TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,774 Commits 166 Branches 1,927 Tags 670 MiB
aa2d642e97
Commit Graph

1364 Commits

Author SHA1 Message Date
Stefan Benz
15fd3045e0
feat: add SAML as identity provider (#6454) 
* feat: first implementation for saml sp

* fix: add command side instance and org for saml provider

* fix: add query side instance and org for saml provider

* fix: request handling in event and retrieval of finished intent

* fix: add review changes and integration tests

* fix: add integration tests for saml idp

* fix: correct unit tests with review changes

* fix: add saml session unit test

* fix: add saml session unit test

* fix: add saml session unit test

* fix: changes from review

* fix: changes from review

* fix: proto build error

* fix: proto build error

* fix: proto build error

* fix: proto require metadata oneof

* fix: login with saml provider

* fix: integration test for saml assertion

* lint client.go

* fix json tag

* fix: linting

* fix import

* fix: linting

* fix saml idp query

* fix: linting

* lint: try all issues

* revert linting config

* fix: add regenerate endpoints

* fix: translations

* fix mk.yaml

* ignore acs path for user agent cookie

* fix: add AuthFromProvider test for saml

* fix: integration test for saml retrieve information

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-09-29 11:26:14 +02:00
Livio Spring
2e99d0fe1b
fix(email): UTF-8 "Q" encode subject header (#6637) 
fix(email): UTF-8 "Q" encode subject header
 2023-09-29 08:53:45 +00:00
Livio Spring
68bfab2fb3
feat(login): use default org for login without provided org context (#6625) 
* start feature flags

* base feature events on domain const

* setup default features

* allow setting feature in system api

* allow setting feature in admin api

* set settings in login based on feature

* fix rebasing

* unit tests

* i18n

* update policy after domain discovery

* some changes from review

* check feature and value type

* check feature and value type
 2023-09-29 08:21:32 +00:00
Max Peintner
e9148e96c7
fix(login): firefox MFA radio mouse target (#6632) 
fix: mfa radio for firefox
 2023-09-28 08:15:01 +02:00
Stefan Benz
2823678eb6
fix: add userID to intent responses (#6566) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-09-25 05:21:50 +00:00
Elio Bischof
520f87d9b1
test: duplicate quota notifications (#6610) 2023-09-22 13:33:23 +02:00
Elio Bischof
ae1af6bc8c
fix: set quotas (#6597) 
* feat: set quotas

* fix: start new period on younger anchor

* cleanup e2e config

* fix set notifications

* lint

* test: fix quota projection tests

* fix add quota tests

* make quota fields nullable

* enable amount 0

* fix initial setup

* create a prerelease

* avoid success comments

* fix quota projection primary key

* Revert "fix quota projection primary key"

This reverts commit e72f4d7fa1.

* simplify write model

* fix aggregate id

* avoid push without changes

* test set quota lifecycle

* test set quota mutations

* fix quota unit test

* fix: quotas

* test quota.set event projection

* use SetQuota in integration tests

* fix: release quotas 3

* reset releaserc

* fix comment

* test notification order doesn't matter

* test notification order doesn't matter

* test with unmarshalled events

* test with unmarshalled events
 2023-09-22 09:37:16 +00:00
Tim Möhlmann
e6d273b328
chore(deps): bump oidc (#6607) 
* chore(deps): bump oidc

Include the Issuer from Frowarded header feature

* use the new constructor
 2023-09-22 11:05:11 +02:00
Livio Spring
593d1605ab
fix: only reuse active session and use correct policies (from user org) (#6603) 2023-09-21 16:45:41 +02:00
Anthony Lawn
ebb8f92e85
fix: Increase suffix wrapper to 200px wide (#6590) 
Increase suffix wrapper to 200px wide

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Max Peintner <max@caos.ch>
 2023-09-19 12:37:11 +00:00
Miguel Cabrerizo
f9bb250698
feat: improve Password.NotChanged message (#6589) 
* feat: improve Password.NotChanged message

* Update internal/api/ui/login/static/i18n/de.yaml

* Update internal/static/i18n/de.yaml

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-09-19 12:05:49 +00:00
Anthony Lawn
a5decda201
fix: inconsistencies and other minor issues in English strings (#6591) 
Fixed inconsistencies and other minor issues in English strings

Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-09-19 08:33:01 +02:00
wackbyte
4bebcd6c0f
fix: typo in "file too big" error message (#6577) 
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-09-18 13:08:32 +00:00
Tim Möhlmann
9266f8f00b
fix(command): allow email as username (#6565) 
Fixes #6460

Made the username checks consistent with create human user.
 2023-09-15 15:29:29 +00:00
Elio Bischof
1a49b7d298
perf: project quotas and usages (#6441) 
* project quota added

* project quota removed

* add periods table

* make log record generic

* accumulate usage

* query usage

* count action run seconds

* fix filter in ReportQuotaUsage

* fix existing tests

* fix logstore tests

* fix typo

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* move notifications into debouncer and improve limit querying

* cleanup

* comment

* fix: add quota unit tests command side

* fix remaining quota usage query

* implement InmemLogStorage

* cleanup and linting

* improve test

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* action notifications and fixes for notifications query

* revert console prefix

* fix: add quota unit tests command side

* fix: add quota integration tests

* improve accountable requests

* improve accountable requests

* fix: add quota integration tests

* fix: add quota integration tests

* fix: add quota integration tests

* comment

* remove ability to store logs in db and other changes requested from review

* changes requested from review

* changes requested from review

* Update internal/api/http/middleware/access_interceptor.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* tests: fix quotas integration tests

* improve incrementUsageStatement

* linting

* fix: delete e2e tests as intergation tests cover functionality

* Update internal/api/http/middleware/access_interceptor.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* backup

* fix conflict

* create rc

* create prerelease

* remove issue release labeling

* fix tracing

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
 2023-09-15 16:58:45 +02:00
Livio Spring
b4d0d2c9a7
chore(webauthn): add logs (#6569) 2023-09-15 13:43:38 +00:00
Dishan Sivakumaran
345af3b6c7
fix(account-selection): use font color as color for labels (#6518) 
fix(account-selection): #5505 use font color as color for labels
 2023-09-14 06:15:01 +02:00
Livio Spring
be81570fb5
feat(api): move resource apis to beta (#6530) 
Moves UserService, SessionService, SettingsService and OIDCService to beta state. This includes gRPC and HTTP path changes.
 2023-09-13 12:43:01 +00:00
Livio Spring
c790715628
fix: improve autofill values (#6541) 2023-09-13 08:16:57 +02:00
Livio Spring
523dee8801
chore: remove postgres beta warning (#6394) 
fix: remove postgres beta warning

Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-09-08 15:44:34 +00:00
Miguel Cabrerizo
c115ae374e
feat: replace inactive remove active from select account (#6364) 
* feat: replace inactive remove active from select account

* fix: apply same behavior to console user select

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-09-08 12:15:39 +00:00
Silvan
856d0d12e8
fix: TestCRDB_CreateInstance (#6522) 2023-09-08 10:27:52 +00:00
Livio Spring
62d679e553
fix: handle password data correct on user creation (#6515) 2023-09-07 14:06:11 +00:00
Silvan
c3c2a43d46
fix(scheduler): add span to trigger method (#6513) 2023-09-07 10:59:44 +02:00
Miguel Cabrerizo
dd80109969
feat: delete organizations (#6083) 
* feat: delete organizations

* feat: tests and delete all that depends on org

* fix: grpc delete description

* fix: get back reduce OrgRemovedEvent

* fix: add @muhlemmer review suggestions

* fix: new e2e for add/delete org
 2023-09-07 04:54:51 +00:00
Silvan
0f06e84f40
fix(eventstore): cache instances (#6501) 
* fix(eventstore): cache instances

* fix: consider succeeded once during instance ids query

* fix(eventstore): return correct instances
 2023-09-06 14:34:07 +00:00
some-user123
18c07ab85d
feat: improve translations (#6489) 
* feat: improve translations

* feat: improve translations of notifications
 2023-09-05 12:14:53 +00:00
some-user123
e844c6834c
feat: Improve German translations (#6488) 
Improve German translations

Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-09-04 13:20:50 +00:00
Tim Möhlmann
241befc185
fix(sessions/v2): resolve tOTP TODO for Auth Methods (#6470) 
Fixes #6450
 2023-09-01 12:53:10 +00:00
Tim Möhlmann
87cdd20d72
fix(deps): upgrade oidc and otel (#6468) 2023-09-01 10:32:13 +00:00
Livio Spring
3c8640fbfd
fix: rename (t)otp to code in session checks (#6455) 
* fix: rename (t)otp to code in session checks

* update integration tests

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-08-31 07:06:50 +00:00
Livio Spring
e17b49e4ca
feat: add apple as idp (#6442) 
* feat: manage apple idp

* handle apple idp callback

* add tests for provider

* basic console implementation

* implement flow for login UI and add logos / styling

* tests

* cleanup

* add upload button

* begin i18n

* apple logo positioning, file upload component

* fix add apple instance idp

* add missing apple logos for login

* update to go 1.21

* fix slice compare

* revert permission changes

* concrete error messages

* translate login apple logo -y-2px

* change form parsing

* sign in button

* fix tests

* lint console

---------

Co-authored-by: peintnermax <max@caos.ch>
 2023-08-31 08:39:16 +02:00
Gabriel Enrico
14d799e750
fix: Allow Auth over non-TLS SMTP connections (#6402) 
* fix: Allow Auth over non-TLS SMTP connections

* remove unused struct

---------

Co-authored-by: Kitsune <kitsune@akitsune.dev>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-29 15:37:30 +00:00
Miguel Cabrerizo
fd00ac533a
feat: add reply-to header in email notification (#6393) 
* feat: add reply-to header to smtp messages

* fix: grpc reply_to_address min 0 and js var name

* fix: add missing translations

* fix merge and linting

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-29 09:08:24 +02:00
Elio Bischof
54508ebd82
fix: change force local mfa on org (#6432) 
* fix: change force local mfa on org

* fix test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-25 15:17:12 +02:00
Livio Spring
94d13fd3e1
fix(api): handle id_token_mapping in generic oidc provider correctly (#6428) 2023-08-24 10:31:12 +00:00
Livio Spring
bb40e173bd
feat(api): add otp (sms and email) checks in session api (#6422) 
* feat: add otp (sms and email) checks in session api

* implement sending

* fix tests

* add tests

* add integration tests

* fix merge main and add tests

* put default OTP Email url into config

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
 2023-08-24 09:41:52 +00:00
Elio Bischof
29fa3d417c
feat(console): enable ID token mapping for generic OIDC provider (#6426) 
* fix: use IsIdTokenMapping request property

* feat(console): oidc provider id token mapping

* fix scss

* reduce styles

* fix lint

---------

Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-23 12:57:20 +00:00
Livio Spring
66772ad0dd
fix: restrict AllowRegistration check to local registration (#5939) 
* fix: restrict AllowRegistration check to local registration

* add comment

* add additional tests

* hide registration fields if no registration allowed

* fix: always allow linking and creation of external idps on users in userV2 and admin import

* chore: exclude console dist and node_module folders from cache

* chore: include node_module folders into cache again

* linting
 2023-08-23 13:55:52 +02:00
Livio Spring
cbd2ef0612
fix: use system secret config if generator type does not exist on instance (#6420) 
* fix: use system secret config if generator type does not exist on instance

* remove unused idGenerator
 2023-08-23 08:04:29 +00:00
Silvan
99e1c654a3
feat(storage): read only transactions for queries (#6415) 
* fix: tests

* bastle wie en grosse

* fix(database): scan as callback

* fix tests

* fix merge failures

* remove as of system time

* refactor: remove unused test

* refacotr: remove unused lines
 2023-08-22 10:49:22 +00:00
Livio Spring
a9fb2a6e5c
fix(api): naming cleanup in user and session service (#6379) 
* fix(api): rename first and last name to given and family name, intent to idp_intent, remove _ actions

* fix merge

* fully rename intent to idp intent in api

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2023-08-22 10:05:45 +00:00
Livio Spring
e701e05d23
fix(login): add some missing translations for OTP (#6409) 2023-08-21 12:41:39 +00:00
Livio Spring
84faf98bc2
fix: setMetadata in saml and pre access token triggers (#6398) 2023-08-21 14:21:45 +02:00
Livio Spring
69b49ac0ed
fix(api): return correct http code on assets api (#6388) 
* fix(api): return correct http code on assets api

* add test

* fix test
 2023-08-18 13:51:11 +00:00
Livio Spring
8b44794c75
fix: delete SMTP correctly (#6391) 2023-08-18 14:22:57 +02:00
Livio Spring
90a62b777b
fix: handle metadata from post authentication on auto creation (#6389) 2023-08-18 09:16:58 +00:00
Livio Spring
a99f49999a
fix: OTP SMS texts (#6387) 2023-08-18 10:28:08 +02:00
Silvan
6672dcd87d
fix: add spans in auth requests (#6368) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-18 07:21:31 +00:00
Stefan Benz
52f68f8db8
feat: add ldap external idp to login api (#5938) 
* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: add changes from code review

* fix: remove set intent credentials and handle ldap errors

* fix: remove set intent credentials and handle ldap errors

* refactor into separate methods and fix merge

* remove mocks

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-16 11:29:57 +00:00
Stefan Benz
26b28ed2af
feat: add saml custom attribute action and translations (#6341) 
* feat: add saml custom attribute action and translations

* chore: update saml dependency

* fix: apply suggestions from code review

Co-authored-by: Livio Spring <livio.a@gmail.com>

* fix: custom attribute action with variadic parameter

* docs: add customize saml response docs

* docs: update docs/docs/apis/actions/customize-samlresponse.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

* docs: update docs/docs/apis/actions/customize-samlresponse.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-15 15:04:45 +00:00
Max Peintner
d83681a928
fix(login): mfa prompt styles (#6366) 
* feat: login with otp

* fix(i18n): japanese translation

* add missing files

* fix provider change

* add event types translations to en

* add tests

* resourceOwner

* remove unused handler

* fix: secret generators and add comments

* add setup step

* rename

* linting

* fix setup

* improve otp handling

* fix autocomplete

* translations for login and notifications

* translations for event types

* fix: mfa prompt styles

* fix merge

* fix merge

* fix html

* rm unused files

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-15 14:05:00 +00:00
Livio Spring
7c494fd219
feat(login): add OTP (email and sms) (#6353) 
* feat: login with otp

* fix(i18n): japanese translation

* add missing files

* fix provider change

* add event types translations to en

* add tests

* resourceOwner

* remove unused handler

* fix: secret generators and add comments

* add setup step

* rename

* linting

* fix setup

* improve otp handling

* fix autocomplete

* translations for login and notifications

* translations for event types

* changes from review

* check selected mfa type
 2023-08-15 12:47:05 +00:00
Tim Möhlmann
0017542aa2
feat(api/v2): implement TOTP session check (#6362) 
* feat(api/v2): implement TOTP session check

* add integration test

* correct typo in projection test

* fix event type typos

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-15 09:50:42 +00:00
Florian Forster
8953353210
chore: initial version of a devcontainer (#6352) 
* chore: initial version of a devcontainer

* test

* add make
 2023-08-15 10:49:05 +02:00
Fabian Haenel
c5c773531c
fix: Improve and sync checkSSL functions for CockroachDB and PostgreSQL (#6271) 
* Improve and sync checkSSL functions for cockroach and postgres

* Add missing prefer mode

* Fix missing return in postgres checkSSL on disable
 2023-08-14 13:51:33 +00:00
Ahmed Fwela
133789fee9
feat: get multiple users by id (#6210) 
* feat: introduce InTextQuery, and the ability to get multiple users by id

* added in query tests

* remove append call

* fix lints
 2023-08-12 15:37:42 +02:00
Tim Möhlmann
86af67d1be
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00
Livio Spring
372755bddd
feat(api): add organisation service (#6340) 
* setup org with multiple admins

* tests

* add missing proto

* remove machine users (for now)

* update tests with idp case

* fix package

* organisation -> organization

* fix test
 2023-08-11 14:19:14 +00:00
Miguel Cabrerizo
4123ab7ba7
fix: add Date header to email headers RFC822 (#6302) 2023-08-11 09:17:24 +00:00
Miguel Cabrerizo
6ca789ad44
fix: footerText has no effect (#6297) 2023-08-11 08:16:30 +00:00
Miguel Cabrerizo
dfd469c66f
fix: go back to user selection from other user (#6255) 
* fix: go back to user selection from other user

* fix: replace button with left arrow
 2023-08-10 17:35:52 +00:00
Miguel Cabrerizo
85423b73e9
fix: avatar missing on login after going back (#6238) 
* fix: avatar missing on login after going back

* fix: apply @livio-a suggestion

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-10 14:19:39 +00:00
Livio Spring
e5acfb76b3
test: fix oidc session test (#6342) 
* test: fix oidc session test

* fix test
 2023-08-10 13:38:30 +00:00
Elio Bischof
343a9428b3
feat: SMS and email OTP texts (#6281) 
* manage 2 custom texts proto

* implement methods

* default texts

* console

* improve translations

* lint

* test: fix e2e timeout

* fix translations

* add missing console translations

* remove unused text parts

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-09 05:49:12 +00:00
Livio Spring
8dc1fd06a1
fix: provide tokens in azuread idp session (#6334) 2023-08-08 09:28:47 +00:00
Livio Spring
57857b8d30
fix: check if session is reused on reauthentication (#6322) 
* fix: check if session is reused on reauth steps

* add nolint directive

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2023-08-07 08:01:24 +00:00
Elio Bischof
d937ee3dda
fix: add texts after template reset (#6237) 
* fix: add texts after template reset

* fix unit tests
 2023-08-04 18:12:44 +00:00
Tim Möhlmann
3c7b603650
fix: always update the timestamp in trigger (#6326) 
* always reset timestamp

* re-enable test
 2023-08-04 16:17:16 +00:00
Tim Möhlmann
11b5a73551
fix: trigger session by id in verifySessionToken (#6325) 2023-08-04 18:16:27 +03:00
Livio Spring
45262e6829
fix: migrate external id of federated users (#6312) 
* feat: migrate external id

* implement tests and some renaming

* fix projection

* cleanup

* i18n

* fix event type

* handle migration for new services as well

* typo
 2023-08-04 11:35:36 +02:00
Elio Bischof
d33a4fbb2f
fix: project telemetry once for all instances (#6323) 2023-08-04 09:05:20 +00:00
Stefan Benz
ef012d0081
feat: user v2 phone verification (#6309) 
* feat: add phone change and code verification for user v2 api

* feat: add phone change and code verification for user v2 api

* fix: add ignored phone.proto

* fix: integration tests

* Update proto/zitadel/user/v2alpha/user_service.proto

* Update idp_template.go

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-03 06:42:59 +02:00
Livio Spring
a1942ecdaa
feat(api): add and remove OTP (SMS and email) (#6295) 
* refactor: rename otp to totp

* feat: add otp sms and email

* implement tests
 2023-08-02 18:57:53 +02:00
Tim Möhlmann
4d09409328
feat(crypto): add pbkdf2 support (#6303) 
This change brings pbkdf2 support for password hashing and verification.
 2023-08-02 11:27:18 +00:00
Livio Spring
dd480f8a8d
feat(login): reuse existing session if no prompt is provided and only single session exists (#6272) 
* feat: reuse existing session if no prompt is provided and only single session exists

* fix tests
 2023-08-01 11:21:44 +00:00
Livio Spring
782f7ad647
fix(OIDC): introspection (#6298) 
* fix(OIDC): introspect for PAT

* fix(OIDC): introspect for PAT

* fix(OIDC): introspect

* remove adding projectID into audience
 2023-07-31 13:55:26 +00:00
Livio Spring
43cb62ca4e
fix(i18n): do not translate language itself (#6286) 2023-07-28 09:58:05 +02:00
Livio Spring
789dcd8615
fix: password hash update and add missing i18n (#6285) 2023-07-28 09:09:15 +02:00
Elio Bischof
31ec1d83b9
feat: enable otp email and sms (#6260) 
* feat: enable otp email and sms

* feat: enable otp factors in login settings

* remove tests without value

* translate second factors

* don't add new factors yet

* add comment

* add factors to docs

* backward compatible settings api

* compile tests

* add available 2fa types

* test: add mapping tests

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-28 07:39:30 +02:00
Livio Spring
d3e403f645
perf: reduce events read from eventstore (#6280) 
* fix: events query user

* fix: events query user

* user events query

* fix tests

* fix query

* cleanup

---------

Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
 2023-07-27 12:10:19 +00:00
Livio Spring
2fe76acd14
feat: add secret generators for OTP (#6262) 
This PR adds configuration options for OTP codes through Admin API.
 2023-07-26 11:00:41 +00:00
Elio Bischof
f6bc0479f4
fix: emit project.grant.member.changed event (#6252) 2023-07-21 16:57:09 +02:00
Livio Spring
13e284dd56
fix: ensure resource owner in update human profile (#6253) 2023-07-21 13:42:24 +00:00
Livio Spring
cd5e176e30
fix: user grant by id (#6242) 2023-07-21 11:04:55 +00:00
daniel_michalichyn
fcc1acbf81
feat: Brazilian Portuguese internationalization (#6185) 
* feat: Brazilian Portuguese internationalization

Co-authored-by: Daniel Michalichyn <daniel.henrique@st-one.io>
 2023-07-20 04:40:45 +00:00
Livio Spring
fed15574f6
feat: allow to force MFA local only (#6234) 
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
 2023-07-20 04:06:16 +00:00
Livio Spring
59f3c328ec
feat(OIDC): add support for end_session for V2 tokens (#6226) 
This PR adds support for the OIDC end_session_endpoint for V2 tokens. Sending an id_token_hint as parameter will directly terminate the underlying (SSO) session and all its tokens. Without this param, the user will be redirected to the Login UI, where he will able to choose if to logout.
 2023-07-19 13:17:39 +02:00
Miguel Cabrerizo
ffb587f9ee
fix: sanitize primary domain for orgs (#6125) 
* fix: sanitize primary domain for orgs

* fix: add @stebenz requested changes

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
 2023-07-18 12:42:57 +00:00
Livio Spring
e1b3cda98a
feat(OIDC): support token revocation of V2 tokens (#6203) 
This PR adds support for OAuth2 token revocation of V2 tokens.

Unlike with V1 tokens, it's now possible to revoke a token not only from the authorized client / client which the token was issued to, but rather from all trusted clients (audience)
 2023-07-17 14:33:37 +02:00
Silvan
1c354ca977
ci: improve performance (#5953) 
* pipeline runs on ubuntu instead of docker
* added Makefile to build zitadel core (backend) and console (frontend)
* pipeline runs in parallel where possible
* pipeline is split into multiple jobs
* removed goreleaser
* added command to check if zitadel instance is running
 2023-07-17 10:08:20 +02:00
Florian Forster
bcf4bfc585
fix: autofill related issues (#6201) 2023-07-14 12:35:25 +00:00
Livio Spring
80961125a7
feat(API): support V2 token and session token usage (#6180) 
This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
 2023-07-14 11:16:16 +00:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing (#6196) 
* feat: use passwap for human user passwords

* fix tests

* passwap config

* add the event mapper

* cleanup query side and api

* solve linting errors

* regression test

* try to fix linter errors again

* pass systemdefaults into externalConfigChange migration

* fix: user password set in auth view

* pin passwap v0.2.0

* v2: validate hashed password hash based on prefix

* resolve remaining comments

* add error tag and translation for unsupported hash encoding

* fix unit test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-14 09:49:57 +03:00
Miguel Cabrerizo
78eae6f62b
fix: domain discovery should be case insensitive (#6134) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-12 13:02:16 +00:00
Livio Spring
ee26f99ebf
fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192) 
This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
 2023-07-12 12:24:01 +00:00
Vlatko Stojkovski
a3a1e245ad
feat: i18n support for Macedonian language (#6178) 
* add macedonian language to currently supported languages

* mk yaml login static with en values

* mk json assets with en values

* mk yaml notification static with en values

* add macedonian notification yaml

* mk yaml static with en values

* mk translations for login

* mk translations for internal

* macedonian translations

* - fix lint issues
 2023-07-12 08:41:50 +00:00
Elio Bischof
08f242e98d
perf: skip already pushed check (#6164) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-11 12:10:37 +02:00
Livio Spring
14b8cf4894
feat(api): add OIDC session service (#6157) 
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.


Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
 2023-07-10 13:27:00 +00:00
Tim Möhlmann
112f672266
chore: cleanup command/crypto (#5883) 
* chore: cleanup command/crypto

* cleanup unused function mockEmailCode
 2023-07-10 08:07:10 +00:00
Livio Spring
5cba5cd635
fix: set samesite to none for user agent cookie for iframe usage (#6162) 
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-07-10 07:51:56 +02:00
Livio Spring
26d63cd233
fix: handle missing parameters in external provider callback (#6158) 2023-07-07 21:04:55 +02:00
Livio Spring
6319fdda9e
fix: add scope profile to PAT (#6154) 
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-07-07 17:31:42 +02:00
Livio Spring
59d67bde5f
fix: return secret generators (#6159) 2023-07-07 14:46:02 +00:00
Livio Spring
a5b4319f1f
fix: ignore unchanged console redirect_uris when adding an instance domain (#6156) 
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-07-07 14:15:19 +00:00
Livio Spring
94fdb9a022
fix: org metadata query (#6161) 
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-07-07 15:48:41 +02:00
Fabi
5182cb3ce3
fix: rename to given and family name (#6152) 
* fix: rename to given and family name

* fix: rename to given and family name

* fix: rename to given and family name
 2023-07-07 13:13:45 +00:00
Stefan Benz
d8b823660b
fix: add .txt ending to domain validation as given in console (#6079) 
* fix: add .txt ending to domain validation as given in console

* fix console

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-07 11:50:45 +00:00
Max Peintner
699fc86d1b
fix(login): improve and streamline identity provider styles (#5456) 
* fix: login idp styles

* rem dead code
 2023-07-07 11:17:08 +00:00
Livio Spring
9fed1a7a5b
fix: add font color on new label policy (#6155) 2023-07-07 09:21:10 +00:00
Tim Möhlmann
c0e45b63d8
fix: reset the call timestamp after a bulk trigger (#6080) 
* reproduce #5808

Add an integration test that imports and gets N amount of human users.
- With N set to 1-10 the operation seems to succeed always
- With N set to 100 the operation seems to fail between 1 and 7 times.

* fix merge issue

* fix: reset the call timestamp after a bulk trigger

With the use of `AS OF SYSTEM TIME` in queries,
there was a change for the query package not
finding the latest projection verson after
a bulk trigger.
If events where processed in the bulk trigger,
the resulting row timestamp would be after the call
start timestamp.
This sometimes resulted in consistency issues when
Set and Get API methods are called in short succession.
For example a Import and Get user could sometimes result in a Not Found
error.

Although the issue was reported for the Management API user import,
it is likely this bug contributed to the flaky integration and e2e tests.

Fixes #5808

* trigger bulk action in GetSession

* don't use the new context in handler schedule

* disable reproduction test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-07 08:15:05 +00:00
Miguel Cabrerizo
ae31aa52e4
fix: 404 if asset object not found (#6149) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-07 09:34:50 +02:00
Elio Bischof
9b768003b7
feat: improve milestone format (#6150) 
* feat: milestone format

* feat: push external domain

* cleanup

* Revert "remove prerelease"

This reverts commit 7417fdbeb3.

* fix branch

* remove prerelease
 2023-07-06 19:31:08 +02:00
Elio Bischof
bb756482c7
feat: push telemetry (#6027) 
* document analytics config

* rework configuration and docs

* describe HandleActiveInstances better

* describe active instances on quotas better

* only projected events are considered

* cleanup

* describe changes at runtime

* push milestones

* stop tracking events

* calculate and push 4 in 6 milestones

* reduce milestone pushed

* remove docs

* fix scheduled pseudo event projection

* push 5 in 6 milestones

* push 6 in 6 milestones

* ignore client ids

* fix text array contains

* push human readable milestone type

* statement unit tests

* improve dev and db performance

* organize imports

* cleanup

* organize imports

* test projection

* check rows.Err()

* test search query

* pass linting

* review

* test 4 milestones

* simplify milestone by instance ids query

* use type NamespacedCondition

* cleanup

* lint

* lint

* dont overwrite original error

* no opt-in in examples

* cleanup

* prerelease

* enable request headers

* make limit configurable

* review fixes

* only requeue special handlers secondly

* include integration tests

* Revert "include integration tests"

This reverts commit 96db9504ec.

* pass reducers

* test handlers

* fix unit test

* feat: increment version

* lint

* remove prerelease

* fix integration tests
 2023-07-06 08:38:13 +02:00
Livio Spring
bd5defa96a
fix: provide domain in session, passkey and u2f (#6097) 
This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.
 2023-06-27 14:36:07 +02:00
Tim Möhlmann
56e33ce1a7 fix: rename OTP to TOTP in v2 alpha user api 
This change renames the v2 user OTP registration endpoints and objects
to TOTP.
Also the v2 related code paths have been renamed to TOTP.

This change was discussed during the sprint review.
 2023-06-22 12:06:32 +02:00
Stefan Benz
1b5d6ce89e
feat: session checks with intent (#6031) 
* feat: session checks with intent

* feat: session checks with intent

* fix: integration tests for intent session

* fix: integration tests for intent session

* fix merge

* fix: integration tests for intent session

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-06-21 14:06:18 +00:00
Livio Spring
7e6434fa8c
fix: event handling on UserIDPLinkWriteModel (#6054) 2023-06-21 06:30:39 +00:00
Livio Spring
84085478ec
fix(login): ensure auth request information is up-to-date in external user check (#6060) 2023-06-21 05:00:03 +00:00
Livio Spring
7046194530
feat(api): list authentication method types in user api v2 (#6058) 2023-06-20 16:23:28 +00:00
Livio Spring
82e7333169
feat(api): add password reset and change to user service (#6036) 
* feat(api): add password reset and change to user service

* integration tests

* invalidate password check after password change

* handle notification type

* fix proto
 2023-06-20 17:34:06 +02:00
Livio Spring
1017568cf1
fix: provide more information in the retrieve idp information (#5927) 
* fix: provide more information in the retrieve idp information

* change raw_information to proto struct

* change unmarshal

* improve description
 2023-06-20 14:39:50 +02:00
Tim Möhlmann
09aafb35eb
feat(v2): implement user register OTP (#6030) 
* feat(v2): implement user register OTP

* feat(v2): implement user verify OTP

* session: retry on permission denied
 2023-06-20 10:36:21 +00:00
Firmino Changani
4eaf3fb21e
fix: typo at function's name: checkApplicationType (#6039) 2023-06-19 11:07:56 +00:00
Florian Forster
62f424e69a
chore: translation error in fr (#6052) 2023-06-19 09:59:14 +00:00
dian mushkov
4378eb7cb5
feat: internationalization Bulgarian (#5998) 
* Feature BG init

* lint fix

* Fix merge conflict

* merge main branch add bg lang

* reference centrally defined langs

* refactor supportedLanguages

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Elio Bischof <elio@zitadel.com>
 2023-06-16 17:35:03 +02:00
Livio Spring
1c8037f291
fix: external user check (#6038) 2023-06-16 10:27:43 +02:00
Stefan Benz
8dfaa1dfa5
fix: check if application is active in saml logic (#6003) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-06-15 11:04:27 +02:00
Stefan Benz
2d13d412a2
fix: update linking users if action changed values (#6024) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-06-15 07:02:53 +00:00
Stefan Benz
855d6b1bd5
fix: nil pointer on create instance add machine (#6000) 
* fix: nil pointer on create instance add machine

* fix: instance setup with machine user pat

* fix: correct logic to write pat and key from setup without configurable scope

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-06-15 06:16:39 +00:00
Tim Möhlmann
2e323e8044
feat(v2): register user u2f (#6020) 2023-06-15 05:32:40 +00:00
Stefan Benz
66e639b5ad
fix: handling of org idp migrations and google events (#5992) 2023-06-08 14:08:13 +00:00
Max Peintner
58cfb94e1d
fix(login): url safe encoding base64 (#5983) 
* url safe encoding base64

* js rm export

* fix: publish docker image

* rm releaserc

---------

Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2023-06-08 09:27:03 +02:00
Stefan Benz
5562ee94a6
feat: migrate external idp to other types (#5984) 
* feat: migrate instance oidc to azureAD

* feat: migrate instance oidc to azureAD

* feat: migrate org oidc to azureAD

* feat: migrate oidc to google

* fix: correct idp writemodels

* fix: review changes
 2023-06-08 00:50:53 +02:00
Stefan Benz
0b1738dc5d
fix: check linked users before postAuthentication action (#5980) 
* fix: check linked users before postAuthentication action

* fix: apply suggestions from code review

Co-authored-by: Silvan <silvan.reusser@gmail.com>

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2023-06-08 00:16:02 +02:00
Tim Möhlmann
f456168a74
feat: session v2 passkey authentication (#5952) 2023-06-07 17:28:42 +02:00
Elio Bischof
61feb9d19f
fix: more silence (#5986) 2023-06-06 15:12:54 +00:00
Tim Möhlmann
d5eaa8fa16
fix: display loginname in machine client credentials (#5936) 2023-05-26 13:04:45 +00:00
Stefan Benz
9aed0319c5
fix: token for post authentication action and change phone and email (#5933) 
* fix: token for post authentication action and change phone and email

* fix checks and add tests

* improve change checks and add tests

* add more tests

* remove unintended test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-05-26 07:24:52 +00:00
Stefan Benz
fa8f191812
feat: v2alpha user service idp endpoints (#5879) 
* feat: v2alpha user service idp endpoints

* feat: v2alpha user service intent endpoints

* begin idp intents (callback)

* some cleanup

* runnable idp authentication

* cleanup

* proto cleanup

* retrieve idp info

* improve success and failure handling

* some unit tests

* grpc unit tests

* add permission check AddUserIDPLink

* feat: v2alpha intent writemodel refactoring

* feat: v2alpha intent writemodel refactoring

* feat: v2alpha intent writemodel refactoring

* provider from write model

* fix idp type model and add integration tests

* proto cleanup

* fix integration test

* add missing import

* add more integration tests

* auth url test

* feat: v2alpha intent writemodel refactoring

* remove unused functions

* check token on RetrieveIdentityProviderInformation

* feat: v2alpha intent writemodel refactoring

* fix TestServer_RetrieveIdentityProviderInformation

* fix test

* i18n and linting

* feat: v2alpha intent review changes

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2023-05-24 18:29:58 +00:00
Tim Möhlmann
a301c40f9f
feat: implement register Passkey user API v2 (#5873) 
* command/crypto: DRY the code

- reuse the the algorithm switch to create a secret generator
- add a verifyCryptoCode function

* command: crypto code tests

* migrate webauthn package

* finish integration tests with webauthn mock client
 2023-05-24 10:22:00 +00:00
András Tóth
8c926366a9
fix(database): allow postgres sslmode=require without root cert (#4972) 
* fix(database): allow postgres sslmode=require without root cert

* fix(database): allow postgres sslmode=require without root cert (fix)

Co-authored-by: Silvan <silvan.reusser@gmail.com>

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2023-05-23 14:29:13 +00:00
Elio Bischof
2e86c44aa5
fix: delete cookies (#5885) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-05-19 05:12:31 +00:00
Elio Bischof
885e3385aa
fix: send exhausted property in env json (#5877) 2023-05-17 11:41:54 +02:00
Livio Spring
383e68b819
Merge branch 'main' into grcp-server-reflect 2023-05-16 10:51:32 +02:00
Elio Bischof
0e251a29c8
fix: set exhausted cookie with env json (#5868) 
* fix: set exhausted cookie with env json

* lint
 2023-05-15 08:51:02 +02:00
Silvan
098c27d3da
fix: render authrequest id only if possible (#5823) 2023-05-11 16:02:34 +00:00
Stefan Benz
8d13f170e8
feat(api): new settings service (#5775) 
* feat: add v2alpha policies service

* feat: add v2alpha policies service

* fix: rename of attributes and messages in v2alpha api

* fix: rename of attributes and messages in v2alpha api

* fix: linter corrections

* fix: review corrections

* fix: review corrections

* fix: review corrections

* fix: review corrections

* fix grpc

* refactor: rename to settings and more

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

* add service to docs and rename legal settings

* unit tests for converters

* go mod tidy

* ensure idp name and return list details

* fix: use correct resource owner for active idps

* change query to join

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2023-05-11 09:23:40 +00:00
Elio Bischof
35a0977663
fix: improve exhausted SetCookie header (#5789) 
* fix: remove access interceptor for console

* feat: template quota cookie value

* fix: send exhausted cookie from grpc-gateway

* refactor: remove ineffectual err assignments

* Update internal/api/grpc/server/gateway.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* use dynamic host header to find instance

* add instance mgmt url to environment.json

* support hosts with default ports

* fix linting

* docs: update lb example

* print access logs to stdout

* fix grpc gateway exhausted cookies

* cleanup

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-05-11 09:24:44 +02:00
Tim Möhlmann
1461d9ec6d Merge branch 'main' into grcp-server-reflect 2023-05-07 16:47:52 +02:00