Merge pull request from GHSA-2wmj-46rj-qm2w
* fix: find instance by original domain
* return instance not found on invalid origin
* test: ensure correct host validation
* test: instance not found is translated
(cherry picked from commit 11d7a8ce61)
* fix: add https status to activity log
* create prerelease
* create RC
* pass info from gateway to grpc server
* fix: update releaserc to create RC version
* cleanup
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix(authz): add logging to access token verification errors
Related to #6949
* use logging fields
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* test(postgres): always test against latest
* Update CONTRIBUTING.md
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update internal/integration/config/docker-compose.yaml
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This change adds a core_generate_all make target.
It installs the required tools and runs generate on the complete project.
`golang/mock` is no longer maintained and a fork is available
from the Uber folks. So the latter is used as tool.
All the mock files have been regenerated and are part of the PR.
The obsolete `tools` directory has been removed,
as all the tools are now part of specific make targets.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: correct method and path for session api activity
* fix: correct method and path for session api activity
* fix: correct function name for activity trigger
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix: add resource owner of user and change the one of session to instance
* use user resource owner from session projection
* fix session permission check
* integration tests and fixes
* update api docs
* chore(deps): upgrade all go modules
This change upgrades all go.mod dependecies. As well as Makefile tools.
There where some imports that still used the old and deprecated
`github.com/golang/protobuf/ptypes` package.
These have been moved to the equivelant
`google.golang.org/protobuf/types/known` package.
The `internal/proto` package is removed as was only used once.
With a simple refactor in the Validator it became completely obsolete.
* fix validate unit test
* cleanup merge
* update otel
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
* feat: extend session search service (#6029)
add two more searching criteria - human user id and session creation date
optional sorting by the session creation date
* fix: use correct column identifier
* fix: implement Col()
* chore: fix unit tests
* chore: fix linter warnings
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
* fix(eventstore): differentiate unique constraint error format
* docs: add comment to eventstore vars
* fix(eventstore): return correct error type if unique constraint already exists
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* feat: enable only specific themes in label policy
* add management in console
* pass enabledTheme
* render login ui based on enabled theme
* add in branding / settings service and name consistently
* update console to latest proto state
* fix console linting
* fix linting
* cleanup
* add translations
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* feat(oidc): use the new oidc server interface
* rename from provider to server
* pin logging and oidc packages
* use oidc introspection fix branch
* add overloaded methods with tracing
* cleanup unused code
* include latest oidc fixes
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* define roles and permissions
* support system user memberships
* don't limit system users
* cleanup permissions
* restrict memberships to aggregates
* default to SYSTEM_OWNER
* update unit tests
* test: system user token test (#6778)
* update unit tests
* refactor: make authz testable
* move session constants
* cleanup
* comment
* comment
* decode member type string to enum (#6780)
* decode member type string to enum
* handle all membership types
* decode enums where necessary
* decode member type in steps config
* update system api docs
* add technical advisory
* tweak docs a bit
* comment in comment
* lint
* extract token from Bearer header prefix
* review changes
* fix tests
* fix: add fix for activityhandler
* add isSystemUser
* remove IsSystemUser from activity info
* fix: add fix for activityhandler
---------
Co-authored-by: Stefan Benz <stefan@caos.ch>
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI
* fix: add unit tests to info package for context changes
* fix: add activity_interceptor.go suggestion
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* fix: refactoring and fixes through PR review
* fix: add auth service to lists of resourceAPIs
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>