Tim Möhlmann
4e3fd305ab
fix(crypto): reject decrypted strings with non-UTF8 characters. ( #8374 )
...
# Which Problems Are Solved
We noticed logging where 500: Internal Server errors were returned from
the token endpoint, mostly for the `refresh_token` grant. The error was
thrown by the database as it received non-UTF8 strings for token IDs
Zitadel uses symmetric encryption for opaque tokens, including refresh
tokens. Encrypted values are base64 encoded. It appeared to be possible
to send garbage base64 to the token endpoint, which will pass decryption
and string-splitting. In those cases the resulting ID is not a valid
UTF-8 string.
Invalid non-UTF8 strings are now rejected during token decryption.
# How the Problems Are Solved
- `AESCrypto.DecryptString()` checks if the decrypted bytes only contain
valid UTF-8 characters before converting them into a string.
- `AESCrypto.Decrypt()` is unmodified and still allows decryption on
non-UTF8 byte strings.
- `FromRefreshToken` now uses `DecryptString` instead of `Decrypt`
# Additional Changes
- Unit tests added for `FromRefreshToken` and
`AESCrypto.DecryptString()`.
- Fuzz tests added for `FromRefreshToken` and
`AESCrypto.DecryptString()`. This was to pinpoint the problem
- Testdata with values that resulted in invalid strings are committed.
In the pipeline this results in the Fuzz tests to execute as regular
unit-test cases. As we don't use the `-fuzz` flag in the pipeline no
further fuzzing is performed.
# Additional Context
- Closes #7765
- https://go.dev/doc/tutorial/fuzz
2024-08-02 08:38:37 +00:00
Silvan
99c645cc60
refactor(database): exchange connection pool ( #8325 )
...
# Which Problems Are Solved
The connection pool of go uses a high amount of database connections.
# How the Problems Are Solved
The standard lib connection pool was replaced by `pgxpool.Pool`
# Additional Changes
The `db.BeginTx`-spans are removed because they cause to much noise in
the traces.
# Additional Context
- part of https://github.com/zitadel/zitadel/issues/7639
2024-07-17 15:16:02 +00:00
Tim Möhlmann
dc170dc46e
feat(crypto): support md5 plain for imported password hashes ( #8189 )
...
# Which Problems Are Solved
Allow verification of imported passwords hashed with plain md5, without
salt. These are password digests typically created by one of:
- `printf "password" | md5sum` on most linux systems.
- PHP's `md5("password")`
- Python3's `hashlib.md5(b"password").hexdigest()`
# How the Problems Are Solved
- Upgrade passwap to
[v0.6.0](https://github.com/zitadel/passwap/releases/tag/v0.6.0 )
- Add md5plain as a new verfier option in `defaults.yaml`
# Additional Changes
- Updated documentation to explain difference between `md5` (crypt) and
`md5plain` verifiers.
# Additional Context
- Requested by customer for import case
2024-06-25 11:10:49 +03:00
Silvan
2243306ef6
feat(cmd): mirror ( #7004 )
...
# Which Problems Are Solved
Adds the possibility to mirror an existing database to a new one.
For that a new command was added `zitadel mirror`. Including it's
subcommands for a more fine grained mirror of the data.
Sub commands:
* `zitadel mirror eventstore`: copies only events and their unique
constraints
* `zitadel mirror system`: mirrors the data of the `system`-schema
* `zitadel mirror projections`: runs all projections
* `zitadel mirror auth`: copies auth requests
* `zitadel mirror verify`: counts the amount of rows in the source and
destination database and prints the diff.
The command requires one of the following flags:
* `--system`: copies all instances of the system
* `--instance <instance-id>`, `--instance <comma separated list of
instance ids>`: copies only the defined instances
The command is save to execute multiple times by adding the
`--replace`-flag. This replaces currently existing data except of the
`events`-table
# Additional Changes
A `--for-mirror`-flag was added to `zitadel setup` to prepare the new
database. The flag skips the creation of the first instances and initial
run of projections.
It is now possible to skip the creation of the first instance during
setup by setting `FirstInstance.Skip` to true in the steps
configuration.
# Additional info
It is currently not possible to merge multiple databases. See
https://github.com/zitadel/zitadel/issues/7964 for more details.
It is currently not possible to use files. See
https://github.com/zitadel/zitadel/issues/7966 for more information.
closes https://github.com/zitadel/zitadel/issues/7586
closes https://github.com/zitadel/zitadel/issues/7486
### Definition of Ready
- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [x] All open todos and follow ups are defined in a new ticket and
justified
- [x] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-05-30 09:35:30 +00:00
Tim Möhlmann
2089992d75
feat(crypto): use passwap for machine and app secrets ( #7657 )
...
* feat(crypto): use passwap for machine and app secrets
* fix command package tests
* add hash generator command test
* naming convention, fix query tests
* rename PasswordHasher and cleanup start commands
* add reducer tests
* fix intergration tests, cleanup old config
* add app secret unit tests
* solve setup panics
* fix push of updated events
* add missing event translations
* update documentation
* solve linter errors
* remove nolint:SA1019 as it doesn't seem to help anyway
* add nolint to deprecated filter usage
* update users migration version
* remove unused ClientSecret from APIConfigChangedEvent
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-05 09:35:49 +00:00
Tim Möhlmann
25ef3da9d5
refactor(fmt): run gci on complete project ( #7557 )
...
chore(fmt): run gci on complete project
Fix global import formatting in go code by running the `gci` command. This allows us to just use the command directly, instead of fixing the import order manually for the linter, on each PR.
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 10:43:43 +00:00
Tim Möhlmann
093dd57a78
fix(db): wrap BeginTx in spans to get acquire metrics ( #7689 )
...
feat(db): wrap BeginTx in spans to get acquire metrics
This changes adds a span around most db.BeginTx calls so we can get tracings about the connection pool acquire process.
This might help us pinpoint why sometimes some query package traces show longer execution times, while this was not reflected on database side execution times.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-04-03 11:48:24 +03:00
Silvan
56df515e5f
chore: use pgx v5 ( #7577 )
...
* chore: use pgx v5
* chore: update go version
* remove direct pq dependency
* remove unnecessary type
* scan test
* map scanner
* converter
* uint8 number array
* duration
* most unit tests work
* unit tests work
* chore: coverage
* go 1.21
* linting
* int64 gopfertammi
* retry go 1.22
* retry go 1.22
* revert to go v1.21.5
* update go toolchain to 1.21.8
* go 1.21.8
* remove test flag
* go 1.21.5
* linting
* update toolchain
* use correct array
* use correct array
* add byte array
* correct value
* correct error message
* go 1.21 compatible
2024-03-27 15:48:22 +02:00
Silvan
17953e9040
fix(setup): init projections ( #7194 )
...
Even though this is a feature it's released as fix so that we can back port to earlier revisions.
As reported by multiple users startup of ZITADEL after leaded to downtime and worst case rollbacks to the previously deployed version.
The problem starts rising when there are too many events to process after the start of ZITADEL. The root cause are changes on projections (database tables) which must be recomputed. This PR solves this problem by adding a new step to the setup phase which prefills the projections. The step can be enabled by adding the `--init-projections`-flag to `setup`, `start-from-init` and `start-from-setup`. Setting this flag results in potentially longer duration of the setup phase but reduces the risk of the problems mentioned in the paragraph above.
2024-01-25 17:28:20 +01:00
Silvan
b7d027e2fd
fix(db): always use begin tx ( #7142 )
...
* fix(db): always use begin tx
* fix(handler): timeout for begin
2024-01-04 16:12:20 +00:00
Tim Möhlmann
1adfca9d28
fix(crypto): allow parsing of cost int from env string ( #7061 )
...
fic(crypto): allow parsing of cost int from env string
2023-12-15 11:16:05 +00:00
Tim Möhlmann
f680dd934d
refactor: rename package errors to zerrors ( #7039 )
...
* chore: rename package errors to zerrors
* rename package errors to gerrors
* fix error related linting issues
* fix zitadel error assertion
* fix gosimple linting issues
* fix deprecated linting issues
* resolve gci linting issues
* fix import structure
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00
Tim Möhlmann
2f91679623
chore(Makefile): add go generate target ( #6944 )
...
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.
`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.
The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-11-22 10:56:43 +00:00
Tim Möhlmann
0af1c65c4c
fix: allow unused keys in hasher config ( #6724 )
2023-10-13 13:11:20 +00:00
Silvan
99e1c654a3
feat(storage): read only transactions for queries ( #6415 )
...
* fix: tests
* bastle wie en grosse
* fix(database): scan as callback
* fix tests
* fix merge failures
* remove as of system time
* refactor: remove unused test
* refacotr: remove unused lines
2023-08-22 10:49:22 +00:00
Livio Spring
7c494fd219
feat(login): add OTP (email and sms) ( #6353 )
...
* feat: login with otp
* fix(i18n): japanese translation
* add missing files
* fix provider change
* add event types translations to en
* add tests
* resourceOwner
* remove unused handler
* fix: secret generators and add comments
* add setup step
* rename
* linting
* fix setup
* improve otp handling
* fix autocomplete
* translations for login and notifications
* translations for event types
* changes from review
* check selected mfa type
2023-08-15 12:47:05 +00:00
Tim Möhlmann
4d09409328
feat(crypto): add pbkdf2 support ( #6303 )
...
This change brings pbkdf2 support for password hashing and verification.
2023-08-02 11:27:18 +00:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing ( #6196 )
...
* feat: use passwap for human user passwords
* fix tests
* passwap config
* add the event mapper
* cleanup query side and api
* solve linting errors
* regression test
* try to fix linter errors again
* pass systemdefaults into externalConfigChange migration
* fix: user password set in auth view
* pin passwap v0.2.0
* v2: validate hashed password hash based on prefix
* resolve remaining comments
* add error tag and translation for unsupported hash encoding
* fix unit test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-14 09:49:57 +03:00
Stefan Benz
1b5d6ce89e
feat: session checks with intent ( #6031 )
...
* feat: session checks with intent
* feat: session checks with intent
* fix: integration tests for intent session
* fix: integration tests for intent session
* fix merge
* fix: integration tests for intent session
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-21 14:06:18 +00:00
Livio Spring
82e7333169
feat(api): add password reset and change to user service ( #6036 )
...
* feat(api): add password reset and change to user service
* integration tests
* invalidate password check after password change
* handle notification type
* fix proto
2023-06-20 17:34:06 +02:00
Stefan Benz
7a5f7f82cf
feat(saml): implementation of saml for ZITADEL v2 ( #3618 )
2022-09-12 18:18:08 +02:00
Stefan Benz
bc9a85daf3
feat: V2 alpha import and export of organizations ( #3798 )
...
* feat(import): add functionality to import data into an instance
* feat(import): move import to admin api and additional checks for nil pointer
* fix(export): export implementation with filtered members and grants
* fix: export and import implementation
* fix: add possibility to export hashed passwords with the user
* fix(import): import with structure of v1 and v2
* docs: add v1 proto
* fix(import): check im imported user is already existing
* fix(import): add otp import function
* fix(import): add external idps, domains, custom text and messages
* fix(import): correct usage of default values from login policy
* fix(export): fix renaming of add project function
* fix(import): move checks for unit tests
* expect filter
* fix(import): move checks for unit tests
* fix(import): move checks for unit tests
* fix(import): produce prerelease from branch
* fix(import): correctly use provided user id for machine user imports
* fix(import): corrected otp import and added guide for export and import
* fix: import verified and primary domains
* fix(import): add reading from gcs, s3 and localfile with tracing
* fix(import): gcs and s3, file size correction and error logging
* Delete docker-compose.yml
* fix(import): progress logging and count of resources
* fix(import): progress logging and count of resources
* log subscription
* fix(import): incorporate review
* fix(import): incorporate review
* docs: add suggestion for import
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix(import): add verification otp event and handling of deleted but existing users
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-07-28 13:42:35 +00:00
Fabi
48fbf1a28e
feat: add random string to generated domain ( #3634 )
2022-05-16 11:26:24 +02:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Silvan
cea2567e22
fix: v2 human command ( #3435 )
...
* add/register human command done
* validations
* crypto
* move clientid
* keys
* fix: clientID
* remove v2 package
* tests
* tests running
* revert old code
* instance domain from ctx
* chore: rename zitadel app ids
* comments
* fix: test
2022-04-12 16:20:17 +02:00
Livio Amstutz
5463244376
feat: encryption keys in database ( #3265 )
...
* enable overwrite of adminUser fields in defaults.yaml
* create schema and table
* cli: create keys
* cli: create keys
* read encryptionkey from db
* merge v2
* file names
* cleanup defaults.yaml
* remove custom errors
* load encryptionKeys on start
* cleanup
* fix merge
* update system defaults
* fix error message
2022-03-14 07:55:09 +01:00
Livio Amstutz
389eb4a27a
feat: run on a single port ( #3163 )
...
* start v2
* start
* run
* some cleanup
* remove v2 pkg again
* simplify
* webauthn
* remove unused config
* fix login path in Dockerfile
* fix asset_generator.go
* health handler
* fix grpc web
* refactor
* merge
* build new main.go
* run new main.go
* update logging pkg
* fix error msg
* update logging
* cleanup
* cleanup
* go mod tidy
* change localDevMode
* fix customEndpoints
* update logging
* comments
* change local flag to external configs
* fix location generated go code
* fix
Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 17:22:30 +01:00
Livio Amstutz
9ab566fdeb
fix(query): keys ( #2755 )
...
* fix: add keys to projections
* change to multiple tables
* query keys
* query keys
* fix race condition
* fix timer reset
* begin tests
* tests
* remove migration
* only send to keyChannel if not nil
2022-01-12 13:22:04 +01:00
Livio Amstutz
f0a77e80bf
fix: add keys to projections ( #2728 )
...
* fix: add keys to projections
* change to multiple tables
* merge
* change migration version
* merge
* Update migrations/cockroach/V1.98__keys.sql
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update migrations/cockroach/V1.98__keys.sql
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* check keys
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2021-12-06 16:57:35 +01:00
Livio Amstutz
b01f277e4b
fix: cherry pick security issue fixes ( #1432 )
...
* fix: potential "Potentially unsafe external link" of TOS and EMail Links
* fix: "Size computation for allocation may overflow" by limiting aes encrypt to 64MB
2021-03-19 09:10:50 +01:00
Livio Amstutz
438daebdb9
fix: cherry pick fixes from master ( #1339 )
...
* fix: return api config in ApplicationView (#1330 )
(cherry picked from commit 16a47c6542
)
* fix tests
2021-02-23 17:05:47 +01:00
Silvan
584bcda108
fix: language.Tag marshalling ( #1110 )
...
* fix(searchlimit): increase to 1000
* rafactor: remove unused return
* fix(user): marshalling of language tag
* fix(spooler): shuffle handlers on start
* fix(sql): reduce max open conns from 200 to 25 per pod
* chore(deps): google.golang.org/grpc and github.com/lib/pq
* chore(deps): update github.com/cockroachdb/cockroach-go/v2
2020-12-17 08:55:11 +01:00
Livio Amstutz
1c59d18fee
fix: improvements for login and oidc ( #227 )
...
* add csrf
* caching
* caching
* caching
* caching
* security headers
* csp and security headers
* error handler csp
* select user with display name
* csp
* user selection styling
* username to loginname
* regenerate grpc
* regenerate
* change to login name
2020-06-17 08:06:40 +02:00
Fabi
2c97794538
feat: login errors ( #204 )
...
* feat: nice error messages
* feat: nice error messages
* fix: add project type
* fix: message ids
* handle error messages in login
* add some better error messages
* fix: better error messages on login
* fix: better error messages on login
* fix: add internal errors
* fix: tests
2020-06-11 13:22:24 +02:00
Livio Amstutz
8a5badddf6
feat: Login, OP Support and Auth Queries ( #177 )
...
* fix: change oidc config
* fix: change oidc config secret
* begin models
* begin repo
* fix: implement grpc app funcs
* fix: add application requests
* fix: converter
* fix: converter
* fix: converter and generate clientid
* fix: tests
* feat: project grant aggregate
* feat: project grant
* fix: project grant check if role existing
* fix: project grant requests
* fix: project grant fixes
* fix: project grant member model
* fix: project grant member aggregate
* fix: project grant member eventstore
* fix: project grant member requests
* feat: user model
* begin repo
* repo models and more
* feat: user command side
* lots of functions
* user command side
* profile requests
* commit before rebase on user
* save
* local config with gopass and more
* begin new auth command (user centric)
* Update internal/user/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/user_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/eventstore_mock_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* changes from mr review
* save files into basedir
* changes from mr review
* changes from mr review
* move to auth request
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* changes requested on mr
* fix generate codes
* fix return if no events
* password code
* email verification step
* more steps
* lot of mfa
* begin tests
* more next steps
* auth api
* auth api (user)
* auth api (user)
* auth api (user)
* differ requests
* merge
* tests
* fix compilation error
* mock for id generator
* Update internal/user/repository/eventsourcing/model/password.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* requests of mr
* check email
* begin separation of command and query
* otp
* change packages
* some cleanup and fixes
* tests for auth request / next steps
* add VerificationLifetimes to config and make it run
* tests
* fix code challenge validation
* cleanup
* fix merge
* begin view
* repackaging tests and configs
* fix startup config for auth
* add migration
* add PromptSelectAccount
* fix copy / paste
* remove user_agent files
* fixes
* fix sequences in user_session
* token commands
* token queries and signout
* fix
* fix set password test
* add token handler and table
* handle session init
* add session state
* add user view test cases
* change VerifyMyMfaOTP
* some fixes
* fix user repo in auth api
* cleanup
* add user session view test
* fix merge
* begin oidc
* user agent and more
* config
* keys
* key command and query
* add login statics
* key handler
* start login
* login handlers
* lot of fixes
* merge oidc
* add missing exports
* add missing exports
* fix some bugs
* authrequestid in htmls
* getrequest
* update auth request
* fix userid check
* add username to authrequest
* fix user session and auth request handling
* fix UserSessionsByAgentID
* fix auth request tests
* fix user session on UserPasswordChanged and MfaOtpRemoved
* fix MfaTypesSetupPossible
* handle mfa
* fill username
* auth request query checks new events
* fix userSessionByIDs
* fix tokens
* fix userSessionByIDs test
* add user selection
* init code
* user code creation date
* add init user step
* add verification failed types
* add verification failures
* verify init code
* user init code handle
* user init code handle
* fix userSessionByIDs
* update logging
* user agent cookie
* browserinfo from request
* add DeleteAuthRequest
* add static login files to binary
* add login statik to build
* move generate to separate file and remove statik.go files
* remove static dirs from startup.yaml
* generate into separate namespaces
* merge master
* auth request code
* auth request type mapping
* fix keys
* improve tokens
* improve register and basic styling
* fix ailerons font
* improve password reset
* add audience to token
* all oidc apps as audience
* fix test nextStep
* fix email texts
* remove "not set"
* lot of style changes
* improve copy to clipboard
* fix footer
* add cookie handler
* remove placeholders
* fix compilation after merge
* fix auth config
* remove comments
* typo
* use new secrets store
* change default pws to match default policy
* fixes
* add todo
* enable login
* fix db name
* Auth queries (#179 )
* my usersession
* org structure/ auth handlers
* working user grant spooler
* auth internal user grants
* search my project orgs
* remove permissions file
* my zitadel permissions
* my zitadel permissions
* remove unused code
* authz
* app searches in view
* token verification
* fix user grant load
* fix tests
* fix tests
* read configs
* remove unused const
* remove todos
* env variables
* app_name
* working authz
* search projects
* global resourceowner
* Update internal/api/auth/permissions.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* Update internal/api/auth/permissions.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* model2 rename
* at least it works
* check token expiry
* search my user grants
* remove token table from authz
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix test
* fix ports and enable console
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-06-05 07:50:04 +02:00
Livio Amstutz
effc2c23c2
feat: add auth command side ( #107 )
...
* fix: query tests
* fix: use prepare funcs
* fix: go mod
* fix: generate files
* fix(eventstore): tests
* fix(eventstore): rename modifier to editor
* fix(migrations): add cluster migration,
fix(migrations): fix typo of host in clean clsuter
* fix(eventstore): move health
* fix(eventstore): AggregateTypeFilter aggregateType as param
* code quality
* fix: go tests
* feat: add member funcs
* feat: add member model
* feat: add member events
* feat: add member repo model
* fix: better error func testing
* fix: project member funcs
* fix: add tests
* fix: add tests
* feat: implement member requests
* fix: merge master
* fix: merge master
* fix: read existing in project repo
* fix: fix tests
* feat: add internal cache
* feat: add cache mock
* fix: return values of cache mock
* feat: add project role
* fix: add cache config
* fix: add role to eventstore
* fix: use eventstore sdk
* fix: use eventstore sdk
* fix: add project role grpc requests
* fix: fix getby id
* fix: changes for mr
* fix: change value to interface
* feat: add app event creations
* fix: searchmethods
* Update internal/project/model/project_member.go
Co-Authored-By: Silvan <silvan.reusser@gmail.com>
* fix: use get project func
* fix: append events
* fix: check if value is string on equal ignore case
* fix: add changes test
* fix: add go mod
* fix: add some tests
* fix: return err not nil
* fix: return err not nil
* fix: add aggregate funcs and tests
* fix: add oidc aggregate funcs and tests
* fix: add oidc
* fix: add some tests
* fix: tests
* feat: eventstore repository
* fix: remove gorm
* version
* feat: pkg
* feat: eventstore without eventstore-lib
* rename files
* gnueg
* fix: global model
* feat: add global view functions
* feat(eventstore): sdk
* fix(eventstore): rename app to eventstore
* delete empty test
* fix(models): delete unused struct
* feat(eventstore): overwrite context data
* fix: use global sql config
* fix: oidc validation
* fix: generate client secret
* fix: generate client id
* fix: test change app
* fix: deactivate/reactivate application
* fix: change oidc config
* fix: change oidc config secret
* begin models
* begin repo
* fix: implement grpc app funcs
* fix: add application requests
* fix: converter
* fix: converter
* fix: converter and generate clientid
* fix: tests
* feat: project grant aggregate
* feat: project grant
* fix: project grant check if role existing
* fix: project grant requests
* fix: project grant fixes
* fix: project grant member model
* fix: project grant member aggregate
* fix: project grant member eventstore
* fix: project grant member requests
* feat: user model
* begin repo
* repo models and more
* feat: user command side
* lots of functions
* user command side
* profile requests
* commit before rebase on user
* save
* local config with gopass and more
* begin new auth command (user centric)
* Update internal/user/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/user_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/eventstore_mock_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* changes from mr review
* save files into basedir
* changes from mr review
* changes from mr review
* move to auth request
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* changes requested on mr
* fix generate codes
* fix return if no events
* password code
* email verification step
* more steps
* lot of mfa
* begin tests
* more next steps
* auth api
* auth api (user)
* auth api (user)
* auth api (user)
* differ requests
* merge
* tests
* fix compilation error
* mock for id generator
* Update internal/user/repository/eventsourcing/model/password.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* requests of mr
* check email
* begin separation of command and query
* otp
* change packages
* some cleanup and fixes
* tests for auth request / next steps
* add VerificationLifetimes to config and make it run
* tests
* fix code challenge validation
* cleanup
* fix merge
* begin view
* repackaging tests and configs
* fix startup config for auth
* add migration
* add PromptSelectAccount
* fix copy / paste
* remove user_agent files
* fixes
* fix sequences in user_session
* token commands
* token queries and signout
* fix
* fix set password test
* add token handler and table
* handle session init
* add session state
* add user view test cases
* change VerifyMyMfaOTP
* some fixes
* fix user repo in auth api
* cleanup
* add user session view test
* fix merge
* fixes
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* extract method usersForUserSelection
* add todo for policy check
* id on auth req
* fix enum name
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-05-18 12:06:36 +02:00
Fabi
49d86fdabb
feat: user commands ( #75 )
...
* feat: eventstore repository
* fix: remove gorm
* version
* feat: pkg
* feat: add some files for project
* feat: eventstore without eventstore-lib
* rename files
* gnueg
* fix: key json
* fix: add object
* fix: change imports
* fix: internal models
* fix: some imports
* fix: global model
* feat: add global view functions
* fix: add some functions on repo
* feat(eventstore): sdk
* fix(eventstore): search query
* fix(eventstore): rename app to eventstore
* delete empty test
* remove unused func
* merge master
* fix(eventstore): tests
* fix(models): delete unused struct
* fix: some funcitons
* feat(eventstore): implemented push events
* fix: move project eventstore to project package
* fix: change project eventstore funcs
* feat(eventstore): overwrite context data
* fix: change project eventstore
* fix: add project repo to mgmt server
* feat(types): SQL-config
* fix: commented code
* feat(eventstore): options to overwrite editor
* feat: auth interceptor and cockroach migrations
* fix: migrations
* fix: fix filter
* fix: not found on getbyid
* fix: use global sql config
* fix: add sequence
* fix: add some tests
* fix(eventstore): nullable sequence
* fix: add some tests
* merge
* fix: add some tests
* fix(migrations): correct statements for sequence
* fix: add some tests
* fix: add some tests
* fix: changes from mr
* fix: changes from mr
* fix: add some tests
* Update internal/eventstore/models/field.go
Co-Authored-By: livio-a <livio.a@gmail.com>
* fix(eventstore): code quality
* fix: add types to aggregate/Event-types
* fix: try tests
* fix(eventstore): rename modifier* to editor*
* fix(eventstore): delete editor_org
* fix(migrations): remove editor_org field,
rename modifier_* to editor_*
* fix: query tests
* fix: use prepare funcs
* fix: go mod
* fix: generate files
* fix(eventstore): tests
* fix(eventstore): rename modifier to editor
* fix(migrations): add cluster migration,
fix(migrations): fix typo of host in clean clsuter
* fix(eventstore): move health
* fix(eventstore): AggregateTypeFilter aggregateType as param
* code quality
* fix: go tests
* feat: add member funcs
* feat: add member model
* feat: add member events
* feat: add member repo model
* fix: better error func testing
* fix: project member funcs
* fix: add tests
* fix: add tests
* feat: implement member requests
* fix: merge master
* fix: merge master
* fix: read existing in project repo
* fix: fix tests
* feat: add internal cache
* feat: add cache mock
* fix: return values of cache mock
* feat: add project role
* fix: add cache config
* fix: add role to eventstore
* fix: use eventstore sdk
* fix: use eventstore sdk
* fix: add project role grpc requests
* fix: fix getby id
* fix: changes for mr
* fix: change value to interface
* feat: add app event creations
* fix: searchmethods
* Update internal/project/model/project_member.go
Co-Authored-By: Silvan <silvan.reusser@gmail.com>
* fix: use get project func
* fix: append events
* fix: check if value is string on equal ignore case
* fix: add changes test
* fix: add go mod
* fix: add some tests
* fix: return err not nil
* fix: return err not nil
* fix: add aggregate funcs and tests
* fix: add oidc aggregate funcs and tests
* fix: add oidc
* fix: add some tests
* fix: tests
* fix: oidc validation
* fix: generate client secret
* fix: generate client id
* fix: test change app
* fix: deactivate/reactivate application
* fix: change oidc config
* fix: change oidc config secret
* fix: implement grpc app funcs
* fix: add application requests
* fix: converter
* fix: converter
* fix: converter and generate clientid
* fix: tests
* feat: project grant aggregate
* feat: project grant
* fix: project grant check if role existing
* fix: project grant requests
* fix: project grant fixes
* fix: project grant member model
* fix: project grant member aggregate
* fix: project grant member eventstore
* fix: project grant member requests
* feat: user model
* feat: user command side
* user command side
* profile requests
* local config with gopass and more
* Update internal/user/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/address.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/email.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/mfa.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/password.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/phone.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/model/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/usergrant/repository/eventsourcing/user_grant.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/user_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* Update internal/user/repository/eventsourcing/eventstore_mock_test.go
Co-Authored-By: Livio Amstutz <livio.a@gmail.com>
* changes from mr review
* save files into basedir
* changes from mr review
* changes from mr review
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/usergrant/repository/eventsourcing/cache.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* changes requested on mr
* fix generate codes
* fix return if no events
* password code
* Update internal/user/repository/eventsourcing/model/password.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* Update internal/user/repository/eventsourcing/model/user.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* requests of mr
* check email
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: livio-a <livio.a@gmail.com>
2020-05-11 10:16:27 +02:00
Fabi
04b4cd80b8
feat: application commands ( #50 )
...
* feat: eventstore repository
* fix: remove gorm
* version
* feat: pkg
* feat: add some files for project
* feat: eventstore without eventstore-lib
* rename files
* gnueg
* fix: key json
* fix: add object
* fix: change imports
* fix: internal models
* fix: some imports
* fix: global model
* feat: add global view functions
* fix: add some functions on repo
* feat(eventstore): sdk
* fix(eventstore): search query
* fix(eventstore): rename app to eventstore
* delete empty test
* remove unused func
* merge master
* fix(eventstore): tests
* fix(models): delete unused struct
* fix: some funcitons
* feat(eventstore): implemented push events
* fix: move project eventstore to project package
* fix: change project eventstore funcs
* feat(eventstore): overwrite context data
* fix: change project eventstore
* fix: add project repo to mgmt server
* feat(types): SQL-config
* fix: commented code
* feat(eventstore): options to overwrite editor
* feat: auth interceptor and cockroach migrations
* fix: migrations
* fix: fix filter
* fix: not found on getbyid
* fix: use global sql config
* fix: add sequence
* fix: add some tests
* fix(eventstore): nullable sequence
* fix: add some tests
* merge
* fix: add some tests
* fix(migrations): correct statements for sequence
* fix: add some tests
* fix: add some tests
* fix: changes from mr
* fix: changes from mr
* fix: add some tests
* Update internal/eventstore/models/field.go
Co-Authored-By: livio-a <livio.a@gmail.com>
* fix(eventstore): code quality
* fix: add types to aggregate/Event-types
* fix: try tests
* fix(eventstore): rename modifier* to editor*
* fix(eventstore): delete editor_org
* fix(migrations): remove editor_org field,
rename modifier_* to editor_*
* fix: query tests
* fix: use prepare funcs
* fix: go mod
* fix: generate files
* fix(eventstore): tests
* fix(eventstore): rename modifier to editor
* fix(migrations): add cluster migration,
fix(migrations): fix typo of host in clean clsuter
* fix(eventstore): move health
* fix(eventstore): AggregateTypeFilter aggregateType as param
* code quality
* fix: go tests
* feat: add member funcs
* feat: add member model
* feat: add member events
* feat: add member repo model
* fix: better error func testing
* fix: project member funcs
* fix: add tests
* fix: add tests
* feat: implement member requests
* fix: merge master
* fix: merge master
* fix: read existing in project repo
* fix: fix tests
* feat: add internal cache
* feat: add cache mock
* fix: return values of cache mock
* feat: add project role
* fix: add cache config
* fix: add role to eventstore
* fix: use eventstore sdk
* fix: use eventstore sdk
* fix: add project role grpc requests
* fix: fix getby id
* fix: changes for mr
* fix: change value to interface
* feat: add app event creations
* fix: searchmethods
* Update internal/project/model/project_member.go
Co-Authored-By: Silvan <silvan.reusser@gmail.com>
* fix: use get project func
* fix: append events
* fix: check if value is string on equal ignore case
* fix: add changes test
* fix: add go mod
* fix: add some tests
* fix: return err not nil
* fix: return err not nil
* fix: add aggregate funcs and tests
* fix: add oidc aggregate funcs and tests
* fix: add oidc
* fix: add some tests
* fix: tests
* fix: oidc validation
* fix: generate client secret
* fix: generate client id
* fix: test change app
* fix: deactivate/reactivate application
* fix: change oidc config
* fix: change oidc config secret
* fix: implement grpc app funcs
* fix: add application requests
* fix: converter
* fix: converter
* fix: converter and generate clientid
* fix: tests
* fix: some fixes
* feat: mr changes
* fix: remove state converted
* fix: add default oidc config
* fix: use crypto pw generator
* fix: rename responsetype
* create GeneratorConfig and refactor some crypto.Generator code (#70 )
* Update internal/project/model/project_role.go
Co-Authored-By: Silvan <silvan.reusser@gmail.com>
* fix: change objectroot id
* fix: caos err id
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: livio-a <livio.a@gmail.com>
2020-04-21 17:00:32 +02:00
Livio Amstutz
96b1817d62
add multi files config test and some more
2020-03-30 11:44:17 +02:00
Livio Amstutz
e04c0116f5
refactor crypto tests
2020-03-30 11:26:02 +02:00
Livio Amstutz
59dc4dbe85
improve some functions
2020-03-30 09:28:00 +02:00
Livio Amstutz
265ea450b1
fix: import
2020-03-23 08:43:08 +01:00
Livio Amstutz
90342ed872
feat: add crypto pkg
2020-03-23 07:06:44 +01:00