Stefan Benz
15fd3045e0
feat: add SAML as identity provider ( #6454 )
...
* feat: first implementation for saml sp
* fix: add command side instance and org for saml provider
* fix: add query side instance and org for saml provider
* fix: request handling in event and retrieval of finished intent
* fix: add review changes and integration tests
* fix: add integration tests for saml idp
* fix: correct unit tests with review changes
* fix: add saml session unit test
* fix: add saml session unit test
* fix: add saml session unit test
* fix: changes from review
* fix: changes from review
* fix: proto build error
* fix: proto build error
* fix: proto build error
* fix: proto require metadata oneof
* fix: login with saml provider
* fix: integration test for saml assertion
* lint client.go
* fix json tag
* fix: linting
* fix import
* fix: linting
* fix saml idp query
* fix: linting
* lint: try all issues
* revert linting config
* fix: add regenerate endpoints
* fix: translations
* fix mk.yaml
* ignore acs path for user agent cookie
* fix: add AuthFromProvider test for saml
* fix: integration test for saml retrieve information
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-29 11:26:14 +02:00
Livio Spring
68bfab2fb3
feat(login): use default org for login without provided org context ( #6625 )
...
* start feature flags
* base feature events on domain const
* setup default features
* allow setting feature in system api
* allow setting feature in admin api
* set settings in login based on feature
* fix rebasing
* unit tests
* i18n
* update policy after domain discovery
* some changes from review
* check feature and value type
* check feature and value type
2023-09-29 08:21:32 +00:00
Livio Spring
593d1605ab
fix: only reuse active session and use correct policies (from user org) ( #6603 )
2023-09-21 16:45:41 +02:00
Silvan
6672dcd87d
fix: add spans in auth requests ( #6368 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-18 07:21:31 +00:00
Livio Spring
7c494fd219
feat(login): add OTP (email and sms) ( #6353 )
...
* feat: login with otp
* fix(i18n): japanese translation
* add missing files
* fix provider change
* add event types translations to en
* add tests
* resourceOwner
* remove unused handler
* fix: secret generators and add comments
* add setup step
* rename
* linting
* fix setup
* improve otp handling
* fix autocomplete
* translations for login and notifications
* translations for event types
* changes from review
* check selected mfa type
2023-08-15 12:47:05 +00:00
Miguel Cabrerizo
85423b73e9
fix: avatar missing on login after going back ( #6238 )
...
* fix: avatar missing on login after going back
* fix: apply @livio-a suggestion
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-10 14:19:39 +00:00
Livio Spring
57857b8d30
fix: check if session is reused on reauthentication ( #6322 )
...
* fix: check if session is reused on reauth steps
* add nolint directive
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-08-07 08:01:24 +00:00
Livio Spring
45262e6829
fix: migrate external id of federated users ( #6312 )
...
* feat: migrate external id
* implement tests and some renaming
* fix projection
* cleanup
* i18n
* fix event type
* handle migration for new services as well
* typo
2023-08-04 11:35:36 +02:00
Livio Spring
a1942ecdaa
feat(api): add and remove OTP (SMS and email) ( #6295 )
...
* refactor: rename otp to totp
* feat: add otp sms and email
* implement tests
2023-08-02 18:57:53 +02:00
Livio Spring
dd480f8a8d
feat(login): reuse existing session if no prompt is provided and only single session exists ( #6272 )
...
* feat: reuse existing session if no prompt is provided and only single session exists
* fix tests
2023-08-01 11:21:44 +00:00
Livio Spring
d3e403f645
perf: reduce events read from eventstore ( #6280 )
...
* fix: events query user
* fix: events query user
* user events query
* fix tests
* fix query
* cleanup
---------
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
2023-07-27 12:10:19 +00:00
Livio Spring
fed15574f6
feat: allow to force MFA local only ( #6234 )
...
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00
Miguel Cabrerizo
78eae6f62b
fix: domain discovery should be case insensitive ( #6134 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-12 13:02:16 +00:00
Livio Spring
84085478ec
fix(login): ensure auth request information is up-to-date in external user check ( #6060 )
2023-06-21 05:00:03 +00:00
Stefan Benz
2d13d412a2
fix: update linking users if action changed values ( #6024 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-15 07:02:53 +00:00
Livio Spring
458a383de2
fix: use current sequence for refetching of events ( #5772 )
...
* fix: use current sequence for refetching of events
* fix: use client ids
2023-04-28 16:28:13 +02:00
Tim Möhlmann
5819924275
feat: device authorization RFC 8628 ( #5646 )
...
* device auth: implement the write events
* add grant type device code
* fix(init): check if default value implements stringer
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-19 08:46:02 +00:00
Livio Spring
8bf36301ed
feat: allow skip of success page for native apps ( #5627 )
...
add possibility to return to callback directly after login without rendering the successful login page
2023-04-11 15:07:32 +00:00
Elio Bischof
8141d902b8
fix: delete org project mapping by grant id ( #5607 )
...
* fix: delete org project mapping by grant id
* fix: check for project on authentication using projections
* fix tests
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-06 05:46:12 +00:00
Miguel Cabrerizo
1b9cea0e0c
feat: add Help/Support e-mail for instance/org ( #5445 )
...
feat: help and support email in privacy policy
2023-03-28 21:36:52 +02:00
Stefan Benz
41ff0bbc63
feat: ldap provider login ( #5448 )
...
Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI.
2023-03-24 15:18:56 +00:00
Livio Spring
a8a2edadc2
fix: use correct resource owner in checkExternalUserLogin ( #5457 )
2023-03-16 13:14:08 +00:00
Silvan
eb4f7c5d7c
fix(auth): update user grants before check ( #5406 )
2023-03-13 08:03:49 +01:00
Livio Spring
48f9815b7c
feat(login): use new IDP templates ( #5315 )
...
The login uses the new template based IDPs with backwards compatibility for old IDPs
2023-02-28 21:20:58 +01:00
Livio Spring
0530f19d94
feat: allow usernames without @ when UserMustBeDomain false ( #4852 )
...
* feat: allow usernames without @ when UserMustBeDomain false
* e2e
* test(e2e): table driven tests for humans and machines
* cleanup
* fix(e2e): ensure there are no username conflicts
* e2e: make awaitDesired async
* rm settings mapping
* e2e: make awaitDesired async
* e2e: parse sequence as int
* e2e: ensure test fails if awaitDesired fails
Co-authored-by: Max Peintner <max@caos.ch>
2022-12-22 11:16:17 +00:00
Silvan
f3e6f3b23b
feat: remove org ( #4148 )
...
* feat(command): remove org
* refactor: imports, unused code, error handling
* reduce org removed in action
* add org deletion to projections
* add org removal to projections
* add org removal to projections
* org removed projection
* lint import
* projections
* fix: table names in tests
* fix: table names in tests
* logging
* add org state
* fix(domain): add Owner removed to object details
* feat(ListQuery): add with owner removed
* fix(org-delete): add bool to functions to select with owner removed
* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner
* fix(org-delete): add unit tests for owner removed and org removed events
* fix(org-delete): add handling of org remove for grants and members
* fix(org-delete): correction of unit tests for owner removed
* fix(org-delete): update projections, unit tests and get functions
* fix(org-delete): add change date to authnkeys and owner removed to org metadata
* fix(org-delete): include owner removed for login names
* fix(org-delete): some column fixes in projections and build for queries with owner removed
* indexes
* fix(org-delete): include review changes
* fix(org-delete): change user projection name after merge
* fix(org-delete): include review changes for project grant where no project owner is necessary
* fix(org-delete): include auth and adminapi tables with owner removed information
* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed
* fix(org-delete): add permissions for org.remove
* remove unnecessary unique constraints
* fix column order in primary keys
* fix(org-delete): include review changes
* fix(org-delete): add owner removed indexes and chang setup step to create tables
* fix(org-delete): move PK order of instance_id and change added user_grant from review
* fix(org-delete): no params for prepareUserQuery
* change to step 6
* merge main
* fix(org-delete): OldUserName rename to private
* fix linting
* cleanup
* fix: remove org test
* create prerelease
* chore: delete org-delete as prerelease
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 17:01:17 +01:00
Livio Spring
062887269b
fix(login): check user state before ignoreUnknownUsernames setting ( #4759 )
...
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-11-24 09:13:19 +00:00
Livio Spring
27e7dc68a8
feat: allow disabling the mfa setup prompt ( #4575 )
...
* feat: allow disabling the mfa setup prompt
* e2e: disable mfa prompt
Co-authored-by: Max Peintner <max@caos.ch>
2022-10-26 10:20:01 +02:00
Livio Spring
3270a94291
fix: idp usage ( #4571 )
...
* fix: send email verification instead of init code for idp users
* fix: select single idp of external only users
* fix: use single idp on login
2022-10-18 14:48:26 +00:00
Livio Spring
b0b1e94090
feat(login): additionally use email/phone for authentication ( #4563 )
...
* feat: add ability to disable login by email and phone
* feat: check login by email and phone
* fix: set verified email / phone correctly on notify users
* update projection version
* fix merge
* fix email/phone verified reduce tests
* fix user tests
* loginname check
* cleanup
* fix: update user projection version to handle fixed statement
2022-10-17 19:19:15 +00:00
Livio Spring
6daf44a34a
fix: clear potentially existing user information on auth request for domain discovery ( #4528 )
2022-10-11 11:12:07 +02:00
Livio Spring
3b03ad82bf
fix: registration allowed check and pass loginname to registration ( #4507 )
2022-10-07 12:17:17 +00:00
Livio Spring
d775020a32
fix: login for initial users ( #4506 )
2022-10-07 13:56:50 +02:00
Livio Spring
bffb10a4b4
feat: allow domain discovery for unknown usernames ( #4484 )
...
* fix: wait for projection initialization to be done
* feat: allow domain discovery for unknown usernames
* fix linting
* Update console/src/assets/i18n/de.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/en.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/it.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/fr.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix zh i18n text
* fix projection table name
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-10-06 13:30:14 +02:00
Livio Spring
7dfa1925cc
feat: restrict login to specific org by id (scope) ( #4294 )
...
* feat: add new org scope
* change default of UserLoginMustBeDomain to false
* return resource owner claims
* fix: use email style for first user
* fix: ensure email style for default users (backwards compatibility)
* change to external domain (as it was before UserLoginMustBeDomain change)
* update e2e tests to use email style usernames
* document new scope
* lint e2e
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-09-23 12:08:10 +00:00
Stefan Benz
7a5f7f82cf
feat(saml): implementation of saml for ZITADEL v2 ( #3618 )
2022-09-12 18:18:08 +02:00
Livio Spring
cc612fed07
fix: trim spaces for usernames and organization names ( #4217 )
2022-08-19 15:00:14 +02:00
Livio Spring
d620126aab
fix: handle nil pointer when login hint is invalid ( #4066 )
...
* fix: handle nil pointer when login hint is invalid
* mention encoding for login_hint
2022-07-28 14:11:10 +02:00
Livio Spring
8434eaa9c0
fix: require user verification for passwordless authentication ( #3896 )
2022-07-06 08:32:05 +02:00
Livio Spring
1b4740c78f
fix: primary domain scope (handle context correctly) ( #3872 )
2022-06-27 09:24:23 +02:00
Silvan
dd2f31683c
fix(query): realtime data on defined requests ( #3726 )
...
* feat: directly specify factors on addCustomLoginPolicy and return on LoginPolicy responses
* fix proto
* update login policy
* feat: directly specify idp on addCustomLoginPolicy and return on LoginPolicy responses
* fix: tests
* fix(projection): trigger bulk
* refactor: clean projection pkg
* instance should bulk
* fix(query): should trigger bulk on id calls
* tests
* build prerelease
* fix: add shouldTriggerBulk
* fix: test
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
2022-06-14 07:51:00 +02:00
Livio Spring
7f34ce1891
fix: allow project grants without roles in database ( #3786 )
2022-06-09 11:48:54 +02:00
Livio Amstutz
41d78ef523
fix: return absolute url for avatar in user sessions ( #3724 )
...
* fix: return absolute url for avatar in user sessions
* fix: refresh token unique constraint
2022-05-30 11:27:52 +00:00
Livio Amstutz
411d7c6c5c
feat: add default redirect uri and handling of unknown usernames ( #3616 )
...
* feat: add possibility to ignore username errors on first login screen
* console changes
* fix: handling of unknown usernames (#3445 )
* fix: handling of unknown usernames
* fix: handle HideLoginNameSuffix on unknown users
* feat: add default redirect uri on login policy (#3607 )
* feat: add default redirect uri on login policy
* fix tests
* feat: Console login policy default redirect (#3613 )
* console default redirect
* placeholder
* validate default redirect uri
* allow empty default redirect uri
Co-authored-by: Max Peintner <max@caos.ch>
* remove wonrgly cherry picked migration
Co-authored-by: Max Peintner <max@caos.ch>
2022-05-16 13:39:09 +00:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Livio Amstutz
1305c14e49
feat: handle instanceID in projections ( #3442 )
...
* feat: handle instanceID in projections
* rename functions
* fix key lock
* fix import
2022-04-19 08:26:12 +02:00
Fabi
c740ee5d81
feat: Instance commands ( #3385 )
...
* fix: add events for domain
* fix: add/remove domain command side
* fix: add/remove domain command side
* fix: add/remove domain query side
* fix: create instance
* fix: merge v2
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from api
* fix: remove domain.IAMID
* fix: remove domain.IAMID
* fix: add instance domain queries
* fix: fix after merge
* Update auth_request.go
* fix keypair
* remove unused code
* feat: read instance id from context
* feat: remove unused code
* feat: use instance id from context
* some fixes
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-05 05:58:09 +00:00
Livio Amstutz
87560157c1
fix: change to repository event types and removed unused code ( #3386 )
...
* fix: change to repository event types and removed unused code
* some fixes
* remove unused code
2022-03-31 11:36:26 +02:00
Livio Amstutz
958362e6c9
feat: handle instance from context ( #3382 )
...
* commander
* commander
* selber!
* move to packages
* fix(errors): implement Is interface
* test: command
* test: commands
* add init steps
* setup tenant
* add default step yaml
* possibility to set password
* merge v2 into v2-commander
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: search query builder can filter events in memory
* fix: filters for add member
* fix(setup): add `ExternalSecure` to config
* chore: name iam to instance
* fix: matching
* remove unsued func
* base url
* base url
* test(command): filter funcs
* test: commands
* fix: rename orgiampolicy to domain policy
* start from init
* commands
* config
* fix indexes and add constraints
* fixes
* fix: merge conflicts
* fix: protos
* fix: md files
* setup
* add deprecated org iam policy again
* typo
* fix search query
* fix filter
* Apply suggestions from code review
* remove custom org from org setup
* add todos for verification
* change apps creation
* simplify package structure
* fix error
* move preparation helper for tests
* fix unique constraints
* fix config mapping in setup
* fix error handling in encryption_keys.go
* fix projection config
* fix query from old views to projection
* fix setup of mgmt api
* set iam project and fix instance projection
* fix tokens view
* fix steps.yaml and defaults.yaml
* fix projections
* change instance context to interface
* instance interceptors and additional events in setup
* cleanup
* tests for interceptors
* fix label policy
* add todo
* single api endpoint in environment.json
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-29 11:53:19 +02:00
Livio Amstutz
504fe5b761
cherry pick changes from main ( #3371 )
...
* feat: remove exif data from uploaded images (#3221 )
* feat: remove exif tags from images
* feat: remove exif data
* feat: remove exif
* fix: add preferredLoginName to user grant response (#3271 )
* chore: log webauthn parse error (#3272 )
* log error
* log error
* feat: Help link in privacy policy
* fix: convert correct detail data on organization (#3279 )
* fix: handle empty editor users
* fix: add some missing translations (#3291 )
* fix: org policy translations
* fix: metadata event types translation
* fix: translations
* fix: filter resource owner correctly on project grant members (#3281 )
* fix: filter resource owner correctly on project grant members
* fix: filter resource owner correctly on project grant members
* fix: add orgIDs to zitadel permissions request
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: get IAM memberships correctly in MyZitadelPermissions (#3309 )
* fix: correct login names on auth and notification users (#3349 )
* fix: correct login names on auth and notification users
* fix: migration
* fix: handle resource owner in action flows (#3361 )
* fix merge
* fix: exchange exif library (#3366 )
* fix: exchange exif library
* ignore tiffs
* requested fixes
* feat: Help link in privacy policy
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-24 14:00:24 +01:00