Commit Graph

798 Commits

Author SHA1 Message Date
Livio Amstutz
077a9a628e
fix: improvements for login flow (incl. webauthn) (#1026)
* fix: typo ZITADEL uppercase for OTP Issuer

* fix: password validation after change in current user agent

* fix: otp validation after setup in current user agent

* add waiting

* add waiting

* show u2f state

* regenerate css

* add useragentID to webauthn verify

* return mfa attribute in mgmt

* switch between providers

* use preferredLoginName for webauthn display

* some fixes

* correct translations for login

* add some missing event translations

* fix usersession test

* remove unnecessary cancel button on password change done
2020-12-07 12:09:10 +01:00
Livio Amstutz
6d210c3f00
fix: add permissions-policy header (#1059) 2020-12-07 09:00:31 +01:00
Fabiennne
2a25c0b617 Merge branch 'master' into new-eventstore
# Conflicts:
#	go.sum
2020-12-03 10:11:18 +01:00
Livio Amstutz
300ade66a7
feat: add WebAuthN support for passwordless login and 2fa (#966)
* at least registration prompt works

* in memory test for login

* buttons to start webauthn process

* begin eventstore impl

* begin eventstore impl

* serialize into bytes

* fix: u2f, passwordless types

* fix for localhost

* fix script

* fix: u2f, passwordless types

* fix: add u2f

* fix: verify u2f

* fix: session data in event store

* fix: u2f credentials in eventstore

* fix: webauthn pkg handles business models

* feat: tests

* feat: append events

* fix: test

* fix: check only ready webauthn creds

* fix: move u2f methods to authrepo

* frontend improvements

* fix return

* feat: add passwordless

* feat: add passwordless

* improve ui / error handling

* separate call for login

* fix login

* js

* feat: u2f login methods

* feat: remove unused session id

* feat: error handling

* feat: error handling

* feat: refactor user eventstore

* feat: finish webauthn

* feat: u2f and passwordlss in auth.proto

* u2f step

* passwordless step

* cleanup js

* EndpointPasswordLessLogin

* migration

* update mfaChecked test

* next step test

* token name

* cleanup

* attribute

* passwordless as tokens

* remove sms as otp type

* add "user" to amr for webauthn

* error handling

* fixes

* fix tests

* naming

* naming

* fixes

* session handler

* i18n

* error handling in login

* Update internal/ui/login/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* improvements

* merge fixes

* fixes

* fixes

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-12-02 17:00:04 +01:00
Fabi
6b3f5b984c
feat: metrics (#1024)
* refactor: switch from opencensus to opentelemetry

* tempo works as designed nooooot

* fix: log traceids

* with grafana agent

* fix: http tracing

* fix: cleanup files

* chore: remove todo

* fix: bad test

* fix: ignore methods in grpc interceptors

* fix: remove test log

* clean up

* typo

* fix(config): configure tracing endpoint

* fix(span): add error id to span

* feat: metrics package

* feat: metrics package

* fix: counter

* fix: metric

* try metrics

* fix: coutner metrics

* fix: active sessin counter

* fix: active sessin counter

* fix: change current Sequence table

* fix: change current Sequence table

* fix: current sequences

* fix: spooler div metrics

* fix: console view

* fix: merge master

* fix: Last spool run on search result instead of eventtimestamp

* fix: go mod

* Update console/src/assets/i18n/de.json

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr review

* fix: map

* update oidc pkg

* fix: handlers

* fix: value observer

* fix: remove fmt

* fix: handlers

* fix: tests

* fix: handler minimum cycle duration 1s

* fix(spooler): handler channel buffer

* fix interceptors

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-12-02 08:50:59 +01:00
adlerhurst
c2400e1da5 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-30 07:41:14 +01:00
Livio Amstutz
2331b8a4c0
feat(oidc): add clock skew and userinfo claims in ID Token (#1022)
* feat: add clock skew

* add IDTokenUserinfoAssertion

* migration

* fix missing converter

* update oidc version

* fix interface impl
2020-11-27 14:10:52 +01:00
adlerhurst
3bd4d3a8e3 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-26 13:14:12 +01:00
adlerhurst
246d4294cf fix(eventstore): tests 2020-11-26 09:19:14 +01:00
Fabi
75bf0409c4
fix: management api remove otp (#1010)
* fix: management api remove otp

* add postinstall

* remove mgmt otp

Co-authored-by: Max Peintner <max@caos.ch>
2020-11-24 12:06:46 +01:00
adlerhurst
6431fd2ec5 Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-23 11:40:50 +01:00
adlerhurst
4aadd290f4 write model 2020-11-23 11:36:58 +01:00
Fabi
666e43a7e2
feat: probes (#964)
* feat: probes

* feat: validate

* fix: protos

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-11-20 10:09:17 +01:00
Silvan
168242e725
fix(tracing): from opencensus to opentelemetry (#937)
* refactor: switch from opencensus to opentelemetry

* tempo works as designed nooooot

* fix: log traceids

* with grafana agent

* fix: http tracing

* fix: cleanup files

* chore: remove todo

* fix: bad test

* fix: ignore methods in grpc interceptors

* fix: remove test log

* clean up

* typo

* fix(config): configure tracing endpoint

* fix(span): add error id to span
2020-11-20 07:57:39 +01:00
adlerhurst
609c4d4f24 Merge branch 'master' into new-eventstore 2020-11-19 17:20:09 +01:00
Silvan
93e941a475
fix: Improve search user grants (#988)
* fix(management): search user grants with granted

* fix(auth): handle user grant project owner

* fix: migration
2020-11-19 14:13:07 +01:00
adlerhurst
147782332f Merge remote-tracking branch 'origin/master' into new-eventstore 2020-11-18 10:36:02 +01:00
adlerhurst
edff816ec1 start idp config 2020-11-17 13:44:37 +01:00
Livio Amstutz
376fba72d8
fix: user init mail (for wrong email) (#891)
* add resendInitialMail

* disable email notifications (when not initialised)

* fix resend init mail

* add tests

* cleanup

* cleanup

* fix tests

* add resend trigger, dialog

* refactor contact component, add sendinitmail fnc

* skip email if empty

* reload user on phone email changes, i18n warndialog on dl

* lint

* rebuild mgmt proto

* remove initial focus

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-11-16 11:43:22 +01:00
Fabi
78c0cf2f57
fix: add and verified projectID in audience (#957)
* feat: new scope for project id in aud

* feat: add doc

* feat: projectid endpoint

* feat: remove handle Proejct id

* fix: remove go.mod replace

* fix: add project id to aud

* fix: update oidc version

* fix: change project id scope

* update projectID scope to current usage

* typo: ZITADEL uppercase

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-11-16 10:54:48 +01:00
adlerhurst
23e6cad703 start implementing new eventstore on iam 2020-11-12 22:50:01 +01:00
adlerhurst
57fc3ddd16 policies implemented 2020-11-06 22:09:19 +01:00
Fabi
202aae4954
feat: mfa policy (#913)
* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy on org

* feat: add mfa to login policy on org

* feat: append events on policy views

* feat: iam login policy mfa definition

* feat: login policies on orgs

* feat: configured mfas in login process

* feat: configured mfas in login process

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: rename software and hardware mfas

* fix: pr requests

* fix user mfa

* fix: test

* fix: oidc version

* fix: oidc version

* fix: proto gen

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
2020-11-04 11:26:10 +01:00
Fabi
51417be35d
feat: primary domain (#936)
* fix: primary domain

* fix: remove comment

* fix: oidc version
2020-11-03 10:50:03 +01:00
Fabi
b79661d66e
fix: add search params for user grants (#915) 2020-11-03 07:52:49 +01:00
Livio Amstutz
524a6d4467
fix: type conversation (#894) 2020-10-26 08:38:48 +01:00
Livio Amstutz
b3f68c8f48
feat: add tracing interceptors to login and oidc (#764)
* add tracing interceptors to login and oidc

* add some tracing spans

* trace login calls

* add some spans

* add some spans (change password)

* add some more tracing in oauth/oidc

* revert org exists

* Merge branch 'master' into http-tracing

# Conflicts:
#	internal/api/oidc/auth_request.go
#	internal/api/oidc/client.go
#	internal/auth/repository/eventsourcing/eventstore/auth_request.go
#	internal/auth/repository/eventsourcing/eventstore/user.go
#	internal/authz/repository/eventsourcing/eventstore/token_verifier.go
#	internal/authz/repository/eventsourcing/view/token.go
#	internal/user/repository/eventsourcing/eventstore.go
2020-10-21 10:18:34 +02:00
Michael Waeger
42384763d1
feat: Private label email policy (#813)
* Label Policy added

* save

* chore: update docs action

* Save

* Save

* Get colors from DB

* Variables inserted

* Get images from global directory.

* Add tests

* Add tests

* Corrections from mergerequest

* Corrections from mergerequest

* Test corrected.

* Added colors to all notifications.

* Added colors to
Corrected text and formatting.all notifications.

* Spelling error corrected.

* fix: tests

* Merge Branch corrected.

* Step6 added

* Corrections from mergerequest

* fix: generate management

* Formatted texts.

* fix: migrations

Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2020-10-20 19:10:23 +02:00
Fabi
7e56ace9d9
fix: idp provider handler (#874)
* fix: idp provider handler

* fix: idp provider search

* fix: idp provider search

* fix: error handling

* fix: error handling

* fix: fix read config
2020-10-20 14:26:19 +02:00
Fabi
4eb380a825
fix: IDP login button styles (#869)
* fix: styling type on idp

* fix: google styling

* fix: google styling

* fix: google styling

* fix: remove logo src from angular

* fix: pr requests

* fix drop column migration

* fix: drop column migration

* fix: grant id
2020-10-19 17:10:02 +02:00
Livio Amstutz
a321d850ae
feat: project roles (#843)
* fix logging

* token verification

* feat: assert roles

* feat: add project role assertion on project and token type on app

* id and access token role assertion

* add project role check

* user grant required step in login

* update library

* fix merge

* fix merge

* fix merge

* update oidc library

* fix tests

* add tests for GrantRequiredStep

* add missing field ProjectRoleCheck on project view model

* fix project create

* fix project create
2020-10-16 07:49:38 +02:00
Fabi
265b491696
feat: tokens on user aggregate (#837)
* fix: fix remove policies in spoolers

* fix: reread of token by id

* fix: update oidc package

* fix: possible nil pointer on token split

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-10-15 13:52:41 +02:00
Fabi
fbb30840f1
feat: policies on aggregates (#799)
* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
2020-10-15 10:27:13 +02:00
Fabi
9ad547185c
feat: remove user (#812)
* feat: remove user

* feat: handle delete state on user by id

* feat: handle delete state on project by id
2020-10-07 08:16:42 +02:00
Silvan
3e1204524e
fix: multiple setup steps (#773)
* fix: multiple setup steps

* fix: test set up started

* fix: possible nil pointers in setup

* fix: validate executed step
2020-09-24 11:38:28 +02:00
Livio Amstutz
da8f243129
fix: marshal of user info address (#767) 2020-09-21 12:55:39 +02:00
Fabi
320ddfa46d
feat: Identity brokering (#730)
* feat: add/ remove external idps

* feat: external idp add /remove

* fix: auth proto

* fix: handle login

* feat: loginpolicy on authrequest

* feat: idp providers on login

* feat: link external idp

* fix: check login policy on check username

* feat: add mapping fields for idp config

* feat: use user org id if existing

* feat: use user org id if existing

* feat: register external user

* feat: register external user

* feat: user linking

* feat: user linking

* feat: design external login

* feat: design external login

* fix: tests

* fix: regenerate login design

* feat: next step test linking process

* feat: next step test linking process

* feat: cascade remove external idps on user

* fix: tests

* fix: tests

* feat: external idp requsts on users

* fix: generate protos

* feat: login styles

* feat: login styles

* fix: link user

* fix: register user on specifig org

* fix: user linking

* fix: register external, linking auto

* fix: remove unnecessary request from proto

* fix: tests

* fix: new oidc package

* fix: migration version

* fix: policy permissions

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* Update internal/ui/login/handler/link_users_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* fix: pr requests

* fix: pr requests

* fix: login name size

* fix: profile image light

* fix: colors

* fix: pr requests

* fix: remove redirect uri validator

* fix: remove redirect uri validator

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-09-18 13:26:28 +02:00
Silvan
5a8cafcae5
fix: JWT Profile (#748)
* fix: correct env var for tracing type

* fix: local env tracing

* fix: key in detail as string

* fix: implement storage

* fix: machine key by id
fix: store public key as bytes instead of crypto value

* update oidc pkg

* dont check origins for service account tokens

* fix: scopes

* fix: dependencies

* fix: dependencies

* fix: remove unused code

* fix: variable naming

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-09-17 08:49:33 +02:00
Silvan
463294669e
fix: Key details as string (#719)
* fix: correct env var for tracing type

* fix: local env tracing

* fix: key in detail as string
2020-09-09 16:19:17 +02:00
Fabi
c92042ba47
fix: checkperms (#689)
* fix: read user grants as grant owner

* fix: read user grants as grant owner
2020-09-02 16:25:32 +02:00
Livio Amstutz
370cd19a83
fix: improve permission checks (#682)
* separate roles for global org

* remove old user grant permissions

* allow context permissions

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-09-01 16:38:34 +02:00
Silvan
5abd5b0505
feat: split users into human and machine (#470)
* feat(management): service accounts

* chore: current go version

* init

* refactor: apis

* feat(internal): start impl of service account

* chore: start impl of machine/human users

* code compiles

* fix: tests

* fix: tests

* fix: add new event types to switches

* chore: add cases to event types

* fix(management): definitive proto messages

* fix: machine/human

* fix: add missing tables as todos

* fix: remove unused permissions

* fix: refactoring

* fix: refactor

* fix: human registered

* fix: user id

* fix: logid

* fix: proto remove //equal

* chore(management): remove no comment

* fix: human mfas

* fix: user subobjects

* chore: rename existing to better name

* fix: username in user (#634)

* fix: username in user

* fix: username

* fix remove unused code

* fix add validations

* fix: use new user in all apis

* fix: regexp for username in api

* fix: fill user data for human and machine (#638)

* fix: fill Display name grant/member handlers
fix: add description to grant/member objects in api
fix: check if user is human in login

* fix: remove description from member and grant

* chore: remove todos

* feat: machine keys

* fix: implement missing parts

* feat: machine key management view

* fix: remove keys from machine view

* fix: set default expiration date

* fix: get key by ids

* feat: add machine keys in proto

* feat: machine keys

* fix: add migration

* fix: mig

* fix: correct method name

* feat: user search

* feat: user search

* fix: log ids

* fix partial authconfig prompt, domain c perm

* membership read check

* contributor refresh trigger, observe org write

* fix: migrations

* fix(console): machine build (#660)

* frontend 1

* fix html bindings

* trailing comma

* user permissions, project deactivate

* fix(console): human view (#661)

* fix search user view, user detail form

* rm log

* feat(console): user services list and create (#663)

* fix search user view, user detail form

* rm log

* machine list

* generic table component

* create user service

* proove table for undefined values

* tmp disable user link if machine

* lint

* lint styles

* user table lint

* Update console/src/assets/i18n/de.json

Co-authored-by: Florian Forster <florian@caos.ch>

* feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664)

* service users for sidenav, routing

* i18n

* back routes

* machine detail form

* update machine detail, fix svc user grants

* keys table

* add key dialog, timestamp creation

* check permission on create, delete, fix selection

* lint ts, scss

* Update console/src/assets/i18n/de.json

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

* allow user grants for project.write

* management service

* fix mgmt service

* feat: Machine keys (#655)

* fix: memberships (#633)

* feat: add iam members to memberships

* fix: search project grants

* fix: rename

* feat: idp and login policy configurations (#619)

* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: reread user mfas, preferred loginname as otp account name (#636)

* fix: reread user mfas

* fix: use preferred login name as otp account name

* fix: tests

* fix: reduce (#635)

* fix: management reduce optimization

* fix: reduce optimization

* fix: reduce optimization

* fix: merge master

* chore(deps): bump github.com/gorilla/schema from 1.1.0 to 1.2.0 (#627)

Bumps [github.com/gorilla/schema](https://github.com/gorilla/schema) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/gorilla/schema/releases)
- [Commits](https://github.com/gorilla/schema/compare/v1.1.0...v1.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/gorilla/mux from 1.7.4 to 1.8.0 (#624)

Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.7.4 to 1.8.0.
- [Release notes](https://github.com/gorilla/mux/releases)
- [Commits](https://github.com/gorilla/mux/compare/v1.7.4...v1.8.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.4.1 to 1.5.0 (#591)

Bumps [github.com/DATA-DOG/go-sqlmock](https://github.com/DATA-DOG/go-sqlmock) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/DATA-DOG/go-sqlmock/releases)
- [Commits](https://github.com/DATA-DOG/go-sqlmock/compare/v1.4.1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: auto assign issues and PR to ZTIADEL project board (#643)

* Create main.yml

* Update main.yml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix(console): project grant members, update deps (#645)

* fix: searchprojectgrantmembers

* chore(deps-dev): bump @angular/cli from 10.0.6 to 10.0.7 in /console (#622)

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.0.6 to 10.0.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.0.6...v10.0.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular in /console (#626)

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.6 to 0.1000.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps-dev): bump @types/jasmine from 3.5.12 to 3.5.13 in /console (#623)

Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.5.12 to 3.5.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump ts-node from 8.10.2 to 9.0.0 in /console (#629)

Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.10.2 to 9.0.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](https://github.com/TypeStrong/ts-node/compare/v8.10.2...v9.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update packlock

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: delete main.yml (#648)

* fix: usergrant (#650)

* fix(console): mfa refresh after verification, member eventemitter (#651)

* refresh mfa

* fix: detail link from contributors

* lint

* feat: add domain verification notification (#649)

* fix: dont (re)generate client secret with auth type none

* fix(cors): allow Origin from request

* feat: add origin allow list and fix some core issues

* rename migration

* fix UserIDsByDomain

* feat: send email to users after domain claim

* username

* check origin on userinfo

* update oidc pkg

* fix: add migration 1.6

* change username

* change username

* remove unique email aggregate

* change username in mgmt

* search global user by login name

* fix test

* change user search in angular

* fix tests

* merge

* userview in angular

* fix merge

* Update pkg/grpc/management/proto/management.proto

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/notification/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: translation (#647)

* fix: translation

* fix: translation

* fix: translation

* fix: remove unused code

* fix: log err

* fix: migration numbers (#652)

* chore: issue / feature templates (#642)

* feat: machine keys

* fix: implement missing parts

* feat: machine key management view

* fix: remove keys from machine view

* feat: global org read (#657)

* fix: set default expiration date

* fix: get key by ids

* feat: add machine keys in proto

* feat: machine keys

* fix: add migration

* fix: mig

* fix: correct method name

* feat: user search

* feat: user search

* fix: log ids

* fix: migrations

* fix(console): machine build (#660)

* frontend 1

* fix html bindings

* trailing comma

* fix(console): human view (#661)

* fix search user view, user detail form

* rm log

* feat(console): user services list and create (#663)

* fix search user view, user detail form

* rm log

* machine list

* generic table component

* create user service

* proove table for undefined values

* tmp disable user link if machine

* lint

* lint styles

* user table lint

* Update console/src/assets/i18n/de.json

Co-authored-by: Florian Forster <florian@caos.ch>

* feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664)

* service users for sidenav, routing

* i18n

* back routes

* machine detail form

* update machine detail, fix svc user grants

* keys table

* add key dialog, timestamp creation

* check permission on create, delete, fix selection

* lint ts, scss

* Update console/src/assets/i18n/de.json

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

* refactor: protos

* fix(management): key expiration date

* fix: check if user is human

* fix: marshal key details

* fix: correct generate login names

* fix: logid

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: naming

* refactor: findings

* fix: username

* fix: mfa upper case

* fix: tests

* fix: add translations

* reactivatemyorg req typeö

* fix: projectType for console

* fix: user changes

* fix: translate events

* fix: event type translation

* fix: remove unused types

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-08-31 17:48:01 +02:00
Livio Amstutz
c1c85e632b
fix: cookie handling (#654)
* feat: set cookie prefix and max age

* cookie prefix on csrf cookie

* fix: check user agent cookie in login

* update oidc pkg

* cleanup
2020-08-31 08:49:35 +02:00
Fabi
7295383621
fix: translation (#647)
* fix: translation

* fix: translation

* fix: translation

* fix: remove unused code

* fix: log err
2020-08-28 09:44:43 +02:00
Livio Amstutz
34ec2508d3
feat: add domain verification notification (#649)
* fix: dont (re)generate client secret with auth type none

* fix(cors): allow Origin from request

* feat: add origin allow list and fix some core issues

* rename migration

* fix UserIDsByDomain

* feat: send email to users after domain claim

* username

* check origin on userinfo

* update oidc pkg

* fix: add migration 1.6

* change username

* change username

* remove unique email aggregate

* change username in mgmt

* search global user by login name

* fix test

* change user search in angular

* fix tests

* merge

* userview in angular

* fix merge

* Update pkg/grpc/management/proto/management.proto

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/notification/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-08-27 17:18:23 +02:00
Fabi
db1d8f4efe
feat: idp and login policy configurations (#619)
* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-26 09:56:23 +02:00
Fabi
f05c5bae24
fix: memberships (#633)
* feat: add iam members to memberships

* fix: search project grants

* fix: rename
2020-08-25 16:08:51 +02:00
Livio Amstutz
4e1e8a714a
fix: cors (#621)
* fix: dont (re)generate client secret with auth type none

* fix(cors): allow Origin from request

* feat: add origin allow list and fix some core issues

* rename migration

* fix UserIDsByDomain

* check origin on userinfo

* update oidc pkg
2020-08-24 10:06:55 +02:00
Livio Amstutz
578453b024
fix(tests): go version of tests (#618) 2020-08-20 22:09:37 +02:00
Livio Amstutz
8830896199
feat: setup as separate command (#604)
* feat: separate setup from startup

* health

* move setup config

* add env vars to caos_local.sh

* fix domain and set devMode explicit
2020-08-18 10:04:56 +02:00
Livio Amstutz
1a00faf132
fix: claim verified domain from usernames (#603)
* fix: return orgDomain validationType

* added missing translations for orgDomain activity

* claim org domain

* show message if domain token was requested

* fix tests

* fix tests

Co-authored-by: Max Peintner <max@caos.ch>
2020-08-18 08:57:16 +02:00
Fabi
5699fe80d5
feat: app handling compliance (#527)
* feat: check oidc compliance

* fix: add tests

* fix: add oidc config tests

* fix: add oidc config tests user agent

* fix: test oidc config compliance

* fix: test oidc config compliance

* fix: useragent implicit authmethod none

* fix: merge master

* feat: translate compliance problems

* feat: check native app for custom url

* fix: better compliance handling

* fix: better compliance handling

* feat: add odidc dev mode

* fix: remove deprecated request fro management api

* fix: oidc package version

* fix: migration

* fix: tests

* fix: remove unused functions

* fix: generate proto files

* fix: native implicit and code none compliant

* fix: create project

* Update internal/project/model/oidc_config_test.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: tests

* Update internal/project/model/oidc_config.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/project/model/oidc_config.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: tests

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-10 09:34:56 +02:00
Livio Amstutz
7015b226ef
feat: add domain verification (#560)
* feat: add domain verification

* add checks

* add and fix tests

* fix go.mod

* regenerate proto
2020-08-06 15:03:03 +02:00
Fabi
f80367b49a
feat: register org process (#558)
* feat: register new organisation

* feat: create org request in management

* fix: tests

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/i18n/de.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/templates/register_org.html

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/register_org_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/register_org_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: remove autocomplete

* fix: regenerate proto

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-06 14:38:19 +02:00
Michael Waeger
41fa434439
fix: Remove project (#538)
* Remove project added

* Gemeriert

* corrections

* corrections

* Delete*sByProjectID added

* Correct typos
2020-08-05 18:32:25 +02:00
Fabi
75f1c4c576
feat: user memberships (#537)
* feat: add search user memberships

* feat: add search user memberships

* feat: read user member ship

* feat: add usergrant search key

* feat: uesrmemberships based on permissions

* feat: merge master

* fix: correct permissions

* fix: update display name on change profile

* fix: merge request converations

* fix: err handling

* Update internal/user/model/user_membership_view.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-07-30 14:37:55 +02:00
Fabi
461b7b23b1
fix: usergrant update (#533)
* fix: add grantid on update usergrant

* fix: add grantid on update usergrant
2020-07-28 12:29:01 +02:00
Fabi
2d8f934a07
fix: add grant id to createusergrant (#525) 2020-07-28 08:43:55 +02:00
Fabi
c105bf483b
feat: apiurls, passwordpolicy, userbyid (#507)
* feat: api doc request

* feat: return zitadel docs

* feat: return zitadel docs

* feat: pw policy min length

* feat: pw policy min length

* fix: semantic

* fix: read missing events on user by id
2020-07-22 16:15:11 +02:00
Fabi
c66d9d3490
feat: show display name on members (#492)
* feat: show display name on members

* fix: generate proto
2020-07-22 14:21:41 +02:00
Fabi
351aac22f8
feat: usergrant (#489)
* fix: search usergrants only for allowed projects

* fix: check permissions

* fix: check permissions

* fix: check permissions

* Update internal/management/repository/eventsourcing/eventstore/project.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: merge request changes

* fix: variable name

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-07-22 14:00:29 +02:00
Fabi
520cc161d7
fix: message key in error detail (#503) 2020-07-22 11:29:43 +02:00
Fabi
c34f6b1074
fix: check if org id not empty before checking if it exists (#482) 2020-07-16 13:51:37 +02:00
Fabi
5e00f1c9db
feat: check if org exists (#480)
* feat: check if org exists

* feat: check if org exists

* Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: err handling

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-07-16 13:27:36 +02:00
Fabi
423b86a03b
feat: sequence and timestamp on searchrequests (#468)
* feat: reread events

* feat: sequence and timestamo on search requests

* feat: sequence and timestamo on search requests

* fix: better naming

* fix: log errors

* fix: read sequence before search request
2020-07-15 13:24:36 +02:00
Fabi
7b652651fc
feat: get default complexity policy (#399)
* feat: get default complexity policy

* fix: regenerate proto files
2020-07-14 07:11:11 +02:00
Fabi
cde6231164
fix: project role delete (#431) 2020-07-09 16:47:48 +02:00
Livio Amstutz
6128c0c672
fix: response type mapping (#426)
* fix: return authorizations on userinfo

* fix: response type mapping

* fix tests

* fix angular

* regenerate mgmt proto

* enable login link again
2020-07-09 15:52:20 +02:00
Max Peintner
0b012f2fa2
fix(console): general fixes, project grants for owned and granted context (#425)
* update and delete project grants

* fix: user grant id (#421)

* fix: verboser logging on sql err (#412)

* fix(eventstore): improve insert statement

* fix: verbose logging on error

* fix: simplify insertEvents

* fix: project grant delete (#417)

* fix: add grant id to user grant if needed

* fix: add grant id to user grant if needed

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix user grant context

* lint

* role validators

* fix: usergrantid (#424)

* fix: verboser logging on sql err (#412)

* fix(eventstore): improve insert statement

* fix: verbose logging on error

* fix: simplify insertEvents

* fix: project grant delete (#417)

* fix: add grant id to user grant if needed

* fix: add grant id to user grant if needed

* fix: add bulk remove

* fix: merge

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-07-09 15:14:01 +02:00
Silvan
cf51bbc36d
fix(translation_interceptor): check if response is nil (#423) 2020-07-09 15:02:03 +02:00
Livio Amstutz
8efa697af2
fix: return authorizations on userinfo (#420) 2020-07-09 14:05:12 +02:00
Livio Amstutz
2136efe083
fix: url prefixes (#395) 2020-07-08 14:55:33 +02:00
Livio Amstutz
3549a8b64e
feat: port reduction (#323)
* move mgmt pkg

* begin package restructure

* rename auth package to authz

* begin start api

* move auth

* move admin

* fix merge

* configs and interceptors

* interceptor

* revert generate-grpc.sh

* some cleanups

* console

* move console

* fix tests and merging

* js linting

* merge

* merging and configs

* change k8s base to current ports

* fixes

* cleanup

* regenerate proto

* remove unnecessary whitespace

* missing param

* go mod tidy

* fix merging

* move login pkg

* cleanup

* move api pkgs again

* fix pkg naming

* fix generate-static.sh for login

* update workflow

* fixes

* logging

* remove duplicate

* comment for optional gateway interfaces

* regenerate protos

* fix proto imports for grpc web

* protos

* grpc web generate

* grpc web generate

* fix changes

* add translation interceptor

* fix merging

* regenerate mgmt proto
2020-07-08 13:56:37 +02:00
Fabi
a5bfd085a1
fix: Inituser (#386)
* fix: init user only create change pw event if pw set

* fix: init user only create change pw event if pw set

* fix: tests
2020-07-08 09:53:09 +02:00
Silvan
c0f85c2733
feat: localized messages (#328)
* fix: project by id loads project from view and from eventstore

* fix: correct search key for role

* feat(auth): my user changes

* fix: improve error handling in change converters

* fix: log-id

* feat(translations): event type translations

* feat: localized translations

* fix(translations): correct yaml format

* chore: example

* fix: remove unused code

* correct checkSSL in sql

* chore(modules): update

* chore: refactor interceptors

* fix: improvments

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/de.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* Update internal/static/i18n/en.yaml

Co-authored-by: Florian Forster <florian@caos.ch>

* chore(translations): start with upper case on Code

* chore(middleware): move funcs

* add message to grpc web generation

* translation in mgmt and fixes

* fix authoptions

* fix console statik

Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-07-08 09:48:11 +02:00
Fabi
62b654ea18
feat: iam members in admin api (#272)
* feat: iam members in admin api

* feat: add error id in translate error

* fix: resolve merge conflicts
2020-06-25 08:12:29 +02:00
Fabi
6556d053b2
feat: translate error messages (#254)
* feat: translate error messages in error interceptor

* fix: add statik import

* feat: user error msgs

* feat: add translations

* feat: add translations

* feat: add translations

* feat: add translations

* feat: add translations

* feat: add translations

* some fixes and improved error messages

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-06-22 13:51:44 +02:00
Livio Amstutz
f68a5e63b5
fix: add interceptors for console (#255)
* add interceptors for console

* add interceptors for console to env.json
2020-06-22 13:17:29 +02:00
Livio Amstutz
1c59d18fee
fix: improvements for login and oidc (#227)
* add csrf

* caching

* caching

* caching

* caching

* security headers

* csp and security headers

* error handler csp

* select user with display name

* csp

* user selection styling

* username to loginname

* regenerate grpc

* regenerate

* change to login name
2020-06-17 08:06:40 +02:00
Fabi
207842be91
fix: fix some requests (#198)
* fix: alway do permission check

* fix: alway do permission check

* fix: add project query to applications search request

* fix: add email template to statik

* fix: org members
2020-06-10 10:47:50 +02:00
Fabi
25b97b1bcc
fix: projectorgs (#193)
* fix: get my project orgs

* fix: get project orgs
2020-06-09 16:20:14 +02:00
Livio Amstutz
8a5badddf6
feat: Login, OP Support and Auth Queries (#177)
* fix: change oidc config

* fix: change oidc config secret

* begin models

* begin repo

* fix: implement grpc app funcs

* fix: add application requests

* fix: converter

* fix: converter

* fix: converter and generate clientid

* fix: tests

* feat: project grant aggregate

* feat: project grant

* fix: project grant check if role existing

* fix: project grant requests

* fix: project grant fixes

* fix: project grant member model

* fix: project grant member aggregate

* fix: project grant member eventstore

* fix: project grant member requests

* feat: user model

* begin repo

* repo models and more

* feat: user command side

* lots of functions

* user command side

* profile requests

* commit before rebase on user

* save

* local config with gopass and more

* begin new auth command (user centric)

* Update internal/user/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/address.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/address.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/email.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/mfa.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/mfa.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/password.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/phone.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/model/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/model/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/usergrant/repository/eventsourcing/user_grant.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/user_test.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* Update internal/user/repository/eventsourcing/eventstore_mock_test.go

Co-Authored-By: Livio Amstutz <livio.a@gmail.com>

* changes from mr review

* save files into basedir

* changes from mr review

* changes from mr review

* move to auth request

* Update internal/usergrant/repository/eventsourcing/cache.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/usergrant/repository/eventsourcing/cache.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* changes requested on mr

* fix generate codes

* fix return if no events

* password code

* email verification step

* more steps

* lot of mfa

* begin tests

* more next steps

* auth api

* auth api (user)

* auth api (user)

* auth api (user)

* differ requests

* merge

* tests

* fix compilation error

* mock for id generator

* Update internal/user/repository/eventsourcing/model/password.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/user/repository/eventsourcing/model/user.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* requests of mr

* check email

* begin separation of command and query

* otp

* change packages

* some cleanup and fixes

* tests for auth request / next steps

* add VerificationLifetimes to config and make it run

* tests

* fix code challenge validation

* cleanup

* fix merge

* begin view

* repackaging tests and configs

* fix startup config for auth

* add migration

* add PromptSelectAccount

* fix copy / paste

* remove user_agent files

* fixes

* fix sequences in user_session

* token commands

* token queries and signout

* fix

* fix set password test

* add token handler and table

* handle session init

* add session state

* add user view test cases

* change VerifyMyMfaOTP

* some fixes

* fix user repo in auth api

* cleanup

* add user session view test

* fix merge

* begin oidc

* user agent and more

* config

* keys

* key command and query

* add login statics

* key handler

* start login

* login handlers

* lot of fixes

* merge oidc

* add missing exports

* add missing exports

* fix some bugs

* authrequestid in htmls

* getrequest

* update auth request

* fix userid check

* add username to authrequest

* fix user session and auth request handling

* fix UserSessionsByAgentID

* fix auth request tests

* fix user session on UserPasswordChanged and MfaOtpRemoved

* fix MfaTypesSetupPossible

* handle mfa

* fill username

* auth request query checks new events

* fix userSessionByIDs

* fix tokens

* fix userSessionByIDs test

* add user selection

* init code

* user code creation date

* add init user step

* add verification failed types

* add verification failures

* verify init code

* user init code handle

* user init code handle

* fix userSessionByIDs

* update logging

* user agent cookie

* browserinfo from request

* add DeleteAuthRequest

* add static login files to binary

* add login statik to build

* move generate to separate file and remove statik.go files

* remove static dirs from startup.yaml

* generate into separate namespaces

* merge master

* auth request code

* auth request type mapping

* fix keys

* improve tokens

* improve register and basic styling

* fix ailerons font

* improve password reset

* add audience to token

* all oidc apps as audience

* fix test nextStep

* fix email texts

* remove "not set"

* lot of style changes

* improve copy to clipboard

* fix footer

* add cookie handler

* remove placeholders

* fix compilation after merge

* fix auth config

* remove comments

* typo

* use new secrets store

* change default pws to match default policy

* fixes

* add todo

* enable login

* fix db name

* Auth queries (#179)

* my usersession

* org structure/ auth handlers

* working user grant spooler

* auth internal user grants

* search my project orgs

* remove permissions file

* my zitadel permissions

* my zitadel permissions

* remove unused code

* authz

* app searches in view

* token verification

* fix user grant load

* fix tests

* fix tests

* read configs

* remove unused const

* remove todos

* env variables

* app_name

* working authz

* search projects

* global resourceowner

* Update internal/api/auth/permissions.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/api/auth/permissions.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* model2 rename

* at least it works

* check token expiry

* search my user grants

* remove token table from authz

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix test

* fix ports and enable console

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-06-05 07:50:04 +02:00
Fabi
8203f2dad3
feat: setup and iam commands (#99)
* start org

* refactor(eventstore): filter in sql for querier

* feat(eventstore): Aggregate precondition

preconditions are checked right before insert. Insert is still transaction save

* feat(eventstore): check preconditions in repository

* test(eventstore): test precondition in models

* test(eventstore): precondition-tests

* start org

* refactor(eventstore): filter in sql for querier

* feat(eventstore): Aggregate precondition

preconditions are checked right before insert. Insert is still transaction save

* feat(admin): start implement org

* feat(eventstore): check preconditions in repository

* fix(eventstore): data as NULL if empty
refactor(eventstore): naming in sequence methods

* feat(admin): org command side

* feat(management): start org-repo

* feat(org): member

* fix: replace ObjectRoot.ID with ObjectRoot.AggregateID

* aggregateID

* add remove,change member

* refactor(org): namings

* refactor(eventstore): querier as type

* fix(precondition): rename validation from precondition to validation

* test(eventstore): isErr func instead of wantErr bool

* fix(tests): Data

* fix(eventstore): correct check for existing events in push,
simplify insert statement

* fix(eventstore): aggregate id public

* test(org): eventsourcing

* test(org): eventstore

* test(org): deactivate, reactivate, orgbyid

* test(org): getMemberByIDs

* tests

* running tests

* add config

* add user repo to admin

* thorw not found if no org found

* iam setup

* eventstore tests done

* setup iam

* lauft

* iam eventstore

* validate if user is already member of org

* modules

* delete unused file

* iam member

* add member validation test

* iam member

* return error if unable to validat member

* generate org id once,
set resourceowner of org

* start iam repo

* set resourceowner on unique aggregates

* setup user const

* better code

* generate files

* fix tests

* Update internal/admin/repository/eventsourcing/repository.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* set ctx data

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-05-18 11:32:16 +02:00
Fabi
c07ed83c41
Project commands (#26)
* feat: eventstore repository

* fix: remove gorm

* version

* feat: pkg

* feat: add some files for project

* feat: eventstore without eventstore-lib

* rename files

* gnueg

* fix: key json

* fix: add object

* fix: change imports

* fix: internal models

* fix: some imports

* fix: global model

* fix: add some functions on repo

* feat(eventstore): sdk

* fix(eventstore): search query

* fix(eventstore): rename app to eventstore

* delete empty test

* remove unused func

* merge master

* fix(eventstore): tests

* fix(models): delete unused struct

* fix: some funcitons

* feat(eventstore): implemented push events

* fix: move project eventstore to project package

* fix: change project eventstore funcs

* feat(eventstore): overwrite context data

* fix: change project eventstore

* fix: add project repo to mgmt server

* feat(types): SQL-config

* fix: commented code

* feat(eventstore): options to overwrite editor

* feat: auth interceptor and cockroach migrations

* fix: migrations

* fix: fix filter

* fix: not found on getbyid

* fix: add sequence

* fix: add some tests

* fix(eventstore): nullable sequence

* fix: add some tests

* merge

* fix: add some tests

* fix(migrations): correct statements for sequence

* fix: add some tests

* fix: add some tests

* fix: changes from mr

* Update internal/eventstore/models/field.go

Co-Authored-By: livio-a <livio.a@gmail.com>

* fix(eventstore): code quality

* fix: add types to aggregate/Event-types

* fix(eventstore): rename modifier* to editor*

* fix(eventstore): delete editor_org

* fix(migrations): remove editor_org field,
rename modifier_* to editor_*

* fix: generate files

* fix(eventstore): tests

* fix(eventstore): rename modifier to editor

* fix(migrations): add cluster migration,
fix(migrations): fix typo of host in clean clsuter

* fix(eventstore): move health

* fix(eventstore): AggregateTypeFilter aggregateType as param

* code quality

* feat: start implementing project members

* feat: remove member funcs

* feat: remove member model

* feat: remove member events

* feat: remove member repo model

* fix: better error func testing

* Update docs/local.md

Co-Authored-By: Silvan <silvan.reusser@gmail.com>

* Update docs/local.md

Co-Authored-By: Silvan <silvan.reusser@gmail.com>

* fix: mr requests

* fix: md file

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: livio-a <livio.a@gmail.com>
2020-04-07 13:23:04 +02:00
Livio Amstutz
39039dde62 fix tracing/statusFromError 2020-03-30 13:17:49 +02:00
Livio Amstutz
40e4f69ca3 change context keys and fix tests 2020-03-30 11:52:08 +02:00
Livio Amstutz
106a6ec143 fix test 2020-03-30 10:09:38 +02:00
Livio Amstutz
e5e39b3a6a remove pointer on ctxData 2020-03-30 10:06:48 +02:00
Livio Amstutz
501d453822 remove x-grpc-web header in cors 2020-03-30 09:58:55 +02:00
Livio Amstutz
59dc4dbe85 improve some functions 2020-03-30 09:28:00 +02:00
Livio Amstutz
b753e06f0b improve some functions 2020-03-30 07:04:21 +02:00
Livio Amstutz
f5af4461ad remove pointers on configs 2020-03-27 13:57:16 +01:00
Livio Amstutz
f280da5a76 remove empty lines 2020-03-27 13:45:08 +01:00
Livio Amstutz
1aaf721d92 cleanup 2020-03-25 10:41:17 +01:00
Livio Amstutz
5cd9ca506a add basic config and change i18n pkg 2020-03-25 07:58:58 +01:00
Livio Amstutz
96b88f5d8c add tracing and refactor some api pkgs 2020-03-24 14:15:01 +01:00
Livio Amstutz
5843bac5f9 ad i18n and renderer and move headers 2020-03-23 13:26:05 +01:00
Livio Amstutz
c89397e1b4 feat: add some api packages 2020-03-23 07:01:59 +01:00