feat(db): wrap BeginTx in spans to get acquire metrics
This changes adds a span around most db.BeginTx calls so we can get tracings about the connection pool acquire process.
This might help us pinpoint why sometimes some query package traces show longer execution times, while this was not reflected on database side execution times.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute
* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute
* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute
* fix: review changes
* fix: review changes
* fix: review changes
* fix: review changes
* fix: add password change required to user v2 get and list
* fix: update unit tests for query side with new column and projection
* fix: change projection in setup steps
* fix: change projection in setup steps
* fix: remove setup step 25
* fix: add password_change_required into ListUsers response
* fix: correct SetUserPassword parameters
* fix: rollback to change setup instead of projection directly
* fix: rollback to change setup instead of projection directly
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* chore: use pgx v5
* chore: update go version
* remove direct pq dependency
* remove unnecessary type
* scan test
* map scanner
* converter
* uint8 number array
* duration
* most unit tests work
* unit tests work
* chore: coverage
* go 1.21
* linting
* int64 gopfertammi
* retry go 1.22
* retry go 1.22
* revert to go v1.21.5
* update go toolchain to 1.21.8
* go 1.21.8
* remove test flag
* go 1.21.5
* linting
* update toolchain
* use correct array
* use correct array
* add byte array
* correct value
* correct error message
* go 1.21 compatible
This PR extends the user schema service (V3 API) with the possibility to ListUserSchemas and GetUserSchemaByID.
The previously started guide is extended to demonstrate how to retrieve the schema(s) and notes the generated revision property.
A customer noted that the login by email was case-sensitive, which differs to the handling of the loginname.
This PR changes the email check to be case-insensitive (which it was already in same parts) and improve the search for this as well.
* add token exchange feature flag
* allow setting reason and actor to access tokens
* impersonation
* set token types and scopes in response
* upgrade oidc to working draft state
* fix tests
* audience and scope validation
* id toke and jwt as input
* return id tokens
* add grant type token exchange to app config
* add integration tests
* check and deny actors in api calls
* fix instance setting tests by triggering projection on write and cleanup
* insert sleep statements again
* solve linting issues
* add translations
* pin oidc v3.15.0
* resolve comments, add event translation
* fix refreshtoken test
* use ValidateAuthReqScopes from oidc
* apparently the linter can't make up its mind
* persist actor thru refresh tokens and check in tests
* remove unneeded triggers
* feat: add projections and query side to executions and targets
* feat: add list and get endpoints for targets
* feat: add integration tests for query endpoints target and execution
* fix: linting
* fix: linting
* fix: review changes, renames and corrections
* fix: review changes, renames and corrections
* fix: review changes, renames and corrections
* fix: review changes, renames and corrections
* fix: review changes, renames and corrections
* fix: review changes, renames and corrections
* fix: remove position from list details
This PR adds the functionality to manage user schemas through the new user schema service.
It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation.
Further annotations for OIDC claims and SAML attribute mappings will follow.
A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those.
Note:
This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
* fix: projection reduce correction with unit tests
* fix: remove eventcout variable as not used anymore
* fix: add errors if resoureowner is not found in user grants reduce
fix(query): optimize instance by domain query
On zitadel cloud we noticed an increase in database CPU usage and slightly higher response times.
By analyzes we found that the instance by domain query was wrongly joining all instance_feature rows against all instances.
This PR adds an additional CTE to limit the join set to only the features that apply to the found instance.
The query was introduced with https://github.com/zitadel/zitadel/pull/7356 and part of the v2.47 release.
* fix: assign instance ID to aggregate ID when converting from v1 to v2 feature
This change fixes a mismatch between v1 and v2 aggregate IDs for instance feature events.
The old v1 used a random aggregate ID, while v2 uses the instance ID as aggregate ID.
The adapter was not correctly mapping, which resulted in the projections.instance_features table being filled with wrong instance IDs.
Closes#7501
* fix unit test
* feat: improve instance not found error
* unit tests
* check if is templatable
* lint
* assert
* compile tests
* remove error templates
* link to instance not found page
* fmt
* cleanup
* lint
* partial work done
* test IAM membership roles
* org membership tests
* console :(, translations and docs
* fix integration test
* fix tests
* add EnableImpersonation to security policy API
* fix integration test timestamp checking
* add security policy tests and fix projections
* add impersonation setting in console
* add security settings to the settings v2 API
* fix typo
* move impersonation to instance
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat(api): feature API proto definitions
* update proto based on discussion with @livio-a
* cleanup old feature flag stuff
* authz instance queries
* align defaults
* projection definitions
* define commands and event reducers
* implement system and instance setter APIs
* api getter implementation
* unit test repository package
* command unit tests
* unit test Get queries
* grpc converter unit tests
* migrate the V1 features
* migrate oidc to dynamic features
* projection unit test
* fix instance by host
* fix instance by id data type in sql
* fix linting errors
* add system projection test
* fix behavior inversion
* resolve proto file comments
* rename SystemDefaultLoginInstanceEventType to SystemLoginDefaultOrgEventType so it's consistent with the instance level event
* use write models and conditional set events
* system features integration tests
* instance features integration tests
* error on empty request
* documentation entry
* typo in feature.proto
* fix start unit tests
* solve linting error on key case switch
* remove system defaults after discussion with @eliobischof
* fix system feature projection
* resolve comments in defaults.yaml
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix(oidc): ignore public key expiry for ID Token hints
This splits the key sets used for access token and ID token hints.
ID Token hints should be able to be verified by with public keys that are already expired.
However, we do not want to change this behavior for Access Tokens,
where an error for an expired public key is still returned.
The public key cache is modified to purge public keys based on last use,
instead of expiry.
The cache is shared between both verifiers.
* resolve review comments
* pin oidc 3.11
Even though this is a feature it's released as fix so that we can back port to earlier revisions.
As reported by multiple users startup of ZITADEL after leaded to downtime and worst case rollbacks to the previously deployed version.
The problem starts rising when there are too many events to process after the start of ZITADEL. The root cause are changes on projections (database tables) which must be recomputed. This PR solves this problem by adding a new step to the setup phase which prefills the projections. The step can be enabled by adding the `--init-projections`-flag to `setup`, `start-from-init` and `start-from-setup`. Setting this flag results in potentially longer duration of the setup phase but reduces the risk of the problems mentioned in the paragraph above.
* fix: add granted org info to user grants query response
* fix: show user info, tests and add columns to user grant
* fix: add check for org membership
* fix: typo in find logic
---------
Co-authored-by: Max Peintner <max@caos.ch>
* feat: add query endpoints for user v2 api
* fix: correct integration tests
* fix: correct linting
* fix: correct linting
* fix: comment out permission check on user get and list
* fix: permission check on user v2 query
* fix: merge back origin/main
* fix: add search query in user emails
* fix: reset count for SearchUser if users are removed due to permissions
* fix: reset count for SearchUser if users are removed due to permissions
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
* fix: change logic for usergrants projection with no selects
* fix: change logic for usergrants projection with one select
* fix: move resource owner select to single function
* fix: move resource owner select to single function
* fix: changes after merge
* fix: changes after merge
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* fix(db): add additional connection pool for projection spooling
* use correct connection pool for projections
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* cleanup todo
* pass id token details to oidc
* feat(oidc): id token for device authorization
This changes updates to the newest oidc version,
so the Device Authorization grant can return ID tokens when
the scope `openid` is set.
There is also some refactoring done, so that the eventstore can be
queried directly when polling for state.
The projection is cleaned up to a minimum with only data required for the login UI.
* try to be explicit wit hthe timezone to fix github
* pin oidc v3.8.0
* remove TBD entry
* start user by id
* ignore debug bin
* use new user by id
* new sql
* fix(sql): replace STRING with text for psql compatabilit
* some changes
* fix: correct user queries
* fix tests
* unify sql statements
* use specific get user methods
* search login name case insensitive
* refactor: optimise user statements
* add index
* fix queries
* fix: correct domain segregation
* return all login names
* fix queries
* improve readability
* query should be correct now
* cleanup statements
* fix username / loginname handling
* fix: psql doesn't support create view if not exists
* fix: create pre-release
* ignore release comments
* add lower fields
* fix: always to lower
* update to latest projection
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* configure supported languages
* fix allowed languages
* fix tests
* default lang must not be restricted
* preferred language must be allowed
* change preferred languages
* check languages everywhere
* lint
* test command side
* lint
* add integration test
* add integration test
* restrict supported ui locales
* lint
* lint
* cleanup
* lint
* allow undefined preferred language
* fix integration tests
* update main
* fix env var
* ignore linter
* ignore linter
* improve integration test config
* reduce cognitive complexity
* compile
* check for duplicates
* remove useless restriction checks
* review
* revert restriction renaming
* fix language restrictions
* lint
* generate
* allow custom texts for supported langs for now
* fix tests
* cleanup
* cleanup
* cleanup
* lint
* unsupported preferred lang is allowed
* fix integration test
* finish reverting to old property name
* finish reverting to old property name
* load languages
* refactor(i18n): centralize translators and fs
* lint
* amplify no validations on preferred languages
* fix integration test
* lint
* fix resetting allowed languages
* test unchanged restrictions
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.
`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.
The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix: add resource owner of user and change the one of session to instance
* use user resource owner from session projection
* fix session permission check
* integration tests and fixes
* update api docs
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
* feat: extend session search service (#6029)
add two more searching criteria - human user id and session creation date
optional sorting by the session creation date
* fix: use correct column identifier
* fix: implement Col()
* chore: fix unit tests
* chore: fix linter warnings
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* add management in console
* pass enabledTheme
* render login ui based on enabled theme
* add in branding / settings service and name consistently
* update console to latest proto state
* fix console linting
* fix linting
* cleanup
* add translations
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
* feat: delete organizations
* feat: tests and delete all that depends on org
* fix: grpc delete description
* fix: get back reduce OrgRemovedEvent
* fix: add @muhlemmer review suggestions
* fix: new e2e for add/delete org
* feat: add reply-to header to smtp messages
* fix: grpc reply_to_address min 0 and js var name
* fix: add missing translations
* fix merge and linting
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat: add otp (sms and email) checks in session api
* implement sending
* fix tests
* add tests
* add integration tests
* fix merge main and add tests
* put default OTP Email url into config
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix: tests
* bastle wie en grosse
* fix(database): scan as callback
* fix tests
* fix merge failures
* remove as of system time
* refactor: remove unused test
* refacotr: remove unused lines
* feat: migrate external id
* implement tests and some renaming
* fix projection
* cleanup
* i18n
* fix event type
* handle migration for new services as well
* typo
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
This PR adds support for the OIDC end_session_endpoint for V2 tokens. Sending an id_token_hint as parameter will directly terminate the underlying (SSO) session and all its tokens. Without this param, the user will be redirected to the Login UI, where he will able to choose if to logout.
This PR adds support for OAuth2 token revocation of V2 tokens.
Unlike with V1 tokens, it's now possible to revoke a token not only from the authorized client / client which the token was issued to, but rather from all trusted clients (audience)
This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
* feat: use passwap for human user passwords
* fix tests
* passwap config
* add the event mapper
* cleanup query side and api
* solve linting errors
* regression test
* try to fix linter errors again
* pass systemdefaults into externalConfigChange migration
* fix: user password set in auth view
* pin passwap v0.2.0
* v2: validate hashed password hash based on prefix
* resolve remaining comments
* add error tag and translation for unsupported hash encoding
* fix unit test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* reproduce #5808
Add an integration test that imports and gets N amount of human users.
- With N set to 1-10 the operation seems to succeed always
- With N set to 100 the operation seems to fail between 1 and 7 times.
* fix merge issue
* fix: reset the call timestamp after a bulk trigger
With the use of `AS OF SYSTEM TIME` in queries,
there was a change for the query package not
finding the latest projection verson after
a bulk trigger.
If events where processed in the bulk trigger,
the resulting row timestamp would be after the call
start timestamp.
This sometimes resulted in consistency issues when
Set and Get API methods are called in short succession.
For example a Import and Get user could sometimes result in a Not Found
error.
Although the issue was reported for the Management API user import,
it is likely this bug contributed to the flaky integration and e2e tests.
Fixes#5808
* trigger bulk action in GetSession
* don't use the new context in handler schedule
* disable reproduction test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.
* feat(api): add password reset and change to user service
* integration tests
* invalidate password check after password change
* handle notification type
* fix proto
* feat: add v2alpha policies service
* feat: add v2alpha policies service
* fix: rename of attributes and messages in v2alpha api
* fix: rename of attributes and messages in v2alpha api
* fix: linter corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix grpc
* refactor: rename to settings and more
* Apply suggestions from code review
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
* add service to docs and rename legal settings
* unit tests for converters
* go mod tidy
* ensure idp name and return list details
* fix: use correct resource owner for active idps
* change query to join
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* device auth: implement the write events
* add grant type device code
* fix(init): check if default value implements stringer
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>