TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
843 Commits 165 Branches 1,927 Tags 670 MiB
324068f25a
Commit Graph

469 Commits

Author SHA1 Message Date
Silvan
28c8274eab
fix(auth): spooler locks correct database (#1134) 2020-12-24 13:01:23 +01:00
Silvan
a6c4702b8e
fix: lock again (#1132) 
* start sub

* start implement subsciptions

* start subscription

* implementation for member done

* admin done

* fix: tests

* extend handlers

* prepary notification

* no errors in adminapi

* changed current sequence in all packages

* ignore mocks

* works

* subscriptions as singleton

* tests

* refactor: rename function scope var

* fix: process ALL previous sequences

* fix: spooler and pubsub

* handler check

* fix: process events until all done

* fix break on query err

* fix: handler

* fix: process sequence or return error

* check aggregate id

* fix: log only in error case

* fix tests

* fix: handlers

* fix: spooler

* fix: spooler

* fix: tests

* fix: continue

* fix: locker duration

* fix: variable lock duration

* fix: test

* fix: test

* fix: test min max time

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-12-22 12:27:55 +01:00
Livio Amstutz
f96838cf62
fix: org name overwrite (#1133) 
* fix: org name overwrite

* import
 2020-12-22 12:12:05 +01:00
Livio Amstutz
273b7487b3
fix: don't fail if OIDCClientSecretCheckSucceeded event can not be pushed (#1131) 2020-12-22 10:41:22 +01:00
Silvan
3118a99c1e
fix: pubsub (#1122) 
* start sub

* start implement subsciptions

* start subscription

* implementation for member done

* admin done

* fix: tests

* extend handlers

* prepary notification

* no errors in adminapi

* changed current sequence in all packages

* ignore mocks

* works

* subscriptions as singleton

* tests

* refactor: rename function scope var

* fix: process ALL previous sequences

* fix: spooler and pubsub

* handler check

* fix: process events until all done

* fix break on query err

* fix: handler

* fix: process sequence or return error

* check aggregate id

* fix: log only in error case

* fix tests

* fix: handlers

* fix: spooler

* fix: spooler

* fix: tests

* fix: continue

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-12-21 18:42:34 +01:00
Silvan
dd5e4acd24
fix(event handling): use internal pubsub for view update (#1118) 
* start sub

* start implement subsciptions

* start subscription

* implementation for member done

* admin done

* fix: tests

* extend handlers

* prepary notification

* no errors in adminapi

* changed current sequence in all packages

* ignore mocks

* works

* subscriptions as singleton

* tests

* refactor: rename function scope var
 2020-12-18 16:47:45 +01:00
Livio Amstutz
e15fc0b92b
fix: remove u2f with pin from 2fa check (#1121) 
* fix: remove u2f with pin from 2fa check

* show error message on mfa init verify
 2020-12-18 16:30:57 +01:00
Livio Amstutz
410a53f15b
fix: enable login with password when passwordless set up (#1120) 
* fix: enable login with password when passwordless set up

* enable only it allowed
 2020-12-18 13:42:21 +01:00
Livio Amstutz
b183d49761
fix: passwordless (#1116) 
* fix passwordless session handling

* only check passwordless when enabled in policy

* set preferred user name in webauthn

* fix tests

* add passwordless in setup

* fix(console): exclude credentials for passwordless (#1115)

* fix: exclude creds

* fix i18n type loginpolicy

* fix enter on dialog input

* remove arg

Co-authored-by: Max Peintner <max@caos.ch>
 2020-12-17 16:22:27 +01:00
Livio Amstutz
c5287364a4
fix: missing webauthn converter for login (#1113) 2020-12-17 09:34:42 +01:00
Silvan
584bcda108
fix: language.Tag marshalling (#1110) 
* fix(searchlimit): increase to 1000

* rafactor: remove unused return

* fix(user): marshalling of language tag

* fix(spooler): shuffle handlers on start

* fix(sql): reduce max open conns from 200 to 25 per pod

* chore(deps): google.golang.org/grpc and github.com/lib/pq

* chore(deps): update github.com/cockroachdb/cockroach-go/v2
 2020-12-17 08:55:11 +01:00
Livio Amstutz
055cdf98ed
fix: passwordless (#1112) 
* fix token list

* fix token name

* i18n
 2020-12-17 08:17:02 +01:00
Max Peintner
6aa0588fe0
fix(console): u2f, mfa, loginpolicy, auth and mgmt passwordless, clockskew, userinfo within idtoken (#1108) 
* fix 2fa,mfa config, self management

* u2f enable when otp

* passwordless grpc auth

* clockskew, passwordless container, util class

* passwordless, i18n

* passwordless auth and mgmt

* lint ts

* chore(deps-dev): bump ts-node from 9.1.0 to 9.1.1 in /console (#1089)

Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 9.1.0 to 9.1.1.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](https://github.com/TypeStrong/ts-node/compare/v9.1.0...v9.1.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/cli from 11.0.3 to 11.0.4 in /console (#1094)

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.0.3 to 11.0.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.0.3...v11.0.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.1 to 8.3.2 in /console (#1098)

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.1 to 8.3.2.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.1...v8.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps-dev): bump @angular/language-service in /console (#1099)

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.0.3 to 11.0.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.0.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @types/node from 14.14.10 to 14.14.13 in /console (#1100)

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.10 to 14.14.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular in /console (#1088)

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1100.3 to 0.1100.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* fix: replace regex check for projectid (#1064)

* update lock

* fix app detail

* logs

* fix login policy update

* fix error message

* decode excluded cred id

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-12-16 16:34:12 +01:00
Livio Amstutz
71df1bcd0e
fix: improvements for WebAuthN (#1105) 
* add missing translations

* add missing passwordless funcs in api

* remove u2f with verification from setup in login
 2020-12-15 16:44:16 +01:00
Fabiennne
762941f0ea fix: idp provider 2020-12-15 12:00:53 +01:00
Fabiennne
6532072288 fix: wrong Attributes 2020-12-15 11:43:09 +01:00
Fabi
7f26f1815b
fix: Previous sequence (#1086) 
* feat: remove previous sequence check

* feat: object creation date

* feat: simplify member write model

* feat: simplify write model

* feat: simplify write model
 2020-12-14 17:24:01 +01:00
Silvan
5c3b575b13
fix(tracing): business logic has grpc server span as parent (#1017) 
* start fix

* fix(tracing): business logic has grpc server span as parent

* fix: response name

* fix: tests

* fix: simplify ctxData
 2020-12-14 13:34:05 +01:00
Fabi
2ab47c3c8d
fix: Lastspooltime (#1102) 
* feat: last spool time convert

* feat: last spool time convert
 2020-12-14 11:49:20 +01:00
Livio Amstutz
b71a444e86
fix: primary domain claim (#1082) 
* fix: primary domain scope (overwrite by roles and rogue `:`)

* disable wrong users

* fix test

* show requested org name

* only show domain when selected
 2020-12-14 10:54:29 +01:00
Max Peintner
c6fed8ae86
feat(console): u2f (#1080) 
* fix user table count

* grpc ge

* move grpc

* u2f

* add u2f funcs

* rm local grpc, u2f dialog

* dialog u2f

* 2fa button

* mfa u2f credentialoptions

* decode base64 to bytearray, id, challenge

* u2f verify

* spinner, remove, attribute col

* delete mfa

* add forcemfa to policy

* add id to remove

* fix: add missing remove u2f in management

* user mgmt u2f delete, login policy

* rm log

* show attr in mgmt user mfa

* add missing id of mfa

* mfa table

* multifaktor for admin, org

* add secondfactor to gen component

* remove circular dependency

* lint

* revert identity prov

* add divider

* login policy lint

* Update console/src/app/modules/policies/login-policy/login-policy.component.html

* Update console/src/app/modules/policies/login-policy/login-policy.component.html

Co-authored-by: Maximilian Peintner <csaq7175@uibk.ac.at>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-12-14 10:04:15 +01:00
Fabi
5b433dcaa3
New eventstore policies (#1084) 
* feat: login policy

* feat: password complexity policy

* feat: org iam policy

* feat: label policy

* feat: add and change policies

* feat: second factors

* feat: second and multi factors

* feat: better naming

* feat: better naming
 2020-12-11 15:49:19 +01:00
Fabi
31ea9d1acd
feat: user events (#1062) 
* feat: user new eventstore

* feat: rename query builder

* feat: human events

* feat: human events

* feat: events

* feat: phone events

* feat: phone events

* feat: profile, address events

* feat: mfa, otp

* feat: webauthn events

* feat: webauthn events

* feat: webauthn events

* feat: enums

* feat: new events

* feat: user events

* feat: domain events

* feat: all v2 events

* feat: all v1 events

* feat: pkg structure

* feat: change events

* feat: better naming

* feat: better naming
 2020-12-10 16:18:52 +01:00
Fabiennne
5dd60f01e0 Merge branch 'master' into new-eventstore 2020-12-09 13:13:47 +01:00
Livio Amstutz
38478efefb
fix: handle multiple webauthn origins (#1078) 
* fix(grpc): return CredentialCreationData in webauthn public key

* return id of u2f tokens

* handle separate origins in webauthn

* param
 2020-12-08 15:39:58 +01:00
Livio Amstutz
12f8c7202c
fix(grpc): return CredentialCreationData in webauthn public key (#1075) 2020-12-07 15:22:11 +01:00
Livio Amstutz
077a9a628e
fix: improvements for login flow (incl. webauthn) (#1026) 
* fix: typo ZITADEL uppercase for OTP Issuer

* fix: password validation after change in current user agent

* fix: otp validation after setup in current user agent

* add waiting

* add waiting

* show u2f state

* regenerate css

* add useragentID to webauthn verify

* return mfa attribute in mgmt

* switch between providers

* use preferredLoginName for webauthn display

* some fixes

* correct translations for login

* add some missing event translations

* fix usersession test

* remove unnecessary cancel button on password change done
 2020-12-07 12:09:10 +01:00
Livio Amstutz
6d210c3f00
fix: add permissions-policy header (#1059) 2020-12-07 09:00:31 +01:00
Fabiennne
9e7032db73 feat: merge master 2020-12-03 10:21:00 +01:00
Fabiennne
2a25c0b617 Merge branch 'master' into new-eventstore 
# Conflicts:
#	go.sum
 2020-12-03 10:11:18 +01:00
Livio Amstutz
300ade66a7
feat: add WebAuthN support for passwordless login and 2fa (#966) 
* at least registration prompt works

* in memory test for login

* buttons to start webauthn process

* begin eventstore impl

* begin eventstore impl

* serialize into bytes

* fix: u2f, passwordless types

* fix for localhost

* fix script

* fix: u2f, passwordless types

* fix: add u2f

* fix: verify u2f

* fix: session data in event store

* fix: u2f credentials in eventstore

* fix: webauthn pkg handles business models

* feat: tests

* feat: append events

* fix: test

* fix: check only ready webauthn creds

* fix: move u2f methods to authrepo

* frontend improvements

* fix return

* feat: add passwordless

* feat: add passwordless

* improve ui / error handling

* separate call for login

* fix login

* js

* feat: u2f login methods

* feat: remove unused session id

* feat: error handling

* feat: error handling

* feat: refactor user eventstore

* feat: finish webauthn

* feat: u2f and passwordlss in auth.proto

* u2f step

* passwordless step

* cleanup js

* EndpointPasswordLessLogin

* migration

* update mfaChecked test

* next step test

* token name

* cleanup

* attribute

* passwordless as tokens

* remove sms as otp type

* add "user" to amr for webauthn

* error handling

* fixes

* fix tests

* naming

* naming

* fixes

* session handler

* i18n

* error handling in login

* Update internal/ui/login/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* improvements

* merge fixes

* fixes

* fixes

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
 2020-12-02 17:00:04 +01:00
Fabi
6b3f5b984c
feat: metrics (#1024) 
* refactor: switch from opencensus to opentelemetry

* tempo works as designed nooooot

* fix: log traceids

* with grafana agent

* fix: http tracing

* fix: cleanup files

* chore: remove todo

* fix: bad test

* fix: ignore methods in grpc interceptors

* fix: remove test log

* clean up

* typo

* fix(config): configure tracing endpoint

* fix(span): add error id to span

* feat: metrics package

* feat: metrics package

* fix: counter

* fix: metric

* try metrics

* fix: coutner metrics

* fix: active sessin counter

* fix: active sessin counter

* fix: change current Sequence table

* fix: change current Sequence table

* fix: current sequences

* fix: spooler div metrics

* fix: console view

* fix: merge master

* fix: Last spool run on search result instead of eventtimestamp

* fix: go mod

* Update console/src/assets/i18n/de.json

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr review

* fix: map

* update oidc pkg

* fix: handlers

* fix: value observer

* fix: remove fmt

* fix: handlers

* fix: tests

* fix: handler minimum cycle duration 1s

* fix(spooler): handler channel buffer

* fix interceptors

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-12-02 08:50:59 +01:00
adlerhurst
9a870b7830 facotry to fileter 2020-12-01 14:44:19 +01:00
adlerhurst
cf1df99a10 fix idp mappers 2020-11-30 10:41:10 +01:00
adlerhurst
d494da67be repo event mappers 2020-11-30 08:53:08 +01:00
adlerhurst
968f766a8f cleanup code 2020-11-30 08:35:40 +01:00
adlerhurst
0780c23f76 member 2020-11-30 07:56:38 +01:00
adlerhurst
c2400e1da5 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-30 07:41:14 +01:00
adlerhurst
ebeedd1346 policy, idp, member. 
member not working atm
 2020-11-30 06:40:56 +01:00
Silvan
d6c9707ad0
fix(spooler): fast start (#1023) 2020-11-27 15:32:26 +01:00
Livio Amstutz
2331b8a4c0
feat(oidc): add clock skew and userinfo claims in ID Token (#1022) 
* feat: add clock skew

* add IDTokenUserinfoAssertion

* migration

* fix missing converter

* update oidc version

* fix interface impl
 2020-11-27 14:10:52 +01:00
adlerhurst
fc861ea544 remove unused fiel 2020-11-27 13:30:08 +01:00
adlerhurst
e48621c1f3 idp command side done 2020-11-27 13:29:35 +01:00
adlerhurst
9487e8bdeb idp 2020-11-27 11:30:56 +01:00
adlerhurst
3bd4d3a8e3 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-26 13:14:12 +01:00
adlerhurst
1b3f821ad0 idp config 2020-11-26 13:14:07 +01:00
adlerhurst
246d4294cf fix(eventstore): tests 2020-11-26 09:19:14 +01:00
adlerhurst
4bb9650f27 idp 2020-11-25 20:04:32 +01:00
adlerhurst
f6cdcee77a append events without return value 2020-11-25 14:12:44 +01:00
Silvan
42f50de790
fix(machine): set creationdate (#1018) 
* fix(machine): set creationdate

* fix(translations): translate `user.human.phone.removed`
 2020-11-25 07:42:06 +01:00
Silvan
78a1b8f019
fix: org member change and remove (#1014) 
* fix: member

* fix: test

* fix: test

* fix: tests
 2020-11-24 15:55:38 +01:00
Fabi
75bf0409c4
fix: management api remove otp (#1010) 
* fix: management api remove otp

* add postinstall

* remove mgmt otp

Co-authored-by: Max Peintner <max@caos.ch>
 2020-11-24 12:06:46 +01:00
adlerhurst
f8028f07d0 event data search query 2020-11-23 19:31:12 +01:00
adlerhurst
6431fd2ec5 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-23 11:40:50 +01:00
adlerhurst
4aadd290f4 write model 2020-11-23 11:36:58 +01:00
Silvan
855725c3c0
fix: project add validation (#997) 
* fix: add project validation

* fix: removed loop
 2020-11-21 17:20:01 +01:00
Silvan
5d2c053f87
fix: add project validation (#996) 2020-11-21 13:38:32 +01:00
adlerhurst
20f4fa56c5 try writemodel 2020-11-20 17:03:17 +01:00
Livio Amstutz
7e3ace7a96
fix: TestAuthRequestRepo_nextSteps (#995) 2020-11-20 13:05:35 +01:00
Fabi
a891fb571a
fix: fill selected idp config id on step (#994) 2020-11-20 11:20:17 +01:00
Fabi
666e43a7e2
feat: probes (#964) 
* feat: probes

* feat: validate

* fix: protos

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-11-20 10:09:17 +01:00
Fabi
7c6fd2b51e
fix: Externallogin on existing session (#990) 
* fix: existing session with external login

* fix: existing session with external login

* fix: return in login
 2020-11-20 09:00:49 +01:00
Livio Amstutz
85d2be2e8c
fix: handle short cache for console correctly (#993) 2020-11-20 08:47:28 +01:00
Silvan
168242e725
fix(tracing): from opencensus to opentelemetry (#937) 
* refactor: switch from opencensus to opentelemetry

* tempo works as designed nooooot

* fix: log traceids

* with grafana agent

* fix: http tracing

* fix: cleanup files

* chore: remove todo

* fix: bad test

* fix: ignore methods in grpc interceptors

* fix: remove test log

* clean up

* typo

* fix(config): configure tracing endpoint

* fix(span): add error id to span
 2020-11-20 07:57:39 +01:00
adlerhurst
609c4d4f24 Merge branch 'master' into new-eventstore 2020-11-19 17:20:09 +01:00
Silvan
fcf81bed5f
fix: dont overwrite resource owner in objectroot (#992) 
* fix(management): search user grants with granted

* fix(auth): handle user grant project owner

* fix: grantowner to resourceowner

* fix: generate mock

* fix: mig

* fix: query correct columns

* fix: remove new line

* fix: dont overwrite resourceowner on appendevent
 2020-11-19 16:23:48 +01:00
Silvan
9c603d9b38
fix: query correct column (#991) 
* fix(management): search user grants with granted

* fix(auth): handle user grant project owner

* fix: grantowner to resourceowner

* fix: generate mock

* fix: mig

* fix: query correct columns

* fix: remove new line
 2020-11-19 15:21:22 +01:00
Silvan
93e941a475
fix: Improve search user grants (#988) 
* fix(management): search user grants with granted

* fix(auth): handle user grant project owner

* fix: migration
 2020-11-19 14:13:07 +01:00
adlerhurst
4d6497f6c1 try with writemodel 2020-11-18 21:22:15 +01:00
Fabi
a40ec1f25b
fix: audience in create token (#985) 2020-11-18 17:11:37 +01:00
Livio Amstutz
16cd7388ce
fix: handle LoginPolicyRemoved in auth (#982) 2020-11-18 15:18:03 +01:00
Livio Amstutz
b9be5f4e11
fix: handle disabled mfa types correctly during login (#979) 
* fix: handle disabled mfa types during login correctly

* fix: add 2fa to default login policy

* fix: setup

* Update internal/setup/step7.go

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
 2020-11-18 12:56:24 +01:00
adlerhurst
147782332f Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-18 10:36:02 +01:00
Fabi
119ddbfa09
fix: new build (#977) 2020-11-17 17:29:41 +01:00
adlerhurst
edff816ec1 start idp config 2020-11-17 13:44:37 +01:00
Livio Amstutz
376fba72d8
fix: user init mail (for wrong email) (#891) 
* add resendInitialMail

* disable email notifications (when not initialised)

* fix resend init mail

* add tests

* cleanup

* cleanup

* fix tests

* add resend trigger, dialog

* refactor contact component, add sendinitmail fnc

* skip email if empty

* reload user on phone email changes, i18n warndialog on dl

* lint

* rebuild mgmt proto

* remove initial focus

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
 2020-11-16 11:43:22 +01:00
Fabi
78c0cf2f57
fix: add and verified projectID in audience (#957) 
* feat: new scope for project id in aud

* feat: add doc

* feat: projectid endpoint

* feat: remove handle Proejct id

* fix: remove go.mod replace

* fix: add project id to aud

* fix: update oidc version

* fix: change project id scope

* update projectID scope to current usage

* typo: ZITADEL uppercase

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-11-16 10:54:48 +01:00
adlerhurst
4b1e79604a new iam repo in all services 2020-11-12 23:15:01 +01:00
adlerhurst
23e6cad703 start implementing new eventstore on iam 2020-11-12 22:50:01 +01:00
Silvan
966e3850ed
fix(changes): decide if human or machine modifier (#953) 2020-11-12 17:01:30 +01:00
adlerhurst
720fea4bcc member 2020-11-11 17:51:44 +01:00
adlerhurst
4e0577e74f rename files 2020-11-06 22:44:23 +01:00
adlerhurst
57fc3ddd16 policies implemented 2020-11-06 22:09:19 +01:00
adlerhurst
f7f810caa5 iam events 2020-11-06 17:25:07 +01:00
adlerhurst
f4bd5ddcbc try splitt event 2020-11-06 13:47:27 +01:00
adlerhurst
756a4f1d08 fix: union 2020-11-05 13:24:37 +01:00
Fabi
202aae4954
feat: mfa policy (#913) 
* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy on org

* feat: add mfa to login policy on org

* feat: append events on policy views

* feat: iam login policy mfa definition

* feat: login policies on orgs

* feat: configured mfas in login process

* feat: configured mfas in login process

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: rename software and hardware mfas

* fix: pr requests

* fix user mfa

* fix: test

* fix: oidc version

* fix: oidc version

* fix: proto gen

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
 2020-11-04 11:26:10 +01:00
Fabi
51417be35d
feat: primary domain (#936) 
* fix: primary domain

* fix: remove comment

* fix: oidc version
 2020-11-03 10:50:03 +01:00
Fabi
b79661d66e
fix: add search params for user grants (#915) 2020-11-03 07:52:49 +01:00
Livio Amstutz
6a91cfe5a6
fix: email styling (#918) 2020-10-28 15:26:20 +01:00
Silvan
b9fdcb53a2
fix: auth app handler with projectEvents (#917) 2020-10-28 11:19:10 +01:00
adlerhurst
3093eb0dbd Merge branch 'master' into new-eventstore 2020-10-27 16:07:24 +01:00
adlerhurst
727d783478 fix: eventstore tests 2020-10-27 16:03:17 +01:00
Silvan
e686268e81
fix: flags on application view (#910) 
* wg24q

* fix: set ProjectRoleCheck and ProjectRoleAssertion on added application
 2020-10-27 15:53:36 +01:00
adlerhurst
faee29bbb6 fix: tests 2020-10-27 15:42:18 +01:00
adlerhurst
936c88c6ed fix: comments 2020-10-26 14:49:42 +01:00
Livio Amstutz
524a6d4467
fix: type conversation (#894) 2020-10-26 08:38:48 +01:00
adlerhurst
dfb8c266d7 test: example for eventstore 2020-10-23 16:16:46 +02:00
adlerhurst
b6ed7a396c fix(eventstore): resource owner from previous event 2020-10-22 18:13:31 +02:00
adlerhurst
0f855c86cf test: eventstore queries 2020-10-21 19:45:23 +02:00
adlerhurst
5fc0a808e1 test(eventstore): queries 2020-10-21 19:29:22 +02:00
adlerhurst
3c9c2806c8 test: eventstore 2020-10-21 19:00:41 +02:00
Livio Amstutz
274dce2c6a
fix(notification): check both user event versions and if code expired (#887) 2020-10-21 16:42:29 +02:00
Livio Amstutz
b3f68c8f48
feat: add tracing interceptors to login and oidc (#764) 
* add tracing interceptors to login and oidc

* add some tracing spans

* trace login calls

* add some spans

* add some spans (change password)

* add some more tracing in oauth/oidc

* revert org exists

* Merge branch 'master' into http-tracing

# Conflicts:
#	internal/api/oidc/auth_request.go
#	internal/api/oidc/client.go
#	internal/auth/repository/eventsourcing/eventstore/auth_request.go
#	internal/auth/repository/eventsourcing/eventstore/user.go
#	internal/authz/repository/eventsourcing/eventstore/token_verifier.go
#	internal/authz/repository/eventsourcing/view/token.go
#	internal/user/repository/eventsourcing/eventstore.go
 2020-10-21 10:18:34 +02:00
adlerhurst
83121ab44d test: eventstore query 2020-10-21 09:39:24 +02:00
Michael Waeger
42384763d1
feat: Private label email policy (#813) 
* Label Policy added

* save

* chore: update docs action

* Save

* Save

* Get colors from DB

* Variables inserted

* Get images from global directory.

* Add tests

* Add tests

* Corrections from mergerequest

* Corrections from mergerequest

* Test corrected.

* Added colors to all notifications.

* Added colors to
Corrected text and formatting.all notifications.

* Spelling error corrected.

* fix: tests

* Merge Branch corrected.

* Step6 added

* Corrections from mergerequest

* fix: generate management

* Formatted texts.

* fix: migrations

Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
 2020-10-20 19:10:23 +02:00
Fabi
57a3ccc91b
fix: handle login policy removed (#882) 2020-10-20 15:54:26 +02:00
Fabi
7e56ace9d9
fix: idp provider handler (#874) 
* fix: idp provider handler

* fix: idp provider search

* fix: idp provider search

* fix: error handling

* fix: error handling

* fix: fix read config
 2020-10-20 14:26:19 +02:00
Fabi
46bc987b28
fix: idp changes (#872) 2020-10-20 08:23:56 +02:00
Fabi
4eb380a825
fix: IDP login button styles (#869) 
* fix: styling type on idp

* fix: google styling

* fix: google styling

* fix: google styling

* fix: remove logo src from angular

* fix: pr requests

* fix drop column migration

* fix: drop column migration

* fix: grant id
 2020-10-19 17:10:02 +02:00
Fabi
bb9747923c
fix: cascade remove external login (#871) 
* fix: cascade remove external login

* fix: tests
 2020-10-19 16:28:06 +02:00
adlerhurst
370597a0e8 fix: remove routines 2020-10-19 13:58:59 +02:00
adlerhurst
35ce026651 try with goroutines 2020-10-19 09:53:32 +02:00
Fabi
c3b4c3f264
fix: translations and oidc package update (#845) 
* fix: translation

* fix: translation

* fix: translation

* fix: UserInfo with JWT access token

* fix: dependencies

* fix: dependencies

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-10-16 13:15:19 +02:00
Livio Amstutz
a321d850ae
feat: project roles (#843) 
* fix logging

* token verification

* feat: assert roles

* feat: add project role assertion on project and token type on app

* id and access token role assertion

* add project role check

* user grant required step in login

* update library

* fix merge

* fix merge

* fix merge

* update oidc library

* fix tests

* add tests for GrantRequiredStep

* add missing field ProjectRoleCheck on project view model

* fix project create

* fix project create
 2020-10-16 07:49:38 +02:00
adlerhurst
55e5e82dbc fix(eventstore): set previous sequence NULL if not checked 2020-10-15 16:51:00 +02:00
Fabi
265b491696
feat: tokens on user aggregate (#837) 
* fix: fix remove policies in spoolers

* fix: reread of token by id

* fix: update oidc package

* fix: possible nil pointer on token split

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-10-15 13:52:41 +02:00
adlerhurst
62f0d9d59d push tests 2020-10-15 13:25:25 +02:00
Fabi
fbb30840f1
feat: policies on aggregates (#799) 
* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
 2020-10-15 10:27:13 +02:00
Fabi
318e2c5e44
fix: reset external login verification on logout (#840) 2020-10-15 09:37:12 +02:00
adlerhurst
d400b02e53 test(eventstore): push 2020-10-15 08:44:17 +02:00
adlerhurst
639872b82e fix: add tests 2020-10-14 12:43:31 +02:00
Fabi
905ee1c68a
fix: handle usermemberships on project and project grant delete (#825) 2020-10-13 07:46:44 +02:00
Fabi
8fe635d3fd
fix: delete external idps from users (#822) 2020-10-09 11:07:25 +02:00
Fabi
56d5704749
fix: external login (#818) 
* fix: external login

* fix: external login
 2020-10-07 16:29:56 +02:00
Fabi
a19b4d2659
fix: nil pointer on get userdata (#815) 2020-10-07 10:46:22 +02:00
Fabi
9ad547185c
feat: remove user (#812) 
* feat: remove user

* feat: handle delete state on user by id

* feat: handle delete state on project by id
 2020-10-07 08:16:42 +02:00
adlerhurst
71fd4bf9f9 refactor: eventstore v2 2020-10-06 21:28:09 +02:00
adlerhurst
46a68c15bf fix: eventstore v2 insert statement 2020-10-06 20:20:23 +02:00
adlerhurst
9342efa834 refactor: eventstore v2 2020-10-06 20:19:56 +02:00
Silvan
8278efc131
fix(eventstore): check if creation date is not zero (#811) 2020-10-06 07:26:09 +02:00
adlerhurst
f2559c2027 crdb tests 2020-10-05 22:03:21 +02:00
adlerhurst
53b02b7f5e event data mapping in eventstore v2 2020-10-05 22:02:59 +02:00
adlerhurst
64a0859d76 test(eventstore): sql unit tests 2020-10-05 20:39:36 +02:00
adlerhurst
120a8bae85 refactor(eventstore): sql 2020-10-05 19:09:26 +02:00
Fabi
f939eab133
fix: check existing idp (#809) 
* fix: logs

* Update Dockerfile

* Fallback to old Docker file

* fix: for loop

* fix: for loop

* fix: for loop

* fix: remove logs

* fix: remove logs

Co-authored-by: Florian Forster <florian@caos.ch>
 2020-10-05 17:14:08 +02:00
adlerhurst
eb51a429ff testing with local cockroach started for tests and migrations 2020-10-02 16:21:51 +02:00
Fabi
198370325d
fix: user session with external login (#797) 
* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name
 2020-10-02 08:02:09 +02:00
adlerhurst
169b1787df start with cockroach test server 2020-09-30 19:04:52 +02:00
Silvan
bdcf9fcc5c
fix(authz): fix user grant handler (#795) 2020-09-30 10:29:41 +02:00
adlerhurst
e4d8478b04 start sqlite migrations 2020-09-30 10:00:05 +02:00
Fabi
83b0ac1fdb
fix: idps (#777) 
* fix: update client secret, skip passwordsteps only if login not if linking

* fix: global policy for register

* fix: scope handling

* fix: back after error

* fix: change org id scope to primary domain

* fix: check if primarydomain empty

* fix: local sh

* fix: disable buttons on org login policy
 2020-09-28 09:29:41 +02:00
Silvan
3e1204524e
fix: multiple setup steps (#773) 
* fix: multiple setup steps

* fix: test set up started

* fix: possible nil pointers in setup

* fix: validate executed step
 2020-09-24 11:38:28 +02:00
adlerhurst
7da344be26 init v2 2020-09-24 08:52:10 +02:00
Fabi
0bd27bc8e4
fix: add prompt on oidc rp, fix idp and login policy in console (#769) 
* fix: add prompt on oidc rp

* fix: add prompt on oidc rp

* fix: translation

* fix: translation

* fix: not existing login policy

* fix: login policy

* fix: identity provider detail

* fix: idp update

* fix: idps in login policy

* fix: lint

* fix: scss

* fix: external idps on auth user detail

* fix: idp create mapping fields

* fix: remove idp provider

* fix: angular lint

* fix: login policy view

* fix: translations
 2020-09-23 16:52:19 +02:00
Livio Amstutz
9887e897ee
fix: only show external login text when providers available (#768) 2020-09-21 14:06:54 +02:00
Livio Amstutz
da8f243129
fix: marshal of user info address (#767) 2020-09-21 12:55:39 +02:00
Fabi
108f6b3545
feat: external idps on user (#755) 
* feat: show external idps on user

* feat: show external idps on user

* fix: angular linting

* fix: display Name

* fix: display Name email
 2020-09-18 17:00:38 +02:00
Silvan
ee0383cae8
refactor: spooled handler (#752) 
* refactor: spooled handler

* fix(spooler): test locked channel
 2020-09-18 13:39:28 +02:00
Fabi
320ddfa46d
feat: Identity brokering (#730) 
* feat: add/ remove external idps

* feat: external idp add /remove

* fix: auth proto

* fix: handle login

* feat: loginpolicy on authrequest

* feat: idp providers on login

* feat: link external idp

* fix: check login policy on check username

* feat: add mapping fields for idp config

* feat: use user org id if existing

* feat: use user org id if existing

* feat: register external user

* feat: register external user

* feat: user linking

* feat: user linking

* feat: design external login

* feat: design external login

* fix: tests

* fix: regenerate login design

* feat: next step test linking process

* feat: next step test linking process

* feat: cascade remove external idps on user

* fix: tests

* fix: tests

* feat: external idp requsts on users

* fix: generate protos

* feat: login styles

* feat: login styles

* fix: link user

* fix: register user on specifig org

* fix: user linking

* fix: register external, linking auto

* fix: remove unnecessary request from proto

* fix: tests

* fix: new oidc package

* fix: migration version

* fix: policy permissions

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* Update internal/ui/login/handler/link_users_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* fix: pr requests

* fix: pr requests

* fix: login name size

* fix: profile image light

* fix: colors

* fix: pr requests

* fix: remove redirect uri validator

* fix: remove redirect uri validator

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2020-09-18 13:26:28 +02:00