mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 05:17:33 +00:00
feat: policies on aggregates (#799)
* feat: move pw policy * feat: default pw complexity policy * fix: org password complexity policy * fix: org password complexity policy * fix: pw complexity policy with setup * fix: age and lockout policies on aggregates * fix: migration * fix: org iam policy * fix: org iam policy * fix: org iam policy * fix: tests * fix: policy request * fix: merge master * fix(console): policies frontend (#817) * fix policy build * fix: age, complexity, lockout policies * fix: ready return err of setup not done * fix: fix remove policies in spoolers * fix: fix remove policies in spoolers * feat(console): policy settings for iam and org (#824) * fix policy build * fix: age, complexity, lockout policies * fix pwd complexity * policy remove action * add imports * fix accounts card, enable mgmt login policy * lint * add iam policy to admin * toasts, i18n, show default * routing, i18n * reset policy, toast i18n, cleanup, routing * policy delete permission * lint style * delete iam policy * delete non project from grid list, i18n * lint ts, style * fix: remove instead delete * feat(console): delete external idp from user (#835) * dialog i18n, delete column and function * dialog i18n * fix rm button * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: revert env, rename policy, remove comments * fix: lowercase sich * fix: pr requests * Update internal/iam/repository/eventsourcing/eventstore_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: tests * fix: tests * fix(console): policies (#839) * fix: nil pointer on get userdata (#815) * fix: external login (#818) * fix: external login * fix: external login * feat(console): delete user (#819) * add action col to user table, i18n * delete user from detail component * lint * fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808) * fix: remove user.write guard for filtering * border color * fix user routing from member tables * idp detail layout * generic contact component * fix redirect to auth user, user grant disable * disable policy action without permission, i18n * user-create flex fix, contact ng-content * rm unused styles * sidenav divider * lint * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/mgechev/codelyzer/releases) - [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md) - [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular-devkit/build-angular in /console Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * create memberstable as common component * iam member cleanup * iam + org m table, user table service user avatar * toast config * fix selection emitter * fix project grant table width * project grant members refactor * theme optimizations * member table col delete * lint * fix table row color * refactor grey color * lint scss * org list redirect on click, fix user table undef * refresh table after grant add Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820) * i18n interceptor, set language to browser lang * nullcheck * rm external idp log * fix module imports, rm user displayname from i18n * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: delete external idps from users (#822) * fix(console): permission regex, account switcher null check, restrict app and member create access (#821) * fix member table disable, gerneal regexp * fix user session card, app disable * memberships max count * fix policy permissions * permission check for member add dialog * lint * rm accounts log * rm id regex * fix: handle usermemberships on project and project grant delete (#825) * fix: go handler Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix: tests * fix: not needed error handling Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch>
This commit is contained in:
Fabi
@@ -4,7 +4,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
policy_model "github.com/caos/zitadel/internal/policy/model"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"time"
|
||||
)
|
||||
|
||||
@@ -35,7 +35,7 @@ func (p *Password) IsValid() bool {
|
||||
return p.AggregateID != "" && p.SecretString != ""
|
||||
}
|
||||
|
||||
func (p *Password) HashPasswordIfExisting(policy *policy_model.PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
|
||||
func (p *Password) HashPasswordIfExisting(policy *iam_model.PasswordComplexityPolicyView, passwordAlg crypto.HashAlgorithm, onetime bool) error {
|
||||
if p.SecretString == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"strings"
|
||||
|
||||
caos_errors "github.com/caos/zitadel/internal/errors"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
"github.com/golang/protobuf/ptypes/timestamp"
|
||||
)
|
||||
|
||||
@@ -30,7 +30,7 @@ const (
|
||||
UserStateInitial
|
||||
)
|
||||
|
||||
func (u *User) CheckOrgIAMPolicy(policy *org_model.OrgIAMPolicy) error {
|
||||
func (u *User) CheckOrgIAMPolicy(policy *iam_model.OrgIAMPolicyView) error {
|
||||
if policy == nil {
|
||||
return caos_errors.ThrowPreconditionFailed(nil, "MODEL-zSH7j", "Errors.Users.OrgIamPolicyNil")
|
||||
}
|
||||
@@ -89,7 +89,7 @@ func (u *User) IsValid() bool {
|
||||
return u.Machine.IsValid()
|
||||
}
|
||||
|
||||
func (u *User) CheckOrgIamPolicy(policy *org_model.OrgIAMPolicy) error {
|
||||
func (u *User) CheckOrgIamPolicy(policy *iam_model.OrgIAMPolicy) error {
|
||||
if policy == nil {
|
||||
return caos_errors.ThrowPreconditionFailed(nil, "MODEL-zSH7j", "Errors.Users.OrgIamPolicyNil")
|
||||
}
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"time"
|
||||
|
||||
policy_model "github.com/caos/zitadel/internal/policy/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
)
|
||||
@@ -57,7 +56,7 @@ func (u *Human) IsOTPReady() bool {
|
||||
return u.OTP != nil && u.OTP.State == MfaStateReady
|
||||
}
|
||||
|
||||
func (u *Human) HashPasswordIfExisting(policy *policy_model.PasswordComplexityPolicy, passwordAlg crypto.HashAlgorithm, onetime bool) error {
|
||||
func (u *Human) HashPasswordIfExisting(policy *iam_model.PasswordComplexityPolicyView, passwordAlg crypto.HashAlgorithm, onetime bool) error {
|
||||
if u.Password != nil {
|
||||
return u.Password.HashPasswordIfExisting(policy, passwordAlg, onetime)
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package eventsourcing
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
@@ -10,9 +11,6 @@ import (
|
||||
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
policy_model "github.com/caos/zitadel/internal/policy/model"
|
||||
|
||||
"github.com/pquerna/otp/totp"
|
||||
|
||||
req_model "github.com/caos/zitadel/internal/auth_request/model"
|
||||
@@ -119,7 +117,7 @@ func (es *UserEventstore) UserEventsByID(ctx context.Context, id string, sequenc
|
||||
return es.FilterEvents(ctx, query)
|
||||
}
|
||||
|
||||
func (es *UserEventstore) prepareCreateMachine(ctx context.Context, user *usr_model.User, orgIamPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
func (es *UserEventstore) prepareCreateMachine(ctx context.Context, user *usr_model.User, orgIamPolicy *iam_model.OrgIAMPolicyView, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
machine := model.UserFromModel(user)
|
||||
|
||||
if !orgIamPolicy.UserLoginMustBeDomain {
|
||||
@@ -131,7 +129,7 @@ func (es *UserEventstore) prepareCreateMachine(ctx context.Context, user *usr_mo
|
||||
return machine, createAggregates, err
|
||||
}
|
||||
|
||||
func (es *UserEventstore) prepareCreateHuman(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
func (es *UserEventstore) prepareCreateHuman(ctx context.Context, user *usr_model.User, pwPolicy *iam_model.PasswordComplexityPolicyView, orgIAMPolicy *iam_model.OrgIAMPolicyView, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
err := user.CheckOrgIAMPolicy(orgIAMPolicy)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
@@ -163,7 +161,7 @@ func (es *UserEventstore) prepareCreateHuman(ctx context.Context, user *usr_mode
|
||||
return repoUser, createAggregates, err
|
||||
}
|
||||
|
||||
func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, pwPolicy *iam_model.PasswordComplexityPolicyView, orgIAMPolicy *iam_model.OrgIAMPolicyView, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
id, err := es.idGenerator.Next()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
@@ -178,7 +176,7 @@ func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model
|
||||
return nil, nil, errors.ThrowInvalidArgument(nil, "EVENT-Q29tp", "Errors.User.TypeUndefined")
|
||||
}
|
||||
|
||||
func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy) (*usr_model.User, error) {
|
||||
func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User, pwPolicy *iam_model.PasswordComplexityPolicyView, orgIAMPolicy *iam_model.OrgIAMPolicyView) (*usr_model.User, error) {
|
||||
repoUser, aggregates, err := es.PrepareCreateUser(ctx, user, pwPolicy, orgIAMPolicy, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -193,7 +191,7 @@ func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User,
|
||||
return model.UserToModel(repoUser), nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, externalIDP *usr_model.ExternalIDP, policy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, externalIDP *usr_model.ExternalIDP, policy *iam_model.PasswordComplexityPolicyView, orgIAMPolicy *iam_model.OrgIAMPolicyView, resourceOwner string) (*model.User, []*es_models.Aggregate, error) {
|
||||
if user.Human == nil {
|
||||
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "EVENT-ht8Ux", "Errors.User.Invalid")
|
||||
}
|
||||
@@ -235,7 +233,7 @@ func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_mod
|
||||
return repoUser, aggregates, err
|
||||
}
|
||||
|
||||
func (es *UserEventstore) RegisterUser(ctx context.Context, user *usr_model.User, pwPolicy *policy_model.PasswordComplexityPolicy, orgIAMPolicy *org_model.OrgIAMPolicy, resourceOwner string) (*usr_model.User, error) {
|
||||
func (es *UserEventstore) RegisterUser(ctx context.Context, user *usr_model.User, pwPolicy *iam_model.PasswordComplexityPolicyView, orgIAMPolicy *iam_model.OrgIAMPolicyView, resourceOwner string) (*usr_model.User, error) {
|
||||
repoUser, createAggregates, err := es.PrepareRegisterUser(ctx, user, nil, pwPolicy, orgIAMPolicy, resourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -326,7 +324,7 @@ func (es *UserEventstore) UnlockUser(ctx context.Context, id string) (*usr_model
|
||||
return model.UserToModel(repoUser), nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) PrepareRemoveUser(ctx context.Context, id string, orgIamPolicy *org_model.OrgIAMPolicy) (*model.User, []*es_models.Aggregate, error) {
|
||||
func (es *UserEventstore) PrepareRemoveUser(ctx context.Context, id string, orgIamPolicy *iam_model.OrgIAMPolicyView) (*model.User, []*es_models.Aggregate, error) {
|
||||
user, err := es.UserByID(ctx, id)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
@@ -340,7 +338,7 @@ func (es *UserEventstore) PrepareRemoveUser(ctx context.Context, id string, orgI
|
||||
return repoUser, aggregate, nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) RemoveUser(ctx context.Context, id string, orgIamPolicy *org_model.OrgIAMPolicy) error {
|
||||
func (es *UserEventstore) RemoveUser(ctx context.Context, id string, orgIamPolicy *iam_model.OrgIAMPolicyView) error {
|
||||
repoUser, aggregate, err := es.PrepareRemoveUser(ctx, id, orgIamPolicy)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -475,7 +473,7 @@ func (es *UserEventstore) InitCodeSent(ctx context.Context, userID string) error
|
||||
return nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) VerifyInitCode(ctx context.Context, policy *policy_model.PasswordComplexityPolicy, userID, verificationCode, password string) error {
|
||||
func (es *UserEventstore) VerifyInitCode(ctx context.Context, policy *iam_model.PasswordComplexityPolicyView, userID, verificationCode, password string) error {
|
||||
if userID == "" {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-lo9fd", "Errors.User.UserIDMissing")
|
||||
}
|
||||
@@ -588,7 +586,7 @@ func (es *UserEventstore) setPasswordCheckResult(ctx context.Context, user *usr_
|
||||
return nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) SetOneTimePassword(ctx context.Context, policy *policy_model.PasswordComplexityPolicy, password *usr_model.Password) (*usr_model.Password, error) {
|
||||
func (es *UserEventstore) SetOneTimePassword(ctx context.Context, policy *iam_model.PasswordComplexityPolicyView, password *usr_model.Password) (*usr_model.Password, error) {
|
||||
user, err := es.UserByID(ctx, password.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -599,7 +597,7 @@ func (es *UserEventstore) SetOneTimePassword(ctx context.Context, policy *policy
|
||||
return es.changedPassword(ctx, user, policy, password.SecretString, true)
|
||||
}
|
||||
|
||||
func (es *UserEventstore) SetPassword(ctx context.Context, policy *policy_model.PasswordComplexityPolicy, userID, code, password string) error {
|
||||
func (es *UserEventstore) SetPassword(ctx context.Context, policy *iam_model.PasswordComplexityPolicyView, userID, code, password string) error {
|
||||
user, err := es.UserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -658,7 +656,7 @@ func (es *UserEventstore) ChangeMachine(ctx context.Context, machine *usr_model.
|
||||
return model.MachineToModel(repoUser.Machine), nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) ChangePassword(ctx context.Context, policy *policy_model.PasswordComplexityPolicy, userID, old, new string) (*usr_model.Password, error) {
|
||||
func (es *UserEventstore) ChangePassword(ctx context.Context, policy *iam_model.PasswordComplexityPolicyView, userID, old, new string) (*usr_model.Password, error) {
|
||||
user, err := es.UserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -675,7 +673,7 @@ func (es *UserEventstore) ChangePassword(ctx context.Context, policy *policy_mod
|
||||
return es.changedPassword(ctx, user, policy, new, false)
|
||||
}
|
||||
|
||||
func (es *UserEventstore) changedPassword(ctx context.Context, user *usr_model.User, policy *policy_model.PasswordComplexityPolicy, password string, onetime bool) (*usr_model.Password, error) {
|
||||
func (es *UserEventstore) changedPassword(ctx context.Context, user *usr_model.User, policy *iam_model.PasswordComplexityPolicyView, password string, onetime bool) (*usr_model.Password, error) {
|
||||
pw := &usr_model.Password{SecretString: password}
|
||||
err := pw.HashPasswordIfExisting(policy, es.PasswordAlg, onetime)
|
||||
if err != nil {
|
||||
@@ -1429,7 +1427,7 @@ func (es *UserEventstore) DomainClaimedSent(ctx context.Context, userID string)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (es *UserEventstore) ChangeUsername(ctx context.Context, userID, username string, orgIamPolicy *org_model.OrgIAMPolicy) error {
|
||||
func (es *UserEventstore) ChangeUsername(ctx context.Context, userID, username string, orgIamPolicy *iam_model.OrgIAMPolicyView) error {
|
||||
user, err := es.UserByID(ctx, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -3,6 +3,7 @@ package eventsourcing
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"net"
|
||||
"testing"
|
||||
"time"
|
||||
@@ -14,8 +15,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
policy_model "github.com/caos/zitadel/internal/policy/model"
|
||||
"github.com/caos/zitadel/internal/user/model"
|
||||
repo_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
)
|
||||
@@ -95,8 +94,8 @@ func TestCreateUser(t *testing.T) {
|
||||
es *UserEventstore
|
||||
ctx context.Context
|
||||
user *model.User
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
orgPolicy *org_model.OrgIAMPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
orgPolicy *iam_model.OrgIAMPolicyView
|
||||
}
|
||||
type res struct {
|
||||
user *model.User
|
||||
@@ -133,8 +132,8 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{
|
||||
@@ -176,8 +175,8 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: false},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{UserLoginMustBeDomain: false},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -226,8 +225,8 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -275,8 +274,8 @@ func TestCreateUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
|
||||
@@ -301,8 +300,8 @@ func TestCreateUser(t *testing.T) {
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Human: &model.Human{}},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -314,7 +313,7 @@ func TestCreateUser(t *testing.T) {
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Human: &model.Human{}},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -326,7 +325,7 @@ func TestCreateUser(t *testing.T) {
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Human: &model.Human{}},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -367,8 +366,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
ctx context.Context
|
||||
user *model.User
|
||||
resourceOwner string
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
orgPolicy *org_model.OrgIAMPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
orgPolicy *iam_model.OrgIAMPolicyView
|
||||
}
|
||||
type res struct {
|
||||
user *model.User
|
||||
@@ -406,8 +405,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: true},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{UserLoginMustBeDomain: true},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -450,8 +449,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{UserLoginMustBeDomain: false},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{UserLoginMustBeDomain: false},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -476,8 +475,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1}, Human: &model.Human{}},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -502,8 +501,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
resourceOwner: "ResourceOwner",
|
||||
},
|
||||
res: res{
|
||||
@@ -528,8 +527,8 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -553,7 +552,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
orgPolicy: &org_model.OrgIAMPolicy{},
|
||||
orgPolicy: &iam_model.OrgIAMPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -577,7 +576,7 @@ func TestRegisterUser(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
},
|
||||
res: res{
|
||||
errFunc: caos_errs.IsPreconditionFailed,
|
||||
@@ -1078,7 +1077,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
type args struct {
|
||||
es *UserEventstore
|
||||
ctx context.Context
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
userID string
|
||||
verifyCode string
|
||||
password string
|
||||
@@ -1105,7 +1104,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
verifyCode: "code",
|
||||
userID: "userID",
|
||||
},
|
||||
@@ -1125,7 +1124,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
verifyCode: "code",
|
||||
password: "password",
|
||||
@@ -1145,7 +1144,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
verifyCode: "code",
|
||||
password: "password",
|
||||
@@ -1156,7 +1155,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "",
|
||||
verifyCode: "code",
|
||||
password: "password",
|
||||
@@ -1170,7 +1169,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{HasNumber: true},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{HasNumber: true},
|
||||
userID: "userID",
|
||||
verifyCode: "code",
|
||||
password: "password",
|
||||
@@ -1184,7 +1183,7 @@ func TestInitCodeVerify(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUserNoEventsWithPw(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
password: "password",
|
||||
verifyCode: "code",
|
||||
@@ -1352,7 +1351,7 @@ func TestSetOneTimePassword(t *testing.T) {
|
||||
type args struct {
|
||||
es *UserEventstore
|
||||
ctx context.Context
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
password *model.Password
|
||||
}
|
||||
type res struct {
|
||||
@@ -1369,7 +1368,7 @@ func TestSetOneTimePassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUserWithPasswordCodeGen(ctrl, repo_model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Human: &repo_model.Human{}}),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SecretString: "Password"},
|
||||
},
|
||||
res: res{
|
||||
@@ -1381,7 +1380,7 @@ func TestSetOneTimePassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: ""}, SecretString: "Password"},
|
||||
},
|
||||
res: res{
|
||||
@@ -1393,7 +1392,7 @@ func TestSetOneTimePassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUserNoEvents(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SecretString: "Password"},
|
||||
},
|
||||
res: res{
|
||||
@@ -1557,7 +1556,7 @@ func TestSetPassword(t *testing.T) {
|
||||
type args struct {
|
||||
es *UserEventstore
|
||||
ctx context.Context
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
userID string
|
||||
code string
|
||||
password string
|
||||
@@ -1587,7 +1586,7 @@ func TestSetPassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
code: "code",
|
||||
password: "password",
|
||||
@@ -1599,7 +1598,7 @@ func TestSetPassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "",
|
||||
code: "code",
|
||||
password: "password",
|
||||
@@ -1613,7 +1612,7 @@ func TestSetPassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUserNoEvents(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
code: "code",
|
||||
password: "password",
|
||||
@@ -1632,7 +1631,7 @@ func TestSetPassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
code: "code",
|
||||
password: "password",
|
||||
@@ -1658,7 +1657,7 @@ func TestSetPassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
code: "code",
|
||||
password: "password",
|
||||
@@ -1687,7 +1686,7 @@ func TestChangePassword(t *testing.T) {
|
||||
type args struct {
|
||||
es *UserEventstore
|
||||
ctx context.Context
|
||||
policy *policy_model.PasswordComplexityPolicy
|
||||
policy *iam_model.PasswordComplexityPolicyView
|
||||
userID string
|
||||
old string
|
||||
new string
|
||||
@@ -1717,7 +1716,7 @@ func TestChangePassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
old: "old",
|
||||
new: "new",
|
||||
@@ -1731,7 +1730,7 @@ func TestChangePassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUser(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "",
|
||||
old: "old",
|
||||
new: "new",
|
||||
@@ -1745,7 +1744,7 @@ func TestChangePassword(t *testing.T) {
|
||||
args: args{
|
||||
es: GetMockManipulateUserNoEvents(ctrl),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
old: "old",
|
||||
new: "new",
|
||||
@@ -1764,7 +1763,7 @@ func TestChangePassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
old: "old",
|
||||
new: "new",
|
||||
@@ -1789,7 +1788,7 @@ func TestChangePassword(t *testing.T) {
|
||||
},
|
||||
),
|
||||
ctx: authz.NewMockContext("orgID", "userID"),
|
||||
policy: &policy_model.PasswordComplexityPolicy{},
|
||||
policy: &iam_model.PasswordComplexityPolicyView{},
|
||||
userID: "userID",
|
||||
old: "old",
|
||||
new: "new",
|
||||
|
||||
@@ -2,6 +2,7 @@ package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
@@ -95,7 +96,7 @@ func (u *NotifyUser) GenerateLoginName(domain string, appendDomain bool) string
|
||||
return u.UserName + "@" + domain
|
||||
}
|
||||
|
||||
func (u *NotifyUser) SetLoginNames(policy *org_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
func (u *NotifyUser) SetLoginNames(policy *iam_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
loginNames := make([]string, 0)
|
||||
for _, d := range domains {
|
||||
if d.Verified {
|
||||
|
||||
@@ -2,6 +2,7 @@ package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"time"
|
||||
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
@@ -169,7 +170,7 @@ func (u *UserView) GenerateLoginName(domain string, appendDomain bool) string {
|
||||
return u.UserName + "@" + domain
|
||||
}
|
||||
|
||||
func (u *UserView) SetLoginNames(policy *org_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
func (u *UserView) SetLoginNames(policy *iam_model.OrgIAMPolicy, domains []*org_model.OrgDomain) {
|
||||
loginNames := make([]string, 0)
|
||||
for _, d := range domains {
|
||||
if d.Verified {
|
||||
|
||||
Reference in New Issue
Block a user