Commit Graph

3052 Commits

Author SHA1 Message Date
Max Peintner
7e345444bf
docs: feature settings in console (#7899)
* docs: feature settings in console

* update default settings
2024-05-03 13:13:06 +00:00
Livio Spring
2648db694d
chore(stable): v2.46.7 (#7901) 2024-05-03 11:29:11 +00:00
Livio Spring
d177b82d2d
fix(login): check for error before automatic idp redirect (#7891)
* fix(login): check for error before automatic idp redirect

* hide next button on login page if username password is not enabled
2024-05-03 07:57:24 +00:00
Livio Spring
900894161f
fix(login): prevent init mail on idp registration (#7895) 2024-05-03 07:23:40 +00:00
Max Peintner
b72ecf69f3
fix(console): user descriptions (#7894)
* fix: user descriptions

* i18n
2024-05-03 08:36:02 +02:00
Livio Spring
482a46b198
fix: user registration through IdP (#7893)
* fix: user registration through idp

* fix more nil pointer issues
2024-05-02 13:21:03 +00:00
Fabi
83c5066ab9
docs: fix example for self hosting load balancing (#7890)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-05-02 10:15:35 +00:00
Livio Spring
43da9225be
fix: check password complexity policy and respect changeRequired on password change (#7884)
* fix: check password complexity policy on password change and respect require_change

* pass changeRequired where available and add tests

* fix requested changes

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-05-02 11:50:13 +02:00
Stefan Benz
8cc12e869a
fix: correct email headers (mime version and content-type) (#7886)
* fix: correct email mime version case for case-sensitive handlers

* remove trailing `;`

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-05-02 10:36:21 +02:00
Elio Bischof
6c0e7c402d
fix(setup): decode complex config strings (#7854)
* fix(setup): decode complex config strings

* decode complex types before string lists

* lint

* fix hasher env docs

* hasher defaults

* cleanup

* cleanup

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-05-01 12:17:27 +02:00
Livio Spring
9950cafafc
fix: improve information on unsupported hash algorithms (#7870)
* fix: improve information on unsupported hash algorithms

* Update de.yaml
2024-04-30 17:50:33 +00:00
Stefan Benz
87e4a0be20
chore: build and test on main for codecov (#7875) 2024-04-30 20:08:00 +03:00
Miguel Cabrerizo
1f54f5b8a4
fix: Unrecognized Authentication Type Error when SMTP LOGIN Auth method is required (#7761)
* fix: poc outlook.com now works login auth

* fix: remove port arg from smtpAuth

* fix: add outlook provider and custom email placeholder

* fix: minor typo in contributing docs

* fix: use zerrors package

* fix: typo for idp and smtp providers

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-30 07:31:07 +00:00
Fabi
2a421a7b8a
fix: translate missing event types (#7853)
* docs: translate missing event types

* fix: wrong example in api docs

* Update internal/static/i18n/cs.yaml

Co-authored-by: Livio Spring <livio.a@gmail.com>

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-29 13:33:15 +00:00
Miguel Cabrerizo
f5b3d9752a
fix: show settings button for users w/o iam perms (#7848)
Co-authored-by: Max Peintner <max@caos.ch>
2024-04-29 12:31:13 +00:00
Miguel Cabrerizo
82e38e31ea
fix(cnsl): Email Verified checkbox value was not updated (#7844)
fix: set standalone true to isVerified

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-29 13:58:07 +02:00
Elio Bischof
8c1a8f792a
fix(console): app details (#7827)
* cleanup app urls

* fix app details

* styles and specific urls

* lint

* explicit urls

* deterministic order

* lint

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-29 10:16:59 +00:00
Livio Spring
6ab06aa249
fix: improve secret generation for apple idp (#7843)
* fix: improve secret generation for apple idp

* remove accidental commit

* change exp time

* change exp time

* change exp time

* change exp time
2024-04-26 15:46:15 +00:00
Silvan
5811a7b6a5
refactor(v2): init eventstore package (#7806)
* refactor(v2): init database package

* refactor(v2): init eventstore package

* add mock package

* test query constructors

* option based push analog to query
2024-04-26 15:05:21 +00:00
Miguel Cabrerizo
2254434692
fix: remove email validation for SearchUsers v2beta/users (#7855)
fix: remove email validation + homogeneous requirements
2024-04-26 14:00:47 +00:00
Livio Spring
4f3564e4e9
fix: disable auth cache by default (#7845) 2024-04-26 09:30:35 +02:00
Dakshitha Ratnayake
251d855f5d
docs(integrate): Add google login video (#7836)
* Update google.mdx

* Update google.mdx
2024-04-26 09:37:37 +05:30
Silvan
5131328291
refactor(v2): init database package (#7802) 2024-04-25 06:45:34 +00:00
Miguel Cabrerizo
207b20ff0f
fix(console): orgs list is shown empty when org is removed (#7781)
fix:active orgs not shown when org is removed

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-25 05:02:20 +00:00
Livio Spring
d016379e2a
feat: pass and handle auth request context for email links (#7815)
* pass and handle auth request context

* tests and cleanup

* cleanup
2024-04-24 17:50:58 +02:00
Livio Spring
ac985e2dfb
fix(login): correctly reload policies on auth request (#7839) 2024-04-24 08:44:55 +00:00
Silvan
25030c69b9
perf: cache auth request in memory (#7824)
* perf: cache auth request in memory
2024-04-23 11:23:50 +00:00
Miguel Cabrerizo
9fa90e0757
fix: weird issue with service key expirationDate format (#7688)
* fix: weird issue with service key expirationDate format for localizedDate

* fix: replace YYYY with EEEE dd. MMM yyyy in other cases just in case

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-04-23 10:17:28 +00:00
Ari
e46dd121cd
feat: allow using a local RSA key for machine keys (#7671)
* Allow using a local RSA key for machine keys

* Add check for key validity

* Fix naming error

* docs: provide translations of invalid key

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-23 09:38:07 +00:00
Elio Bischof
df50c3835b
test(e2e): check for exactly one displayed event (#7831)
test(e2e): check for exactly once displayed event
2024-04-23 09:09:25 +00:00
Livio Spring
cc0c06f225
fix: exclude db connection error details (#7785)
* fix: exclude db connection error details

* remove potential recursive error
2024-04-23 08:35:25 +00:00
Elio Bischof
42bd636d21
test(e2e): fix events flakiness (#7829) 2024-04-23 09:20:11 +02:00
mffap
66d185d74d
docs(concepts): identity brokering (#7812)
* docs(concepts): identity brokering

* add comments from review
2024-04-22 13:59:11 +00:00
Stefan Benz
4520c6fc49
chore: codecov token secret for nested workflow (#7792)
fix: codecov token secret for nested workflow
2024-04-22 13:10:49 +00:00
Livio Spring
74624018c2
feat(actions): allow getting metadata of organizations from user grants (#7782)
* feat(actions): allow getting metadata of (other) organizations from user grants

* docs add action example
2024-04-22 11:34:23 +00:00
Livio Spring
9d754d84b3
chore: update stable to v2.45.6 (#7818) 2024-04-22 11:05:01 +00:00
Silvan
13b566e0d9
fix(query): reduce app query overhead (#7817)
* fix(query): reduce app query overhead
2024-04-22 11:30:56 +02:00
Florian Forster
cca4b715c0
chore: typo in api docs (#7803) 2024-04-19 11:46:05 +02:00
mffap
a63dceb9bc
chore: Update readme with new features and links (#7798)
Update readme with new features and links
2024-04-18 19:48:29 +00:00
Elio Bischof
4823e47977
docs: fix knative docs (#7752)
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-18 13:45:15 +00:00
Tim Möhlmann
029a6d393a
fix(crdb): obtain latest sequences when the tx is retried (#7795) 2024-04-18 13:07:05 +00:00
Silvan
d337668599
chore: init load tests (#7635)
* init load tests

* add machine pat

* setup app

* add introspect

* use xk6-modules repo

* logging

* add teardown

* add manipulate user

* add manipulate user

* remove logs

* convert tests to ts

* add readme

* zitadel

* review comments
2024-04-18 12:21:07 +03:00
Tim Möhlmann
dbb824a73f
chore(oidc): add refresh token error integration test (#7766)
We are trying to reproduce a few 500 responses we observe on zitadel cloud's token endpoint.
As in the past these were caused by wrongly encoded or encrypted refresh tokens, I created a integration test which tries to reproduce 500 errors by sending invalid refresh tokens.

The added test does not reproduce 500s, all returned errors are in the 400 range as they should. However, as the test is already written, we might as well include them.

Related to #7765

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-17 08:38:03 +00:00
Tim Möhlmann
9ccbbe05bc
fix(oidc): roles in userinfo for client credentials token (#7763)
* fix(oidc): roles in userinfo for client credentials token

When tokens were obtained using the client credentials grant,
with audience and role scopes, userinfo would not return the role claims. This had multiple causes:

1. There is no auth request flow, so for legacy userinfo project data was never attached to the token
2. For optimized userinfo, there is no client ID that maps to an application. The client ID for client credentials is the machine user's name. There we can't obtain a project ID. When the project ID remained empty, we always ignored the roleAudience.

This PR fixes situation 2, by always taking the roleAudience into account, even when the projectID is empty. The code responsible for the bug is also refactored to be more readable and understandable, including additional godoc.

The fix only applies to the optimized userinfo code introduced in #7706 and released in v2.50 (currently in RC). Therefore it can't be back-ported to earlier versions.

Fixes #6662

* chore(deps): update all go deps (#7764)

This change updates all go modules, including oidc, a major version of go-jose and the go 1.22 release.

* Revert "chore(deps): update all go deps" (#7772)

Revert "chore(deps): update all go deps (#7764)"

This reverts commit 6893e7d060.

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-16 13:02:38 +00:00
Silvan
9bcfa12be2
fix(middleware): init translation messages (#7778)
* fix(middleware): init translation messages

* revert change

* refactor: split loop in separate function

* add imports to ensure init of fs
2024-04-16 12:08:18 +00:00
Silvan
386addc718
chore: remove bloating span (#7780)
* fix(query): query event editors only once per call

* remove span
2024-04-16 11:19:17 +00:00
Silvan
f412687427
fix(query): query event editors only once per call (#7776)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-16 10:42:31 +00:00
Tim Möhlmann
be00e3861a
fix(oidc): make device auth audience and scope nullable (#7777)
This fixes the projection of events that have a null audience or scope.
As audience was added in v2.50, legacy events do not have an audience, this made replay of the old events not possible after an upgrade.
2024-04-16 10:34:38 +02:00
mffap
48d7307d0e
docs(features): external user grant (#7771)
* docs(features): external user grant

* cross link

* add image

* fix link to blog

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
2024-04-15 12:13:05 +00:00
dependabot[bot]
6f16561f4d
chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.1 (#7767)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.1...v1.0.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:36:23 +00:00