Livio Spring
393f711ca7
fix: handle locking policy correctly for multiple simultaneous password checks
...
Merge pull request from GHSA-7h8m-vrxx-vr4m
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
(cherry picked from commit 22e2d55999
)
2023-11-08 14:21:09 +01:00
Silvan
b5564572bc
feat(eventstore): increase parallel write capabilities ( #5940 )
...
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005 ) and [06](https://zitadel.com/docs/support/advisory/a10006 ).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2023-10-19 12:19:10 +02:00
Livio Spring
fed15574f6
feat: allow to force MFA local only ( #6234 )
...
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing ( #6196 )
...
* feat: use passwap for human user passwords
* fix tests
* passwap config
* add the event mapper
* cleanup query side and api
* solve linting errors
* regression test
* try to fix linter errors again
* pass systemdefaults into externalConfigChange migration
* fix: user password set in auth view
* pin passwap v0.2.0
* v2: validate hashed password hash based on prefix
* resolve remaining comments
* add error tag and translation for unsupported hash encoding
* fix unit test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-14 09:49:57 +03:00
Livio Spring
82e7333169
feat(api): add password reset and change to user service ( #6036 )
...
* feat(api): add password reset and change to user service
* integration tests
* invalidate password check after password change
* handle notification type
* fix proto
2023-06-20 17:34:06 +02:00
Livio Spring
b0b1e94090
feat(login): additionally use email/phone for authentication ( #4563 )
...
* feat: add ability to disable login by email and phone
* feat: check login by email and phone
* fix: set verified email / phone correctly on notify users
* update projection version
* fix merge
* fix email/phone verified reduce tests
* fix user tests
* loginname check
* cleanup
* fix: update user projection version to handle fixed statement
2022-10-17 19:19:15 +00:00
Livio Spring
bffb10a4b4
feat: allow domain discovery for unknown usernames ( #4484 )
...
* fix: wait for projection initialization to be done
* feat: allow domain discovery for unknown usernames
* fix linting
* Update console/src/assets/i18n/de.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/en.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/it.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* Update console/src/assets/i18n/fr.json
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix zh i18n text
* fix projection table name
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-10-06 13:30:14 +02:00
Livio Amstutz
411d7c6c5c
feat: add default redirect uri and handling of unknown usernames ( #3616 )
...
* feat: add possibility to ignore username errors on first login screen
* console changes
* fix: handling of unknown usernames (#3445 )
* fix: handling of unknown usernames
* fix: handle HideLoginNameSuffix on unknown users
* feat: add default redirect uri on login policy (#3607 )
* feat: add default redirect uri on login policy
* fix tests
* feat: Console login policy default redirect (#3613 )
* console default redirect
* placeholder
* validate default redirect uri
* allow empty default redirect uri
Co-authored-by: Max Peintner <max@caos.ch>
* remove wonrgly cherry picked migration
Co-authored-by: Max Peintner <max@caos.ch>
2022-05-16 13:39:09 +00:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Livio Amstutz
a7816a43b1
refactor: remove commandNew struct ( #3465 )
...
* refactor: remove commandNew struct
* requested fixes
2022-04-20 14:59:37 +00:00
Fabi
f05d4063bf
feat: Login verification lifetimes ( #3190 )
...
* feat: add login check lifetimes to login policy
* feat: org features test
* feat: read lifetimes from loginpolicy
2022-02-21 16:05:02 +01:00
Fabi
e3528ff0b2
feat: Config to eventstore ( #3158 )
...
* feat: add default language to eventstore
* feat: add secret generator configs events
* feat: tests
* feat: secret generators in eventstore
* feat: secret generators in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* fix: migrations
* fix migration version
* fix test
* feat: change secret generator type to enum
* feat: change smtp attribute names
* feat: change smtp attribute names
* feat: remove engryption algorithms from command side
* feat: remove engryption algorithms from command side
* feat: smtp config
* feat: smtp config
* format smtp from header
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-16 15:49:17 +00:00
Livio Amstutz
af1f10b7ca
fix: check login policy before register and password check ( #2611 )
...
* fix: check login policy before register and password check
* remove accidentally pushed overwrite
* Update en.yaml
2021-11-08 07:42:07 +00:00
Fabi
bc951985ed
feat: Lockout policy ( #2121 )
...
* feat: lock users if lockout policy is set
* feat: setup
* feat: lock user on password failes
* feat: render error
* feat: lock user on command side
* feat: auth_req tests
* feat: lockout policy docs
* feat: remove show lockout failures from proto
* fix: console lockout
* feat: tests
* fix: tests
* unlock function
* add unlock button
* fix migration version
* lockout policy
* lint
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: err message
* Update internal/command/setup_step4.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2021-08-11 06:36:32 +00:00
Fabi
c0d9d86b09
fix: set password in management api ( #1766 )
...
* fix: set password in management api
* comment
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-06-03 13:28:24 +02:00
Fabi
667cc30291
feat: asset storage ( #1696 )
...
* feat: remove assets
* feat: minio implementation
* fix: remove assets from tests
* feat: minio implementation
* feat: Env vars
* fix: sprintf
* fix: sprintf
* Update internal/eventstore/repository/repository.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: error handling
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-05-03 10:15:50 +02:00
Fabi
f51f0ede5c
feat: add assets to eventstore and event ( #1674 )
...
* fix: add assets to eventstore and event
* fix: project member, grant member, app changed tests
* fix: asset migrations
* feat: add asset tests
* feat: add asset tests
* Update internal/eventstore/repository/repository.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* feat: add asset tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-04-27 12:58:18 +02:00
Livio Amstutz
bd1a3bb6d7
fix: backend bugs ( #1449 )
...
* i18n of compliance problems
* fix: return iam member roles
* remove u2f/passwordless
* u2f/passwordless
* fix rest path GetMachineKeyByIDs
* fix rest path GetMachineKeyByIDs
* fix email mime-type
* fix: member preferred login name
* machine users in notify
* fix api key query
* fix: todos grpc api
* fix: handle user init state
* fix: tests
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-03-22 14:40:25 +01:00
Fabi
3f345b1ade
feat: new es testing2 ( #1428 )
...
* fix: org tests
* fix: org tests
* fix: user grant test
* fix: user grant test
* fix: project and project role test
* fix: project grant test
* fix: project grant test
* fix: project member, grant member, app changed tests
* fix: application tests
* fix: application tests
* fix: add oidc app test
* fix: add oidc app test
* fix: add api keys test
* fix: iam policies
* fix: iam and org member tests
* fix: idp config tests
* fix: iam tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: org domain test
* fix: org tests
* fix: org tests
* fix: implement org idps
* fix: pr requests
* fix: email tests
* fix: fix idp check
* fix: fix user profile
2021-03-19 11:12:56 +01:00