Stefan Benz
2957407b5b
fix: correct oidcsettings management ( #4413 )
...
* fix(oidcsettings): corrected projection, unittests and added the add endpoint
* fix(oidcsettings): corrected default handling and instance setup
* fix: set oidc settings correctly in console
* cleanup
* e2e test
* improve e2e test
* lint e2e
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-09-27 12:53:49 +02:00
Silvan
84b20bc4e1
fix(auth): always get token by id and user id ( #4371 )
...
Co-authored-by: Florian Forster <florian@zitadel.com>
2022-09-15 12:59:40 +00:00
Livio Spring
c15577c1f9
fix: use default redirect uri when not passed on end_session endpoint ( #4054 )
...
* fix: use default redirect uri when not passed on end_session endpoint
* instance state
2022-07-27 09:49:16 +02:00
Silvan
dd2f31683c
fix(query): realtime data on defined requests ( #3726 )
...
* feat: directly specify factors on addCustomLoginPolicy and return on LoginPolicy responses
* fix proto
* update login policy
* feat: directly specify idp on addCustomLoginPolicy and return on LoginPolicy responses
* fix: tests
* fix(projection): trigger bulk
* refactor: clean projection pkg
* instance should bulk
* fix(query): should trigger bulk on id calls
* tests
* build prerelease
* fix: add shouldTriggerBulk
* fix: test
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
2022-06-14 07:51:00 +02:00
Livio Amstutz
3a63fb765a
fix: cleanup some todos ( #3642 )
...
* cleanup todo
* fix: some todos
2022-05-16 16:35:49 +02:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Livio Amstutz
75ec73ca4a
feat: dynamic issuer ( #3481 )
...
* feat: dynamic issuer
* dynamic domain handling
* key rotation durations
* feat: dynamic issuer
* make webauthn displayname dynamic
2022-04-25 10:01:17 +02:00
Fabi
c740ee5d81
feat: Instance commands ( #3385 )
...
* fix: add events for domain
* fix: add/remove domain command side
* fix: add/remove domain command side
* fix: add/remove domain query side
* fix: create instance
* fix: merge v2
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from api
* fix: remove domain.IAMID
* fix: remove domain.IAMID
* fix: add instance domain queries
* fix: fix after merge
* Update auth_request.go
* fix keypair
* remove unused code
* feat: read instance id from context
* feat: remove unused code
* feat: use instance id from context
* some fixes
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-05 05:58:09 +00:00
Livio Amstutz
87560157c1
fix: change to repository event types and removed unused code ( #3386 )
...
* fix: change to repository event types and removed unused code
* some fixes
* remove unused code
2022-03-31 11:36:26 +02:00
Livio Amstutz
958362e6c9
feat: handle instance from context ( #3382 )
...
* commander
* commander
* selber!
* move to packages
* fix(errors): implement Is interface
* test: command
* test: commands
* add init steps
* setup tenant
* add default step yaml
* possibility to set password
* merge v2 into v2-commander
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: search query builder can filter events in memory
* fix: filters for add member
* fix(setup): add `ExternalSecure` to config
* chore: name iam to instance
* fix: matching
* remove unsued func
* base url
* base url
* test(command): filter funcs
* test: commands
* fix: rename orgiampolicy to domain policy
* start from init
* commands
* config
* fix indexes and add constraints
* fixes
* fix: merge conflicts
* fix: protos
* fix: md files
* setup
* add deprecated org iam policy again
* typo
* fix search query
* fix filter
* Apply suggestions from code review
* remove custom org from org setup
* add todos for verification
* change apps creation
* simplify package structure
* fix error
* move preparation helper for tests
* fix unique constraints
* fix config mapping in setup
* fix error handling in encryption_keys.go
* fix projection config
* fix query from old views to projection
* fix setup of mgmt api
* set iam project and fix instance projection
* fix tokens view
* fix steps.yaml and defaults.yaml
* fix projections
* change instance context to interface
* instance interceptors and additional events in setup
* cleanup
* tests for interceptors
* fix label policy
* add todo
* single api endpoint in environment.json
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-29 11:53:19 +02:00
Livio Amstutz
504fe5b761
cherry pick changes from main ( #3371 )
...
* feat: remove exif data from uploaded images (#3221 )
* feat: remove exif tags from images
* feat: remove exif data
* feat: remove exif
* fix: add preferredLoginName to user grant response (#3271 )
* chore: log webauthn parse error (#3272 )
* log error
* log error
* feat: Help link in privacy policy
* fix: convert correct detail data on organization (#3279 )
* fix: handle empty editor users
* fix: add some missing translations (#3291 )
* fix: org policy translations
* fix: metadata event types translation
* fix: translations
* fix: filter resource owner correctly on project grant members (#3281 )
* fix: filter resource owner correctly on project grant members
* fix: filter resource owner correctly on project grant members
* fix: add orgIDs to zitadel permissions request
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: get IAM memberships correctly in MyZitadelPermissions (#3309 )
* fix: correct login names on auth and notification users (#3349 )
* fix: correct login names on auth and notification users
* fix: migration
* fix: handle resource owner in action flows (#3361 )
* fix merge
* fix: exchange exif library (#3366 )
* fix: exchange exif library
* ignore tiffs
* requested fixes
* feat: Help link in privacy policy
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-24 14:00:24 +01:00
Livio Amstutz
56b916a2b0
feat: projections auto create their tables ( #3324 )
...
* begin init checks for projections
* first projection checks
* debug notification providers with query fixes
* more projections and first index
* more projections
* more projections
* finish projections
* fix tests (remove db name)
* create tables in setup
* fix logging / error handling
* add tenant to views
* rename tenant to instance_id
* add instance_id to all projections
* add instance_id to all queries
* correct instance_id on projections
* add instance_id to failed_events
* use separate context for instance
* implement features projection
* implement features projection
* remove unique constraint from setup when migration failed
* add error to failed setup event
* add instance_id to primary keys
* fix IAM projection
* remove old migrations folder
* fix keysFromYAML test
2022-03-23 09:02:39 +01:00
Livio Amstutz
699fdaf68e
feat: add personal access tokens for service users ( #2974 )
...
* feat: add machine tokens
* fix test
* rename to pat
* fix merge and tests
* fix scopes
* fix migration version
* fix test
* Update internal/repository/user/personal_access_token.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-02-08 09:37:28 +01:00
Livio Amstutz
9ab566fdeb
fix(query): keys ( #2755 )
...
* fix: add keys to projections
* change to multiple tables
* query keys
* query keys
* fix race condition
* fix timer reset
* begin tests
* tests
* remove migration
* only send to keyChannel if not nil
2022-01-12 13:22:04 +01:00
Livio Amstutz
57368d151b
fix: assert roles when using refresh token ( #2868 )
2021-12-17 16:11:18 +01:00
Silvan
3473156c7e
fix(app): move queries to query package ( #2612 )
...
* fix: move queries to query package
* fix(auth): switch project role requests to query pkg
* refactor: delete unused project role code
* remove repo
* implement sql queries
* fix(database): oidc config change type to int2
* fix(queries): implement app queries
* refactor: simplify code
* fix: correct app query
* Update app.go
* fix token check
* fix mock
* test: app prepares
* test: oidc compliance
* test: OIDCOriginAllowList
* fix: converter
* resolve unsupported oidc version
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-11-26 07:57:05 +01:00
Silvan
a34ca05691
fix(auth): switch project role requests to query pkg ( #2613 )
2021-11-04 13:46:15 +01:00
Livio Amstutz
3a7d68fccd
fix: error handling for refresh_token revocation ( #2609 )
2021-11-03 14:10:01 +01:00
Livio Amstutz
fc6154cffc
feat: token revocation and OP certification ( #2594 )
...
* fix: try using only user session if no user is set (id_token_hint) on prompt none
* fix caos errors As implementation
* implement request mode
* return explicit error on invalid refresh token use
* begin token revocation
* token revocation
* tests
* tests
* cleanup
* set op config
* add revocation endpoint to config
* add revocation endpoint to config
* migration version
* error handling in token revocation
* migration version
* update oidc lib to 1.0.0
2021-11-03 08:35:24 +01:00
Silvan
3d865b3178
fix(auth): improve sign out handling ( #2030 )
...
* fix(auth): create index on token table
* only terminate active sessions
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-07-19 15:12:00 +02:00
Livio Amstutz
10cae58505
fix: log error reason on terminate session ( #1973 )
2021-07-08 13:55:21 +02:00
Livio Amstutz
bf4c4d881d
fix: access tokens for service users and refresh token infos ( #1779 )
...
* fix: access token for service user
* handle info from refresh request
* uniqueness
* postpone access token uniqueness change
2021-05-26 09:01:07 +02:00
Livio Amstutz
ec5020bebc
feat: refresh token ( #1728 )
...
* begin refresh tokens
* refresh tokens
* list and revoke refresh tokens
* handle remove
* tests for refresh tokens
* uniqueness and default expiration
* rename oidc token methods
* cleanup
* migration version
* Update internal/static/i18n/en.yaml
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fixes
* feat: update oidc pkg for refresh tokens
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2021-05-20 11:33:35 +00:00
Livio Amstutz
2d65b94df3
fix: handle possible nil pointer ( #1491 )
2021-03-29 14:50:58 +02:00
Livio Amstutz
57b277bc7c
fix: improve key rotation ( #1328 )
...
* fix: improve key rotation
* update oidc pkg version
2021-02-23 08:32:00 +01:00
Silvan
00fec8830a
fix: push events ( #1262 )
...
* fix: push events instead of aggregates
* fix: tests
* try without aggregate methods and with aggregate methods
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: change push aggregate to push events
* fix: client secret
* fix: query eventtypes
* fix: query eventtypes
* fix: eventstore index
* fix: index
* fix: merge new eventstore
* fix: remove unnecessary todos
* fix: remove unnecessary todos
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2021-02-18 14:48:27 +01:00
Fabi
3bc3ef1f2c
fix: add register org and key pairs ( #1275 )
2021-02-12 16:51:12 +01:00
Fabi
320679467b
feat: User login commands ( #1228 )
...
* feat: change login to command side
* feat: change login to command side
* fix: fix push on user
* feat: user command side
* feat: sign out
* feat: command side login
* feat: command side login
* feat: fix register user
* feat: fix register user
* feat: fix web auth n events
* feat: add machine keys
* feat: send codes
* feat: move authrequest to domain
* feat: move authrequest to domain
* feat: webauthn working
* feat: external users
* feat: external users login
* feat: notify users
* fix: tests
* feat: cascade remove user grants on project remove
* fix: webauthn
* fix: pr requests
* fix: register human with member
* fix: fix bugs
* fix: fix bugs
2021-02-08 11:30:30 +01:00
Fabi
6b3f5b984c
feat: metrics ( #1024 )
...
* refactor: switch from opencensus to opentelemetry
* tempo works as designed nooooot
* fix: log traceids
* with grafana agent
* fix: http tracing
* fix: cleanup files
* chore: remove todo
* fix: bad test
* fix: ignore methods in grpc interceptors
* fix: remove test log
* clean up
* typo
* fix(config): configure tracing endpoint
* fix(span): add error id to span
* feat: metrics package
* feat: metrics package
* fix: counter
* fix: metric
* try metrics
* fix: coutner metrics
* fix: active sessin counter
* fix: active sessin counter
* fix: change current Sequence table
* fix: change current Sequence table
* fix: current sequences
* fix: spooler div metrics
* fix: console view
* fix: merge master
* fix: Last spool run on search result instead of eventtimestamp
* fix: go mod
* Update console/src/assets/i18n/de.json
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: pr review
* fix: map
* update oidc pkg
* fix: handlers
* fix: value observer
* fix: remove fmt
* fix: handlers
* fix: tests
* fix: handler minimum cycle duration 1s
* fix(spooler): handler channel buffer
* fix interceptors
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-12-02 08:50:59 +01:00
Livio Amstutz
b3f68c8f48
feat: add tracing interceptors to login and oidc ( #764 )
...
* add tracing interceptors to login and oidc
* add some tracing spans
* trace login calls
* add some spans
* add some spans (change password)
* add some more tracing in oauth/oidc
* revert org exists
* Merge branch 'master' into http-tracing
# Conflicts:
# internal/api/oidc/auth_request.go
# internal/api/oidc/client.go
# internal/auth/repository/eventsourcing/eventstore/auth_request.go
# internal/auth/repository/eventsourcing/eventstore/user.go
# internal/authz/repository/eventsourcing/eventstore/token_verifier.go
# internal/authz/repository/eventsourcing/view/token.go
# internal/user/repository/eventsourcing/eventstore.go
2020-10-21 10:18:34 +02:00
Livio Amstutz
a321d850ae
feat: project roles ( #843 )
...
* fix logging
* token verification
* feat: assert roles
* feat: add project role assertion on project and token type on app
* id and access token role assertion
* add project role check
* user grant required step in login
* update library
* fix merge
* fix merge
* fix merge
* update oidc library
* fix tests
* add tests for GrantRequiredStep
* add missing field ProjectRoleCheck on project view model
* fix project create
* fix project create
2020-10-16 07:49:38 +02:00
Fabi
265b491696
feat: tokens on user aggregate ( #837 )
...
* fix: fix remove policies in spoolers
* fix: reread of token by id
* fix: update oidc package
* fix: possible nil pointer on token split
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-10-15 13:52:41 +02:00
Silvan
5a8cafcae5
fix: JWT Profile ( #748 )
...
* fix: correct env var for tracing type
* fix: local env tracing
* fix: key in detail as string
* fix: implement storage
* fix: machine key by id
fix: store public key as bytes instead of crypto value
* update oidc pkg
* dont check origins for service account tokens
* fix: scopes
* fix: dependencies
* fix: dependencies
* fix: remove unused code
* fix: variable naming
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-09-17 08:49:33 +02:00
Livio Amstutz
c1c85e632b
fix: cookie handling ( #654 )
...
* feat: set cookie prefix and max age
* cookie prefix on csrf cookie
* fix: check user agent cookie in login
* update oidc pkg
* cleanup
2020-08-31 08:49:35 +02:00
Livio Amstutz
8efa697af2
fix: return authorizations on userinfo ( #420 )
2020-07-09 14:05:12 +02:00
Livio Amstutz
3549a8b64e
feat: port reduction ( #323 )
...
* move mgmt pkg
* begin package restructure
* rename auth package to authz
* begin start api
* move auth
* move admin
* fix merge
* configs and interceptors
* interceptor
* revert generate-grpc.sh
* some cleanups
* console
* move console
* fix tests and merging
* js linting
* merge
* merging and configs
* change k8s base to current ports
* fixes
* cleanup
* regenerate proto
* remove unnecessary whitespace
* missing param
* go mod tidy
* fix merging
* move login pkg
* cleanup
* move api pkgs again
* fix pkg naming
* fix generate-static.sh for login
* update workflow
* fixes
* logging
* remove duplicate
* comment for optional gateway interfaces
* regenerate protos
* fix proto imports for grpc web
* protos
* grpc web generate
* grpc web generate
* fix changes
* add translation interceptor
* fix merging
* regenerate mgmt proto
2020-07-08 13:56:37 +02:00