Commit Graph

2823 Commits

Author SHA1 Message Date
Tim Möhlmann
df57a64ed7
fix(oidc): ignore public key expiry for ID Token hints (#7293)
* fix(oidc): ignore public key expiry for ID Token hints

This splits the key sets used for access token and ID token hints.
ID Token hints should be able to be verified by with public keys that are already expired.
However, we do not want to change this behavior for Access Tokens,
where an error for an expired public key is still returned.

The public key cache is modified to purge public keys based on last use,
instead of expiry.
The cache is shared between both verifiers.

* resolve review comments

* pin oidc 3.11
2024-01-29 15:11:52 +00:00
Fabi
5e23ea55b2
docs: onboarding customers and users (#7105)
* docs: onboarding organizations

* docs: onboarding organizations

* docs: onboarding end users

* docs: onboarding end users

* docs: onboarding end users

* docs: onboarding end users

* docs: onboarding guide in console

* docs: onboarding guide in console

* docs: onboarding guide in console

* docs: onboarding guide in console

* docs: manually add user

* docs: fix links

* docs: fix links

* Update docs/docs/guides/manage/console/_add_manager.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/_org_login_description.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/solution-scenarios/onboarding/b2b.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* docs: correct review

* docs: fix typos

---------

Co-authored-by: mffap <mpa@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-29 13:47:08 +01:00
Silvan
93f35980b8
docs(a10008): add versions 2.43.6 and 2.42.12 (#7299) 2024-01-26 14:52:34 +01:00
Livio Spring
121f9f8da1
feat(actions): add org metadata in complement token and saml response flows (#7263)
* feat(actions): add org metadata in complement token and saml response flows

* document actions
2024-01-26 08:56:10 +00:00
Silvan
17953e9040
fix(setup): init projections (#7194)
Even though this is a feature it's released as fix so that we can back port to earlier revisions.

As reported by multiple users startup of ZITADEL after leaded to downtime and worst case rollbacks to the previously deployed version.

The problem starts rising when there are too many events to process after the start of ZITADEL. The root cause are changes on projections (database tables) which must be recomputed. This PR solves this problem by adding a new step to the setup phase which prefills the projections. The step can be enabled by adding the `--init-projections`-flag to `setup`, `start-from-init` and `start-from-setup`. Setting this flag results in potentially longer duration of the setup phase but reduces the risk of the problems mentioned in the paragraph above.
2024-01-25 17:28:20 +01:00
Miguel Cabrerizo
d590da7c7d
fix(console): display granted org name in authorizations and show user information (#7116)
* fix: add granted org info to user grants query response

* fix: show user info, tests and add columns to user grant

* fix: add check for org membership

* fix: typo in find logic

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-01-24 11:36:04 +01:00
Livio Spring
94b3799690
docs: update links of examples (#7273) 2024-01-23 15:29:50 +01:00
Florian Forster
e593a8ec63
chore: remove cockroach, clickhouse and add hubspot from third party sub-processors (#7264)
* chore: remove crdb from third party sub-processors

* remove clickhouse

* add hubspot

* fix: google end-user data flag

---------

Co-authored-by: mffap <mpa@zitadel.com>
2024-01-22 13:08:23 +00:00
Miguel Cabrerizo
89169b64ff
fix: detect autofill in chrome to enable login buttons (#7056)
* fix: detect autofill in chrome to enable login buttons

* fix: add -webkit-autofill to input scss

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-01-22 10:24:36 +01:00
Livio Spring
8470649ecb
chore: pin crdb version for unit tests (#7260)
* chore: pin crdb version for unit tests

* use latest 23.1 version

* use latest available 23.1 version
2024-01-18 08:16:54 +00:00
Tim Möhlmann
af4e0484d0
fix: uniform oidc errors (#7237)
* fix: uniform oidc errors

sanitize oidc error reporting when passing package boundary towards oidc.

* add should TriggerBulk in get audiences for auth request

* upgrade to oidc 3.10.1

* provisional oidc upgrade to error branch

* pin oidc 3.10.2
2024-01-18 07:10:49 +01:00
Elio Bischof
cdfcdec101
test(integration, user): fix flakiness (#7252)
* test: fix user integration test flakiness

* assert with *assert.CollectT
2024-01-17 16:24:11 +01:00
Elio Bischof
35339162c9
docs: fix install @zitadel/vue (#7250) 2024-01-17 13:37:19 +01:00
Elio Bischof
ed0bc39ea4
feat: block instances (#7129)
* docs: fix init description typos

* feat: block instances using limits

* translate

* unit tests

* fix translations

* redirect /ui/login

* fix http interceptor

* cleanup

* fix http interceptor

* fix: delete cookies on gateway 200

* add integration tests

* add command test

* docs

* fix integration tests

* add bulk api and integration test

* optimize bulk set limits

* unit test bulk limits

* fix broken link

* fix assets middleware

* fix broken link

* validate instance id format

* Update internal/eventstore/search_query.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* remove support for owner bulk limit commands

* project limits to instances

* migrate instances projection

* Revert "migrate instances projection"

This reverts commit 214218732a.

* join limits, remove owner

* remove todo

* use optional bool

* normally validate instance ids

* use 302

* cleanup

* cleanup

* Update internal/api/grpc/system/limits_converter.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* remove owner

* remove owner from reset

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-17 10:16:48 +00:00
Stefan Benz
d9d376a275
feat: user v2 service query (#7095)
* feat: add query endpoints for user v2 api

* fix: correct integration tests

* fix: correct linting

* fix: correct linting

* fix: comment out permission check on user get and list

* fix: permission check on user v2 query

* fix: merge back origin/main

* fix: add search query in user emails

* fix: reset count for SearchUser if users are removed due to permissions

* fix: reset count for SearchUser if users are removed due to permissions

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-01-17 10:00:10 +01:00
Fabi
853181155d
docs: Avg active idps (#7207)
* docs: legal change active external identity providers

* docs: legal change active external identity providers

* Update docs/docs/legal/service-description/billing.md

Co-authored-by: mffap <mpa@zitadel.com>

---------

Co-authored-by: mffap <mpa@zitadel.com>
2024-01-16 16:20:55 +01:00
Elio Bischof
492d7da37e
docs: add guide for Vue (#7215)
* docs: add guide for Vue

* describe authz

* add vue to sdks

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-01-16 14:21:32 +00:00
Livio Spring
57f40a3c50
docs(examples): adds java spring boot examples (#7226)
* docs(examples): adds java spring boot examples

* add code highlighting for java and php

* Apply suggestions from code review

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* update references

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-01-16 11:02:58 +00:00
Livio Spring
96d0291848
fix: enable iframe use on http://localhost (#7152)
* fix: enable iframe use on http://localhost

* docs(iframe): add info about cookies

* improve comments
2024-01-16 11:28:56 +01:00
Tim Möhlmann
2ccb7baf85
chore(deps): upgrade all go deps (#7227)
* chore(deps): upgrade all go deps

Also `go mod tidy`.
Added comments with URLs for package version lists to makefile commands.

* Update Makefile

Co-authored-by: Livio Spring <livio.a@gmail.com>

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-16 09:27:09 +00:00
Tim Möhlmann
c0b355e24a
fix: pass configured slog to oidc server (#7229) 2024-01-16 06:37:36 +00:00
Tim Möhlmann
0a65e20507
docs(examples): symfony php guide (#7171)
* docs(examples): symfony php guide

* hopefully fix vercel

* complete guide

* add guide to navigation

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-01-15 17:49:41 +00:00
Elio Bischof
29b386005d
fix(origin): fall back to ExternalSecure (#7228)
* fix(origin): fall back to ExternalSecure

* avoid middleware.Middleware

* avoid else

* lint
2024-01-15 16:44:35 +00:00
Miguel Cabrerizo
fc34896092
fix(cnsl): some saml provider issues (#7220)
Co-authored-by: Max Peintner <max@caos.ch>
2024-01-15 15:10:45 +00:00
Chaitanya Tyagi
c7e45f7f49
fix(console): disallow subzero login lifetimes values (#7065) (#7113)
* fix: disallow subzero login lifetimes values (#7065)

* i18n invalid lifetimes

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-01-15 13:11:17 +00:00
Thomas Faust
cdc4a68443
docs: add nodejs-nestjs to introduction.mdx (#7137)
* docs: update introduction.mdx

Add Node.js NestJS framework to the list.

* add node to sidebars

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-01-15 13:48:25 +01:00
Fabi
09288c7826
docs: troubleshoot, project grant missing (#7216)
* docs: add troubleshooting page for missing project grant error message

* docs: change graphic

* Update docs/docs/support/troubleshooting.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* docs: change permission text to project grant

* Update docs/docs/support/troubleshooting.mdx

Co-authored-by: mffap <mpa@zitadel.com>

---------

Co-authored-by: mffap <mpa@zitadel.com>
2024-01-15 09:03:41 +01:00
Silvan
3c5fc31372
fix(handler): handle trigger err correctly (#7205) 2024-01-11 17:55:50 +00:00
mffap
91081caf9f
docs: Add reference to Actions for custom claims and custom attributes (#7204)
* make clear that yarn generate has to be run first

* add reference to custom claims

* add reference to custom saml attribute
2024-01-11 15:27:37 +01:00
Elio Bischof
86b118a4b8
docs(self-hosted): direct to the tested k8s example (#7201)
docs(self-hosted): direct to the tested example
2024-01-11 11:00:00 +01:00
Stefan Benz
3d3264eb8f
fix: add RollbackUnlessCommitted for gorm transactions (#7197) 2024-01-10 23:02:50 +00:00
Livio Spring
7c592ce638
fix(idp): provide id_token for tenant id based azure ad (#7188)
* fix(idp): provide id_token for tenant based azure ad

* comments

* remove unintentional changes
2024-01-10 15:02:17 +00:00
Livio Spring
1a1bb564b9
docs(complement token): clarify when pre userinfo creation is executed (#7189) 2024-01-10 15:29:33 +01:00
mffap
7e73f7a6cc
docs(legal): clarify response time in free plan (#7176) 2024-01-10 09:00:30 +00:00
Silvan
43f1d59649
fix(auth): efficient user session projection (#7187)
* fix(auth): cache users during session projection

* fix(auth.user_sessions): add index for more efficient by user search
2024-01-09 18:36:46 +00:00
Max Peintner
039a1e793b
chore(console): regenerate yarn lockfile (#7182)
fix: regen lock
2024-01-09 10:26:45 +00:00
Tim Möhlmann
62cb29aba9
fix(query): separate login policy queries (#7174)
This change moves IDPLoginPolicyLinks out of the scan function Login Policy queries in order to prevent potential deadlocks.
2024-01-08 21:13:46 +00:00
Miguel Cabrerizo
17153b694e
feat: search users by list of emails (users/_search) (#6983)
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-01-08 18:45:54 +01:00
Stefan Benz
e769b163ef
perf: user grant owner removed (#6962)
* fix: change logic for usergrants projection with no selects

* fix: change logic for usergrants projection with one select

* fix: move resource owner select to single function

* fix: move resource owner select to single function

* fix: changes after merge

* fix: changes after merge

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-01-08 15:26:30 +00:00
Lucas Verdiell
e9cb1b90aa
docs: fix request example in custom login with idp docs (#7154)
Co-authored-by: Florian Forster <florian@zitadel.com>
2024-01-08 14:21:06 +00:00
Miguel Cabrerizo
46175b7cff
fix(console): keep current url after org switch (#7118)
Co-authored-by: Max Peintner <max@caos.ch>
2024-01-08 14:00:57 +00:00
Thomas Faust
c5bec35b1b
docs: add nodejs-nestjs section (#7136)
* docs: add nodejs-nestjs section

* chore: rename nodejs-nestjs to nodejs-nestjs.md

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-01-08 13:33:06 +00:00
mffap
a9ae018c40
docs: Update settings, billing for mange cloud (#7169)
docs: portal settings
2024-01-08 12:59:45 +00:00
Miguel Cabrerizo
93c3763a1c
fix: add back button to password reset done (#7119)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-08 11:56:40 +00:00
Miguel Cabrerizo
3f4aea1a75
fix: replace password back button with arrow (#7120)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-08 11:23:34 +00:00
Max Peintner
aa805d18a2
chore(npm): dependencies (#7141)
* chore(deps): bump flag-icons from 6.9.3 to 7.1.0 in /console (#7092)

Bumps [flag-icons](https://github.com/lipis/flag-icons) from 6.9.3 to 7.1.0.
- [Release notes](https://github.com/lipis/flag-icons/releases)
- [Changelog](https://github.com/lipis/flag-icons/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lipis/flag-icons/compare/v6.9.3...v7.1.0)

---
updated-dependencies:
- dependency-name: flag-icons
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump prettier from 3.0.3 to 3.1.1 in /console (#7058)

Bumps [prettier](https://github.com/prettier/prettier) from 3.0.3 to 3.1.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.3...3.1.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump uuid and @types/uuid in /console (#6993)

Bumps [uuid](https://github.com/uuidjs/uuid) and [@types/uuid](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/uuid). These dependencies needed to be updated together.

Updates `uuid` from 9.0.0 to 9.0.1
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v9.0.0...v9.0.1)

Updates `@types/uuid` from 9.0.2 to 9.0.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/uuid)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/uuid"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* zonejs

* chore(deps-dev): bump @types/jasmine from 4.3.6 to 5.1.4 in /console (#6991)

Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 4.3.6 to 5.1.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)

---
updated-dependencies:
- dependency-name: "@types/jasmine"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump i18n-iso-countries from 7.6.0 to 7.7.0 in /console (#6990)

Bumps [i18n-iso-countries](https://github.com/michaelwittig/node-i18n-iso-countries) from 7.6.0 to 7.7.0.
- [Release notes](https://github.com/michaelwittig/node-i18n-iso-countries/releases)
- [Commits](https://github.com/michaelwittig/node-i18n-iso-countries/compare/v7.6.0...v7.7.0)

---
updated-dependencies:
- dependency-name: i18n-iso-countries
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* jasmine

* prettier plugin

* chore(deps-dev): bump @types/opentype.js from 1.3.4 to 1.3.8 in /console (#6985)

Bumps [@types/opentype.js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/opentype.js) from 1.3.4 to 1.3.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/opentype.js)

---
updated-dependencies:
- dependency-name: "@types/opentype.js"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump postcss from 8.4.21 to 8.4.31 in /docs (#6674)

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.21 to 8.4.31.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.21...8.4.31)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump axios and wait-on in /e2e (#7073)

Bumps [axios](https://github.com/axios/axios) to 1.6.2 and updates ancestor dependency [wait-on](https://github.com/jeffbski/wait-on). These dependencies need to be updated together.


Updates `axios` from 0.25.0 to 1.6.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.25.0...v1.6.2)

Updates `wait-on` from 6.0.1 to 7.2.0
- [Release notes](https://github.com/jeffbski/wait-on/releases)
- [Commits](https://github.com/jeffbski/wait-on/compare/v6.0.1...v7.2.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: indirect
- dependency-name: wait-on
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* lint changes

* lint

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 10:25:21 +00:00
Silvan
1f30776fc2
fix(login): correct rendering of idps (#7151) 2024-01-05 14:35:51 +00:00
Silvan
a5d4b08a99
fix(cleanup): cleanup all stuck states (#7145)
* fix(setup): unmarshal of failed step

* fix(cleanup): cleanup all stuck states

* use lastRun for repeatable steps

* typo

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-05 09:01:48 +00:00
Silvan
41215bdc0a
fix(setup): unmarshal of failed step (#7144) 2024-01-05 06:29:57 +00:00
Silvan
aa2d642e97
fix(handler): updated failed events (#7146) 2024-01-04 21:36:08 +00:00