Commit Graph

94 Commits

Author SHA1 Message Date
Livio Spring
fb2b1610f9
fix(oidc): remove MFA requirement on ZITADEL API based on user auth methods (#8069)
# Which Problems Are Solved

Request to the ZITADEL API currently require multi factor authentication
if the user has set up any second factor.
However, the login UI will only prompt the user to check factors that
are allowed by the login policy.
This can lead to situations, where the user has set up a factor (e.g.
some OTP) which was not allowed by the policy, therefore will not have
to verify the factor, the ZITADEL API however will require the check
since the user has set it up.

# How the Problems Are Solved

The requirement for multi factor authentication based on the user's
authentication methods is removed when accessing the ZITADEL APIs.
Those requests will only require MFA in case the login policy does so
because of `requireMFA` or `requireMFAForLocalUsers`.

# Additional Changes

None.

# Additional Context

- a customer reached out to support
- discussed internally
- relates #7822 
- backport to 2.53.x
2024-06-12 12:24:17 +00:00
Livio Spring
ec222a13d7
fix(oidc): IDP and passwordless user auth methods (#7998)
# Which Problems Are Solved

As already mentioned and (partially) fixed in #7992 we discovered,
issues with v2 tokens that where obtained through an IDP, with
passwordless authentication or with password authentication (wihtout any
2FA set up) using the v1 login for zitadel API calls
- (Previous) authentication through an IdP is now correctly treated as
auth method in case of a reauth even when the user is not redirected to
the IdP
- There were some cases where passwordless authentication was
successfully checked but not correctly set as auth method, which denied
access to ZITADEL API
- Users with password and passwordless, but no 2FA set up which
authenticate just wich password can access the ZITADEL API again

Additionally while testing we found out that because of #7969 the login
UI could completely break / block with the following error:
`sql: Scan error on column index 3, name "state": converting NULL to
int32 is unsupported (Internal)`
# How the Problems Are Solved

- IdP checks are treated the same way as other factors and it's ensured
that a succeeded check within the configured timeframe will always
provide the idp auth method
- `MFATypesAllowed` checks for possible passwordless authentication
- As with the v1 login, the token check now only requires MFA if the
policy is set or the user has 2FA set up
- UserAuthMethodsRequirements now always uses the correctly policy to
check for MFA enforcement
- `State` column is handled as nullable and additional events set the
state to active (as before #7969)

# Additional Changes

- Console now also checks for 403 (mfa required) errors (e.g. after
setting up the first 2FA in console) and redirects the user to the login
UI (with the current id_token as id_token_hint)
- Possible duplicates in auth methods / AMRs are removed now as well.

# Additional Context

- Bugs were introduced in #7822 and # and 7969 and only part of a
pre-release.
- partially already fixed with #7992
- Reported internally.
2024-05-28 08:59:49 +00:00
Tim Möhlmann
f5e9d4f57f
fix(oidc): IDP and machine user auth methods (#7992)
# Which Problems Are Solved

After https://github.com/zitadel/zitadel/pull/7822 was merged we
discovered that
v2 tokens that where obtained through an IDP using the v1 login, can't
be used for
zitadel API calls.

- Because we used to store the AMR claim on the auth request, but
internally use the domain.UserAuthMethod type. AMR has no notion of an
IDP login, so that "factor" was lost
during conversion. Rendering those v2 tokens invalid on the zitadel API.
- A wrong check on machine user tokens falsly allowed some tokens to be
valid
- The client ID was set to tokens from client credentials and JWT
profile, which made client queries fail in the validation middleware.
The middleware expects client ID unset for machine users.

# How the Problems Are Solved

Store the domain.AuthMethods directly in  the auth requests and session,
instead of using AMR claims with lossy conversion.

- IDPs have seperate auth method, which is not an AMR claim
- Machine users are treated specialy, eg auth methods are not required.
- Do not set the client ID for client credentials and JWT profile

# Additional Changes

Cleaned up mostly unused `oidc.getInfoFromRequest()`.

# Additional Context

- Bugs were introduced in https://github.com/zitadel/zitadel/pull/7822
and not yet part of a release.
- Reported internally.
2024-05-23 05:35:10 +00:00
Tim Möhlmann
8e0c8393e9
perf(oidc): optimize token creation (#7822)
* implement code exchange

* port tokenexchange to v2 tokens

* implement refresh token

* implement client credentials

* implement jwt profile

* implement device token

* cleanup unused code

* fix current unit tests

* add user agent unit test

* unit test domain package

* need refresh token as argument

* test commands create oidc session

* test commands device auth

* fix device auth build error

* implicit for oidc session API

* implement authorize callback handler for legacy implicit mode

* upgrade oidc module to working draft

* add missing auth methods and time

* handle all errors in defer

* do not fail auth request on error

the oauth2 Go client automagically retries on any error. If we fail the auth request on the first error, the next attempt will always fail with the Errors.AuthRequest.NoCode, because the auth request state is already set to failed.
The original error is then already lost and the oauth2 library does not return the original error.

Therefore we should not fail the auth request.

Might be worth discussing and perhaps send a bug report to Oauth2?

* fix code flow tests by explicitly setting code exchanged

* fix unit tests in command package

* return allowed scope from client credential client

* add device auth done reducer

* carry nonce thru session into ID token

* fix token exchange integration tests

* allow project role scope prefix in client credentials client

* gci formatting

* do not return refresh token in client credentials and jwt profile

* check org scope

* solve linting issue on authorize callback error

* end session based on v2 session ID

* use preferred language and user agent ID for v2 access tokens

* pin oidc v3.23.2

* add integration test for jwt profile and client credentials with org scopes

* refresh token v1 to v2

* add user token v2 audit event

* add activity trigger

* cleanup and set panics for unused methods

* use the encrypted code for v1 auth request get by code

* add missing event translation

* fix pipeline errors (hopefully)

* fix another test

* revert pointer usage of preferred language

* solve browser info panic in device auth

* remove duplicate entries in AMRToAuthMethodTypes to prevent future `mfa` claim

* revoke v1 refresh token to prevent reuse

* fix terminate oidc session

* always return a new refresh toke in refresh token grant

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-05-16 07:07:56 +02:00
Tim Möhlmann
fe9bb49caa
chore(deps): update all go deps (#7773)
This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.
2024-04-15 09:17:36 +00:00
Silvan
bed0f6293b
fix: check error before using token (#7664) 2024-03-28 12:19:03 +00:00
Tim Möhlmann
6398349c24
feat(oidc): token exchange impersonation (#7516)
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00
Livio Spring
19d9b8ad41
fix: reduce eventual consistency (#7075)
* fix: reduce eventual consistency

* fix tests

* fix linting
2023-12-14 11:07:47 +01:00
Tim Möhlmann
f680dd934d
refactor: rename package errors to zerrors (#7039)
* chore: rename package errors to zerrors

* rename package errors to gerrors

* fix error related linting issues

* fix zitadel error assertion

* fix gosimple linting issues

* fix deprecated linting issues

* resolve gci linting issues

* fix import structure

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00
Tim Möhlmann
24b05dc88c
fix(authz): add logging to access token verification errors (#6976)
* fix(authz): add logging to access token verification errors

Related to #6949

* use logging fields

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-27 15:35:08 +00:00
Tim Möhlmann
ba9b807854
perf(oidc): optimize the introspection endpoint (#6909)
* get key by id and cache them

* userinfo from events for v2 tokens

* improve keyset caching

* concurrent token and client checks

* client and project in single query

* logging and otel

* drop owner_removed column on apps and authN tables

* userinfo and project roles in go routines

* get  oidc user info from projections and add actions

* add avatar URL

* some cleanup

* pull oidc work branch

* remove storage from server

* add config flag for experimental introspection

* legacy introspection flag

* drop owner_removed column on user projections

* drop owner_removed column on useer_metadata

* query userinfo unit test

* query introspection client test

* add user_grants to the userinfo query

* handle PAT scopes

* bring triggers back

* test instance keys query

* add userinfo unit tests

* unit test keys

* go mod tidy

* solve some bugs

* fix missing preferred login name

* do not run triggers in go routines, they seem to deadlock

* initialize the trigger handlers late with a sync.OnceValue

* Revert "do not run triggers in go routines, they seem to deadlock"

This reverts commit 2a03da2127.

* add missing translations

* chore: update go version for linting

* pin oidc version

* parse a global time location for query test

* fix linter complains

* upgrade go lint

* fix more linting issues

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-11-21 13:11:38 +01:00
Stefan Benz
0ec7a74877
perf: remove owner removed columns from projections for oidc (#6925)
* fix: remove owner removed columns from login names projection

* fix: remove owner removed columns from flow projection

* fix: remove owner removed columns from project, projectgrant and member projections

* fix: correct unit tests for session projection

* fix: correct unit tests for session projection
2023-11-20 17:21:08 +02:00
Livio Spring
f3b8a3aece
feat: add possibility to set an expiration to a session (#6851)
* add lifetime to session api

* extend session with lifetime

* check session token expiration

* fix typo

* integration test to check session token expiration

* integration test to check session token expiration

* i18n

* cleanup

* improve tests

* prevent negative lifetime

* fix error message

* fix lifetime check
2023-11-06 10:48:28 +01:00
Elio Bischof
4980cd6a0c
feat: add SYSTEM_OWNER role (#6765)
* define roles and permissions

* support system user memberships

* don't limit system users

* cleanup permissions

* restrict memberships to aggregates

* default to SYSTEM_OWNER

* update unit tests

* test: system user token test (#6778)

* update unit tests

* refactor: make authz testable

* move session constants

* cleanup

* comment

* comment

* decode member type string to enum (#6780)

* decode member type string to enum

* handle all membership types

* decode enums where necessary

* decode member type in steps config

* update system api docs

* add technical advisory

* tweak docs a bit

* comment in comment

* lint

* extract token from Bearer header prefix

* review changes

* fix tests

* fix: add fix for activityhandler

* add isSystemUser

* remove IsSystemUser from activity info

* fix: add fix for activityhandler

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
2023-10-25 15:10:45 +00:00
adlerhurst
bd23a7a56f merge main into next 2023-10-19 12:34:00 +02:00
Silvan
b5564572bc
feat(eventstore): increase parallel write capabilities (#5940)
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and  [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2023-10-19 12:19:10 +02:00
Livio Spring
e3ac217424
fix: ensure no events are skipped on token check (#6663)
fix: ensure no events are skipped on token check
2023-10-09 09:26:27 +02:00
Tim Möhlmann
241befc185
fix(sessions/v2): resolve tOTP TODO for Auth Methods (#6470)
Fixes #6450
2023-09-01 12:53:10 +00:00
Livio Spring
bb40e173bd
feat(api): add otp (sms and email) checks in session api (#6422)
* feat: add otp (sms and email) checks in session api

* implement sending

* fix tests

* add tests

* add integration tests

* fix merge main and add tests

* put default OTP Email url into config

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-08-24 09:41:52 +00:00
Tim Möhlmann
86af67d1be
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00
Tim Möhlmann
11b5a73551
fix: trigger session by id in verifySessionToken (#6325) 2023-08-04 18:16:27 +03:00
Livio Spring
a1942ecdaa
feat(api): add and remove OTP (SMS and email) (#6295)
* refactor: rename otp to totp

* feat: add otp sms and email

* implement tests
2023-08-02 18:57:53 +02:00
Livio Spring
d3e403f645
perf: reduce events read from eventstore (#6280)
* fix: events query user

* fix: events query user

* user events query

* fix tests

* fix query

* cleanup

---------

Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
2023-07-27 12:10:19 +00:00
Livio Spring
fed15574f6
feat: allow to force MFA local only (#6234)
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00
Livio Spring
80961125a7
feat(API): support V2 token and session token usage (#6180)
This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
2023-07-14 11:16:16 +00:00
Livio Spring
458a383de2
fix: use current sequence for refetching of events (#5772)
* fix: use current sequence for refetching of events

* fix: use client ids
2023-04-28 16:28:13 +02:00
Silvan
095ec21678
feat: user v2alpha email API (#5708)
* chore(proto): update versions

* change protoc plugin

* some cleanups

* define api for setting emails in new api

* implement user.SetEmail

* move SetEmail buisiness logic into command

* resuse newCryptoCode

* command: add ChangeEmail unit tests

Not complete, was not able to mock the generator.

* Revert "resuse newCryptoCode"

This reverts commit c89e90ae35.

* undo change to crypto code generators

* command: use a generator so we can test properly

* command: reorganise ChangeEmail

improve test coverage

* implement VerifyEmail

including unit tests

* add URL template tests

* proto: change context to object

* remove old auth option

* remove old auth option

* fix linting errors

run gci on modified files

* add permission checks and fix some errors

* comments

* comments

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-04-25 09:02:29 +02:00
Tim Möhlmann
25c3c17986
chore: upgrade to oidc v2 release (#5437)
* chore: upgrade to oidc v2 release

* fix tests

* fix build errors after rebase

* pin oidc v2.1.0

* pin oidc v2.1.1 (include bugfix)

* pin oidc v2.1.2 (include bugfix)

* pin oidc v2.2.1 (bugfix)

include fix zitadel/oidc#349

* fix: refresh token handling

* simplify cognitive complexity

* fix: handle error

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-03-28 11:28:56 +00:00
Silvan
f3e6f3b23b
feat: remove org (#4148)
* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 17:01:17 +01:00
Silvan
84b20bc4e1
fix(auth): always get token by id and user id (#4371)
Co-authored-by: Florian Forster <florian@zitadel.com>
2022-09-15 12:59:40 +00:00
Livio Spring
5aa91ad105
fix: improve performance (#4300)
## Note

This release requires a setup step to fully improve performance.
Be sure to start ZITADEL with an appropriate command (zitadel start-from-init / start-from-setup)

## Changes

- fix: only run projection scheduler on active instances
- fix: set default for concurrent instances of projections to 1 (for scheduling)
- fix: create more indexes on eventstore.events table
- fix: get current sequence for token check (improve reread performance)
2022-09-02 14:05:13 +00:00
Livio Spring
69534a2f7a
feat: allow JWT for ZITADEL APIs (#4206)
* feat: allow JWT for ZITADEL APIs

* improve getTokenIDAndSubject

* comment

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2022-08-23 08:02:36 +02:00
Livio Spring
5bd9badbcf
fix: project grants (#4031)
* fix: filter granted memberships correctly

* fix: only show changes of granted project

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>

* Update internal/query/user_membership.go

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-07-27 07:55:44 +00:00
Livio Amstutz
79452da7d6
fix: check membership from projection (#3710)
* fix: check membership from projection

* remove authz setup
2022-05-25 14:07:16 +02:00
Livio Amstutz
cf6f4d6894
fix(tracing): parsing of fraction (#3705)
* fix(tracing): parsing of fraction

* log id
2022-05-24 09:18:25 +00:00
Livio Amstutz
616b31c959
fix: token check and error unwrapping (#3648)
* fix: token check and error unwrapping

* remove unused code
2022-05-18 10:49:16 +02:00
Livio Amstutz
861cf07700
feat: permit all features to every instance and organisation (#3566) 2022-05-02 11:18:17 +02:00
Livio Amstutz
dc7fdb240b
fix: token verification (don't cache zitadel id system wide) (#3542) 2022-04-29 14:16:23 +02:00
Florian Forster
fa9f581d56
chore(v2): move to new org (#3499)
* chore: move to new org

* logging

* fix: org rename caos -> zitadel

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Livio Amstutz
1305c14e49
feat: handle instanceID in projections (#3442)
* feat: handle instanceID in projections

* rename functions

* fix key lock

* fix import
2022-04-19 08:26:12 +02:00
Fabi
c740ee5d81
feat: Instance commands (#3385)
* fix: add events for domain

* fix: add/remove domain command side

* fix: add/remove domain command side

* fix: add/remove domain query side

* fix: create instance

* fix: merge v2

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from api

* fix: remove domain.IAMID

* fix: remove domain.IAMID

* fix: add instance domain queries

* fix: fix after merge

* Update auth_request.go

* fix keypair

* remove unused code

* feat: read instance id from context

* feat: remove unused code

* feat: use instance id from context

* some fixes

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-05 05:58:09 +00:00
Livio Amstutz
87560157c1
fix: change to repository event types and removed unused code (#3386)
* fix: change to repository event types and removed unused code

* some fixes

* remove unused code
2022-03-31 11:36:26 +02:00
Livio Amstutz
958362e6c9
feat: handle instance from context (#3382)
* commander

* commander

* selber!

* move to packages

* fix(errors): implement Is interface

* test: command

* test: commands

* add init steps

* setup tenant

* add default step yaml

* possibility to set password

* merge v2 into v2-commander

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: search query builder can filter events in memory

* fix: filters for add member

* fix(setup): add `ExternalSecure` to config

* chore: name iam to instance

* fix: matching

* remove unsued func

* base url

* base url

* test(command): filter funcs

* test: commands

* fix: rename orgiampolicy to domain policy

* start from init

* commands

* config

* fix indexes and add constraints

* fixes

* fix: merge conflicts

* fix: protos

* fix: md files

* setup

* add deprecated org iam policy again

* typo

* fix search query

* fix filter

* Apply suggestions from code review

* remove custom org from org setup

* add todos for verification

* change apps creation

* simplify package structure

* fix error

* move preparation helper for tests

* fix unique constraints

* fix config mapping in setup

* fix error handling in encryption_keys.go

* fix projection config

* fix query from old views to projection

* fix setup of mgmt api

* set iam project and fix instance projection

* fix tokens view

* fix steps.yaml and defaults.yaml

* fix projections

* change instance context to interface

* instance interceptors and additional events in setup

* cleanup

* tests for interceptors

* fix label policy

* add todo

* single api endpoint in environment.json

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-29 11:53:19 +02:00
Fabi
9d4f296c62
fix: rename iam to instance (#3345)
* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename orgiampolicy to domain policy

* fix: merge conflicts

* fix: protos

* fix: md files

* implement deprecated org iam policy again

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-24 16:21:34 +00:00
Livio Amstutz
56b916a2b0
feat: projections auto create their tables (#3324)
* begin init checks for projections

* first projection checks

* debug notification providers with query fixes

* more projections and first index

* more projections

* more projections

* finish projections

* fix tests (remove db name)

* create tables in setup

* fix logging / error handling

* add tenant to views

* rename tenant to instance_id

* add instance_id to all projections

* add instance_id to all queries

* correct instance_id on projections

* add instance_id to failed_events

* use separate context for instance

* implement features projection

* implement features projection

* remove unique constraint from setup when migration failed

* add error to failed setup event

* add instance_id to primary keys

* fix IAM projection

* remove old migrations folder

* fix keysFromYAML test
2022-03-23 09:02:39 +01:00
Livio Amstutz
699fdaf68e
feat: add personal access tokens for service users (#2974)
* feat: add machine tokens

* fix test

* rename to pat

* fix merge and tests

* fix scopes

* fix migration version

* fix test

* Update internal/repository/user/personal_access_token.go

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-02-08 09:37:28 +01:00
Livio Amstutz
1367a2e139
feat: limit amount of active actions (#3143)
* max actions

* fix: max allowed actions

* fix: max allowed actions

* fix tests
2022-02-02 09:04:05 +01:00
Livio Amstutz
e99b7f4972
fix: move activity log to queries and remove old code (#3096)
* move changes to queries and remove old code

* fix changes query

* remove unused code

* fix sorting

* fix sorting

* refactor and remove old code

* remove accidental go.mod replace

* add missing file

* remove listDetail from ChangesResponse
2022-01-26 10:16:33 +01:00
Fabi
b363ddd707
feat: Iam projection (#3074)
* feat: implement projection for iam and clean up code

* feat: add migration

* fix: remove unused tests

* fix: handler
2022-01-21 08:52:12 +01:00
Silvan
3473156c7e
fix(app): move queries to query package (#2612)
* fix: move queries to query package

* fix(auth): switch project role requests to query pkg

* refactor: delete unused project role code

* remove repo

* implement sql queries

* fix(database): oidc config change type to int2

* fix(queries): implement app queries

* refactor: simplify code

* fix: correct app query

* Update app.go

* fix token check

* fix mock

* test: app prepares

* test: oidc compliance

* test: OIDCOriginAllowList

* fix: converter

* resolve unsupported oidc version

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-11-26 07:57:05 +01:00