Commit Graph

2920 Commits

Author SHA1 Message Date
Silvan
8bc56f6fe7 fix(query): escape wildcards in text search (#7131) (#7135)
* fix(query): escape like wildcards

* test: search query wildcards

* add do nothing
2024-01-02 16:27:36 +01:00
Silvan
9892fd92b6 refactor: cleanup unused code (#7130)
* refactor: drop unused code

* refactor: drop unused code
2024-01-02 14:26:31 +00:00
Silvan
4e3936b5bf ci: publish sha to docker registry (#7127) 2024-01-02 14:03:23 +00:00
Silvan
a8b8c89f73 perf(query): increase speed of user queries (#7126) (#7128)
* perf(query): increase speed of user queries
2024-01-02 14:41:46 +01:00
Silvan
cc2dd8b20b fix(eventstore): increase performance on push (#7125) 2023-12-31 15:30:25 +01:00
Silvan
6d3ce8d5ab fix(projection): correct type cast of user grant reactivated (#7123)
* fix(projection): correct type cast of user grant reactivated

* test: correct mapper
2023-12-31 14:03:23 +01:00
Tim Möhlmann
45ccdcfa99 fix(oidc): nil check for client secret (#7115)
This fixes a nil pointer panic when client basic auth is attempted on a client without secret in introspection.
2023-12-28 13:31:41 +00:00
Yordis Prieto
9d5d1cf3ea feat: allow glob redirects (#7091)
fixes #5110
2023-12-28 11:25:18 +02:00
Tim Möhlmann
3483ec470d fix(oidc): ignore unknown language tag in userinfo unmarshal (#7108)
This change upgrades oidc to include the fix into zitadel.
2023-12-22 12:52:01 +00:00
Tim Möhlmann
85eb2eda0b fix(oidc): refresh token for device authorization (#7104)
fix(oidc); refresh token for device authorization

Due to a mis-alignment of OIDC interface and concrete implementations in zitadel, requesting a refresh token for device authorization would fail.
This change adds the possibility to to use the op.IDTokenRequest directly.
Also, the UserAgentID is dropped as required parameter, as devices do not have a user agent.
2023-12-21 13:57:33 +00:00
Silvan
5ce542b959 fix(handler): allow uint32 offset for migration scenarios (#7103) 2023-12-21 10:40:51 +00:00
mffap
ab2c3f7752 docs(examples): update examples (#7014)
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-12-21 10:01:11 +00:00
Stefan Benz
a0a82b59e1 feat: user service v2 create, update and remove (#6996)
* feat: user service v2 remove user

* feat: user service v2 add user human

* feat: user service v2 change user human

* feat: user service v2 change user human unit tests

* feat: user service v2 reactivate, deactivate, lock, unlock user

* feat: user service v2 integration tests

* fix: merge back origin/main

* lint: linter corrections

* fix: move permission check for isVerfied and password change

* fix: add deprecated notices and other review comments

* fix: consistent naming in proto

* fix: errors package renaming

* fix: remove / delete user renaming in integration test

* fix: machine user status changes through user v2 api

* fix: linting changes

* fix: linting changes

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-21 10:03:37 +01:00
Livio Spring
acb604c045 docs: fix link to enterprise features 2023-12-21 07:47:06 +01:00
Tim Möhlmann
fe1337536f fix(db): add additional connection pool for projection spooling (#7094)
* fix(db): add additional connection pool for projection spooling

* use correct connection pool for projections

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-20 16:13:04 +00:00
Livio Spring
f4e73b9b75 docs: update go api client guide (#7099)
* docs: update go api client guide

* update branch reference
2023-12-20 15:56:48 +00:00
Tim Möhlmann
e22689c125 feat(oidc): id token for device authorization (#7088)
* cleanup todo

* pass id token details to oidc

* feat(oidc): id token for device authorization

This changes updates to the newest oidc version,
so the Device Authorization grant can return ID tokens when
the scope `openid` is set.
There is also some refactoring done, so that the eventstore can be
queried directly when polling for state.
The projection is cleaned up to a minimum with only data required for the login UI.

* try to be explicit wit hthe timezone to fix github

* pin oidc v3.8.0

* remove TBD entry
2023-12-20 13:21:08 +01:00
mcrodriguezb
e15f6229cd fix: Update payload for Get Provider Information (#7086)
Update payload for Get Provider Information

Payload was set to token when it should be idpIntentToken

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-20 08:33:59 +00:00
Livio Spring
7dc8c19f39 docs: add go authentication example (#7034)
* docs: add go authentication example

* update sdks and example overview

* update branch name
2023-12-19 12:22:32 +00:00
Livio Spring
edaa41903e fix(projections): handle every instance by default and randomize start (#7093) 2023-12-19 13:32:08 +02:00
Elio Bischof
c3e6257d68 fix: keep user idp links (#7079)
* login

* auth methods

* NewIDPUserLinksActiveQuery

* use has_login_policy projection

* fix unit tests

* docs

* keep old user links projection

* fix tests

* cleanup

* cleanup comments

* test idp links are not removed

* idempotent auth method test

* idempotent auth method test
2023-12-19 10:25:50 +00:00
Fabi
2c4e7070ea docs: correct env var docs (#7082)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-18 10:54:43 +00:00
Tim Möhlmann
1adfca9d28 fix(crypto): allow parsing of cost int from env string (#7061)
fic(crypto): allow parsing of cost int from env string
2023-12-15 11:16:05 +00:00
Miguel Cabrerizo
dae1911d43 docs(linux): fix download and unpack release bash snippet (#7076)
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-12-14 19:07:39 +01:00
Livio Spring
19d9b8ad41 fix: reduce eventual consistency (#7075)
* fix: reduce eventual consistency

* fix tests

* fix linting
2023-12-14 11:07:47 +01:00
Fabi
51ebf7da8d fix: add example action to autofill userdata on okta (#7060)
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-13 13:22:35 +01:00
Stefan Benz
102f436c2e fix: upgrade saml to v0.1.3 (#7072) 2023-12-13 10:43:02 +00:00
Fabi
e005ed5114 docs: disable mfa prompt (#7063)
* docs: disable mfa prompt

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
2023-12-12 09:58:35 +01:00
Hoang Nghia Anh (Appsec)
0e4a62b66f docs: Update managers.mdx (#7053)
Update managers.mdx

Fix small syntax

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-12-11 15:38:57 +01:00
Livio Spring
831bb88ec4 fix: correctly delete sessions created before 2.42 (#7050)
* fix: correctly delete sessions created before 2.42

* fix test

* fix linting

* fixes requested from review
2023-12-09 08:59:51 +00:00
Livio Spring
aa3c352ae7 fix: update external username on idp if auto update is enabled (#7048)
* fix: update external username on idp if auto update is enabled

* update errors package
2023-12-08 18:22:07 +01:00
Tim Möhlmann
f680dd934d refactor: rename package errors to zerrors (#7039)
* chore: rename package errors to zerrors

* rename package errors to gerrors

* fix error related linting issues

* fix zitadel error assertion

* fix gosimple linting issues

* fix deprecated linting issues

* resolve gci linting issues

* fix import structure

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00
Silvan
ddbea119f1 fix(query): user performance (#6537)
* start user by id

* ignore debug bin

* use new user by id

* new sql

* fix(sql): replace STRING with text for psql compatabilit

* some changes

* fix: correct user queries

* fix tests

* unify sql statements

* use specific get user methods

* search login name case insensitive

* refactor: optimise user statements

* add index

* fix queries

* fix: correct domain segregation

* return all login names

* fix queries

* improve readability

* query should be correct now

* cleanup statements

* fix username / loginname handling

* fix: psql doesn't support create view if not exists

* fix: create pre-release

* ignore release comments

* add lower fields

* fix: always to lower

* update to latest projection

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-08 13:14:22 +01:00
Miguel Cabrerizo
94e0caa601 fix: verify domain revamped (#6970)
* fix: verify domain revamped

* fix: add link to docs in dialog

* fix: add missing translations including dutch

* fix: add @eliobischof suggestions

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-07 12:53:53 +00:00
Elio Bischof
d639c5200a feat: manage restrictions in console (#6965)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* fix(console): switch back to saved language

* feat(API): get allowed languages

* fix(console): only make allowed languages selectable

* warn when editing not allowed languages

* feat: manage restrictions in console

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* manage languages

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* allow unsupported preferred languages

* lint

* fix languages lists

* simplify default language selection

* translate

* discard

* lint

* load languages for tests

* load languages

* lint

* cleanup

* lint

* cleanup

* get allowed only on admin

* cleanup

* reduce flakiness on very limited postgres

* simplify langSvc

* refactor according to suggestions in pr

* lint

* improve ux

* update central allowed languages

* set first allowed language as default

* readd lost translations

* disable sorting disallowed languages

* fix permissions

* lint

* selectionchange for language in msg texts

* initialize login texts

* init message texts

* lint

* fix drag and drop list styles

* start from 1

* cleanup

* prettier

* correct orgdefaultlabel

* unsubscribe

* lint

* docs: describe language settings

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-12-07 12:31:01 +00:00
Elio Bischof
3842319d07 fix(console): reset events filter to initial values (#7037) 2023-12-07 13:12:21 +01:00
Elio Bischof
9da4abd459 feat: add time range events filter (#7005)
* feat(console): add time range events filter

* deprecate creation_date, use oneof filter

* use range or from

* implement api

* fix timestamp format

* translate

* styles

* lint

* integration tests

* fix until date

* rearrange sorting control

* sort creation date

* fix events e2e test

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* lint

* lint

* don't use utc call time

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-07 10:15:53 +00:00
Tim Möhlmann
2e505f40f9 fix(oidc): return clients without instance settings (#7036) 2023-12-07 09:43:45 +00:00
Koen-Nocore
fb235d7ea1 docs: Update _postgres.mdx (#7027)
Update _postgres.mdx

Added MaxIdleConns since this option is missing in the Postgres database settings.
My implementation was slow, because this setting wasn't set and I found it after checking the larger config files. Might have value to show that this value can be set in the database specific page.

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-07 09:15:56 +00:00
Elio Bischof
8c85318fbd fix: restrict languages in console (#6964)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* fix(console): switch back to saved language

* feat(API): get allowed languages

* fix(console): only make allowed languages selectable

* warn when editing not allowed languages

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* allow unsupported preferred languages

* lint

* load languages for tests

* cleanup

* lint

* cleanup

* get allowed only on admin

* cleanup

* reduce flakiness on very limited postgres

* simplify langSvc

* refactor according to suggestions in pr

* lint

* set first allowed language as default

* selectionchange for language in msg texts

* initialize login texts

* init message texts

* lint

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-12-07 08:43:23 +00:00
Miguel Cabrerizo
f09fbf8709 fix: missing clear selection after delete action (#6982)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-07 00:25:59 +00:00
Livio Spring
6f3afb810d fix: use host with potential port for instance context (#7022) 2023-12-06 16:53:41 +00:00
Livio Spring
a87f54b328 docs: update go authorization example to the new version (#7015)
* docs: update go authorization example to the new version

* fix reference to code
2023-12-06 18:32:43 +02:00
Livio Spring
970c062307 fix: projection version of restrictions (#7028) 2023-12-06 10:30:56 +00:00
Tim Möhlmann
ec03340b67 perf(oidc): optimize client verification (#6999)
* fix some spelling errors

* client credential auth

* implementation of client auth

* improve error handling

* unit test command package

* unit test database package

* unit test query package

* cleanup unused tracing func

* fix integration tests

* errz to zerrors

* fix linting and import issues

* fix another linting error

* integration test with client secret

* Revert "integration test with client secret"

This reverts commit 0814ba522f.

* add integration tests

* client credentials integration test

* resolve comments

* pin oidc v3.5.0
2023-12-05 17:01:03 +00:00
Tim Möhlmann
51cfb9564a chore(user/v2): solve test TODO that depended on session tokens (#6973)
Closes #6022,

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-05 15:28:17 +00:00
Elio Bischof
dd33538c0a feat: restrict languages (#6931)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
2023-12-05 11:12:01 +00:00
Livio Spring
236930f109 docs(api): add session lifetime format for REST calls (#7019) 2023-12-05 10:25:52 +01:00
Silvan
060b4ab2f0 docs(10006): clarify required crdb versions (#7012) 2023-12-04 11:24:36 +01:00
Tim Zook
302b4b90d4 fix(init): correct quoting of database and user (#6928)
* fix(init): correct quoting

* quote username in logstore migration

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-03 08:30:08 +00:00