Elio Bischof
6d812137b7
fix: discover instance by original host
...
Merge pull request from GHSA-2wmj-46rj-qm2w
* fix: find instance by original domain
* return instance not found on invalid origin
* test: ensure correct host validation
* test: instance not found is translated
(cherry picked from commit 11d7a8ce61
)
2023-11-29 11:59:28 +01:00
Livio Spring
31df28380c
Merge branch 'main' into next
...
# Conflicts:
# internal/command/session.go
# internal/command/session_webauhtn.go
2023-11-29 10:25:10 +01:00
Stefan Benz
ef11609142
fix: add https status to activity log ( #6978 )
...
* fix: add https status to activity log
* create prerelease
* create RC
* pass info from gateway to grpc server
* fix: update releaserc to create RC version
* cleanup
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-28 16:56:29 +01:00
Elio Bischof
a2fa396ec0
fix(postgres <=15): delete unique constraints ( #6971 )
...
fix(postgres): delete unique constraints
(cherry picked from commit 8982e1aae3
)
2023-11-28 08:50:47 +01:00
Tim Möhlmann
24b05dc88c
fix(authz): add logging to access token verification errors ( #6976 )
...
* fix(authz): add logging to access token verification errors
Related to #6949
* use logging fields
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-27 15:35:08 +00:00
Tim Möhlmann
115d944d38
chore: add database questions to bug report template ( #6975 )
...
* chore: add database questions to bug report template
Sometimes we get bug reports that are only reproducible when zitadel is running against a certain database.
This change adds database related questions to the issue template, as it is something people don't tend to describe in the detail fields.
* fix syntax error
2023-11-27 08:23:49 +01:00
Elio Bischof
60688757fa
test(postgres): always test against latest release ( #6972 )
...
* test(postgres): always test against latest
* Update CONTRIBUTING.md
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update internal/integration/config/docker-compose.yaml
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-24 13:56:58 +00:00
Silvan
2ca88956b4
docs: add tracing.endpoint
to defaults.yaml ( #6824 )
...
* docs: add `tracing.endpoint` to defaults.yaml
* docs: describe tracing types in defaults.yaml
2023-11-24 13:38:52 +01:00
Elio Bischof
8982e1aae3
fix(postgres <=15): delete unique constraints ( #6971 )
...
fix(postgres): delete unique constraints
2023-11-24 07:23:23 +01:00
Tim Möhlmann
72bc3ffe14
fix(oidc): add missing fields to introspection ( #6967 )
...
during QA I found some user info and org ID was missing.
This change adds those missing fields.
2023-11-23 16:17:50 +02:00
Livio Spring
1ef186e338
docs: update session termination documentation ( #6966 )
2023-11-23 11:10:14 +00:00
mffap
8c20548db7
chore: update bug template ( #6924 )
...
Provide link to the product management in the issue's markdown instead of description. This allows people to actually follow the link when creating an issue.
2023-11-23 10:09:40 +00:00
Silvan
f9859b0480
fix(eventstore): correct handling of wrong unique fields ( #6961 )
...
(cherry picked from commit 9ed956383f
)
2023-11-23 06:16:16 +01:00
Silvan
9ed956383f
fix(eventstore): correct handling of wrong unique fields ( #6961 )
2023-11-23 06:15:40 +01:00
jacob-buckaroo
1fac15e186
feat(i18n): Dutch language support ( #6952 )
...
* feat(i18n): Dutch language support
* Fixed formatting issues
* add missing error lines
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-22 14:35:21 +00:00
Laurent Egbakou
39c26ffa7b
fix(i18n): replaced wrong i18n key in fr,it,ja,mk,pl,pt and zh json files (console) ( #6937 )
...
* fix(i18n): replaced the wrong key for Verified domains (fr)
* fix(i18n): replaced the wrong key for Verified domains (it)
* fix(i18n): replaced the wrong key for Verified domains (ja)
* fix(i18n): replaced the wrong key for Verified domains (mk)
* fix(i18n): replaced the wrong key for Verified domains (pl)
* fix(i18n): replaced the wrong key for Verified domains (pt)
* fix(i18n): replaced the wrong key for Verified domains (zh)
2023-11-22 13:16:32 +00:00
Livio Spring
3a0f7ef193
fix: ensure uniqueness ( #6956 )
...
* fix: ensure uniqueness
* only update wrong ones
* Update cmd/setup/16.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
(cherry picked from commit b563041103
)
2023-11-22 13:07:52 +01:00
Livio Spring
b563041103
fix: ensure uniqueness ( #6956 )
...
* fix: ensure uniqueness
* only update wrong ones
* Update cmd/setup/16.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 12:05:14 +00:00
Tim Möhlmann
2f91679623
chore(Makefile): add go generate target ( #6944 )
...
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.
`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.
The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 10:56:43 +00:00
Tim Möhlmann
2de7ce99c5
chore(docs): improve on password hashing ( #6951 )
2023-11-22 10:29:06 +00:00
Stefan Benz
5fcb5568d7
fix: correct method and path for session api activity ( #6880 )
...
* fix: correct method and path for session api activity
* fix: correct method and path for session api activity
* fix: correct function name for activity trigger
2023-11-22 12:12:23 +02:00
Elio Bischof
76fe032b5f
feat: option to disallow public org registration ( #6917 )
...
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* lint
2023-11-22 09:29:38 +00:00
Max Peintner
5fa596a871
fix(console): onboarding actions with external links ( #6822 )
...
* fix: attr for external links
* template outlet
2023-11-22 09:14:37 +00:00
Max Peintner
d4b18a3eda
fix(console): dependencies ( #6943 )
...
* chore(deps-dev): bump @types/file-saver from 2.0.5 to 2.0.7 in /console (#6878 )
Bumps [@types/file-saver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/file-saver ) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/file-saver )
---
updated-dependencies:
- dependency-name: "@types/file-saver"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump axios from 1.4.0 to 1.6.1 in /console (#6902 )
Bumps [axios](https://github.com/axios/axios ) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.4.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jsonwebtoken from 9.0.2 to 9.0.5 in /console (#6877 )
chore(deps-dev): bump @types/jsonwebtoken in /console
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken ) from 9.0.2 to 9.0.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken )
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump libphonenumber-js from 1.10.30 to 1.10.49 in /console (#6845 )
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js ) from 1.10.30 to 1.10.49.
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.30...v1.10.49 )
---
updated-dependencies:
- dependency-name: libphonenumber-js
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump typescript from 4.9.5 to 5.1.6 in /console (#6650 )
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 4.9.5 to 5.1.6.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.5...v5.1.6 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump google-proto-files from 3.0.3 to 4.0.0 in /console (#6653 )
Bumps [google-proto-files](https://github.com/googleapis/nodejs-proto-files ) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/googleapis/nodejs-proto-files/releases )
- [Changelog](https://github.com/googleapis/nodejs-proto-files/blob/main/CHANGELOG.md )
- [Commits](https://github.com/googleapis/nodejs-proto-files/compare/v3.0.3...v4.0.0 )
---
updated-dependencies:
- dependency-name: google-proto-files
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump tslib from 2.5.0 to 2.6.2 in /console (#6649 )
Bumps [tslib](https://github.com/Microsoft/tslib ) from 2.5.0 to 2.6.2.
- [Release notes](https://github.com/Microsoft/tslib/releases )
- [Commits](https://github.com/Microsoft/tslib/compare/2.5.0...v2.6.2 )
---
updated-dependencies:
- dependency-name: tslib
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @ngx-translate/core from 14.0.0 to 15.0.0 in /console (#6646 )
Bumps [@ngx-translate/core](https://github.com/ngx-translate/core ) from 14.0.0 to 15.0.0.
- [Release notes](https://github.com/ngx-translate/core/releases )
- [Commits](https://github.com/ngx-translate/core/compare/v14.0.0...v15.0.0 )
---
updated-dependencies:
- dependency-name: "@ngx-translate/core"
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @babel/traverse from 7.21.5 to 7.23.2 in /console (#6742 )
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse ) from 7.21.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse )
---
updated-dependencies:
- dependency-name: "@babel/traverse"
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* lock
* ts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-21 23:41:53 +00:00
Tim Möhlmann
ba9b807854
perf(oidc): optimize the introspection endpoint ( #6909 )
...
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127
.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-11-21 13:11:38 +01:00
Livio Spring
7786b09444
fix: handle project deactivate and remove correctly on tokens ( #6947 )
...
(cherry picked from commit ad3563d58b
)
2023-11-21 10:07:04 +01:00
Livio Spring
ad3563d58b
fix: handle project deactivate and remove correctly on tokens ( #6947 )
2023-11-21 10:05:22 +01:00
Livio Spring
492b7d8676
docs(security.md): update link to disclosure policy ( #6948 )
2023-11-21 09:15:51 +01:00
Stefan Benz
0ec7a74877
perf: remove owner removed columns from projections for oidc ( #6925 )
...
* fix: remove owner removed columns from login names projection
* fix: remove owner removed columns from flow projection
* fix: remove owner removed columns from project, projectgrant and member projections
* fix: correct unit tests for session projection
* fix: correct unit tests for session projection
2023-11-20 17:21:08 +02:00
Arslan Gait
3bed5f50a8
docs: correct spelling in claims.md ( #6935 )
...
Update claims.md
Fixed typo in word 'and'
2023-11-20 12:38:06 +00:00
mffap
bd5506494a
docs(legal): update legal framework and policies (November 2023) ( #6611 )
...
* move policies
* service description editorial
* service description move
* add subprocessors
* resort policies and service descriptions
* subprocessor
* subprocessors wip
* wip
* subprocessors
* subprocessors introduction
* billing wip
* service level headings
* billing wip
* gdpr region clarification
* fix some styling
* support service wip
* wip
* service-description
* fair use, broken links
* services offered
* rework enterprise benefits
* support plans
* remove language, add support issue
* combine onboarding support
* wip
* use of brand and trademarks
* sidebar
* DASU
* Combine ToS for support services
* Apply suggestions from code review
Co-authored-by: Fabi <fabienne@zitadel.com>
* changes from review
* update updatedAt
* dpa and pp updates WIP
* broken links
* tom
* remote entity
* title annex enterprise agreement
* typo
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@zitadel.com>
* update last update dates
* replace quota with amount
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
2023-11-16 09:26:25 +00:00
Livio Spring
2e8c3b5a53
feat: allow session deletion without session token ( #6889 )
...
* fix: add resource owner of user and change the one of session to instance
* use user resource owner from session projection
* fix session permission check
* integration tests and fixes
* update api docs
2023-11-16 07:35:50 +01:00
Silvan
0948a0b9ae
ci: set runner group on parallel jobs ( #6916 )
2023-11-14 10:48:41 +00:00
Livio Spring
3001d03bca
fix: allow webauthn checks for users of other orgs ( #6915 )
...
(cherry picked from commit 3bc9a60986
)
2023-11-14 10:47:42 +01:00
Livio Spring
5af3298414
fix: set samesite mode for CSRF cookie based on security policy ( #6914 )
...
(cherry picked from commit 1344760369
)
2023-11-14 10:47:39 +01:00
Livio Spring
18788b6045
fix: improve login_hint usage on IDPs ( #6899 )
...
* only set prompt if no login_hint is set
* update to current state and cleanup
(cherry picked from commit 0386fe7f96
)
2023-11-14 10:47:27 +01:00
Livio Spring
3bc9a60986
fix: allow webauthn checks for users of other orgs ( #6915 )
2023-11-14 09:42:39 +00:00
Livio Spring
1344760369
fix: set samesite mode for CSRF cookie based on security policy ( #6914 )
2023-11-14 10:01:59 +01:00
Miguel Cabrerizo
bd63fcd15d
feat(console): add SAML certificate link and endpoints ( #6841 )
...
* feat(console): add SAML certificate link and endpoints
* fix: add missing translations for cs and ru
* fix: add @eliobischof review suggestions
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-13 17:49:55 +00:00
Tim Möhlmann
081a0b4cb7
chore(deps): upgrade all go modules ( #6895 )
...
* chore(deps): upgrade all go modules
This change upgrades all go.mod dependecies. As well as Makefile tools.
There where some imports that still used the old and deprecated
`github.com/golang/protobuf/ptypes` package.
These have been moved to the equivelant
`google.golang.org/protobuf/types/known` package.
The `internal/proto` package is removed as was only used once.
With a simple refactor in the Validator it became completely obsolete.
* fix validate unit test
* cleanup merge
* update otel
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-13 10:41:29 +00:00
Livio Spring
0386fe7f96
fix: improve login_hint usage on IDPs ( #6899 )
...
* only set prompt if no login_hint is set
* update to current state and cleanup
2023-11-13 09:25:26 +01:00
Tim Möhlmann
42a2c0093d
fix: use x-zitadel-forwarded header ( #6900 )
...
fix: use x-zitadel-forward header
2023-11-10 15:02:53 +00:00
Livio Spring
af24208b38
Merge branch 'main' into next
2023-11-10 11:09:25 +01:00
Ahmed Fwela
3f22fb3a5c
feat(user/v1): support composite queries ( #6361 )
...
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
2023-11-09 11:38:34 +01:00
Elio Bischof
e0a5f8661d
feat: improve UX for external configuration ( #6861 )
...
* docs: simplify traefik external tls
* remove pass host header
* docs: simplify and fix nginx external tls
* fix: readiness with enabled tls
* improve proxy docs
* improve proxy docs
* fix(ready): don't verify server cert
* complete nginx docs
* cleanup
* complete traefik docs
* add caddy docs
* simplify traefik
* standardize
* fix caddy
* add httpd docs
* improve external config docs
* guiding error message
* docs(defaults.yaml): remove misleading comments
* guiding error message cs and ru
* improve proxy testability
* fix compose up command
* improve commands
* fix nginx tls disabled
* fix nginx tls enabled
* fix: serve gateway when tls is enabled
* fmt caddy files
* fix caddy enabled tls
* remove not-working commands
* review
* fix checks
* fix link
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-09 11:30:15 +01:00
Livio Spring
393f711ca7
fix: handle locking policy correctly for multiple simultaneous password checks
...
Merge pull request from GHSA-7h8m-vrxx-vr4m
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
(cherry picked from commit 22e2d55999
)
2023-11-08 14:21:09 +01:00
Livio Spring
22e2d55999
Merge pull request from GHSA-7h8m-vrxx-vr4m
...
* fix: handle locking policy correctly for multiple simultaneous password checks
* recheck events
2023-11-08 14:19:13 +01:00
sp132
9a708b1b78
feat: extend session search service ( #6746 )
...
* feat: extend session search service (#6029 )
add two more searching criteria - human user id and session creation date
optional sorting by the session creation date
* fix: use correct column identifier
* fix: implement Col()
* chore: fix unit tests
* chore: fix linter warnings
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 11:32:13 +01:00
Mark A. Hershberger
0d3788b757
docs: Update managers.mdx ( #6873 )
...
Update managers.mdx
typo
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 09:07:11 +00:00
Alexei
9ccdfdc196
feat: Add translations for Russian ( #6864 )
...
* wip
* add Russian (autotranslate)
TODO: review translations
* fix console linting
* add russian language to login translations
* docs
* missing console translations
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-08 07:38:55 +00:00