Commit Graph

2999 Commits

Author SHA1 Message Date
Silvan
b55551643a
chore(build): update dependencies (#7606)
(cherry picked from commit c3cb010d2a)
2024-03-25 07:24:33 +01:00
Tim Möhlmann
7816644964
fix(oidc): define audience inside auth request instead of token creation (#7610)
fix(oidc): define audience inside auth request instead off token creation

When using the v1 OIDC Code flow, tokens would not carry the correct audience when returned as JWT. This applies to access tokens as JWT and ID tokens.
Introspection would still show the correct audience.
This happened because project audience was appended at token creation time. This stored the appended audience, used later in introspection or token refresh. However, the OIDC library still only had a view of the original auth request with the original audience.
When signing JWTs it would use this outdated information.

This change moves audience modifications to the auth request creation. This is was already the way it was done for v2 login and now v1 follows the same method.

Co-authored-by: Livio Spring <livio.a@gmail.com>

(cherry picked from commit 9d5cd12cd4)
2024-03-25 07:24:21 +01:00
Silvan
e9b8bb7d14
fix(api): correct mapping of metadata queries (#7609)
(cherry picked from commit 6eb982e368)
2024-03-25 07:18:14 +01:00
Stefan Benz
8f3c91a393
fix: fill resourceowner of project into usergrant projection (#7605)
(cherry picked from commit 517398bba6)
2024-03-21 13:00:37 +01:00
Stefan Benz
0416153e8e
fix: add organizationID query for user v2 ListUsers and clean up depeprecated attribute (#7593)
Add organizationID as query for ListUsers and clean up the deprecated Organisation attributes in other queries.

This PR removes the following fields from API requests (user service v2):

organisation from AddHumanUser (deprecated some time ago, organization still exists)
organization from GetUserByID

(cherry picked from commit 319ebe7898)
2024-03-21 13:00:37 +01:00
Livio Spring
3c2789c7cc
fix: allow login by email case-insensitive (#7578)
A customer noted that the login by email was case-sensitive, which differs to the handling of the loginname.

This PR changes the email check to be case-insensitive (which it was already in same parts) and improve the search for this as well.

(cherry picked from commit 7e24a1adbc)
2024-03-21 13:00:36 +01:00
Livio Spring
09fcbb6841
fix(login): display username after registration with idp (#7598)
It was noticed multiple time (incl. customers) that the loginname is sometimes not rendered in the UI.

This PR fixes such an issue after registration of a new user from an IdP.

(cherry picked from commit b2d7352a5a)
2024-03-21 12:59:59 +01:00
Livio Spring
c1e448d6c1
Merge branch 'main' into next 2024-03-18 07:18:06 +01:00
Livio Spring
6c01882cbd
fix(login): (re)allow HTML in custom login texts (#7575)
fix: allow HTML in custom login texts
(cherry picked from commit 6c3f48f496)
2024-03-15 16:41:35 +01:00
Livio Spring
6c3f48f496
fix(login): (re)allow HTML in custom login texts (#7575)
fix: allow HTML in custom login texts
2024-03-15 16:29:10 +01:00
Fabi
732217bc5e
docs: add org id header in missing requests (#7562)
* docs: add org id header in missing requests

* docs: add org id header to proto definitions

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-15 10:45:14 +00:00
Max Peintner
0d46c39d00
docs: typescript login progress (#7378)
* docs: typescript login progress

* docs

* space

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* future login, show email password login

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-15 11:02:56 +01:00
Silvan
150f3bddf0
docs: add azure entra saml (#7566) 2024-03-15 10:07:30 +01:00
Livio Spring
529b52f028
chore: update stable to 2.41.x (#7547) 2024-03-15 08:17:40 +00:00
Livio Spring
69ea134b33
fix: enable resend code in user initialization without auth request (#7568)
(cherry picked from commit 20d1d56669)
2024-03-15 06:51:06 +01:00
Livio Spring
20d1d56669
fix: enable resend code in user initialization without auth request (#7568) 2024-03-15 06:50:55 +01:00
PaulHiryliuk
3be559038b
feat: updated russian translations by native speaker with a user poli… (#7567)
feat: updated russian translations by native speaker with a user polite approach

Co-authored-by: Pavel Girilyuk <pavel.girilyuk@digitalchief.ru>
Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-14 15:29:24 +00:00
Max Peintner
8be64f4991
fix(console): phone, email, branding dialogs (#7539)
* fix: phone, email, branding dialogs

* use full width for phone number

* fix user create phone width

* reset width

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-03-14 13:38:09 +00:00
Fabi
802b6c7fd1
docs: Okta saml idp docs (#7523)
* docs: add guide to setup okta saml idp

* docs: remove todo

* docs: okta user data info

* docs: fix broken links

* docs: add references to API docs

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* docs: default settings

* docs: default settings

* docs: add saml mapping action

* docs: add saml mapping action

* docs: add saml mapping action

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-03-14 11:47:03 +00:00
Livio Spring
bbb4dea0bd
chore: fix artifact upload for container build (#7565) 2024-03-14 11:10:53 +00:00
Stefan Benz
fb3c6f791b
feat: query side for executions and targets for actions v2 (#7524)
* feat: add projections and query side to executions and targets

* feat: add list and get endpoints for targets

* feat: add integration tests for query endpoints target and execution

* fix: linting

* fix: linting

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: remove position from list details
2024-03-14 09:56:23 +00:00
Livio Spring
5d2cfc06d5
chore: update github actions (#7564) 2024-03-14 09:26:31 +00:00
Livio Spring
252e59d5cd
fix: get orgID when missing on trigger logs (#7555) 2024-03-14 08:49:10 +00:00
Fabi
bcff220cb4
docs: onboarding users (#7462)
* docs: log module for actions

* docs: info on registration options

* docs: add saml description

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* docs: org scope

---------

Co-authored-by: mffap <mpa@zitadel.com>
2024-03-14 08:25:46 +00:00
Miguel Cabrerizo
dff5984f7d
fix: add expiration date information to service users keys (#7497)
* feat: add ExpirationDate to MachineKey JSON detail

* fix: include time in expiration date column for machine keys table

* fix: show expiration date in ShowKeyDialog if available

* fix: add machine key expiration date note

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-03-13 18:21:19 +00:00
Silvan
30a1f4b39e
docs(actions): add examples (#7494)
* docs(actions): add use cases

* docs(actions): extend available modules

* docs(actions): add example to http module

* hide code in details

* add saml response,
correct code examples

* describe internal authentication flow

* rename to code examples
2024-03-13 17:49:36 +01:00
Elio Bischof
6a1b708ff8
feat: console descriptions (#7552)
* org page descriptions

* feat(console): describe options

* docs: fix bullet

* lint

* refactor: cleanup unused translations

* translate

* translate

* translate

* members

* add links

* translate

* remove scripts

* lint

* remove node-jq

* fix styles

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-03-13 14:53:48 +00:00
Max Peintner
1db10a4286
fix(console): app integration without context (#7541)
* fix: app integration without context

* cleanup

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-03-13 11:27:53 +01:00
Livio Spring
266abcb23b
docs: describe session validation (#7548)
* docs: describe session validation

* typo

* resolve comments
2024-03-13 07:24:33 +00:00
Livio Spring
5908b97e7c
fix: rendering of TOTP QR code (#7549)
(cherry picked from commit a28b3a1c2d)
2024-03-12 17:27:50 +01:00
Livio Spring
a28b3a1c2d
fix: rendering of TOTP QR code (#7549) 2024-03-12 16:20:42 +00:00
Livio Spring
0e181b218c
feat: implement user schema management (#7416)
This PR adds the functionality to manage user schemas through the new user schema service.
It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation.

Further annotations for OIDC claims and SAML attribute mappings will follow.

A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those.

Note:
This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
2024-03-12 13:50:13 +00:00
Fabi
2a39cc16f5
docs: external audit log (#7510)
* docs: external audit log

* docs: cockroach change data capture

* docs: add actions possibility

* docs: change sidebar

* docs: requested changes

* docs: requested changes

* docs: requested changes

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-03-11 14:07:58 +00:00
Silvan
4224c7ad3a
chore(core): update dependencies (#7517)
* chore(core): update dependencies

* chore(core): update dependencies
2024-03-11 10:43:56 +00:00
Livio Spring
50b2ea6e1f
refactor: copy only required frameworks icons from docs in console (#7538)
(cherry picked from commit 860b80c9ee)
2024-03-11 09:36:54 +01:00
Livio Spring
860b80c9ee
refactor: copy only required frameworks icons from docs in console (#7538) 2024-03-11 08:33:05 +00:00
Silvan
e0e5665e17
fix(eventstore): consider IsGlobal-flag of constraints (#7518)
* fix(eventstore): consider `IsGlobal`-flag of constraints

* fix(setup): set `instance_domain`-constraint global

(cherry picked from commit 60ee2610f2)
2024-03-11 08:44:39 +01:00
Livio Spring
3c0cd30afe
fix: use correct template package (#7522)
(cherry picked from commit 07ec2efa9d)
2024-03-11 08:30:15 +01:00
Silvan
7b537243c4
docs: describe combinations of flow and trigger types (#7519)
* docs(api): describe which flow and trigger types word together

* docs(actions): describe which flow and trigger types work together

* Update management.proto

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-11 07:24:24 +00:00
Livio Spring
07ec2efa9d
fix: use correct template package (#7522) 2024-03-11 07:52:02 +01:00
Silvan
60ee2610f2
fix(eventstore): consider IsGlobal-flag of constraints (#7518)
* fix(eventstore): consider `IsGlobal`-flag of constraints

* fix(setup): set `instance_domain`-constraint global
2024-03-08 13:33:53 +00:00
Fabi
fd39729089
docs: add note about x-zitadel-login-client matching pat when building your login ui (#7521)
docs: add note about x-zitadel-login-client matching pat
2024-03-08 13:02:53 +00:00
Stefan Benz
9f72fc63ac
fix: add additional permission tests to user v2 query endpoints (#7382)
Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
2024-03-08 08:37:23 +00:00
Stefan Benz
6df4b1b2c2
fix: combine resourceowner query in reduce function for user grant (#7383)
* fix: projection reduce correction with unit tests

* fix: remove eventcout variable as not used anymore

* fix: add errors if resoureowner is not found in user grants reduce
2024-03-08 07:52:59 +00:00
dependabot[bot]
213c425806
chore(deps): bump codecov/codecov-action from 3.1.4 to 4.1.0 (#7470)
* chore(deps): bump codecov/codecov-action from 3.1.4 to 4.1.0

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.4...v4.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add CODECOV_TOKEN

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-08 08:20:33 +01:00
dependabot[bot]
87086c190b
chore(deps): bump docker/build-push-action from 4 to 5 (#7469)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-08 06:52:49 +00:00
dependabot[bot]
37eea6940a
chore(deps): bump actions/cache from 3 to 4 (#7473)
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-08 07:38:32 +01:00
Livio Spring
98bd355ce2
chore(workflow): update github actions (#7508) 2024-03-07 15:38:38 +00:00
mffap
89a3ffa6fd
docs(legal): update cookies in privacy policy (#7493)
* docs(legal): update cookies in privacy policy

* add note about customer instances

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@zitadel.com>

* perf: filter events by instance ids (#7489)

fix: filter events by instance ids

* docs: describe DefaultInstance vs FirstInstance (#7487)

* docs: describe DefaultInstance vs FirstInstance

* link to docs

* add better searchable tip to the docs

* add better searchable tip to the docs

* add link

* docs: remove localhost from links (#7503)

* remove visitor analytics

* Update docs/docs/legal/policies/privacy-policy.mdx

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-03-07 11:35:22 +00:00
Tim Möhlmann
8e2c3b671f
fix(query): optimize instance by domain query (#7513)
fix(query): optimize instance by domain query

On zitadel cloud we noticed an increase in database CPU usage and slightly higher response times.
By analyzes we found that the instance by domain query was wrongly joining all instance_feature rows against all instances.
This PR adds an additional CTE to limit the join set to only the features that apply to the found instance.

The query was introduced with https://github.com/zitadel/zitadel/pull/7356 and part of the v2.47 release.

(cherry picked from commit 3af28d29d2)
2024-03-07 11:44:31 +01:00