Livio Spring
14e2aba1bc
feat: Add Twilio Verification Service ( #8678 )
...
# Which Problems Are Solved
Twilio supports a robust, multi-channel verification service that
notably supports multi-region SMS sender numbers required for our use
case. Currently, Zitadel does much of the work of the Twilio Verify (eg.
localization, code generation, messaging) but doesn't support the pool
of sender numbers that Twilio Verify does.
# How the Problems Are Solved
To support this API, we need to be able to store the Twilio Service ID
and send that in a verification request where appropriate: phone number
verification and SMS 2FA code paths.
This PR does the following:
- Adds the ability to use Twilio Verify of standard messaging through
Twilio
- Adds support for international numbers and more reliable verification
messages sent from multiple numbers
- Adds a new Twilio configuration option to support Twilio Verify in the
admin console
- Sends verification SMS messages through Twilio Verify
- Implements Twilio Verification Checks for codes generated through the
same
# Additional Changes
# Additional Context
- base was implemented by @zhirschtritt in
https://github.com/zitadel/zitadel/pull/8268 ❤️
- closes https://github.com/zitadel/zitadel/issues/8581
---------
Co-authored-by: Zachary Hirschtritt <zachary.hirschtritt@klaviyo.com>
Co-authored-by: Joey Biscoglia <joey.biscoglia@klaviyo.com>
2024-09-26 09:14:33 +02:00
Livio Spring
a1d24353db
fix: prevent error reason leakage in case of IgnoreUnknownUsernames ( #8372 )
...
# Which Problems Are Solved
ZITADEL administrators can enable a setting called "Ignoring unknown
usernames" which helps mitigate attacks that try to guess/enumerate
usernames. If enabled, ZITADEL will show the password prompt even if the
user doesn't exist and report "Username or Password invalid".
Due to a implementation change to prevent deadlocks calling the
database, the flag would not be correctly respected in all cases and an
attacker would gain information if an account exist within ZITADEL,
since the error message shows "object not found" instead of the generic
error message.
# How the Problems Are Solved
- Proper check of the error using an error function / type and
`errors.Is`
# Additional Changes
None.
# Additional Context
- raised in a support request
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-07-31 14:23:57 +02:00
Livio Spring
07b2bac463
fix: allow login with user created through v2 api without password ( #8291 )
...
# Which Problems Are Solved
User created through the User V2 API without any authentication method
and possibly unverified email address was not able to login through the
current hosted login UI.
An unverified email address would result in a mail verification and not
an initialization mail like it would with the management API. Also the
login UI would then require the user to enter the init code, which the
user never received.
# How the Problems Are Solved
- When verifying the email through the login UI, it will check for
existing auth methods (password, IdP, passkeys). In case there are none,
the user will be prompted to set a password.
- When a user was created through the V2 API with a verified email and
no auth method, the user will be prompted to set a password in the login
UI.
- Since setting a password requires a corresponding code, the code will
be generated and sent when login in.
# Additional Changes
- Changed `RequestSetPassword` to get the codeGenerator from the
eventstore instead of getting it from query.
# Additional Context
- closes https://github.com/zitadel/zitadel/issues/6600
- closes https://github.com/zitadel/zitadel/issues/8235
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-07-17 06:43:07 +02:00
Livio Spring
aabefb9382
feat(session api): respect lockout policy ( #8027 )
...
# Which Problems Are Solved
The session API was designed to be flexible enough for multiple use
cases / login scenarios, where the login could respect the login policy
or not. The session API itself does not have a corresponding policy and
would not check for a required MFA or alike. It therefore also did not
yet respect the lockout policy and would leave it to the login UI to
handle that.
Since the lockout policy is related to the user and not the login
itself, we decided to handle the lockout also on calls of the session
API.
# How the Problems Are Solved
If a lockout policy is set for either password or (T)OTP checks, the
corresponding check on the session API be run against the lockout check.
This means that any failed check, regardless if occurred in the session
API or the current hosted login will be counted against the maximum
allowed checks of that authentication mechanism. TOTP, OTP SMS and OTP
Email are each treated as a separate mechanism.
For implementation:
- The existing lockout check functions were refactored to be usable for
session API calls.
- `SessionCommand` type now returns not only an error, but also
`[]eventstore.Command`
- these will be executed in case of an error
# Additional Changes
None.
# Additional Context
Closes #7967
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-05-30 22:08:48 +00:00
Livio Spring
43da9225be
fix: check password complexity policy and respect changeRequired on password change ( #7884 )
...
* fix: check password complexity policy on password change and respect require_change
* pass changeRequired where available and add tests
* fix requested changes
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-05-02 11:50:13 +02:00
Livio Spring
d016379e2a
feat: pass and handle auth request context for email links ( #7815 )
...
* pass and handle auth request context
* tests and cleanup
* cleanup
2024-04-24 17:50:58 +02:00
Tim Möhlmann
2089992d75
feat(crypto): use passwap for machine and app secrets ( #7657 )
...
* feat(crypto): use passwap for machine and app secrets
* fix command package tests
* add hash generator command test
* naming convention, fix query tests
* rename PasswordHasher and cleanup start commands
* add reducer tests
* fix intergration tests, cleanup old config
* add app secret unit tests
* solve setup panics
* fix push of updated events
* add missing event translations
* update documentation
* solve linter errors
* remove nolint:SA1019 as it doesn't seem to help anyway
* add nolint to deprecated filter usage
* update users migration version
* remove unused ClientSecret from APIConfigChangedEvent
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-05 09:35:49 +00:00
Fabi
0542b29517
docs: Contribution guidelines ( #7443 )
...
* docs: gender neutrality
* docs: gender neutrality
* docs: gender neutrality
* Update docs/docs/concepts/features/identity-brokering.md
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update docs/docs/guides/integrate/login-ui/mfa.mdx
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update docs/docs/guides/integrate/login-ui/passkey.mdx
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update internal/static/i18n/en.yaml
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update internal/static/i18n/en.yaml
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-02-26 13:11:09 +00:00
Livio Spring
c20204d84d
fix: set userAgentID in password change event if available ( #7319 )
2024-01-30 15:36:34 +01:00
Stefan Benz
a0a82b59e1
feat: user service v2 create, update and remove ( #6996 )
...
* feat: user service v2 remove user
* feat: user service v2 add user human
* feat: user service v2 change user human
* feat: user service v2 change user human unit tests
* feat: user service v2 reactivate, deactivate, lock, unlock user
* feat: user service v2 integration tests
* fix: merge back origin/main
* lint: linter corrections
* fix: move permission check for isVerfied and password change
* fix: add deprecated notices and other review comments
* fix: consistent naming in proto
* fix: errors package renaming
* fix: remove / delete user renaming in integration test
* fix: machine user status changes through user v2 api
* fix: linting changes
* fix: linting changes
* fix: changes from review
* fix: changes from review
* fix: changes from review
* fix: changes from review
* fix: changes from review
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-21 10:03:37 +01:00
Tim Möhlmann
f680dd934d
refactor: rename package errors to zerrors ( #7039 )
...
* chore: rename package errors to zerrors
* rename package errors to gerrors
* fix error related linting issues
* fix zitadel error assertion
* fix gosimple linting issues
* fix deprecated linting issues
* resolve gci linting issues
* fix import structure
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00
Livio Spring
22e2d55999
Merge pull request from GHSA-7h8m-vrxx-vr4m
...
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
2023-11-08 14:19:13 +01:00
Silvan
b5564572bc
feat(eventstore): increase parallel write capabilities ( #5940 )
...
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005 ) and [06](https://zitadel.com/docs/support/advisory/a10006 ).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2023-10-19 12:19:10 +02:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing ( #6196 )
...
* feat: use passwap for human user passwords
* fix tests
* passwap config
* add the event mapper
* cleanup query side and api
* solve linting errors
* regression test
* try to fix linter errors again
* pass systemdefaults into externalConfigChange migration
* fix: user password set in auth view
* pin passwap v0.2.0
* v2: validate hashed password hash based on prefix
* resolve remaining comments
* add error tag and translation for unsupported hash encoding
* fix unit test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-14 09:49:57 +03:00
Livio Spring
82e7333169
feat(api): add password reset and change to user service ( #6036 )
...
* feat(api): add password reset and change to user service
* integration tests
* invalidate password check after password change
* handle notification type
* fix proto
2023-06-20 17:34:06 +02:00
Stefan Benz
19621acfd3
feat: add notification policy and password change message ( #5065 )
...
Implementation of new notification policy with functionality to send email when a password is changed
2023-01-25 09:49:41 +01:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Fabi
e3528ff0b2
feat: Config to eventstore ( #3158 )
...
* feat: add default language to eventstore
* feat: add secret generator configs events
* feat: tests
* feat: secret generators in eventstore
* feat: secret generators in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* fix: migrations
* fix migration version
* fix test
* feat: change secret generator type to enum
* feat: change smtp attribute names
* feat: change smtp attribute names
* feat: remove engryption algorithms from command side
* feat: remove engryption algorithms from command side
* feat: smtp config
* feat: smtp config
* format smtp from header
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-16 15:49:17 +00:00
Silvan
09be70949f
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter ( #2907 )
2022-01-03 09:19:07 +01:00
Livio Amstutz
af1f10b7ca
fix: check login policy before register and password check ( #2611 )
...
* fix: check login policy before register and password check
* remove accidentally pushed overwrite
* Update en.yaml
2021-11-08 07:42:07 +00:00
Silvan
40b7b5a804
fix(queries): lockout policy ( #2419 )
...
* job queue
* wg improvements
* start handler
* statement
* statements
* imporve handler
* improve statement
* statement in seperate file
* move handlers
* move query/old to query
* handler
* read models
* bulk works
* cleanup
* contrib
* rename readmodel to projection
* rename read_models schema to projections
* rename read_models schema to projections
* search query as func,
bulk iterates as long as new events
* add event sequence less query
* update checks for events between current sequence and sequence of first statement if it has previous sequence 0
* cleanup crdb projection
* refactor projection handler
* start with testing
* tests for handler
* remove todo
* refactor statement: remove table name,
add tests
* improve projection handler shutdown,
no savepoint if noop stmt,
tests for stmt handler
* tests
* start failed events
* seperate branch for contrib
* move statement constructors to crdb pkg
* correct import
* Subscribe for eventtypes (#1800 )
* fix: is default (#1737 )
* fix: use email as username on global org (#1738 )
* fix: use email as username on global org
* Update user_human.go
* Update register_handler.go
* chore(deps): update docusaurus (#1739 )
* chore: remove PAT and use GH Token (#1716 )
* chore: remove PAT and use GH Token
* fix env
* fix env
* fix env
* md lint
* trigger ci
* change user
* fix GH bug
* replace login part
* chore: add GH Token to sem rel (#1746 )
* chore: add GH Token to sem rel
* try branch
* add GH Token
* remove test branch again
* docs: changes acme to acme-caos (#1744 )
* changes acme to acme-caos
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* feat: add additional origins on applications (#1691 )
* feat: add additional origins on applications
* app additional redirects
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console
Bumps [@angular/cli](https://github.com/angular/angular-cli ) from 11.2.8 to 11.2.11.
- [Release notes](https://github.com/angular/angular-cli/releases )
- [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console
Bumps [stylelint](https://github.com/stylelint/stylelint ) from 13.10.0 to 13.13.1.
- [Release notes](https://github.com/stylelint/stylelint/releases )
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.14.37 to 15.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console
Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen ) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases )
- [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md )
- [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682 )
Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine ) from 3.6.9 to 3.6.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/google-protobuf in /console (#1681 )
Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf ) from 3.7.4 to 3.15.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666 )
Bumps [grpc](https://github.com/grpc/grpc-node ) from 1.24.5 to 1.24.7.
- [Release notes](https://github.com/grpc/grpc-node/releases )
- [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* lock
* chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @angular/language-service in /console
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service ) from 11.2.9 to 11.2.12.
- [Release notes](https://github.com/angular/angular/releases )
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md )
- [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* package lock
* downgrade grpc
* downgrade protobuf types
* revert npm packs 🥸
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* docs: update run and start section texts (#1745 )
* update run and start section texts
* adds showcase
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
* fix: additional origin list (#1753 )
* fix: handle api configs in authz handler (#1755 )
* fix(console): add model for api keys, fix toast, binding (#1757 )
* fix: add model for api keys, fix toast, binding
* show api clientid
* fix: missing patchvalue (#1758 )
* feat: refresh token (#1728 )
* begin refresh tokens
* refresh tokens
* list and revoke refresh tokens
* handle remove
* tests for refresh tokens
* uniqueness and default expiration
* rename oidc token methods
* cleanup
* migration version
* Update internal/static/i18n/en.yaml
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fixes
* feat: update oidc pkg for refresh tokens
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fix: correct json name of clientId in key.json (#1760 )
* fix: migration version (#1767 )
* start subscription
* eventtypes
* fix(login): links (#1778 )
* fix(login): href for help
* fix(login): correct link to tos
* fix: access tokens for service users and refresh token infos (#1779 )
* fix: access token for service user
* handle info from refresh request
* uniqueness
* postpone access token uniqueness change
* chore(coc): recommend code of conduct (#1782 )
* subscribe for events
* feat(console): refresh toggle out of granttype context (#1785 )
* refresh toggle
* disable if not code flow, lint
* lint
* fix: change oidc config order
* accept refresh option within flow
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: refresh token activation (#1795 )
* fix: oidc grant type check
* docs: add offline_access scope
* docs: update refresh token status in supported grant types
* fix: update oidc pkg
* fix: check refresh token grant type (#1796 )
* configuration structs
* org admins
* failed events
* fixes
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* remove comment
* aggregate reducer
* remove eventtypes
* add protoc-get-validate to mod
* fix transaltion
* upsert
* add gender on org admins,
allow to retry failed stmts after configurable time
* remove if
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* current sequences
* make org and org_admins work again
* add aggregate type to current sequence
* fix(contibute): listing
* add validate module
* fix: search queries
* feat(eventstore): previous aggregate root sequence (#1810 )
* feat(eventstore): previous aggregate root sequence
* fix tests
* fix: eventstore v1 test
* add col to all mocked rows
* next try
* fix mig
* rename aggregate root to aggregate type
* update comment
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* small refactorings
* allow update multiple current sequences
* unique log id
* fix migrations
* rename org admin to org owner
* improve error handling and logging
* fix(migration): optimize prev agg root seq
* fix: projection handler test
* fix: sub queries
* small fixes
* additional event types
* correct org owner projection
* fix primary key
* feat(eventstore): jobs for projections (#2026 )
* fix: template names in login (#1974 )
* fix: template names in login
* fix: error.html
* fix: check for features on mgmt only (#1976 )
* fix: add sentry in ui, http and projection handlers (#1977 )
* fix: add sentry in ui, http and projection handlers
* fix test
* fix(eventstore): sub queries (#1805 )
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* fix(contibute): listing
* add validate module
* fix: search queries
* remove unused event type in query
* ignore query if error in marshal
* go mod tidy
* update privacy policy query
* update queries
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* feat: Extend oidc idp with oauth endpoints (#1980 )
* feat: add oauth attributes to oidc idp configuration
* feat: return idpconfig id on create idp
* feat: tests
* feat: descriptions
* feat: docs
* feat: tests
* docs: update to beta 3 (#1984 )
* fix: role assertion (#1986 )
* fix: enum to display access token role assertion
* improve assertion descriptions
* fix nil pointer
* docs: eventstore (#1982 )
* docs: eventstore
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
* fix(sentry): trigger sentry release (#1989 )
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix: set version for sentry release (#1990 )
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix(corrected var name): corrected var name
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: log error reason on terminate session (#1973 )
* fix: return default language file, if requested lang does not exist for default login texts (#1988 )
* fix: return default language file, if requested lang doesnt exists
* feat: read default translation file
* feat: docs
* fix: race condition in auth request unmarshalling (#1993 )
* feat: handle ui_locales in login (#1994 )
* fix: handle ui_locales in login
* move supportedlanguage func into i18n package
* update oidc pkg
* fix: handle closed channels on unsubscribe (#1995 )
* fix: give restore more time (#1997 )
* fix: translation file read (#2009 )
* feat: translation file read
* feat: readme
* fix: enable idp add button for iam users (#2010 )
* fix: filter event_data (#2011 )
* feat: Custom message files (#1992 )
* feat: add get custom message text to admin api
* feat: read custom message texts from files
* feat: get languages in apis
* feat: get languages in apis
* feat: get languages in apis
* feat: pr feedback
* feat: docs
* feat: merge main
* fix: sms notification (#2013 )
* fix: phone verifications
* feat: fix password reset as sms
* fix: phone verification
* fix: grpc status in sentry and validation interceptors (#2012 )
* fix: remove oauth endpoints from oidc config proto (#2014 )
* try with view
* fix(console): disable sw (#2021 )
* fix: disable sw
* angular.json disable sw
* project projections
* fix typos
* customize projections
* customizable projections,
add change date to projects
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* env file
* typo
* correct users
* correct migration
* fix: merge fail
* fix test
* fix(tests): unordered matcher
* improve currentSequenceMatcher
* correct certs
* correct certs
* add zitadel database on database list
* refctor switch in match
* enable all handlers
* Delete io.env
* cleanup
* add handlers
* rename view to projection
* rename view to projection
* fix type typo
* remove unnecessary logs
* refactor stmts
* simplify interval calculation
* fix tests
* fix unlock test
* fix migration
* migs
* fix(operator): update cockroach and flyway versions (#2138 )
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.19.2 to 0.21.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.34.0 to 0.52.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* start update dependencies
* update mods and otlp
* fix(build): update to go 1.16
* old version for k8s mods
* update k8s versions
* update orbos
* fix(operator): update cockroach and flyway version
* Update images.go
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
* fix import
* fix typo
* fix(migration): add org projection
* fix(projection): correct table for org events in org owners
* better insert stmt
* fix typo
* fix typo
* set max connection lifetime
* set max conns and conn lifetime in eventstore v1
* configure sql connection settings
* add mig for agg type index
* fix replace tab in yaml
* handler interfaces
* subscription
* first try
* handler
* move sql client initialization
* first part implemented
* removed all occurencies of org by id and search orgs
* fix merge issues
* cleanup code
* fix: queries implements orgviewprovider
* cleanup
* refactor text comparison
* remove unused file
* remove unused code
* log
* remove unused code
* remove unused field
* remove unused file
* refactor
* tests for search query
* remove try
* simplify state change mappers
* projection tests
* query functions
* move reusable objects to separate files
* rename domain column to primar_domain
* fix tests
* add current sequence
* remove log prints
* fix tests
* fix: verifier
* fix test
* rename domain col migrations
* simplify search response
* add custom column constructors
* fix: org projection table const
* fix: full column name
* feat: text query extension
* fix: tests for query
* number query
* add deprection message
* projection
* correct migration
* projection
* projection
* column in a single place (#2416 )
* column in a single place
* use projection for columns
* query column with aliases
* rename methods
* remove unused code
* column for current sequences
* correct file name
* global counter column
* fix is org unique
* query
* fix wrong code
* remove unused code
* query
* remove unused code
* remove unused code
* query
* api
* remove unused cod
* remove unused code
* remove unused code
* tests
* tests
* tests
* fix: tests
* migrations
* fixes
* errors
* fix test
* add converter option
* fix(auth-repo): add queries to struct
* error messages
* rename method,
correct log message
* small fixes
* correct version
* correct version
* fix(migration): set pk
* fix test
* cleanup code
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-10-20 14:28:24 +00:00
Fabi
bc951985ed
feat: Lockout policy ( #2121 )
...
* feat: lock users if lockout policy is set
* feat: setup
* feat: lock user on password failes
* feat: render error
* feat: lock user on command side
* feat: auth_req tests
* feat: lockout policy docs
* feat: remove show lockout failures from proto
* fix: console lockout
* feat: tests
* fix: tests
* unlock function
* add unlock button
* fix migration version
* lockout policy
* lint
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: err message
* Update internal/command/setup_step4.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2021-08-11 06:36:32 +00:00
Fabi
c0d9d86b09
fix: set password in management api ( #1766 )
...
* fix: set password in management api
* comment
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-06-03 13:28:24 +02:00
Fabi
3f345b1ade
feat: new es testing2 ( #1428 )
...
* fix: org tests
* fix: org tests
* fix: user grant test
* fix: user grant test
* fix: project and project role test
* fix: project grant test
* fix: project grant test
* fix: project member, grant member, app changed tests
* fix: application tests
* fix: application tests
* fix: add oidc app test
* fix: add oidc app test
* fix: add api keys test
* fix: iam policies
* fix: iam and org member tests
* fix: idp config tests
* fix: iam tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: user tests
* fix: org domain test
* fix: org tests
* fix: org tests
* fix: implement org idps
* fix: pr requests
* fix: email tests
* fix: fix idp check
* fix: fix user profile
2021-03-19 11:12:56 +01:00
Silvan
dabd5920dc
feat: protos refactoring
...
* start with user
* user first try done in all services
* user, org, idp for discussion
* remove unused stuff
* bla
* dockerbuild
* rename search, get multiple to list...
* add annotation
* update proto dependencies
* update proto dependencies
* change proto imports
* replace all old imports
* fix go out
* remove unused lines
* correct protoc flags
* grpc and openapi flags
* go out source path relative
* -p
* remove dead code
* sourcepath relative
* ls
* is onenapi the problem?
* hobla
* authoption output
* wrong field name
* gopf
* correct option, add correct flags
* small improvments
* SIMPLYFY
* relative path
* gopf bin ich en tubel
* correct path
* default policies in admin
* grpc generation in one file
* remove non ascii
* metadata on manipulations
* correct auth_option import
* fixes
* larry
* idp provider to idp
* fix generate
* admin and auth nearly done
* admin and auth nearly done
* gen
* healthz
* imports
* deleted too much imports
* fix org
* add import
* imports
* import
* naming
* auth_opt
* gopf
* management
* imports
* _TYPE_UNSPECIFIED
* improts
* auth opts
* management policies
* imports
* passwordlessType to MFAType
* auth_opt
* add user grant calls
* add missing messages
* result
* fix option
* improvements
* ids
* fix http
* imports
* fixes
* fields
* body
* add fields
* remove wrong member query
* fix request response
* fixes
* add copy files
* variable versions
* generate all files
* improvements
* add dependencies
* factors
* user session
* oidc information, iam
* remove unused file
* changes
* enums
* dockerfile
* fix build
* remove unused folder
* update readme for build
* move old server impl
* add event type to change
* some changes
* start admin
* remove wrong field
* admin only list calls missing
* fix proto numbers
* surprisingly it compiles
* service ts changes
* admin mgmt
* mgmt
* auth manipulation and gets done, lists missing
* validations and some field changes
* validations
* enum validations
* remove todo
* move proto files to proto/zitadel
* change proto path in dockerfile
* it compiles!
* add validate import
* remove duplicate import
* fix protos
* fix import
* tests
* cleanup
* remove unimplemented methods
* iam member multiple queries
* all auth and admin calls
* add initial password on crate human
* message names
* management user server
* machine done
* fix: todos (#1346 )
* fix: pub sub in new eventstore
* fix: todos
* fix: todos
* fix: todos
* fix: todos
* fix: todos
* fix tests
* fix: search method domain
* admin service, user import type typescript
* admin changes
* admin changes
* fix: search method domain
* more user grpc and begin org, fix configs
* fix: return object details
* org grpc
* remove creation date add details
* app
* fix: return object details
* fix: return object details
* mgmt service, project members
* app
* fix: convert policies
* project, members, granted projects, searches
* fix: convert usergrants
* fix: convert usergrants
* auth user detail, user detail, mfa, second factor, auth
* fix: convert usergrants
* mfa, memberships, password, owned proj detail
* fix: convert usergrants
* project grant
* missing details
* changes, userview
* idp table, keys
* org list and user table filter
* unify rest paths (#1381 )
* unify rest paths
* post for all searches,
mfa to multi_factor,
secondfactor to second_factor
* remove v1
* fix tests
* rename api client key to app key
* machine keys, age policy
* user list, machine keys, changes
* fix: org states
* add default flag to policy
* second factor to type
* idp id
* app type
* unify ListQuery, ListDetails, ObjectDetails field names
* user grants, apps, memberships
* fix type params
* metadata to detail, linke idps
* api create, membership, app detail, create
* idp, app, policy
* queries, multi -> auth factors and missing fields
* update converters
* provider to user, remove old mgmt refs
* temp remove authfactor dialog, build finish
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2021-03-09 10:30:11 +01:00
Livio Amstutz
8dcbbc87ca
fix: update config to commands (and queries) ( #1342 )
...
* fix: adaot config to commands (and queries)
* remove dependency on vv2 in v1
* add queries user to operator
* set password for queries on tests
* set password for queries on tests
* fix config
2021-02-24 11:17:39 +01:00
Fabi
d8e42744b4
fix: move v2 pkgs ( #1331 )
...
* fix: move eventstore pkgs
* fix: move eventstore pkgs
* fix: remove v2 view
* fix: remove v2 view
2021-02-23 15:13:04 +01:00
