Description,
|
||||
ExpiredDescription: text.ExpiredDescription,
|
||||
OldPasswordLabel: text.OldPasswordLabel,
|
||||
NewPasswordLabel: text.NewPasswordLabel,
|
||||
NewPasswordConfirmLabel: text.NewPasswordConfirmLabel,
|
||||
@ -784,6 +785,7 @@ func PasswordChangeScreenTextPbToDomain(text *text_pb.PasswordChangeScreenText)
|
||||
return domain.PasswordChangeScreenText{
|
||||
Title: text.Title,
|
||||
Description: text.Description,
|
||||
ExpiredDescription: text.ExpiredDescription,
|
||||
OldPasswordLabel: text.OldPasswordLabel,
|
||||
NewPasswordLabel: text.NewPasswordLabel,
|
||||
NewPasswordConfirmLabel: text.NewPasswordConfirmLabel,
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/object"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
@ -48,6 +50,10 @@ func UserTypeToPb(user *query.User, assetPrefix string) user_pb.UserType {
|
||||
}
|
||||
|
||||
func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
|
||||
var passwordChanged *timestamppb.Timestamp
|
||||
if !view.PasswordChanged.IsZero() {
|
||||
passwordChanged = timestamppb.New(view.PasswordChanged)
|
||||
}
|
||||
return &user_pb.Human{
|
||||
Profile: &user_pb.Profile{
|
||||
FirstName: view.FirstName,
|
||||
@ -66,6 +72,7 @@ func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
|
||||
Phone: string(view.Phone),
|
||||
IsPhoneVerified: view.IsPhoneVerified,
|
||||
},
|
||||
PasswordChanged: passwordChanged,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
|
||||
"github.com/muhlemmer/gu"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
|
||||
@ -83,6 +84,10 @@ func userTypeToPb(userQ *query.User, assetPrefix string) user.UserType {
|
||||
}
|
||||
|
||||
func humanToPb(userQ *query.Human, assetPrefix, owner string) *user.HumanUser {
|
||||
var passwordChanged *timestamppb.Timestamp
|
||||
if !userQ.PasswordChanged.IsZero() {
|
||||
passwordChanged = timestamppb.New(userQ.PasswordChanged)
|
||||
}
|
||||
return &user.HumanUser{
|
||||
Profile: &user.HumanProfile{
|
||||
GivenName: userQ.FirstName,
|
||||
@ -102,6 +107,7 @@ func humanToPb(userQ *query.Human, assetPrefix, owner string) *user.HumanUser {
|
||||
IsVerified: userQ.IsPhoneVerified,
|
||||
},
|
||||
PasswordChangeRequired: userQ.PasswordChangeRequired,
|
||||
PasswordChanged: passwordChanged,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *user.GetUserByIDRequest
|
||||
dep func(ctx context.Context, username string, request *user.GetUserByIDRequest) error
|
||||
dep func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error)
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
@ -38,8 +38,8 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
&user.GetUserByIDRequest{
|
||||
UserId: "",
|
||||
},
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
|
||||
return nil
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
|
||||
return nil, nil
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
@ -51,8 +51,8 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
&user.GetUserByIDRequest{
|
||||
UserId: "unknown",
|
||||
},
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
|
||||
return nil
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
|
||||
return nil, nil
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
@ -62,10 +62,10 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
args: args{
|
||||
IamCTX,
|
||||
&user.GetUserByIDRequest{},
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
request.UserId = resp.GetUserId()
|
||||
return nil
|
||||
return nil, nil
|
||||
},
|
||||
},
|
||||
want: &user.GetUserByIDResponse{
|
||||
@ -106,11 +106,11 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
args: args{
|
||||
IamCTX,
|
||||
&user.GetUserByIDRequest{},
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
|
||||
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
request.UserId = resp.GetUserId()
|
||||
Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
|
||||
return nil
|
||||
changed := Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
|
||||
return changed, nil
|
||||
},
|
||||
},
|
||||
want: &user.GetUserByIDResponse{
|
||||
@ -138,6 +138,7 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
IsVerified: true,
|
||||
},
|
||||
PasswordChangeRequired: true,
|
||||
PasswordChanged: timestamppb.Now(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -151,7 +152,7 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
username := fmt.Sprintf("%d@mouse.com", time.Now().UnixNano())
|
||||
err := tt.args.dep(tt.args.ctx, username, tt.args.req)
|
||||
changed, err := tt.args.dep(tt.args.ctx, username, tt.args.req)
|
||||
require.NoError(t, err)
|
||||
retryDuration := time.Minute
|
||||
if ctxDeadline, ok := CTX.Deadline(); ok {
|
||||
@ -173,6 +174,9 @@ func TestServer_GetUserByID(t *testing.T) {
|
||||
tt.want.User.LoginNames = []string{username}
|
||||
if human := tt.want.User.GetHuman(); human != nil {
|
||||
human.Email.Email = username
|
||||
if tt.want.User.GetHuman().GetPasswordChanged() != nil {
|
||||
human.PasswordChanged = changed
|
||||
}
|
||||
}
|
||||
assert.Equal(ttt, tt.want.User, got.User)
|
||||
integration.AssertDetails(t, tt.want, got)
|
||||
@ -316,6 +320,7 @@ func TestServer_GetUserByID_Permission(t *testing.T) {
|
||||
type userAttr struct {
|
||||
UserID string
|
||||
Username string
|
||||
Changed *timestamppb.Timestamp
|
||||
}
|
||||
|
||||
func TestServer_ListUsers(t *testing.T) {
|
||||
@ -369,7 +374,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
userIDs[i] = resp.GetUserId()
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
}
|
||||
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
|
||||
return infos, nil
|
||||
@ -423,8 +428,8 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
userIDs[i] = resp.GetUserId()
|
||||
Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
changed := Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
|
||||
infos[i] = userAttr{resp.GetUserId(), username, changed}
|
||||
}
|
||||
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
|
||||
return infos, nil
|
||||
@ -457,6 +462,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
IsVerified: true,
|
||||
},
|
||||
PasswordChangeRequired: true,
|
||||
PasswordChanged: timestamppb.Now(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -479,7 +485,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
userIDs[i] = resp.GetUserId()
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
}
|
||||
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
|
||||
return infos, nil
|
||||
@ -575,7 +581,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
userIDs[i] = resp.GetUserId()
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
request.Queries = append(request.Queries, UsernameQuery(username))
|
||||
}
|
||||
return infos, nil
|
||||
@ -627,7 +633,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
infos := make([]userAttr, len(usernames))
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
}
|
||||
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
|
||||
return infos, nil
|
||||
@ -679,7 +685,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
infos := make([]userAttr, len(usernames))
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
}
|
||||
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
|
||||
return infos, nil
|
||||
@ -794,7 +800,7 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
infos := make([]userAttr, len(usernames))
|
||||
for i, username := range usernames {
|
||||
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
|
||||
infos[i] = userAttr{resp.GetUserId(), username}
|
||||
infos[i] = userAttr{resp.GetUserId(), username, nil}
|
||||
}
|
||||
request.Queries = append(request.Queries, OrganizationIdQuery(orgResp.OrganizationId))
|
||||
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
|
||||
@ -910,6 +916,9 @@ func TestServer_ListUsers(t *testing.T) {
|
||||
tt.want.Result[i].LoginNames = []string{infos[i].Username}
|
||||
if human := tt.want.Result[i].GetHuman(); human != nil {
|
||||
human.Email.Email = infos[i].Username
|
||||
if tt.want.Result[i].GetHuman().GetPasswordChanged() != nil {
|
||||
human.PasswordChanged = infos[i].Changed
|
||||
}
|
||||
}
|
||||
}
|
||||
for i := range tt.want.Result {
|
||||
|
||||
@ -40,9 +40,19 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
|
||||
errType, errMessage = l.getErrorMessage(r, err)
|
||||
}
|
||||
translator := l.getTranslator(r.Context(), authReq)
|
||||
if authReq == nil || len(authReq.PossibleSteps) < 1 {
|
||||
l.renderError(w, r, authReq, err)
|
||||
return
|
||||
}
|
||||
step, ok := authReq.PossibleSteps[0].(*domain.ChangePasswordStep)
|
||||
if !ok {
|
||||
l.renderError(w, r, authReq, err)
|
||||
return
|
||||
}
|
||||
data := passwordData{
|
||||
baseData: l.getBaseData(r, authReq, translator, "PasswordChange.Title", "PasswordChange.Description", errType, errMessage),
|
||||
profileData: l.getProfileData(authReq),
|
||||
Expired: step.Expired,
|
||||
}
|
||||
policy := l.getPasswordComplexityPolicy(r, authReq.UserOrgID)
|
||||
if policy != nil {
|
||||
|
||||
@ -683,6 +683,7 @@ type passwordData struct {
|
||||
HasLowercase string
|
||||
HasNumber string
|
||||
HasSymbol string
|
||||
Expired bool
|
||||
}
|
||||
|
||||
type userSelectionData struct {
|
||||
|
||||
@ -193,6 +193,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Промяна на паролата
|
||||
Description: 'Променете паролата си. '
|
||||
ExpiredDescription: Паролата ви е изтекла и трябва да бъде променена. Въведете старата и новата си парола.
|
||||
OldPasswordLabel: Стара парола
|
||||
NewPasswordLabel: нова парола
|
||||
NewPasswordConfirmLabel: Потвърждение на парола
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Změna hesla
|
||||
Description: Změňte si heslo. Zadejte své staré a nové heslo.
|
||||
ExpiredDescription: Heslo vypršelo a musí být změněno. Zadejte své staré a nové heslo.
|
||||
OldPasswordLabel: Staré heslo
|
||||
NewPasswordLabel: Nové heslo
|
||||
NewPasswordConfirmLabel: Potvrzení hesla
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Passwort ändern
|
||||
Description: Ändere dein Passwort indem du dein altes und dann dein neues Passwort eingibst.
|
||||
ExpiredDescription: Dein Passwort ist abgelaufen und muss geändert werden. Gib dein altes und neues Passwort ein.
|
||||
OldPasswordLabel: Altes Passwort
|
||||
NewPasswordLabel: Neues Passwort
|
||||
NewPasswordConfirmLabel: Passwort wiederholen
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Change Password
|
||||
Description: Change your password. Enter your old and new password.
|
||||
ExpiredDescription: You password has expired and has to be changed. Enter your old and new password.
|
||||
OldPasswordLabel: Old Password
|
||||
NewPasswordLabel: New Password
|
||||
NewPasswordConfirmLabel: Password confirmation
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Cambiar contraseña
|
||||
Description: Cambia tu contraseña. Introduce tu contraseña anterior y la nueva.
|
||||
ExpiredDescription: Tu contraseña ha caducado y tiene que cambiarla. Introduzca tu contraseña anterior y la nueva.
|
||||
OldPasswordLabel: Contraseña anterior
|
||||
NewPasswordLabel: Nueva contraseña
|
||||
NewPasswordConfirmLabel: Confirmación de contraseña
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Changer le mot de passe
|
||||
Description: Changez votre mot de passe. Entrez votre ancien et votre nouveau mot de passe.
|
||||
ExpiredDescription: Votre mot de passe a expiré et doit être modifié. Entrez votre ancien et votre nouveau mot de passe.
|
||||
OldPasswordLabel: Ancien mot de passe
|
||||
NewPasswordLabel: Nouveau mot de passe
|
||||
NewPasswordConfirmLabel: Confirmation du mot de passe
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Reimposta password
|
||||
Description: Cambia la tua password. Inserisci la tua vecchia e la nuova password.
|
||||
ExpiredDescription: La password è scaduta e deve essere modificata. Inserisci la tua vecchia e la nuova password.
|
||||
OldPasswordLabel: Vecchia password
|
||||
NewPasswordLabel: Nuova password
|
||||
NewPasswordConfirmLabel: Conferma della password
|
||||
|
||||
@ -183,6 +183,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: パスワードの変更
|
||||
Description: 旧パスワードと新パスワードを入力し、パスワードを変更してください。
|
||||
ExpiredDescription: パスワードの有効期限が切れたため、変更する必要があります。古いパスワードと新しいパスワードを入力してください。
|
||||
OldPasswordLabel: 旧パスワード
|
||||
NewPasswordLabel: 新パスワード
|
||||
NewPasswordConfirmLabel: 新パスワードの確認
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Промена на лозинка
|
||||
Description: Променете ја вашата лозинка. Внесете ја старата и новата лозинка.
|
||||
ExpiredDescription: Вашата лозинка е истечена и мора да се смени. Внесете ја старата и новата лозинка.
|
||||
OldPasswordLabel: Стара лозинка
|
||||
NewPasswordLabel: Нова лозинка
|
||||
NewPasswordConfirmLabel: Потврда на лозинка
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Verander Wachtwoord
|
||||
Description: Verander uw wachtwoord. Voer uw oude en nieuwe wachtwoord in.
|
||||
ExpiredDescription: Je wachtwoord is verlopen en moet worden gewijzigd. Voer uw oude en nieuwe wachtwoord in.
|
||||
OldPasswordLabel: Oud Wachtwoord
|
||||
NewPasswordLabel: Nieuw Wachtwoord
|
||||
NewPasswordConfirmLabel: Bevestig Wachtwoord
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Zmiana hasła
|
||||
Description: Zmień swoje hasło. Wprowadź swoje stare i nowe hasło.
|
||||
ExpiredDescription: Twoje hasło wygasło i musi zostać zmienione. Wprowadź swoje stare i nowe hasło.
|
||||
OldPasswordLabel: Stare hasło
|
||||
NewPasswordLabel: Nowe hasło
|
||||
NewPasswordConfirmLabel: Potwierdzenie hasła
|
||||
|
||||
@ -186,6 +186,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Alterar senha
|
||||
Description: Altere sua senha. Insira sua senha antiga e nova.
|
||||
ExpiredDescription: A sua palavra-passe expirou e tem de ser alterada. Insira sua senha antiga e nova.
|
||||
OldPasswordLabel: Senha antiga
|
||||
NewPasswordLabel: Nova senha
|
||||
NewPasswordConfirmLabel: Confirmação de senha
|
||||
|
||||
@ -189,6 +189,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Изменение пароля
|
||||
Description: Измените ваш пароль. Введите старый и новый пароли.
|
||||
ExpiredDescription: Срок действия вашего пароля истек, и его необходимо изменить. Введите старый и новый пароль.
|
||||
OldPasswordLabel: Старый пароль
|
||||
NewPasswordLabel: Новый пароль
|
||||
NewPasswordConfirmLabel: Подтверждение пароля
|
||||
|
||||
@ -28,7 +28,7 @@ SelectAccount:
|
||||
SessionState1: Utloggad
|
||||
MustBeMemberOfOrg: Användaren måste finnas i organisationen {{.OrgName}}.
|
||||
|
||||
Lösenord:
|
||||
Password:
|
||||
Title: Lösenord
|
||||
Description: Ange dina användaruppgifter.
|
||||
PasswordLabel: Lösenord
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: Ändra lösenord
|
||||
Description: Ändra diit lösenord. Ange både ditt gamla och det nya lösenordet.
|
||||
ExpiredDescription: Ditt lösenord har gått ut och måste bytas ut. Ange ditt gamla och nya lösenord.
|
||||
OldPasswordLabel: Gammalt lösenord
|
||||
NewPasswordLabel: Nytt lösenord
|
||||
NewPasswordConfirmLabel: Nytt lösenord igen
|
||||
|
||||
@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
|
||||
PasswordChange:
|
||||
Title: 更改密码
|
||||
Description: 更改您的密码。输入您的旧密码和新密码。
|
||||
ExpiredDescription: 您的密码已过期,需要更改。请输入您的新旧密码。
|
||||
OldPasswordLabel: 旧密码
|
||||
NewPasswordLabel: 新密码
|
||||
NewPasswordConfirmLabel: 确认密码
|
||||
|
||||
@ -4,7 +4,11 @@
|
||||
<h1>{{t "PasswordChange.Title"}}</h1>
|
||||
{{ template "user-profile" . }}
|
||||
|
||||
{{if .Expired}}
|
||||
<p>{{t "PasswordChange.ExpiredDescription"}}</p>
|
||||
{{else}}
|
||||
<p>{{t "PasswordChange.Description"}}</p>
|
||||
{{end}}
|
||||
</div>
|
||||
|
||||
<form action="{{ changePasswordUrl }}" method="POST">
|
||||
|
||||
@ -44,6 +44,7 @@ type AuthRequestRepo struct {
|
||||
OrgViewProvider orgViewProvider
|
||||
LoginPolicyViewProvider loginPolicyViewProvider
|
||||
LockoutPolicyViewProvider lockoutPolicyViewProvider
|
||||
PasswordAgePolicyProvider passwordAgePolicyProvider
|
||||
PrivacyPolicyProvider privacyPolicyProvider
|
||||
IDPProviderViewProvider idpProviderViewProvider
|
||||
IDPUserLinksProvider idpUserLinksProvider
|
||||
@ -81,6 +82,10 @@ type lockoutPolicyViewProvider interface {
|
||||
LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error)
|
||||
}
|
||||
|
||||
type passwordAgePolicyProvider interface {
|
||||
PasswordAgePolicyByOrg(context.Context, bool, string, bool) (*query.PasswordAgePolicy, error)
|
||||
}
|
||||
|
||||
type idpProviderViewProvider interface {
|
||||
IDPLoginPolicyLinks(context.Context, string, *query.IDPLoginPolicyLinksSearchQuery, bool) (*query.IDPLoginPolicyLinks, error)
|
||||
}
|
||||
@ -685,6 +690,13 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
|
||||
}
|
||||
request.LabelPolicy = labelPolicy
|
||||
}
|
||||
if request.PasswordAgePolicy == nil || request.PolicyOrgID() != orgID {
|
||||
passwordPolicy, err := repo.getPasswordAgePolicy(ctx, orgID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
request.PasswordAgePolicy = passwordPolicy
|
||||
}
|
||||
if len(request.DefaultTranslations) == 0 {
|
||||
defaultLoginTranslations, err := repo.getLoginTexts(ctx, instance.InstanceID())
|
||||
if err != nil {
|
||||
@ -1048,8 +1060,9 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
|
||||
return append(steps, step), nil
|
||||
}
|
||||
|
||||
if user.PasswordChangeRequired {
|
||||
steps = append(steps, &domain.ChangePasswordStep{})
|
||||
expired := passwordAgeChangeRequired(request.PasswordAgePolicy, user.PasswordChanged)
|
||||
if expired || user.PasswordChangeRequired {
|
||||
steps = append(steps, &domain.ChangePasswordStep{Expired: expired})
|
||||
}
|
||||
if !user.IsEmailVerified {
|
||||
steps = append(steps, &domain.VerifyEMailStep{})
|
||||
@ -1058,7 +1071,7 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
|
||||
steps = append(steps, &domain.ChangeUsernameStep{})
|
||||
}
|
||||
|
||||
if user.PasswordChangeRequired || !user.IsEmailVerified || user.UsernameChangeRequired {
|
||||
if expired || user.PasswordChangeRequired || !user.IsEmailVerified || user.UsernameChangeRequired {
|
||||
return steps, nil
|
||||
}
|
||||
|
||||
@ -1093,6 +1106,14 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
|
||||
return append(steps, &domain.RedirectToCallbackStep{}), nil
|
||||
}
|
||||
|
||||
func passwordAgeChangeRequired(policy *domain.PasswordAgePolicy, changed time.Time) bool {
|
||||
if policy == nil || policy.MaxAgeDays == 0 {
|
||||
return false
|
||||
}
|
||||
maxDays := time.Duration(policy.MaxAgeDays) * 24 * time.Hour
|
||||
return time.Now().Add(-maxDays).After(changed)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) nextStepsUser(ctx context.Context, request *domain.AuthRequest) (_ []domain.NextStep, err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
@ -1371,6 +1392,28 @@ func labelPolicyToDomain(p *query.LabelPolicy) *domain.LabelPolicy {
|
||||
}
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getPasswordAgePolicy(ctx context.Context, orgID string) (*domain.PasswordAgePolicy, error) {
|
||||
policy, err := repo.PasswordAgePolicyProvider.PasswordAgePolicyByOrg(ctx, false, orgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return passwordAgePolicyToDomain(policy), nil
|
||||
}
|
||||
|
||||
func passwordAgePolicyToDomain(policy *query.PasswordAgePolicy) *domain.PasswordAgePolicy {
|
||||
return &domain.PasswordAgePolicy{
|
||||
ObjectRoot: es_models.ObjectRoot{
|
||||
AggregateID: policy.ID,
|
||||
Sequence: policy.Sequence,
|
||||
ResourceOwner: policy.ResourceOwner,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
},
|
||||
MaxAgeDays: policy.MaxAgeDays,
|
||||
ExpireWarnDays: policy.ExpireWarnDays,
|
||||
}
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID string) ([]*domain.CustomText, error) {
|
||||
loginTexts, err := repo.CustomTextProvider.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
|
||||
@ -140,6 +140,7 @@ type mockViewUser struct {
|
||||
InitRequired bool
|
||||
PasswordInitRequired bool
|
||||
PasswordSet bool
|
||||
PasswordChanged time.Time
|
||||
PasswordChangeRequired bool
|
||||
IsEmailVerified bool
|
||||
OTPState int32
|
||||
@ -189,6 +190,14 @@ func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string) (*
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
type mockPasswordAgePolicy struct {
|
||||
policy *query.PasswordAgePolicy
|
||||
}
|
||||
|
||||
func (m *mockPasswordAgePolicy) PasswordAgePolicyByOrg(context.Context, bool, string, bool) (*query.PasswordAgePolicy, error) {
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
func (m *mockViewUser) UserByID(string, string) (*user_view_model.UserView, error) {
|
||||
return &user_view_model.UserView{
|
||||
State: int32(user_model.UserStateActive),
|
||||
@ -291,21 +300,22 @@ func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPU
|
||||
|
||||
func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
type fields struct {
|
||||
AuthRequests cache.AuthRequestCache
|
||||
View *view.View
|
||||
userSessionViewProvider userSessionViewProvider
|
||||
userViewProvider userViewProvider
|
||||
userEventProvider userEventProvider
|
||||
orgViewProvider orgViewProvider
|
||||
userGrantProvider userGrantProvider
|
||||
projectProvider projectProvider
|
||||
applicationProvider applicationProvider
|
||||
loginPolicyProvider loginPolicyViewProvider
|
||||
lockoutPolicyProvider lockoutPolicyViewProvider
|
||||
idpUserLinksProvider idpUserLinksProvider
|
||||
privacyPolicyProvider privacyPolicyProvider
|
||||
labelPolicyProvider labelPolicyProvider
|
||||
customTextProvider customTextProvider
|
||||
AuthRequests cache.AuthRequestCache
|
||||
View *view.View
|
||||
userSessionViewProvider userSessionViewProvider
|
||||
userViewProvider userViewProvider
|
||||
userEventProvider userEventProvider
|
||||
orgViewProvider orgViewProvider
|
||||
userGrantProvider userGrantProvider
|
||||
projectProvider projectProvider
|
||||
applicationProvider applicationProvider
|
||||
loginPolicyProvider loginPolicyViewProvider
|
||||
lockoutPolicyProvider lockoutPolicyViewProvider
|
||||
idpUserLinksProvider idpUserLinksProvider
|
||||
privacyPolicyProvider privacyPolicyProvider
|
||||
labelPolicyProvider labelPolicyProvider
|
||||
passwordAgePolicyProvider passwordAgePolicyProvider
|
||||
customTextProvider customTextProvider
|
||||
}
|
||||
type args struct {
|
||||
request *domain.AuthRequest
|
||||
@ -529,6 +539,9 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
labelPolicyProvider: &mockLabelPolicy{
|
||||
policy: &query.LabelPolicy{},
|
||||
},
|
||||
passwordAgePolicyProvider: &mockPasswordAgePolicy{
|
||||
policy: &query.PasswordAgePolicy{},
|
||||
},
|
||||
customTextProvider: &mockCustomText{
|
||||
texts: &query.CustomTexts{},
|
||||
},
|
||||
@ -1304,6 +1317,48 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
[]domain.NextStep{&domain.ChangePasswordStep{}, &domain.VerifyEMailStep{}},
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"password change expired, password change step",
|
||||
fields{
|
||||
userSessionViewProvider: &mockViewUserSession{
|
||||
PasswordVerification: testNow.Add(-5 * time.Minute),
|
||||
SecondFactorVerification: testNow.Add(-5 * time.Minute),
|
||||
},
|
||||
userViewProvider: &mockViewUser{
|
||||
PasswordSet: true,
|
||||
PasswordChangeRequired: false,
|
||||
PasswordChanged: testNow.Add(-50 * 24 * time.Hour),
|
||||
IsEmailVerified: true,
|
||||
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
|
||||
},
|
||||
userEventProvider: &mockEventUser{},
|
||||
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
|
||||
lockoutPolicyProvider: &mockLockoutPolicy{
|
||||
policy: &query.LockoutPolicy{
|
||||
ShowFailures: true,
|
||||
},
|
||||
},
|
||||
passwordAgePolicyProvider: &mockPasswordAgePolicy{
|
||||
policy: &query.PasswordAgePolicy{
|
||||
MaxAgeDays: 30,
|
||||
},
|
||||
},
|
||||
idpUserLinksProvider: &mockIDPUserLinks{},
|
||||
},
|
||||
args{&domain.AuthRequest{
|
||||
UserID: "UserID",
|
||||
LoginPolicy: &domain.LoginPolicy{
|
||||
SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP},
|
||||
PasswordCheckLifetime: 10 * 24 * time.Hour,
|
||||
SecondFactorCheckLifetime: 18 * time.Hour,
|
||||
},
|
||||
PasswordAgePolicy: &domain.PasswordAgePolicy{
|
||||
MaxAgeDays: 30,
|
||||
},
|
||||
}, false},
|
||||
[]domain.NextStep{&domain.ChangePasswordStep{Expired: true}},
|
||||
nil,
|
||||
},
|
||||
{
|
||||
"email verified and no password change required, redirect to callback step",
|
||||
fields{
|
||||
@ -1662,6 +1717,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
|
||||
IDPUserLinksProvider: tt.fields.idpUserLinksProvider,
|
||||
PrivacyPolicyProvider: tt.fields.privacyPolicyProvider,
|
||||
LabelPolicyProvider: tt.fields.labelPolicyProvider,
|
||||
PasswordAgePolicyProvider: tt.fields.passwordAgePolicyProvider,
|
||||
CustomTextProvider: tt.fields.customTextProvider,
|
||||
}
|
||||
got, err := repo.nextSteps(context.Background(), tt.args.request, tt.args.checkLoggedIn)
|
||||
|
||||
@ -73,6 +73,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, c
|
||||
IDPUserLinksProvider: queries,
|
||||
LockoutPolicyViewProvider: queries,
|
||||
LoginPolicyViewProvider: queries,
|
||||
PasswordAgePolicyProvider: queries,
|
||||
UserGrantProvider: queryView,
|
||||
ProjectProvider: queryView,
|
||||
ApplicationProvider: queries,
|
||||
|
||||
@ -687,6 +687,10 @@ func (c *Commands) createPasswordChangeEvents(ctx context.Context, agg *eventsto
|
||||
if event != nil {
|
||||
events = append(events, event)
|
||||
}
|
||||
event = c.createCustomLoginTextEvent(ctx, agg, domain.LoginKeyPasswordChangeExpiredDescription, existingText.PasswordChangeExpiredDescription, text.PasswordChange.ExpiredDescription, text.Language, defaultText)
|
||||
if event != nil {
|
||||
events = append(events, event)
|
||||
}
|
||||
event = c.createCustomLoginTextEvent(ctx, agg, domain.LoginKeyPasswordChangeOldPasswordLabel, existingText.PasswordChangeOldPasswordLabel, text.PasswordChange.OldPasswordLabel, text.Language, defaultText)
|
||||
if event != nil {
|
||||
events = append(events, event)
|
||||
|
||||
@ -186,6 +186,7 @@ type CustomLoginTextReadModel struct {
|
||||
|
||||
PasswordChangeTitle string
|
||||
PasswordChangeDescription string
|
||||
PasswordChangeExpiredDescription string
|
||||
PasswordChangeOldPasswordLabel string
|
||||
PasswordChangeNewPasswordLabel string
|
||||
PasswordChangeNewPasswordConfirmLabel string
|
||||
@ -1767,6 +1768,10 @@ func (wm *CustomLoginTextReadModel) handlePasswordChangeScreenSetEvent(e *policy
|
||||
wm.PasswordChangeDescription = e.Text
|
||||
return
|
||||
}
|
||||
if e.Key == domain.LoginKeyPasswordChangeExpiredDescription {
|
||||
wm.PasswordChangeExpiredDescription = e.Text
|
||||
return
|
||||
}
|
||||
if e.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
|
||||
wm.PasswordChangeOldPasswordLabel = e.Text
|
||||
return
|
||||
@ -1798,6 +1803,10 @@ func (wm *CustomLoginTextReadModel) handlePasswordChangeScreenRemoveEvent(e *pol
|
||||
wm.PasswordChangeDescription = ""
|
||||
return
|
||||
}
|
||||
if e.Key == domain.LoginKeyPasswordChangeExpiredDescription {
|
||||
wm.PasswordChangeExpiredDescription = ""
|
||||
return
|
||||
}
|
||||
if e.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
|
||||
wm.PasswordChangeOldPasswordLabel = ""
|
||||
return
|
||||
|
||||
@ -480,6 +480,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
),
|
||||
@ -942,6 +945,7 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
PasswordChange: domain.PasswordChangeScreenText{
|
||||
Title: "Title",
|
||||
Description: "Description",
|
||||
ExpiredDescription: "ExpiredDescription",
|
||||
OldPasswordLabel: "OldPasswordLabel",
|
||||
NewPasswordLabel: "NewPasswordLabel",
|
||||
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
|
||||
@ -1860,6 +1864,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
@ -2813,6 +2823,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
instance.NewCustomTextRemovedEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
|
||||
),
|
||||
instance.NewCustomTextRemovedEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
|
||||
),
|
||||
instance.NewCustomTextRemovedEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
|
||||
),
|
||||
@ -3934,6 +3947,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
@ -5279,6 +5298,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextRemovedEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusherWithInstanceID(
|
||||
"INSTANCE",
|
||||
instance.NewCustomTextRemovedEvent(context.Background(),
|
||||
@ -6233,6 +6258,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
instance.NewCustomTextSetEvent(context.Background(),
|
||||
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
),
|
||||
@ -6695,6 +6723,7 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
|
||||
PasswordChange: domain.PasswordChangeScreenText{
|
||||
Title: "Title",
|
||||
Description: "Description",
|
||||
ExpiredDescription: "ExpiredDescription",
|
||||
OldPasswordLabel: "OldPasswordLabel",
|
||||
NewPasswordLabel: "NewPasswordLabel",
|
||||
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
|
||||
|
||||
@ -762,6 +762,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
@ -1406,6 +1411,7 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
PasswordChange: domain.PasswordChangeScreenText{
|
||||
Title: "Title",
|
||||
Description: "Description",
|
||||
ExpiredDescription: "ExpiredDescription",
|
||||
OldPasswordLabel: "OldPasswordLabel",
|
||||
NewPasswordLabel: "NewPasswordLabel",
|
||||
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
|
||||
@ -2192,6 +2198,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
@ -3047,6 +3058,9 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
org.NewCustomTextRemovedEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
|
||||
),
|
||||
org.NewCustomTextRemovedEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
|
||||
),
|
||||
org.NewCustomTextRemovedEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
|
||||
),
|
||||
@ -4035,6 +4049,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
@ -5150,6 +5169,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextRemovedEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
org.NewCustomTextRemovedEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
|
||||
@ -6005,6 +6029,9 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
|
||||
),
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
|
||||
),
|
||||
org.NewCustomTextSetEvent(context.Background(),
|
||||
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
|
||||
),
|
||||
@ -6465,6 +6492,7 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
|
||||
PasswordChange: domain.PasswordChangeScreenText{
|
||||
Title: "Title",
|
||||
Description: "Description",
|
||||
ExpiredDescription: "ExpiredDescription",
|
||||
OldPasswordLabel: "OldPasswordLabel",
|
||||
NewPasswordLabel: "NewPasswordLabel",
|
||||
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
|
||||
|
||||
@ -56,6 +56,7 @@ type AuthRequest struct {
|
||||
LabelPolicy *LabelPolicy
|
||||
PrivacyPolicy *PrivacyPolicy
|
||||
LockoutPolicy *LockoutPolicy
|
||||
PasswordAgePolicy *PasswordAgePolicy
|
||||
DefaultTranslations []*CustomText
|
||||
OrgTranslations []*CustomText
|
||||
SAMLRequestID string
|
||||
|
||||
@ -185,6 +185,7 @@ const (
|
||||
LoginKeyPasswordChange = "PasswordChange."
|
||||
LoginKeyPasswordChangeTitle = LoginKeyPasswordChange + "Title"
|
||||
LoginKeyPasswordChangeDescription = LoginKeyPasswordChange + "Description"
|
||||
LoginKeyPasswordChangeExpiredDescription = LoginKeyPasswordChange + "ExpiredDescription"
|
||||
LoginKeyPasswordChangeOldPasswordLabel = LoginKeyPasswordChange + "OldPasswordLabel"
|
||||
LoginKeyPasswordChangeNewPasswordLabel = LoginKeyPasswordChange + "NewPasswordLabel"
|
||||
LoginKeyPasswordChangeNewPasswordConfirmLabel = LoginKeyPasswordChange + "NewPasswordConfirmLabel"
|
||||
@ -529,6 +530,7 @@ type PasswordlessScreenText struct {
|
||||
type PasswordChangeScreenText struct {
|
||||
Title string
|
||||
Description string
|
||||
ExpiredDescription string
|
||||
OldPasswordLabel string
|
||||
NewPasswordLabel string
|
||||
NewPasswordConfirmLabel string
|
||||
|
||||
@ -117,7 +117,9 @@ func (s *PasswordlessRegistrationPromptStep) Type() NextStepType {
|
||||
return NextStepPasswordlessRegistrationPrompt
|
||||
}
|
||||
|
||||
type ChangePasswordStep struct{}
|
||||
type ChangePasswordStep struct {
|
||||
Expired bool
|
||||
}
|
||||
|
||||
func (s *ChangePasswordStep) Type() NextStepType {
|
||||
return NextStepChangePassword
|
||||
|
||||
@ -17,6 +17,7 @@ import (
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/protobuf/types/known/durationpb"
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
@ -311,8 +312,8 @@ func (s *Tester) RegisterUserU2F(ctx context.Context, userID string) {
|
||||
logging.OnError(err).Fatal("create user u2f")
|
||||
}
|
||||
|
||||
func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, changeRequired bool) {
|
||||
_, err := s.Client.UserV2.SetPassword(ctx, &user.SetPasswordRequest{
|
||||
func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, changeRequired bool) *timestamppb.Timestamp {
|
||||
resp, err := s.Client.UserV2.SetPassword(ctx, &user.SetPasswordRequest{
|
||||
UserId: userID,
|
||||
NewPassword: &user.Password{
|
||||
Password: password,
|
||||
@ -320,6 +321,7 @@ func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, c
|
||||
},
|
||||
})
|
||||
logging.OnError(err).Fatal("set user password")
|
||||
return resp.GetDetails().GetChangeDate()
|
||||
}
|
||||
|
||||
func (s *Tester) AddGenericOAuthProvider(t *testing.T, ctx context.Context) string {
|
||||
|
||||
@ -891,6 +891,9 @@ func passwordChangeKeyToDomain(text *CustomText, result *domain.CustomLoginText)
|
||||
if text.Key == domain.LoginKeyPasswordChangeDescription {
|
||||
result.PasswordChange.Description = text.Text
|
||||
}
|
||||
if text.Key == domain.LoginKeyPasswordChangeExpiredDescription {
|
||||
result.PasswordChange.ExpiredDescription = text.Text
|
||||
}
|
||||
if text.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
|
||||
result.PasswordChange.OldPasswordLabel = text.Text
|
||||
}
|
||||
|
||||
@ -21,21 +21,21 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_machines.name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.users13.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.instance_members4 AS members " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.users13_humans " +
|
||||
"ON members.user_id = projections.users13_humans.user_id AND members.instance_id = projections.users13_humans.instance_id " +
|
||||
"LEFT JOIN projections.users13_machines " +
|
||||
"ON members.user_id = projections.users13_machines.user_id AND members.instance_id = projections.users13_machines.instance_id " +
|
||||
"LEFT JOIN projections.users13 " +
|
||||
"ON members.user_id = projections.users13.id AND members.instance_id = projections.users13.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id AND members.instance_id = projections.login_names3.instance_id " +
|
||||
"AS OF SYSTEM TIME '-1 ms' " +
|
||||
|
||||
@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_machines.name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.users13.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.org_members4 AS members " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.users13_humans " +
|
||||
"ON members.user_id = projections.users13_humans.user_id " +
|
||||
"AND members.instance_id = projections.users13_humans.instance_id " +
|
||||
"LEFT JOIN projections.users13_machines " +
|
||||
"ON members.user_id = projections.users13_machines.user_id " +
|
||||
"AND members.instance_id = projections.users13_machines.instance_id " +
|
||||
"LEFT JOIN projections.users13 " +
|
||||
"ON members.user_id = projections.users13.id " +
|
||||
"AND members.instance_id = projections.users13.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_machines.name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.users13.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.project_grant_members4 AS members " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.users13_humans " +
|
||||
"ON members.user_id = projections.users13_humans.user_id " +
|
||||
"AND members.instance_id = projections.users13_humans.instance_id " +
|
||||
"LEFT JOIN projections.users13_machines " +
|
||||
"ON members.user_id = projections.users13_machines.user_id " +
|
||||
"AND members.instance_id = projections.users13_machines.instance_id " +
|
||||
"LEFT JOIN projections.users13 " +
|
||||
"ON members.user_id = projections.users13.id " +
|
||||
"AND members.instance_id = projections.users13.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_machines.name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.users13.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.project_members4 AS members " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.users13_humans " +
|
||||
"ON members.user_id = projections.users13_humans.user_id " +
|
||||
"AND members.instance_id = projections.users13_humans.instance_id " +
|
||||
"LEFT JOIN projections.users13_machines " +
|
||||
"ON members.user_id = projections.users13_machines.user_id " +
|
||||
"AND members.instance_id = projections.users13_machines.instance_id " +
|
||||
"LEFT JOIN projections.users13 " +
|
||||
"ON members.user_id = projections.users13.id " +
|
||||
"AND members.instance_id = projections.users13.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@ -16,7 +16,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
UserTable = "projections.users12"
|
||||
UserTable = "projections.users13"
|
||||
UserHumanTable = UserTable + "_" + UserHumanSuffix
|
||||
UserMachineTable = UserTable + "_" + UserMachineSuffix
|
||||
UserNotifyTable = UserTable + "_" + UserNotifySuffix
|
||||
@ -35,6 +35,7 @@ const (
|
||||
HumanUserIDCol = "user_id"
|
||||
HumanUserInstanceIDCol = "instance_id"
|
||||
HumanPasswordChangeRequired = "password_change_required"
|
||||
HumanPasswordChanged = "password_changed"
|
||||
|
||||
// profile
|
||||
HumanFirstNameCol = "first_name"
|
||||
@ -116,6 +117,7 @@ func (*userProjection) Init() *old_handler.Check {
|
||||
handler.NewColumn(HumanPhoneCol, handler.ColumnTypeText, handler.Nullable()),
|
||||
handler.NewColumn(HumanIsPhoneVerifiedCol, handler.ColumnTypeBool, handler.Nullable()),
|
||||
handler.NewColumn(HumanPasswordChangeRequired, handler.ColumnTypeBool),
|
||||
handler.NewColumn(HumanPasswordChanged, handler.ColumnTypeTimestamp, handler.Nullable()),
|
||||
},
|
||||
handler.NewPrimaryKey(HumanUserInstanceIDCol, HumanUserIDCol),
|
||||
UserHumanSuffix,
|
||||
@ -322,6 +324,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ebynp", "reduce.wrong.event.type %s", user.HumanAddedType)
|
||||
}
|
||||
passwordSet := crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""
|
||||
return handler.NewMultiStatement(
|
||||
e,
|
||||
handler.AddCreateStatement(
|
||||
@ -350,6 +353,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
|
||||
handler.NewCol(HumanEmailCol, e.EmailAddress),
|
||||
handler.NewCol(HumanPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
|
||||
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: passwordSet}),
|
||||
},
|
||||
handler.WithTableSuffix(UserHumanSuffix),
|
||||
),
|
||||
@ -359,7 +363,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
|
||||
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
|
||||
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
|
||||
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
handler.NewCol(NotifyPasswordSetCol, passwordSet),
|
||||
},
|
||||
handler.WithTableSuffix(UserNotifySuffix),
|
||||
),
|
||||
@ -371,6 +375,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xE53M", "reduce.wrong.event.type %s", user.HumanRegisteredType)
|
||||
}
|
||||
passwordSet := crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""
|
||||
return handler.NewMultiStatement(
|
||||
e,
|
||||
handler.AddCreateStatement(
|
||||
@ -399,6 +404,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
|
||||
handler.NewCol(HumanEmailCol, e.EmailAddress),
|
||||
handler.NewCol(HumanPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
|
||||
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: passwordSet}),
|
||||
},
|
||||
handler.WithTableSuffix(UserHumanSuffix),
|
||||
),
|
||||
@ -408,7 +414,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
|
||||
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
|
||||
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
|
||||
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
handler.NewCol(NotifyPasswordSetCol, passwordSet),
|
||||
},
|
||||
handler.WithTableSuffix(UserNotifySuffix),
|
||||
),
|
||||
@ -918,6 +924,7 @@ func (p *userProjection) reduceHumanPasswordChanged(event eventstore.Event) (*ha
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
|
||||
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: true}),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(HumanUserIDCol, e.Aggregate().ID),
|
||||
|
||||
@ -3,6 +3,7 @@ package projection
|
||||
import (
|
||||
"database/sql"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
@ -14,6 +15,7 @@ import (
|
||||
)
|
||||
|
||||
func TestUserProjection_reduces(t *testing.T) {
|
||||
testNow := time.Now()
|
||||
type args struct {
|
||||
event func(t *testing.T) eventstore.Event
|
||||
}
|
||||
@ -27,7 +29,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanAdded",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanAddedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -42,6 +44,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"phone": "+41 00 000 00 00",
|
||||
"changeRequired": true
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanAddedEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanAdded,
|
||||
@ -51,7 +54,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -65,7 +68,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -78,10 +81,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
true,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -98,7 +102,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceUserV1Added",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.UserV1AddedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -112,6 +116,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"email": "email@zitadel.com",
|
||||
"phone": "+41 00 000 00 00"
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanAddedEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanAdded,
|
||||
@ -121,7 +126,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -135,7 +140,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -148,10 +153,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
false,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -168,7 +174,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanAdded NULLs",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanAddedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -177,6 +183,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"lastName": "last-name",
|
||||
"email": "email@zitadel.com"
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanAddedEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanAdded,
|
||||
@ -186,7 +193,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -200,7 +207,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -213,10 +220,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{},
|
||||
false,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -233,7 +241,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanRegistered",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanRegisteredType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -248,6 +256,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"phone": "+41 00 000 00 00",
|
||||
"changeRequired": true
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanRegisteredEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanRegistered,
|
||||
@ -257,7 +266,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -271,7 +280,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -284,10 +293,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
true,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -304,7 +314,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceUserV1Registered",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.UserV1RegisteredType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -318,6 +328,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"email": "email@zitadel.com",
|
||||
"phone": "+41 00 000 00 00"
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanRegisteredEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanRegistered,
|
||||
@ -327,7 +338,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -341,7 +352,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -354,10 +365,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
false,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -374,7 +386,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanRegistered NULLs",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanRegisteredType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
@ -383,6 +395,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
"lastName": "last-name",
|
||||
"email": "email@zitadel.com"
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanRegisteredEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanRegistered,
|
||||
@ -392,7 +405,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -406,7 +419,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -419,10 +432,11 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
&sql.NullString{},
|
||||
false,
|
||||
&sql.NullTime{Time: testNow, Valid: false},
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -452,7 +466,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateInitial,
|
||||
"agg-id",
|
||||
@ -480,7 +494,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateInitial,
|
||||
"agg-id",
|
||||
@ -508,7 +522,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateActive,
|
||||
"agg-id",
|
||||
@ -536,7 +550,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateActive,
|
||||
"agg-id",
|
||||
@ -564,7 +578,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateLocked,
|
||||
@ -594,7 +608,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateActive,
|
||||
@ -624,7 +638,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateInactive,
|
||||
@ -654,7 +668,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateActive,
|
||||
@ -684,7 +698,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "DELETE FROM projections.users13 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -713,7 +727,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"username",
|
||||
@ -745,7 +759,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"id@temporary.domain",
|
||||
@ -782,7 +796,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -791,7 +805,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedArgs: []interface{}{
|
||||
"first-name",
|
||||
"last-name",
|
||||
@ -831,7 +845,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -840,7 +854,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedArgs: []interface{}{
|
||||
"first-name",
|
||||
"last-name",
|
||||
@ -875,7 +889,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -884,7 +898,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.PhoneNumber("+41 00 000 00 00"),
|
||||
false,
|
||||
@ -893,7 +907,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
"agg-id",
|
||||
@ -923,7 +937,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -932,7 +946,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.PhoneNumber("+41 00 000 00 00"),
|
||||
false,
|
||||
@ -941,7 +955,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
"agg-id",
|
||||
@ -969,7 +983,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -978,7 +992,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@ -987,7 +1001,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@ -1016,7 +1030,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1025,7 +1039,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@ -1034,7 +1048,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@ -1063,7 +1077,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1072,7 +1086,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1080,7 +1094,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1107,7 +1121,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1116,7 +1130,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1124,7 +1138,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1153,7 +1167,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1162,7 +1176,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
false,
|
||||
@ -1171,7 +1185,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "email@zitadel.com", Valid: true},
|
||||
"agg-id",
|
||||
@ -1201,7 +1215,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1210,7 +1224,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
false,
|
||||
@ -1219,7 +1233,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "email@zitadel.com", Valid: true},
|
||||
"agg-id",
|
||||
@ -1247,7 +1261,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1256,7 +1270,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1264,7 +1278,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1291,7 +1305,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1300,7 +1314,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1308,7 +1322,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1337,7 +1351,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1346,7 +1360,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"users/agg-id/avatar",
|
||||
"agg-id",
|
||||
@ -1374,7 +1388,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1383,7 +1397,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
"agg-id",
|
||||
@ -1398,12 +1412,13 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanPasswordChanged",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanPasswordChangedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
"changeRequired": true
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanPasswordChangedEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanPasswordChanged,
|
||||
@ -1413,15 +1428,16 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (password_change_required, password_changed) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
&sql.NullTime{Time: testNow, Valid: true},
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1436,12 +1452,13 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
name: "reduceHumanPasswordChanged, false",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
timedTestEvent(
|
||||
user.HumanPasswordChangedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
"changeRequired": false
|
||||
}`),
|
||||
testNow,
|
||||
), user.HumanPasswordChangedEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceHumanPasswordChanged,
|
||||
@ -1451,15 +1468,16 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_humans SET (password_change_required, password_changed) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
false,
|
||||
&sql.NullTime{Time: testNow, Valid: true},
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@ -1490,7 +1508,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -1504,7 +1522,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1538,7 +1556,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@ -1552,7 +1570,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users13_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@ -1585,7 +1603,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1594,7 +1612,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
"machine-name",
|
||||
"description",
|
||||
@ -1625,7 +1643,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1634,7 +1652,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"machine-name",
|
||||
"agg-id",
|
||||
@ -1664,7 +1682,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1673,7 +1691,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"description",
|
||||
"agg-id",
|
||||
@ -1722,7 +1740,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1731,7 +1749,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"agg-id",
|
||||
@ -1761,7 +1779,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1770,7 +1788,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"agg-id",
|
||||
@ -1800,7 +1818,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1809,7 +1827,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"agg-id",
|
||||
@ -1837,7 +1855,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@ -1846,7 +1864,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
"agg-id",
|
||||
@ -1874,7 +1892,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedStmt: "DELETE FROM projections.users13 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"instance-id",
|
||||
"agg-id",
|
||||
@ -1901,7 +1919,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1)",
|
||||
expectedStmt: "DELETE FROM projections.users13 WHERE (instance_id = $1)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
},
|
||||
|
||||
@ -31,7 +31,7 @@ var (
|
||||
` projections.sessions8.user_resource_owner,` +
|
||||
` projections.sessions8.user_checked_at,` +
|
||||
` projections.login_names3.login_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.sessions8.password_checked_at,` +
|
||||
` projections.sessions8.intent_checked_at,` +
|
||||
` projections.sessions8.webauthn_checked_at,` +
|
||||
@ -48,8 +48,8 @@ var (
|
||||
` projections.sessions8.expiration` +
|
||||
` FROM projections.sessions8` +
|
||||
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.sessions8.user_id = projections.users13_humans.user_id AND projections.sessions8.instance_id = projections.users13_humans.instance_id` +
|
||||
` LEFT JOIN projections.users13 ON projections.sessions8.user_id = projections.users13.id AND projections.sessions8.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions8.id,` +
|
||||
` projections.sessions8.creation_date,` +
|
||||
@ -62,7 +62,7 @@ var (
|
||||
` projections.sessions8.user_resource_owner,` +
|
||||
` projections.sessions8.user_checked_at,` +
|
||||
` projections.login_names3.login_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.sessions8.password_checked_at,` +
|
||||
` projections.sessions8.intent_checked_at,` +
|
||||
` projections.sessions8.webauthn_checked_at,` +
|
||||
@ -75,8 +75,8 @@ var (
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.sessions8` +
|
||||
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.sessions8.user_id = projections.users13_humans.user_id AND projections.sessions8.instance_id = projections.users13_humans.instance_id` +
|
||||
` LEFT JOIN projections.users13 ON projections.sessions8.user_id = projections.users13.id AND projections.sessions8.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
|
||||
sessionCols = []string{
|
||||
|
||||
@ -53,6 +53,7 @@ type Human struct {
|
||||
Phone domain.PhoneNumber `json:"phone,omitempty"`
|
||||
IsPhoneVerified bool `json:"is_phone_verified,omitempty"`
|
||||
PasswordChangeRequired bool `json:"password_change_required,omitempty"`
|
||||
PasswordChanged time.Time `json:"password_changed,omitempty"`
|
||||
}
|
||||
|
||||
type Profile struct {
|
||||
@ -280,6 +281,10 @@ var (
|
||||
name: projection.HumanPasswordChangeRequired,
|
||||
table: humanTable,
|
||||
}
|
||||
HumanPasswordChangedCol = Column{
|
||||
name: projection.HumanPasswordChanged,
|
||||
table: humanTable,
|
||||
}
|
||||
)
|
||||
|
||||
var (
|
||||
@ -822,6 +827,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
phone := sql.NullString{}
|
||||
isPhoneVerified := sql.NullBool{}
|
||||
passwordChangeRequired := sql.NullBool{}
|
||||
passwordChanged := sql.NullTime{}
|
||||
|
||||
machineID := sql.NullString{}
|
||||
name := sql.NullString{}
|
||||
@ -853,6 +859,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
&phone,
|
||||
&isPhoneVerified,
|
||||
&passwordChangeRequired,
|
||||
&passwordChanged,
|
||||
&machineID,
|
||||
&name,
|
||||
&description,
|
||||
@ -884,6 +891,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
Phone: domain.PhoneNumber(phone.String),
|
||||
IsPhoneVerified: isPhoneVerified.Bool,
|
||||
PasswordChangeRequired: passwordChangeRequired.Bool,
|
||||
PasswordChanged: passwordChanged.Time,
|
||||
}
|
||||
} else if machineID.Valid {
|
||||
u.Machine = &Machine{
|
||||
@ -929,6 +937,7 @@ func prepareUserQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder
|
||||
HumanPhoneCol.identifier(),
|
||||
HumanIsPhoneVerifiedCol.identifier(),
|
||||
HumanPasswordChangeRequiredCol.identifier(),
|
||||
HumanPasswordChangedCol.identifier(),
|
||||
MachineUserIDCol.identifier(),
|
||||
MachineNameCol.identifier(),
|
||||
MachineDescriptionCol.identifier(),
|
||||
@ -1316,6 +1325,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
HumanPhoneCol.identifier(),
|
||||
HumanIsPhoneVerifiedCol.identifier(),
|
||||
HumanPasswordChangeRequiredCol.identifier(),
|
||||
HumanPasswordChangedCol.identifier(),
|
||||
MachineUserIDCol.identifier(),
|
||||
MachineNameCol.identifier(),
|
||||
MachineDescriptionCol.identifier(),
|
||||
@ -1355,6 +1365,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
phone := sql.NullString{}
|
||||
isPhoneVerified := sql.NullBool{}
|
||||
passwordChangeRequired := sql.NullBool{}
|
||||
passwordChanged := sql.NullTime{}
|
||||
|
||||
machineID := sql.NullString{}
|
||||
name := sql.NullString{}
|
||||
@ -1386,6 +1397,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
&phone,
|
||||
&isPhoneVerified,
|
||||
&passwordChangeRequired,
|
||||
&passwordChanged,
|
||||
&machineID,
|
||||
&name,
|
||||
&description,
|
||||
@ -1416,6 +1428,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
Phone: domain.PhoneNumber(phone.String),
|
||||
IsPhoneVerified: isPhoneVerified.Bool,
|
||||
PasswordChangeRequired: passwordChangeRequired.Bool,
|
||||
PasswordChanged: passwordChanged.Time,
|
||||
}
|
||||
} else if machineID.Valid {
|
||||
u.Machine = &Machine{
|
||||
|
||||
@ -40,29 +40,29 @@ var (
|
||||
"method_type",
|
||||
"count",
|
||||
}
|
||||
prepareActiveAuthMethodTypesStmt = `SELECT projections.users12_notifications.password_set,` +
|
||||
prepareActiveAuthMethodTypesStmt = `SELECT projections.users13_notifications.password_set,` +
|
||||
` auth_method_types.method_type,` +
|
||||
` user_idps_count.count` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_notifications ON projections.users13.id = projections.users13_notifications.user_id AND projections.users13.instance_id = projections.users13_notifications.instance_id` +
|
||||
` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` +
|
||||
` WHERE auth_method_types.state = $1) AS auth_method_types` +
|
||||
` ON auth_method_types.user_id = projections.users12.id AND auth_method_types.instance_id = projections.users12.instance_id` +
|
||||
` ON auth_method_types.user_id = projections.users13.id AND auth_method_types.instance_id = projections.users13.instance_id` +
|
||||
` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` +
|
||||
` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` +
|
||||
` ON user_idps_count.user_id = projections.users12.id AND user_idps_count.instance_id = projections.users12.instance_id` +
|
||||
` ON user_idps_count.user_id = projections.users13.id AND user_idps_count.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms`
|
||||
prepareActiveAuthMethodTypesCols = []string{
|
||||
"password_set",
|
||||
"method_type",
|
||||
"idps_count",
|
||||
}
|
||||
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users12.type,` +
|
||||
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users13.type,` +
|
||||
` auth_methods_force_mfa.force_mfa,` +
|
||||
` auth_methods_force_mfa.force_mfa_local_only` +
|
||||
` FROM projections.users12` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN (SELECT auth_methods_force_mfa.force_mfa, auth_methods_force_mfa.force_mfa_local_only, auth_methods_force_mfa.instance_id, auth_methods_force_mfa.aggregate_id, auth_methods_force_mfa.is_default FROM projections.login_policies5 AS auth_methods_force_mfa) AS auth_methods_force_mfa` +
|
||||
` ON (auth_methods_force_mfa.aggregate_id = projections.users12.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users12.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users12.instance_id` +
|
||||
` ON (auth_methods_force_mfa.aggregate_id = projections.users13.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users13.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users13.instance_id` +
|
||||
` ORDER BY auth_methods_force_mfa.is_default LIMIT 1
|
||||
`
|
||||
prepareAuthMethodTypesRequiredCols = []string{
|
||||
|
||||
@ -59,20 +59,21 @@ SELECT
|
||||
, h.phone
|
||||
, h.is_phone_verified
|
||||
, h.password_change_required
|
||||
, h.password_changed
|
||||
, m.user_id
|
||||
, m.name
|
||||
, m.description
|
||||
, m.secret
|
||||
, m.access_token_type
|
||||
, count(*) OVER ()
|
||||
FROM projections.users12 u
|
||||
FROM projections.users13 u
|
||||
LEFT JOIN
|
||||
projections.users12_humans h
|
||||
projections.users13_humans h
|
||||
ON
|
||||
u.id = h.user_id
|
||||
AND u.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_machines m
|
||||
projections.users13_machines m
|
||||
ON
|
||||
u.id = m.user_id
|
||||
AND u.instance_id = m.instance_id
|
||||
|
||||
@ -74,6 +74,7 @@ SELECT
|
||||
, h.phone
|
||||
, h.is_phone_verified
|
||||
, h.password_change_required
|
||||
, h.password_changed
|
||||
, m.user_id
|
||||
, m.name
|
||||
, m.description
|
||||
@ -82,17 +83,17 @@ SELECT
|
||||
, count(*) OVER ()
|
||||
FROM found_users fu
|
||||
JOIN
|
||||
projections.users12 u
|
||||
projections.users13 u
|
||||
ON
|
||||
fu.id = u.id
|
||||
AND fu.instance_id = u.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_humans h
|
||||
projections.users13_humans h
|
||||
ON
|
||||
fu.id = h.user_id
|
||||
AND fu.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_machines m
|
||||
projections.users13_machines m
|
||||
ON
|
||||
fu.id = m.user_id
|
||||
AND fu.instance_id = m.instance_id
|
||||
|
||||
@ -23,14 +23,14 @@ var (
|
||||
", projections.user_grants5.roles" +
|
||||
", projections.user_grants5.state" +
|
||||
", projections.user_grants5.user_id" +
|
||||
", projections.users12.username" +
|
||||
", projections.users12.type" +
|
||||
", projections.users12.resource_owner" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users13.username" +
|
||||
", projections.users13.type" +
|
||||
", projections.users13.resource_owner" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.user_grants5.resource_owner" +
|
||||
", projections.orgs1.name" +
|
||||
@ -41,11 +41,11 @@ var (
|
||||
", granted_orgs.name" +
|
||||
", granted_orgs.primary_domain" +
|
||||
" FROM projections.user_grants5" +
|
||||
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
|
||||
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
|
||||
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
|
||||
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
||||
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
||||
` AS OF SYSTEM TIME '-1 ms' ` +
|
||||
" WHERE projections.login_names3.is_primary = $1")
|
||||
@ -85,14 +85,14 @@ var (
|
||||
", projections.user_grants5.roles" +
|
||||
", projections.user_grants5.state" +
|
||||
", projections.user_grants5.user_id" +
|
||||
", projections.users12.username" +
|
||||
", projections.users12.type" +
|
||||
", projections.users12.resource_owner" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users13.username" +
|
||||
", projections.users13.type" +
|
||||
", projections.users13.resource_owner" +
|
||||
", projections.users13_humans.first_name" +
|
||||
", projections.users13_humans.last_name" +
|
||||
", projections.users13_humans.email" +
|
||||
", projections.users13_humans.display_name" +
|
||||
", projections.users13_humans.avatar_key" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.user_grants5.resource_owner" +
|
||||
", projections.orgs1.name" +
|
||||
@ -104,11 +104,11 @@ var (
|
||||
", granted_orgs.primary_domain" +
|
||||
", COUNT(*) OVER ()" +
|
||||
" FROM projections.user_grants5" +
|
||||
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
|
||||
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
|
||||
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
|
||||
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
||||
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
||||
` AS OF SYSTEM TIME '-1 ms' ` +
|
||||
" WHERE projections.login_names3.is_primary = $1")
|
||||
|
||||
@ -62,14 +62,14 @@ SELECT
|
||||
, n.verified_phone
|
||||
, n.password_set
|
||||
, count(*) OVER ()
|
||||
FROM projections.users12 u
|
||||
FROM projections.users13 u
|
||||
LEFT JOIN
|
||||
projections.users12_humans h
|
||||
projections.users13_humans h
|
||||
ON
|
||||
u.id = h.user_id
|
||||
AND u.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_notifications n
|
||||
projections.users13_notifications n
|
||||
ON
|
||||
u.id = n.user_id
|
||||
AND u.instance_id = n.instance_id
|
||||
|
||||
@ -78,17 +78,17 @@ SELECT
|
||||
, count(*) OVER ()
|
||||
FROM found_users fu
|
||||
JOIN
|
||||
projections.users12 u
|
||||
projections.users13 u
|
||||
ON
|
||||
fu.id = u.id
|
||||
AND fu.instance_id = u.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_humans h
|
||||
projections.users13_humans h
|
||||
ON
|
||||
fu.id = h.user_id
|
||||
AND fu.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users12_notifications n
|
||||
projections.users13_notifications n
|
||||
ON
|
||||
fu.id = n.user_id
|
||||
AND fu.instance_id = n.instance_id
|
||||
|
||||
@ -147,44 +147,45 @@ var (
|
||||
preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` +
|
||||
` FROM projections.login_names3 AS preferred_login_name` +
|
||||
` WHERE preferred_login_name.is_primary = $1`
|
||||
userQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
userQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13.state,` +
|
||||
` projections.users13.type,` +
|
||||
` projections.users13.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified,` +
|
||||
` projections.users12_humans.password_change_required,` +
|
||||
` projections.users12_machines.user_id,` +
|
||||
` projections.users12_machines.name,` +
|
||||
` projections.users12_machines.description,` +
|
||||
` projections.users12_machines.secret,` +
|
||||
` projections.users12_machines.access_token_type,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.first_name,` +
|
||||
` projections.users13_humans.last_name,` +
|
||||
` projections.users13_humans.nick_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.users13_humans.preferred_language,` +
|
||||
` projections.users13_humans.gender,` +
|
||||
` projections.users13_humans.avatar_key,` +
|
||||
` projections.users13_humans.email,` +
|
||||
` projections.users13_humans.is_email_verified,` +
|
||||
` projections.users13_humans.phone,` +
|
||||
` projections.users13_humans.is_phone_verified,` +
|
||||
` projections.users13_humans.password_change_required,` +
|
||||
` projections.users13_humans.password_changed,` +
|
||||
` projections.users13_machines.user_id,` +
|
||||
` projections.users13_machines.name,` +
|
||||
` projections.users13_machines.description,` +
|
||||
` projections.users13_machines.secret,` +
|
||||
` projections.users13_machines.access_token_type,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` LEFT JOIN projections.users13_machines ON projections.users13.id = projections.users13_machines.user_id AND projections.users13.instance_id = projections.users13_machines.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
userCols = []string{
|
||||
"id",
|
||||
@ -211,6 +212,7 @@ var (
|
||||
"phone",
|
||||
"is_phone_verified",
|
||||
"password_change_required",
|
||||
"password_changed",
|
||||
// machine
|
||||
"user_id",
|
||||
"name",
|
||||
@ -219,21 +221,21 @@ var (
|
||||
"access_token_type",
|
||||
"count",
|
||||
}
|
||||
profileQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
profileQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.first_name,` +
|
||||
` projections.users13_humans.last_name,` +
|
||||
` projections.users13_humans.nick_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.users13_humans.preferred_language,` +
|
||||
` projections.users13_humans.gender,` +
|
||||
` projections.users13_humans.avatar_key` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
profileCols = []string{
|
||||
"id",
|
||||
@ -250,16 +252,16 @@ var (
|
||||
"gender",
|
||||
"avatar_key",
|
||||
}
|
||||
emailQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
emailQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.email,` +
|
||||
` projections.users13_humans.is_email_verified` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
emailCols = []string{
|
||||
"id",
|
||||
@ -271,16 +273,16 @@ var (
|
||||
"email",
|
||||
"is_email_verified",
|
||||
}
|
||||
phoneQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
phoneQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.phone,` +
|
||||
` projections.users13_humans.is_phone_verified` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
phoneCols = []string{
|
||||
"id",
|
||||
@ -292,14 +294,14 @@ var (
|
||||
"phone",
|
||||
"is_phone_verified",
|
||||
}
|
||||
userUniqueQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.username,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
userUniqueQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.state,` +
|
||||
` projections.users13.username,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.email,` +
|
||||
` projections.users13_humans.is_email_verified` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
userUniqueCols = []string{
|
||||
"id",
|
||||
@ -309,40 +311,40 @@ var (
|
||||
"email",
|
||||
"is_email_verified",
|
||||
}
|
||||
notifyUserQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
notifyUserQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13.state,` +
|
||||
` projections.users13.type,` +
|
||||
` projections.users13.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_notifications.user_id,` +
|
||||
` projections.users12_notifications.last_email,` +
|
||||
` projections.users12_notifications.verified_email,` +
|
||||
` projections.users12_notifications.last_phone,` +
|
||||
` projections.users12_notifications.verified_phone,` +
|
||||
` projections.users12_notifications.password_set,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.first_name,` +
|
||||
` projections.users13_humans.last_name,` +
|
||||
` projections.users13_humans.nick_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.users13_humans.preferred_language,` +
|
||||
` projections.users13_humans.gender,` +
|
||||
` projections.users13_humans.avatar_key,` +
|
||||
` projections.users13_notifications.user_id,` +
|
||||
` projections.users13_notifications.last_email,` +
|
||||
` projections.users13_notifications.verified_email,` +
|
||||
` projections.users13_notifications.last_phone,` +
|
||||
` projections.users13_notifications.verified_phone,` +
|
||||
` projections.users13_notifications.password_set,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` LEFT JOIN projections.users13_notifications ON projections.users13.id = projections.users13_notifications.user_id AND projections.users13.instance_id = projections.users13_notifications.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
notifyUserCols = []string{
|
||||
"id",
|
||||
@ -373,44 +375,45 @@ var (
|
||||
"password_set",
|
||||
"count",
|
||||
}
|
||||
usersQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
usersQuery = `SELECT projections.users13.id,` +
|
||||
` projections.users13.creation_date,` +
|
||||
` projections.users13.change_date,` +
|
||||
` projections.users13.resource_owner,` +
|
||||
` projections.users13.sequence,` +
|
||||
` projections.users13.state,` +
|
||||
` projections.users13.type,` +
|
||||
` projections.users13.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified,` +
|
||||
` projections.users12_humans.password_change_required,` +
|
||||
` projections.users12_machines.user_id,` +
|
||||
` projections.users12_machines.name,` +
|
||||
` projections.users12_machines.description,` +
|
||||
` projections.users12_machines.secret,` +
|
||||
` projections.users12_machines.access_token_type,` +
|
||||
` projections.users13_humans.user_id,` +
|
||||
` projections.users13_humans.first_name,` +
|
||||
` projections.users13_humans.last_name,` +
|
||||
` projections.users13_humans.nick_name,` +
|
||||
` projections.users13_humans.display_name,` +
|
||||
` projections.users13_humans.preferred_language,` +
|
||||
` projections.users13_humans.gender,` +
|
||||
` projections.users13_humans.avatar_key,` +
|
||||
` projections.users13_humans.email,` +
|
||||
` projections.users13_humans.is_email_verified,` +
|
||||
` projections.users13_humans.phone,` +
|
||||
` projections.users13_humans.is_phone_verified,` +
|
||||
` projections.users13_humans.password_change_required,` +
|
||||
` projections.users13_humans.password_changed,` +
|
||||
` projections.users13_machines.user_id,` +
|
||||
` projections.users13_machines.name,` +
|
||||
` projections.users13_machines.description,` +
|
||||
` projections.users13_machines.secret,` +
|
||||
` projections.users13_machines.access_token_type,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
|
||||
` FROM projections.users13` +
|
||||
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
|
||||
` LEFT JOIN projections.users13_machines ON projections.users13.id = projections.users13_machines.user_id AND projections.users13.instance_id = projections.users13_machines.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
usersCols = []string{
|
||||
"id",
|
||||
@ -437,6 +440,7 @@ var (
|
||||
"phone",
|
||||
"is_phone_verified",
|
||||
"password_change_required",
|
||||
"password_changed",
|
||||
// machine
|
||||
"user_id",
|
||||
"name",
|
||||
@ -508,6 +512,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
"phone",
|
||||
true,
|
||||
true,
|
||||
testNow,
|
||||
// machine
|
||||
nil,
|
||||
nil,
|
||||
@ -542,6 +547,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
Phone: "phone",
|
||||
IsPhoneVerified: true,
|
||||
PasswordChangeRequired: true,
|
||||
PasswordChanged: testNow,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -577,6 +583,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
// machine
|
||||
"id",
|
||||
"name",
|
||||
@ -638,6 +645,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
// machine
|
||||
"id",
|
||||
"name",
|
||||
@ -1226,6 +1234,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
"phone",
|
||||
true,
|
||||
true,
|
||||
testNow,
|
||||
// machine
|
||||
nil,
|
||||
nil,
|
||||
@ -1265,6 +1274,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
Phone: "phone",
|
||||
IsPhoneVerified: true,
|
||||
PasswordChangeRequired: true,
|
||||
PasswordChanged: testNow,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -1303,6 +1313,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
"phone",
|
||||
true,
|
||||
true,
|
||||
testNow,
|
||||
// machine
|
||||
nil,
|
||||
nil,
|
||||
@ -1335,6 +1346,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
nil,
|
||||
// machine
|
||||
"id",
|
||||
"name",
|
||||
@ -1374,6 +1386,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
Phone: "phone",
|
||||
IsPhoneVerified: true,
|
||||
PasswordChangeRequired: true,
|
||||
PasswordChanged: testNow,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
with usr as (
|
||||
select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name
|
||||
from projections.users12 u
|
||||
from projections.users13 u
|
||||
left join projections.login_names3 n on u.id = n.user_id and u.instance_id = n.instance_id
|
||||
where u.id = $1
|
||||
and u.instance_id = $2
|
||||
@ -9,7 +9,7 @@ with usr as (
|
||||
human as (
|
||||
select $1 as user_id, row_to_json(r) as human from (
|
||||
select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified
|
||||
from projections.users12_humans
|
||||
from projections.users13_humans
|
||||
where user_id = $1
|
||||
and instance_id = $2
|
||||
) r
|
||||
@ -17,7 +17,7 @@ human as (
|
||||
machine as (
|
||||
select $1 as user_id, row_to_json(r) as machine from (
|
||||
select name, description
|
||||
from projections.users12_machines
|
||||
from projections.users13_machines
|
||||
where user_id = $1
|
||||
and instance_id = $2
|
||||
) r
|
||||
|
||||
@ -73,15 +73,15 @@ SELECT
|
||||
, u.instance_id
|
||||
, (SELECT EXISTS (SELECT true FROM verified_auth_methods WHERE method_type = 6)) AS otp_sms_added
|
||||
, (SELECT EXISTS (SELECT true FROM verified_auth_methods WHERE method_type = 7)) AS otp_email_added
|
||||
FROM projections.users12 u
|
||||
LEFT JOIN projections.users12_humans h
|
||||
FROM projections.users13 u
|
||||
LEFT JOIN projections.users13_humans h
|
||||
ON u.instance_id = h.instance_id
|
||||
AND u.id = h.user_id
|
||||
LEFT JOIN projections.login_names3 l
|
||||
ON u.instance_id = l.instance_id
|
||||
AND u.id = l.user_id
|
||||
AND l.is_primary = true
|
||||
LEFT JOIN projections.users12_machines m
|
||||
LEFT JOIN projections.users13_machines m
|
||||
ON u.instance_id = m.instance_id
|
||||
AND u.id = m.user_id
|
||||
LEFT JOIN auth.users3 au
|
||||
|
||||
@ -19,8 +19,8 @@ SELECT s.creation_date,
|
||||
s.sequence,
|
||||
s.instance_id
|
||||
FROM auth.user_sessions s
|
||||
LEFT JOIN projections.users12 u ON s.user_id = u.id AND s.instance_id = u.instance_id
|
||||
LEFT JOIN projections.users12_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
|
||||
LEFT JOIN projections.users13 u ON s.user_id = u.id AND s.instance_id = u.instance_id
|
||||
LEFT JOIN projections.users13_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
|
||||
LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
|
||||
WHERE (s.user_agent_id = $1)
|
||||
AND (s.user_id = $2)
|
||||
|
||||
@ -19,8 +19,8 @@ SELECT s.creation_date,
|
||||
s.sequence,
|
||||
s.instance_id
|
||||
FROM auth.user_sessions s
|
||||
LEFT JOIN projections.users12 u ON s.user_id = u.id AND s.instance_id = u.instance_id
|
||||
LEFT JOIN projections.users12_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
|
||||
LEFT JOIN projections.users13 u ON s.user_id = u.id AND s.instance_id = u.instance_id
|
||||
LEFT JOIN projections.users13_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
|
||||
LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
|
||||
WHERE (s.user_agent_id = $1)
|
||||
AND (s.instance_id = $2)
|
||||
|
||||
@ -2655,7 +2655,7 @@ service AdminService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Get Password Age Settings";
|
||||
description: "Not implemented"
|
||||
description: "Returns the password age settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
responses: {
|
||||
key: "200";
|
||||
value: {
|
||||
@ -2679,7 +2679,7 @@ service AdminService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Update Password Age Settings";
|
||||
description: "Not implemented"
|
||||
description: "Updates the default password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
responses: {
|
||||
key: "200";
|
||||
value: {
|
||||
@ -6736,18 +6736,10 @@ message GetPasswordAgePolicyResponse {
|
||||
}
|
||||
|
||||
message UpdatePasswordAgePolicyRequest {
|
||||
uint32 max_age_days = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Maximum days since last password change"
|
||||
example: "\"365\""
|
||||
}
|
||||
];
|
||||
uint32 expire_warn_days = 2 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Days before the password expiry the user gets notified to change the password"
|
||||
example: "\"10\""
|
||||
}
|
||||
];
|
||||
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
|
||||
uint32 max_age_days = 1;
|
||||
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
|
||||
uint32 expire_warn_days = 2;
|
||||
}
|
||||
|
||||
message UpdatePasswordAgePolicyResponse {
|
||||
|
||||
@ -4742,7 +4742,6 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// The password age policy is not used at the moment
|
||||
rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) {
|
||||
option (google.api.http) = {
|
||||
get: "/policies/password/age"
|
||||
@ -4756,7 +4755,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Get Password Age Settings";
|
||||
description: "Not implemented";
|
||||
description: "Returns the password age settings configured on the organization. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -4768,7 +4767,6 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// The password age policy is not used at the moment
|
||||
rpc GetDefaultPasswordAgePolicy(GetDefaultPasswordAgePolicyRequest) returns (GetDefaultPasswordAgePolicyResponse) {
|
||||
option (google.api.http) = {
|
||||
get: "/policies/default/password/age"
|
||||
@ -4782,7 +4780,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Get Default Password Age Settings";
|
||||
description: "Not implemented";
|
||||
description: "Returns the default password age settings configured on the instance. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -4794,7 +4792,6 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// The password age policy is not used at the moment
|
||||
rpc AddCustomPasswordAgePolicy(AddCustomPasswordAgePolicyRequest) returns (AddCustomPasswordAgePolicyResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/policies/password/age"
|
||||
@ -4809,7 +4806,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Add Password Age Settings";
|
||||
description: "Not implemented";
|
||||
description: "Create new password age settings for the organization. This will overwrite the settings of the instance for this organization. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -4821,7 +4818,6 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// The password age policy is not used at the moment
|
||||
rpc UpdateCustomPasswordAgePolicy(UpdateCustomPasswordAgePolicyRequest) returns (UpdateCustomPasswordAgePolicyResponse) {
|
||||
option (google.api.http) = {
|
||||
put: "/policies/password/age"
|
||||
@ -4836,7 +4832,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Update Password Age Settings";
|
||||
description: "Not implemented";
|
||||
description: "Update the password age settings of the organization. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -4848,7 +4844,6 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// The password age policy is not used at the moment
|
||||
rpc ResetPasswordAgePolicyToDefault(ResetPasswordAgePolicyToDefaultRequest) returns (ResetPasswordAgePolicyToDefaultResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/policies/password/age"
|
||||
@ -4862,7 +4857,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Password Settings";
|
||||
summary: "Reset Password Age Settings to Default";
|
||||
description: "Not implemented";
|
||||
description: "Remove the password age settings of the organization and therefore use the default settings on the instance.. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -10604,7 +10599,9 @@ message GetDefaultPasswordAgePolicyResponse {
|
||||
}
|
||||
|
||||
message AddCustomPasswordAgePolicyRequest {
|
||||
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
|
||||
uint32 max_age_days = 1;
|
||||
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
|
||||
uint32 expire_warn_days = 2;
|
||||
}
|
||||
|
||||
@ -10613,7 +10610,9 @@ message AddCustomPasswordAgePolicyResponse {
|
||||
}
|
||||
|
||||
message UpdateCustomPasswordAgePolicyRequest {
|
||||
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
|
||||
uint32 max_age_days = 1;
|
||||
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
|
||||
uint32 expire_warn_days = 2;
|
||||
}
|
||||
|
||||
|
||||
@ -310,23 +310,20 @@ message PasswordComplexityPolicy {
|
||||
|
||||
message PasswordAgePolicy {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
|
||||
uint64 max_age_days = 2 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Maximum days since last password change"
|
||||
example: "\"365\""
|
||||
}
|
||||
];
|
||||
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
|
||||
uint64 expire_warn_days = 3 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Days before the password expiry the user gets notified to change the password"
|
||||
example: "\"10\""
|
||||
}
|
||||
];
|
||||
bool is_default = 4 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "defines if the organization's admin changed the policy"
|
||||
}
|
||||
];
|
||||
// If true, the returned values represent the instance settings, e.g. by an organization without custom settings.
|
||||
bool is_default = 4;
|
||||
}
|
||||
|
||||
message LockoutPolicy {
|
||||
|
||||
@ -41,3 +41,20 @@ message PasswordComplexitySettings {
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
message PasswordExpirySettings {
|
||||
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
|
||||
uint64 max_age_days = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
example: "\"365\""
|
||||
}
|
||||
];
|
||||
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
|
||||
uint64 expire_warn_days = 2 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
example: "\"10\""
|
||||
}
|
||||
];
|
||||
// resource_owner_type returns if the settings is managed on the organization or on the instance
|
||||
ResourceOwnerType resource_owner_type = 3;
|
||||
}
|
||||
|
||||
@ -204,6 +204,30 @@ service SettingsService {
|
||||
};
|
||||
}
|
||||
|
||||
// Get the password expiry settings
|
||||
rpc GetPasswordExpirySettings (GetPasswordExpirySettingsRequest) returns (GetPasswordExpirySettingsResponse) {
|
||||
option (google.api.http) = {
|
||||
get: "/v2beta/settings/password/expiry"
|
||||
};
|
||||
|
||||
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
||||
auth_option: {
|
||||
permission: "policy.read"
|
||||
}
|
||||
};
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Get the password expiry settings";
|
||||
description: "Return the password expiry settings for the requested context"
|
||||
responses: {
|
||||
key: "200"
|
||||
value: {
|
||||
description: "OK";
|
||||
}
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
// Get the current active branding settings
|
||||
rpc GetBrandingSettings (GetBrandingSettingsRequest) returns (GetBrandingSettingsResponse) {
|
||||
option (google.api.http) = {
|
||||
@ -358,6 +382,15 @@ message GetPasswordComplexitySettingsResponse {
|
||||
zitadel.settings.v2beta.PasswordComplexitySettings settings = 2;
|
||||
}
|
||||
|
||||
message GetPasswordExpirySettingsRequest {
|
||||
zitadel.object.v2beta.RequestContext ctx = 1;
|
||||
}
|
||||
|
||||
message GetPasswordExpirySettingsResponse {
|
||||
zitadel.object.v2beta.Details details = 1;
|
||||
zitadel.settings.v2beta.PasswordExpirySettings settings = 2;
|
||||
}
|
||||
|
||||
message GetBrandingSettingsRequest {
|
||||
zitadel.object.v2beta.RequestContext ctx = 1;
|
||||
}
|
||||
|
||||
@ -272,6 +272,7 @@ message PasswordChangeScreenText {
|
||||
string new_password_confirm_label = 5 [(validate.rules).string = {max_len: 200}];
|
||||
string cancel_button_text = 6 [(validate.rules).string = {max_len: 100}];
|
||||
string next_button_text = 7 [(validate.rules).string = {max_len: 100}];
|
||||
string expired_description = 8 [(validate.rules).string = {max_len: 500}];
|
||||
}
|
||||
|
||||
message PasswordChangeDoneScreenText {
|
||||
|
||||
@ -65,6 +65,8 @@ message Human {
|
||||
Profile profile = 1;
|
||||
Email email = 2;
|
||||
Phone phone = 3;
|
||||
// The time the user last changed their password.
|
||||
google.protobuf.Timestamp password_changed = 4;
|
||||
}
|
||||
|
||||
message Machine {
|
||||
|
||||
@ -5,6 +5,7 @@ package zitadel.user.v2beta;
|
||||
option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2beta;user";
|
||||
|
||||
import "google/api/field_behavior.proto";
|
||||
import "google/protobuf/timestamp.proto";
|
||||
import "protoc-gen-openapiv2/options/annotations.proto";
|
||||
import "validate/validate.proto";
|
||||
import "zitadel/object/v2beta/object.proto";
|
||||
@ -172,6 +173,8 @@ message HumanUser {
|
||||
HumanPhone phone = 8;
|
||||
// User is required to change the used password on the next login.
|
||||
bool password_change_required = 9;
|
||||
// The time the user last changed their password.
|
||||
google.protobuf.Timestamp password_changed = 10;
|
||||
}
|
||||
|
||||
message User {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user