Commit Graph

3276 Commits

Author SHA1 Message Date
Dakshitha Ratnayake
251d855f5d docs(integrate): Add google login video (#7836)
* Update google.mdx

* Update google.mdx
2024-04-26 09:37:37 +05:30
Silvan
5131328291 refactor(v2): init database package (#7802) 2024-04-25 06:45:34 +00:00
Miguel Cabrerizo
207b20ff0f fix(console): orgs list is shown empty when org is removed (#7781)
fix:active orgs not shown when org is removed

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-25 05:02:20 +00:00
Livio Spring
d016379e2a feat: pass and handle auth request context for email links (#7815)
* pass and handle auth request context

* tests and cleanup

* cleanup
2024-04-24 17:50:58 +02:00
Livio Spring
220c09d941 fix(login): correctly reload policies on auth request (#7839) v2.50.4 2024-04-24 10:54:55 +02:00
Livio Spring
ac985e2dfb fix(login): correctly reload policies on auth request (#7839) 2024-04-24 08:44:55 +00:00
Silvan
e7904057e0 perf: cache auth request in memory (#7824)
* perf: cache auth request in memory

(cherry picked from commit 25030c69b9)
v2.50.3
2024-04-23 13:49:01 +02:00
Silvan
b02eeeccea fix(query): reduce app query overhead (#7817)
* fix(query): reduce app query overhead

(cherry picked from commit 13b566e0d9)
2024-04-23 13:32:36 +02:00
Elio Bischof
3193925ffc test(e2e): check for exactly one displayed event (#7831)
test(e2e): check for exactly once displayed event

(cherry picked from commit df50c3835b)
2024-04-23 13:31:05 +02:00
Livio Spring
f180530e38 fix: exclude db connection error details (#7785)
* fix: exclude db connection error details

* remove potential recursive error

(cherry picked from commit cc0c06f225)
2024-04-23 13:31:05 +02:00
Elio Bischof
406f1c1595 test(e2e): fix events flakiness (#7829)
(cherry picked from commit 42bd636d21)
2024-04-23 13:31:04 +02:00
Silvan
25030c69b9 perf: cache auth request in memory (#7824)
* perf: cache auth request in memory
2024-04-23 11:23:50 +00:00
Miguel Cabrerizo
9fa90e0757 fix: weird issue with service key expirationDate format (#7688)
* fix: weird issue with service key expirationDate format for localizedDate

* fix: replace YYYY with EEEE dd. MMM yyyy in other cases just in case

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-23 10:17:28 +00:00
Ari
e46dd121cd feat: allow using a local RSA key for machine keys (#7671)
* Allow using a local RSA key for machine keys

* Add check for key validity

* Fix naming error

* docs: provide translations of invalid key

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-23 09:38:07 +00:00
Elio Bischof
df50c3835b test(e2e): check for exactly one displayed event (#7831)
test(e2e): check for exactly once displayed event
2024-04-23 09:09:25 +00:00
Livio Spring
cc0c06f225 fix: exclude db connection error details (#7785)
* fix: exclude db connection error details

* remove potential recursive error
2024-04-23 08:35:25 +00:00
Elio Bischof
42bd636d21 test(e2e): fix events flakiness (#7829) 2024-04-23 09:20:11 +02:00
mffap
66d185d74d docs(concepts): identity brokering (#7812)
* docs(concepts): identity brokering

* add comments from review
2024-04-22 13:59:11 +00:00
Stefan Benz
4520c6fc49 chore: codecov token secret for nested workflow (#7792)
fix: codecov token secret for nested workflow
2024-04-22 13:10:49 +00:00
Livio Spring
74624018c2 feat(actions): allow getting metadata of organizations from user grants (#7782)
* feat(actions): allow getting metadata of (other) organizations from user grants

* docs add action example
2024-04-22 11:34:23 +00:00
Livio Spring
9d754d84b3 chore: update stable to v2.45.6 (#7818) 2024-04-22 11:05:01 +00:00
Silvan
13b566e0d9 fix(query): reduce app query overhead (#7817)
* fix(query): reduce app query overhead
2024-04-22 11:30:56 +02:00
Florian Forster
cca4b715c0 chore: typo in api docs (#7803) 2024-04-19 11:46:05 +02:00
mffap
a63dceb9bc chore: Update readme with new features and links (#7798)
Update readme with new features and links
2024-04-18 19:48:29 +00:00
Elio Bischof
4823e47977 docs: fix knative docs (#7752)
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-18 13:45:15 +00:00
Tim Möhlmann
579113b6ac fix(crdb): obtain latest sequences when the tx is retried (#7795) v2.50.2 2024-04-18 15:39:40 +02:00
Tim Möhlmann
029a6d393a fix(crdb): obtain latest sequences when the tx is retried (#7795) 2024-04-18 13:07:05 +00:00
Silvan
d337668599 chore: init load tests (#7635)
* init load tests

* add machine pat

* setup app

* add introspect

* use xk6-modules repo

* logging

* add teardown

* add manipulate user

* add manipulate user

* remove logs

* convert tests to ts

* add readme

* zitadel

* review comments
2024-04-18 12:21:07 +03:00
Tim Möhlmann
dbb824a73f chore(oidc): add refresh token error integration test (#7766)
We are trying to reproduce a few 500 responses we observe on zitadel cloud's token endpoint.
As in the past these were caused by wrongly encoded or encrypted refresh tokens, I created a integration test which tries to reproduce 500 errors by sending invalid refresh tokens.

The added test does not reproduce 500s, all returned errors are in the 400 range as they should. However, as the test is already written, we might as well include them.

Related to #7765

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-17 08:38:03 +00:00
Tim Möhlmann
8054e6753a fix(oidc): roles in userinfo for client credentials token (#7763)
* fix(oidc): roles in userinfo for client credentials token

When tokens were obtained using the client credentials grant,
with audience and role scopes, userinfo would not return the role claims. This had multiple causes:

1. There is no auth request flow, so for legacy userinfo project data was never attached to the token
2. For optimized userinfo, there is no client ID that maps to an application. The client ID for client credentials is the machine user's name. There we can't obtain a project ID. When the project ID remained empty, we always ignored the roleAudience.

This PR fixes situation 2, by always taking the roleAudience into account, even when the projectID is empty. The code responsible for the bug is also refactored to be more readable and understandable, including additional godoc.

The fix only applies to the optimized userinfo code introduced in #7706 and released in v2.50 (currently in RC). Therefore it can't be back-ported to earlier versions.

Fixes #6662

* chore(deps): update all go deps (#7764)

This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.

* Revert "chore(deps): update all go deps" (#7772)

Revert "chore(deps): update all go deps (#7764)"

This reverts commit 6893e7d060.

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit 9ccbbe05bc)
v2.50.1
2024-04-16 15:46:13 +02:00
Silvan
e4843d7692 fix(middleware): init translation messages (#7778)
* fix(middleware): init translation messages

* revert change

* refactor: split loop in separate function

* add imports to ensure init of fs

(cherry picked from commit 9bcfa12be2)
2024-04-16 15:46:13 +02:00
Silvan
ede8866d32 chore: remove bloating span (#7780)
* fix(query): query event editors only once per call

* remove span

(cherry picked from commit 386addc718)
2024-04-16 15:46:12 +02:00
Tim Möhlmann
9ccbbe05bc fix(oidc): roles in userinfo for client credentials token (#7763)
* fix(oidc): roles in userinfo for client credentials token

When tokens were obtained using the client credentials grant,
with audience and role scopes, userinfo would not return the role claims. This had multiple causes:

1. There is no auth request flow, so for legacy userinfo project data was never attached to the token
2. For optimized userinfo, there is no client ID that maps to an application. The client ID for client credentials is the machine user's name. There we can't obtain a project ID. When the project ID remained empty, we always ignored the roleAudience.

This PR fixes situation 2, by always taking the roleAudience into account, even when the projectID is empty. The code responsible for the bug is also refactored to be more readable and understandable, including additional godoc.

The fix only applies to the optimized userinfo code introduced in #7706 and released in v2.50 (currently in RC). Therefore it can't be back-ported to earlier versions.

Fixes #6662

* chore(deps): update all go deps (#7764)

This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.

* Revert "chore(deps): update all go deps" (#7772)

Revert "chore(deps): update all go deps (#7764)"

This reverts commit 6893e7d060.

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-16 13:02:38 +00:00
Silvan
9bcfa12be2 fix(middleware): init translation messages (#7778)
* fix(middleware): init translation messages

* revert change

* refactor: split loop in separate function

* add imports to ensure init of fs
2024-04-16 12:08:18 +00:00
Silvan
386addc718 chore: remove bloating span (#7780)
* fix(query): query event editors only once per call

* remove span
2024-04-16 11:19:17 +00:00
Silvan
288525f180 fix(query): query event editors only once per call (#7776)
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit f412687427)
2024-04-16 13:01:39 +02:00
Tim Möhlmann
86e6c2a5df fix(oidc): make device auth audience and scope nullable (#7777)
This fixes the projection of events that have a null audience or scope.
As audience was added in v2.50, legacy events do not have an audience, this made replay of the old events not possible after an upgrade.

(cherry picked from commit be00e3861a)
2024-04-16 13:01:38 +02:00
Silvan
f412687427 fix(query): query event editors only once per call (#7776)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-16 10:42:31 +00:00
Tim Möhlmann
be00e3861a fix(oidc): make device auth audience and scope nullable (#7777)
This fixes the projection of events that have a null audience or scope.
As audience was added in v2.50, legacy events do not have an audience, this made replay of the old events not possible after an upgrade.
2024-04-16 10:34:38 +02:00
Livio Spring
905799c736 Merge branch 'main' into next
# Conflicts:
#	internal/crypto/crypto.go
#	internal/crypto/crypto_test.go
v2.50.0
2024-04-15 16:37:31 +02:00
mffap
48d7307d0e docs(features): external user grant (#7771)
* docs(features): external user grant

* cross link

* add image

* fix link to blog

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
2024-04-15 12:13:05 +00:00
dependabot[bot]
6f16561f4d chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.1 (#7767)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.1...v1.0.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:36:23 +00:00
dependabot[bot]
6a1ec149d3 chore(deps): bump actions/github-script from 6 to 7 (#7768)
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:13:19 +00:00
dependabot[bot]
e613ad6453 chore(deps): bump codecov/codecov-action from 4.1.0 to 4.3.0 (#7747)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.0...v4.3.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 09:50:47 +00:00
Tim Möhlmann
fe9bb49caa chore(deps): update all go deps (#7773)
This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.
2024-04-15 09:17:36 +00:00
Livio Spring
6e5e8d06b4 chore(stable): update to 2.44.7 (#7770) 2024-04-15 09:56:22 +02:00
Elio Bischof
5b34aabbdd fix(setup): decode role mappings (#7760) 2024-04-14 12:55:54 +03:00
Max Peintner
9865425a0c docs: update state of typescript repository (#7754)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-11 09:02:31 +00:00
Elio Bischof
2de66dcf95 fix(console): keep default idps active (#7663)
* fix(console): keep default idps active

* rename var

* rename var

* use Promise.all()

* lint

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-11 08:29:25 +00:00
Miguel Cabrerizo
d229da6af7 feat: SMTP Templates (#6932)
* feat: smtp templates poc

* feat: add isActive & ProviderType to SMTP backend

* feat: change providertype to uint32 and fix tests

* feat: minimal smtp provider component

* feat: woking on diiferent providers

* feat: keep working on providers

* feat: initial stepper for new provider

* fix: settings list and working on stepper

* feat: step 1 and 2 form inputs

* feat: starter for smtp test step

* fix: misspelled SMPT

* fix: remove tests for now

* feat: add tls toggle remove old google provider

* feat: working on add smtp and table

* fix: duplicated identifiers

* fix: settings list

* fix: add missing smtp config properties

* fix: add configID to smtp config table

* fix: working on listproviders

* feat: working in listSMTPConfigs

* fix: add count to listsmtpconfigs

* fix: getting empty results from listSMTPConfigs

* feat: table now shows real data

* fix: remaining styles for smtp-table

* fix: remove old notification-smtp-provider-component

* feat: delete smtp configuration

* feat: deactivate smtp config

* feat: replace isActive with state for smtp config

* feat: activate smtp config

* fix: remaining errors after main merge

* fix: list smtp providers panic and material mdc

* feat: refactor to only one provider component

* feat: current provider details view

* fix: refactor AddSMTPConfig and ChangeSMTPConfig

* fix: smtp config reduce issue

* fix: recover domain in NewIAMSMTPConfigWriteModel

* fix: add code needed by SetUpInstance

* fix: go tests and warn about passing context to InstanceAggregateFromWriteModel

* fix: i18n and add missing trans for fr, it, zh

* fix: add e2e tests

* docs: add smtp templates

* fix: remove provider_type, add description

* fix: remaining error from merge main

* fix: add @stebenz change for primary key

* fix: inactive placed after removed to prevent deleted configs to show as inactive

* fix: smtp provider id can be empty (migrated)

* feat: add mailchimp transactional template

* feat: add Brevo (Sendinblue) template

* feat: change brevo logo, add color to tls icon

* fix: queries use resourceowner, id must not be empty

* fix: deal with old smtp settings and tests

* fix: resourceOwner is the instanceID

* fix: remove aggregate_id, rename SMTPConfigByAggregateID with SMTPConfigActive

* fix: add tests for multiple configs with different IDs

* fix: conflict

* fix: remove notification-smtp-provider

* fix: add @peintnermax suggestions, rename module and fix e2e tests

* fix: remove material legacy modules

* fix: remove ctx as parameter for  InstanceAggregateFromWriteModel

* fix: add Id to SMTPConfigToPb

* fix:  change InstanceAggregateFromWriteModel to avoid linter errors

* fix import

* rm unused package-lock

* update yarn lock

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-11 09:16:10 +02:00