Livio Spring
1c8037f291
fix: external user check ( #6038 )
2023-06-16 10:27:43 +02:00
Stefan Benz
8dfaa1dfa5
fix: check if application is active in saml logic ( #6003 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-15 11:04:27 +02:00
Stefan Benz
2d13d412a2
fix: update linking users if action changed values ( #6024 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-15 07:02:53 +00:00
Stefan Benz
855d6b1bd5
fix: nil pointer on create instance add machine ( #6000 )
...
* fix: nil pointer on create instance add machine
* fix: instance setup with machine user pat
* fix: correct logic to write pat and key from setup without configurable scope
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-15 06:16:39 +00:00
Tim Möhlmann
2e323e8044
feat(v2): register user u2f ( #6020 )
2023-06-15 05:32:40 +00:00
Stefan Benz
66e639b5ad
fix: handling of org idp migrations and google events ( #5992 )
2023-06-08 14:08:13 +00:00
Max Peintner
58cfb94e1d
fix(login): url safe encoding base64 ( #5983 )
...
* url safe encoding base64
* js rm export
* fix: publish docker image
* rm releaserc
---------
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-06-08 09:27:03 +02:00
Stefan Benz
5562ee94a6
feat: migrate external idp to other types ( #5984 )
...
* feat: migrate instance oidc to azureAD
* feat: migrate instance oidc to azureAD
* feat: migrate org oidc to azureAD
* feat: migrate oidc to google
* fix: correct idp writemodels
* fix: review changes
2023-06-08 00:50:53 +02:00
Stefan Benz
0b1738dc5d
fix: check linked users before postAuthentication action ( #5980 )
...
* fix: check linked users before postAuthentication action
* fix: apply suggestions from code review
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-06-08 00:16:02 +02:00
Tim Möhlmann
f456168a74
feat: session v2 passkey authentication ( #5952 )
2023-06-07 17:28:42 +02:00
Elio Bischof
61feb9d19f
fix: more silence ( #5986 )
2023-06-06 15:12:54 +00:00
Tim Möhlmann
d5eaa8fa16
fix: display loginname in machine client credentials ( #5936 )
2023-05-26 13:04:45 +00:00
Stefan Benz
9aed0319c5
fix: token for post authentication action and change phone and email ( #5933 )
...
* fix: token for post authentication action and change phone and email
* fix checks and add tests
* improve change checks and add tests
* add more tests
* remove unintended test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-05-26 07:24:52 +00:00
Stefan Benz
fa8f191812
feat: v2alpha user service idp endpoints ( #5879 )
...
* feat: v2alpha user service idp endpoints
* feat: v2alpha user service intent endpoints
* begin idp intents (callback)
* some cleanup
* runnable idp authentication
* cleanup
* proto cleanup
* retrieve idp info
* improve success and failure handling
* some unit tests
* grpc unit tests
* add permission check AddUserIDPLink
* feat: v2alpha intent writemodel refactoring
* feat: v2alpha intent writemodel refactoring
* feat: v2alpha intent writemodel refactoring
* provider from write model
* fix idp type model and add integration tests
* proto cleanup
* fix integration test
* add missing import
* add more integration tests
* auth url test
* feat: v2alpha intent writemodel refactoring
* remove unused functions
* check token on RetrieveIdentityProviderInformation
* feat: v2alpha intent writemodel refactoring
* fix TestServer_RetrieveIdentityProviderInformation
* fix test
* i18n and linting
* feat: v2alpha intent review changes
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-24 18:29:58 +00:00
Tim Möhlmann
a301c40f9f
feat: implement register Passkey user API v2 ( #5873 )
...
* command/crypto: DRY the code
- reuse the the algorithm switch to create a secret generator
- add a verifyCryptoCode function
* command: crypto code tests
* migrate webauthn package
* finish integration tests with webauthn mock client
2023-05-24 10:22:00 +00:00
András Tóth
8c926366a9
fix(database): allow postgres sslmode=require without root cert ( #4972 )
...
* fix(database): allow postgres sslmode=require without root cert
* fix(database): allow postgres sslmode=require without root cert (fix)
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-05-23 14:29:13 +00:00
Elio Bischof
2e86c44aa5
fix: delete cookies ( #5885 )
...
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-05-19 05:12:31 +00:00
Elio Bischof
885e3385aa
fix: send exhausted property in env json ( #5877 )
2023-05-17 11:41:54 +02:00
Livio Spring
383e68b819
Merge branch 'main' into grcp-server-reflect
2023-05-16 10:51:32 +02:00
Elio Bischof
0e251a29c8
fix: set exhausted cookie with env json ( #5868 )
...
* fix: set exhausted cookie with env json
* lint
2023-05-15 08:51:02 +02:00
Silvan
098c27d3da
fix: render authrequest id only if possible ( #5823 )
2023-05-11 16:02:34 +00:00
Stefan Benz
8d13f170e8
feat(api): new settings service ( #5775 )
...
* feat: add v2alpha policies service
* feat: add v2alpha policies service
* fix: rename of attributes and messages in v2alpha api
* fix: rename of attributes and messages in v2alpha api
* fix: linter corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix grpc
* refactor: rename to settings and more
* Apply suggestions from code review
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
* add service to docs and rename legal settings
* unit tests for converters
* go mod tidy
* ensure idp name and return list details
* fix: use correct resource owner for active idps
* change query to join
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-11 09:23:40 +00:00
Elio Bischof
35a0977663
fix: improve exhausted SetCookie header ( #5789 )
...
* fix: remove access interceptor for console
* feat: template quota cookie value
* fix: send exhausted cookie from grpc-gateway
* refactor: remove ineffectual err assignments
* Update internal/api/grpc/server/gateway.go
Co-authored-by: Livio Spring <livio.a@gmail.com>
* use dynamic host header to find instance
* add instance mgmt url to environment.json
* support hosts with default ports
* fix linting
* docs: update lb example
* print access logs to stdout
* fix grpc gateway exhausted cookies
* cleanup
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-05-11 09:24:44 +02:00
Tim Möhlmann
1461d9ec6d
Merge branch 'main' into grcp-server-reflect
2023-05-07 16:47:52 +02:00
Tim Möhlmann
62b4c31834
add server reflection to Probes list
2023-05-07 16:47:43 +02:00
Livio Spring
c2cb84cd24
feat(api): new session service ( #5801 )
...
* backup new protoc plugin
* backup
* session
* backup
* initial implementation
* change to specific events
* implement tests
* cleanup
* refactor: use new protoc plugin for api v2
* change package
* simplify code
* cleanup
* cleanup
* fix merge
* start queries
* fix tests
* improve returned values
* add token to projection
* tests
* test db map
* update query
* permission checks
* fix tests and linting
* rework token creation
* i18n
* refactor token check and fix tests
* session to PB test
* request to query tests
* cleanup proto
* test user check
* add comment
* simplify database map type
* Update docs/docs/guides/integrate/access-zitadel-system-api.md
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* fix test
* cleanup
* docs
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-05 15:34:53 +00:00
Miguel Cabrerizo
3ca7147808
fix: introduce measures to avoid bots crawling and indexing activities ( #5728 )
...
* fix: 404 for robots.txt and meta robots tags
* fix: add unit tests for robots txt and tag
* fix: add meta tag robots none for login pages
* fix: weird format issue in header.go
* fix: add x-robots-tag=none to grpcwebserver
* fix linting
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-05-05 10:25:02 +02:00
Livio Spring
f1534c0c4c
refactor: use new protoc plugin for api v2 ( #5798 )
...
* refactor: use new protoc plugin for api v2
* simplify code
2023-05-04 08:50:19 +00:00
Tim Möhlmann
5f0c1b5290
resolve comments
2023-05-03 15:10:27 +02:00
Tim Möhlmann
4934d6f4fa
Merge branch 'main' into integration-tests
2023-05-02 19:24:37 +03:00
Tim Möhlmann
c839cb3ce0
tie loose ends, documentation
2023-05-02 19:24:24 +03:00
Livio Spring
e0505b2def
fix: use correct org id for external authentication actions ( #5793 )
2023-05-02 16:03:33 +00:00
Silvan
40bf7e49cc
fix: correct tracing in access interceptor ( #5766 )
2023-05-02 08:46:44 +00:00
Tim Möhlmann
f011882b2d
Merge branch 'main' into grcp-server-reflect
2023-04-30 14:40:13 +03:00
Silvan
39bdef35e7
chore: merge ( #5773 )
...
* feat: allow skip of success page for native apps (#5627 )
add possibility to return to callback directly after login without rendering the successful login page
* build next
* fix(console): disallow inline fonts, critical styles (#5714 )
fix: disallow inline
* fix(setup): step 10 for postgres (#5717 )
* fix(setup): smaller transactions (#5743 )
* fix: order by sequence by default
* test: add allowCreationDateFilter
* fix(step10): separate executions (#5754 )
* feat: allow skip of success page for native apps (#5627 )
add possibility to return to callback directly after login without rendering the successful login page
* build next
* fix(console): disallow inline fonts, critical styles (#5714 )
fix: disallow inline
* fix(setup): step 10 for postgres (#5717 )
* fix(setup): smaller transactions (#5743 )
* fix(step10): split statements
* fix(step10): split into separate execs
* chore: prerelease
* add truncate before insert
* fix: add truncate
* Merge branch 'main' into optimise-step-10
* chore: reset release definition
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
2023-04-28 14:56:51 +00:00
Tim Möhlmann
498c4436ae
inegration tests for user email
2023-04-28 17:44:59 +03:00
Livio Spring
458a383de2
fix: use current sequence for refetching of events ( #5772 )
...
* fix: use current sequence for refetching of events
* fix: use client ids
2023-04-28 16:28:13 +02:00
Silvan
c8c5cf3c5f
feat(cli): add setup cleanup sub command ( #5770 )
...
* feat(cli): add `setup cleanup` sub command
* chore: logging
* chore: logging
2023-04-28 11:55:35 +00:00
Tim Möhlmann
4b7f5ae186
AddHumanUser tests
2023-04-28 14:39:53 +03:00
Tim Möhlmann
11ab645bb7
Merge branch 'main' into integration-tests
2023-04-27 12:47:35 +03:00
Tim Möhlmann
596900aba6
nolint contextcheck in NewTester
2023-04-26 20:49:33 +03:00
Tim Möhlmann
1dc46b16b0
remove negated integration tags
2023-04-26 19:55:13 +03:00
Tim Möhlmann
90ba3a8d92
poll on test start
2023-04-26 19:54:47 +03:00
Livio Spring
6774e7f444
fix: handle userID and context correctly ( #5755 )
...
* fix: handle userID and context correctly
* fix linting
2023-04-26 16:19:32 +02:00
Livio Spring
e4a4b7cfbe
feat(api): add user creation to user service ( #5745 )
...
* chore(proto): update versions
* change protoc plugin
* some cleanups
* define api for setting emails in new api
* implement user.SetEmail
* move SetEmail buisiness logic into command
* resuse newCryptoCode
* command: add ChangeEmail unit tests
Not complete, was not able to mock the generator.
* Revert "resuse newCryptoCode"
This reverts commit c89e90ae35
2023-04-26 07:47:57 +02:00
bitfactory-sem-denbroeder
19f2f83b61
feat: add otp name and make it configurable ( #5631 )
...
* feat: add otp name and make it configurable
* feat: use pre-existing otp env var
* feat: use requested domain if otp issuer is empty
* cleanup
---------
Co-authored-by: Sem den Broeder <semnelldenbroeder@gmail.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-26 07:17:23 +02:00
Elio Bischof
923f691d77
fix: use singleton meter provider ( #5725 )
2023-04-25 18:15:32 +00:00
Elio Bischof
c12c2f09a4
fix: switch log level of failed locks to debug ( #5746 )
2023-04-25 19:20:59 +02:00
Tim Möhlmann
79084089ea
add github action for integration tests
2023-04-25 18:11:04 +03:00
Tim Möhlmann
a22b58f1c0
simple test of a health endpoint
2023-04-25 15:04:35 +03:00
Silvan
095ec21678
feat: user v2alpha email API ( #5708 )
...
* chore(proto): update versions
* change protoc plugin
* some cleanups
* define api for setting emails in new api
* implement user.SetEmail
* move SetEmail buisiness logic into command
* resuse newCryptoCode
* command: add ChangeEmail unit tests
Not complete, was not able to mock the generator.
* Revert "resuse newCryptoCode"
This reverts commit c89e90ae35
2023-04-25 09:02:29 +02:00
James Schinner
2a79e77c7b
docs: Fix typo ( #5727 )
...
Fix typo
2023-04-24 13:23:38 +02:00
Silvan
5d6399da24
fix(projection): implement GoStringer for postgres ( #5716 )
2023-04-21 06:58:04 +00:00
Tim Möhlmann
5819924275
feat: device authorization RFC 8628 ( #5646 )
...
* device auth: implement the write events
* add grant type device code
* fix(init): check if default value implements stringer
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-19 08:46:02 +00:00
Silvan
8da8fbe6ce
fix(eventstore): correct creation date of events ( #5683 )
...
* fix: add setup step to correct creation dates
* fix(eventstore): replace now with statement ts
* fix(step10): correct number
* fix: handle wrong instance domain removed events
2023-04-18 19:29:04 +02:00
Livio Spring
429a91518b
fix: remove idp templates when using old / deprecated delete method ( #5685 )
...
* fix: remove idp templates when using old / deprecated delete method
* fix: projection version
2023-04-17 08:20:49 +00:00
Livio Spring
4c482619da
fix: ensure minimal scope for azure ad ( #5686 )
...
* fix: ensure minimal scope for azure ad
* docs(idps): mention scopes which are always sent
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-17 07:02:16 +00:00
Livio Spring
8e19f0f6c3
fix: set displayname correctly in EnsureDisplayName ( #5702 )
...
fix: EnsureDisplayName
2023-04-17 06:26:40 +00:00
Miguel Cabrerizo
d140f9373a
feat: Zitadel translated into Spanish ( #5634 )
...
* feat: spanish translation in progress
* feat: 85% of translated strings
* feat: spanish translation 95% done
* fix: fix some typos
* fix: add missing translations for recent commits
* Apply suggestions from code review
Co-authored-by: Livio Spring <livio.a@gmail.com>
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-14 15:53:19 +02:00
Tim Möhlmann
27e9852367
feat: enable grpc server reflection
2023-04-14 16:34:12 +03:00
Max Peintner
2ec36bd63b
fix(console): add state filter to org table, filter context ( #5650 )
...
* fix: add state filter to org table, filter context
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-12 15:02:54 +02:00
Silvan
ed2588f13d
fix(idp): handle scopes in azureAD ( #5665 )
2023-04-12 07:27:07 +02:00
Silvan
c216d6effd
fix(mfa): correct change url ( #5663 )
2023-04-11 19:27:18 +02:00
Max Peintner
1c1d66cbe8
chore(console): remove first and lastName fallback from user ( #5629 )
...
* chore(console): remove first and lastName fallback from user
* use display name and ensure it's set without required name fields
* add user type to user grant and memberships responses
* contributor, members
* fix avatar display checks
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-11 15:56:51 +00:00
Livio Spring
8bf36301ed
feat: allow skip of success page for native apps ( #5627 )
...
add possibility to return to callback directly after login without rendering the successful login page
2023-04-11 15:07:32 +00:00
Livio Spring
b3d8787921
feat: add new api services ( #5619 )
...
* feat: add new services
* improve demos and comments
* remove unused field
* add comment to demo proto calls
* Apply suggestions from code review
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-04-11 15:37:42 +02:00
Stefan Benz
440ba9f5ef
fix: update saml to v0.0.11 ( #5628 )
...
* fix: update saml to v0.0.11
* chore: remove unused sum
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-11 07:39:12 +00:00
Silvan
698f46fe6a
chore: update dependencies ( #5401 )
...
* chore(backend): update dependencies
* chore(pipeline): update golangci-lint
2023-04-06 06:29:55 +00:00
Elio Bischof
8141d902b8
fix: delete org project mapping by grant id ( #5607 )
...
* fix: delete org project mapping by grant id
* fix: check for project on authentication using projections
* fix tests
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-06 05:46:12 +00:00
Livio Spring
23e6cc325e
fix: update correct current sequence for refresh tokens ( #5608 )
2023-04-05 21:31:51 +02:00
Elio Bischof
29c0adb650
fix: ignore 0 retention on event search ( #5614 )
...
* fix: filter all search events if retention
* test(e2e): test event api filter
2023-04-05 17:56:11 +00:00
Silvan
8b5217c06d
fix(query): only active by org by primary domain ( #5610 )
2023-04-05 12:06:26 +00:00
Silvan
d981f0d348
fix(saml): correct handling of remove ( #5606 )
2023-04-05 11:42:00 +00:00
Livio Spring
ea9223a2b0
fix: remove instance IDPs correctly from org policies ( #5609 )
...
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-04-05 11:18:00 +00:00
Silvan
4c1169b562
feat(eventstore): order by creation_date and sequence ( #5568 )
...
* feat(eventstore): order by `creation_date` and `sequence`
* fix(logstore): use correct event type
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-04-05 09:34:24 +00:00
Livio Spring
991a56341b
fix: role claims mapping ( #5601 )
...
* fix: role claims mapping
* update oidc pkg
* update oidc pkg
2023-04-04 12:36:39 +00:00
Silvan
dd84b93ac3
fix(token): filter users by instance id ( #5596 )
...
* fix(token): filter users by instance id
2023-04-03 12:56:37 +00:00
Silvan
e688954308
feat: role claims for service user tokens ( #5577 )
...
tokens of service users can now contain role claims by requesting them through scopes
2023-04-03 14:26:51 +02:00
Elio Bischof
887e2f474d
fix: use fixed active instances duration ( #5567 )
...
* fix: use fixed active instances duration
* fix active instances tests
* fix syntax error
* run pipeline
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-30 13:01:27 +02:00
Elio Bischof
cccccd005c
feat: call webhooks at least once ( #5454 )
...
* feat: call webhooks at least once
* self review
* feat: improve notification observability
* feat: add notification tracing
* test(e2e): test at-least-once webhook delivery
* fix webhook notifications
* dedicated quota notifications handler
* fix linting
* fix e2e test
* wait less in e2e test
* fix: don't ignore failed events in handlers
* fix: don't ignore failed events in handlers
* faster requeues
* question
* fix retries
* fix retries
* retry
* don't instance ids query
* revert handler_projection
* statements can be nil
* cleanup
* make unit tests pass
* add comments
* add comments
* lint
* spool only active instances
* feat(config): handle inactive instances
* customizable HandleInactiveInstances
* call inactive instances quota webhooks
* test: handling with and w/o inactive instances
* omit retrying noop statements
* docs: describe projection options
* enable global handling of inactive instances
* self review
* requeue quota notifications every 5m
* remove caos_errors reference
* fix comment styles
* make handlers package flat
* fix linting
* fix repeating quota notifications
* test with more usage
* debug log channel init failures
2023-03-28 22:09:06 +00:00
Miguel Cabrerizo
1b9cea0e0c
feat: add Help/Support e-mail for instance/org ( #5445 )
...
feat: help and support email in privacy policy
2023-03-28 21:36:52 +02:00
Stefan Benz
12a7c4b994
fix: correct conditions for user update after actions in post authent… ( #5535 )
...
Correct conditions on when the user gets updated through actions in post-authentication, with an added boolean for checking if anything changed in the actions.
2023-03-28 12:53:21 +00:00
Tim Möhlmann
25c3c17986
chore: upgrade to oidc v2 release ( #5437 )
...
* chore: upgrade to oidc v2 release
* fix tests
* fix build errors after rebase
* pin oidc v2.1.0
* pin oidc v2.1.1 (include bugfix)
* pin oidc v2.1.2 (include bugfix)
* pin oidc v2.2.1 (bugfix)
include fix zitadel/oidc#349
* fix: refresh token handling
* simplify cognitive complexity
* fix: handle error
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-03-28 11:28:56 +00:00
Elio Bischof
62bd606593
feat: enable handling projections for inactive instances ( #5523 )
...
* fix: don't ignore failed events in handlers
* question
* fix retries
* don't instance ids query
* statements can be nil
* make unit tests pass
* add comments
* spool only active instances
* feat(config): handle inactive instances
* customizable HandleInactiveInstances
* test: handling with and w/o inactive instances
* docs: describe projection options
* enable global handling of inactive instances
* accept NowFunc, not Clock interface
* add comment about stringer usage
* remove enum stringer implementations
* fix enum format types
* Update internal/eventstore/repository/mock/repository.mock.impl.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-27 12:34:01 +00:00
Stefan Benz
41ff0bbc63
feat: ldap provider login ( #5448 )
...
Add the logic to configure and use LDAP provider as an external IDP with a dedicated login GUI.
2023-03-24 15:18:56 +00:00
Fabi
cf1ac30970
fix: remove unnecessary cancel button as cancel is not possible ( #5511 )
...
* fix: remove unnecessary cancel button as cancel is not possible
* fix: add missing tranlation
* fix: add missing tranlation
* docs: missing translations
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-24 08:00:56 +00:00
Livio Spring
1cf84b5a56
fix: map metadata correctly in actions ( #5526 )
2023-03-23 14:28:53 +01:00
Livio Spring
fca6dd9613
fix: reduce correct type for jwt idps ( #5519 )
2023-03-22 15:46:59 +00:00
tharuta
a8fe15829e
feat: internationalization Japanese (recreated) ( #5513 )
...
japanese translation
---------
Co-authored-by: Max Peintner <max@caos.ch>
2023-03-22 07:30:46 +01:00
Livio Spring
a6c471b2e4
fix: possible nil pointer in actions ( #5510 )
2023-03-21 11:19:49 +01:00
Livio Spring
4ca50e0802
fix: check for empty applicationID on assertRoles ( #5509 )
...
* fix: check for empty applicationID on assertRoles
* remove unintended added file
2023-03-21 08:59:44 +01:00
Silvan
a3b36a0138
refactor(changes): use queries.SearchEvents ( #5388 )
...
* refactor(changes): use `queries.SearchEvents`
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-03-17 09:14:06 +00:00
Elio Bischof
09abf06d4d
refactor: rename config structs ( #5459 )
2023-03-16 17:24:30 +00:00
Livio Spring
1896f13952
fix: use idToken for mapping when using old configs ( #5458 )
...
* fix: use idToken for mapping when using old configs
* fix events and add tests
2023-03-16 16:47:22 +01:00
Livio Spring
a8a2edadc2
fix: use correct resource owner in checkExternalUserLogin ( #5457 )
2023-03-16 13:14:08 +00:00
Elio Bischof
fecd197bf2
fix: open dialogs ( #5451 )
2023-03-15 14:40:35 +00:00
Livio Spring
5a307afe62
feat: add azure provider templates ( #5441 )
...
Adds possibility to manage and use Microsoft Azure template based providers
2023-03-15 07:48:37 +01:00
Elio Bischof
e00cc187fa
fix: make user creation errors helpful ( #5382 )
...
* fix: make user creation errors helpful
* fix linting and unit testing errors
* fix linting
* make zitadel config reusable
* fix human validations
* translate ssr errors
* make zitadel config reusable
* cover more translations for ssr
* handle email validation message centrally
* fix unit tests
* fix linting
* align signatures
* use more precise wording
* handle phone validation message centrally
* fix: return specific profile errors
* docs: edit comments
* fix unit tests
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-14 19:20:38 +00:00
Stefan Benz
f99cf50f69
fix: add authURLParams to urls for external idps ( #5404 )
...
add authURL parameters to urls for external IDPs, depended on the contents of the authRequest
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-03-14 15:42:29 +00:00
Livio Spring
c0843e6b4c
feat: add gitlab provider templates ( #5405 )
...
* feat(api): add google provider template
* refactor reduce functions
* handle removed event
* linting
* fix projection
* feat(api): add generic oauth provider template
* feat(api): add github provider templates
* feat(api): add github provider templates
* fixes
* proto comment
* fix filtering
* requested changes
* feat(api): add generic oauth provider template
* remove wrongly committed message
* increase budget for angular build
* fix linting
* fixes
* fix merge
* fix merge
* fix projection
* fix merge
* updates from previous PRs
* enable github providers in login
* fix merge
* fix test and add github styling in login
* cleanup
* feat(api): add gitlab provider templates
* fix: merge
* fix display of providers in login
* implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it
* fix merge
* fix merge and add tests for command side
* requested changes
* requested changes
* Update internal/query/idp_template.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix merge
* requested changes
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-13 17:34:29 +01:00
Silvan
eb4f7c5d7c
fix(auth): update user grants before check ( #5406 )
2023-03-13 08:03:49 +01:00
Livio Spring
26fdc3e84e
fix(api): return id_attribute of oauth provider ( #5397 )
2023-03-09 06:13:43 +00:00
Livio Spring
8cbde57047
fix(api): allow HTTP/1.1 for grpc-web ( #5376 )
...
Handles grpc-web on HTTP/1.1 with H2C for HTTP/2, but does not enforce it.
2023-03-08 18:33:43 +00:00
Silvan
20e4f1ce57
feat(actions): add fields to complement token flow ( #5336 )
...
* deprecated `ctx.v1.userinfo`-field in "pre userinfo creation" trigger in favour of `ctx.v1.claims`. The trigger now behaves the same as "pre access token creation"
* added `ctx.v1.claims` to "complement tokens" flow
* added `ctx.v1.grants` to "complement tokens" flow
* document `ctx.v1.getUser()` in "complement tokens" flow
* feat(actions): add getUser() and grant
* map user grants
* map claims
* feat(actions): claims in complement token ctx
* docs(actions): add new fields of complement token
* docs(actions): additions to complement token
* docs(actions): correct field names
2023-03-08 15:26:28 +01:00
Livio Spring
3042d7ef5c
feat: add github provider template ( #5334 )
...
Adds possibility to manage and use GitHub (incl. Enterprise Server) template based providers
2023-03-08 10:17:28 +00:00
Livio Spring
b2786d8c68
fix: handling of (old) IDPConfigChangedEvent projection ( #5384 )
2023-03-07 11:35:47 +01:00
Livio Spring
2efa305e10
fix: use of generic oauth provider ( #5345 )
...
Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field.
2023-03-03 10:38:49 +00:00
Silvan
c8142030e9
fix(postgres): set dbname=postgres in admin mode ( #5346 )
2023-03-03 09:26:50 +00:00
Silvan
ed4983d3fd
fix: emit only if data and marshal invalid metadata
...
* fix(emitter): only emit if there are log records
* fix(actions): marshal invalid metadata value into string
2023-03-01 17:05:12 +00:00
Livio Spring
966df56026
fix(providers): set prompt select_account again ( #5329 )
2023-03-01 07:17:51 +00:00
Livio Spring
48f9815b7c
feat(login): use new IDP templates ( #5315 )
...
The login uses the new template based IDPs with backwards compatibility for old IDPs
2023-02-28 21:20:58 +01:00
Silvan
e38abdcdf3
perf: query data AS OF SYSTEM TIME ( #5231 )
...
Queries the data in the storage layser at the timestamp when the call hit the API layer
2023-02-27 22:36:43 +01:00
Livio Spring
80003939ad
feat(api): add oidc and jwt provider template ( #5290 )
...
Adds possibility to manage OIDC and JWT template based providers
2023-02-27 16:32:18 +01:00
Max Peintner
9396e8b2f5
fix(console): use authService for auth user page ( #5233 )
...
* auth grant
* fix: add missing attributes to ListMyUserGrantsResponse
* user grants typing
* typing
* auth grant link
* disable without role
* edit with auth grant
* chore(console): auto organize imports (#5293 )
fix(console): auto organize imports
* Update console/src/app/modules/user-grants/user-grants-datasource.ts
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* Update console/src/app/modules/user-grants/user-grants-datasource.ts
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* Update console/src/app/modules/user-grants/user-grants-datasource.ts
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* linter, rm unused import
* add examples again
* lint
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
2023-02-27 12:03:44 +01:00
Livio Spring
82ffd6dffb
fix(actions): provide browser info and handle nil pointer ( #5277 )
...
* fix(actions): provide browser info and handle nil pointer
* fix(actions): use correct user id in post registration
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-02-24 16:13:11 +01:00
Livio Spring
737d14e81b
feat(api): add generic oauth provider template ( #5260 )
...
adds functionality to manage templates based OIDC IDPs
2023-02-24 15:16:06 +01:00
Livio Spring
40e7356f3e
feat(api): add google provider template ( #5247 )
...
add functionality to manage templates based Google IDP
2023-02-21 17:18:28 +00:00
Miguel Cabrerizo
7fc3ecf665
feat: request users ordered by creation date ( #5160 )
...
* feat: request users ordered by creation date
* fix: missing case for creationDate in user-table
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-02-17 13:15:21 +00:00
Stefan Benz
586495a0be
feat: add management for ldap idp template ( #5220 )
...
Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future.
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-02-15 08:14:59 +00:00
Elio Bischof
058192c22b
test: fix log headers ( #5222 )
...
* test: fix log headers
* ensure just public types are tested
* fix(postgres): proper statements for setup step 7
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-02-15 03:21:58 +00:00
Elio Bischof
681541f41b
feat: add quotas ( #4779 )
...
adds possibilities to cap authenticated requests and execution seconds of actions on a defined intervall
2023-02-15 02:52:11 +01:00
Max Peintner
df4a173264
feat(console): machine user accesstoken type ( #5196 )
...
Set machine user Access Token type
2023-02-14 17:05:55 +01:00
uiopak
84fa20f1ce
feat: internationalization Polish ( #5117 )
...
* Add Polish translations
* Add references to Polish translations in files
* Make a consistent translation of languages in Chinese translation
* Add missing language references to fr, it and zh
* Translation corrections
* Add missing language references to zh
* Translation corrections
* add latest translation keys
* Translation corrections and addition of some new ones
* translate auth requests exhausted
* add new untranslated keys
* Translation corrections, fix indentation
---------
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
2023-02-13 12:03:34 +01:00
Livio Spring
8ef13d77e7
fix(actions): check for nil pointer on set claims in access_token ( #5172 )
2023-02-09 06:27:39 +00:00
Stefan Benz
3616b6b028
feat(api): allow specifying access_token type (opaque/JWT) for service users ( #5150 )
...
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
2023-02-08 08:06:34 +00:00
Livio Spring
44a995c660
fix: only remove idp links from users of own organisation ( #5156 )
...
ensure linked users of the (instance) idp are only affected if they are part of the organisation where the idp is removed from the login policy
2023-02-03 14:56:19 +07:00
Stefan Benz
e2fdd3f077
feat: support client_credentials for service users ( #5134 )
...
Request an access_token for service users with OAuth 2.0 Client Credentials Grant. Added functionality to generate and remove a secret on service users.
2023-01-31 19:52:47 +00:00
Stefan Benz
eb17d0c378
feat: add http request to interal and external authentication actions ( #5103 )
...
Add functionality to provide http.Request and authError to actions for logging or other logic.
2023-01-26 10:40:49 +00:00
Silvan
c54ddc71a2
feat(actions): local users ( #5089 )
...
Actions are extended to to local users. It's possible to run custom code during registration and authentication of local users.
2023-01-25 13:08:01 +00:00
Stefan Benz
19621acfd3
feat: add notification policy and password change message ( #5065 )
...
Implementation of new notification policy with functionality to send email when a password is changed
2023-01-25 09:49:41 +01:00
Fabi
8b5894c0bb
fix: add description to password screen ( #5096 )
2023-01-24 09:46:31 +00:00
Livio Spring
598a4d2d4b
feat: add basic structure of idp templates ( #5053 )
...
add basic structure and implement first providers for IDP templates to be able to manage and use them in the future
2023-01-23 08:11:40 +01:00
Silvan
7b5135e637
fix(adminAPI): localize event type ( #5059 )
...
* fix(adminAPI): localisation of event types, aggregate types
* fix(adminAPI): validations of ListEvent request
* implement caching of editor user information
2023-01-19 15:50:05 +00:00
Stefan Benz
a36fdf8fe6
feat: add listIamMembers to system api ( #5013 )
...
Added ListIAMMembers endpoint to system-API to provide the functionality to the customer portal
2023-01-17 20:35:41 +00:00
Elio Bischof
0316c2c187
fix: add port to SMTP host label ( #4980 )
...
* fix: add port to SMTP host label
* fix gRPC request message
* fix: validate port in backend
* make defaults.yaml host field more clear
* add placeholder smtp host field
* make ipv6 smtp host valid
* hide smtp password input
* fix smtp host not filled
* dont let browsers prefill smtp password
2023-01-17 09:20:16 +00:00
Silvan
71bd19d690
fix: login name case insensitive ( #5032 )
...
checks for login names case insensitive during login
2023-01-16 13:07:31 +00:00
Silvan
1bf1f335dc
feat(admin-api): list events ( #4989 )
...
* docs: update cockroachdb version to 22.2
* feat(adminAPI): ListEventTypes returns the list of event types ZITADEL implements
* feat(adminAPI): ListAggregateTypes returns the list of aggregate types ZITADEL implements
* feat(adminAPI): ListEvents allows `IAM_OWNERS` to search for events
2023-01-16 11:30:03 +00:00
Silvan
74c1c39207
fix: org unique check ( #5033 )
...
- all verified of domains are checked
- domains are checked case insensitive
- name is checked case insensitive
2023-01-16 09:55:19 +00:00
Max Peintner
e7a97b1f3b
fix(login): add text-decoration: underline on the sub-formfield links ( #5012 )
...
* fix: login underline
* a styles
2023-01-12 14:04:04 +00:00
Livio Spring
2482bb8700
Merge pull request from GHSA-6rrr-78xp-5jp8
2023-01-10 15:58:10 +01:00
Livio Spring
0a30e39b46
fix(CORS): add X-Requested-With to Access-Control-Request-Headers ( #5009 )
...
allows clients with `X-Requested-With` header to succeed with their CORS request
2023-01-09 13:37:10 +01:00
Livio Spring
5651f98600
feat(auth api): expose login policy of authenticated user ( #4979 )
...
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-01-05 13:04:38 +00:00
Stefan Benz
b1d7433eba
fix: correct display name when adding an instance ( #4930 )
...
* fix: handling of default values inside add instance
* fix: remove release from 2.16.x branch
* chore(lint): show all issues
* refactor: instance converter
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-01-03 10:16:36 +01:00
Livio Spring
0530f19d94
feat: allow usernames without @ when UserMustBeDomain false ( #4852 )
...
* feat: allow usernames without @ when UserMustBeDomain false
* e2e
* test(e2e): table driven tests for humans and machines
* cleanup
* fix(e2e): ensure there are no username conflicts
* e2e: make awaitDesired async
* rm settings mapping
* e2e: make awaitDesired async
* e2e: parse sequence as int
* e2e: ensure test fails if awaitDesired fails
Co-authored-by: Max Peintner <max@caos.ch>
2022-12-22 11:16:17 +00:00
Stefan Benz
7d9fc2c6e7
feat: org remove on admin api and org query with state ( #4917 )
...
* feat: org remove on admin api and org query with state
* docs: change description for admin api remove org
Co-authored-by: Livio Spring <livio.a@gmail.com>
2022-12-22 10:46:06 +00:00
Livio Spring
a99da4f8e4
fix: user queries ( #4920 )
2022-12-22 09:22:08 +00:00
Livio Spring
6093440747
fix(import): activate label policy after creation ( #4879 )
2022-12-21 08:46:05 +00:00
Stefan Benz
f5eddcc490
fix: separate tos and privacy checkbox into two ( #4848 )
2022-12-21 09:27:31 +01:00
Stefan Benz
339fbd4f0c
fix: change back to login button and add to register option screen ( #4847 )
...
* fix: change back to login button and add to register option screen
* fix: change back to login button and add logic for remove and set events
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-12-20 09:26:48 +01:00
Livio Spring
d21bb902f1
fix: push timeout ( #4882 ) ( #4885 )
...
* push with timeout
* test: config for eventstore
(cherry picked from commit b9156da76d
2022-12-15 09:40:13 +00:00
