TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 10:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: policies on aggregates (#799)

Browse Source 
* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
This commit is contained in:
Fabi
2020-10-15 10:27:13 +02:00
committed by GitHub
parent adb24a52fc
commit fbb30840f1
248 changed files with 23960 additions and 13843 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
cmd/zitadel/setup.yaml
View File

@@ -73,8 +73,21 @@ SetUp:
DevMode: $ZITADEL_CONSOLE_DEV_MODE
Owners:
- 'zitadel-admin@caos.ch'
#TODO: label policy
# Step2:
# DefaulLabelPolicy:
# PrimaryColor: green
# SecondaryColor: red
Step2:
DefaultPasswordComplexityPolicy:
MinLength: 8
HasLowercase: true
HasUppercase: true
HasSymbol: true
HasNumber: true
Step3:
DefaultPasswordAgePolicy:
MaxAgeDays: 0
ExpireWarnDays: 0
Step4:
DefaultPasswordLockoutPolicy:
MaxAttempts: 5
ShowLockOutFailures: false
Step5:
DefaultOrgIAMPolicy:
UserLoginMustBeDomain: true

19
cmd/zitadel/system-defaults.yaml
View File

@@ -56,25 +56,6 @@ SystemDefaults:
MfaInitSkip: 720h #30d
MfaSoftwareCheck: 18h
MfaHardwareCheck: 12h
DefaultPolicies:
Age:
Description: Standard age policy
MaxAgeDays: 365
ExpireWarnDays: 10
Complexity:
Description: Standard complexity policy
MinLength: 8
HasLowercase: true
HasUppercase: false
HasNumber: true
HasSymbol: true
Lockout:
Description: Standard lockout policy
MaxAttempts: 5
ShowLockOutFailures: true
OrgIam:
Description: Standard org policy
UserLoginMustBeDomain: true
IamID: 'IAM'
DomainVerification:
VerificationKey:

2
console/src/app/modules/accounts-card/accounts-card.component.scss
View File

@@ -42,6 +42,8 @@
flex-direction: column;
width: 100%;
padding: .5rem 0;
max-height: 310px;
overflow-y: auto;
border-top: 1px solid rgba(#8795a1, .3);
border-bottom: 1px solid rgba(#8795a1, .3);

3
console/src/app/modules/detail-layout/detail-layout.component.scss
View File

@@ -40,7 +40,8 @@
margin-bottom: 2rem;
h1 {
font-size: 1.2rem;
font-size: 1.5rem;
margin-top: 10px;
}
.desc {

3
console/src/app/modules/idp-table/idp-table.component.html
View File

@@ -16,8 +16,7 @@
*ngIf="selection.hasValue() && serviceType!=PolicyComponentServiceType.MGMT" [disabled]="disabled">
<i class="las la-trash"></i>
</button>
<a [routerLink]="createRouterLink" color="primary" mat-raised-button [disabled]="disabled"
*ngIf="serviceType!=PolicyComponentServiceType.MGMT">
<a [routerLink]="createRouterLink" color="primary" mat-raised-button [disabled]="disabled">
<mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
</a>
</ng-template>

32
console/src/app/modules/policies/login-policy/login-policy.component.html
View File

@@ -1,62 +1,64 @@
<app-detail-layout [backRouterLink]="backroutes" [title]="'ORG.POLICY.LOGIN_POLICY.TITLECREATE' | translate"
<app-detail-layout [backRouterLink]="[ serviceType === PolicyComponentServiceType.ADMIN ? '/iam' : '/org']"
[title]="'ORG.POLICY.LOGIN_POLICY.TITLECREATE' | translate"
[description]="(serviceType==PolicyComponentServiceType.MGMT ? 'ORG.POLICY.LOGIN_POLICY.DESCRIPTIONCREATEMGMT' : PolicyComponentServiceType.ADMIN ? 'ORG.POLICY.LOGIN_POLICY.DESCRIPTIONCREATEADMIN' : '') | translate">
<!--<ng-container *ngIf="(['policy.delete'] | hasRole | async) && serviceType == PolicyComponentServiceType.MGMT">
<button matTooltip="{{'ORG.POLICY.DELETE' | translate}}" color="warn" (click)="deletePolicy()"
<ng-template appHasRole
[appHasRole]="[serviceType === PolicyComponentServiceType.ADMIN ? 'iam.policy.delete' : 'org.policy.delete']">
<button matTooltip="{{'ORG.POLICY.RESET' | translate}}" color="warn" (click)="removePolicy()"
mat-stroked-button>
{{'ORG.POLICY.DELETE' | translate}}
{{'ORG.POLICY.RESET' | translate}}
</button>
</ng-container>-->
</ng-template>
<div class="content" *ngIf="loginData">
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.ALLOWUSERNAMEPASSWORD' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl
[(ngModel)]="loginData.allowUsernamePassword" [disabled]="serviceType==PolicyComponentServiceType.MGMT">
[(ngModel)]="loginData.allowUsernamePassword">
</mat-slide-toggle>
</div>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.ALLOWREGISTER' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl [(ngModel)]="loginData.allowRegister"
[disabled]="serviceType==PolicyComponentServiceType.MGMT">
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl [(ngModel)]="loginData.allowRegister">
</mat-slide-toggle>
</div>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.ALLOWEXTERNALIDP' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl
[disabled]="serviceType==PolicyComponentServiceType.MGMT" [(ngModel)]="loginData.allowExternalIdp">
[(ngModel)]="loginData.allowExternalIdp">
</mat-slide-toggle>
</div>
</div>
<p class="subheader">{{'LOGINPOLICY.IDPS' | translate}}</p>
<h3 class="subheader">{{'LOGINPOLICY.IDPS' | translate}}</h3>
<div class="idps">
<div class="idp" *ngFor="let idp of idps">
<mat-icon *ngIf="serviceType!=PolicyComponentServiceType.MGMT" (click)="removeIdp(idp)" class="rm">
<mat-icon (click)="removeIdp(idp)" class="rm">
remove_circle</mat-icon>
<span>{{idp.name}}</span>
<span class="meta">{{ 'IDP.TYPE' | translate }}: {{ 'IDP.TYPES.'+idp.type | translate }}</span>
<span class="meta">{{ 'IDP.ID' | translate }}: {{idp.idpConfigId}}</span>
</div>
<div *ngIf="serviceType!=PolicyComponentServiceType.MGMT" class="new-idp" (click)="openDialog()">
<div class="new-idp" (click)="openDialog()">
<mat-icon>add</mat-icon>
</div>
</div>
<div class="btn-container">
<button (click)="savePolicy()" color="primary" type="submit"
[disabled]="serviceType==PolicyComponentServiceType.MGMT"
mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
</div>
<ng-template appHasRole [appHasRole]="['org.idp.read']">
<app-card title="{{ 'IDP.LIST.TITLE' | translate }}" description="{{ 'IDP.LIST.DESCRIPTION' | translate }}">
<app-card class="idp-table-card" title="{{ 'IDP.LIST.TITLE' | translate }}"
description="{{ 'IDP.LIST.DESCRIPTION' | translate }}">
<app-idp-table [service]="service" [serviceType]="serviceType"
[disabled]="(['iam.idp.write$'] | hasRole | async) == false">
[disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.idp.write' : serviceType == PolicyComponentServiceType.MGMT ? 'org.idp.write' : ''] | hasRole | async) == false">
</app-idp-table>
</app-card>
</ng-template>

17
console/src/app/modules/policies/login-policy/login-policy.component.scss
View File

@@ -1,3 +1,8 @@
.default {
color: #5282c1;
margin-top: 0;
}
.content {
padding-top: 1rem;
display: flex;
@@ -7,21 +12,15 @@
.row {
display: flex;
align-items: center;
padding: .5rem 0;
padding: .3rem 0;
.left-desc {
color: var(--grey);
font-size: .9rem;
}
.fill-space {
flex: 1;
}
.length-wrapper {
display: flex;
align-items: center;
}
}
}
@@ -37,6 +36,10 @@
}
}
.idp-table-card {
width: 100%;
}
.subheader {
width: 100%;
}

47
console/src/app/modules/policies/login-policy/login-policy.component.ts
View File

@@ -1,7 +1,6 @@
import { Component, Injector, OnDestroy, Type } from '@angular/core';
import { MatDialog } from '@angular/material/dialog';
import { ActivatedRoute, Router } from '@angular/router';
import { Empty } from 'google-protobuf/google/protobuf/empty_pb';
import { ActivatedRoute } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import {
@@ -39,7 +38,6 @@ export class LoginPolicyComponent implements OnDestroy {
public idps: MgmtIdpProviderView.AsObject[] | AdminIdpProviderView.AsObject[] = [];
constructor(
private route: ActivatedRoute,
private router: Router,
private toast: ToastService,
private dialog: MatDialog,
private injector: Injector,
@@ -107,7 +105,11 @@ export class LoginPolicyComponent implements OnDestroy {
mgmtreq.setAllowExternalIdp(this.loginData.allowExternalIdp);
mgmtreq.setAllowRegister(this.loginData.allowRegister);
mgmtreq.setAllowUsernamePassword(this.loginData.allowUsernamePassword);
if ((this.loginData as LoginPolicyView.AsObject).pb_default) {
return (this.service as ManagementService).CreateLoginPolicy(mgmtreq);
} else {
return (this.service as ManagementService).UpdateLoginPolicy(mgmtreq);
}
case PolicyComponentServiceType.ADMIN:
const adminreq = new DefaultLoginPolicy();
adminreq.setAllowExternalIdp(this.loginData.allowExternalIdp);
@@ -119,25 +121,22 @@ export class LoginPolicyComponent implements OnDestroy {
public savePolicy(): void {
this.updateData().then(() => {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
this.router.navigate(['org']);
break;
case PolicyComponentServiceType.ADMIN:
this.router.navigate(['iam']);
break;
}
this.toast.showInfo('ORG.POLICY.LOGIN_POLICY.SAVED', true);
}).catch(error => {
this.toast.showError(error);
});
}
public deletePolicy(): Promise<Empty> {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return (this.service as ManagementService).RemoveLoginPolicy();
case PolicyComponentServiceType.ADMIN:
return (this.service as AdminService).GetDefaultLoginPolicy();
public removePolicy(): void {
if (this.serviceType === PolicyComponentServiceType.MGMT) {
(this.service as ManagementService).RemoveLoginPolicy().then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.RESETSUCCESS', true);
setTimeout(() => {
this.getData();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
}
@@ -179,15 +178,11 @@ export class LoginPolicyComponent implements OnDestroy {
}
}
public get backroutes(): string[] {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return ['/org'];
case PolicyComponentServiceType.ADMIN:
return ['/iam'];
break;
public get isDefault(): boolean {
if (this.loginData && this.serviceType === PolicyComponentServiceType.MGMT) {
return (this.loginData as LoginPolicyView.AsObject).pb_default;
} else {
return false;
}
return [];
}
}

20
console/src/app/modules/policies/org-iam-policy/org-iam-policy-routing.module.ts Normal file
View File

@@ -0,0 +1,20 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { OrgIamPolicyComponent } from './org-iam-policy.component';
const routes: Routes = [
{
path: '',
component: OrgIamPolicyComponent,
data: {
animation: 'DetailPage',
},
},
];
@NgModule({
imports: [RouterModule.forChild(routes)],
exports: [RouterModule],
})
export class OrgIamPolicyRoutingModule { }

27
console/src/app/modules/policies/org-iam-policy/org-iam-policy.component.html Normal file
View File

@@ -0,0 +1,27 @@
<app-detail-layout [backRouterLink]="[ serviceType === PolicyComponentServiceType.ADMIN ? '/iam' : '/org']"
[title]="'ORG.POLICY.IAM_POLICY.TITLECREATE' | translate"
[description]="'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate">
<p class="default" *ngIf="isDefault"> {{'ORG.POLICY.DEFAULTLABEL' | translate}}</p>
<ng-template appHasRole [appHasRole]="['iam.policy.delete']">
<button *ngIf="serviceType === PolicyComponentServiceType.MGMT" matTooltip="{{'ORG.POLICY.RESET' | translate}}"
color="warn" (click)="removePolicy()" mat-stroked-button>
{{'ORG.POLICY.RESET' | translate}}
</button>
</ng-template>
<div class="content" *ngIf="iamData">
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.USERLOGINMUSTBEDOMAIN' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl
[(ngModel)]="iamData.userLoginMustBeDomain">
</mat-slide-toggle>
</div>
</div>
<div class="btn-container">
<button (click)="savePolicy()" color="primary" type="submit"
mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
</div>
</app-detail-layout>

8
console/src/app/modules/policies/password-iam-policy/password-iam-policy.component.scss → console/src/app/modules/policies/org-iam-policy/org-iam-policy.component.scss
View File

@@ -1,3 +1,8 @@
.default {
color: #5282c1;
margin-top: 0;
}
.content {
padding-top: 1rem;
display: flex;
@@ -7,10 +12,9 @@
.row {
display: flex;
align-items: center;
padding: .5rem 0;
padding: .3rem 0;
.left-desc {
color: var(--grey);
font-size: .9rem;
}

12
console/src/app/modules/policies/password-iam-policy/password-iam-policy.component.spec.ts → console/src/app/modules/policies/org-iam-policy/org-iam-policy.component.spec.ts
View File

@@ -1,20 +1,20 @@
import { async, ComponentFixture, TestBed } from '@angular/core/testing';
import { PasswordIamPolicyComponent } from './password-iam-policy.component';
import { OrgIamPolicyComponent } from './org-iam-policy.component';
describe('PasswordIamPolicyComponent', () => {
let component: PasswordIamPolicyComponent;
let fixture: ComponentFixture<PasswordIamPolicyComponent>;
describe('OrgIamPolicyComponent', () => {
let component: OrgIamPolicyComponent;
let fixture: ComponentFixture<OrgIamPolicyComponent>;
beforeEach(async(() => {
TestBed.configureTestingModule({
declarations: [PasswordIamPolicyComponent],
declarations: [OrgIamPolicyComponent],
})
.compileComponents();
}));
beforeEach(() => {
fixture = TestBed.createComponent(PasswordIamPolicyComponent);
fixture = TestBed.createComponent(OrgIamPolicyComponent);
component = fixture.componentInstance;
fixture.detectChanges();
});

132
console/src/app/modules/policies/org-iam-policy/org-iam-policy.component.ts Normal file
View File

@@ -0,0 +1,132 @@
import { Component, Injector, Input, OnDestroy, Type } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import { OrgIamPolicyView as AdminOrgIamPolicyView } from 'src/app/proto/generated/admin_pb';
import { Org } from 'src/app/proto/generated/auth_pb';
import { OrgIamPolicyView as MgmtOrgIamPolicyView } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { StorageService } from 'src/app/services/storage.service';
import { ToastService } from 'src/app/services/toast.service';
import { PolicyComponentServiceType } from '../policy-component-types.enum';
@Component({
selector: 'app-org-iam-policy',
templateUrl: './org-iam-policy.component.html',
styleUrls: ['./org-iam-policy.component.scss'],
})
export class OrgIamPolicyComponent implements OnDestroy {
@Input() service!: AdminService;
private managementService!: ManagementService;
public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT;
public iamData!: AdminOrgIamPolicyView.AsObject | MgmtOrgIamPolicyView.AsObject;
private sub: Subscription = new Subscription();
private org!: Org.AsObject;
public PolicyComponentServiceType: any = PolicyComponentServiceType;
constructor(
private route: ActivatedRoute,
private toast: ToastService,
private sessionStorage: StorageService,
private injector: Injector,
private adminService: AdminService,
) {
const temporg = this.sessionStorage.getItem('organization') as Org.AsObject;
if (temporg) {
this.org = temporg;
}
this.sub = this.route.data.pipe(switchMap(data => {
this.serviceType = data.serviceType;
if (this.serviceType === PolicyComponentServiceType.MGMT) {
this.managementService = this.injector.get(ManagementService as Type<ManagementService>);
}
return this.route.params;
})).subscribe(_ => {
this.getData().then(data => {
if (data) {
this.iamData = data.toObject();
}
});
});
}
public ngOnDestroy(): void {
this.sub.unsubscribe();
}
private async getData(): Promise<AdminOrgIamPolicyView | MgmtOrgIamPolicyView | undefined> {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return this.managementService.GetMyOrgIamPolicy();
case PolicyComponentServiceType.ADMIN:
if (this.org?.id) {
return this.adminService.GetOrgIamPolicy(this.org.id);
}
break;
}
}
public savePolicy(): void {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
if ((this.iamData as MgmtOrgIamPolicyView.AsObject).pb_default) {
this.adminService.CreateOrgIamPolicy(
this.org.id,
this.iamData.userLoginMustBeDomain,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
break;
} else {
this.adminService.UpdateOrgIamPolicy(
this.org.id,
this.iamData.userLoginMustBeDomain,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
break;
}
case PolicyComponentServiceType.ADMIN:
// update Default org iam policy?
this.adminService.UpdateOrgIamPolicy(
this.org.id,
this.iamData.userLoginMustBeDomain,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
break;
}
}
public removePolicy(): void {
if (this.serviceType === PolicyComponentServiceType.MGMT) {
this.adminService.RemoveOrgIamPolicy(this.org.id).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.RESETSUCCESS', true);
setTimeout(() => {
this.getData();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
}
public get isDefault(): boolean {
if (this.iamData && this.serviceType === PolicyComponentServiceType.MGMT) {
return (this.iamData as MgmtOrgIamPolicyView.AsObject).pb_default;
} else {
return false;
}
}
}

10
console/src/app/modules/policies/password-iam-policy/password-iam-policy.module.ts → console/src/app/modules/policies/org-iam-policy/org-iam-policy.module.ts
View File

@@ -11,13 +11,13 @@ import { TranslateModule } from '@ngx-translate/core';
import { HasRoleModule } from 'src/app/directives/has-role/has-role.module';
import { DetailLayoutModule } from 'src/app/modules/detail-layout/detail-layout.module';
import { PasswordIamPolicyRoutingModule } from './password-iam-policy-routing.module';
import { PasswordIamPolicyComponent } from './password-iam-policy.component';
import { OrgIamPolicyRoutingModule } from './org-iam-policy-routing.module';
import { OrgIamPolicyComponent } from './org-iam-policy.component';
@NgModule({
declarations: [PasswordIamPolicyComponent],
declarations: [OrgIamPolicyComponent],
imports: [
PasswordIamPolicyRoutingModule,
OrgIamPolicyRoutingModule,
CommonModule,
FormsModule,
MatInputModule,
@@ -31,4 +31,4 @@ import { PasswordIamPolicyComponent } from './password-iam-policy.component';
DetailLayoutModule,
],
})
export class PasswordIamPolicyModule { }
export class OrgIamPolicyModule { }

10
console/src/app/modules/policies/password-age-policy/password-age-policy-routing.module.ts
View File

@@ -1,7 +1,6 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PasswordAgePolicyComponent } from './password-age-policy.component';
const routes: Routes = [
@@ -10,15 +9,6 @@ const routes: Routes = [
component: PasswordAgePolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.MODIFY,
},
},
{
path: 'create',
component: PasswordAgePolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.CREATE,
},
},
];

15
console/src/app/modules/policies/password-age-policy/password-age-policy.component.html
View File

@@ -1,17 +1,14 @@
<app-detail-layout [backRouterLink]="[ '/org']" [title]="title ? (title | translate) : ''"
[description]="desc ? (desc | translate) : ''">
<ng-template appHasRole [appHasRole]="['iam.policy.write']">
<button matTooltip="{{'ORG.POLICY.DELETE' | translate}}" color="warn" (click)="deletePolicy()"
<app-detail-layout [backRouterLink]="[ serviceType === PolicyComponentServiceType.ADMIN ? '/iam' : '/org']"
[title]="'ORG.POLICY.PWD_AGE.TITLE' | translate" [description]="'ORG.POLICY.PWD_AGE.DESCRIPTION' | translate">
<ng-template appHasRole
[appHasRole]="[serviceType === PolicyComponentServiceType.ADMIN ? 'iam.policy.delete' : 'org.policy.delete']">
<button matTooltip="{{'ORG.POLICY.RESET' | translate}}" color="warn" (click)="removePolicy()"
mat-stroked-button>
{{'ORG.POLICY.DELETE' | translate}}
{{'ORG.POLICY.RESET' | translate}}
</button>
</ng-template>
<div class="content" *ngIf="ageData">
<mat-form-field class="description-formfield" appearance="outline">
<mat-label>{{ 'ORG.POLICY.DATA.DESCRIPTION' | translate }}</mat-label>
<input matInput name="description" ngDefaultControl [(ngModel)]="ageData.description" required />
</mat-form-field>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.EXPIREWARNDAYS' | translate}}</span>
<span class="fill-space"></span>

3
console/src/app/modules/policies/password-age-policy/password-age-policy.component.scss
View File

@@ -7,7 +7,7 @@
.row {
display: flex;
align-items: center;
padding: .5rem 0;
padding: .3rem 0;
.left-desc {
color: var(--grey);
@@ -21,6 +21,7 @@
.length-wrapper {
display: flex;
align-items: center;
margin-right: -.6rem;
}
}
}

110
console/src/app/modules/policies/password-age-policy/password-age-policy.component.ts
View File

@@ -1,17 +1,14 @@
import { Component, OnDestroy } from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
import { Component, Injector, OnDestroy, Type } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import {
OrgIamPolicy,
PasswordAgePolicy,
PasswordComplexityPolicy,
PasswordLockoutPolicy,
} from 'src/app/proto/generated/management_pb';
import { DefaultPasswordAgePolicyView } from 'src/app/proto/generated/admin_pb';
import { PasswordAgePolicyView } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PolicyComponentServiceType } from '../policy-component-types.enum';
@Component({
@@ -20,37 +17,37 @@ import { PolicyComponentAction } from '../policy-component-action.enum';
styleUrls: ['./password-age-policy.component.scss'],
})
export class PasswordAgePolicyComponent implements OnDestroy {
public title: string = '';
public desc: string = '';
public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT;
public service!: AdminService | ManagementService;
componentAction: PolicyComponentAction = PolicyComponentAction.CREATE;
public PolicyComponentAction: any = PolicyComponentAction;
public ageData!: PasswordAgePolicy.AsObject;
public ageData!: PasswordAgePolicyView.AsObject | DefaultPasswordAgePolicyView.AsObject;
private sub: Subscription = new Subscription();
public PolicyComponentServiceType: any = PolicyComponentServiceType;
constructor(
private route: ActivatedRoute,
private mgmtService: ManagementService,
private router: Router,
private toast: ToastService,
private injector: Injector,
) {
this.sub = this.route.data.pipe(switchMap(data => {
this.componentAction = data.action;
return this.route.params;
})).subscribe(params => {
this.title = 'ORG.POLICY.PWD_AGE.TITLECREATE';
this.desc = 'ORG.POLICY.PWD_AGE.DESCRIPTIONCREATE';
this.serviceType = data.serviceType;
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
this.service = this.injector.get(ManagementService as Type<ManagementService>);
break;
case PolicyComponentServiceType.ADMIN:
this.service = this.injector.get(AdminService as Type<AdminService>);
break;
}
if (this.componentAction === PolicyComponentAction.MODIFY) {
this.getData(params).then(data => {
return this.route.params;
})).subscribe(() => {
this.getData().then(data => {
if (data) {
this.ageData = data.toObject() as PasswordAgePolicy.AsObject;
this.ageData = data.toObject();
}
});
}
});
}
@@ -58,20 +55,29 @@ export class PasswordAgePolicyComponent implements OnDestroy {
this.sub.unsubscribe();
}
private async getData(params: any):
Promise<PasswordLockoutPolicy | PasswordAgePolicy | PasswordComplexityPolicy | OrgIamPolicy | undefined> {
this.title = 'ORG.POLICY.PWD_AGE.TITLE';
this.desc = 'ORG.POLICY.PWD_AGE.DESCRIPTION';
return this.mgmtService.GetPasswordAgePolicy();
private async getData():
Promise<PasswordAgePolicyView | DefaultPasswordAgePolicyView> {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return (this.service as ManagementService).GetPasswordAgePolicy();
case PolicyComponentServiceType.ADMIN:
return (this.service as AdminService).GetDefaultPasswordAgePolicy();
}
}
public deletePolicy(): void {
this.mgmtService.DeletePasswordAgePolicy(this.ageData.id).then(() => {
this.toast.showInfo('Successfully deleted');
public removePolicy(): void {
if (this.serviceType === PolicyComponentServiceType.MGMT) {
(this.service as ManagementService).RemovePasswordAgePolicy().then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.RESETSUCCESS', true);
setTimeout(() => {
this.getData();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
}
public incrementExpireWarnDays(): void {
if (this.ageData?.expireWarnDays !== undefined) {
@@ -98,29 +104,33 @@ export class PasswordAgePolicyComponent implements OnDestroy {
}
public savePolicy(): void {
if (this.componentAction === PolicyComponentAction.CREATE) {
this.mgmtService.CreatePasswordAgePolicy(
this.ageData.description,
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
if ((this.ageData as PasswordAgePolicyView.AsObject).pb_default) {
(this.service as ManagementService).CreatePasswordAgePolicy(
this.ageData.maxAgeDays,
this.ageData.expireWarnDays,
).then(() => {
this.router.navigate(['org']);
}).catch(error => {
).catch(error => {
this.toast.showError(error);
});
} else if (this.componentAction === PolicyComponentAction.MODIFY) {
this.mgmtService.UpdatePasswordAgePolicy(
this.ageData.description,
} else {
(this.service as ManagementService).UpdatePasswordAgePolicy(
this.ageData.maxAgeDays,
this.ageData.expireWarnDays,
).then(() => {
this.router.navigate(['org']);
}).catch(error => {
).catch(error => {
this.toast.showError(error);
});
}
break;
case PolicyComponentServiceType.ADMIN:
(this.service as AdminService).UpdateDefaultPasswordAgePolicy(
this.ageData.maxAgeDays,
this.ageData.expireWarnDays,
).catch(error => {
this.toast.showError(error);
});
break;
}
}
}

10
console/src/app/modules/policies/password-complexity-policy/password-complexity-policy-routing.module.ts
View File

@@ -1,7 +1,6 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PasswordComplexityPolicyComponent } from './password-complexity-policy.component';
const routes: Routes = [
@@ -10,15 +9,6 @@ const routes: Routes = [
component: PasswordComplexityPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.MODIFY,
},
},
{
path: 'create',
component: PasswordComplexityPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.CREATE,
},
},
];

20
console/src/app/modules/policies/password-complexity-policy/password-complexity-policy.component.html
View File

@@ -1,17 +1,17 @@
<app-detail-layout [backRouterLink]="[ '/org']" [title]="title ? (title | translate) : ''"
[description]="desc ? (desc | translate) : ''">
<ng-template appHasRole [appHasRole]="['policy.write$']">
<button matTooltip="{{'ORG.POLICY.DELETE' | translate}}" color="warn" (click)="deletePolicy()"
<app-detail-layout [backRouterLink]="[ serviceType === PolicyComponentServiceType.ADMIN ? '/iam' : '/org']"
[title]="'ORG.POLICY.PWD_COMPLEXITY.TITLE' | translate"
[description]="'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION' | translate">
<p class="default" *ngIf="isDefault"> {{'ORG.POLICY.DEFAULTLABEL' | translate}}</p>
<ng-template appHasRole
[appHasRole]="[serviceType === PolicyComponentServiceType.ADMIN ? 'iam.policy.delete' : 'org.policy.delete']">
<button matTooltip="{{'ORG.POLICY.RESET' | translate}}" color="warn" (click)="removePolicy()"
mat-stroked-button>
{{'ORG.POLICY.DELETE' | translate}}
{{'ORG.POLICY.RESET' | translate}}
</button>
</ng-template>
<div *ngIf="complexityData" class="content">
<mat-form-field class="description-formfield" appearance="outline">
<mat-label>{{ 'ORG.POLICY.DATA.DESCRIPTION' | translate }}</mat-label>
<input matInput name="description" ngDefaultControl [(ngModel)]="complexityData.description" required />
</mat-form-field>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.MINLENGTH' | translate}}</span>
<span class="fill-space"></span>
@@ -54,7 +54,7 @@
</div>
<div class="btn-container">
<button (click)="savePolicy()" color="primary" type="submit" [disabled]="!complexityData?.description"
<button (click)="savePolicy()" color="primary" type="submit"
mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
</div>
</app-detail-layout>

9
console/src/app/modules/policies/password-complexity-policy/password-complexity-policy.component.scss
View File

@@ -1,3 +1,8 @@
.default {
color: #5282c1;
margin-top: 0;
}
.content {
padding-top: 1rem;
display: flex;
@@ -7,10 +12,9 @@
.row {
display: flex;
align-items: center;
padding: .5rem 0;
padding: .3rem 0;
.left-desc {
color: var(--grey);
font-size: .9rem;
}
@@ -21,6 +25,7 @@
.length-wrapper {
display: flex;
align-items: center;
margin-right: -.6rem;
}
}
}

118
console/src/app/modules/policies/password-complexity-policy/password-complexity-policy.component.ts
View File

@@ -1,17 +1,14 @@
import { Component, OnDestroy } from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
import { Component, Injector, OnDestroy, Type } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import {
OrgIamPolicy,
PasswordAgePolicy,
PasswordComplexityPolicy,
PasswordLockoutPolicy,
} from 'src/app/proto/generated/management_pb';
import { DefaultPasswordComplexityPolicy } from 'src/app/proto/generated/admin_pb';
import { PasswordComplexityPolicyView } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PolicyComponentServiceType } from '../policy-component-types.enum';
@Component({
selector: 'app-password-policy',
@@ -19,37 +16,37 @@ import { PolicyComponentAction } from '../policy-component-action.enum';
styleUrls: ['./password-complexity-policy.component.scss'],
})
export class PasswordComplexityPolicyComponent implements OnDestroy {
public title: string = '';
public desc: string = '';
public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT;
public service!: ManagementService | AdminService;
componentAction: PolicyComponentAction = PolicyComponentAction.CREATE;
public PolicyComponentAction: any = PolicyComponentAction;
public complexityData!: PasswordComplexityPolicy.AsObject;
public complexityData!: PasswordComplexityPolicyView.AsObject | DefaultPasswordComplexityPolicy.AsObject;
private sub: Subscription = new Subscription();
public PolicyComponentServiceType: any = PolicyComponentServiceType;
constructor(
private route: ActivatedRoute,
private mgmtService: ManagementService,
private router: Router,
private toast: ToastService,
private injector: Injector,
) {
this.sub = this.route.data.pipe(switchMap(data => {
this.componentAction = data.action;
return this.route.params;
})).subscribe(params => {
this.title = 'ORG.POLICY.PWD_COMPLEXITY.TITLECREATE';
this.desc = 'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTIONCREATE';
this.serviceType = data.serviceType;
if (this.componentAction === PolicyComponentAction.MODIFY) {
this.getData(params).then(data => {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
this.service = this.injector.get(ManagementService as Type<ManagementService>);
break;
case PolicyComponentServiceType.ADMIN:
this.service = this.injector.get(AdminService as Type<AdminService>);
break;
}
return this.route.params;
})).subscribe(() => {
this.getData().then(data => {
if (data) {
this.complexityData = data.toObject() as PasswordComplexityPolicy.AsObject;
this.complexityData = data.toObject();
}
});
}
});
}
@@ -57,20 +54,28 @@ export class PasswordComplexityPolicyComponent implements OnDestroy {
this.sub.unsubscribe();
}
private async getData(params: any):
Promise<PasswordLockoutPolicy | PasswordAgePolicy | PasswordComplexityPolicy | OrgIamPolicy | undefined> {
this.title = 'ORG.POLICY.PWD_COMPLEXITY.TITLE';
this.desc = 'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION';
return this.mgmtService.GetPasswordComplexityPolicy();
private async getData():
Promise<PasswordComplexityPolicyView | DefaultPasswordComplexityPolicy> {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return (this.service as ManagementService).GetPasswordComplexityPolicy();
case PolicyComponentServiceType.ADMIN:
return (this.service as AdminService).GetDefaultPasswordComplexityPolicy();
}
}
public deletePolicy(): void {
this.mgmtService.DeletePasswordComplexityPolicy(this.complexityData.id).then(() => {
this.toast.showInfo('Successfully deleted');
public removePolicy(): void {
if (this.service instanceof ManagementService) {
this.service.removePasswordComplexityPolicy().then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.RESETSUCCESS', true);
setTimeout(() => {
this.getData();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
}
public incrementLength(): void {
if (this.complexityData?.minLength !== undefined && this.complexityData?.minLength <= 72) {
@@ -85,35 +90,56 @@ export class PasswordComplexityPolicyComponent implements OnDestroy {
}
public savePolicy(): void {
if (this.componentAction === PolicyComponentAction.CREATE) {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
if ((this.complexityData as PasswordComplexityPolicyView.AsObject).pb_default) {
(this.service as ManagementService).CreatePasswordComplexityPolicy(
this.mgmtService.CreatePasswordComplexityPolicy(
this.complexityData.description,
this.complexityData.hasLowercase,
this.complexityData.hasUppercase,
this.complexityData.hasNumber,
this.complexityData.hasSymbol,
this.complexityData.minLength,
).then(() => {
this.router.navigate(['org']);
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
} else if (this.componentAction === PolicyComponentAction.MODIFY) {
this.mgmtService.UpdatePasswordComplexityPolicy(
this.complexityData.description,
} else {
(this.service as ManagementService).UpdatePasswordComplexityPolicy(
this.complexityData.hasLowercase,
this.complexityData.hasUppercase,
this.complexityData.hasNumber,
this.complexityData.hasSymbol,
this.complexityData.minLength,
).then(() => {
this.router.navigate(['org']);
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
}
break;
case PolicyComponentServiceType.ADMIN:
(this.service as AdminService).UpdateDefaultPasswordComplexityPolicy(
this.complexityData.hasLowercase,
this.complexityData.hasUppercase,
this.complexityData.hasNumber,
this.complexityData.hasSymbol,
this.complexityData.minLength,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
break;
}
}
public get isDefault(): boolean {
if (this.complexityData && this.serviceType === PolicyComponentServiceType.MGMT) {
return (this.complexityData as PasswordComplexityPolicyView.AsObject).pb_default;
} else {
return false;
}
}
}

30
console/src/app/modules/policies/password-iam-policy/password-iam-policy-routing.module.ts
View File

@@ -1,30 +0,0 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PasswordIamPolicyComponent } from './password-iam-policy.component';
const routes: Routes = [
{
path: '',
component: PasswordIamPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.MODIFY,
},
},
{
path: 'create',
component: PasswordIamPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.CREATE,
},
},
];
@NgModule({
imports: [RouterModule.forChild(routes)],
exports: [RouterModule],
})
export class PasswordIamPolicyRoutingModule { }

28
console/src/app/modules/policies/password-iam-policy/password-iam-policy.component.html
View File

@@ -1,28 +0,0 @@
<app-detail-layout [backRouterLink]="[ '/org']" [title]="title ? (title | translate) : ''"
[description]="desc ? (desc | translate) : ''">
<!-- <ng-template appHasRole [appHasRole]="['iam.policy.write']">
<button matTooltip="{{'ORG.POLICY.DELETE' | translate}}" color="warn" (click)="deletePolicy()"
mat-stroked-button>
{{'ORG.POLICY.DELETE' | translate}}
</button>
</ng-template> -->
<div class="content" *ngIf="iamData">
<mat-form-field class="description-formfield" appearance="outline">
<mat-label>{{ 'ORG.POLICY.DATA.DESCRIPTION' | translate }}</mat-label>
<input matInput name="description" ngDefaultControl [(ngModel)]="iamData.description" required />
</mat-form-field>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.USERLOGINMUSTBEDOMAIN' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="hasNumber" ngDefaultControl
[(ngModel)]="iamData.userLoginMustBeDomain">
</mat-slide-toggle>
</div>
</div>
<div class="btn-container">
<button (click)="savePolicy()" color="primary" type="submit" [disabled]="!iamData?.description"
mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
</div>
</app-detail-layout>

102
console/src/app/modules/policies/password-iam-policy/password-iam-policy.component.ts
View File

@@ -1,102 +0,0 @@
import { Component, OnDestroy } from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import {
OrgIamPolicy,
PasswordAgePolicy,
PasswordComplexityPolicy,
PasswordLockoutPolicy,
} from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { StorageService } from 'src/app/services/storage.service';
import { ToastService } from 'src/app/services/toast.service';
import { PolicyComponentAction } from '../policy-component-action.enum';
@Component({
selector: 'app-password-iam-policy',
templateUrl: './password-iam-policy.component.html',
styleUrls: ['./password-iam-policy.component.scss'],
})
export class PasswordIamPolicyComponent implements OnDestroy {
public title: string = '';
public desc: string = '';
componentAction: PolicyComponentAction = PolicyComponentAction.CREATE;
public PolicyComponentAction: any = PolicyComponentAction;
public iamData!: OrgIamPolicy.AsObject;
private sub: Subscription = new Subscription();
constructor(
private route: ActivatedRoute,
private mgmtService: ManagementService,
private adminService: AdminService,
private router: Router,
private toast: ToastService,
private sessionStorage: StorageService,
) {
this.sub = this.route.data.pipe(switchMap(data => {
this.componentAction = data.action;
console.log(data.action);
return this.route.params;
})).subscribe(params => {
this.title = 'ORG.POLICY.IAM_POLICY.TITLECREATE';
this.desc = 'ORG.POLICY.IAM_POLICY.DESCRIPTIONCREATE';
if (this.componentAction === PolicyComponentAction.MODIFY) {
this.getData(params).then(data => {
if (data) {
this.iamData = data.toObject() as OrgIamPolicy.AsObject;
}
});
}
});
}
public ngOnDestroy(): void {
this.sub.unsubscribe();
}
private async getData(params: any):
Promise<PasswordLockoutPolicy | PasswordAgePolicy | PasswordComplexityPolicy | OrgIamPolicy | undefined> {
this.title = 'ORG.POLICY.IAM_POLICY.TITLECREATE';
this.desc = 'ORG.POLICY.IAM_POLICY.DESCRIPTIONCREATE';
return this.mgmtService.GetMyOrgIamPolicy();
}
public savePolicy(): void {
if (this.componentAction === PolicyComponentAction.CREATE) {
const orgId = this.sessionStorage.getItem('organization');
if (orgId) {
this.adminService.CreateOrgIamPolicy(
orgId,
this.iamData.description,
this.iamData.userLoginMustBeDomain,
).then(() => {
this.router.navigate(['org']);
}).catch(error => {
this.toast.showError(error);
});
}
} else if (this.componentAction === PolicyComponentAction.MODIFY) {
const orgId = this.sessionStorage.getItem('organization');
if (orgId) {
this.adminService.UpdateOrgIamPolicy(
orgId,
this.iamData.description,
this.iamData.userLoginMustBeDomain,
).then(() => {
this.router.navigate(['org']);
}).catch(error => {
this.toast.showError(error);
});
}
}
}
}

10
console/src/app/modules/policies/password-lockout-policy/password-lockout-policy-routing.module.ts
View File

@@ -1,7 +1,6 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PasswordLockoutPolicyComponent } from './password-lockout-policy.component';
const routes: Routes = [
@@ -10,15 +9,6 @@ const routes: Routes = [
component: PasswordLockoutPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.MODIFY,
},
},
{
path: 'create',
component: PasswordLockoutPolicyComponent,
data: {
animation: 'DetailPage',
action: PolicyComponentAction.CREATE,
},
},
];

21
console/src/app/modules/policies/password-lockout-policy/password-lockout-policy.component.html
View File

@@ -1,17 +1,16 @@
<app-detail-layout [backRouterLink]="[ '/org']" [title]="title ? (title | translate) : ''"
[description]="desc ? (desc | translate) : ''">
<ng-template appHasRole [appHasRole]="['iam.policy.write']">
<button matTooltip="{{'ORG.POLICY.DELETE' | translate}}" color="warn" (click)="deletePolicy()"
<app-detail-layout [backRouterLink]="[ serviceType === PolicyComponentServiceType.ADMIN ? '/iam' : '/org']"
[title]="'ORG.POLICY.PWD_LOCKOUT.TITLE' | translate"
[description]="'ORG.POLICY.PWD_LOCKOUT.DESCRIPTION' | translate">
<p class="default" *ngIf="isDefault"> {{'ORG.POLICY.DEFAULTLABEL' | translate}}</p>
<ng-template appHasRole
[appHasRole]="[serviceType === PolicyComponentServiceType.ADMIN ? 'iam.policy.delete' : 'org.policy.delete']">
<button matTooltip="{{'ORG.POLICY.RESET' | translate}}" color="warn" (click)="removePolicy()"
mat-stroked-button>
{{'ORG.POLICY.DELETE' | translate}}
{{'ORG.POLICY.RESET' | translate}}
</button>
</ng-template>
<div class="content" *ngIf="lockoutData">
<mat-form-field class="description-formfield" appearance="outline">
<mat-label>{{ 'ORG.POLICY.DATA.DESCRIPTION' | translate }}</mat-label>
<input matInput name="description" ngDefaultControl [(ngModel)]="lockoutData.description" required />
</mat-form-field>
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.MAXATTEMPTS' | translate}}</span>
<span class="fill-space"></span>
@@ -28,8 +27,8 @@
<div class="row">
<span class="left-desc">{{'ORG.POLICY.DATA.SHOWLOCKOUTFAILURES' | translate}}</span>
<span class="fill-space"></span>
<mat-slide-toggle color="primary" name="showLockOutFailures" ngDefaultControl
[(ngModel)]="lockoutData.showLockOutFailures">
<mat-slide-toggle color="primary" name="showLockoutFailure" ngDefaultControl
[(ngModel)]="lockoutData.showLockoutFailure">
</mat-slide-toggle>
</div>
</div>

7
console/src/app/modules/policies/password-lockout-policy/password-lockout-policy.component.scss
View File

@@ -1,3 +1,7 @@
.default {
color: #5282c1;
margin-top: 0;
}
.content {
padding-top: 1rem;
@@ -8,10 +12,9 @@
.row {
display: flex;
align-items: center;
padding: .5rem 0;
padding: .3rem 0;
.left-desc {
color: var(--grey);
font-size: .9rem;
}

121
console/src/app/modules/policies/password-lockout-policy/password-lockout-policy.component.ts
View File

@@ -1,18 +1,15 @@
import { Component, OnDestroy } from '@angular/core';
import { Component, Injector, Input, OnDestroy, Type } from '@angular/core';
import { FormGroup } from '@angular/forms';
import { ActivatedRoute, Router } from '@angular/router';
import { ActivatedRoute } from '@angular/router';
import { Subscription } from 'rxjs';
import { switchMap } from 'rxjs/operators';
import {
OrgIamPolicy,
PasswordAgePolicy,
PasswordComplexityPolicy,
PasswordLockoutPolicy,
} from 'src/app/proto/generated/management_pb';
import { DefaultPasswordLockoutPolicyView } from 'src/app/proto/generated/admin_pb';
import { PasswordLockoutPolicyView } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service';
import { PolicyComponentAction } from '../policy-component-action.enum';
import { PolicyComponentServiceType } from '../policy-component-types.enum';
@Component({
selector: 'app-password-lockout-policy',
@@ -20,37 +17,39 @@ import { PolicyComponentAction } from '../policy-component-action.enum';
styleUrls: ['./password-lockout-policy.component.scss'],
})
export class PasswordLockoutPolicyComponent implements OnDestroy {
public title: string = '';
public desc: string = '';
@Input() public service!: ManagementService | AdminService;
public serviceType: PolicyComponentServiceType = PolicyComponentServiceType.MGMT;
componentAction: PolicyComponentAction = PolicyComponentAction.CREATE;
public PolicyComponentAction: any = PolicyComponentAction;
public lockoutForm!: FormGroup;
public lockoutData!: PasswordLockoutPolicy.AsObject;
public lockoutData!: PasswordLockoutPolicyView.AsObject;
private sub: Subscription = new Subscription();
public PolicyComponentServiceType: any = PolicyComponentServiceType;
constructor(
private route: ActivatedRoute,
private mgmtService: ManagementService,
private router: Router,
private toast: ToastService,
private injector: Injector,
) {
this.sub = this.route.data.pipe(switchMap(data => {
this.componentAction = data.action;
return this.route.params;
})).subscribe(params => {
this.title = 'ORG.POLICY.PWD_LOCKOUT.TITLECREATE';
this.desc = 'ORG.POLICY.PWD_LOCKOUT.DESCRIPTIONCREATE';
this.serviceType = data.serviceType;
if (this.componentAction === PolicyComponentAction.MODIFY) {
this.getData(params).then(data => {
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
this.service = this.injector.get(ManagementService as Type<ManagementService>);
break;
case PolicyComponentServiceType.ADMIN:
this.service = this.injector.get(AdminService as Type<AdminService>);
break;
}
return this.route.params;
})).subscribe(() => {
this.getData().then(data => {
if (data) {
this.lockoutData = data.toObject() as PasswordLockoutPolicy.AsObject;
this.lockoutData = data.toObject() as PasswordLockoutPolicyView.AsObject;
}
});
}
});
}
@@ -58,21 +57,28 @@ export class PasswordLockoutPolicyComponent implements OnDestroy {
this.sub.unsubscribe();
}
private async getData(params: any):
Promise<PasswordLockoutPolicy | PasswordAgePolicy | PasswordComplexityPolicy | OrgIamPolicy | undefined> {
private getData(): Promise<PasswordLockoutPolicyView | DefaultPasswordLockoutPolicyView> {
this.title = 'ORG.POLICY.PWD_LOCKOUT.TITLE';
this.desc = 'ORG.POLICY.PWD_LOCKOUT.DESCRIPTION';
return this.mgmtService.GetPasswordLockoutPolicy();
switch (this.serviceType) {
case PolicyComponentServiceType.MGMT:
return (this.service as ManagementService).GetPasswordLockoutPolicy();
case PolicyComponentServiceType.ADMIN:
return (this.service as AdminService).GetDefaultPasswordLockoutPolicy();
}
}
public deletePolicy(): void {
this.mgmtService.DeletePasswordLockoutPolicy(this.lockoutData.id).then(() => {
this.toast.showInfo('Successfully deleted');
public removePolicy(): void {
if (this.service instanceof ManagementService) {
this.service.RemovePasswordLockoutPolicy().then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.RESETSUCCESS', true);
setTimeout(() => {
this.getData();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
}
public incrementMaxAttempts(): void {
if (this.lockoutData?.maxAttempts !== undefined) {
@@ -87,27 +93,44 @@ export class PasswordLockoutPolicyComponent implements OnDestroy {
}
public savePolicy(): void {
if (this.componentAction === PolicyComponentAction.CREATE) {
this.mgmtService.CreatePasswordLockoutPolicy(
this.lockoutData.description,
let promise: Promise<any>;
if (this.service instanceof AdminService) {
promise = this.service.UpdateDefaultPasswordLockoutPolicy(
this.lockoutData.maxAttempts,
this.lockoutData.showLockOutFailures,
this.lockoutData.showLockoutFailure,
).then(() => {
this.router.navigate(['org']);
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
} else if (this.componentAction === PolicyComponentAction.MODIFY) {
} else {
if ((this.lockoutData as PasswordLockoutPolicyView.AsObject).pb_default) {
promise = this.service.CreatePasswordLockoutPolicy(
this.lockoutData.maxAttempts,
this.lockoutData.showLockoutFailure,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
} else {
promise = this.service.UpdatePasswordLockoutPolicy(
this.lockoutData.maxAttempts,
this.lockoutData.showLockoutFailure,
).then(() => {
this.toast.showInfo('ORG.POLICY.TOAST.SET', true);
}).catch(error => {
this.toast.showError(error);
});
}
}
}
this.mgmtService.UpdatePasswordLockoutPolicy(
this.lockoutData.description,
this.lockoutData.maxAttempts,
this.lockoutData.showLockOutFailures,
).then(() => {
this.router.navigate(['org']);
}).catch(error => {
this.toast.showError(error);
});
public get isDefault(): boolean {
if (this.lockoutData && this.serviceType === PolicyComponentServiceType.MGMT) {
return (this.lockoutData as PasswordLockoutPolicyView.AsObject).pb_default;
} else {
return false;
}
}
}

5
console/src/app/modules/policies/policy-component-action.enum.ts
View File

@@ -1,5 +0,0 @@
export enum PolicyComponentAction {
CREATE = 'create',
MODIFY = 'modify',
}

48
console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.html
View File

@@ -3,6 +3,29 @@
<p class="top-desc">{{'IAM.POLICY.DESCRIPTION' | translate}}</p>
<div class="row-lyt">
<ng-template appHasRole [appHasRole]="['iam.policy.read']">
<div class="p-item card">
<div class="avatar">
<mat-icon class="icon" svgIcon="mdi_textbox_password"></mat-icon>
</div>
<div class="title">
<span>{{'ORG.POLICY.PWD_COMPLEXITY.TITLE' | translate}}</span>
<button mat-icon-button disabled>
<i *ngIf="complexityPolicy" class="icon las la-check-circle"></i>
</button>
</div>
<p class="desc">
{{'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION' | translate}}</p>
<span class="fill-space"></span>
<div class="btn-wrapper">
<button [disabled]="!complexityPolicy" [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]"
mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
</div>
</div>
</ng-template>
<ng-template appHasRole [appHasRole]="['policy.read']">
<div class="p-item card">
<div class="avatar">
@@ -27,4 +50,29 @@
</div>
</div>
</ng-template>
<ng-template appHasRole [appHasRole]="['iam.policy.read']">
<div class="p-item card">
<div class="avatar">
<i class="icon las la-gem"></i>
</div>
<div class="title">
<span>{{'ORG.POLICY.IAM_POLICY.TITLE' | translate}}</span>
<button mat-icon-button disabled>
<i *ngIf="iamPolicy" class="icon las la-check-circle"></i>
</button>
</div>
<p class="desc">
{{'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate}}</p>
<span class="fill-space"></span>
<div class="btn-wrapper">
<ng-template appHasRole [appHasRole]="['iam.policy.write']">
<button [disabled]="!iamPolicy" [routerLink]="[ 'policy', PolicyComponentType.IAM ]"
mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
</ng-template>
</div>
</div>
</ng-template>
</div>

6
console/src/app/pages/iam/iam-policy-grid/iam-policy-grid.component.ts
View File

@@ -1,6 +1,6 @@
import { Component } from '@angular/core';
import { PolicyComponentType } from 'src/app/modules/policies/policy-component-types.enum';
import { DefaultLoginPolicy } from 'src/app/proto/generated/admin_pb';
import { DefaultLoginPolicy, DefaultPasswordComplexityPolicyView, OrgIamPolicyView } from 'src/app/proto/generated/admin_pb';
import { PolicyState } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
@@ -10,7 +10,9 @@ import { AdminService } from 'src/app/services/admin.service';
styleUrls: ['./iam-policy-grid.component.scss'],
})
export class IamPolicyGridComponent {
public complexityPolicy!: DefaultPasswordComplexityPolicyView.AsObject;
public loginPolicy!: DefaultLoginPolicy.AsObject;
public iamPolicy!: OrgIamPolicyView.AsObject;
public PolicyState: any = PolicyState;
public PolicyComponentType: any = PolicyComponentType;
@@ -23,5 +25,7 @@ export class IamPolicyGridComponent {
private getData(): void {
this.adminService.GetDefaultLoginPolicy().then(data => this.loginPolicy = data.toObject());
this.adminService.GetDefaultOrgIamPolicy().then(data => this.iamPolicy = data.toObject());
this.adminService.GetDefaultPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject());
}
}

39
console/src/app/pages/iam/iam-routing.module.ts
View File

@@ -47,13 +47,50 @@ const routes: Routes = [
],
},
{
path: `policy/${PolicyComponentType.LOGIN}`,
path: 'policy',
children: [
{
path: PolicyComponentType.AGE,
data: {
serviceType: PolicyComponentServiceType.ADMIN,
},
loadChildren: () => import('src/app/modules/policies/password-age-policy/password-age-policy.module')
.then(m => m.PasswordAgePolicyModule),
},
{
path: PolicyComponentType.LOCKOUT,
data: {
serviceType: PolicyComponentServiceType.ADMIN,
},
loadChildren: () => import('src/app/modules/policies/password-lockout-policy/password-lockout-policy.module')
.then(m => m.PasswordLockoutPolicyModule),
},
{
path: PolicyComponentType.COMPLEXITY,
data: {
serviceType: PolicyComponentServiceType.ADMIN,
},
loadChildren: () => import('src/app/modules/policies/password-complexity-policy/password-complexity-policy.module')
.then(m => m.PasswordComplexityPolicyModule),
},
{
path: PolicyComponentType.IAM,
data: {
serviceType: PolicyComponentServiceType.ADMIN,
},
loadChildren: () => import('src/app/modules/policies/org-iam-policy/org-iam-policy.module')
.then(m => m.OrgIamPolicyModule),
},
{
path: PolicyComponentType.LOGIN,
data: {
serviceType: PolicyComponentServiceType.ADMIN,
},
loadChildren: () => import('src/app/modules/policies/login-policy/login-policy.module')
.then(m => m.LoginPolicyModule),
},
],
},
];
@NgModule({

4
console/src/app/pages/orgs/org-create/org-create.component.ts
View File

@@ -7,7 +7,7 @@ import { Router } from '@angular/router';
import { take } from 'rxjs/operators';
import { lowerCaseValidator, numberValidator, symbolValidator, upperCaseValidator } from 'src/app/pages/validators';
import { CreateHumanRequest, CreateOrgRequest, Gender, OrgSetUpResponse } from 'src/app/proto/generated/admin_pb';
import { PasswordComplexityPolicy } from 'src/app/proto/generated/auth_pb';
import { PasswordComplexityPolicy as MgmtPasswordComplexityPolicy } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service';
import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
import { ManagementService } from 'src/app/services/mgmt.service';
@@ -57,7 +57,7 @@ export class OrgCreateComponent {
public genders: Gender[] = [Gender.GENDER_FEMALE, Gender.GENDER_MALE, Gender.GENDER_UNSPECIFIED];
public languages: string[] = ['de', 'en'];
public policy!: PasswordComplexityPolicy.AsObject;
public policy!: MgmtPasswordComplexityPolicy.AsObject;
public usePassword: boolean = false;
public forSelf: boolean = true;

16
console/src/app/pages/orgs/orgs-routing.module.ts
View File

@@ -43,23 +43,35 @@ const routes: Routes = [
children: [
{
path: PolicyComponentType.AGE,
data: {
serviceType: PolicyComponentServiceType.MGMT,
},
loadChildren: () => import('src/app/modules/policies/password-age-policy/password-age-policy.module')
.then(m => m.PasswordAgePolicyModule),
},
{
path: PolicyComponentType.LOCKOUT,
data: {
serviceType: PolicyComponentServiceType.MGMT,
},
loadChildren: () => import('src/app/modules/policies/password-lockout-policy/password-lockout-policy.module')
.then(m => m.PasswordLockoutPolicyModule),
},
{
path: PolicyComponentType.COMPLEXITY,
data: {
serviceType: PolicyComponentServiceType.MGMT,
},
loadChildren: () => import('src/app/modules/policies/password-complexity-policy/password-complexity-policy.module')
.then(m => m.PasswordComplexityPolicyModule),
},
{
path: PolicyComponentType.IAM,
loadChildren: () => import('src/app/modules/policies/password-iam-policy/password-iam-policy.module')
.then(m => m.PasswordIamPolicyModule),
data: {
serviceType: PolicyComponentServiceType.MGMT,
},
loadChildren: () => import('src/app/modules/policies/org-iam-policy/org-iam-policy.module')
.then(m => m.OrgIamPolicyModule),
},
{
path: PolicyComponentType.LOGIN,

45
console/src/app/pages/orgs/policy-grid/policy-grid.component.html
View File

@@ -3,6 +3,7 @@
<p class="top-desc">{{'ORG.POLICY.DESCRIPTION' | translate}}</p>
<div class="row-lyt">
<ng-template appHasRole [appHasRole]="['iam.policy.read']">
<div class="p-item card">
<div class="avatar">
<mat-icon class="icon" svgIcon="mdi_textbox_password"></mat-icon>
@@ -14,23 +15,16 @@
</button>
</div>
<p *ngIf="complexityPolicy?.description; else showDescComplexity" class="desc">
{{ complexityPolicy.description }}</p>
<ng-template #showDescComplexity>
<p class="desc">
{{'ORG.POLICY.PWD_COMPLEXITY.DESCRIPTION' | translate}}</p>
</ng-template>
<span class="fill-space"></span>
<div class="btn-wrapper" *ngIf="(['policy.write'] | hasRole) as writePolicy$">
<button [disabled]="complexityPolicy || (writePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY,'create' ]" color="primary"
mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
<button [disabled]="!complexityPolicy || (writePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]" mat-stroked-button
[matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
<div class="btn-wrapper">
<button [disabled]="!complexityPolicy" [routerLink]="[ 'policy', PolicyComponentType.COMPLEXITY ]"
mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
</div>
</div>
</ng-template>
<ng-template appHasRole [appHasRole]="['iam.policy.read']">
<div class="p-item card">
@@ -44,22 +38,15 @@
</button>
</div>
<p *ngIf="iamPolicy?.description; else showDescIAM" class="desc">
{{ iamPolicy.description }}</p>
<ng-template #showDescIAM>
<p class="desc">
{{'ORG.POLICY.IAM_POLICY.DESCRIPTION' | translate}}</p>
</ng-template>
<span class="fill-space"></span>
<div class="btn-wrapper" *ngIf="(['iam.policy.write$'] | hasRole) as iamWritePolicy$">
<button [disabled]="iamPolicy || (iamWritePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.IAM,'create' ]" color="primary"
mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
<button [disabled]="!iamPolicy || (iamWritePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.IAM ]" mat-stroked-button
[matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
<div class="btn-wrapper">
<ng-template appHasRole [appHasRole]="['iam.policy.write']">
<button [disabled]="!iamPolicy" [routerLink]="[ 'policy', PolicyComponentType.IAM ]"
mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
</ng-template>
</div>
</div>
</ng-template>
@@ -82,13 +69,11 @@
</ng-template>
<span class="fill-space"></span>
<div class="btn-wrapper" *ngIf="(['policy.write'] | hasRole) as writePolicy$">
<button [disabled]="loginPolicy || (writePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.LOGIN,'create' ]" color="primary"
mat-raised-button>{{'ORG.POLICY.BTN_INSTALL' | translate}}</button>
<button [disabled]="!loginPolicy || (writePolicy$ | async) == false"
[routerLink]="[ 'policy', PolicyComponentType.LOGIN ]" mat-stroked-button
[matTooltip]="'ACTIONS.CONFIGURE' | translate">{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
<div class="btn-wrapper">
<ng-template appHasRole [appHasRole]="['policy.write']">
<button [disabled]="!loginPolicy" [routerLink]="[ 'policy', PolicyComponentType.LOGIN ]"
mat-stroked-button>{{'ORG.POLICY.BTN_EDIT' | translate}}</button>
</ng-template>
</div>
</div>
</ng-template>

21
console/src/app/pages/orgs/policy-grid/policy-grid.component.ts
View File

@@ -1,7 +1,13 @@
import { Component } from '@angular/core';
import { PolicyComponentType } from 'src/app/modules/policies/policy-component-types.enum';
import { LoginPolicy, OrgIamPolicy, PasswordComplexityPolicy, PolicyState } from 'src/app/proto/generated/management_pb';
import {
LoginPolicyView,
OrgIamPolicyView,
PasswordComplexityPolicyView,
PolicyState,
} from 'src/app/proto/generated/management_pb';
import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service';
@Component({
selector: 'app-policy-grid',
@@ -9,21 +15,24 @@ import { ManagementService } from 'src/app/services/mgmt.service';
styleUrls: ['./policy-grid.component.scss'],
})
export class PolicyGridComponent {
public complexityPolicy!: PasswordComplexityPolicy.AsObject;
public iamPolicy!: OrgIamPolicy.AsObject;
public loginPolicy!: LoginPolicy.AsObject;
public complexityPolicy!: PasswordComplexityPolicyView.AsObject;
public iamPolicy!: OrgIamPolicyView.AsObject;
public loginPolicy!: LoginPolicyView.AsObject;
public PolicyState: any = PolicyState;
public PolicyComponentType: any = PolicyComponentType;
constructor(
private mgmtService: ManagementService,
public mgmtService: ManagementService,
private toast: ToastService,
) {
this.getData();
}
private getData(): void {
this.mgmtService.GetPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject());
this.mgmtService.GetPasswordComplexityPolicy().then(data => this.complexityPolicy = data.toObject()).catch(error => {
this.toast.showError(error);
});
this.mgmtService.GetMyOrgIamPolicy().then(data => this.iamPolicy = data.toObject());
this.mgmtService.GetLoginPolicy().then(data => {
this.loginPolicy = data.toObject();

8
console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.html
View File

@@ -52,8 +52,12 @@
}}</span>
<span class="fill-space"></span>
</div>
<button [ngClass]="{ selected: selection.isSelected(item)}" (click)="selection.toggle(item)" class="edit-button"
mat-icon-button>
<button *ngIf="item.projectId !== zitadelProjectId" matTooltip="{{'ACTIONS.DELETE' | translate}}" color="warn"
(click)="deleteProject(item)" class="delete-button" mat-icon-button>
<i class="las la-trash"></i>
</button>
<button matTooltip="{{'ACTIONS.PIN' | translate}}" [ngClass]="{ selected: selection.isSelected(item)}"
(click)="selection.toggle(item)" class="edit-button" mat-icon-button>
<mat-icon *ngIf="selection.isSelected(item)" svgIcon="mdi_pin"></mat-icon>
<mat-icon svgIcon="mdi_pin_outline" *ngIf="!selection.isSelected(item)"></mat-icon>
</button>

16
console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.scss
View File

@@ -112,6 +112,20 @@
}
}
.delete-button {
opacity: 0;
user-select: none;
position: absolute;
bottom: 0;
right: 30px;
margin: 0;
margin-bottom: .25rem;
&:not(:hover) {
color: #8795a1;
}
}
.edit-button {
opacity: 0;
user-select: none;
@@ -130,12 +144,14 @@
&:hover {
box-shadow: 0 5px 10px rgba(0, 0, 0, .12);
.delete-button,
.edit-button {
opacity: 1;
}
}
&.selected {
.delete-button,
.edit-button {
opacity: 1;
}

41
console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-grid/owned-project-grid.component.ts
View File

@@ -1,11 +1,14 @@
import { animate, animateChild, keyframes, query, stagger, style, transition, trigger } from '@angular/animations';
import { SelectionModel } from '@angular/cdk/collections';
import { Component, EventEmitter, Input, OnChanges, Output, SimpleChanges } from '@angular/core';
import { MatDialog } from '@angular/material/dialog';
import { Router } from '@angular/router';
import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
import { Org } from 'src/app/proto/generated/auth_pb';
import { ProjectState, ProjectType, ProjectView } from 'src/app/proto/generated/management_pb';
import { AuthenticationService } from 'src/app/services/authentication.service';
import { ManagementService } from 'src/app/services/mgmt.service';
import { StorageKey, StorageService } from 'src/app/services/storage.service';
import { ToastService } from 'src/app/services/toast.service';
@Component({
selector: 'app-owned-project-grid',
@@ -48,8 +51,14 @@ export class OwnedProjectGridComponent implements OnChanges {
public showNewProject: boolean = false;
public ProjectState: any = ProjectState;
public ProjectType: any = ProjectType;
constructor(private router: Router, private authService: AuthenticationService, private storage: StorageService) {
@Input() public zitadelProjectId: string = '';
constructor(
private router: Router,
private dialog: MatDialog,
private storage: StorageService,
private mgmtService: ManagementService,
private toast: ToastService,
) {
this.selection.changed.subscribe(selection => {
this.setPrefixedItem('pinned-projects', JSON.stringify(
this.selection.selected.map(item => item.projectId),
@@ -123,4 +132,30 @@ export class OwnedProjectGridComponent implements OnChanges {
public closeGridView(): void {
this.changedView.emit(true);
}
public deleteProject(item: ProjectView.AsObject): void {
const dialogRef = this.dialog.open(WarnDialogComponent, {
data: {
confirmKey: 'ACTIONS.DELETE',
cancelKey: 'ACTIONS.CANCEL',
titleKey: 'PROJECT.PAGES.DIALOG.DELETE.TITLE',
descriptionKey: 'PROJECT.PAGES.DIALOG.DELETE.DESCRIPTION',
},
width: '400px',
});
dialogRef.afterClosed().subscribe(resp => {
if (resp && item.projectId !== this.zitadelProjectId) {
this.mgmtService.RemoveProject(item.projectId).then(() => {
this.toast.showInfo('PROJECT.TOAST.DELETED', true);
const index = this.items.findIndex(iter => iter.projectId === item.projectId);
if (index > -1) {
this.items.splice(index, 1);
}
}).catch(error => {
this.toast.showError(error);
});
}
});
}
}

15
console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
View File

@@ -1,5 +1,6 @@
<app-owned-project-grid *ngIf="grid" [loading]="loading$ | async" (changedView)="grid = false"
[items]="ownedProjectList || []" (newClicked)="addProject()">
<app-owned-project-grid [zitadelProjectId]="zitadelProjectId" *ngIf="grid && zitadelProjectId"
[loading]="loading$ | async" (changedView)="grid = false" [items]="ownedProjectList || []"
(newClicked)="addProject()">
</app-owned-project-grid>
<div *ngIf="!grid" class="view-toggle">
@@ -61,6 +62,16 @@
</td>
</ng-container>
<ng-container matColumnDef="actions" stickyEnd>
<th mat-header-cell *matHeaderCellDef></th>
<td mat-cell *matCellDef="let project">
<button *ngIf="project.projectId !== zitadelProjectId" color="warn" mat-icon-button
matTooltip="{{'ACTIONS.DELETE' | translate}}" (click)="deleteProject(project.projectId)">
<i class="las la-trash"></i>
</button>
</td>
</ng-container>
<tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
<tr class="highlight" mat-row *matRowDef="let row; columns: displayedColumns;"
[routerLink]="['/projects', row.projectId]"></tr>

38
console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.ts
View File

@@ -1,12 +1,14 @@
import { animate, animateChild, query, stagger, style, transition, trigger } from '@angular/animations';
import { SelectionModel } from '@angular/cdk/collections';
import { Component, OnDestroy, OnInit, ViewChild } from '@angular/core';
import { MatDialog } from '@angular/material/dialog';
import { MatPaginator, PageEvent } from '@angular/material/paginator';
import { MatTableDataSource } from '@angular/material/table';
import { Router } from '@angular/router';
import { TranslateService } from '@ngx-translate/core';
import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb';
import { BehaviorSubject, Observable, Subscription } from 'rxjs';
import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
import { ProjectView } from 'src/app/proto/generated/management_pb';
import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service';
@@ -45,7 +47,7 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
@ViewChild(MatPaginator) public paginator!: MatPaginator;
public ownedProjectList: ProjectView.AsObject[] = [];
public displayedColumns: string[] = ['select', 'name', 'state', 'creationDate', 'changeDate'];
public displayedColumns: string[] = ['select', 'name', 'state', 'creationDate', 'changeDate', 'actions'];
public selection: SelectionModel<ProjectView.AsObject> = new SelectionModel<ProjectView.AsObject>(true, []);
private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
@@ -54,11 +56,18 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
public grid: boolean = true;
private subscription?: Subscription;
public zitadelProjectId: string = '';
constructor(private router: Router,
public translate: TranslateService,
private mgmtService: ManagementService,
private toast: ToastService,
) { }
private dialog: MatDialog,
) {
this.mgmtService.GetIam().then(iam => {
this.zitadelProjectId = iam.toObject().iamProjectId;
});
}
public ngOnInit(): void {
this.getData(10, 0);
@@ -140,4 +149,29 @@ export class OwnedProjectListComponent implements OnInit, OnDestroy {
this.selection.clear();
this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
}
public deleteProject(item: ProjectView.AsObject): void {
const dialogRef = this.dialog.open(WarnDialogComponent, {
data: {
confirmKey: 'ACTIONS.DELETE',
cancelKey: 'ACTIONS.CANCEL',
titleKey: 'PROJECT.PAGES.DIALOG.DELETE.TITLE',
descriptionKey: 'PROJECT.PAGES.DIALOG.DELETE.DESCRIPTION',
},
width: '400px',
});
dialogRef.afterClosed().subscribe(resp => {
if (this.zitadelProjectId && resp && item.projectId !== this.zitadelProjectId) {
this.mgmtService.RemoveProject(item.projectId).then(() => {
this.toast.showInfo('PROJECT.TOAST.DELETED', true);
setTimeout(() => {
this.refreshPage();
}, 1000);
}).catch(error => {
this.toast.showError(error);
});
}
});
}
}

2
console/src/app/pages/projects/owned-projects/owned-projects.module.ts
View File

@@ -20,6 +20,7 @@ import { CardModule } from 'src/app/modules/card/card.module';
import { RefreshTableModule } from 'src/app/modules/refresh-table/refresh-table.module';
import { SharedModule } from 'src/app/modules/shared/shared.module';
import { UserGrantsModule } from 'src/app/modules/user-grants/user-grants.module';
import { WarnDialogModule } from 'src/app/modules/warn-dialog/warn-dialog.module';
import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe/has-role-pipe.module';
import { LocalizedDatePipeModule } from 'src/app/pipes/localized-date-pipe/localized-date-pipe.module';
import { TimestampToDatePipeModule } from 'src/app/pipes/timestamp-to-date-pipe/timestamp-to-date-pipe.module';
@@ -51,6 +52,7 @@ import { OwnedProjectsComponent } from './owned-projects.component';
MatInputModule,
MatChipsModule,
MatIconModule,
WarnDialogModule,
MatButtonModule,
MatProgressSpinnerModule,
MatProgressBarModule,

10
console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
View File

@@ -37,6 +37,16 @@
<td mat-cell *matCellDef="let idp"> {{idp?.externalUserId}} </td>
</ng-container>
<ng-container matColumnDef="actions" stickyEnd>
<th mat-header-cell *matHeaderCellDef></th>
<td mat-cell *matCellDef="let idp">
<button mat-icon-button matTooltip="{{'ACTIONS.REMOVE' | translate}}"
(click)="removeExternalIdp(idp)">
<i class="las la-trash"></i>
</button>
</td>
</ng-container>
<tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
<tr class="highlight" mat-row *matRowDef="let row; columns: displayedColumns;">
</tr>

28
console/src/app/pages/users/user-detail/external-idps/external-idps.component.ts
View File

@@ -1,8 +1,10 @@
import { SelectionModel } from '@angular/cdk/collections';
import { Component, Input, OnInit, ViewChild } from '@angular/core';
import { MatDialog } from '@angular/material/dialog';
import { MatPaginator, PageEvent } from '@angular/material/paginator';
import { MatTableDataSource } from '@angular/material/table';
import { BehaviorSubject, Observable } from 'rxjs';
import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
import { ExternalIDPView as AuthExternalIDPView } from '../../../../proto/generated/auth_pb';
import {
@@ -29,9 +31,9 @@ export class ExternalIdpsComponent implements OnInit {
= new SelectionModel<MgmtExternalIDPView.AsObject | AuthExternalIDPView.AsObject>(true, []);
private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
public loading$: Observable<boolean> = this.loadingSubject.asObservable();
@Input() public displayedColumns: string[] = ['idpConfigId', 'idpName', 'externalUserId', 'externalUserDisplayName'];
@Input() public displayedColumns: string[] = ['idpConfigId', 'idpName', 'externalUserId', 'externalUserDisplayName', 'actions'];
constructor(private toast: ToastService) { }
constructor(private toast: ToastService, private dialog: MatDialog) { }
ngOnInit(): void {
this.getData(10, 0);
@@ -80,19 +82,35 @@ export class ExternalIdpsComponent implements OnInit {
}
public removeExternalIdp(idp: AuthExternalIDPView.AsObject | MgmtExternalIDPView.AsObject): void {
const dialogRef = this.dialog.open(WarnDialogComponent, {
data: {
confirmKey: 'ACTIONS.REMOVE',
cancelKey: 'ACTIONS.CANCEL',
titleKey: 'USER.EXTERNALIDP.DIALOG.DELETE_TITLE',
descriptionKey: 'USER.EXTERNALIDP.DIALOG.DELETE_DESCRIPTION',
},
width: '400px',
});
dialogRef.afterClosed().subscribe(resp => {
if (resp) {
let promise;
if (this.service instanceof ManagementService) {
promise = (this.service as ManagementService).RemoveExternalIDP(idp.externalUserId, idp.idpConfigId, idp.userId);
promise = (this.service as ManagementService)
.RemoveExternalIDP(idp.externalUserId, idp.idpConfigId, idp.userId);
} else if (this.service instanceof GrpcAuthService) {
promise = (this.service as GrpcAuthService).RemoveExternalIDP(idp.externalUserId, idp.idpConfigId);
promise = (this.service as GrpcAuthService)
.RemoveExternalIDP(idp.externalUserId, idp.idpConfigId);
}
if (promise) {
promise.then(_ => {
this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
this.refreshPage();
}).catch((error: any) => {
this.toast.showError(error);
});
}
}
});
}
}

155
console/src/app/services/admin.service.ts
View File

@@ -9,6 +9,14 @@ import {
CreateUserRequest,
DefaultLoginPolicy,
DefaultLoginPolicyView,
DefaultPasswordAgePolicyRequest,
DefaultPasswordAgePolicyView,
DefaultPasswordComplexityPolicy,
DefaultPasswordComplexityPolicyRequest,
DefaultPasswordComplexityPolicyView,
DefaultPasswordLockoutPolicy,
DefaultPasswordLockoutPolicyRequest,
DefaultPasswordLockoutPolicyView,
FailedEventID,
FailedEvents,
IamMember,
@@ -31,6 +39,7 @@ import {
OrgIamPolicy,
OrgIamPolicyID,
OrgIamPolicyRequest,
OrgIamPolicyView,
OrgSetUpRequest,
OrgSetUpResponse,
RemoveIamMemberRequest,
@@ -91,6 +100,70 @@ export class AdminService {
return this.grpcService.admin.removeFailedEvent(req);
}
/* Policies */
/* complexity */
public GetDefaultPasswordComplexityPolicy(): Promise<DefaultPasswordComplexityPolicyView> {
const req = new Empty();
return this.grpcService.admin.getDefaultPasswordComplexityPolicy(req);
}
public UpdateDefaultPasswordComplexityPolicy(
hasLowerCase: boolean,
hasUpperCase: boolean,
hasNumber: boolean,
hasSymbol: boolean,
minLength: number,
): Promise<DefaultPasswordComplexityPolicy> {
const req = new DefaultPasswordComplexityPolicyRequest();
req.setHasLowercase(hasLowerCase);
req.setHasUppercase(hasUpperCase);
req.setHasNumber(hasNumber);
req.setHasSymbol(hasSymbol);
req.setMinLength(minLength);
return this.grpcService.admin.updateDefaultPasswordComplexityPolicy(req);
}
/* age */
public GetDefaultPasswordAgePolicy(): Promise<DefaultPasswordAgePolicyView> {
const req = new Empty();
return this.grpcService.admin.getDefaultPasswordAgePolicy(req);
}
public UpdateDefaultPasswordAgePolicy(
maxAgeDays: number,
expireWarnDays: number,
): Promise<DefaultPasswordAgePolicyView> {
const req = new DefaultPasswordAgePolicyRequest();
req.setMaxAgeDays(maxAgeDays);
req.setExpireWarnDays(expireWarnDays);
return this.grpcService.admin.updateDefaultPasswordAgePolicy(req);
}
/* lockout */
public GetDefaultPasswordLockoutPolicy(): Promise<DefaultPasswordLockoutPolicyView> {
const req = new Empty();
return this.grpcService.admin.getDefaultPasswordLockoutPolicy(req);
}
public UpdateDefaultPasswordLockoutPolicy(
maxAttempts: number,
showLockoutFailures: boolean,
): Promise<DefaultPasswordLockoutPolicy> {
const req = new DefaultPasswordLockoutPolicyRequest();
req.setMaxAttempts(maxAttempts);
req.setShowLockoutFailure(showLockoutFailures);
return this.grpcService.admin.updateDefaultPasswordLockoutPolicy(req);
}
/* login */
public GetDefaultLoginPolicy(
): Promise<DefaultLoginPolicyView> {
const req = new Empty();
@@ -101,6 +174,50 @@ export class AdminService {
return this.grpcService.admin.updateDefaultLoginPolicy(req);
}
/* org iam */
public GetOrgIamPolicy(orgId: string): Promise<OrgIamPolicyView> {
const req = new OrgIamPolicyID();
req.setOrgId(orgId);
return this.grpcService.admin.getOrgIamPolicy(req);
}
public CreateOrgIamPolicy(
orgId: string,
userLoginMustBeDomain: boolean): Promise<OrgIamPolicy> {
const req = new OrgIamPolicyRequest();
req.setOrgId(orgId);
req.setUserLoginMustBeDomain(userLoginMustBeDomain);
return this.grpcService.admin.createOrgIamPolicy(req);
}
public UpdateOrgIamPolicy(
orgId: string,
userLoginMustBeDomain: boolean): Promise<OrgIamPolicy> {
const req = new OrgIamPolicyRequest();
req.setOrgId(orgId);
req.setUserLoginMustBeDomain(userLoginMustBeDomain);
return this.grpcService.admin.updateOrgIamPolicy(req);
}
public RemoveOrgIamPolicy(
orgId: string,
): Promise<Empty> {
const req = new OrgIamPolicyID();
req.setOrgId(orgId);
return this.grpcService.admin.removeOrgIamPolicy(req);
}
/* admin iam */
public GetDefaultOrgIamPolicy(): Promise<OrgIamPolicyView> {
const req = new Empty();
return this.grpcService.admin.getDefaultOrgIamPolicy(req);
}
/* policies end */
public AddIdpProviderToDefaultLoginPolicy(configId: string): Promise<IdpProviderID> {
const req = new IdpProviderID();
req.setIdpConfigId(configId);
@@ -236,42 +353,4 @@ export class AdminService {
return this.grpcService.admin.changeIamMember(req);
}
public GetOrgIamPolicy(orgId: string): Promise<OrgIamPolicy> {
const req = new OrgIamPolicyID();
req.setOrgId(orgId);
return this.grpcService.admin.getOrgIamPolicy(req);
}
public CreateOrgIamPolicy(
orgId: string,
description: string,
userLoginMustBeDomain: boolean): Promise<OrgIamPolicy> {
const req = new OrgIamPolicyRequest();
req.setOrgId(orgId);
req.setDescription(description);
req.setUserLoginMustBeDomain(userLoginMustBeDomain);
return this.grpcService.admin.createOrgIamPolicy(req);
}
public UpdateOrgIamPolicy(
orgId: string,
description: string,
userLoginMustBeDomain: boolean): Promise<OrgIamPolicy> {
const req = new OrgIamPolicyRequest();
req.setOrgId(orgId);
req.setDescription(description);
req.setUserLoginMustBeDomain(userLoginMustBeDomain);
return this.grpcService.admin.updateOrgIamPolicy(req);
}
public deleteOrgIamPolicy(
orgId: string,
): Promise<Empty> {
const req = new OrgIamPolicyID();
req.setOrgId(orgId);
return this.grpcService.admin.deleteOrgIamPolicy(req);
}
}

79
console/src/app/services/mgmt.service.ts
View File

@@ -41,6 +41,7 @@ import {
IdpView,
LoginName,
LoginPolicy,
LoginPolicyRequest,
LoginPolicyView,
MachineKeyIDRequest,
MachineKeySearchRequest,
@@ -64,24 +65,20 @@ import {
OrgDomainValidationRequest,
OrgDomainValidationResponse,
OrgDomainValidationType,
OrgIamPolicy,
OrgIamPolicyView,
OrgMember,
OrgMemberRoles,
OrgMemberSearchRequest,
OrgMemberSearchResponse,
OrgView,
PasswordAgePolicy,
PasswordAgePolicyCreate,
PasswordAgePolicyID,
PasswordAgePolicyUpdate,
PasswordAgePolicyRequest,
PasswordAgePolicyView,
PasswordComplexityPolicy,
PasswordComplexityPolicyCreate,
PasswordComplexityPolicyID,
PasswordComplexityPolicyUpdate,
PasswordComplexityPolicyRequest,
PasswordComplexityPolicyView,
PasswordLockoutPolicy,
PasswordLockoutPolicyCreate,
PasswordLockoutPolicyID,
PasswordLockoutPolicyUpdate,
PasswordLockoutPolicyRequest,
PasswordRequest,
PrimaryOrgDomainRequest,
Project,
@@ -188,10 +185,14 @@ export class ManagementService {
return this.grpcService.mgmt.getLoginPolicy(req);
}
public UpdateLoginPolicy(req: LoginPolicy): Promise<LoginPolicy> {
public UpdateLoginPolicy(req: LoginPolicyRequest): Promise<LoginPolicy> {
return this.grpcService.mgmt.updateLoginPolicy(req);
}
public CreateLoginPolicy(req: LoginPolicyRequest): Promise<LoginPolicy> {
return this.grpcService.mgmt.createLoginPolicy(req);
}
public RemoveLoginPolicy(): Promise<Empty> {
return this.grpcService.mgmt.removeLoginPolicy(new Empty());
}
@@ -498,63 +499,56 @@ export class ManagementService {
// Policy
public GetMyOrgIamPolicy(): Promise<OrgIamPolicy> {
public GetMyOrgIamPolicy(): Promise<OrgIamPolicyView> {
const req = new Empty();
return this.grpcService.mgmt.getMyOrgIamPolicy(req);
}
public GetPasswordAgePolicy(): Promise<PasswordAgePolicy> {
public GetPasswordAgePolicy(): Promise<PasswordAgePolicyView> {
const req = new Empty();
return this.grpcService.mgmt.getPasswordAgePolicy(req);
}
public CreatePasswordAgePolicy(
description: string,
maxAgeDays: number,
expireWarnDays: number,
): Promise<PasswordAgePolicy> {
const req = new PasswordAgePolicyCreate();
req.setDescription(description);
const req = new PasswordAgePolicyRequest();
req.setMaxAgeDays(maxAgeDays);
req.setExpireWarnDays(expireWarnDays);
return this.grpcService.mgmt.createPasswordAgePolicy(req);
}
public DeletePasswordAgePolicy(id: string): Promise<Empty> {
const req = new PasswordAgePolicyID();
req.setId(id);
return this.grpcService.mgmt.deletePasswordAgePolicy(req);
public RemovePasswordAgePolicy(): Promise<Empty> {
const req = new Empty();
return this.grpcService.mgmt.removePasswordAgePolicy(req);
}
public UpdatePasswordAgePolicy(
description: string,
maxAgeDays: number,
expireWarnDays: number,
): Promise<PasswordAgePolicy> {
const req = new PasswordAgePolicyUpdate();
req.setDescription(description);
const req = new PasswordAgePolicyRequest();
req.setMaxAgeDays(maxAgeDays);
req.setExpireWarnDays(expireWarnDays);
return this.grpcService.mgmt.updatePasswordAgePolicy(req);
}
public GetPasswordComplexityPolicy(): Promise<PasswordComplexityPolicy> {
public GetPasswordComplexityPolicy(): Promise<PasswordComplexityPolicyView> {
const req = new Empty();
return this.grpcService.mgmt.getPasswordComplexityPolicy(req);
}
public CreatePasswordComplexityPolicy(
description: string,
hasLowerCase: boolean,
hasUpperCase: boolean,
hasNumber: boolean,
hasSymbol: boolean,
minLength: number,
): Promise<PasswordComplexityPolicy> {
const req = new PasswordComplexityPolicyCreate();
req.setDescription(description);
const req = new PasswordComplexityPolicyRequest();
req.setHasLowercase(hasLowerCase);
req.setHasUppercase(hasUpperCase);
req.setHasNumber(hasNumber);
@@ -563,22 +557,19 @@ export class ManagementService {
return this.grpcService.mgmt.createPasswordComplexityPolicy(req);
}
public DeletePasswordComplexityPolicy(id: string): Promise<Empty> {
const req = new PasswordComplexityPolicyID();
req.setId(id);
return this.grpcService.mgmt.deletePasswordComplexityPolicy(req);
public removePasswordComplexityPolicy(): Promise<Empty> {
const req = new Empty();
return this.grpcService.mgmt.removePasswordComplexityPolicy(req);
}
public UpdatePasswordComplexityPolicy(
description: string,
hasLowerCase: boolean,
hasUpperCase: boolean,
hasNumber: boolean,
hasSymbol: boolean,
minLength: number,
): Promise<PasswordComplexityPolicy> {
const req = new PasswordComplexityPolicyUpdate();
req.setDescription(description);
const req = new PasswordComplexityPolicy();
req.setHasLowercase(hasLowerCase);
req.setHasUppercase(hasUpperCase);
req.setHasNumber(hasNumber);
@@ -594,34 +585,28 @@ export class ManagementService {
}
public CreatePasswordLockoutPolicy(
description: string,
maxAttempts: number,
showLockoutFailures: boolean,
): Promise<PasswordLockoutPolicy> {
const req = new PasswordLockoutPolicyCreate();
req.setDescription(description);
const req = new PasswordLockoutPolicyRequest();
req.setMaxAttempts(maxAttempts);
req.setShowLockOutFailures(showLockoutFailures);
req.setShowLockoutFailure(showLockoutFailures);
return this.grpcService.mgmt.createPasswordLockoutPolicy(req);
}
public DeletePasswordLockoutPolicy(id: string): Promise<Empty> {
const req = new PasswordLockoutPolicyID();
req.setId(id);
return this.grpcService.mgmt.deletePasswordLockoutPolicy(req);
public RemovePasswordLockoutPolicy(): Promise<Empty> {
const req = new Empty();
return this.grpcService.mgmt.removePasswordLockoutPolicy(req);
}
public UpdatePasswordLockoutPolicy(
description: string,
maxAttempts: number,
showLockoutFailures: boolean,
): Promise<PasswordLockoutPolicy> {
const req = new PasswordLockoutPolicyUpdate();
req.setDescription(description);
const req = new PasswordLockoutPolicy();
req.setMaxAttempts(maxAttempts);
req.setShowLockOutFailures(showLockoutFailures);
req.setShowLockoutFailure(showLockoutFailures);
return this.grpcService.mgmt.updatePasswordLockoutPolicy(req);
}

19
console/src/assets/i18n/de.json
View File

@@ -61,6 +61,7 @@
"REFRESH":"Aktualisieren",
"LOGIN":"Einloggen",
"EDIT":"Bearbeiten",
"PIN":"Anpinnen",
"CONFIGURE":"Konfigurieren"
},
"ERRORS": {
@@ -139,7 +140,11 @@
"IDPCONFIGID": "Idp Konfig ID",
"IDPNAME": "Idp Name",
"USERDISPLAYNAME": "Externer Name",
"EXTERNALUSERID": "Externe Benutzer ID"
"EXTERNALUSERID": "Externe Benutzer ID",
"DIALOG": {
"REMOVE_TITLE":"Idp entfernen",
"REMOVE_DESCRIPTION":"Sie sind im Begriff einen Identity Provider zu entfernen. Wollen Sie dies wirklich tun?"
}
},
"CREATE": {
"TITLE": "Neuen Benutzer erstellen",
@@ -443,9 +448,11 @@
"TITLE":"Login Richtlinien",
"DESCRIPTION":"Definiere die Loginmethoden für Benutzer",
"TITLECREATE":"Definiere die Loginmethoden für Benutzer",
"DESCRIPTIONCREATEADMIN":"Nutzer können Sich mit den verfügbaren Idps authentifizieren.",
"DESCRIPTIONCREATEMGMT":"Nutzer können Sich mit den verfügbaren Idps authentifizieren. Achtung: Es kann von System-, sowie von selbsterstellten Providern Ihrer Organisation gewählt werden."
"DESCRIPTIONCREATEADMIN":"Nutzer können sich mit den verfügbaren Idps authentifizieren.",
"DESCRIPTIONCREATEMGMT":"Nutzer können sich mit den verfügbaren Idps authentifizieren. Achtung: Es kann zwischen System- und organisationsspezifischen Providern gewählt werden.",
"SAVED":"Erfolgreich gespeichert."
},
"DEFAULTLABEL":"Die aktuelle Richtlinie entspricht der IAM-Standard Einstellung.",
"BTN_INSTALL":"Installieren",
"BTN_EDIT":"Modifizieren",
"DATA": {
@@ -464,7 +471,11 @@
"ALLOWEXTERNALIDP":"Externer IDP erlaubt",
"ALLOWREGISTER":"Registrieren erlaubt"
},
"DELETE":"Richtlinie entfernen/zurücksetzen"
"RESET":"Richtlinie zurücksetzen",
"TOAST":{
"SET":"Richtline erfolgreich gesetzt!",
"RESETSUCCESS":"Richtline zurückgesetzt!"
}
},
"TOAST": {
"DEACTIVATED":"Organisation deaktiviert.",

17
console/src/assets/i18n/en.json
View File

@@ -61,6 +61,7 @@
"REFRESH":"Refresh",
"LOGIN":"Login",
"EDIT":"Edit",
"PIN":"Pin / Unpin",
"CONFIGURE":"Configure"
},
"ERRORS": {
@@ -139,7 +140,11 @@
"IDPCONFIGID": "Idp Config ID",
"IDPNAME": "Idp Name",
"USERDISPLAYNAME": "External Name",
"EXTERNALUSERID": "External User ID"
"EXTERNALUSERID": "External User ID",
"DIALOG": {
"REMOVE_TITLE":"Remove IDP",
"REMOVE_DESCRIPTION":"You are about to delete an Identity Provider from a user. Do you really want to continue?"
}
},
"CREATE": {
"TITLE": "Create a New User",
@@ -444,8 +449,10 @@
"DESCRIPTION":"Define how Users can be authenticated",
"TITLECREATE":"Define how Users can be authenticated",
"DESCRIPTIONCREATEADMIN":"Users can choose from the available identity providers below.",
"DESCRIPTIONCREATEMGMT":"Users can choose from the available identity providers below. Note: You can use System-set providers as well as providers set for your organisation only."
"DESCRIPTIONCREATEMGMT":"Users can choose from the available identity providers below. Note: You can use System-set providers as well as providers set for your organisation only.",
"SAVED":"Saved successfully!"
},
"DEFAULTLABEL":"The currently set guideline corresponds to the standard setting set by the IAM Administrator.",
"BTN_INSTALL":"Setup",
"BTN_EDIT":"Modify",
"DATA": {
@@ -464,7 +471,11 @@
"ALLOWEXTERNALIDP":"External IDP allowed",
"ALLOWREGISTER":"Register allowed"
},
"DELETE":"Uninstall/Reset Policy"
"RESET":"Reset Policy",
"TOAST":{
"SET":"Policy set successfully!",
"RESETSUCCESS":"Policy reset successfully!"
}
},
"TOAST": {
"DEACTIVATED":"Organisation deactivated.",

72
internal/admin/repository/eventsourcing/eventstore/iam.go
View File

@@ -242,3 +242,75 @@ func (repo *IAMRepository) RemoveIDPProviderFromLoginPolicy(ctx context.Context,
}
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *IAMRepository) GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return iam_es_model.PasswordComplexityViewToModel(policy), nil
}
func (repo *IAMRepository) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddPasswordComplexityPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangePasswordComplexityPolicy(ctx, policy)
}
func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) {
policy, err := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return iam_es_model.PasswordAgeViewToModel(policy), nil
}
func (repo *IAMRepository) AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddPasswordAgePolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangePasswordAgePolicy(ctx, policy)
}
func (repo *IAMRepository) GetDefaultPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error) {
policy, err := repo.View.PasswordLockoutPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return iam_es_model.PasswordLockoutViewToModel(policy), nil
}
func (repo *IAMRepository) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddPasswordLockoutPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangePasswordLockoutPolicy(ctx, policy)
}
func (repo *IAMRepository) GetOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) {
policy, err := repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return iam_es_model.OrgIAMViewToModel(policy), nil
}
func (repo *IAMRepository) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeOrgIAMPolicy(ctx, policy)
}

42
internal/admin/repository/eventsourcing/eventstore/org.go
View File

@@ -2,6 +2,9 @@ package eventstore
import (
"context"
"github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_view "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/logging"
admin_model "github.com/caos/zitadel/internal/admin/model"
@@ -10,11 +13,10 @@ import (
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/sdk"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/org/repository/view/model"
policy_model "github.com/caos/zitadel/internal/policy/model"
policy_es "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
@@ -26,7 +28,6 @@ type OrgRepo struct {
Eventstore eventstore.Eventstore
OrgEventstore *org_es.OrgEventstore
UserEventstore *usr_es.UserEventstore
PolicyEventstore *policy_es.PolicyEventstore
View *admin_view.View
@@ -35,11 +36,12 @@ type OrgRepo struct {
}
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
pwPolicy, err := repo.PolicyEventstore.GetPasswordComplexityPolicy(ctx, policy_model.DefaultPolicy)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
pwPolicyView := iam_view.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.GetDefaultOrgIAMPolicy(ctx)
if err != nil {
return nil, err
}
@@ -54,7 +56,7 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg)
if err != nil {
return nil, err
}
user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, pwPolicy, orgPolicy, org.AggregateID)
user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, pwPolicyView, orgPolicy, org.AggregateID)
if err != nil {
return nil, err
}
@@ -92,7 +94,7 @@ func (repo *OrgRepo) SearchOrgs(ctx context.Context, query *org_model.OrgSearchR
result := &org_model.OrgSearchResult{
Offset: query.Offset,
Limit: query.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.OrgsToModel(orgs),
}
if err == nil {
@@ -106,18 +108,34 @@ func (repo *OrgRepo) IsOrgUnique(ctx context.Context, name, domain string) (isUn
return repo.OrgEventstore.IsOrgUnique(ctx, name, domain)
}
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, id)
func (repo *OrgRepo) GetOrgIAMPolicyByID(ctx context.Context, id string) (*iam_model.OrgIAMPolicyView, error) {
policy, err := repo.View.OrgIAMPolicyByAggregateID(id)
if errors.IsNotFound(err) {
return repo.GetDefaultOrgIAMPolicy(ctx)
}
if err != nil {
return nil, err
}
return iam_es_model.OrgIAMViewToModel(policy), err
}
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
func (repo *OrgRepo) GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) {
policy, err := repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
policy.Default = true
return iam_es_model.OrgIAMViewToModel(policy), err
}
func (repo *OrgRepo) CreateOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
func (repo *OrgRepo) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.ChangeOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) RemoveOrgIamPolicy(ctx context.Context, id string) error {
func (repo *OrgRepo) RemoveOrgIAMPolicy(ctx context.Context, id string) error {
return repo.OrgEventstore.RemoveOrgIAMPolicy(ctx, id)
}

37
internal/admin/repository/eventsourcing/eventstore/user.go
View File

@@ -2,18 +2,22 @@ package eventstore
import (
"context"
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_view "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/api/authz"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
usr_model "github.com/caos/zitadel/internal/user/model"
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
type UserRepo struct {
UserEvents *usr_event.UserEventstore
PolicyEvents *policy_event.PolicyEventstore
OrgEvents *org_event.OrgEventstore
View *admin_view.View
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_model.User, err error) {
@@ -21,15 +25,23 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_mod
}
func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) {
pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if caos_errs.IsNotFound(err) {
pwPolicy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
pwPolicyView := iam_view.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if err != nil && caos_errs.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return repo.UserEvents.CreateUser(ctx, user, pwPolicy, orgPolicy)
}
orgPolicyView := iam_view.OrgIAMViewToModel(orgPolicy)
return repo.UserEvents.CreateUser(ctx, user, pwPolicyView, orgPolicyView)
}
func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*usr_model.User, error) {
@@ -37,13 +49,22 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
if resourceOwner != "" {
policyResourceOwner = resourceOwner
}
pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(policyResourceOwner)
if caos_errs.IsNotFound(err) {
pwPolicy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
pwPolicyView := iam_view.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(policyResourceOwner)
if caos_errs.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
return repo.UserEvents.RegisterUser(ctx, user, pwPolicy, orgPolicy, resourceOwner)
orgPolicyView := iam_view.OrgIAMViewToModel(orgPolicy)
return repo.UserEvents.RegisterUser(ctx, user, pwPolicyView, orgPolicyView, resourceOwner)
}

6
internal/admin/repository/eventsourcing/handler/handler.go
View File

@@ -42,7 +42,11 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount},
systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount},
eventstore: eventstore, orgEvents: repos.OrgEvents},
eventstore: eventstore, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, systemDefaults: defaults},
&PasswordComplexityPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount}},
&PasswordAgePolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount}},
&PasswordLockoutPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordLockoutPolicy"), errorCount}},
&OrgIAMPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount}},
&ExternalIDP{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount},
orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, systemDefaults: defaults},
}

69
internal/admin/repository/eventsourcing/handler/org_iam_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type OrgIAMPolicy struct {
handler
}
const (
orgIAMPolicyTable = "adminapi.org_iam_policies"
)
func (m *OrgIAMPolicy) ViewModel() string {
return orgIAMPolicyTable
}
func (m *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestOrgIAMPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processOrgIAMPolicy(event)
}
return err
}
func (m *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
policy := new(iam_model.OrgIAMPolicyView)
switch event.Type {
case iam_es_model.OrgIAMPolicyAdded, model.OrgIAMPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.OrgIAMPolicyChanged, model.OrgIAMPolicyChanged:
policy, err = m.view.OrgIAMPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.OrgIAMPolicyRemoved:
return m.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedOrgIAMPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutOrgIAMPolicy(policy, policy.Sequence)
}
func (m *OrgIAMPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Wm8fs", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgIAM policy handler")
return spooler.HandleError(event, err, m.view.GetLatestOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicySequence, m.errorCountUntilSkip)
}

69
internal/admin/repository/eventsourcing/handler/password_age_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordAgePolicy struct {
handler
}
const (
passwordAgePolicyTable = "adminapi.password_age_policies"
)
func (m *PasswordAgePolicy) ViewModel() string {
return passwordAgePolicyTable
}
func (m *PasswordAgePolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestPasswordAgePolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *PasswordAgePolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processPasswordAgePolicy(event)
}
return err
}
func (m *PasswordAgePolicy) processPasswordAgePolicy(event *models.Event) (err error) {
policy := new(iam_model.PasswordAgePolicyView)
switch event.Type {
case iam_es_model.PasswordAgePolicyAdded, model.PasswordAgePolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordAgePolicyChanged, model.PasswordAgePolicyChanged:
policy, err = m.view.PasswordAgePolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordAgePolicyRemoved:
return m.view.DeletePasswordAgePolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedPasswordAgePolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutPasswordAgePolicy(policy, policy.Sequence)
}
func (m *PasswordAgePolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-nD8sie", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordAge policy handler")
return spooler.HandleError(event, err, m.view.GetLatestPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicySequence, m.errorCountUntilSkip)
}

69
internal/admin/repository/eventsourcing/handler/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordComplexityPolicy struct {
handler
}
const (
passwordComplexityPolicyTable = "adminapi.password_complexity_policies"
)
func (m *PasswordComplexityPolicy) ViewModel() string {
return passwordComplexityPolicyTable
}
func (m *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestPasswordComplexityPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *PasswordComplexityPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processPasswordComplexityPolicy(event)
}
return err
}
func (m *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models.Event) (err error) {
policy := new(iam_model.PasswordComplexityPolicyView)
switch event.Type {
case iam_es_model.PasswordComplexityPolicyAdded, model.PasswordComplexityPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordComplexityPolicyChanged, model.PasswordComplexityPolicyChanged:
policy, err = m.view.PasswordComplexityPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordComplexityPolicyRemoved:
return m.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedPasswordComplexityPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutPasswordComplexityPolicy(policy, policy.Sequence)
}
func (m *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Wm8fs", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordComplexity policy handler")
return spooler.HandleError(event, err, m.view.GetLatestPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicySequence, m.errorCountUntilSkip)
}

69
internal/admin/repository/eventsourcing/handler/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordLockoutPolicy struct {
handler
}
const (
passwordLockoutPolicyTable = "adminapi.password_lockout_policies"
)
func (m *PasswordLockoutPolicy) ViewModel() string {
return passwordLockoutPolicyTable
}
func (m *PasswordLockoutPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestPasswordLockoutPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *PasswordLockoutPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processPasswordLockoutPolicy(event)
}
return err
}
func (m *PasswordLockoutPolicy) processPasswordLockoutPolicy(event *models.Event) (err error) {
policy := new(iam_model.PasswordLockoutPolicyView)
switch event.Type {
case iam_es_model.PasswordLockoutPolicyAdded, model.PasswordLockoutPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordLockoutPolicyChanged, model.PasswordLockoutPolicyChanged:
policy, err = m.view.PasswordLockoutPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordLockoutPolicyRemoved:
return m.view.DeletePasswordLockoutPolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedPasswordLockoutPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutPasswordLockoutPolicy(policy, policy.Sequence)
}
func (m *PasswordLockoutPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-nD8sie", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordLockout policy handler")
return spooler.HandleError(event, err, m.view.GetLatestPasswordLockoutPolicyFailedEvent, m.view.ProcessedPasswordLockoutPolicyFailedEvent, m.view.ProcessedPasswordLockoutPolicySequence, m.errorCountUntilSkip)
}

19
internal/admin/repository/eventsourcing/handler/user.go
View File

@@ -2,6 +2,8 @@ package handler
import (
"context"
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"github.com/caos/logging"
@@ -20,6 +22,8 @@ type User struct {
handler
eventstore eventstore.Eventstore
orgEvents *org_events.OrgEventstore
iamEvents *iam_es.IAMEventstore
systemDefaults systemdefaults.SystemDefaults
}
const (
@@ -136,10 +140,13 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
policy := org.OrgIamPolicy
if policy == nil {
policy, err = u.iamEvents.GetOrgIAMPolicy(context.Background(), u.systemDefaults.IamID)
if err != nil {
return err
}
}
users, err := u.view.UsersByOrgID(event.AggregateID)
if err != nil {
return err
@@ -155,10 +162,13 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
policy := org.OrgIamPolicy
if policy == nil {
policy, err = u.iamEvents.GetOrgIAMPolicy(context.Background(), u.systemDefaults.IamID)
if err != nil {
return err
}
}
if !policy.UserLoginMustBeDomain {
return nil
}
@@ -177,10 +187,13 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
policy := org.OrgIamPolicy
if policy == nil {
policy, err = u.iamEvents.GetOrgIAMPolicy(context.Background(), u.systemDefaults.IamID)
if err != nil {
return err
}
}
user.SetLoginNames(policy, org.Domains)
user.PreferredLoginName = user.GenerateLoginName(org.GetPrimaryDomain().Domain, policy.UserLoginMustBeDomain)
return nil

16
internal/admin/repository/eventsourcing/repository.go
View File

@@ -13,7 +13,6 @@ import (
es_spol "github.com/caos/zitadel/internal/eventstore/spooler"
es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
es_org "github.com/caos/zitadel/internal/org/repository/eventsourcing"
es_policy "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
@@ -30,6 +29,7 @@ type EsRepository struct {
eventstore.OrgRepo
eventstore.IAMRepository
eventstore.AdministratorRepo
eventstore.UserRepo
}
func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRepository, error) {
@@ -55,13 +55,6 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
if err != nil {
return nil, err
}
policy, err := es_policy.StartPolicy(es_policy.PolicyConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
}, systemDefaults)
if err != nil {
return nil, err
}
sqlClient, err := conf.View.Start()
if err != nil {
return nil, err
@@ -79,7 +72,6 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
Eventstore: es,
OrgEventstore: org,
UserEventstore: user,
PolicyEventstore: policy,
View: view,
SearchLimit: conf.SearchLimit,
SystemDefaults: systemDefaults,
@@ -96,6 +88,12 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
AdministratorRepo: eventstore.AdministratorRepo{
View: view,
},
UserRepo: eventstore.UserRepo{
UserEvents: user,
OrgEvents: org,
View: view,
SystemDefaults: systemDefaults,
},
}, nil
}

48
internal/admin/repository/eventsourcing/view/org_iam_policy.go Normal file
View File

@@ -0,0 +1,48 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
orgIAMPolicyTable = "adminapi.org_iam_policies"
)
func (v *View) OrgIAMPolicyByAggregateID(aggregateID string) (*model.OrgIAMPolicyView, error) {
return view.GetOrgIAMPolicyByAggregateID(v.Db, orgIAMPolicyTable, aggregateID)
}
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, sequence uint64) error {
err := view.PutOrgIAMPolicy(v.Db, orgIAMPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedOrgIAMPolicySequence(sequence)
}
func (v *View) DeleteOrgIAMPolicy(aggregateID string, eventSequence uint64) error {
err := view.DeleteOrgIAMPolicy(v.Db, orgIAMPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedOrgIAMPolicySequence(eventSequence)
}
func (v *View) GetLatestOrgIAMPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(orgIAMPolicyTable)
}
func (v *View) ProcessedOrgIAMPolicySequence(eventSequence uint64) error {
return v.saveCurrentSequence(orgIAMPolicyTable, eventSequence)
}
func (v *View) GetLatestOrgIAMPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(orgIAMPolicyTable, sequence)
}
func (v *View) ProcessedOrgIAMPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

48
internal/admin/repository/eventsourcing/view/password_age_policy.go Normal file
View File

@@ -0,0 +1,48 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
passwordAgePolicyTable = "adminapi.password_age_policies"
)
func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.PasswordAgePolicyView, error) {
return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID)
}
func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, sequence uint64) error {
err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordAgePolicySequence(sequence)
}
func (v *View) DeletePasswordAgePolicy(aggregateID string, eventSequence uint64) error {
err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordAgePolicySequence(eventSequence)
}
func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordAgePolicyTable)
}
func (v *View) ProcessedPasswordAgePolicySequence(eventSequence uint64) error {
return v.saveCurrentSequence(passwordAgePolicyTable, eventSequence)
}
func (v *View) GetLatestPasswordAgePolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(passwordAgePolicyTable, sequence)
}
func (v *View) ProcessedPasswordAgePolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

48
internal/admin/repository/eventsourcing/view/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,48 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
passwordComplexityPolicyTable = "adminapi.password_complexity_policies"
)
func (v *View) PasswordComplexityPolicyByAggregateID(aggregateID string) (*model.PasswordComplexityPolicyView, error) {
return view.GetPasswordComplexityPolicyByAggregateID(v.Db, passwordComplexityPolicyTable, aggregateID)
}
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, sequence uint64) error {
err := view.PutPasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(sequence)
}
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, eventSequence uint64) error {
err := view.DeletePasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(eventSequence)
}
func (v *View) GetLatestPasswordComplexityPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordComplexityPolicyTable)
}
func (v *View) ProcessedPasswordComplexityPolicySequence(eventSequence uint64) error {
return v.saveCurrentSequence(passwordComplexityPolicyTable, eventSequence)
}
func (v *View) GetLatestPasswordComplexityPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(passwordComplexityPolicyTable, sequence)
}
func (v *View) ProcessedPasswordComplexityPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

48
internal/admin/repository/eventsourcing/view/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,48 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
passwordLockoutPolicyTable = "adminapi.password_lockout_policies"
)
func (v *View) PasswordLockoutPolicyByAggregateID(aggregateID string) (*model.PasswordLockoutPolicyView, error) {
return view.GetPasswordLockoutPolicyByAggregateID(v.Db, passwordLockoutPolicyTable, aggregateID)
}
func (v *View) PutPasswordLockoutPolicy(policy *model.PasswordLockoutPolicyView, sequence uint64) error {
err := view.PutPasswordLockoutPolicy(v.Db, passwordLockoutPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordLockoutPolicySequence(sequence)
}
func (v *View) DeletePasswordLockoutPolicy(aggregateID string, eventSequence uint64) error {
err := view.DeletePasswordLockoutPolicy(v.Db, passwordLockoutPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordLockoutPolicySequence(eventSequence)
}
func (v *View) GetLatestPasswordLockoutPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordLockoutPolicyTable)
}
func (v *View) ProcessedPasswordLockoutPolicySequence(eventSequence uint64) error {
return v.saveCurrentSequence(passwordLockoutPolicyTable, eventSequence)
}
func (v *View) GetLatestPasswordLockoutPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(passwordLockoutPolicyTable, sequence)
}
func (v *View) ProcessedPasswordLockoutPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

16
internal/admin/repository/iam.go
View File

@@ -28,4 +28,20 @@ type IAMRepository interface {
SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error)
RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error
GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error)
AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error)
ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error)
GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error)
AddDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error)
ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error)
GetDefaultPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error)
AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error)
ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error)
GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error)
AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error)
ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error)
}

10
internal/admin/repository/org.go
View File

@@ -2,6 +2,7 @@ package repository
import (
"context"
iam_model "github.com/caos/zitadel/internal/iam/model"
admin_model "github.com/caos/zitadel/internal/admin/model"
org_model "github.com/caos/zitadel/internal/org/model"
@@ -13,8 +14,9 @@ type OrgRepository interface {
OrgByID(ctx context.Context, id string) (*org_model.Org, error)
SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error)
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error)
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
RemoveOrgIamPolicy(ctx context.Context, id string) error
GetOrgIAMPolicyByID(ctx context.Context, id string) (*iam_model.OrgIAMPolicyView, error)
GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error)
CreateOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error)
ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error)
RemoveOrgIAMPolicy(ctx context.Context, id string) error
}

8
internal/api/api.go
View File

@@ -103,20 +103,20 @@ func handleReadiness(checks []ValidationFunction) func(w http.ResponseWriter, r
return func(w http.ResponseWriter, r *http.Request) {
err := validate(r.Context(), checks)
if err == nil {
http_util.MarshalJSON(w, "ok")
http_util.MarshalJSON(w, "ok", nil, http.StatusOK)
return
}
http_util.MarshalJSON(w, err)
http_util.MarshalJSON(w, nil, err, http.StatusPreconditionFailed)
}
}
func (a *API) handleClientID(w http.ResponseWriter, r *http.Request) {
id, err := a.health.VerifierClientID(r.Context(), "Zitadel Console")
if err != nil {
http_util.MarshalJSON(w, err)
http_util.MarshalJSON(w, nil, err, http.StatusPreconditionFailed)
return
}
http_util.MarshalJSON(w, id)
http_util.MarshalJSON(w, id, nil, http.StatusOK)
}
type ValidationFunction func(ctx context.Context) error

2
internal/api/grpc/admin/login_policy.go
View File

@@ -14,7 +14,7 @@ func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*ad
return loginPolicyViewFromModel(result), nil
}
func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicy) (*admin.DefaultLoginPolicy, error) {
func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicyRequest) (*admin.DefaultLoginPolicy, error) {
result, err := s.iam.ChangeDefaultLoginPolicy(ctx, loginPolicyToModel(policy))
if err != nil {
return nil, err

20
internal/api/grpc/admin/login_policy_converter.go
View File

@@ -1,11 +1,13 @@
package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes"
)
func loginPolicyToModel(policy *admin.DefaultLoginPolicy) *iam_model.LoginPolicy {
func loginPolicyToModel(policy *admin.DefaultLoginPolicyRequest) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
@@ -14,18 +16,34 @@ func loginPolicyToModel(policy *admin.DefaultLoginPolicy) *iam_model.LoginPolicy
}
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-3Fsm9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-5Gsko").OnError(err).Debug("date parse failed")
return &admin.DefaultLoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultLoginPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-3Gk9s").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-6Jlos").OnError(err).Debug("date parse failed")
return &admin.DefaultLoginPolicyView{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

34
internal/api/grpc/admin/org.go
View File

@@ -38,31 +38,47 @@ func (s *Server) SetUpOrg(ctx context.Context, orgSetUp *admin.OrgSetUpRequest)
return setUpOrgResponseFromModel(setUp), err
}
func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.GetOrgIamPolicyByID(ctx, in.OrgId)
func (s *Server) GetDefaultOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *admin.OrgIamPolicyView, err error) {
policy, err := s.iam.GetDefaultOrgIAMPolicy(ctx)
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
return orgIAMPolicyViewFromModel(policy), err
}
func (s *Server) UpdateDefaultOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.iam.ChangeDefaultOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in))
if err != nil {
return nil, err
}
return orgIAMPolicyFromModel(policy), err
}
func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *admin.OrgIamPolicyView, err error) {
policy, err := s.org.GetOrgIAMPolicyByID(ctx, in.OrgId)
if err != nil {
return nil, err
}
return orgIAMPolicyViewFromModel(policy), err
}
func (s *Server) CreateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.CreateOrgIamPolicy(ctx, orgIamPolicyRequestToModel(in))
policy, err := s.org.CreateOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in))
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
return orgIAMPolicyFromModel(policy), err
}
func (s *Server) UpdateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.ChangeOrgIamPolicy(ctx, orgIamPolicyRequestToModel(in))
policy, err := s.org.ChangeOrgIAMPolicy(ctx, orgIAMPolicyRequestToModel(in))
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
return orgIAMPolicyFromModel(policy), err
}
func (s *Server) DeleteOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *empty.Empty, err error) {
err = s.org.RemoveOrgIamPolicy(ctx, in.OrgId)
func (s *Server) RemoveOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *empty.Empty, err error) {
err = s.org.RemoveOrgIAMPolicy(ctx, in.OrgId)
return &empty.Empty{}, err
}

25
internal/api/grpc/admin/org_converter.go
View File

@@ -2,6 +2,7 @@ package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/golang/protobuf/ptypes"
admin_model "github.com/caos/zitadel/internal/admin/model"
@@ -196,7 +197,7 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod {
}
}
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *admin.OrgIamPolicy {
func orgIAMPolicyFromModel(policy *iam_model.OrgIAMPolicy) *admin.OrgIamPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
@@ -205,20 +206,32 @@ func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *admin.OrgIamPolicy {
return &admin.OrgIamPolicy{
OrgId: policy.AggregateID,
Description: policy.Description,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIAMPolicy {
return &org_model.OrgIAMPolicy{
func orgIAMPolicyViewFromModel(policy *iam_model.OrgIAMPolicyView) *admin.OrgIamPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-Ps9fW").OnError(err).Debug("unable to get timestamp from time")
return &admin.OrgIamPolicyView{
OrgId: policy.AggregateID,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func orgIAMPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *iam_model.OrgIAMPolicy {
return &iam_model.OrgIAMPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.OrgId,
},
Description: policy.Description,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}

23
internal/api/grpc/admin/password_age_policy.go Normal file
View File

@@ -0,0 +1,23 @@
package admin
import (
"context"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordAgePolicyView, error) {
result, err := s.iam.GetDefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyViewFromModel(result), nil
}
func (s *Server) UpdateDefaultPasswordAgePolicy(ctx context.Context, policy *admin.DefaultPasswordAgePolicyRequest) (*admin.DefaultPasswordAgePolicy, error) {
result, err := s.iam.ChangeDefaultPasswordAgePolicy(ctx, passwordAgePolicyToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(result), nil
}

45
internal/api/grpc/admin/password_age_policy_converter.go Normal file
View File

@@ -0,0 +1,45 @@
package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes"
)
func passwordAgePolicyToModel(policy *admin.DefaultPasswordAgePolicyRequest) *iam_model.PasswordAgePolicy {
return &iam_model.PasswordAgePolicy{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func passwordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *admin.DefaultPasswordAgePolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-mH9os").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-3tGs9").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordAgePolicy{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func passwordAgePolicyViewFromModel(policy *iam_model.PasswordAgePolicyView) *admin.DefaultPasswordAgePolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-2Gs9o").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-8Hjss").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordAgePolicyView{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

23
internal/api/grpc/admin/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,23 @@
package admin
import (
"context"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordComplexityPolicyView, error) {
result, err := s.iam.GetDefaultPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyViewFromModel(result), nil
}
func (s *Server) UpdateDefaultPasswordComplexityPolicy(ctx context.Context, policy *admin.DefaultPasswordComplexityPolicyRequest) (*admin.DefaultPasswordComplexityPolicy, error) {
result, err := s.iam.ChangeDefaultPasswordComplexityPolicy(ctx, passwordComplexityPolicyToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(result), nil
}

54
internal/api/grpc/admin/password_complexity_policy_converter.go Normal file
View File

@@ -0,0 +1,54 @@
package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes"
)
func passwordComplexityPolicyToModel(policy *admin.DefaultPasswordComplexityPolicyRequest) *iam_model.PasswordComplexityPolicy {
return &iam_model.PasswordComplexityPolicy{
MinLength: policy.MinLength,
HasUppercase: policy.HasUppercase,
HasLowercase: policy.HasLowercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func passwordComplexityPolicyFromModel(policy *iam_model.PasswordComplexityPolicy) *admin.DefaultPasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-6Zhs9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-bMso0").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordComplexityPolicy{
MinLength: policy.MinLength,
HasUppercase: policy.HasUppercase,
HasLowercase: policy.HasLowercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func passwordComplexityPolicyViewFromModel(policy *iam_model.PasswordComplexityPolicyView) *admin.DefaultPasswordComplexityPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-rTs9f").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-ks9Zt").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordComplexityPolicyView{
MinLength: policy.MinLength,
HasUppercase: policy.HasUppercase,
HasLowercase: policy.HasLowercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

23
internal/api/grpc/admin/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,23 @@
package admin
import (
"context"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordLockoutPolicyView, error) {
result, err := s.iam.GetDefaultPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyViewFromModel(result), nil
}
func (s *Server) UpdateDefaultPasswordLockoutPolicy(ctx context.Context, policy *admin.DefaultPasswordLockoutPolicyRequest) (*admin.DefaultPasswordLockoutPolicy, error) {
result, err := s.iam.ChangeDefaultPasswordLockoutPolicy(ctx, passwordLockoutPolicyToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(result), nil
}

45
internal/api/grpc/admin/password_lockout_policy_converter.go Normal file
View File

@@ -0,0 +1,45 @@
package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes"
)
func passwordLockoutPolicyToModel(policy *admin.DefaultPasswordLockoutPolicyRequest) *iam_model.PasswordLockoutPolicy {
return &iam_model.PasswordLockoutPolicy{
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockoutFailure,
}
}
func passwordLockoutPolicyFromModel(policy *iam_model.PasswordLockoutPolicy) *admin.DefaultPasswordLockoutPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-4Gsm9f").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-3Gms9").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordLockoutPolicy{
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func passwordLockoutPolicyViewFromModel(policy *iam_model.PasswordLockoutPolicyView) *admin.DefaultPasswordLockoutPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-7Hmlo").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-0oLgs").OnError(err).Debug("date parse failed")
return &admin.DefaultPasswordLockoutPolicyView{
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

5
internal/api/grpc/auth/policy_complexity_converter.go
View File

@@ -2,13 +2,13 @@ package auth
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *auth.PasswordComplexityPolicy {
func passwordComplexityPolicyFromModel(policy *iam_model.PasswordComplexityPolicyView) *auth.PasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-Lsi3d").OnError(err).Debug("unable to parse timestamp")
@@ -19,7 +19,6 @@ func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Description: policy.Description,
Sequence: policy.Sequence,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,

16
internal/api/grpc/management/login_policy.go
View File

@@ -14,16 +14,24 @@ func (s *Server) GetLoginPolicy(ctx context.Context, _ *empty.Empty) (*managemen
return loginPolicyViewFromModel(result), nil
}
func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyAdd) (*management.LoginPolicy, error) {
result, err := s.org.AddLoginPolicy(ctx, loginPolicyAddToModel(policy))
func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
result, err := s.org.GetDefaultLoginPolicy(ctx)
if err != nil {
return nil, err
}
return loginPolicyViewFromModel(result), nil
}
func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyRequest) (*management.LoginPolicy, error) {
result, err := s.org.AddLoginPolicy(ctx, loginPolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return loginPolicyFromModel(result), nil
}
func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicy) (*management.LoginPolicy, error) {
result, err := s.org.ChangeLoginPolicy(ctx, loginPolicyToModel(policy))
func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicyRequest) (*management.LoginPolicy, error) {
result, err := s.org.ChangeLoginPolicy(ctx, loginPolicyRequestToModel(policy))
if err != nil {
return nil, err
}

27
internal/api/grpc/management/login_policy_converter.go
View File

@@ -1,18 +1,13 @@
package management
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
)
func loginPolicyAddToModel(policy *management.LoginPolicyAdd) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyToModel(policy *management.LoginPolicy) *iam_model.LoginPolicy {
func loginPolicyRequestToModel(policy *management.LoginPolicyRequest) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
@@ -21,19 +16,35 @@ func loginPolicyToModel(policy *management.LoginPolicy) *iam_model.LoginPolicy {
}
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *management.LoginPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-2Fsm8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-3Flo0").OnError(err).Debug("date parse failed")
return &management.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-5Tsm8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-8dJgs").OnError(err).Debug("date parse failed")
return &management.LoginPolicyView{
Default: policy.Default,
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

4
internal/api/grpc/management/org.go
View File

@@ -98,10 +98,10 @@ func (s *Server) OrgChanges(ctx context.Context, changesRequest *management.Chan
return orgChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}
func (s *Server) GetMyOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *management.OrgIamPolicy, err error) {
func (s *Server) GetMyOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *management.OrgIamPolicyView, err error) {
policy, err := s.org.GetMyOrgIamPolicy(ctx)
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
return orgIamPolicyViewFromModel(policy), err
}

7
internal/api/grpc/management/org_converter.go
View File

@@ -2,6 +2,7 @@ package management
import (
"encoding/json"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
@@ -227,10 +228,8 @@ func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change)
return result
}
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *management.OrgIamPolicy {
return &management.OrgIamPolicy{
OrgId: policy.AggregateID,
Description: policy.Description,
func orgIamPolicyViewFromModel(policy *iam_model.OrgIAMPolicyView) *management.OrgIamPolicyView {
return &management.OrgIamPolicyView{
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
}

44
internal/api/grpc/management/password_age_policy.go Normal file
View File

@@ -0,0 +1,44 @@
package management
import (
"context"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicyView, error) {
result, err := s.org.GetPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicyView, error) {
result, err := s.org.GetDefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyRequest) (*management.PasswordAgePolicy, error) {
result, err := s.org.AddPasswordAgePolicy(ctx, passwordAgePolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(result), nil
}
func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyRequest) (*management.PasswordAgePolicy, error) {
result, err := s.org.ChangePasswordAgePolicy(ctx, passwordAgePolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(result), nil
}
func (s *Server) RemovePasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.org.RemovePasswordAgePolicy(ctx)
return &empty.Empty{}, err
}

46
internal/api/grpc/management/password_age_policy_converter.go Normal file
View File

@@ -0,0 +1,46 @@
package management
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
)
func passwordAgePolicyRequestToModel(policy *management.PasswordAgePolicyRequest) *iam_model.PasswordAgePolicy {
return &iam_model.PasswordAgePolicy{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func passwordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *management.PasswordAgePolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-bMd9o").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-jFs89").OnError(err).Debug("date parse failed")
return &management.PasswordAgePolicy{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
CreationDate: changeDate,
ChangeDate: creationDate,
}
}
func passwordAgePolicyViewFromModel(policy *iam_model.PasswordAgePolicyView) *management.PasswordAgePolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-4Bms9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-6Hmlo").OnError(err).Debug("date parse failed")
return &management.PasswordAgePolicyView{
Default: policy.Default,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
ChangeDate: changeDate,
CreationDate: creationDate,
}
}

44
internal/api/grpc/management/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,44 @@
package management
import (
"context"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicyView, error) {
result, err := s.org.GetPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicyView, error) {
result, err := s.org.GetDefaultPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyRequest) (*management.PasswordComplexityPolicy, error) {
result, err := s.org.AddPasswordComplexityPolicy(ctx, passwordComplexityPolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(result), nil
}
func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyRequest) (*management.PasswordComplexityPolicy, error) {
result, err := s.org.ChangePasswordComplexityPolicy(ctx, passwordComplexityPolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(result), nil
}
func (s *Server) RemovePasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.org.RemovePasswordComplexityPolicy(ctx)
return &empty.Empty{}, err
}

55
internal/api/grpc/management/password_complexity_policy_converter.go Normal file
View File

@@ -0,0 +1,55 @@
package management
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
)
func passwordComplexityPolicyRequestToModel(policy *management.PasswordComplexityPolicyRequest) *iam_model.PasswordComplexityPolicy {
return &iam_model.PasswordComplexityPolicy{
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
}
}
func passwordComplexityPolicyFromModel(policy *iam_model.PasswordComplexityPolicy) *management.PasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-5Gslo").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-Bmd9e").OnError(err).Debug("date parse failed")
return &management.PasswordComplexityPolicy{
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
CreationDate: changeDate,
ChangeDate: creationDate,
}
}
func passwordComplexityPolicyViewFromModel(policy *iam_model.PasswordComplexityPolicyView) *management.PasswordComplexityPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-wmi8f").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-dmOp0").OnError(err).Debug("date parse failed")
return &management.PasswordComplexityPolicyView{
Default: policy.Default,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
CreationDate: changeDate,
ChangeDate: creationDate,
}
}

44
internal/api/grpc/management/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,44 @@
package management
import (
"context"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicyView, error) {
result, err := s.org.GetPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicyView, error) {
result, err := s.org.GetDefaultPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyRequest) (*management.PasswordLockoutPolicy, error) {
result, err := s.org.AddPasswordLockoutPolicy(ctx, passwordLockoutPolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(result), nil
}
func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyRequest) (*management.PasswordLockoutPolicy, error) {
result, err := s.org.ChangePasswordLockoutPolicy(ctx, passwordLockoutPolicyRequestToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(result), nil
}
func (s *Server) RemovePasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.org.RemovePasswordLockoutPolicy(ctx)
return &empty.Empty{}, err
}

46
internal/api/grpc/management/password_lockout_policy_converter.go Normal file
View File

@@ -0,0 +1,46 @@
package management
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
)
func passwordLockoutPolicyRequestToModel(policy *management.PasswordLockoutPolicyRequest) *iam_model.PasswordLockoutPolicy {
return &iam_model.PasswordLockoutPolicy{
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockoutFailure,
}
}
func passwordLockoutPolicyFromModel(policy *iam_model.PasswordLockoutPolicy) *management.PasswordLockoutPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-bMd9o").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-jFs89").OnError(err).Debug("date parse failed")
return &management.PasswordLockoutPolicy{
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
CreationDate: changeDate,
ChangeDate: creationDate,
}
}
func passwordLockoutPolicyViewFromModel(policy *iam_model.PasswordLockoutPolicyView) *management.PasswordLockoutPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-4Bms9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-6Hmlo").OnError(err).Debug("date parse failed")
return &management.PasswordLockoutPolicyView{
Default: policy.Default,
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
ChangeDate: changeDate,
CreationDate: creationDate,
}
}

112
internal/api/grpc/management/policy.go
View File

@@ -1,112 +0,0 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) CreatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyCreate) (*management.PasswordComplexityPolicy, error) {
policyresp, err := s.policy.CreatePasswordComplexityPolicy(ctx, passwordComplexityPolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicy, error) {
policy, err := s.policy.GetPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policy), nil
}
func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicy, error) {
policy, err := s.policy.GetDefaultPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyUpdate) (*management.PasswordComplexityPolicy, error) {
policyresp, err := s.policy.UpdatePasswordComplexityPolicy(ctx, passwordComplexityPolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordComplexityPolicy(ctx context.Context, ID *management.PasswordComplexityPolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-skw3f", "Not implemented")
}
func (s *Server) CreatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyCreate) (*management.PasswordAgePolicy, error) {
policyresp, err := s.policy.CreatePasswordAgePolicy(ctx, passwordAgePolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicy, error) {
policy, err := s.policy.GetPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyUpdate) (*management.PasswordAgePolicy, error) {
policyresp, err := s.policy.UpdatePasswordAgePolicy(ctx, passwordAgePolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordAgePolicy(ctx context.Context, ID *management.PasswordAgePolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-plo67", "Not implemented")
}
func (s *Server) CreatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyCreate) (*management.PasswordLockoutPolicy, error) {
policyresp, err := s.policy.CreatePasswordLockoutPolicy(ctx, passwordLockoutPolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicy, error) {
policy, err := s.policy.GetPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyUpdate) (*management.PasswordLockoutPolicy, error) {
policyresp, err := s.policy.UpdatePasswordLockoutPolicy(ctx, passwordLockoutPolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordLockoutPolicy(ctx context.Context, ID *management.PasswordLockoutPolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-GHkd9", "Not implemented")
}

68
internal/api/grpc/management/policy_age_converter.go
View File

@@ -1,68 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordAgePolicyFromModel(policy *model.PasswordAgePolicy) *management.PasswordAgePolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-6ILdB").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-ngUzJ").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordAgePolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
IsDefault: policy.AggregateID == "",
}
}
func passwordAgePolicyToModel(policy *management.PasswordAgePolicy) *model.PasswordAgePolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-2QSfU").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-LdU91").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}
func passwordAgePolicyCreateToModel(policy *management.PasswordAgePolicyCreate) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}
func passwordAgePolicyUpdateToModel(policy *management.PasswordAgePolicyUpdate) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}

81
internal/api/grpc/management/policy_complexity_converter.go
View File

@@ -1,81 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *management.PasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-cQRHE").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-PVA1c").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordComplexityPolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Description: policy.Description,
Sequence: policy.Sequence,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
IsDefault: policy.AggregateID == "",
}
}
func passwordComplexityPolicyToModel(policy *management.PasswordComplexityPolicy) *model.PasswordComplexityPolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-asmEZ").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-MCE4o").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func passwordComplexityPolicyCreateToModel(policy *management.PasswordComplexityPolicyCreate) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func passwordComplexityPolicyUpdateToModel(policy *management.PasswordComplexityPolicyUpdate) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}

70
internal/api/grpc/management/policy_lockout_converter.go
View File

@@ -1,70 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordLockoutPolicyFromModel(policy *model.PasswordLockoutPolicy) *management.PasswordLockoutPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-JRSbT").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-1sizr").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordLockoutPolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
IsDefault: policy.AggregateID == "",
}
}
func passwordLockoutPolicyToModel(policy *management.PasswordLockoutPolicy) *model.PasswordLockoutPolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-8a511").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-2rdGv").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func passwordLockoutPolicyCreateToModel(policy *management.PasswordLockoutPolicyCreate) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func passwordLockoutPolicyUpdateToModel(policy *management.PasswordLockoutPolicyUpdate) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}

2
internal/api/grpc/management/server.go
View File

@@ -19,7 +19,6 @@ var _ management.ManagementServiceServer = (*Server)(nil)
type Server struct {
project repository.ProjectRepository
policy repository.PolicyRepository
org repository.OrgRepository
user repository.UserRepository
usergrant repository.UserGrantRepository
@@ -35,7 +34,6 @@ type Config struct {
func CreateServer(repo repository.Repository, sd systemdefaults.SystemDefaults) *Server {
return &Server{
project: repo,
policy: repo,
org: repo,
user: repo,
usergrant: repo,

6
internal/api/http/marshal.go
View File

@@ -7,7 +7,11 @@ import (
"github.com/caos/logging"
)
func MarshalJSON(w http.ResponseWriter, i interface{}) {
func MarshalJSON(w http.ResponseWriter, i interface{}, err error, statusCode int) {
if err != nil {
http.Error(w, err.Error(), statusCode)
return
}
b, err := json.Marshal(i)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)

16
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -7,7 +7,6 @@ import (
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
"time"
"github.com/caos/logging"
@@ -30,7 +29,6 @@ import (
type AuthRequestRepo struct {
UserEvents *user_event.UserEventstore
OrgEvents *org_event.OrgEventstore
PolicyEvents *policy_event.PolicyEventstore
AuthRequests cache.AuthRequestCache
View *view.View
@@ -264,15 +262,23 @@ func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, regis
if resourceOwner != "" {
policyResourceOwner = resourceOwner
}
pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
pwPolicy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.IAMID)
}
if err != nil {
return err
}
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.IAMID)
}
if err != nil {
return err
}
user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, externalIDP, pwPolicy, orgPolicy, resourceOwner)
orgPolicyView := iam_es_model.OrgIAMViewToModel(orgPolicy)
user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, externalIDP, pwPolicyView, orgPolicyView, resourceOwner)
if err != nil {
return err
}

51
internal/auth/repository/eventsourcing/eventstore/org.go
View File

@@ -3,6 +3,9 @@ package eventstore
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
@@ -13,8 +16,6 @@ import (
org_model "github.com/caos/zitadel/internal/org/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/org/repository/view/model"
policy_model "github.com/caos/zitadel/internal/policy/model"
policy_es "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
@@ -26,9 +27,9 @@ type OrgRepository struct {
SearchLimit uint64
OrgEventstore *org_es.OrgEventstore
UserEventstore *usr_es.UserEventstore
PolicyEventstore *policy_es.PolicyEventstore
View *auth_view.View
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *OrgRepository) SearchOrgs(ctx context.Context, request *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) {
@@ -53,14 +54,16 @@ func (repo *OrgRepository) SearchOrgs(ctx context.Context, request *org_model.Or
}
func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model.RegisterOrg) (*auth_model.RegisterOrg, error) {
pwPolicy, err := repo.PolicyEventstore.GetPasswordComplexityPolicy(ctx, policy_model.DefaultPolicy)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
pwPolicyView := iam_view_model.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
orgPolicyView := iam_view_model.OrgIAMViewToModel(orgPolicy)
users := func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
userIDs, err := repo.View.UserIDsByDomain(domain)
if err != nil {
@@ -72,7 +75,7 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
if err != nil {
return nil, err
}
user, userAggregates, err := repo.UserEventstore.PrepareRegisterUser(ctx, register.User, nil, pwPolicy, orgPolicy, org.AggregateID)
user, userAggregates, err := repo.UserEventstore.PrepareRegisterUser(ctx, register.User, nil, pwPolicyView, orgPolicyView, org.AggregateID)
if err != nil {
return nil, err
}
@@ -95,12 +98,25 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
return RegisterToModel(registerModel), nil
}
func (repo *OrgRepository) GetDefaultOrgIamPolicy(ctx context.Context) *org_model.OrgIAMPolicy {
return repo.OrgEventstore.GetDefaultOrgIAMPolicy(ctx)
func (repo *OrgRepository) GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) {
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
policy := iam_view_model.OrgIAMViewToModel(orgPolicy)
policy.IAMDomain = repo.SystemDefaults.Domain
return policy, err
}
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, orgID)
func (repo *OrgRepository) GetOrgIAMPolicy(ctx context.Context, orgID string) (*iam_model.OrgIAMPolicyView, error) {
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(orgID)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
return iam_view_model.OrgIAMViewToModel(orgPolicy), nil
}
func (repo *OrgRepository) GetIDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
@@ -110,3 +126,18 @@ func (repo *OrgRepository) GetIDPConfigByID(ctx context.Context, idpConfigID str
}
return iam_view_model.IDPConfigViewToModel(idpConfig), nil
}
func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
policy.Default = true
}
if err != nil {
return nil, err
}
return iam_view_model.PasswordComplexityViewToModel(policy), err
}

18
internal/auth/repository/eventsourcing/eventstore/policy.go
View File

@@ -1,18 +0,0 @@
package eventstore
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
pol_model "github.com/caos/zitadel/internal/policy/model"
pol_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
)
type PolicyRepo struct {
PolicyEvents *pol_event.PolicyEventstore
}
func (repo *PolicyRepo) GetMyPasswordComplexityPolicy(ctx context.Context) (*pol_model.PasswordComplexityPolicy, error) {
ctxData := authz.GetCtxData(ctx)
return repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, ctxData.OrgID)
}

67
internal/auth/repository/eventsourcing/eventstore/user.go
View File

@@ -2,6 +2,8 @@ package eventstore
import (
"context"
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/logging"
@@ -13,7 +15,6 @@ import (
"github.com/caos/zitadel/internal/eventstore/sdk"
org_model "github.com/caos/zitadel/internal/org/model"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/model"
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
@@ -25,8 +26,8 @@ type UserRepo struct {
Eventstore eventstore.Eventstore
UserEvents *user_event.UserEventstore
OrgEvents *org_event.OrgEventstore
PolicyEvents *policy_event.PolicyEventstore
View *view.View
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *UserRepo) Health(ctx context.Context) error {
@@ -46,15 +47,23 @@ func (repo *UserRepo) registerUser(ctx context.Context, registerUser *model.User
if resourceOwner != "" {
policyResourceOwner = resourceOwner
}
pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
pwPolicy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, externalIDP, pwPolicy, orgPolicy, resourceOwner)
orgPolicyView := iam_es_model.OrgIAMViewToModel(orgPolicy)
user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, externalIDP, pwPolicyView, orgPolicyView, resourceOwner)
if err != nil {
return nil, err
}
@@ -215,20 +224,28 @@ func (repo *UserRepo) ChangeMyAddress(ctx context.Context, address *model.Addres
}
func (repo *UserRepo) ChangeMyPassword(ctx context.Context, old, new string) error {
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
_, err = repo.UserEvents.ChangePassword(ctx, policy, authz.GetCtxData(ctx).UserID, old, new)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(policy)
_, err = repo.UserEvents.ChangePassword(ctx, pwPolicyView, authz.GetCtxData(ctx).UserID, old, new)
return err
}
func (repo *UserRepo) ChangePassword(ctx context.Context, userID, old, new string) error {
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
_, err = repo.UserEvents.ChangePassword(ctx, policy, userID, old, new)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(policy)
_, err = repo.UserEvents.ChangePassword(ctx, pwPolicyView, userID, old, new)
return err
}
@@ -279,11 +296,15 @@ func (repo *UserRepo) RemoveMyMfaOTP(ctx context.Context) error {
func (repo *UserRepo) ChangeMyUsername(ctx context.Context, username string) error {
ctxData := authz.GetCtxData(ctx)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, ctxData.OrgID)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(ctxData.OrgID)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
return repo.UserEvents.ChangeUsername(ctx, ctxData.UserID, username, orgPolicy)
orgPolicyView := iam_es_model.OrgIAMViewToModel(orgPolicy)
return repo.UserEvents.ChangeUsername(ctx, ctxData.UserID, username, orgPolicyView)
}
func (repo *UserRepo) ResendInitVerificationMail(ctx context.Context, userID string) error {
_, err := repo.UserEvents.CreateInitializeUserCodeByID(ctx, userID)
@@ -291,11 +312,15 @@ func (repo *UserRepo) ResendInitVerificationMail(ctx context.Context, userID str
}
func (repo *UserRepo) VerifyInitCode(ctx context.Context, userID, code, password string) error {
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
return repo.UserEvents.VerifyInitCode(ctx, policy, userID, code, password)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(policy)
return repo.UserEvents.VerifyInitCode(ctx, pwPolicyView, userID, code, password)
}
func (repo *UserRepo) SkipMfaInit(ctx context.Context, userID string) error {
@@ -311,11 +336,15 @@ func (repo *UserRepo) RequestPasswordReset(ctx context.Context, loginname string
}
func (repo *UserRepo) SetPassword(ctx context.Context, userID, code, password string) error {
policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
policy, err := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
return repo.UserEvents.SetPassword(ctx, policy, userID, code, password)
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(policy)
return repo.UserEvents.SetPassword(ctx, pwPolicyView, userID, code, password)
}
func (repo *UserRepo) SignOut(ctx context.Context, agentID string) error {
@@ -369,11 +398,15 @@ func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, li
func (repo *UserRepo) ChangeUsername(ctx context.Context, userID, username string) error {
policyResourceOwner := authz.GetCtxData(ctx).OrgID
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return err
}
return repo.UserEvents.ChangeUsername(ctx, userID, username, orgPolicy)
orgPolicyView := iam_es_model.OrgIAMViewToModel(orgPolicy)
return repo.UserEvents.ChangeUsername(ctx, userID, username, orgPolicyView)
}
func checkIDs(ctx context.Context, obj es_models.ObjectRoot) error {

5
internal/auth/repository/eventsourcing/handler/handler.go
View File

@@ -37,7 +37,8 @@ type EventstoreRepos struct {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
return []query.Handler{
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, orgEvents: repos.OrgEvents},
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount},
orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, iamID: systemDefaults.IamID},
&UserSession{handler: handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount}, userEvents: repos.UserEvents},
&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
&Token{handler: handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount}, ProjectEvents: repos.ProjectEvents},
@@ -57,6 +58,8 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: systemDefaults, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents},
&ExternalIDP{handler: handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount}, systemDefaults: systemDefaults, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents},
&PasswordComplexityPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount}},
&OrgIAMPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount}},
}
}

69
internal/auth/repository/eventsourcing/handler/org_iam_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type OrgIAMPolicy struct {
handler
}
const (
orgIAMPolicyTable = "auth.org_iam_policies"
)
func (m *OrgIAMPolicy) ViewModel() string {
return orgIAMPolicyTable
}
func (m *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestOrgIAMPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processOrgIAMPolicy(event)
}
return err
}
func (m *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
policy := new(iam_model.OrgIAMPolicyView)
switch event.Type {
case iam_es_model.OrgIAMPolicyAdded, model.OrgIAMPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.OrgIAMPolicyChanged, model.OrgIAMPolicyChanged:
policy, err = m.view.OrgIAMPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.OrgIAMPolicyRemoved:
return m.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedOrgIAMPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutOrgIAMPolicy(policy, policy.Sequence)
}
func (m *OrgIAMPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-3Gj8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgIAM policy handler")
return spooler.HandleError(event, err, m.view.GetLatestOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicyFailedEvent, m.view.ProcessedOrgIAMPolicySequence, m.errorCountUntilSkip)
}

69
internal/auth/repository/eventsourcing/handler/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordComplexityPolicy struct {
handler
}
const (
passwordComplexityPolicyTable = "auth.password_complexity_policies"
)
func (m *PasswordComplexityPolicy) ViewModel() string {
return passwordComplexityPolicyTable
}
func (m *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestPasswordComplexityPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *PasswordComplexityPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processPasswordComplexityPolicy(event)
}
return err
}
func (m *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models.Event) (err error) {
policy := new(iam_model.PasswordComplexityPolicyView)
switch event.Type {
case iam_es_model.PasswordComplexityPolicyAdded, model.PasswordComplexityPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordComplexityPolicyChanged, model.PasswordComplexityPolicyChanged:
policy, err = m.view.PasswordComplexityPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordComplexityPolicyRemoved:
return m.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence)
default:
return m.view.ProcessedPasswordComplexityPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutPasswordComplexityPolicy(policy, policy.Sequence)
}
func (m *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-4Djo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordComplexity policy handler")
return spooler.HandleError(event, err, m.view.GetLatestPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicyFailedEvent, m.view.ProcessedPasswordComplexityPolicySequence, m.errorCountUntilSkip)
}

Some files were not shown because too many files have changed in this diff Show More