Livio Spring
7dfa1925cc
feat: restrict login to specific org by id (scope) ( #4294 )
...
* feat: add new org scope
* change default of UserLoginMustBeDomain to false
* return resource owner claims
* fix: use email style for first user
* fix: ensure email style for default users (backwards compatibility)
* change to external domain (as it was before UserLoginMustBeDomain change)
* update e2e tests to use email style usernames
* document new scope
* lint e2e
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-09-23 12:08:10 +00:00
Stefan Benz
7a5f7f82cf
feat(saml): implementation of saml for ZITADEL v2 ( #3618 )
2022-09-12 18:18:08 +02:00
Livio Spring
cc612fed07
fix: trim spaces for usernames and organization names ( #4217 )
2022-08-19 15:00:14 +02:00
Livio Spring
02d2032790
feat: add ZITADEL project id scope ( #4146 )
...
* feat: add ZITADEL project id scope
* update documentation
* documentation
* fix scopes
* change to lowercase
2022-08-09 09:45:59 +02:00
Stefan Benz
bc9a85daf3
feat: V2 alpha import and export of organizations ( #3798 )
...
* feat(import): add functionality to import data into an instance
* feat(import): move import to admin api and additional checks for nil pointer
* fix(export): export implementation with filtered members and grants
* fix: export and import implementation
* fix: add possibility to export hashed passwords with the user
* fix(import): import with structure of v1 and v2
* docs: add v1 proto
* fix(import): check im imported user is already existing
* fix(import): add otp import function
* fix(import): add external idps, domains, custom text and messages
* fix(import): correct usage of default values from login policy
* fix(export): fix renaming of add project function
* fix(import): move checks for unit tests
* expect filter
* fix(import): move checks for unit tests
* fix(import): move checks for unit tests
* fix(import): produce prerelease from branch
* fix(import): correctly use provided user id for machine user imports
* fix(import): corrected otp import and added guide for export and import
* fix: import verified and primary domains
* fix(import): add reading from gcs, s3 and localfile with tracing
* fix(import): gcs and s3, file size correction and error logging
* Delete docker-compose.yml
* fix(import): progress logging and count of resources
* fix(import): progress logging and count of resources
* log subscription
* fix(import): incorporate review
* fix(import): incorporate review
* docs: add suggestion for import
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* fix(import): add verification otp event and handling of deleted but existing users
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-07-28 13:42:35 +00:00
Max Peintner
3500961fbb
fix: add smtp config, remove smtp and sms provider, console adaptations ( #3792 )
...
* fix: add AddSMTPConfig to admin api
* addsmtpconfig
* fix: add RemoveSMTPConfig and RemoveSMSProvider to admin api
* update twilio, token fcn
* fix account switcher, twilio token set, cleanup dialog
* cleanup
* buttons
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-06-10 12:39:38 +02:00
Livio Amstutz
62c4a4d08d
fix: return absolute asset urls ( #3676 )
2022-05-20 10:30:12 +02:00
Fabi
5c0f527a49
feat: restrict smtp sender address ( #3637 )
...
* fix: check if sender address is custom domain
* fix: check if sender address is custom domain
* fix: check if sender address is custom domain
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-05-16 14:08:47 +00:00
Livio Amstutz
411d7c6c5c
feat: add default redirect uri and handling of unknown usernames ( #3616 )
...
* feat: add possibility to ignore username errors on first login screen
* console changes
* fix: handling of unknown usernames (#3445 )
* fix: handling of unknown usernames
* fix: handle HideLoginNameSuffix on unknown users
* feat: add default redirect uri on login policy (#3607 )
* feat: add default redirect uri on login policy
* fix tests
* feat: Console login policy default redirect (#3613 )
* console default redirect
* placeholder
* validate default redirect uri
* allow empty default redirect uri
Co-authored-by: Max Peintner <max@caos.ch>
* remove wonrgly cherry picked migration
Co-authored-by: Max Peintner <max@caos.ch>
2022-05-16 13:39:09 +00:00
Fabi
48fbf1a28e
feat: add random string to generated domain ( #3634 )
2022-05-16 11:26:24 +02:00
Livio Amstutz
861cf07700
feat: permit all features to every instance and organisation ( #3566 )
2022-05-02 11:18:17 +02:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Fabi
3d5891eb11
feat: System api ( #3461 )
...
* feat: start system api
* feat: remove auth
* feat: change gitignore
* feat: run system api
* feat: remove clear view form admin api
* feat: search instances
* feat: add instance
* fix: set primary domain
* Update .gitignore
* fix: add instance
* fix: add instance
* fix: handle errors
* fix: handle instance name
* fix: test
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-21 12:37:39 +02:00
Fabi
c25d853820
feat: Instance domains ( #3444 )
...
* feat: add domain list
* feat: domain tests
* feat: add redirect url on adding instance domain
* Update internal/command/instance_domain.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* feat: remove unused code
* fix
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-14 12:19:18 +00:00
Fabi
820a21dce3
feat: validate org domains ( #3387 )
...
* feat: validate org domain command side
* feat: validate org domain query side
* fix: create domain policy
* feat: add reading domain policy on addorg domain
2022-04-13 11:24:03 +02:00
Silvan
cea2567e22
fix: v2 human command ( #3435 )
...
* add/register human command done
* validations
* crypto
* move clientid
* keys
* fix: clientID
* remove v2 package
* tests
* tests running
* revert old code
* instance domain from ctx
* chore: rename zitadel app ids
* comments
* fix: test
2022-04-12 16:20:17 +02:00
Fabi
c740ee5d81
feat: Instance commands ( #3385 )
...
* fix: add events for domain
* fix: add/remove domain command side
* fix: add/remove domain command side
* fix: add/remove domain query side
* fix: create instance
* fix: merge v2
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: instance domain
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from writemodels
* fix: remove domain.IAMID from api
* fix: remove domain.IAMID
* fix: remove domain.IAMID
* fix: add instance domain queries
* fix: fix after merge
* Update auth_request.go
* fix keypair
* remove unused code
* feat: read instance id from context
* feat: remove unused code
* feat: use instance id from context
* some fixes
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-04-05 05:58:09 +00:00
Livio Amstutz
87560157c1
fix: change to repository event types and removed unused code ( #3386 )
...
* fix: change to repository event types and removed unused code
* some fixes
* remove unused code
2022-03-31 11:36:26 +02:00
Silvan
c5b99274d7
feat(cli): setup ( #3267 )
...
* commander
* commander
* selber!
* move to packages
* fix(errors): implement Is interface
* test: command
* test: commands
* add init steps
* setup tenant
* add default step yaml
* possibility to set password
* merge v2 into v2-commander
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: search query builder can filter events in memory
* fix: filters for add member
* fix(setup): add `ExternalSecure` to config
* chore: name iam to instance
* fix: matching
* remove unsued func
* base url
* base url
* test(command): filter funcs
* test: commands
* fix: rename orgiampolicy to domain policy
* start from init
* commands
* config
* fix indexes and add constraints
* fixes
* fix: merge conflicts
* fix: protos
* fix: md files
* setup
* add deprecated org iam policy again
* typo
* fix search query
* fix filter
* Apply suggestions from code review
* remove custom org from org setup
* add todos for verification
* change apps creation
* simplify package structure
* fix error
* move preparation helper for tests
* fix unique constraints
* fix config mapping in setup
* fix error handling in encryption_keys.go
* fix projection config
* fix query from old views to projection
* fix setup of mgmt api
* set iam project and fix instance projection
* imports
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-28 10:05:09 +02:00
Fabi
9d4f296c62
fix: rename iam to instance ( #3345 )
...
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename orgiampolicy to domain policy
* fix: merge conflicts
* fix: protos
* fix: md files
* implement deprecated org iam policy again
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-24 16:21:34 +00:00
Livio Amstutz
504fe5b761
cherry pick changes from main ( #3371 )
...
* feat: remove exif data from uploaded images (#3221 )
* feat: remove exif tags from images
* feat: remove exif data
* feat: remove exif
* fix: add preferredLoginName to user grant response (#3271 )
* chore: log webauthn parse error (#3272 )
* log error
* log error
* feat: Help link in privacy policy
* fix: convert correct detail data on organization (#3279 )
* fix: handle empty editor users
* fix: add some missing translations (#3291 )
* fix: org policy translations
* fix: metadata event types translation
* fix: translations
* fix: filter resource owner correctly on project grant members (#3281 )
* fix: filter resource owner correctly on project grant members
* fix: filter resource owner correctly on project grant members
* fix: add orgIDs to zitadel permissions request
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: get IAM memberships correctly in MyZitadelPermissions (#3309 )
* fix: correct login names on auth and notification users (#3349 )
* fix: correct login names on auth and notification users
* fix: migration
* fix: handle resource owner in action flows (#3361 )
* fix merge
* fix: exchange exif library (#3366 )
* fix: exchange exif library
* ignore tiffs
* requested fixes
* feat: Help link in privacy policy
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-24 14:00:24 +01:00
Livio Amstutz
56b916a2b0
feat: projections auto create their tables ( #3324 )
...
* begin init checks for projections
* first projection checks
* debug notification providers with query fixes
* more projections and first index
* more projections
* more projections
* finish projections
* fix tests (remove db name)
* create tables in setup
* fix logging / error handling
* add tenant to views
* rename tenant to instance_id
* add instance_id to all projections
* add instance_id to all queries
* correct instance_id on projections
* add instance_id to failed_events
* use separate context for instance
* implement features projection
* implement features projection
* remove unique constraint from setup when migration failed
* add error to failed setup event
* add instance_id to primary keys
* fix IAM projection
* remove old migrations folder
* fix keysFromYAML test
2022-03-23 09:02:39 +01:00
Fabi
7899a0b851
feat: Notification providers config ( #3212 )
...
* feat: add login check lifetimes to login policy
* feat: org features test
* feat: debug notificatiaon events
* feat: debug notification file/log commands
* feat: add requests to proto
* feat: add api for debug notification providers file/log
* feat: add projection for debug notifiication providers
* feat: requests
* feat: merge v2
* feat: add settings proto to generate
* feat: notifiaction providers
* fix: remove unused code
* Update iam_converter.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-07 14:22:37 +01:00
Fabi
7d6c933485
feat: OIDC setting ( #3245 )
...
* feat: add oidc config struct
* feat: oidc config command side
* feat: oidc configuration query side
* feat: add translations
* feat: add tests
* feat: add translations
* feat: rename oidc config to oidc settings
* feat: rename oidc config to oidc settings
2022-02-25 16:05:06 +01:00
Fabi
f05d4063bf
feat: Login verification lifetimes ( #3190 )
...
* feat: add login check lifetimes to login policy
* feat: org features test
* feat: read lifetimes from loginpolicy
2022-02-21 16:05:02 +01:00
Fabi
7d235e3eed
feat: Default configs sms provider ( #3187 )
...
* feat: sms config
* feat: twilio as sms provider
* feat:sms projection
* feat: sms queries
* feat: sms queries test
* feat: sms configs
* feat: sms configs sql file
* fix merge
* fix: rename from to sendername
* fix: proto comments
* fix: token as crypto
* fix: tests
* fix: sms config sender name to sender number
* fix: sms config sender name to sender number
* Update email.go
* Update channel.go
* Update V1.111__settings.sql
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-21 12:22:20 +00:00
Fabi
e3528ff0b2
feat: Config to eventstore ( #3158 )
...
* feat: add default language to eventstore
* feat: add secret generator configs events
* feat: tests
* feat: secret generators in eventstore
* feat: secret generators in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* feat: smtp config in eventstore
* fix: migrations
* fix migration version
* fix test
* feat: change secret generator type to enum
* feat: change smtp attribute names
* feat: change smtp attribute names
* feat: remove engryption algorithms from command side
* feat: remove engryption algorithms from command side
* feat: smtp config
* feat: smtp config
* format smtp from header
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-02-16 15:49:17 +00:00
Livio Amstutz
389eb4a27a
feat: run on a single port ( #3163 )
...
* start v2
* start
* run
* some cleanup
* remove v2 pkg again
* simplify
* webauthn
* remove unused config
* fix login path in Dockerfile
* fix asset_generator.go
* health handler
* fix grpc web
* refactor
* merge
* build new main.go
* run new main.go
* update logging pkg
* fix error msg
* update logging
* cleanup
* cleanup
* go mod tidy
* change localDevMode
* fix customEndpoints
* update logging
* comments
* change local flag to external configs
* fix location generated go code
* fix
Co-authored-by: fforootd <florian@caos.ch>
2022-02-14 17:22:30 +01:00
Livio Amstutz
699fdaf68e
feat: add personal access tokens for service users ( #2974 )
...
* feat: add machine tokens
* fix test
* rename to pat
* fix merge and tests
* fix scopes
* fix migration version
* fix test
* Update internal/repository/user/personal_access_token.go
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2022-02-08 09:37:28 +01:00
Livio Amstutz
ab62f2d79d
fix: return full url of assets in admin and mgmt api ( #3157 )
...
* fix: return full url of assets in admin and mgmt api
* remove asset loading over asset service
* remove unused code
Co-authored-by: Max Peintner <max@caos.ch>
2022-02-04 15:02:18 +01:00
Livio Amstutz
1367a2e139
feat: limit amount of active actions ( #3143 )
...
* max actions
* fix: max allowed actions
* fix: max allowed actions
* fix tests
2022-02-02 09:04:05 +01:00
Livio Amstutz
e99b7f4972
fix: move activity log to queries and remove old code ( #3096 )
...
* move changes to queries and remove old code
* fix changes query
* remove unused code
* fix sorting
* fix sorting
* refactor and remove old code
* remove accidental go.mod replace
* add missing file
* remove listDetail from ChangesResponse
2022-01-26 10:16:33 +01:00
Fabi
087ef8d31c
fix: return isDefault on login texts ( #3076 )
...
* fix: add is disabled to login texts
* fix: fix aggregate id
2022-01-20 13:18:49 +00:00
Fabi
3902f9adb5
feat: auth method projection ( #3020 )
...
* feat: auth method projection
* feat: auth method projection
* feat: add tests
2022-01-19 14:49:50 +01:00
Livio Amstutz
79f7c1198b
feat: display login succeeded page only for native apps ( #2839 )
2021-12-14 09:47:49 +01:00
Livio Amstutz
43f15953c3
feat: allow global org users to create org and self delete ( #2759 )
...
* fix: grant PROJECT_OWNER_VIEWER_GLOBAL org.create permission
* Update authz.yaml
* feat: delete my user
* console things
* lint
* signout after deletion
* stylelint rule
* Update authz.yaml
* Update authz.yaml
* setup step
* role SELF_MANAGEMENT_GLOBAL setup
* fix: change default role on global org
* Apply suggestions from code review
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* Update console/src/assets/i18n/it.json
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2021-12-09 08:41:21 +00:00
Livio Amstutz
65a6fb638b
fix: add authnkeys projection ( #2801 )
...
* begin authn keys
* single table for state change
* add key type
* rename migration
* format imports
* fix test
2021-12-08 16:16:48 +01:00
Silvan
303d4945a7
feat(queries): user IDP links ( #2751 )
2021-12-07 08:33:52 +01:00
Silvan
30c130f102
fix(projections): add base users ( #2733 )
...
* fix(projections): add base users
* add user v1 events
2021-11-30 08:57:51 +01:00
Silvan
3473156c7e
fix(app): move queries to query package ( #2612 )
...
* fix: move queries to query package
* fix(auth): switch project role requests to query pkg
* refactor: delete unused project role code
* remove repo
* implement sql queries
* fix(database): oidc config change type to int2
* fix(queries): implement app queries
* refactor: simplify code
* fix: correct app query
* Update app.go
* fix token check
* fix mock
* test: app prepares
* test: oidc compliance
* test: OIDCOriginAllowList
* fix: converter
* resolve unsupported oidc version
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-11-26 07:57:05 +01:00
Silvan
861b777d9f
fix(projections): login names projection ( #2698 )
...
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* migration versioning
* refactor: use const for login name table name
2021-11-23 10:31:23 +01:00
Livio Amstutz
fc6154cffc
feat: token revocation and OP certification ( #2594 )
...
* fix: try using only user session if no user is set (id_token_hint) on prompt none
* fix caos errors As implementation
* implement request mode
* return explicit error on invalid refresh token use
* begin token revocation
* token revocation
* tests
* tests
* cleanup
* set op config
* add revocation endpoint to config
* add revocation endpoint to config
* migration version
* error handling in token revocation
* migration version
* update oidc lib to 1.0.0
2021-11-03 08:35:24 +01:00
Silvan
92f9eedbe0
fix(projections): user idp link projection ( #2583 )
...
* fix(projections): add app
* fix(migration): add index for project_id
* test: app projection
* fix(projections): add idp_user_link
* test: idp user link
* fix: migration versions
* refactor: rename externalIDP to UserIDPLink
* fix: interface methods
2021-11-02 10:08:47 +01:00
Fabi
4c50b6dfa2
fix: mfa translations ( #2527 )
2021-10-19 09:38:35 +02:00
Livio Amstutz
52c1494fe9
feat: choose preferred WebAuthN platform for passwordless registration ( #2469 )
...
* feat: request preferred platform type for passwordless registration when using link
* add text in console
2021-10-04 16:19:21 +02:00
Livio Amstutz
ed80a8bb1e
feat: actions ( #2377 )
...
* feat(actions): begin api
* feat(actions): begin api
* api and projections
* fix: handle multiple statements for a single event in projections
* export func type
* fix test
* update to new reduce interface
* flows in login
* feat: jwt idp
* feat: command side
* feat: add tests
* actions and flows
* fill idp views with jwt idps and return apis
* add jwtEndpoint to jwt idp
* begin jwt request handling
* add feature
* merge
* merge
* handle jwt idp
* cleanup
* bug fixes
* autoregister
* get token from specific header name
* fix: proto
* fixes
* i18n
* begin tests
* fix and log http proxy
* remove docker cache
* fixes
* usergrants in actions api
* tests adn cleanup
* cleanup
* fix add user grant
* set login context
* i18n
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-27 13:43:49 +02:00
Livio Amstutz
b6b5b1b782
feat: jwt as idp ( #2363 )
...
* feat: jwt idp
* feat: command side
* feat: add tests
* fill idp views with jwt idps and return apis
* add jwtEndpoint to jwt idp
* begin jwt request handling
* merge
* handle jwt idp
* cleanup
* fixes
* autoregister
* get token from specific header name
* error handling
* fix texts
* handle renderExternalNotFoundOption
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-14 15:15:01 +02:00
Fabi
e4bdaf26b0
feat: select idp and auto register ( #2336 )
...
* faet: auto regsiter config on idp
* feat: auto register on login
* feat: auto register on register
* feat: redirect to selected identity provider
* fix: test
* fix: test
* fix: user by id request org id
* fix: migration version and test
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-09-10 09:49:49 +02:00
Fabi
59e393728e
feat: Lockout policy feature ( #2341 )
...
* feat: add lockoutpolicy feature
* feat: add tests
* fix: err handling
2021-09-09 13:42:28 +00:00
Silvan
296f1c3c71
fix(eventstore): fill new column with data ( #2288 )
...
* fix: smaller outage on events migration first part
* fix: fill old events with sequence
* fix: migration add transactions
* fix: mig
* rename mig
* replace migration with setup step
* regenerate mock
* add step 20 to config
* log
* simplify step
* limit 1000
* limit 500
2021-09-01 09:25:52 +00:00