Commit Graph

3025 Commits

Author SHA1 Message Date
Tim Möhlmann
51cfb9564a
chore(user/v2): solve test TODO that depended on session tokens (#6973)
Closes #6022,

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-05 15:28:17 +00:00
Elio Bischof
dd33538c0a
feat: restrict languages (#6931)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
2023-12-05 11:12:01 +00:00
Livio Spring
236930f109
docs(api): add session lifetime format for REST calls (#7019) 2023-12-05 10:25:52 +01:00
Silvan
060b4ab2f0
docs(10006): clarify required crdb versions (#7012) 2023-12-04 11:24:36 +01:00
Tim Zook
302b4b90d4
fix(init): correct quoting of database and user (#6928)
* fix(init): correct quoting

* quote username in logstore migration

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-03 08:30:08 +00:00
Silvan
e3d1ca4d58
fix(eventstore): improve pagination of handler filter (#6968)
* fix(setup): add filter_offset to `projections.current_states`

* fix(eventstore): allow offset in query

* fix(handler): offset for already processed events
2023-12-01 12:25:41 +00:00
Livio Spring
e57076430b
fix: handle context when locking for trigger (#7006) 2023-12-01 11:13:57 +01:00
Miguel Cabrerizo
79130b238b
fix: replace back button with <- in user register (#6981)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-29 15:52:12 +00:00
Elio Bischof
11d7a8ce61
Merge pull request from GHSA-2wmj-46rj-qm2w
* fix: find instance by original domain

* return instance not found on invalid origin

* test: ensure correct host validation

* test: instance not found is translated
2023-11-29 11:57:47 +01:00
Stefan Benz
ef11609142
fix: add https status to activity log (#6978)
* fix: add https status to activity log

* create prerelease

* create RC

* pass info from gateway to grpc server

* fix: update releaserc to create RC version

* cleanup

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-28 16:56:29 +01:00
Tim Möhlmann
24b05dc88c
fix(authz): add logging to access token verification errors (#6976)
* fix(authz): add logging to access token verification errors

Related to #6949

* use logging fields

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-27 15:35:08 +00:00
Tim Möhlmann
115d944d38
chore: add database questions to bug report template (#6975)
* chore: add database questions to bug report template

Sometimes we get bug reports that are only reproducible when zitadel is running against a certain database.
This change adds database related questions to the issue template, as it is something people don't tend to describe in the detail fields.

* fix syntax error
2023-11-27 08:23:49 +01:00
Elio Bischof
60688757fa
test(postgres): always test against latest release (#6972)
* test(postgres): always test against latest

* Update CONTRIBUTING.md

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* Update internal/integration/config/docker-compose.yaml

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-24 13:56:58 +00:00
Silvan
2ca88956b4
docs: add tracing.endpoint to defaults.yaml (#6824)
* docs: add `tracing.endpoint` to defaults.yaml

* docs: describe tracing types in defaults.yaml
2023-11-24 13:38:52 +01:00
Elio Bischof
8982e1aae3
fix(postgres <=15): delete unique constraints (#6971)
fix(postgres): delete unique constraints
2023-11-24 07:23:23 +01:00
Tim Möhlmann
72bc3ffe14
fix(oidc): add missing fields to introspection (#6967)
during QA I found some user info and org ID was missing.
This change adds those missing fields.
2023-11-23 16:17:50 +02:00
Livio Spring
1ef186e338
docs: update session termination documentation (#6966) 2023-11-23 11:10:14 +00:00
mffap
8c20548db7
chore: update bug template (#6924)
Provide link to the product management in the issue's markdown instead of description. This allows people to actually follow the link when creating an issue.
2023-11-23 10:09:40 +00:00
Silvan
9ed956383f
fix(eventstore): correct handling of wrong unique fields (#6961) 2023-11-23 06:15:40 +01:00
jacob-buckaroo
1fac15e186
feat(i18n): Dutch language support (#6952)
* feat(i18n): Dutch language support

* Fixed formatting issues

* add missing error lines

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-11-22 14:35:21 +00:00
Laurent Egbakou
39c26ffa7b
fix(i18n): replaced wrong i18n key in fr,it,ja,mk,pl,pt and zh json files (console) (#6937)
* fix(i18n): replaced the wrong key for Verified domains (fr)

* fix(i18n): replaced the wrong key for Verified domains (it)

* fix(i18n): replaced the wrong key for Verified domains (ja)

* fix(i18n): replaced the wrong key for Verified domains (mk)

* fix(i18n): replaced the wrong key for Verified domains (pl)

* fix(i18n): replaced the wrong key for Verified domains (pt)

* fix(i18n): replaced the wrong key for Verified domains (zh)
2023-11-22 13:16:32 +00:00
Livio Spring
b563041103
fix: ensure uniqueness (#6956)
* fix: ensure uniqueness

* only update wrong ones

* Update cmd/setup/16.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 12:05:14 +00:00
Tim Möhlmann
2f91679623
chore(Makefile): add go generate target (#6944)
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.

`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.

The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 10:56:43 +00:00
Tim Möhlmann
2de7ce99c5
chore(docs): improve on password hashing (#6951) 2023-11-22 10:29:06 +00:00
Stefan Benz
5fcb5568d7
fix: correct method and path for session api activity (#6880)
* fix: correct method and path for session api activity

* fix: correct method and path for session api activity

* fix: correct function name for activity trigger
2023-11-22 12:12:23 +02:00
Elio Bischof
76fe032b5f
feat: option to disallow public org registration (#6917)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* lint
2023-11-22 09:29:38 +00:00
Max Peintner
5fa596a871
fix(console): onboarding actions with external links (#6822)
* fix: attr for external links

* template outlet
2023-11-22 09:14:37 +00:00
Max Peintner
d4b18a3eda
fix(console): dependencies (#6943)
* chore(deps-dev): bump @types/file-saver from 2.0.5 to 2.0.7 in /console (#6878)

Bumps [@types/file-saver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/file-saver) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/file-saver)

---
updated-dependencies:
- dependency-name: "@types/file-saver"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump axios from 1.4.0 to 1.6.1 in /console (#6902)

Bumps [axios](https://github.com/axios/axios) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.4.0...v1.6.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @types/jsonwebtoken from 9.0.2 to 9.0.5 in /console (#6877)

chore(deps-dev): bump @types/jsonwebtoken in /console

Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) from 9.0.2 to 9.0.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken)

---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump libphonenumber-js from 1.10.30 to 1.10.49 in /console (#6845)

Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.30 to 1.10.49.
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.30...v1.10.49)

---
updated-dependencies:
- dependency-name: libphonenumber-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump typescript from 4.9.5 to 5.1.6 in /console (#6650)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.5 to 5.1.6.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.5...v5.1.6)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump google-proto-files from 3.0.3 to 4.0.0 in /console (#6653)

Bumps [google-proto-files](https://github.com/googleapis/nodejs-proto-files) from 3.0.3 to 4.0.0.
- [Release notes](https://github.com/googleapis/nodejs-proto-files/releases)
- [Changelog](https://github.com/googleapis/nodejs-proto-files/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/nodejs-proto-files/compare/v3.0.3...v4.0.0)

---
updated-dependencies:
- dependency-name: google-proto-files
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump tslib from 2.5.0 to 2.6.2 in /console (#6649)

Bumps [tslib](https://github.com/Microsoft/tslib) from 2.5.0 to 2.6.2.
- [Release notes](https://github.com/Microsoft/tslib/releases)
- [Commits](https://github.com/Microsoft/tslib/compare/2.5.0...v2.6.2)

---
updated-dependencies:
- dependency-name: tslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump @ngx-translate/core from 14.0.0 to 15.0.0 in /console (#6646)

Bumps [@ngx-translate/core](https://github.com/ngx-translate/core) from 14.0.0 to 15.0.0.
- [Release notes](https://github.com/ngx-translate/core/releases)
- [Commits](https://github.com/ngx-translate/core/compare/v14.0.0...v15.0.0)

---
updated-dependencies:
- dependency-name: "@ngx-translate/core"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump @babel/traverse from 7.21.5 to 7.23.2 in /console (#6742)

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.21.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* lock

* ts

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-21 23:41:53 +00:00
Tim Möhlmann
ba9b807854
perf(oidc): optimize the introspection endpoint (#6909)
* get key by id and cache them

* userinfo from events for v2 tokens

* improve keyset caching

* concurrent token and client checks

* client and project in single query

* logging and otel

* drop owner_removed column on apps and authN tables

* userinfo and project roles in go routines

* get  oidc user info from projections and add actions

* add avatar URL

* some cleanup

* pull oidc work branch

* remove storage from server

* add config flag for experimental introspection

* legacy introspection flag

* drop owner_removed column on user projections

* drop owner_removed column on useer_metadata

* query userinfo unit test

* query introspection client test

* add user_grants to the userinfo query

* handle PAT scopes

* bring triggers back

* test instance keys query

* add userinfo unit tests

* unit test keys

* go mod tidy

* solve some bugs

* fix missing preferred login name

* do not run triggers in go routines, they seem to deadlock

* initialize the trigger handlers late with a sync.OnceValue

* Revert "do not run triggers in go routines, they seem to deadlock"

This reverts commit 2a03da2127.

* add missing translations

* chore: update go version for linting

* pin oidc version

* parse a global time location for query test

* fix linter complains

* upgrade go lint

* fix more linting issues

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-11-21 13:11:38 +01:00
Livio Spring
ad3563d58b
fix: handle project deactivate and remove correctly on tokens (#6947) 2023-11-21 10:05:22 +01:00
Livio Spring
492b7d8676
docs(security.md): update link to disclosure policy (#6948) 2023-11-21 09:15:51 +01:00
Stefan Benz
0ec7a74877
perf: remove owner removed columns from projections for oidc (#6925)
* fix: remove owner removed columns from login names projection

* fix: remove owner removed columns from flow projection

* fix: remove owner removed columns from project, projectgrant and member projections

* fix: correct unit tests for session projection

* fix: correct unit tests for session projection
2023-11-20 17:21:08 +02:00
Arslan Gait
3bed5f50a8
docs: correct spelling in claims.md (#6935)
Update claims.md

Fixed typo in word 'and'
2023-11-20 12:38:06 +00:00
mffap
bd5506494a
docs(legal): update legal framework and policies (November 2023) (#6611)
* move policies

* service description editorial

* service description move

* add subprocessors

* resort policies and service descriptions

* subprocessor

* subprocessors wip

* wip

* subprocessors

* subprocessors introduction

* billing wip

* service level headings

* billing wip

* gdpr region clarification

* fix some styling

* support service wip

* wip

* service-description

* fair use, broken links

* services offered

* rework enterprise benefits

* support plans

* remove language, add support issue

* combine onboarding support

* wip

* use of brand and trademarks

* sidebar

* DASU

* Combine ToS for support services

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne@zitadel.com>

* changes from review

* update updatedAt

* dpa and pp updates WIP

* broken links

* tom

* remote entity

* title annex enterprise agreement

* typo

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

* update last update dates

* replace quota with amount

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
2023-11-16 09:26:25 +00:00
Livio Spring
2e8c3b5a53
feat: allow session deletion without session token (#6889)
* fix: add resource owner of user and change the one of session to instance

* use user resource owner from session projection

* fix session permission check

* integration tests and fixes

* update api docs
2023-11-16 07:35:50 +01:00
Silvan
0948a0b9ae
ci: set runner group on parallel jobs (#6916) 2023-11-14 10:48:41 +00:00
Livio Spring
3bc9a60986
fix: allow webauthn checks for users of other orgs (#6915) 2023-11-14 09:42:39 +00:00
Livio Spring
1344760369
fix: set samesite mode for CSRF cookie based on security policy (#6914) 2023-11-14 10:01:59 +01:00
Miguel Cabrerizo
bd63fcd15d
feat(console): add SAML certificate link and endpoints (#6841)
* feat(console): add SAML certificate link and endpoints

* fix: add missing translations for cs and ru

* fix: add @eliobischof review suggestions

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-13 17:49:55 +00:00
Tim Möhlmann
081a0b4cb7
chore(deps): upgrade all go modules (#6895)
* chore(deps): upgrade all go modules

This change upgrades all go.mod dependecies. As well as Makefile tools.

There where some imports that still used the old and deprecated
`github.com/golang/protobuf/ptypes` package.
These have been moved to the equivelant
`google.golang.org/protobuf/types/known` package.

The `internal/proto` package is removed as was only used once.
With a simple refactor in the Validator it became completely obsolete.

* fix validate unit test

* cleanup merge

* update otel

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-13 10:41:29 +00:00
Livio Spring
0386fe7f96
fix: improve login_hint usage on IDPs (#6899)
* only set prompt if no login_hint is set

* update to current state and cleanup
2023-11-13 09:25:26 +01:00
Tim Möhlmann
42a2c0093d
fix: use x-zitadel-forwarded header (#6900)
fix: use x-zitadel-forward header
2023-11-10 15:02:53 +00:00
Ahmed Fwela
3f22fb3a5c
feat(user/v1): support composite queries (#6361)
* feat(user/v1): support composite queries

* fix: added proper error handling for NotQuery

* Added error when there are too many levels of nesting

* Add localization keys for english

* Update internal/api/grpc/user/query.go
2023-11-09 11:38:34 +01:00
Elio Bischof
e0a5f8661d
feat: improve UX for external configuration (#6861)
* docs: simplify traefik external tls

* remove pass host header

* docs: simplify and fix nginx external tls

* fix: readiness with enabled tls

* improve proxy docs

* improve proxy docs

* fix(ready): don't verify server cert

* complete nginx docs

* cleanup

* complete traefik docs

* add caddy docs

* simplify traefik

* standardize

* fix caddy

* add httpd docs

* improve external config docs

* guiding error message

* docs(defaults.yaml): remove misleading comments

* guiding error message cs and ru

* improve proxy testability

* fix compose up command

* improve commands

* fix nginx tls disabled

* fix nginx tls enabled

* fix: serve gateway when tls is enabled

* fmt caddy files

* fix caddy enabled tls

* remove not-working commands

* review

* fix checks

* fix link

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-09 11:30:15 +01:00
Livio Spring
22e2d55999
Merge pull request from GHSA-7h8m-vrxx-vr4m
* fix: handle locking policy correctly for multiple simultaneous password checks

* recheck events
2023-11-08 14:19:13 +01:00
sp132
9a708b1b78
feat: extend session search service (#6746)
* feat: extend session search service (#6029)

add two more searching criteria - human user id and session creation date

optional sorting by the session creation date

* fix: use correct column identifier

* fix: implement Col()

* chore: fix unit tests

* chore: fix linter warnings

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 11:32:13 +01:00
Mark A. Hershberger
0d3788b757
docs: Update managers.mdx (#6873)
Update managers.mdx

typo

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 09:07:11 +00:00
Alexei
9ccdfdc196
feat: Add translations for Russian (#6864)
* wip

* add Russian (autotranslate)
TODO: review translations

* fix console linting

* add russian language to login translations

* docs

* missing console translations

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-08 07:38:55 +00:00
petrmifek
e839f03f57
feat(i18n): Czech language support (#6870)
feat(i18n): Add Czech language support
2023-11-08 07:55:41 +01:00
Miguel Cabrerizo
49d3ae6238
feat(console): replace twitter bird with X (#6843)
feat(console): replace blue bird with X

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-11-07 10:43:29 +00:00