Commit Graph

954 Commits

Author SHA1 Message Date
Max Peintner
3500961fbb
fix: add smtp config, remove smtp and sms provider, console adaptations (#3792)
* fix: add AddSMTPConfig to admin api

* addsmtpconfig

* fix: add RemoveSMTPConfig and RemoveSMSProvider to admin api

* update twilio, token fcn

* fix account switcher, twilio token set, cleanup dialog

* cleanup

* buttons

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-06-10 12:39:38 +02:00
Livio Spring
03a77b381e
fix: password check policy correctly (#3787)
* fix: password check policy correctly

* fix: password check policy correctly
2022-06-09 13:48:57 +00:00
Livio Spring
7f34ce1891
fix: allow project grants without roles in database (#3786) 2022-06-09 11:48:54 +02:00
Livio Spring
a377f2816c
feat: return instance domains on list instances, fix: login policy and avatar url in oidc responses (#3785)
* feat: return instance domains on list instances

* fix: filter login policy idps correctly

* remove debug

* fix: absolute avatar url in oidc responses
2022-06-08 13:46:24 +02:00
Livio Spring
ace94917da
test: ensure consistency of TestSpooler_awaitError (#3750) 2022-06-07 11:40:46 +00:00
Max Peintner
233d80502d
fix(console, login): console - ensure permission is available, login - i18n fixes, input borders, lgn-touched script to add class on blur (#3760)
* permission restriction, member, login i18n input borders, secondary text

* add touched js
2022-06-07 09:25:56 +00:00
Livio Spring
5e4b38d69b
fix: improve oidc issuer / endpoints (#3753)
* fix: improve oidc issuer / endpoints

* docs: update endpoints
2022-06-07 10:04:51 +02:00
Livio Amstutz
3a1569bd94
fix: grpc gateway interceptors (#3767) 2022-06-03 12:44:04 +00:00
Livio Amstutz
da1f74fde0
fix: update user sessions after avatar or primary domain change (#3768) 2022-06-03 12:37:24 +00:00
Livio Amstutz
0baaaf8a05
fix: handle default org id (#3769) 2022-06-03 14:30:39 +02:00
Max Peintner
ebb73186b6
fix(console, login): Idp detail and create layout optimization, login - sub formfield link spacing (#3755)
* idp detail, create layout

* fat finger fix

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-06-03 07:20:56 +00:00
Livio Amstutz
6506ce537d
fix: sql error check (#3762) 2022-06-01 16:00:25 +00:00
Livio Amstutz
d65761f388
fix: render only base language in html (#3759) 2022-06-01 15:32:18 +02:00
Livio Amstutz
21a0e4a972
feat: get current label and privacy policies (#3748) 2022-06-01 09:50:28 +02:00
Livio Amstutz
b0436c995b
fix: return correct empty flow if not found (#3749) 2022-06-01 08:11:48 +02:00
Silvan
fb93085430
fix(projection): add missing col to idp login policy links (#3745)
* fix(projection): add missing col to projection

* refactor: method naming
2022-05-31 20:39:37 +02:00
Silvan
ed36680ea1
fix(query): show views and failed events (#3743)
* fix(system): show views and failed events

* fix: set correct database on failed events and views
2022-05-31 16:33:50 +02:00
Max Peintner
e3e0207318
fix: login checkbox contrast, login policy factors, asset urls (#3742)
* checkbox contrast

* idp create before remove, add, asset service

* login policy events

Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-05-31 13:51:21 +00:00
Silvan
16c86149be
fix(current_sequence): no error if not found (#3740) 2022-05-31 11:50:51 +00:00
Livio Amstutz
81c0ca3337
fix: use issuer for jwt profile check on system api (#3741) 2022-05-31 13:11:49 +02:00
Max Peintner
ac65d9d331
fix(login): checkbox, label, container styles (#3732)
fix: checkbox, label styles
2022-05-31 07:20:39 +00:00
Silvan
3513148cf6
fix: SMTP config in defaults (#3736)
* fix(command): create smtp provider cmds after domains

* chore(defaults): add smtp configuration
2022-05-30 17:39:18 +02:00
Livio Amstutz
992892a8bb
fix: read key data for system api users from config (#3731) 2022-05-30 12:53:21 +00:00
Livio Amstutz
b3f50702f8
feat: directly specify factors/idps on addCustomLoginPolicy and return on LoginPolicy responses (#3711)
* feat: directly specify factors on addCustomLoginPolicy and return on LoginPolicy responses

* fix proto

* update login policy

* feat: directly specify idp on addCustomLoginPolicy and return on LoginPolicy responses

* fix: tests

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-05-30 11:51:07 +00:00
Livio Amstutz
2fc39c0da0
feat: system api requires authenticated requests (#3570)
* begin auth

* feat: system api requires authenticated requests

* fix tests
2022-05-30 13:38:30 +02:00
Livio Amstutz
41d78ef523
fix: return absolute url for avatar in user sessions (#3724)
* fix: return absolute url for avatar in user sessions

* fix: refresh token unique constraint
2022-05-30 11:27:52 +00:00
Max Peintner
e79aab3671
fix: login ui for v2 (#3712)
* fix: login ui for v2

* a color

* footer

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-30 09:03:40 +00:00
Livio Amstutz
737e01bfd2
fix: fix and improve primary keys on projections (#3708)
* fix: org_domain projection

* fix: projection reset

* fix test

* improve foreign keys on suffixed tables
2022-05-25 14:15:13 +02:00
Livio Amstutz
79452da7d6
fix: check membership from projection (#3710)
* fix: check membership from projection

* remove authz setup
2022-05-25 14:07:16 +02:00
Alexei-Barnes
09b021b257
feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification

This change fixes Segfault on AWS App Runner with v2 #3625

The change introduces two new dependencies:

* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.

The change ads new configuration (see `defaults.yaml`):

* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.

The new flow for getting a unique machine id is:

1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.

It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.

Misc changes:

* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.

* Update internal/id/config.go

Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>

* Fix authored by @livio-a for tests

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-24 16:57:57 +02:00
Livio Amstutz
e1ee89982a
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00
Livio Amstutz
cf6f4d6894
fix(tracing): parsing of fraction (#3705)
* fix(tracing): parsing of fraction

* log id
2022-05-24 09:18:25 +00:00
mffap
32ccada7a9
chore: more typos (#3688) 2022-05-21 22:41:21 +02:00
swazynski
5a2ffd80dc
chore: "EMail" typo (#3679)
Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-21 11:29:25 +00:00
mffap
4d30d3a7e1
chore: various typos (#3686)
* fix(cli): typo in clis

* chore: fix typos in guides and readme

* markdown lint

* readme typos

* markdown lint

* typos in security.md

* login de

* login en

* console de

* console en

* Apply suggestions from code review

E-Mail instead of Email

Co-authored-by: Florian Forster <florian@caos.ch>

Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-21 10:44:09 +00:00
Florian Forster
0ba165363e
chore: rename docs links (#3668) 2022-05-20 14:32:06 +00:00
Livio Amstutz
62c4a4d08d
fix: return absolute asset urls (#3676) 2022-05-20 10:30:12 +02:00
Livio Amstutz
0906c2d513
fix: CORS on assets api (#3659) 2022-05-19 14:09:02 +00:00
Silvan
a95b1ab3d0
fix(storage): resolve deadlock occuring durring projection (#3671) 2022-05-19 11:44:16 +00:00
Livio Amstutz
c71ccc8a80
fix: improve context handling in projections (#3638)
* fix: improve context handling in projections

* fix tests

* use as of system time for current sequence

* use as of system time for current sequence

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2022-05-19 08:25:19 +00:00
Livio Amstutz
5901991dd3
fix: asset service (CORS and path in console) and user init (#3655)
* fix: asset service (CORS and path in console) and user init

* fix tests

* improve comment
2022-05-18 14:10:49 +02:00
Livio Amstutz
616b31c959
fix: token check and error unwrapping (#3648)
* fix: token check and error unwrapping

* remove unused code
2022-05-18 10:49:16 +02:00
Livio Amstutz
3a63fb765a
fix: cleanup some todos (#3642)
* cleanup todo

* fix: some todos
2022-05-16 16:35:49 +02:00
Fabi
5c0f527a49
feat: restrict smtp sender address (#3637)
* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

* fix: check if sender address is custom domain

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-16 14:08:47 +00:00
Livio Amstutz
411d7c6c5c
feat: add default redirect uri and handling of unknown usernames (#3616)
* feat: add possibility to ignore username errors on first login screen

* console changes

* fix: handling of unknown usernames (#3445)

* fix: handling of unknown usernames

* fix: handle HideLoginNameSuffix on unknown users

* feat: add default redirect uri on login policy (#3607)

* feat: add default redirect uri on login policy

* fix tests

* feat: Console login policy default redirect (#3613)

* console default redirect

* placeholder

* validate default redirect uri

* allow empty default redirect uri

Co-authored-by: Max Peintner <max@caos.ch>

* remove wonrgly cherry picked migration

Co-authored-by: Max Peintner <max@caos.ch>
2022-05-16 13:39:09 +00:00
Livio Amstutz
f1fa74a2c0
fix: loginnames in login and mails (eventstore v1 queries) (#3636)
* fix: loginnames in login and mails (eventstore v1 queries)

* fix: loginnames in login and mails (eventstore v1 queries)
2022-05-16 13:10:10 +00:00
Fabi
c53d5251a7
fix: V2 docs / error messages (#3611)
* docs: rewrite concept section

* docs: add instance to guides

* chore: error messages

* fix: scenarios

* docs: urls

* docs: change images

* docs: change images

* docs: change images

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-16 12:00:33 +00:00
Livio Amstutz
d401439427
fix: unique constraints on instance domain events (#3635) 2022-05-16 11:52:54 +02:00
Fabi
48fbf1a28e
feat: add random string to generated domain (#3634) 2022-05-16 11:26:24 +02:00
Livio Amstutz
4fcf03c9c8
fix: email sender and template (#3633) 2022-05-16 09:52:10 +02:00
Livio Amstutz
024eedc1b5
feat: enable default smtp config on setup (#3622)
* feat: enable default smtp config on setup

* fix tests

* fix channel order

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-05-13 12:13:07 +00:00
Livio Amstutz
5571db3e1b
feat: improve console caching and provide build info (#3621)
* feat: improve console caching and provide build info

* Update info.go
2022-05-13 14:06:44 +02:00
Livio Amstutz
734cfdddae
fix: return userID on org setup (#3623) 2022-05-13 13:54:48 +02:00
Livio Amstutz
f70990709b
fix: allow single parameter in org unique request (#3620) 2022-05-13 11:25:45 +02:00
Fabi
a9f82529ab
fix: add org member (#3599)
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-12 07:34:46 +00:00
Max Peintner
00e042ea44
fix(login): fix avatar.js (#3614) 2022-05-11 08:52:17 +02:00
Max Peintner
d431ccb965
feat(console, login): v2 notification settings, login avatar (#3606)
* instance routing

* instance naming

* org list

* rm isonsystem

* breadcrumb  type

* routing

* instance members

* fragment refresh org

* settings pages

* settings list, sidenav grouping, i18n

* org-settings, policy changes

* lint

* grid

* rename grid

* fallback to general

* cleanup

* general settings, remove cards

* sidenav for settings, label policy

* i18n

* header, nav backbuild

* general, project nav rehaul

* login text background adapt

* org nav anim

* org, instance settings, fix policy layout, roles

* i18n, active route for project

* lint

* notification-settings

* idp create redirect, sms provider create, i18n

* oidc configuration

* settings list

* new avatar colors for login

* cleaner js

* avatar theme login

* remove avatar elevation
2022-05-11 08:01:40 +02:00
Livio Amstutz
94e420bb24
fix: env.json caching, readiness and unique lockerIDs (#3596)
* fix: readiness check

* disable cache for env.json

* always generate unique lockerID

* fix tests
2022-05-04 17:09:49 +02:00
Livio Amstutz
79db247801
feat: set default language on instance (#3594) 2022-05-03 15:58:38 +02:00
Livio Amstutz
06a1b52adf
fix: improve interceptor handling (#3578)
* fix: improve interceptor handling

* fix: improve interceptor handling

Co-authored-by: Florian Forster <florian@caos.ch>
2022-05-02 15:26:54 +00:00
Livio Amstutz
ef6fd5a843
fix: remove 3rd party assets from mail (#3569) 2022-05-02 14:41:57 +00:00
Livio Amstutz
861cf07700
feat: permit all features to every instance and organisation (#3566) 2022-05-02 11:18:17 +02:00
Silvan
a9f71ba08e
fix(command): reset phone on phone write model to empty if removed (#3543) 2022-05-02 11:06:30 +02:00
Livio Amstutz
dc7fdb240b
fix: token verification (don't cache zitadel id system wide) (#3542) 2022-04-29 14:16:23 +02:00
Livio Amstutz
2af3e228e4
feat: set service name in tracing (#3533) 2022-04-28 17:35:56 +02:00
Livio Amstutz
44a2b81bef
feat: enable tracing (#3528) 2022-04-28 14:44:13 +02:00
Livio Amstutz
00f7dbe875
fix: setup instance domain handling (#3529) 2022-04-28 10:30:41 +02:00
Fabi
70e98460ab
fix: refactor system api (#3500)
* fix: refactor system api

* fix: search domains on get instance

* fix: search domains on get instance

* fix: return instance detail

* fix: implement user sorting column (#3469)

* fix: implement user sorting column

* fix: implement user sorting column

* fix: string column

* isOrderByLower

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: user converter import

* Update instance.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-27 15:18:34 +00:00
Livio Amstutz
fd1150f628
fix: check http methods on specific http2 routes (#3527)
* fix: check headers lowercase

* Update .releaserc.js

* fix: check http methods on specific http2 routes
2022-04-27 13:10:44 +02:00
Livio Amstutz
9ffd83af7d
fix: header matcher of grpc-web route (#3524) 2022-04-27 08:10:54 +00:00
Florian Forster
fa9f581d56
chore(v2): move to new org (#3499)
* chore: move to new org

* logging

* fix: org rename caos -> zitadel

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Livio Amstutz
b867eff84c
test: ensure consistency of update multiple sequences test (#3501) 2022-04-26 19:41:11 +00:00
Livio Amstutz
e9e332b909
feat: handle CORS for grpc-web (#3498) 2022-04-26 16:50:41 +02:00
Livio Amstutz
32986aa60a
feat: handle missing trailing slashes for console and login (#3490)
* handle calls without trailing slash

* build redirect uris correctly

* handle missing trailing slash for login

* sentry as http middleware

* import

* fix build origin
2022-04-26 12:13:16 +02:00
Livio Amstutz
7a507fe63c
fix: use correct encryption keys in addHuman and set primary instance domain (#3486)
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-04-25 14:36:10 +00:00
Fabi
0b6eb07e2d
fix: nil pointer on add user (missing phone) (#3487) 2022-04-25 14:30:25 +00:00
Livio Amstutz
2c4799c223
feat: complete dynamic domain handling (#3482)
* feat: dynamic issuer

* feat: default language from context

* remove zitadel docs from defaults

* remove ConsoleOverwriteDir

* remove notification endpoints from defaults

* custom domains in emails

* remove (external) domain

* external domain completely removed, console handling fixed

* fix test

* fix defaults.yaml
2022-04-25 11:16:36 +02:00
Livio Amstutz
75ec73ca4a
feat: dynamic issuer (#3481)
* feat: dynamic issuer

* dynamic domain handling

* key rotation durations

* feat: dynamic issuer

* make webauthn displayname dynamic
2022-04-25 10:01:17 +02:00
Fabi
3d5891eb11
feat: System api (#3461)
* feat: start system api

* feat: remove auth

* feat: change gitignore

* feat: run system api

* feat: remove clear view form admin api

* feat: search instances

* feat: add instance

* fix: set primary domain

* Update .gitignore

* fix: add instance

* fix: add instance

* fix: handle errors

* fix: handle instance name

* fix: test

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-21 12:37:39 +02:00
Livio Amstutz
a7816a43b1
refactor: remove commandNew struct (#3465)
* refactor: remove commandNew struct

* requested fixes
2022-04-20 14:59:37 +00:00
Livio Amstutz
1305c14e49
feat: handle instanceID in projections (#3442)
* feat: handle instanceID in projections

* rename functions

* fix key lock

* fix import
2022-04-19 08:26:12 +02:00
Fabi
c25d853820
feat: Instance domains (#3444)
* feat: add domain list

* feat: domain tests

* feat: add redirect url on adding instance domain

* Update internal/command/instance_domain.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* feat: remove unused code

* fix

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-14 12:19:18 +00:00
Fabi
820a21dce3
feat: validate org domains (#3387)
* feat: validate org domain command side

* feat: validate org domain query side

* fix: create domain policy

* feat: add reading domain policy on addorg domain
2022-04-13 11:24:03 +02:00
Silvan
db554536a1
fix: v2 setup sequence (#3437)
* add/register human command done

* validations

* crypto

* move clientid

* keys

* fix: clientID

* remove v2 package

* tests

* tests running

* fix: add init instance to eventstore

* fix: mig

* test(eventstore): create instance

* revert old code

* instance domain from ctx

* chore: rename zitadel app ids

* comments

* fix: test

* fix: mock

* fix: test
2022-04-13 05:42:48 +00:00
Silvan
cea2567e22
fix: v2 human command (#3435)
* add/register human command done

* validations

* crypto

* move clientid

* keys

* fix: clientID

* remove v2 package

* tests

* tests running

* revert old code

* instance domain from ctx

* chore: rename zitadel app ids

* comments

* fix: test
2022-04-12 16:20:17 +02:00
Livio Amstutz
4a0d61d75a
feat: store assets in database (#3290)
* feat: use database as asset storage

* being only uploading assets if allowed

* tests

* fixes

* cleanup after merge

* renaming

* various fixes

* fix: change to repository event types and removed unused code

* feat: set default features

* error handling

* error handling and naming

* fix tests

* fix tests

* fix merge

* rename
2022-04-06 06:13:40 +00:00
Livio Amstutz
b949b8fc65
chore(deps): update oidc to 1.2.0 (#3363)
* chore(deps): update oidc to 1.2.0

* add comment
2022-04-05 07:22:00 +00:00
Fabi
c740ee5d81
feat: Instance commands (#3385)
* fix: add events for domain

* fix: add/remove domain command side

* fix: add/remove domain command side

* fix: add/remove domain query side

* fix: create instance

* fix: merge v2

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from api

* fix: remove domain.IAMID

* fix: remove domain.IAMID

* fix: add instance domain queries

* fix: fix after merge

* Update auth_request.go

* fix keypair

* remove unused code

* feat: read instance id from context

* feat: remove unused code

* feat: use instance id from context

* some fixes

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-05 05:58:09 +00:00
Livio Amstutz
5112aae177
feat: embed console into go binary (#3391) 2022-04-04 09:51:35 +02:00
Livio Amstutz
87560157c1
fix: change to repository event types and removed unused code (#3386)
* fix: change to repository event types and removed unused code

* some fixes

* remove unused code
2022-03-31 11:36:26 +02:00
Elio Bischof
55af4a18a2
feat: ensure google cloud run compatibility (#3388)
* feat: ensure google cloud run compatibility

* from scratch docker image

* fall back to cloud run container id for sonyflake
2022-03-31 10:49:08 +02:00
Livio Amstutz
958362e6c9
feat: handle instance from context (#3382)
* commander

* commander

* selber!

* move to packages

* fix(errors): implement Is interface

* test: command

* test: commands

* add init steps

* setup tenant

* add default step yaml

* possibility to set password

* merge v2 into v2-commander

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: search query builder can filter events in memory

* fix: filters for add member

* fix(setup): add `ExternalSecure` to config

* chore: name iam to instance

* fix: matching

* remove unsued func

* base url

* base url

* test(command): filter funcs

* test: commands

* fix: rename orgiampolicy to domain policy

* start from init

* commands

* config

* fix indexes and add constraints

* fixes

* fix: merge conflicts

* fix: protos

* fix: md files

* setup

* add deprecated org iam policy again

* typo

* fix search query

* fix filter

* Apply suggestions from code review

* remove custom org from org setup

* add todos for verification

* change apps creation

* simplify package structure

* fix error

* move preparation helper for tests

* fix unique constraints

* fix config mapping in setup

* fix error handling in encryption_keys.go

* fix projection config

* fix query from old views to projection

* fix setup of mgmt api

* set iam project and fix instance projection

* fix tokens view

* fix steps.yaml and defaults.yaml

* fix projections

* change instance context to interface

* instance interceptors and additional events in setup

* cleanup

* tests for interceptors

* fix label policy

* add todo

* single api endpoint in environment.json

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-29 11:53:19 +02:00
Silvan
c5b99274d7
feat(cli): setup (#3267)
* commander

* commander

* selber!

* move to packages

* fix(errors): implement Is interface

* test: command

* test: commands

* add init steps

* setup tenant

* add default step yaml

* possibility to set password

* merge v2 into v2-commander

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: search query builder can filter events in memory

* fix: filters for add member

* fix(setup): add `ExternalSecure` to config

* chore: name iam to instance

* fix: matching

* remove unsued func

* base url

* base url

* test(command): filter funcs

* test: commands

* fix: rename orgiampolicy to domain policy

* start from init

* commands

* config

* fix indexes and add constraints

* fixes

* fix: merge conflicts

* fix: protos

* fix: md files

* setup

* add deprecated org iam policy again

* typo

* fix search query

* fix filter

* Apply suggestions from code review

* remove custom org from org setup

* add todos for verification

* change apps creation

* simplify package structure

* fix error

* move preparation helper for tests

* fix unique constraints

* fix config mapping in setup

* fix error handling in encryption_keys.go

* fix projection config

* fix query from old views to projection

* fix setup of mgmt api

* set iam project and fix instance projection

* imports

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-28 10:05:09 +02:00
Fabi
9d4f296c62
fix: rename iam to instance (#3345)
* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename orgiampolicy to domain policy

* fix: merge conflicts

* fix: protos

* fix: md files

* implement deprecated org iam policy again

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-24 16:21:34 +00:00
Livio Amstutz
504fe5b761
cherry pick changes from main (#3371)
* feat: remove exif data from uploaded images (#3221)

* feat: remove exif tags from images

* feat: remove exif data

* feat: remove exif

* fix: add preferredLoginName to user grant response (#3271)

* chore: log webauthn parse error (#3272)

* log error

* log error

* feat: Help link in privacy policy

* fix: convert correct detail data on organization (#3279)

* fix: handle empty editor users

* fix: add some missing translations (#3291)

* fix: org policy translations

* fix: metadata event types translation

* fix: translations

* fix: filter resource owner correctly on project grant members (#3281)

* fix: filter resource owner correctly on project grant members

* fix: filter resource owner correctly on project grant members

* fix: add orgIDs to zitadel permissions request

Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>

* fix: get IAM memberships correctly in MyZitadelPermissions (#3309)

* fix: correct login names on auth and notification users (#3349)

* fix: correct login names on auth and notification users

* fix: migration

* fix: handle resource owner in action flows (#3361)

* fix merge

* fix: exchange exif library (#3366)

* fix: exchange exif library

* ignore tiffs

* requested fixes

* feat: Help link in privacy policy

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-24 14:00:24 +01:00
Livio Amstutz
56b916a2b0
feat: projections auto create their tables (#3324)
* begin init checks for projections

* first projection checks

* debug notification providers with query fixes

* more projections and first index

* more projections

* more projections

* finish projections

* fix tests (remove db name)

* create tables in setup

* fix logging / error handling

* add tenant to views

* rename tenant to instance_id

* add instance_id to all projections

* add instance_id to all queries

* correct instance_id on projections

* add instance_id to failed_events

* use separate context for instance

* implement features projection

* implement features projection

* remove unique constraint from setup when migration failed

* add error to failed setup event

* add instance_id to primary keys

* fix IAM projection

* remove old migrations folder

* fix keysFromYAML test
2022-03-23 09:02:39 +01:00
Fabi
5132ebe07c
feat: add tenant column to eventstore (#3314)
* feat: add tenant column to eventstore

* feat: read tenant from context on push and filter

* Update 07_events_table.sql

* pass tenant to queryFactory

* fix some query tests

* init in tests

* add missing sql files

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-15 07:19:02 +01:00
Livio Amstutz
5463244376
feat: encryption keys in database (#3265)
* enable overwrite of adminUser fields in defaults.yaml

* create schema and table

* cli: create keys

* cli: create keys

* read encryptionkey from db

* merge v2

* file names

* cleanup defaults.yaml

* remove custom errors

* load encryptionKeys on start

* cleanup

* fix merge

* update system defaults

* fix error message
2022-03-14 07:55:09 +01:00
Fabi
7899a0b851
feat: Notification providers config (#3212)
* feat: add login check lifetimes to login policy

* feat: org features test

* feat: debug notificatiaon events

* feat: debug notification file/log commands

* feat: add requests to proto

* feat: add api for debug notification providers file/log

* feat: add projection for debug notifiication providers

* feat: requests

* feat: merge v2

* feat: add settings proto to generate

* feat: notifiaction providers

* fix: remove unused code

* Update iam_converter.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-07 14:22:37 +01:00
Fabi
7d6c933485
feat: OIDC setting (#3245)
* feat: add oidc config struct

* feat: oidc config command side

* feat: oidc configuration query side

* feat: add translations

* feat: add tests

* feat: add translations

* feat: rename oidc config to oidc settings

* feat: rename oidc config to oidc settings
2022-02-25 16:05:06 +01:00
Fabi
f05d4063bf
feat: Login verification lifetimes (#3190)
* feat: add login check lifetimes to login policy

* feat: org features test

* feat: read lifetimes from loginpolicy
2022-02-21 16:05:02 +01:00
Fabi
7d235e3eed
feat: Default configs sms provider (#3187)
* feat: sms config

* feat: twilio as sms provider

* feat:sms projection

* feat: sms queries

* feat: sms queries test

* feat: sms configs

* feat: sms configs sql file

* fix merge

* fix: rename from to sendername

* fix: proto comments

* fix: token as crypto

* fix: tests

* fix: sms config sender name to sender number

* fix: sms config sender name to sender number

* Update email.go

* Update channel.go

* Update V1.111__settings.sql

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-21 12:22:20 +00:00
Fabi
e3528ff0b2
feat: Config to eventstore (#3158)
* feat: add default language to eventstore

* feat: add secret generator configs events

* feat: tests

* feat: secret generators in eventstore

* feat: secret generators in eventstore

* feat: smtp config in eventstore

* feat: smtp config in eventstore

* feat: smtp config in eventstore

* feat: smtp config in eventstore

* feat: smtp config in eventstore

* fix: migrations

* fix migration version

* fix test

* feat: change secret generator type to enum

* feat: change smtp attribute names

* feat: change smtp attribute names

* feat: remove engryption algorithms from command side

* feat: remove engryption algorithms from command side

* feat: smtp config

* feat: smtp config

* format smtp from header

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-16 15:49:17 +00:00
Silvan
4272ea6fe1
fix: init sub commands (#3218)
* fix(init): add sub commands

* fix(init): admin user in config,
test(init): verify functions

* refactor: config, remove second commands

* refactor: init steps

* chore: fix link in readme

* chore: numerate sql files

* Update cmd/admin/initialise/sql/README.md

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update cmd/admin/initialise/sql/README.md

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix(init): remove unused index

* user

* fix database username in defaults.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-16 12:30:49 +00:00
Livio Amstutz
389eb4a27a
feat: run on a single port (#3163)
* start v2

* start

* run

* some cleanup

* remove v2 pkg again

* simplify

* webauthn

* remove unused config

* fix login path in Dockerfile

* fix asset_generator.go

* health handler

* fix grpc web

* refactor

* merge

* build new main.go

* run new main.go

* update logging pkg

* fix error msg

* update logging

* cleanup

* cleanup

* go mod tidy

* change localDevMode

* fix customEndpoints

* update logging

* comments

* change local flag to external configs

* fix location generated go code

* fix

Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 17:22:30 +01:00
Livio Amstutz
5d4351f47c
feat: merge main into v2 (#3193)
* feat(console): personal access tokens (#3185)

* token dialog, pat module

* pat components

* i18n, warn dialog, add token dialog

* cleanup dialog

* clipboard

* return creationDate of pat

* i18n

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix(cockroach): update to 21.2.5 (#3189)

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2022-02-11 13:33:31 +01:00
Silvan
b44b48fa1e
fix(init): flags (#3192) 2022-02-11 11:52:50 +01:00
Silvan
e8ab237ada
fix(init): prepare database (#3191)
* fix(init): prepare database

* fix(defaults): cockroach local defaults
2022-02-11 11:02:47 +01:00
Silvan
9d471d0d30
feat(cli): init cli (#3186)
* feat(cli): initilize cli

* fix(config): allow multiple files

* refactor(cli): constructor naming

* go mod tidy

* refactor: move code out of v2 package

* chore: logging v0.1

* chore: remove old gitignore

* fix func

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-09 15:01:19 +01:00
Livio Amstutz
699fdaf68e
feat: add personal access tokens for service users (#2974)
* feat: add machine tokens

* fix test

* rename to pat

* fix merge and tests

* fix scopes

* fix migration version

* fix test

* Update internal/repository/user/personal_access_token.go

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-02-08 09:37:28 +01:00
Livio Amstutz
78af86db98
fix: checkAdditionalActionAllowed for unlimited (#3165) 2022-02-07 10:36:18 +01:00
Livio Amstutz
ab62f2d79d
fix: return full url of assets in admin and mgmt api (#3157)
* fix: return full url of assets in admin and mgmt api

* remove asset loading over asset service

* remove unused code

Co-authored-by: Max Peintner <max@caos.ch>
2022-02-04 15:02:18 +01:00
Fabi
31bdd3f431
feat: reset custom texts on IAM (#3160)
* fix: only show factors with state ready

* fix: get iam by id and clean up code

* fix: get iam by id and clean up code

* fix: remove unused code

* feat: add message template remove func to admin api

* fix: proto texts

* fix: proto texts
2022-02-04 10:25:25 +01:00
Fabi
9b1e0730d7
fix: translation (#3156)
* fix: translation

* fix: translation

* fix: translation
2022-02-03 09:12:28 +01:00
Max Peintner
bd2e7d8133
fix(console): static assets, edit csp (#3153)
* fix: static font, icons

* mat icon package

* csp

* lint

* rm csp line
2022-02-03 07:21:00 +01:00
Livio Amstutz
1367a2e139
feat: limit amount of active actions (#3143)
* max actions

* fix: max allowed actions

* fix: max allowed actions

* fix tests
2022-02-02 09:04:05 +01:00
Livio Amstutz
585ebf9a81
fix: user search with login_name (e.g. password reset) (#3149) 2022-02-02 08:21:54 +01:00
Livio Amstutz
f96f62a1ab
fix: set correct state of idp in old view (#3148)
* fix: set correct state of idp in old view

* add italian to language selection in login
2022-02-01 18:12:18 +01:00
Livio Amstutz
bf6cb59b87
fix: list IDPs on Org (#3141)
* fix: idp query

* fix: remove failed events
2022-02-01 08:32:59 +01:00
Livio Amstutz
990be687c0
fix: handle first key rotation on newly created instance (#3118) 2022-01-28 08:24:34 +00:00
Livio Amstutz
e99b7f4972
fix: move activity log to queries and remove old code (#3096)
* move changes to queries and remove old code

* fix changes query

* remove unused code

* fix sorting

* fix sorting

* refactor and remove old code

* remove accidental go.mod replace

* add missing file

* remove listDetail from ChangesResponse
2022-01-26 10:16:33 +01:00
Livio Amstutz
52da2354a3
fix: set gender correctly in userinfo (#3112) 2022-01-25 16:00:38 +01:00
Fabi
ce53fe7814
fix: user with state initial can only be deleted not deactivated (#3110) 2022-01-25 11:54:36 +01:00
Livio Amstutz
542651707a
fix: state on user projection (#3109)
* fix: state on user projection

* fix: state on user projection

* don't change user state on HumanEmailVerifiedEvent
2022-01-25 11:35:38 +01:00
Fabi
b64b5d89ec
fix: send preferred login name on init user mail (#3105)
* fix: send preferred login name on init user

* trigger gh actions

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-24 15:22:27 +01:00
Fabi
01501c5087
feat: iam query (#3085)
* fix: only show factors with state ready

* fix: get iam by id and clean up code

* fix: get iam by id and clean up code

* fix: remove unused code
2022-01-21 14:01:25 +01:00
Livio Amstutz
37d8e23186
fix: nil pointer in my user changes (#3086) 2022-01-21 12:29:40 +00:00
Livio Amstutz
5af7d8315d
fix: metadata query (#3084) 2022-01-21 10:30:43 +00:00
Livio Amstutz
3ee3b8f6d3
fix: internal api health check (#3083) 2022-01-21 09:32:51 +00:00
Fabi
2592383a7c
fix: only show factors with state ready (#3081) 2022-01-21 08:27:57 +00:00
Fabi
b363ddd707
feat: Iam projection (#3074)
* feat: implement projection for iam and clean up code

* feat: add migration

* fix: remove unused tests

* fix: handler
2022-01-21 08:52:12 +01:00
Livio Amstutz
44d78df4d4
feat: user query (#3075)
* user queries

* user query

* user query

* user tests

* remove old code

* user metadata

* cleanup

* fix merge

* cleanup

* cleanup

* fixes
2022-01-20 14:40:25 +00:00
Fabi
087ef8d31c
fix: return isDefault on login texts (#3076)
* fix: add is disabled to login texts

* fix: fix aggregate id
2022-01-20 13:18:49 +00:00
Fabi
5c6df06a7c
feat: auth method query side (#3068)
* feat: queries for searching mfas and passwordless

* feat: tests for user auth method queries

* Update internal/api/grpc/auth/multi_factor.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/api/grpc/auth/passwordless.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/api/grpc/management/user.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/api/grpc/management/user.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-20 13:21:59 +01:00
Livio Amstutz
24aef8d16e
fix: cascading changes for usergrants when managing projects / projectgrants (#3035) 2022-01-20 08:33:51 +01:00
Fabi
eaaf76a6eb
fix: default message text query (#3064) 2022-01-19 15:13:04 +01:00
Fabi
3902f9adb5
feat: auth method projection (#3020)
* feat: auth method projection

* feat: auth method projection

* feat: add tests
2022-01-19 14:49:50 +01:00
Livio Amstutz
c2e6fd8f40
fix(query): add user metadata projection (#3021)
* fix: add metadata projection

* cleanup
2022-01-18 14:15:00 +01:00
Fabi
456d32dd0d
fix: show registration overview (#3002)
* fix: show registration overview

* fix: render error page to avoid possible loop
2022-01-18 08:46:31 +01:00
Silvan
c542cab4f8
feat(queries): user grants (#2838)
* refactor(domain): add user type

* fix(projections): start with login names

* fix(login_policy): correct handling of user domain claimed event

* fix(projections): add members

* refactor: simplify member projections

* add migration for members

* add metadata to member projections

* refactor: login name projection

* fix: set correct suffixes on login name projections

* test(projections): login name reduces

* fix: correct cols in reduce member

* test(projections): org, iam, project members

* member additional cols and conds as opt,
add project grant members

* fix(migration): members

* fix(migration): correct database name

* migration version

* migs

* better naming for member cond and col

* split project and project grant members

* prepare member columns

* feat(queries): membership query

* test(queries): membership prepare

* fix(queries): multiple projections for latest sequence

* fix(api): use query for membership queries in auth and management

* feat: org member queries

* fix(api): use query for iam member calls

* fix(queries): org members

* fix(queries): project members

* fix(queries): project grant members

* fix(query): member queries and user avatar column

* member cols

* fix(queries): membership stmt

* fix user test

* fix user test

* fix(projections): add user grant projection

* fix(user_grant): handle state changes

* add state to migration

* fix(management): use query for user grant requests

* merge eventstore-naming into user-grant-projection

* feat(queries): user grants

* fix(migrations): version

* fix(api): user query for user grants

* fix(query): event mappers for usergrant aggregate

* fix(projection): correct aggregate for user grants

* fix(queries): user grant roles as list contains

* cleanup reducers

* fix avater_key to avatar_key

* tests

* cleanup

* cleanup

* add resourceowner query

* fix: user grant project name search query

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-01-14 09:45:50 +00:00
Silvan
a63a995269
fix(projections): add user grant projection (#2837)
* refactor(domain): add user type

* fix(projections): start with login names

* fix(login_policy): correct handling of user domain claimed event

* fix(projections): add members

* refactor: simplify member projections

* add migration for members

* add metadata to member projections

* refactor: login name projection

* fix: set correct suffixes on login name projections

* test(projections): login name reduces

* fix: correct cols in reduce member

* test(projections): org, iam, project members

* member additional cols and conds as opt,
add project grant members

* fix(migration): members

* fix(migration): correct database name

* migration version

* migs

* better naming for member cond and col

* split project and project grant members

* prepare member columns

* feat(queries): membership query

* test(queries): membership prepare

* fix(queries): multiple projections for latest sequence

* fix(api): use query for membership queries in auth and management

* feat: org member queries

* fix(api): use query for iam member calls

* fix(queries): org members

* fix(queries): project members

* fix(queries): project grant members

* fix(query): member queries and user avatar column

* member cols

* fix(queries): membership stmt

* fix user test

* fix user test

* fix(projections): add user grant projection

* fix(user_grant): handle state changes

* add state to migration

* merge eventstore-naming into user-grant-projection

* fix(migrations): version

* fix(query): event mappers for usergrant aggregate

* fix(projection): correct aggregate for user grants

* cleanup reducers

* add tests for projection

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 11:02:39 +01:00
Silvan
b8bec25129
fix: use query side for requests (#2818)
* refactor(domain): add user type

* fix(projections): start with login names

* fix(login_policy): correct handling of user domain claimed event

* fix(projections): add members

* refactor: simplify member projections

* add migration for members

* add metadata to member projections

* refactor: login name projection

* fix: set correct suffixes on login name projections

* test(projections): login name reduces

* fix: correct cols in reduce member

* test(projections): org, iam, project members

* member additional cols and conds as opt,
add project grant members

* fix(migration): members

* fix(migration): correct database name

* migration version

* migs

* better naming for member cond and col

* split project and project grant members

* prepare member columns

* feat(queries): membership query

* test(queries): membership prepare

* fix(queries): multiple projections for latest sequence

* fix(api): use query for membership queries in auth and management

* feat: org member queries

* fix(api): use query for iam member calls

* fix(queries): org members

* fix(queries): project members

* fix(queries): project grant members

* refactor: remove unsued methods in repo-interfaces

* start

* fix(query): membership

* fix(auth): list my project orgs

* fix(query): member queries and user avatar column

* refactor(auth): MyProjectOrgs

* fix(queries): member and membership stmts

* fix user test

* fix(management): use query for project (-grant) members

* fix(admin): use query for member calls

* fix(api): add domain to org mapping

* remove old idp

* membership

* refactor: remove old files

* idp

* refactor: use query for idps and idp user links

* refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter

* gloabl org check for org roles

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 08:58:14 +01:00
Livio Amstutz
3d14653a08
fix: panics (#2993)
* add missing return

Signed-off-by: Livio Amstutz <livio.a@gmail.com>

* add nil pointer check

Signed-off-by: Livio Amstutz <livio.a@gmail.com>
2022-01-12 15:31:11 +01:00
Livio Amstutz
9ab566fdeb
fix(query): keys (#2755)
* fix: add keys to projections

* change to multiple tables

* query keys

* query keys

* fix race condition

* fix timer reset

* begin tests

* tests

* remove migration

* only send to keyChannel if not nil
2022-01-12 13:22:04 +01:00
Fabi
41ec3321b0
fix: username mapping of idp (#2977)
* docs: add primary domain scope section to identity brokering guide

* fix: register overview

* Update external_register_overview.html

* fix mapping

* fix html

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-11 16:59:12 +00:00
Livio Amstutz
2355fcb7cf
fix: handle domain remove correctly (#2978) 2022-01-11 11:00:42 +00:00
Fabi
d03cab22c0
fix: select account styling (#2970)
* fix: account selection

* fix: styling of disabled accounts

* fix: styling of disabled accounts

* fix: don't show disabled accounts

* fix: remove unused css

* fix: remove unused css

* fix: remove unused css

* fix: don't show non selectable users

* fix: test
2022-01-10 16:36:31 +01:00
Fabi
e624047d60
fix: account selection (#2926)
* fix: account selection

* fix: styling of disabled accounts

* fix: styling of disabled accounts

* fix: don't show disabled accounts

* fix: remove unused css

* fix: remove unused css

* fix: remove unused css
2022-01-06 15:01:37 +01:00
Elio Bischof
aa2a1848da
feat: add stdout and filesystem notification channels (#2925)
* feat: add filesystem and stdout notification channels

* configure through env vars

* compile

* feat: add compact option for debug notification channels

* fix channel mock generation

* avoid sensitive information in error message

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* add review improvements

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-06 09:00:24 +01:00
Livio Amstutz
19b095e6c2
fix: check resourceowner not empty string (#2922)
* fix: check resourceowner not empty string

* fix test

* fix tests

* fix tests of command pkg

* enable RoleSelfManagementGlobal as org member role

* fix tests of query pkg

* Update eventstore_test.go

* update docusaurus
2022-01-06 08:29:58 +01:00