Commit Graph

1300 Commits

Author SHA1 Message Date
Livio Spring
ce322323aa
perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00
Elio Bischof
1b6e3dcf27
fix: creation date argument in search events filters (#6855)
* fix: creation date filter in event queries

* fix: creation date with ordering filter

* simplify code

* simplify review

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-03 14:52:48 +00:00
Livio Spring
9378e19090
fix: payload (de)serialization of some events (#6858) 2023-11-03 11:02:17 +00:00
Stefan Benz
d874628f77
fix: use username with external idp linking (#6846)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-02 11:28:59 +00:00
Stefan Benz
f84eb19637
fix: change error message from metadata query User.NotFound to Metada… (#6830)
fix: change error message from metadata query User.NotFound to Metadata.NotFound

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-02 08:35:15 +00:00
Tim Möhlmann
0a1da1f02c
fix: reset custom texts to default (#6833)
* Revert "fix: add texts after template reset (#6237)"

This reverts commit d937ee3dda.

* fix: reset of custom text template

* add custom bulk limits from issue

https://github.com/zitadel/zitadel/issues/6766#issuecomment-1778721782
2023-10-27 17:43:13 +00:00
Silvan
f8bf8ea256
fix(eventstore): differentiate unique constraint error (#6832)
* fix(eventstore): differentiate unique constraint error format

* docs: add comment to eventstore vars

* fix(eventstore): return correct error type if unique constraint already exists
2023-10-27 14:10:01 +02:00
Elio Bischof
a4626f9bdb
fix: return unauthenticated code (#6819)
* fix: return unauthenticated code

* remove cfg.yaml

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-10-27 06:09:07 +00:00
Silvan
0187487f26
chore: correct tracing of trigger function (#6825)
* chore: correct tracing of trigger function

* refactor: remove import
2023-10-26 17:07:56 +02:00
Stefan Benz
0dec125e6b
fix: list mapping of saml provider configuration type (#6815)
Co-authored-by: Max Peintner <max@caos.ch>
2023-10-26 10:06:37 +00:00
Stefan Benz
cb7b50b513
feat: add attribute to only enable specific themes (#6798)
* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* add management in console

* pass enabledTheme

* render login ui based on enabled theme

* add in branding / settings service and name consistently

* update console to latest proto state

* fix console linting

* fix linting

* cleanup

* add translations

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-10-26 05:54:09 +00:00
Tim Möhlmann
ad26ca88d7
feat(system api): list instances by domains (#6806)
Allow to list instances by their domains on the system API.

closes #6785
2023-10-25 19:20:12 +00:00
Stefan Benz
b51ad53e5a
fix: list mapping of saml provider configuration (#6804)
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-10-25 17:05:00 +00:00
Tim Möhlmann
94cf30c547
feat(oidc): use the new oidc server interface (#6779)
* feat(oidc): use the new oidc server interface

* rename from provider to server

* pin logging and oidc packages

* use oidc introspection fix branch

* add overloaded methods with tracing

* cleanup unused code

* include latest oidc fixes

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-10-25 15:44:05 +00:00
Elio Bischof
4980cd6a0c
feat: add SYSTEM_OWNER role (#6765)
* define roles and permissions

* support system user memberships

* don't limit system users

* cleanup permissions

* restrict memberships to aggregates

* default to SYSTEM_OWNER

* update unit tests

* test: system user token test (#6778)

* update unit tests

* refactor: make authz testable

* move session constants

* cleanup

* comment

* comment

* decode member type string to enum (#6780)

* decode member type string to enum

* handle all membership types

* decode enums where necessary

* decode member type in steps config

* update system api docs

* add technical advisory

* tweak docs a bit

* comment in comment

* lint

* extract token from Bearer header prefix

* review changes

* fix tests

* fix: add fix for activityhandler

* add isSystemUser

* remove IsSystemUser from activity info

* fix: add fix for activityhandler

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
2023-10-25 15:10:45 +00:00
Stefan Benz
48ae5d58ac
feat: add activity logs on user actions with authentication, resource… (#6748)
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* fix: add unit tests to info package for context changes

* fix: add activity_interceptor.go suggestion

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* fix: refactoring and fixes through PR review

* fix: add auth service to lists of resourceAPIs

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-10-25 12:09:15 +00:00
Elio Bischof
385a55bd21
feat: limit audit trail (#6744)
* feat: enable limiting audit trail

* support AddExclusiveQuery

* fix invalid condition

* register event mappers

* fix NullDuration validity

* test query side for limits

* lint

* acceptance test audit trail limit

* fix acceptance test

* translate limits not found

* update tests

* fix linting

* add audit log retention to default instance

* fix tests

* update docs

* remove todo

* improve test name
2023-10-25 11:42:00 +00:00
Elio Bischof
1c839e308b
perf: query projected milestones for onboarding view (#6760)
* feat: support list milestones api

* show milestones in onboarding view

* add authenticated milestone

* add icon to login milestone

* update main

* lint

* fix import

* fix import

* lint

* reuse proto milestone type mapping
2023-10-25 11:16:34 +00:00
Livio Spring
73dbf31368
Merge pull request from GHSA-954h-jrpm-72pm 2023-10-25 11:15:22 +02:00
Fabi
93122efe9f
fix: cryptic error message for user not found (#6787)
* fix: cryptic error message for user not found

* fix: cryptic error message for user not found, fix test
2023-10-24 21:19:12 +00:00
Tim Möhlmann
ab79855cf0
fix(eventstore): prevent allocation of filtered events (#6749)
* fix(eventstore): prevent allocation of filtered events

Directly reduce each event obtained from a sql.Rows scan,
so that we do not have to allocate all events in a slice.

* reinstate the mutex as RWMutex

* scan data directly

* add todos

* fix(writemodels): add reduce of parent

* test: remove comment

* update comments

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-10-19 15:21:31 +00:00
Silvan
4d4f649eda
fix(db): allow unlimited connections (#6758) 2023-10-19 13:37:22 +00:00
adlerhurst
bd23a7a56f merge main into next 2023-10-19 12:34:00 +02:00
Silvan
b5564572bc
feat(eventstore): increase parallel write capabilities (#5940)
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and  [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2023-10-19 12:19:10 +02:00
Elio Bischof
c0ddaf87e6 fix: origin from proxies (#6738)
* fix: origin from proxies

* test multiple forwarded header values
2023-10-19 10:35:47 +02:00
Livio Spring
426c4acbfe fix(notification): get origin from all relevant events and fix nil pointer (#6726) 2023-10-19 10:34:52 +02:00
Livio Spring
a272b1201f
fix(api): use (provided) organisation instead of resourceOwner of caller (#6714) 2023-10-12 10:00:36 +02:00
Miguel Cabrerizo
2d4cd331da
fix: allow unicode characters in org domains (#6675)
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
2023-10-11 09:55:01 +02:00
Elio Bischof
8f6cb47567
fix: use triggering origin for notification links (#6628)
* take baseurl if saved on event

* refactor: make es mocks reusable

* Revert "refactor: make es mocks reusable"

This reverts commit 434ce12a6a.

* make messages testable

* test asset url

* fmt

* fmt

* simplify notification.Start

* test url combinations

* support init code added

* support password changed

* support reset pw

* support user domain claimed

* support add pwless login

* support verify phone

* Revert "support verify phone"

This reverts commit e40503303e.

* save trigger origin from ctx

* add ready for review check

* camel

* test email otp

* fix variable naming

* fix DefaultOTPEmailURLV2

* Revert "fix DefaultOTPEmailURLV2"

This reverts commit fa34d4d2a8.

* fix email otp challenged test

* fix email otp challenged test

* pass origin in login and gateway requests

* take origin from header

* take x-forwarded if present

* Update internal/notification/handlers/queries.go

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* Update internal/notification/handlers/commands.go

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* move origin header to ctx if available

* generate

* cleanup

* use forwarded header

* support X-Forwarded-* headers

* standardize context handling

* fix linting

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-10-10 13:20:53 +00:00
Fabian Deifuß
0180779d6d
fix(backend): include removed SMTP config in Query (#6624) (#6673)
closes #6624

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-10-10 12:45:45 +00:00
Miguel Cabrerizo
e66d476c47
fix: meaningful error messages for domain validation (#6677)
* feat: meaningful error messages for domain validation

* fix: duplicated error code and fix some org codes

* fix: add @peintnermax i18n suggestions

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-10-10 12:02:16 +00:00
Livio Spring
8549dd7a3d
fix(login): error case for unknown usernames correctly (#6689) 2023-10-09 15:05:25 +00:00
Stefan Benz
6ce11a416a
test: correct used client api call in integration test (#6685)
fix: correct used client api call in integration test

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-10-09 12:09:51 +00:00
Livio Spring
9696fde676
fix: reduce origin check to tokens issued through code and implicit flow (#6681)
fix: only check origin for tokens issued to users through apps (code / implicit flow)
2023-10-09 10:08:18 +00:00
Livio Spring
54676eda98
Merge pull request from GHSA-v683-rcxx-vpff 2023-10-09 11:47:43 +02:00
Livio Spring
e3ac217424
fix: ensure no events are skipped on token check (#6663)
fix: ensure no events are skipped on token check
2023-10-09 09:26:27 +02:00
Stefan Benz
15fd3045e0
feat: add SAML as identity provider (#6454)
* feat: first implementation for saml sp

* fix: add command side instance and org for saml provider

* fix: add query side instance and org for saml provider

* fix: request handling in event and retrieval of finished intent

* fix: add review changes and integration tests

* fix: add integration tests for saml idp

* fix: correct unit tests with review changes

* fix: add saml session unit test

* fix: add saml session unit test

* fix: add saml session unit test

* fix: changes from review

* fix: changes from review

* fix: proto build error

* fix: proto build error

* fix: proto build error

* fix: proto require metadata oneof

* fix: login with saml provider

* fix: integration test for saml assertion

* lint client.go

* fix json tag

* fix: linting

* fix import

* fix: linting

* fix saml idp query

* fix: linting

* lint: try all issues

* revert linting config

* fix: add regenerate endpoints

* fix: translations

* fix mk.yaml

* ignore acs path for user agent cookie

* fix: add AuthFromProvider test for saml

* fix: integration test for saml retrieve information

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-29 11:26:14 +02:00
Livio Spring
2e99d0fe1b
fix(email): UTF-8 "Q" encode subject header (#6637)
fix(email): UTF-8 "Q" encode subject header
2023-09-29 08:53:45 +00:00
Livio Spring
68bfab2fb3
feat(login): use default org for login without provided org context (#6625)
* start feature flags

* base feature events on domain const

* setup default features

* allow setting feature in system api

* allow setting feature in admin api

* set settings in login based on feature

* fix rebasing

* unit tests

* i18n

* update policy after domain discovery

* some changes from review

* check feature and value type

* check feature and value type
2023-09-29 08:21:32 +00:00
Max Peintner
e9148e96c7
fix(login): firefox MFA radio mouse target (#6632)
fix: mfa radio for firefox
2023-09-28 08:15:01 +02:00
Stefan Benz
2823678eb6
fix: add userID to intent responses (#6566)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-25 05:21:50 +00:00
Elio Bischof
520f87d9b1
test: duplicate quota notifications (#6610) 2023-09-22 13:33:23 +02:00
Elio Bischof
ae1af6bc8c
fix: set quotas (#6597)
* feat: set quotas

* fix: start new period on younger anchor

* cleanup e2e config

* fix set notifications

* lint

* test: fix quota projection tests

* fix add quota tests

* make quota fields nullable

* enable amount 0

* fix initial setup

* create a prerelease

* avoid success comments

* fix quota projection primary key

* Revert "fix quota projection primary key"

This reverts commit e72f4d7fa1.

* simplify write model

* fix aggregate id

* avoid push without changes

* test set quota lifecycle

* test set quota mutations

* fix quota unit test

* fix: quotas

* test quota.set event projection

* use SetQuota in integration tests

* fix: release quotas 3

* reset releaserc

* fix comment

* test notification order doesn't matter

* test notification order doesn't matter

* test with unmarshalled events

* test with unmarshalled events
2023-09-22 09:37:16 +00:00
Tim Möhlmann
e6d273b328
chore(deps): bump oidc (#6607)
* chore(deps): bump oidc

Include the Issuer from Frowarded header feature

* use the new constructor
2023-09-22 11:05:11 +02:00
Livio Spring
593d1605ab
fix: only reuse active session and use correct policies (from user org) (#6603) 2023-09-21 16:45:41 +02:00
Anthony Lawn
ebb8f92e85
fix: Increase suffix wrapper to 200px wide (#6590)
Increase suffix wrapper to 200px wide

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Max Peintner <max@caos.ch>
2023-09-19 12:37:11 +00:00
Miguel Cabrerizo
f9bb250698
feat: improve Password.NotChanged message (#6589)
* feat: improve Password.NotChanged message

* Update internal/api/ui/login/static/i18n/de.yaml

* Update internal/static/i18n/de.yaml

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-09-19 12:05:49 +00:00
Anthony Lawn
a5decda201
fix: inconsistencies and other minor issues in English strings (#6591)
Fixed inconsistencies and other minor issues in English strings

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-09-19 08:33:01 +02:00
wackbyte
4bebcd6c0f
fix: typo in "file too big" error message (#6577)
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-09-18 13:08:32 +00:00
Tim Möhlmann
9266f8f00b
fix(command): allow email as username (#6565)
Fixes #6460

Made the username checks consistent with create human user.
2023-09-15 15:29:29 +00:00