Commit Graph

1720 Commits

Author SHA1 Message Date
Stefan Benz
e769b163ef perf: user grant owner removed (#6962)
* fix: change logic for usergrants projection with no selects

* fix: change logic for usergrants projection with one select

* fix: move resource owner select to single function

* fix: move resource owner select to single function

* fix: changes after merge

* fix: changes after merge

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-01-08 15:26:30 +00:00
Miguel Cabrerizo
93c3763a1c fix: add back button to password reset done (#7119)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-08 11:56:40 +00:00
Miguel Cabrerizo
3f4aea1a75 fix: replace password back button with arrow (#7120)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-08 11:23:34 +00:00
Silvan
1f30776fc2 fix(login): correct rendering of idps (#7151) 2024-01-05 14:35:51 +00:00
Silvan
a5d4b08a99 fix(cleanup): cleanup all stuck states (#7145)
* fix(setup): unmarshal of failed step

* fix(cleanup): cleanup all stuck states

* use lastRun for repeatable steps

* typo

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-05 09:01:48 +00:00
Silvan
41215bdc0a fix(setup): unmarshal of failed step (#7144) 2024-01-05 06:29:57 +00:00
Silvan
aa2d642e97 fix(handler): updated failed events (#7146) 2024-01-04 21:36:08 +00:00
Silvan
b7d027e2fd fix(db): always use begin tx (#7142)
* fix(db): always use begin tx

* fix(handler): timeout for begin
2024-01-04 16:12:20 +00:00
Livio Spring
c0cef4983a fix: correctly respect maxFailureCount (#7143) 2024-01-04 15:46:25 +00:00
Silvan
8bc56f6fe7 fix(query): escape wildcards in text search (#7131) (#7135)
* fix(query): escape like wildcards

* test: search query wildcards

* add do nothing
2024-01-02 16:27:36 +01:00
Silvan
9892fd92b6 refactor: cleanup unused code (#7130)
* refactor: drop unused code

* refactor: drop unused code
2024-01-02 14:26:31 +00:00
Silvan
a8b8c89f73 perf(query): increase speed of user queries (#7126) (#7128)
* perf(query): increase speed of user queries
2024-01-02 14:41:46 +01:00
Silvan
cc2dd8b20b fix(eventstore): increase performance on push (#7125) 2023-12-31 15:30:25 +01:00
Silvan
6d3ce8d5ab fix(projection): correct type cast of user grant reactivated (#7123)
* fix(projection): correct type cast of user grant reactivated

* test: correct mapper
2023-12-31 14:03:23 +01:00
Tim Möhlmann
45ccdcfa99 fix(oidc): nil check for client secret (#7115)
This fixes a nil pointer panic when client basic auth is attempted on a client without secret in introspection.
2023-12-28 13:31:41 +00:00
Yordis Prieto
9d5d1cf3ea feat: allow glob redirects (#7091)
fixes #5110
2023-12-28 11:25:18 +02:00
Tim Möhlmann
85eb2eda0b fix(oidc): refresh token for device authorization (#7104)
fix(oidc); refresh token for device authorization

Due to a mis-alignment of OIDC interface and concrete implementations in zitadel, requesting a refresh token for device authorization would fail.
This change adds the possibility to to use the op.IDTokenRequest directly.
Also, the UserAgentID is dropped as required parameter, as devices do not have a user agent.
2023-12-21 13:57:33 +00:00
Silvan
5ce542b959 fix(handler): allow uint32 offset for migration scenarios (#7103) 2023-12-21 10:40:51 +00:00
Stefan Benz
a0a82b59e1 feat: user service v2 create, update and remove (#6996)
* feat: user service v2 remove user

* feat: user service v2 add user human

* feat: user service v2 change user human

* feat: user service v2 change user human unit tests

* feat: user service v2 reactivate, deactivate, lock, unlock user

* feat: user service v2 integration tests

* fix: merge back origin/main

* lint: linter corrections

* fix: move permission check for isVerfied and password change

* fix: add deprecated notices and other review comments

* fix: consistent naming in proto

* fix: errors package renaming

* fix: remove / delete user renaming in integration test

* fix: machine user status changes through user v2 api

* fix: linting changes

* fix: linting changes

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-21 10:03:37 +01:00
Tim Möhlmann
fe1337536f fix(db): add additional connection pool for projection spooling (#7094)
* fix(db): add additional connection pool for projection spooling

* use correct connection pool for projections

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-20 16:13:04 +00:00
Tim Möhlmann
e22689c125 feat(oidc): id token for device authorization (#7088)
* cleanup todo

* pass id token details to oidc

* feat(oidc): id token for device authorization

This changes updates to the newest oidc version,
so the Device Authorization grant can return ID tokens when
the scope `openid` is set.
There is also some refactoring done, so that the eventstore can be
queried directly when polling for state.
The projection is cleaned up to a minimum with only data required for the login UI.

* try to be explicit wit hthe timezone to fix github

* pin oidc v3.8.0

* remove TBD entry
2023-12-20 13:21:08 +01:00
Livio Spring
edaa41903e fix(projections): handle every instance by default and randomize start (#7093) 2023-12-19 13:32:08 +02:00
Elio Bischof
c3e6257d68 fix: keep user idp links (#7079)
* login

* auth methods

* NewIDPUserLinksActiveQuery

* use has_login_policy projection

* fix unit tests

* docs

* keep old user links projection

* fix tests

* cleanup

* cleanup comments

* test idp links are not removed

* idempotent auth method test

* idempotent auth method test
2023-12-19 10:25:50 +00:00
Tim Möhlmann
1adfca9d28 fix(crypto): allow parsing of cost int from env string (#7061)
fic(crypto): allow parsing of cost int from env string
2023-12-15 11:16:05 +00:00
Livio Spring
19d9b8ad41 fix: reduce eventual consistency (#7075)
* fix: reduce eventual consistency

* fix tests

* fix linting
2023-12-14 11:07:47 +01:00
Livio Spring
831bb88ec4 fix: correctly delete sessions created before 2.42 (#7050)
* fix: correctly delete sessions created before 2.42

* fix test

* fix linting

* fixes requested from review
2023-12-09 08:59:51 +00:00
Livio Spring
aa3c352ae7 fix: update external username on idp if auto update is enabled (#7048)
* fix: update external username on idp if auto update is enabled

* update errors package
2023-12-08 18:22:07 +01:00
Tim Möhlmann
f680dd934d refactor: rename package errors to zerrors (#7039)
* chore: rename package errors to zerrors

* rename package errors to gerrors

* fix error related linting issues

* fix zitadel error assertion

* fix gosimple linting issues

* fix deprecated linting issues

* resolve gci linting issues

* fix import structure

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00
Silvan
ddbea119f1 fix(query): user performance (#6537)
* start user by id

* ignore debug bin

* use new user by id

* new sql

* fix(sql): replace STRING with text for psql compatabilit

* some changes

* fix: correct user queries

* fix tests

* unify sql statements

* use specific get user methods

* search login name case insensitive

* refactor: optimise user statements

* add index

* fix queries

* fix: correct domain segregation

* return all login names

* fix queries

* improve readability

* query should be correct now

* cleanup statements

* fix username / loginname handling

* fix: psql doesn't support create view if not exists

* fix: create pre-release

* ignore release comments

* add lower fields

* fix: always to lower

* update to latest projection

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-08 13:14:22 +01:00
Elio Bischof
9da4abd459 feat: add time range events filter (#7005)
* feat(console): add time range events filter

* deprecate creation_date, use oneof filter

* use range or from

* implement api

* fix timestamp format

* translate

* styles

* lint

* integration tests

* fix until date

* rearrange sorting control

* sort creation date

* fix events e2e test

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* lint

* lint

* don't use utc call time

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-07 10:15:53 +00:00
Tim Möhlmann
2e505f40f9 fix(oidc): return clients without instance settings (#7036) 2023-12-07 09:43:45 +00:00
Elio Bischof
8c85318fbd fix: restrict languages in console (#6964)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* fix(console): switch back to saved language

* feat(API): get allowed languages

* fix(console): only make allowed languages selectable

* warn when editing not allowed languages

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* allow unsupported preferred languages

* lint

* load languages for tests

* cleanup

* lint

* cleanup

* get allowed only on admin

* cleanup

* reduce flakiness on very limited postgres

* simplify langSvc

* refactor according to suggestions in pr

* lint

* set first allowed language as default

* selectionchange for language in msg texts

* initialize login texts

* init message texts

* lint

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-12-07 08:43:23 +00:00
Livio Spring
6f3afb810d fix: use host with potential port for instance context (#7022) 2023-12-06 16:53:41 +00:00
Livio Spring
970c062307 fix: projection version of restrictions (#7028) 2023-12-06 10:30:56 +00:00
Tim Möhlmann
ec03340b67 perf(oidc): optimize client verification (#6999)
* fix some spelling errors

* client credential auth

* implementation of client auth

* improve error handling

* unit test command package

* unit test database package

* unit test query package

* cleanup unused tracing func

* fix integration tests

* errz to zerrors

* fix linting and import issues

* fix another linting error

* integration test with client secret

* Revert "integration test with client secret"

This reverts commit 0814ba522f.

* add integration tests

* client credentials integration test

* resolve comments

* pin oidc v3.5.0
2023-12-05 17:01:03 +00:00
Tim Möhlmann
51cfb9564a chore(user/v2): solve test TODO that depended on session tokens (#6973)
Closes #6022,

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-05 15:28:17 +00:00
Elio Bischof
dd33538c0a feat: restrict languages (#6931)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
2023-12-05 11:12:01 +00:00
Silvan
e3d1ca4d58 fix(eventstore): improve pagination of handler filter (#6968)
* fix(setup): add filter_offset to `projections.current_states`

* fix(eventstore): allow offset in query

* fix(handler): offset for already processed events
2023-12-01 12:25:41 +00:00
Livio Spring
e57076430b fix: handle context when locking for trigger (#7006) 2023-12-01 11:13:57 +01:00
Miguel Cabrerizo
79130b238b fix: replace back button with <- in user register (#6981)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-29 15:52:12 +00:00
Elio Bischof
11d7a8ce61 Merge pull request from GHSA-2wmj-46rj-qm2w
* fix: find instance by original domain

* return instance not found on invalid origin

* test: ensure correct host validation

* test: instance not found is translated
2023-11-29 11:57:47 +01:00
Stefan Benz
ef11609142 fix: add https status to activity log (#6978)
* fix: add https status to activity log

* create prerelease

* create RC

* pass info from gateway to grpc server

* fix: update releaserc to create RC version

* cleanup

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-28 16:56:29 +01:00
Tim Möhlmann
24b05dc88c fix(authz): add logging to access token verification errors (#6976)
* fix(authz): add logging to access token verification errors

Related to #6949

* use logging fields

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-27 15:35:08 +00:00
Elio Bischof
60688757fa test(postgres): always test against latest release (#6972)
* test(postgres): always test against latest

* Update CONTRIBUTING.md

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* Update internal/integration/config/docker-compose.yaml

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-24 13:56:58 +00:00
Elio Bischof
8982e1aae3 fix(postgres <=15): delete unique constraints (#6971)
fix(postgres): delete unique constraints
2023-11-24 07:23:23 +01:00
Tim Möhlmann
72bc3ffe14 fix(oidc): add missing fields to introspection (#6967)
during QA I found some user info and org ID was missing.
This change adds those missing fields.
2023-11-23 16:17:50 +02:00
Silvan
9ed956383f fix(eventstore): correct handling of wrong unique fields (#6961) 2023-11-23 06:15:40 +01:00
jacob-buckaroo
1fac15e186 feat(i18n): Dutch language support (#6952)
* feat(i18n): Dutch language support

* Fixed formatting issues

* add missing error lines

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-22 14:35:21 +00:00
Livio Spring
b563041103 fix: ensure uniqueness (#6956)
* fix: ensure uniqueness

* only update wrong ones

* Update cmd/setup/16.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 12:05:14 +00:00
Tim Möhlmann
2f91679623 chore(Makefile): add go generate target (#6944)
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.

`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.

The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 10:56:43 +00:00