zitadel

TheArchive/zitadel

Fork 0

mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 20:08:02 +00:00

Commit Graph

Author	SHA1	Message	Date
Livio Spring	fb8cd18f93	feat: password age policy (#8132 ) # Which Problems Are Solved Some organizations / customers have the requirement, that there users regularly need to change their password. ZITADEL already had the possibility to manage a `password age policy` ( thought the API) with the maximum amount of days a password should be valid, resp. days after with the user should be warned of the upcoming expiration. The policy could not be managed though the Console UI and was not checked in the Login UI. # How the Problems Are Solved - The policy can be managed in the Console UI's settings sections on an instance and organization level. - During an authentication in the Login UI, if a policy is set with an expiry (>0) and the user's last password change exceeds the amount of days set, the user will be prompted to change their password. - The prompt message of the Login UI can be customized in the Custom Login Texts though the Console and API on the instance and each organization. - The information when the user last changed their password is returned in the Auth, Management and User V2 API. - The policy can be retrieved in the settings service as `password expiry settings`. # Additional Changes None. # Additional Context - closes #8081 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>	2024-06-18 11:27:44 +00:00
Livio Spring	eca8ffda70	fix(login): correctly set preferred login name in the login ui (#8038 ) # Which Problems Are Solved A customer noted that after upgrade to 2.53.0, users were no longer able to reset their passwords through the login UI. This was due to a accidental change in https://github.com/zitadel/zitadel/pull/7969 # How the Problems Are Solved The `preferred_login_name` is now correctly read from the database. # Additional Changes None. # Additional Context relates to #7969	2024-05-29 15:45:46 +00:00
Livio Spring	fb162a7d75	fix(login): improve auth handlers (#7969 ) # Which Problems Are Solved During the implementation of #7486 it was noticed, that projections in the `auth` database schema could be blocked. Investigations suggested, that this is due to the use of [GORM](https://gorm.io/index.html) and it's inability to use an existing (sql) transaction. With the improved / simplified handling (see below) there should also be a minimal improvement in performance, resp. reduced database update statements. # How the Problems Are Solved The handlers in `auth` are exchanged to proper (sql) statements and gorm usage is removed for any writing part. To further improve / simplify the handling of the users, a new `auth.users3` table is created, where only attributes are handled, which are not yet available from the `projections.users`, `projections.login_name` and `projections.user_auth_methods` do not provide. This reduces the events handled in that specific handler by a lot. # Additional Changes None # Additional Context relates to #7486	2024-05-22 15:26:02 +00:00

Author

SHA1

Message

Date

Livio Spring

fb8cd18f93

feat: password age policy (#8132 )

# Which Problems Are Solved

Some organizations / customers have the requirement, that there users
regularly need to change their password.
ZITADEL already had the possibility to manage a `password age policy` (
thought the API) with the maximum amount of days a password should be
valid, resp. days after with the user should be warned of the upcoming
expiration.
The policy could not be managed though the Console UI and was not
checked in the Login UI.

# How the Problems Are Solved

- The policy can be managed in the Console UI's settings sections on an
instance and organization level.
- During an authentication in the Login UI, if a policy is set with an
expiry (>0) and the user's last password change exceeds the amount of
days set, the user will be prompted to change their password.
- The prompt message of the Login UI can be customized in the Custom
Login Texts though the Console and API on the instance and each
organization.
- The information when the user last changed their password is returned
in the Auth, Management and User V2 API.
- The policy can be retrieved in the settings service as `password
expiry settings`.

# Additional Changes

None.

# Additional Context

- closes #8081

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

2024-06-18 11:27:44 +00:00

Livio Spring

eca8ffda70

fix(login): correctly set preferred login name in the login ui (#8038 )

# Which Problems Are Solved

A customer noted that after upgrade to 2.53.0, users were no longer able
to reset their passwords through the login UI.
This was due to a accidental change in
https://github.com/zitadel/zitadel/pull/7969

# How the Problems Are Solved

The `preferred_login_name` is now correctly read from the database.

# Additional Changes

None.

# Additional Context

relates to #7969

2024-05-29 15:45:46 +00:00

Livio Spring

fb162a7d75

fix(login): improve auth handlers (#7969 )

# Which Problems Are Solved

During the implementation of #7486 it was noticed, that projections in
the `auth` database schema could be blocked.
Investigations suggested, that this is due to the use of
[GORM](https://gorm.io/index.html) and it's inability to use an existing
(sql) transaction.
With the improved / simplified handling (see below) there should also be
a minimal improvement in performance, resp. reduced database update
statements.

# How the Problems Are Solved

The handlers in `auth` are exchanged to proper (sql) statements and gorm
usage is removed for any writing part.
To further improve / simplify the handling of the users, a new
`auth.users3` table is created, where only attributes are handled, which
are not yet available from the `projections.users`,
`projections.login_name` and `projections.user_auth_methods` do not
provide. This reduces the events handled in that specific handler by a
lot.

# Additional Changes

None

# Additional Context

relates to #7486

2024-05-22 15:26:02 +00:00

3 Commits