Commit Graph

3056 Commits

Author SHA1 Message Date
Silvan
f412687427
fix(query): query event editors only once per call (#7776)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-16 10:42:31 +00:00
Tim Möhlmann
be00e3861a
fix(oidc): make device auth audience and scope nullable (#7777)
This fixes the projection of events that have a null audience or scope.
As audience was added in v2.50, legacy events do not have an audience, this made replay of the old events not possible after an upgrade.
2024-04-16 10:34:38 +02:00
mffap
48d7307d0e
docs(features): external user grant (#7771)
* docs(features): external user grant

* cross link

* add image

* fix link to blog

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
2024-04-15 12:13:05 +00:00
dependabot[bot]
6f16561f4d
chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.1 (#7767)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.1...v1.0.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:36:23 +00:00
dependabot[bot]
6a1ec149d3
chore(deps): bump actions/github-script from 6 to 7 (#7768)
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:13:19 +00:00
dependabot[bot]
e613ad6453
chore(deps): bump codecov/codecov-action from 4.1.0 to 4.3.0 (#7747)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.0...v4.3.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 09:50:47 +00:00
Tim Möhlmann
fe9bb49caa
chore(deps): update all go deps (#7773)
This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.
2024-04-15 09:17:36 +00:00
Livio Spring
6e5e8d06b4
chore(stable): update to 2.44.7 (#7770) 2024-04-15 09:56:22 +02:00
Elio Bischof
5b34aabbdd
fix(setup): decode role mappings (#7760) 2024-04-14 12:55:54 +03:00
Max Peintner
9865425a0c
docs: update state of typescript repository (#7754)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-11 09:02:31 +00:00
Elio Bischof
2de66dcf95
fix(console): keep default idps active (#7663)
* fix(console): keep default idps active

* rename var

* rename var

* use Promise.all()

* lint

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-11 08:29:25 +00:00
Miguel Cabrerizo
d229da6af7
feat: SMTP Templates (#6932)
* feat: smtp templates poc

* feat: add isActive & ProviderType to SMTP backend

* feat: change providertype to uint32 and fix tests

* feat: minimal smtp provider component

* feat: woking on diiferent providers

* feat: keep working on providers

* feat: initial stepper for new provider

* fix: settings list and working on stepper

* feat: step 1 and 2 form inputs

* feat: starter for smtp test step

* fix: misspelled SMPT

* fix: remove tests for now

* feat: add tls toggle remove old google provider

* feat: working on add smtp and table

* fix: duplicated identifiers

* fix: settings list

* fix: add missing smtp config properties

* fix: add configID to smtp config table

* fix: working on listproviders

* feat: working in listSMTPConfigs

* fix: add count to listsmtpconfigs

* fix: getting empty results from listSMTPConfigs

* feat: table now shows real data

* fix: remaining styles for smtp-table

* fix: remove old notification-smtp-provider-component

* feat: delete smtp configuration

* feat: deactivate smtp config

* feat: replace isActive with state for smtp config

* feat: activate smtp config

* fix: remaining errors after main merge

* fix: list smtp providers panic and material mdc

* feat: refactor to only one provider component

* feat: current provider details view

* fix: refactor AddSMTPConfig and ChangeSMTPConfig

* fix: smtp config reduce issue

* fix: recover domain in NewIAMSMTPConfigWriteModel

* fix: add code needed by SetUpInstance

* fix: go tests and warn about passing context to InstanceAggregateFromWriteModel

* fix: i18n and add missing trans for fr, it, zh

* fix: add e2e tests

* docs: add smtp templates

* fix: remove provider_type, add description

* fix: remaining error from merge main

* fix: add @stebenz change for primary key

* fix: inactive placed after removed to prevent deleted configs to show as inactive

* fix: smtp provider id can be empty (migrated)

* feat: add mailchimp transactional template

* feat: add Brevo (Sendinblue) template

* feat: change brevo logo, add color to tls icon

* fix: queries use resourceowner, id must not be empty

* fix: deal with old smtp settings and tests

* fix: resourceOwner is the instanceID

* fix: remove aggregate_id, rename SMTPConfigByAggregateID with SMTPConfigActive

* fix: add tests for multiple configs with different IDs

* fix: conflict

* fix: remove notification-smtp-provider

* fix: add @peintnermax suggestions, rename module and fix e2e tests

* fix: remove material legacy modules

* fix: remove ctx as parameter for  InstanceAggregateFromWriteModel

* fix: add Id to SMTPConfigToPb

* fix:  change InstanceAggregateFromWriteModel to avoid linter errors

* fix import

* rm unused package-lock

* update yarn lock

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-11 09:16:10 +02:00
Max Peintner
e2f0cd034a
fix: overflow of aggregates filter in console, add missing aggregates translations, update yarn lock (#7712)
* fix: overflow of aggregates filter, missing aggregates translations

* rm duplicate line

* missing i18n

* reset account card
2024-04-10 17:07:59 +00:00
Max Peintner
2061d1acdc
feat(console): feature settings (#7713)
* feature settings

* feature component, i18n

* i18n, save settings

* i18n

* reset button, state if system inherited, i18n

* iam.restrictions.read

* refetch feature after reset

* use toggles instead of checkboxes

* i18n

* rm logs

* fix i18n

* show unspecified as inherited

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-10 16:30:58 +00:00
Livio Spring
dcfa2f7955
feat(idp): provide option to auto link user (#7734)
* init auto linking

* prompt handling

* working

* translations

* console

* fixes

* unify

* custom texts

* fix tests

* linting

* fix check of existing user

* fix bg translation

* set unspecified as default in the form
2024-04-10 15:46:30 +00:00
Tim Möhlmann
b3e3239d76
chore(oidc): add additional spans to userinfo code paths (#7749) 2024-04-10 17:05:13 +02:00
Elio Bischof
0267415126
chore: avoid latest on maintenance releases (#7702)
* chore: avoid latest on maintenance releases

* update semantic

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-10 11:56:05 +00:00
Livio Spring
3711130d42
fix(idp): use persistent nameid-format in saml request (#7745) 2024-04-10 10:05:07 +00:00
Livio Spring
a282ac09a1
feat: provide option to limit (T)OTP checks (#7693)
* feat: provide option to limit (T)OTP checks

* fix requests in console

* update errors pkg

* cleanup

* cleanup

* improve naming of existing config
2024-04-10 09:15:25 +00:00
Livio Spring
153df2e12f
feat: provide option to limit (T)OTP checks (#7693)
* feat: provide option to limit (T)OTP checks

* fix requests in console

* update errors pkg

* cleanup

* cleanup

* improve naming of existing config
2024-04-10 09:14:55 +00:00
Livio Spring
e3f10f7e23
fix: correctly check user by loginname (#7740) 2024-04-10 07:18:57 +00:00
Livio Spring
2566f33aa2
docs(actions): describe user grant list (#7687) 2024-04-10 09:02:13 +02:00
Elio Bischof
e8601de8e6
fix: check idp existence by org id (#7667)
* fix: search idp by org

* fix unit test

* remove unused method

* test(e2e): await input enabled

* test: policy with org idp
2024-04-09 19:32:00 +00:00
Stefan Benz
6dcdef0268
fix: add action v2 execution to features (#7597)
* fix: add action v2 execution to features

* fix: add action v2 execution to features

* fix: add action v2 execution to features

* fix: update internal/command/instance_features_model.go

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* fix: merge back main

* fix: merge back main

* fix: rename feature and service

* fix: rename feature and service

* fix: review changes

* fix: review changes

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-04-09 20:21:21 +03:00
Tim Möhlmann
6a51c4b0f5
feat(oidc): optimize the userinfo endpoint (#7706)
* feat(oidc): optimize the userinfo endpoint

* store project ID in the access token

* query for projectID if not in token

* add scope based tests

* Revert "store project ID in the access token"

This reverts commit 5f0262f239.

* query project role assertion

* use project role assertion setting to return roles

* workaround eventual consistency and handle PAT

* do not append empty project id
2024-04-09 15:15:35 +02:00
Tim Möhlmann
c8e0b30e17
fix(oidc): return bad request for base64 errors (#7730)
* fix(oidc): return bad request for base64 errors

We've recently noticed an increased amount of 500: internal server error status returns on zitadel cloud.
The source of these errors appear to be erroneous input in fields that are supposed to be bas64 formatted.

```
time=2024-04-08T14:05:47.600Z level=ERROR msg="request error" oidc_error.parent="ID=OIDC-AhX2u Message=Errors.Internal Parent=(illegal base64 data at input byte 8)" oidc_error.description=Errors.Internal oidc_error.type=server_error status_code=500
```

Within the possible code paths of the token endpoint there are a couple of uses of base64.Encoding.DecodeString of which a returned error was not properly wrapped, but returned as-is.
This causes the oidc error handler to return a 500 with the `OIDC-AhX2u` ID.
We were not able to pinpoint the exact errors that are happening to any one call of `DecodeString`.

This fix wraps all errors from `DecodeString` so that proper 400: bad request is returned with information about the error. Each wrapper now has an unique error ID, so that logs will contain the source of the error as well.

This bug was reported internally by the ops team.

* catch op.ErrInvalidRefreshToken
2024-04-09 08:42:59 +02:00
thariton
3bbf38acc5
docs: postgres healthcheck failing (#7692) 2024-04-08 14:08:06 +00:00
wanshuangcheng
a096b7e5d4
chore: fix function names in comment (#7723)
Signed-off-by: wanshuangcheng <wanshuangcheng@outlook.com>
2024-04-08 08:15:44 +00:00
mffap
b0e515243d
docs(legal): add responsibilities in service description (#7711) 2024-04-05 11:23:21 +00:00
Elio Bischof
f5608246d0
fix(console): enable metadata by url (#7704)
Co-authored-by: Max Peintner <max@caos.ch>
2024-04-05 10:11:29 +00:00
Tim Möhlmann
2089992d75
feat(crypto): use passwap for machine and app secrets (#7657)
* feat(crypto): use passwap for machine and app secrets

* fix command package tests

* add hash generator command test

* naming convention, fix query tests

* rename PasswordHasher and cleanup start commands

* add reducer tests

* fix intergration tests, cleanup old config

* add app secret unit tests

* solve setup panics

* fix push of updated events

* add missing event translations

* update documentation

* solve linter errors

* remove nolint:SA1019 as it doesn't seem to help anyway

* add nolint to deprecated filter usage

* update users migration version

* remove unused ClientSecret from APIConfigChangedEvent

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-05 09:35:49 +00:00
Livio Spring
5931fb8f28
chore: update stable to 2.43.11 (#7705) 2024-04-04 18:06:36 +00:00
Livio Spring
29ad51b0e3
fix(oidc): correctly return new refresh token on refresh token grant (#7707)
* fix(oidc): correctly return new refresh token on refresh token grant

* fix import
2024-04-04 15:58:40 +00:00
Vignesh Sankar Iyer
a988b9cc05
fix: Update url to redirect to name change url (#7683)
* update url to redirect to name change url

* Update register_option.html

* Update register_option.html

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-04 06:16:58 +00:00
Tim Möhlmann
9b3f3e4cd9
fix(idp): do not call userinfo when mapping from ID token is configured (#7696)
* fix(idp): do not call userinfo when mapping from ID token is configured

This change prevents the call of the Userinfo endpoint of a OIDC IDP if the IDP is configured to use the ID token for user information instead.
A unit test has been added to confirm the corrected behavior.

Closes #7373

* video for e2e

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-04 05:41:44 +00:00
Livio Spring
f862e43ede
chore(workflow): run e2e on non standard runners (#7698)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 22:15:00 +00:00
Alex Rimlin
fa9635eb93
docs(guides/integrate/service-users/private-key-jwt): (#7677)
* docs(guides/integrate/service-users/private-key-jwt): adjust incomplete, outdated and incorrect parts of the python example.

* wrong variable name for kid in the header

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-03 15:51:13 +00:00
Tim Möhlmann
25ef3da9d5
refactor(fmt): run gci on complete project (#7557)
chore(fmt): run gci on complete project

Fix global import formatting in go code by running the `gci` command. This allows us to just use the command directly, instead of fixing the import order manually for the linter, on each PR.

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 10:43:43 +00:00
Tim Möhlmann
093dd57a78
fix(db): wrap BeginTx in spans to get acquire metrics (#7689)
feat(db): wrap BeginTx in spans to get acquire metrics

This changes adds a span around most db.BeginTx calls so we can get tracings about the connection pool acquire process.
This might help us pinpoint why sometimes some query package traces show longer execution times, while this was not reflected on database side execution times.

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-04-03 11:48:24 +03:00
mffap
e4e8361f66
docs: redirect identity providers introduction (#7695) 2024-04-03 07:02:01 +00:00
Tim Möhlmann
5b3946b67e
feat(oidc): allow additional audience based on scope in device auth (#7685)
feat(oidc): allow additional audience based on scope
2024-04-03 09:06:21 +03:00
Tijl
2d25244c77
fix: docs: keycloak user migration api error (#7626)
fix user importing api error

Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 18:40:54 +00:00
Elio Bischof
6ca35009be
fix(console): show callback urls on update idp (#7668)
* fix(console): show callback urls on update idp

* styles

* lint

* center links
2024-03-28 16:22:08 +00:00
Tim Möhlmann
3ca80d637d
docs(oidc): token exchange beta feature info (#7670)
* docs(oidc): token exchange beta feature info

This change adds an info box to the token exchange documentation, informing the reader of the beta state of the feature and how to enable it.

* Update docs/docs/apis/openidoauth/endpoints.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/token-exchange.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-28 13:02:54 +00:00
Silvan
bed0f6293b
fix: check error before using token (#7664) 2024-03-28 12:19:03 +00:00
Vignesh Sankar Iyer
dcb1c7fa75
fix: Incorrect button positioning on email verification (#7579)
change mail verification page styling

Co-authored-by: Max Peintner <max@caos.ch>
2024-03-28 09:52:29 +00:00
Max Peintner
20fb032743
docs: typescript login (#7621)
* typescript docs

* docs

* self service part

* deploy part

* headers

* update description

* illustration description

* endpoints

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* rm scope

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* screenshot deploy to vercel

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 08:19:36 +00:00
Livio Spring
4c945f8bdc
chore(workflow): stop previous GH action pipeline on new changes and move back to public runners (#7659)
* chore(workflow): stop previous GH action pipeline on new changes

* skip previous code ql actions

* try running e2e on gh runner again
2024-03-28 07:15:03 +00:00
Stefan Benz
217703395e
feat: add user v2 pw change required information on query (#7603)
* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: review changes

* fix: review changes

* fix: review changes

* fix: review changes

* fix: add password change required to user v2 get and list

* fix: update unit tests for query side with new column and projection

* fix: change projection in setup steps

* fix: change projection in setup steps

* fix: remove setup step 25

* fix: add password_change_required into ListUsers response

* fix: correct SetUserPassword parameters

* fix: rollback to change setup instead of projection directly

* fix: rollback to change setup instead of projection directly

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 06:21:21 +00:00
Elio Bischof
d26391a642
feat(console): guide users when configuring IDPs (#7572)
* feat(console): show external idp remote config

* reuse copy-row

* finish google and saml sp

* finish apps

* add next steps modal

* rollout

* activate

* fix saml urls

* fix saml provider

* complete providers

* translate

* update google docs

* update entra id oidc docs

* update entra id saml docs

* update github docs

* update gitlab docs

* update apple docs

* update okta oidc docs

* update okta saml docs

* update keycloak docs

* update mocksaml

* cleanup

* lint

* lint

* fix overriden classes

* encapsulate styles

* fix icon classes

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-03-27 20:10:31 +00:00