Elio Bischof
76fe032b5f
feat: option to disallow public org registration ( #6917 )
...
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* lint
2023-11-22 09:29:38 +00:00
Max Peintner
5fa596a871
fix(console): onboarding actions with external links ( #6822 )
...
* fix: attr for external links
* template outlet
2023-11-22 09:14:37 +00:00
Max Peintner
d4b18a3eda
fix(console): dependencies ( #6943 )
...
* chore(deps-dev): bump @types/file-saver from 2.0.5 to 2.0.7 in /console (#6878 )
Bumps [@types/file-saver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/file-saver ) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/file-saver )
---
updated-dependencies:
- dependency-name: "@types/file-saver"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump axios from 1.4.0 to 1.6.1 in /console (#6902 )
Bumps [axios](https://github.com/axios/axios ) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.4.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jsonwebtoken from 9.0.2 to 9.0.5 in /console (#6877 )
chore(deps-dev): bump @types/jsonwebtoken in /console
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken ) from 9.0.2 to 9.0.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken )
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump libphonenumber-js from 1.10.30 to 1.10.49 in /console (#6845 )
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js ) from 1.10.30 to 1.10.49.
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.30...v1.10.49 )
---
updated-dependencies:
- dependency-name: libphonenumber-js
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump typescript from 4.9.5 to 5.1.6 in /console (#6650 )
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 4.9.5 to 5.1.6.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.5...v5.1.6 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump google-proto-files from 3.0.3 to 4.0.0 in /console (#6653 )
Bumps [google-proto-files](https://github.com/googleapis/nodejs-proto-files ) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/googleapis/nodejs-proto-files/releases )
- [Changelog](https://github.com/googleapis/nodejs-proto-files/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/nodejs-proto-files/compare/v3.0.3...v4.0.0 )
---
updated-dependencies:
- dependency-name: google-proto-files
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump tslib from 2.5.0 to 2.6.2 in /console (#6649 )
Bumps [tslib](https://github.com/Microsoft/tslib ) from 2.5.0 to 2.6.2.
- [Release notes](https://github.com/Microsoft/tslib/releases )
- [Commits](https://github.com/Microsoft/tslib/compare/2.5.0...v2.6.2 )
---
updated-dependencies:
- dependency-name: tslib
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @ngx-translate/core from 14.0.0 to 15.0.0 in /console (#6646 )
Bumps [@ngx-translate/core](https://github.com/ngx-translate/core ) from 14.0.0 to 15.0.0.
- [Release notes](https://github.com/ngx-translate/core/releases )
- [Commits](https://github.com/ngx-translate/core/compare/v14.0.0...v15.0.0 )
---
updated-dependencies:
- dependency-name: "@ngx-translate/core"
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @babel/traverse from 7.21.5 to 7.23.2 in /console (#6742 )
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse ) from 7.21.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse )
---
updated-dependencies:
- dependency-name: "@babel/traverse"
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* lock
* ts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-21 23:41:53 +00:00
Tim Möhlmann
ba9b807854
perf(oidc): optimize the introspection endpoint ( #6909 )
...
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127
.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-11-21 13:11:38 +01:00
Livio Spring
7786b09444
fix: handle project deactivate and remove correctly on tokens ( #6947 )
...
(cherry picked from commit ad3563d58b
)
2023-11-21 10:07:04 +01:00
Livio Spring
ad3563d58b
fix: handle project deactivate and remove correctly on tokens ( #6947 )
2023-11-21 10:05:22 +01:00
Livio Spring
492b7d8676
docs(security.md): update link to disclosure policy ( #6948 )
2023-11-21 09:15:51 +01:00
Stefan Benz
0ec7a74877
perf: remove owner removed columns from projections for oidc ( #6925 )
...
* fix: remove owner removed columns from login names projection
* fix: remove owner removed columns from flow projection
* fix: remove owner removed columns from project, projectgrant and member projections
* fix: correct unit tests for session projection
* fix: correct unit tests for session projection
2023-11-20 17:21:08 +02:00
Arslan Gait
3bed5f50a8
docs: correct spelling in claims.md ( #6935 )
...
Update claims.md
Fixed typo in word 'and'
2023-11-20 12:38:06 +00:00
mffap
bd5506494a
docs(legal): update legal framework and policies (November 2023) ( #6611 )
...
* move policies
* service description editorial
* service description move
* add subprocessors
* resort policies and service descriptions
* subprocessor
* subprocessors wip
* wip
* subprocessors
* subprocessors introduction
* billing wip
* service level headings
* billing wip
* gdpr region clarification
* fix some styling
* support service wip
* wip
* service-description
* fair use, broken links
* services offered
* rework enterprise benefits
* support plans
* remove language, add support issue
* combine onboarding support
* wip
* use of brand and trademarks
* sidebar
* DASU
* Combine ToS for support services
* Apply suggestions from code review
Co-authored-by: Fabi <fabienne@zitadel.com>
* changes from review
* update updatedAt
* dpa and pp updates WIP
* broken links
* tom
* remote entity
* title annex enterprise agreement
* typo
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@zitadel.com>
* update last update dates
* replace quota with amount
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
2023-11-16 09:26:25 +00:00
Livio Spring
2e8c3b5a53
feat: allow session deletion without session token ( #6889 )
...
* fix: add resource owner of user and change the one of session to instance
* use user resource owner from session projection
* fix session permission check
* integration tests and fixes
* update api docs
2023-11-16 07:35:50 +01:00
Silvan
0948a0b9ae
ci: set runner group on parallel jobs ( #6916 )
2023-11-14 10:48:41 +00:00
Livio Spring
3001d03bca
fix: allow webauthn checks for users of other orgs ( #6915 )
...
(cherry picked from commit 3bc9a60986
)
2023-11-14 10:47:42 +01:00
Livio Spring
5af3298414
fix: set samesite mode for CSRF cookie based on security policy ( #6914 )
...
(cherry picked from commit 1344760369
)
2023-11-14 10:47:39 +01:00
Livio Spring
18788b6045
fix: improve login_hint usage on IDPs ( #6899 )
...
* only set prompt if no login_hint is set
* update to current state and cleanup
(cherry picked from commit 0386fe7f96
)
2023-11-14 10:47:27 +01:00
Livio Spring
3bc9a60986
fix: allow webauthn checks for users of other orgs ( #6915 )
2023-11-14 09:42:39 +00:00
Livio Spring
1344760369
fix: set samesite mode for CSRF cookie based on security policy ( #6914 )
2023-11-14 10:01:59 +01:00
Miguel Cabrerizo
bd63fcd15d
feat(console): add SAML certificate link and endpoints ( #6841 )
...
* feat(console): add SAML certificate link and endpoints
* fix: add missing translations for cs and ru
* fix: add @eliobischof review suggestions
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-13 17:49:55 +00:00
Tim Möhlmann
081a0b4cb7
chore(deps): upgrade all go modules ( #6895 )
...
* chore(deps): upgrade all go modules
This change upgrades all go.mod dependecies. As well as Makefile tools.
There where some imports that still used the old and deprecated
`github.com/golang/protobuf/ptypes` package.
These have been moved to the equivelant
`google.golang.org/protobuf/types/known` package.
The `internal/proto` package is removed as was only used once.
With a simple refactor in the Validator it became completely obsolete.
* fix validate unit test
* cleanup merge
* update otel
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-13 10:41:29 +00:00
Livio Spring
0386fe7f96
fix: improve login_hint usage on IDPs ( #6899 )
...
* only set prompt if no login_hint is set
* update to current state and cleanup
2023-11-13 09:25:26 +01:00
Tim Möhlmann
42a2c0093d
fix: use x-zitadel-forwarded header ( #6900 )
...
fix: use x-zitadel-forward header
2023-11-10 15:02:53 +00:00
Livio Spring
af24208b38
Merge branch 'main' into next
2023-11-10 11:09:25 +01:00
Ahmed Fwela
3f22fb3a5c
feat(user/v1): support composite queries ( #6361 )
...
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
2023-11-09 11:38:34 +01:00
Elio Bischof
e0a5f8661d
feat: improve UX for external configuration ( #6861 )
...
* docs: simplify traefik external tls
* remove pass host header
* docs: simplify and fix nginx external tls
* fix: readiness with enabled tls
* improve proxy docs
* improve proxy docs
* fix(ready): don't verify server cert
* complete nginx docs
* cleanup
* complete traefik docs
* add caddy docs
* simplify traefik
* standardize
* fix caddy
* add httpd docs
* improve external config docs
* guiding error message
* docs(defaults.yaml): remove misleading comments
* guiding error message cs and ru
* improve proxy testability
* fix compose up command
* improve commands
* fix nginx tls disabled
* fix nginx tls enabled
* fix: serve gateway when tls is enabled
* fmt caddy files
* fix caddy enabled tls
* remove not-working commands
* review
* fix checks
* fix link
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-09 11:30:15 +01:00
Livio Spring
393f711ca7
fix: handle locking policy correctly for multiple simultaneous password checks
...
Merge pull request from GHSA-7h8m-vrxx-vr4m
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
(cherry picked from commit 22e2d55999
)
2023-11-08 14:21:09 +01:00
Livio Spring
22e2d55999
Merge pull request from GHSA-7h8m-vrxx-vr4m
...
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
2023-11-08 14:19:13 +01:00
sp132
9a708b1b78
feat: extend session search service ( #6746 )
...
* feat: extend session search service (#6029 )
add two more searching criteria - human user id and session creation date
optional sorting by the session creation date
* fix: use correct column identifier
* fix: implement Col()
* chore: fix unit tests
* chore: fix linter warnings
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 11:32:13 +01:00
Mark A. Hershberger
0d3788b757
docs: Update managers.mdx ( #6873 )
...
Update managers.mdx
typo
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 09:07:11 +00:00
Alexei
9ccdfdc196
feat: Add translations for Russian ( #6864 )
...
* wip
* add Russian (autotranslate)
TODO: review translations
* fix console linting
* add russian language to login translations
* docs
* missing console translations
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-08 07:38:55 +00:00
petrmifek
e839f03f57
feat(i18n): Czech language support ( #6870 )
...
feat(i18n): Add Czech language support
2023-11-08 07:55:41 +01:00
Miguel Cabrerizo
49d3ae6238
feat(console): replace twitter bird with X ( #6843 )
...
feat(console): replace blue bird with X
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-07 10:43:29 +00:00
Livio Spring
0090868b46
fix: prevent panic in loginNameInformation ( #6876 )
...
(cherry picked from commit e342e3d99b
)
2023-11-07 11:17:45 +01:00
Livio Spring
e342e3d99b
fix: prevent panic in loginNameInformation ( #6876 )
2023-11-07 11:16:49 +01:00
Michal
a50d1408be
feat(console): add-saml-to-idp ( #6687 ) ( #6750 )
...
Co-authored-by: Max Peintner <max@caos.ch>
2023-11-07 10:58:31 +01:00
Tim Möhlmann
b3ff359fc1
fix(system-api): use distinct in intances filter query ( #6867 )
2023-11-07 06:12:16 +00:00
Livio Spring
f3b8a3aece
feat: add possibility to set an expiration to a session ( #6851 )
...
* add lifetime to session api
* extend session with lifetime
* check session token expiration
* fix typo
* integration test to check session token expiration
* integration test to check session token expiration
* i18n
* cleanup
* improve tests
* prevent negative lifetime
* fix error message
* fix lifetime check
2023-11-06 10:48:28 +01:00
Livio Spring
ce322323aa
perf(oidc): remove db call for discovery configuration ( #6857 )
2023-11-03 15:18:57 +00:00
Elio Bischof
1b6e3dcf27
fix: creation date argument in search events filters ( #6855 )
...
* fix: creation date filter in event queries
* fix: creation date with ordering filter
* simplify code
* simplify review
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-03 14:52:48 +00:00
Livio Spring
c58dfe9aa0
fix: payload (de)serialization of some events ( #6858 )
...
(cherry picked from commit 9378e19090
)
2023-11-03 12:17:17 +01:00
Livio Spring
9378e19090
fix: payload (de)serialization of some events ( #6858 )
2023-11-03 11:02:17 +00:00
Livio Spring
585c8af5f2
docs(technical advisory): add version to console branding ( #6852 )
2023-11-02 16:18:14 +01:00
Stefan Benz
d874628f77
fix: use username with external idp linking ( #6846 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-02 11:28:59 +00:00
Stefan Benz
f84eb19637
fix: change error message from metadata query User.NotFound to Metada… ( #6830 )
...
fix: change error message from metadata query User.NotFound to Metadata.NotFound
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-02 08:35:15 +00:00
Max Peintner
d27136dcba
fix(console): dont apply colors from branding settings ( #6853 )
...
fix: dont apply colors in console, clean up theme service
(cherry picked from commit c8dc14ca9d
)
2023-11-02 08:25:25 +01:00
Max Peintner
c8dc14ca9d
fix(console): dont apply colors from branding settings ( #6853 )
...
fix: dont apply colors in console, clean up theme service
2023-11-02 06:41:36 +00:00
Max Peintner
5e3c8886ab
fix(console): placeholder accessor ( #6849 )
...
* fix(console): placeholder accessor
* cleanup
(cherry picked from commit 814e09f1d5
)
2023-10-31 13:28:25 +01:00
Max Peintner
814e09f1d5
fix(console): placeholder accessor ( #6849 )
...
* fix(console): placeholder accessor
* cleanup
2023-10-31 13:24:39 +01:00
Livio Spring
233b90f004
Merge branch 'main' into next
2023-10-31 07:35:25 +01:00
Max Peintner
a2a02598d0
fix(console): minor layout issues ( #6835 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-10-31 06:33:32 +00:00
Tim Möhlmann
0a1da1f02c
fix: reset custom texts to default ( #6833 )
...
* Revert "fix: add texts after template reset (#6237 )"
This reverts commit d937ee3dda
.
* fix: reset of custom text template
* add custom bulk limits from issue
https://github.com/zitadel/zitadel/issues/6766#issuecomment-1778721782
2023-10-27 17:43:13 +00:00