Livio Spring 
							
						 
					 
					
						
						
							
						
						3d071fc505 
					 
					
						
						
							
							feat: trusted (instance) domains ( #8369 )  
						
						... 
						
						
						
						# Which Problems Are Solved
ZITADEL currently selects the instance context based on a HTTP header
(see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845  and
checks it against the list of instance domains. Let's call it instance
or API domain.
For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in
emails, ...) the requested domain (instance domain) will be used. Let's
call it the public domain.
In cases of proxied setups, all exposed domains (public domains) require
the domain to be managed as instance domain.
This can either be done using the "ExternalDomain" in the runtime config
or via system API, which requires a validation through CustomerPortal on
zitadel.cloud.
# How the Problems Are Solved
- Two new headers / header list are added:
- `InstanceHostHeaders`: an ordered list (first sent wins), which will
be used to match the instance.
(For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader`
and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked
afterwards as well)
- `PublicHostHeaders`: an ordered list (first sent wins), which will be
used as public host / domain. This will be checked against a list of
trusted domains on the instance.
- The middleware intercepts all requests to the API and passes a
`DomainCtx` object with the hosts and protocol into the context
(previously only a computed `origin` was passed)
- HTTP / GRPC server do not longer try to match the headers to instances
themself, but use the passed `http.DomainContext` in their interceptors.
- The `RequestedHost` and `RequestedDomain` from authz.Instance are
removed in favor of the `http.DomainContext`
- When authenticating to or signing out from Console UI, the current
`http.DomainContext(ctx).Origin` (already checked by instance
interceptor for validity) is used to compute and dynamically add a
`redirect_uri` and `post_logout_redirect_uri`.
- Gateway passes all configured host headers (previously only did
`x-zitadel-*`)
- Admin API allows to manage trusted domain
# Additional Changes
None
# Additional Context
- part of #8279  
- open topics: 
  - "single-instance" mode
  - Console UI 
						
						
					 
					
						2024-07-31 18:00:38 +03:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						cc0c06f225 
					 
					
						
						
							
							fix: exclude db connection error details ( #7785 )  
						
						... 
						
						
						
						* fix: exclude db connection error details
* remove potential recursive error 
						
						
					 
					
						2024-04-23 08:35:25 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						841e79357a 
					 
					
						
						
							
							fix: detect mime type of uploaded asset ( #7648 )  
						
						
						
						
					 
					
						2024-03-27 10:41:10 +01:00 
						 
				 
			
				
					
						
							
							
								Elio Bischof 
							
						 
					 
					
						
						
							
						
						ed0bc39ea4 
					 
					
						
						
							
							feat: block instances ( #7129 )  
						
						... 
						
						
						
						* docs: fix init description typos
* feat: block instances using limits
* translate
* unit tests
* fix translations
* redirect /ui/login
* fix http interceptor
* cleanup
* fix http interceptor
* fix: delete cookies on gateway 200
* add integration tests
* add command test
* docs
* fix integration tests
* add bulk api and integration test
* optimize bulk set limits
* unit test bulk limits
* fix broken link
* fix assets middleware
* fix broken link
* validate instance id format
* Update internal/eventstore/search_query.go
Co-authored-by: Livio Spring <livio.a@gmail.com >
* remove support for owner bulk limit commands
* project limits to instances
* migrate instances projection
* Revert "migrate instances projection"
This reverts commit 214218732alivio.a@gmail.com >
* remove owner
* remove owner from reset
---------
Co-authored-by: Livio Spring <livio.a@gmail.com > 
						
						
					 
					
						2024-01-17 10:16:48 +00:00 
						 
				 
			
				
					
						
							
							
								Elio Bischof 
							
						 
					 
					
						
						
							
						
						4980cd6a0c 
					 
					
						
						
							
							feat: add SYSTEM_OWNER role ( #6765 )  
						
						... 
						
						
						
						* define roles and permissions
* support system user memberships
* don't limit system users
* cleanup permissions
* restrict memberships to aggregates
* default to SYSTEM_OWNER
* update unit tests
* test: system user token test (#6778 )
* update unit tests
* refactor: make authz testable
* move session constants
* cleanup
* comment
* comment
* decode member type string to enum (#6780 )
* decode member type string to enum
* handle all membership types
* decode enums where necessary
* decode member type in steps config
* update system api docs
* add technical advisory
* tweak docs a bit
* comment in comment
* lint
* extract token from Bearer header prefix
* review changes
* fix tests
* fix: add fix for activityhandler
* add isSystemUser
* remove IsSystemUser from activity info
* fix: add fix for activityhandler
---------
Co-authored-by: Stefan Benz <stefan@caos.ch > 
						
						
					 
					
						2023-10-25 15:10:45 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						73dbf31368 
					 
					
						
						
							
							Merge pull request from GHSA-954h-jrpm-72pm  
						
						
						
						
					 
					
						2023-10-25 11:15:22 +02:00 
						 
				 
			
				
					
						
							
							
								Elio Bischof 
							
						 
					 
					
						
						
							
						
						8f6cb47567 
					 
					
						
						
							
							fix: use triggering origin for notification links ( #6628 )  
						
						... 
						
						
						
						* take baseurl if saved on event
* refactor: make es mocks reusable
* Revert "refactor: make es mocks reusable"
This reverts commit 434ce12a6ae40503303efa34d4d2a8tim+github@zitadel.com >
* Update internal/notification/handlers/commands.go
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com >
* move origin header to ctx if available
* generate
* cleanup
* use forwarded header
* support X-Forwarded-* headers
* standardize context handling
* fix linting
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com > 
						
						
					 
					
						2023-10-10 13:20:53 +00:00 
						 
				 
			
				
					
						
							
							
								wackbyte 
							
						 
					 
					
						
						
							
						
						4bebcd6c0f 
					 
					
						
						
							
							fix: typo in "file too big" error message ( #6577 )  
						
						... 
						
						
						
						Co-authored-by: Fabi <fabienne@zitadel.com > 
						
						
					 
					
						2023-09-18 13:08:32 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						69b49ac0ed 
					 
					
						
						
							
							fix(api): return correct http code on assets api ( #6388 )  
						
						... 
						
						
						
						* fix(api): return correct http code on assets api
* add test
* fix test 
						
						
					 
					
						2023-08-18 13:51:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miguel Cabrerizo 
							
						 
					 
					
						
						
							
						
						ae31aa52e4 
					 
					
						
						
							
							fix: 404 if asset object not found ( #6149 )  
						
						... 
						
						
						
						Co-authored-by: Livio Spring <livio.a@gmail.com > 
						
						
					 
					
						2023-07-07 09:34:50 +02:00 
						 
				 
			
				
					
						
							
							
								Silvan 
							
						 
					 
					
						
						
							
						
						e38abdcdf3 
					 
					
						
						
							
							perf: query data AS OF SYSTEM TIME ( #5231 )  
						
						... 
						
						
						
						Queries the data in the storage layser at the timestamp when the call hit the API layer 
						
						
					 
					
						2023-02-27 22:36:43 +01:00 
						 
				 
			
				
					
						
							
							
								Elio Bischof 
							
						 
					 
					
						
						
							
						
						681541f41b 
					 
					
						
						
							
							feat: add quotas ( #4779 )  
						
						... 
						
						
						
						adds possibilities to cap authenticated requests and execution seconds of actions on a defined intervall 
						
						
					 
					
						2023-02-15 02:52:11 +01:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						7aef0ccfee 
					 
					
						
						
							
							fix(email): set correct logo url ( #4426 )  
						
						
						
						
					 
					
						2022-09-21 14:18:55 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						dcac08b1d5 
					 
					
						
						
							
							fix: caching of assets (correct headers and versioned avatar and variables.css url) ( #4118 )  
						
						... 
						
						
						
						* fix: caching of assets (correct headers and versioned avatar url)
* serve variables.css versioned and extend shared max age of assets
* fix TestCommandSide_AddHumanAvatar
* refactor: const types
* refactor: return values
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com >
Co-authored-by: adlerhurst <silvan.reusser@gmail.com > 
						
						
					 
					
						2022-08-16 05:04:36 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Spring 
							
						 
					 
					
						
						
							
						
						aed7010508 
					 
					
						
						
							
							fix: scheduling ( #3978 )  
						
						... 
						
						
						
						* fix: improve scheduling
* build pre-release
* fix: locker
* fix: user handler and print stack in case of panic in reducer
* chore: remove sentry
* fix: improve handler projection and implement tests
* more tests
* fix: race condition in tests
* Update internal/eventstore/repository/sql/query.go
Co-authored-by: Silvan <silvan.reusser@gmail.com >
* fix: implemented suggested changes
* fix: lock statement
Co-authored-by: Silvan <silvan.reusser@gmail.com > 
						
						
					 
					
						2022-07-22 10:08:39 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						62c4a4d08d 
					 
					
						
						
							
							fix: return absolute asset urls ( #3676 )  
						
						
						
						
					 
					
						2022-05-20 10:30:12 +02:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						0906c2d513 
					 
					
						
						
							
							fix: CORS on assets api ( #3659 )  
						
						
						
						
					 
					
						2022-05-19 14:09:02 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						5901991dd3 
					 
					
						
						
							
							fix: asset service (CORS and path in console) and user init ( #3655 )  
						
						... 
						
						
						
						* fix: asset service (CORS and path in console) and user init
* fix tests
* improve comment 
						
						
					 
					
						2022-05-18 14:10:49 +02:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						3a63fb765a 
					 
					
						
						
							
							fix: cleanup some todos ( #3642 )  
						
						... 
						
						
						
						* cleanup todo
* fix: some todos 
						
						
					 
					
						2022-05-16 16:35:49 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Forster 
							
						 
					 
					
						
						
							
						
						fa9f581d56 
					 
					
						
						
							
							chore(v2): move to new org ( #3499 )  
						
						... 
						
						
						
						* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com > 
						
						
					 
					
						2022-04-26 23:01:45 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						4a0d61d75a 
					 
					
						
						
							
							feat: store assets in database ( #3290 )  
						
						... 
						
						
						
						* feat: use database as asset storage
* being only uploading assets if allowed
* tests
* fixes
* cleanup after merge
* renaming
* various fixes
* fix: change to repository event types and removed unused code
* feat: set default features
* error handling
* error handling and naming
* fix tests
* fix tests
* fix merge
* rename 
						
						
					 
					
						2022-04-06 06:13:40 +00:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						504fe5b761 
					 
					
						
						
							
							cherry pick changes from main ( #3371 )  
						
						... 
						
						
						
						* feat: remove exif data from uploaded images (#3221 )
* feat: remove exif tags from images
* feat: remove exif data
* feat: remove exif
* fix: add preferredLoginName to user grant response (#3271 )
* chore: log webauthn parse error (#3272 )
* log error
* log error
* feat: Help link in privacy policy
* fix: convert correct detail data on organization (#3279 )
* fix: handle empty editor users
* fix: add some missing translations (#3291 )
* fix: org policy translations
* fix: metadata event types translation
* fix: translations
* fix: filter resource owner correctly on project grant members (#3281 )
* fix: filter resource owner correctly on project grant members
* fix: filter resource owner correctly on project grant members
* fix: add orgIDs to zitadel permissions request
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com >
* fix: get IAM memberships correctly in MyZitadelPermissions (#3309 )
* fix: correct login names on auth and notification users (#3349 )
* fix: correct login names on auth and notification users
* fix: migration
* fix: handle resource owner in action flows (#3361 )
* fix merge
* fix: exchange exif library (#3366 )
* fix: exchange exif library
* ignore tiffs
* requested fixes
* feat: Help link in privacy policy
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com > 
						
						
					 
					
						2022-03-24 14:00:24 +01:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						389eb4a27a 
					 
					
						
						
							
							feat: run on a single port ( #3163 )  
						
						... 
						
						
						
						* start v2
* start
* run
* some cleanup
* remove v2 pkg again
* simplify
* webauthn
* remove unused config
* fix login path in Dockerfile
* fix asset_generator.go
* health handler
* fix grpc web
* refactor
* merge
* build new main.go
* run new main.go
* update logging pkg
* fix error msg
* update logging
* cleanup
* cleanup
* go mod tidy
* change localDevMode
* fix customEndpoints
* update logging
* comments
* change local flag to external configs
* fix location generated go code
* fix
Co-authored-by: fforootd <florian@caos.ch > 
						
						
					 
					
						2022-02-14 17:22:30 +01:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						e99b7f4972 
					 
					
						
						
							
							fix: move activity log to queries and remove old code ( #3096 )  
						
						... 
						
						
						
						* move changes to queries and remove old code
* fix changes query
* remove unused code
* fix sorting
* fix sorting
* refactor and remove old code
* remove accidental go.mod replace
* add missing file
* remove listDetail from ChangesResponse 
						
						
					 
					
						2022-01-26 10:16:33 +01:00 
						 
				 
			
				
					
						
							
							
								Silvan 
							
						 
					 
					
						
						
							
						
						eac5045821 
					 
					
						
						
							
							fix(queries): Label policy projection ( #2479 )  
						
						... 
						
						
						
						* job queue
* wg improvements
* start handler
* statement
* statements
* imporve handler
* improve statement
* statement in seperate file
* move handlers
* move query/old to query
* handler
* read models
* bulk works
* cleanup
* contrib
* rename readmodel to projection
* rename read_models schema to projections
* rename read_models schema to projections
* search query as func,
bulk iterates as long as new events
* add event sequence less query
* update checks for events between current sequence and sequence of first statement if it has previous sequence 0
* cleanup crdb projection
* refactor projection handler
* start with testing
* tests for handler
* remove todo
* refactor statement: remove table name,
add tests
* improve projection handler shutdown,
no savepoint if noop stmt,
tests for stmt handler
* tests
* start failed events
* seperate branch for contrib
* move statement constructors to crdb pkg
* correct import
* Subscribe for eventtypes (#1800 )
* fix: is default (#1737 )
* fix: use email as username on global org (#1738 )
* fix: use email as username on global org
* Update user_human.go
* Update register_handler.go
* chore(deps): update docusaurus (#1739 )
* chore: remove PAT and use GH Token (#1716 )
* chore: remove PAT and use GH Token
* fix env
* fix env
* fix env
* md lint
* trigger ci
* change user
* fix GH bug
* replace login part
* chore: add GH Token to sem rel (#1746 )
* chore: add GH Token to sem rel
* try branch
* add GH Token
* remove test branch again
* docs: changes acme to acme-caos (#1744 )
* changes acme to acme-caos
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch >
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com >
Co-authored-by: Florian Forster <florian@caos.ch >
* feat: add additional origins on applications (#1691 )
* feat: add additional origins on applications
* app additional redirects
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console
Bumps [@angular/cli](https://github.com/angular/angular-cli ) from 11.2.8 to 11.2.11.
- [Release notes](https://github.com/angular/angular-cli/releases )
- [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Silvan <silvan.reusser@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console
Bumps [stylelint](https://github.com/stylelint/stylelint ) from 13.10.0 to 13.13.1.
- [Release notes](https://github.com/stylelint/stylelint/releases )
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Silvan <silvan.reusser@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 14.14.37 to 15.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Silvan <silvan.reusser@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console
Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen ) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases )
- [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md )
- [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Silvan <silvan.reusser@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682 )
Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine ) from 3.6.9 to 3.6.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/google-protobuf in /console (#1681 )
Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf ) from 3.7.4 to 3.15.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666 )
Bumps [grpc](https://github.com/grpc/grpc-node ) from 1.24.5 to 1.24.7.
- [Release notes](https://github.com/grpc/grpc-node/releases )
- [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* lock
* chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704 )
* fix: show org with regex (#1688 )
* fix: flag mapping (#1699 )
* chore(deps-dev): bump @angular/language-service in /console
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service ) from 11.2.9 to 11.2.12.
- [Release notes](https://github.com/angular/angular/releases )
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md )
- [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Silvan <silvan.reusser@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* package lock
* downgrade grpc
* downgrade protobuf types
* revert npm packs 🥸 
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com >
* docs: update run and start section texts (#1745 )
* update run and start section texts
* adds showcase
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com >
* fix: additional origin list (#1753 )
* fix: handle api configs in authz handler (#1755 )
* fix(console): add model for api keys, fix toast, binding (#1757 )
* fix: add model for api keys, fix toast, binding
* show api clientid
* fix: missing patchvalue (#1758 )
* feat: refresh token (#1728 )
* begin refresh tokens
* refresh tokens
* list and revoke refresh tokens
* handle remove
* tests for refresh tokens
* uniqueness and default expiration
* rename oidc token methods
* cleanup
* migration version
* Update internal/static/i18n/en.yaml
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
* fixes
* feat: update oidc pkg for refresh tokens
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
* fix: correct json name of clientId in key.json (#1760 )
* fix: migration version (#1767 )
* start subscription
* eventtypes
* fix(login): links (#1778 )
* fix(login): href for help
* fix(login): correct link to tos
* fix: access tokens for service users and refresh token infos (#1779 )
* fix: access token for service user
* handle info from refresh request
* uniqueness
* postpone access token uniqueness change
* chore(coc): recommend code of conduct (#1782 )
* subscribe for events
* feat(console): refresh toggle out of granttype context (#1785 )
* refresh toggle
* disable if not code flow, lint
* lint
* fix: change oidc config order
* accept refresh option within flow
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
* fix: refresh token activation (#1795 )
* fix: oidc grant type check
* docs: add offline_access scope
* docs: update refresh token status in supported grant types
* fix: update oidc pkg
* fix: check refresh token grant type (#1796 )
* configuration structs
* org admins
* failed events
* fixes
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Florian Forster <florian@caos.ch >
Co-authored-by: mffap <mpa@caos.ch >
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
* remove comment
* aggregate reducer
* remove eventtypes
* add protoc-get-validate to mod
* fix transaltion
* upsert
* add gender on org admins,
allow to retry failed stmts after configurable time
* remove if
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* current sequences
* make org and org_admins work again
* add aggregate type to current sequence
* fix(contibute): listing
* add validate module
* fix: search queries
* feat(eventstore): previous aggregate root sequence (#1810 )
* feat(eventstore): previous aggregate root sequence
* fix tests
* fix: eventstore v1 test
* add col to all mocked rows
* next try
* fix mig
* rename aggregate root to aggregate type
* update comment
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
* small refactorings
* allow update multiple current sequences
* unique log id
* fix migrations
* rename org admin to org owner
* improve error handling and logging
* fix(migration): optimize prev agg root seq
* fix: projection handler test
* fix: sub queries
* small fixes
* additional event types
* correct org owner projection
* fix primary key
* feat(eventstore): jobs for projections (#2026 )
* fix: template names in login (#1974 )
* fix: template names in login
* fix: error.html
* fix: check for features on mgmt only (#1976 )
* fix: add sentry in ui, http and projection handlers (#1977 )
* fix: add sentry in ui, http and projection handlers
* fix test
* fix(eventstore): sub queries (#1805 )
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* fix(contibute): listing
* add validate module
* fix: search queries
* remove unused event type in query
* ignore query if error in marshal
* go mod tidy
* update privacy policy query
* update queries
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
* feat: Extend oidc idp with oauth endpoints (#1980 )
* feat: add oauth attributes to oidc idp configuration
* feat: return idpconfig id on create idp
* feat: tests
* feat: descriptions
* feat: docs
* feat: tests
* docs: update to beta 3 (#1984 )
* fix: role assertion (#1986 )
* fix: enum to display access token role assertion
* improve assertion descriptions
* fix nil pointer
* docs: eventstore (#1982 )
* docs: eventstore
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch >
Co-authored-by: Florian Forster <florian@caos.ch >
* fix(sentry): trigger sentry release (#1989 )
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix: set version for sentry release (#1990 )
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix(corrected var name): corrected var name
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
* fix: log error reason on terminate session (#1973 )
* fix: return default language file, if requested lang does not exist for default login texts (#1988 )
* fix: return default language file, if requested lang doesnt exists
* feat: read default translation file
* feat: docs
* fix: race condition in auth request unmarshalling (#1993 )
* feat: handle ui_locales in login (#1994 )
* fix: handle ui_locales in login
* move supportedlanguage func into i18n package
* update oidc pkg
* fix: handle closed channels on unsubscribe (#1995 )
* fix: give restore more time (#1997 )
* fix: translation file read (#2009 )
* feat: translation file read
* feat: readme
* fix: enable idp add button for iam users (#2010 )
* fix: filter event_data (#2011 )
* feat: Custom message files (#1992 )
* feat: add get custom message text to admin api
* feat: read custom message texts from files
* feat: get languages in apis
* feat: get languages in apis
* feat: get languages in apis
* feat: pr feedback
* feat: docs
* feat: merge main
* fix: sms notification (#2013 )
* fix: phone verifications
* feat: fix password reset as sms
* fix: phone verification
* fix: grpc status in sentry and validation interceptors (#2012 )
* fix: remove oauth endpoints from oidc config proto (#2014 )
* try with view
* fix(console): disable sw (#2021 )
* fix: disable sw
* angular.json disable sw
* project projections
* fix typos
* customize projections
* customizable projections,
add change date to projects
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
Co-authored-by: Florian Forster <florian@caos.ch >
Co-authored-by: mffap <mpa@caos.ch >
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com >
Co-authored-by: Elio Bischof <eliobischof@gmail.com >
* env file
* typo
* correct users
* correct migration
* fix: merge fail
* fix test
* fix(tests): unordered matcher
* improve currentSequenceMatcher
* correct certs
* correct certs
* add zitadel database on database list
* refctor switch in match
* enable all handlers
* Delete io.env
* cleanup
* add handlers
* rename view to projection
* rename view to projection
* fix type typo
* remove unnecessary logs
* refactor stmts
* simplify interval calculation
* fix tests
* fix unlock test
* fix migration
* migs
* fix(operator): update cockroach and flyway versions (#2138 )
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.19.2 to 0.21.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.34.0 to 0.52.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* start update dependencies
* update mods and otlp
* fix(build): update to go 1.16
* old version for k8s mods
* update k8s versions
* update orbos
* fix(operator): update cockroach and flyway version
* Update images.go
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stefan Benz <stefan@caos.ch >
* fix import
* fix typo
* fix(migration): add org projection
* fix(projection): correct table for org events in org owners
* better insert stmt
* fix typo
* fix typo
* set max connection lifetime
* set max conns and conn lifetime in eventstore v1
* configure sql connection settings
* add mig for agg type index
* fix replace tab in yaml
* handler interfaces
* subscription
* first try
* handler
* move sql client initialization
* first part implemented
* removed all occurencies of org by id and search orgs
* fix merge issues
* cleanup code
* fix: queries implements orgviewprovider
* cleanup
* refactor text comparison
* remove unused file
* remove unused code
* log
* remove unused code
* remove unused field
* remove unused file
* refactor
* tests for search query
* remove try
* simplify state change mappers
* projection tests
* query functions
* move reusable objects to separate files
* rename domain column to primar_domain
* fix tests
* add current sequence
* remove log prints
* fix tests
* fix: verifier
* fix test
* rename domain col migrations
* simplify search response
* add custom column constructors
* fix: org projection table const
* fix: full column name
* feat: text query extension
* fix: tests for query
* number query
* add deprection message
* projection
* correct migration
* projection
* projection
* column in a single place (#2416 )
* column in a single place
* use projection for columns
* query column with aliases
* rename methods
* remove unused code
* column for current sequences
* correct file name
* global counter column
* fix is org unique
* query
* fix wrong code
* remove unused code
* query
* remove unused code
* remove unused code
* query
* api
* remove unused cod
* remove unused code
* remove unused code
* remove unused code
* fix(queries): org iam policy
* fix: init provider
* tests
* tests
* tests
* tests
* tests
* add copy stmt
* label policy projection
* tests
* constant naming in test
* query
* fix nil pointer
* fix test
* refactor: remove useless file
* fix(configs): add options to setup
* fix: sql changes
* tests
* remove old comment
* rename label policy to styling
* fix where
* remove unused logs
* migration
* correct primary key
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Florian Forster <florian@caos.ch >
Co-authored-by: mffap <mpa@caos.ch >
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com >
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com >
Co-authored-by: Elio Bischof <eliobischof@gmail.com >
Co-authored-by: Stefan Benz <stefan@caos.ch >
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com > 
						
						
					 
					
						2021-11-24 16:02:00 +01:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						cf8515598c 
					 
					
						
						
							
							fix: improve error handling of asset api ( #2177 )  
						
						
						
						
					 
					
						2021-08-11 08:49:08 +00:00 
						 
				 
			
				
					
						
							
							
								Christian Jakob 
							
						 
					 
					
						
						
							
						
						b024cda4e5 
					 
					
						
						
							
							feat: sentry integration ( #1944 )  
						
						... 
						
						
						
						* initial sentry variables and secrets
* feat: sentry monitoring
* fix typo
* feat(sentry version): sentry capability
* fix(sentry include): included sentry import 4 zitadel
* usage flag for sentry
* improve sentry flag
* merge main
* fix sentry config
* add sentry dsn to secret env vars
* fix test
* log sentry start
* add sentry grpc interceptor and recover
* add sentry http interceptor to asset api
* fix interceptor order
* try improve sentry recover
* fix i18n interception
* panic
Co-authored-by: Livio Amstutz <livio.a@gmail.com > 
						
						
					 
					
						2021-07-05 10:58:58 +02:00 
						 
				 
			
				
					
						
							
							
								Livio Amstutz 
							
						 
					 
					
						
						
							
						
						81974b977d 
					 
					
						
						
							
							fix: label policy ( #1828 )  
						
						... 
						
						
						
						* fix: font color
* fix: assets from iam when policy is default
* fix: remove multiple files
* fix mock storage
* doc: add asset api
* build assets docs
* fix operator test
* docs
* fix remove assets from org label policy and not default
* fix remove label policy assets and feature downgrade correctly
* fix storage mock
* Update docs/docs/apis/apis.md
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com >
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com > 
						
						
					 
					
						2021-06-08 09:48:44 +02:00 
						 
				 
			
				
					
						
							
							
								Fabi 
							
						 
					 
					
						
						
							
						
						73d37459bb 
					 
					
						
						
							
							feat: label policy ( #1708 )  
						
						... 
						
						
						
						* feat: label policy proto extension
* feat: label policy and activate event
* feat: label policy asset events
* feat: label policy asset commands
* feat: add storage key
* feat: storage key validation
* feat: label policy asset tests
* feat: label policy query side
* feat: avatar
* feat: avatar event
* feat: human avatar
* feat: avatar read side
* feat: font on iam label policy
* feat: label policy font
* feat: possiblity to create bucket on put file
* uplaoder
* login policy logo
* set bucket prefix
* feat: avatar upload
* feat: avatar upload
* feat: use assets on command side
* feat: fix human avatar removed event
* feat: remove human avatar
* feat: mock asset storage
* feat: remove human avatar
* fix(operator): add configuration of asset storage to zitadel operator
* feat(console): private labeling policy (#1697 )
* private labeling component, routing, preview
* font, colors, upload, i18n
* show logo
* fix: uniqueness (#1710 )
* fix: uniqueconstraint to lower
* feat: change org
* feat: org change test
* feat: change org
* fix: tests
* fix: handle domain claims correctly
* feat: update org
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com >
* fix: handle domain claimed event correctly for service users (#1711 )
* fix: handle domain claimed event correctly on user view
* fix: ignore domain claimed events for email notifications
* fix: change org
* handle org changed in read models correctly
* fix: change org in user grant handler
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com >
* fix: correct value (#1695 )
* docs(api): correct link (#1712 )
* upload service
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com >
Co-authored-by: Florian Forster <florian@caos.ch >
* feat: fix tests,
* feat: remove assets from label policy
* fix npm, set environment
* lint ts
* remove stylelinting
* fix(operator): add mapping for console with changed unit tests
* fix(operator): add secrets as env variables to pod
* feat: remove human avatar
* fix(operator): add secrets as env variables to pod
* feat: map label policy
* feat: labelpolicy, admin, mgmt, adv settings (#1715 )
* fetch label policy, mgmt, admin service
* feat: advanced beh, links, add, update
* lint ts
* feat: watermark
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: custom css
* css
* css
* css
* css
* css
* getobject
* feat: dynamic handler
* feat: varibale css
* content info
* css overwrite
* feat: variablen css
* feat: generate css file
* feat: dark mode
* feat: dark mode
* fix logo css
* feat: upload logos
* dark mode with cookie
* feat: handle images in login
* avatar css and begin font
* feat: avatar
* feat: user avatar
* caching of static assets in login
* add avatar.js to main.html
* feat: header dont show logo if no url
* feat: label policy colors
* feat: mock asset storage
* feat: mock asset storage
* feat: fix tests
* feat: user avatar
* feat: header logo
* avatar
* avatar
* make it compatible with go 1.15
* feat: remove unused logos
* fix handler
* fix: styling error handling
* fonts
* fix: download func
* switch to mux
* fix: change upload api to assets
* fix build
* fix: download avatar
* fix: download logos
* fix: my avatar
* font
* fix: remove error msg popup possibility
* fix: docs
* fix: svalidate colors
* rem msg popup from frontend
* fix: email with private labeling
* fix: tests
* fix: email templates
* fix: change migration version
* fix: fix duplicate imports
* fix(console): assets, service url, upload, policy current and preview  (#1781 )
* upload endpoint, layout
* fetch current, preview, fix upload
* cleanup private labeling
* fix linting
* begin generated asset handler
* generate asset api in dockerfile
* features for label policy
* features for label policy
* features
* flag for asset generator
* change asset generator flag
* fix label policy view in grpc
* fix: layout, activate policy (#1786 )
* theme switcher up on top
* change layout
* activate policy
* feat(console): label policy back color, layout (#1788 )
* theme switcher up on top
* change layout
* activate policy
* fix overwrite value fc
* reset policy, reset service
* autosave policy, preview desc, layout impv
* layout, i18n
* background colors, inject material styles
* load images
* clean, lint
* fix layout
* set custom hex
* fix content size conversion
* remove font format in generated css
* fix features for assets
* fix(console): label policy colors, image downloads, preview (#1804 )
* load images
* colors, images binding
* lint
* refresh emitter
* lint
* propagate font colors
* upload error handling
* label policy feature check
* add blob in csp for console
* log
* fix: feature edits for label policy, refresh state on upload (#1807 )
* show error on load image, stop spinner
* fix merge
* fix migration versions
* fix assets
* fix csp
* fix background color
* scss
* fix build
* lint scss
* fix statik for console
* fix features check for label policy
* cleanup
* lint
* public links
* fix notifications
* public links
* feat: merge main
* feat: fix translation files
* fix migration
* set api domain
* fix logo in email
* font face in email
* font face in email
* validate assets on upload
* cleanup
* add missing translations
* add missing translations
Co-authored-by: Livio Amstutz <livio.a@gmail.com >
Co-authored-by: Stefan Benz <stefan@caos.ch >
Co-authored-by: Max Peintner <max@caos.ch >
Co-authored-by: Florian Forster <florian@caos.ch > 
						
						
					 
					
						2021-06-04 14:53:51 +02:00