Commit Graph

574 Commits

Author SHA1 Message Date
Mostafa Galal
4eeb2be36a fix: Negative values allowed by spinners of Login Lifetimes inputs (#8694)
Some checks are pending
ZITADEL CI/CD / core (push) Waiting to run
ZITADEL CI/CD / console (push) Waiting to run
ZITADEL CI/CD / version (push) Waiting to run
ZITADEL CI/CD / compile (push) Blocked by required conditions
ZITADEL CI/CD / core-unit-test (push) Blocked by required conditions
ZITADEL CI/CD / core-integration-test (push) Blocked by required conditions
ZITADEL CI/CD / lint (push) Blocked by required conditions
ZITADEL CI/CD / container (push) Blocked by required conditions
ZITADEL CI/CD / e2e (push) Blocked by required conditions
ZITADEL CI/CD / release (push) Blocked by required conditions
Code Scanning / CodeQL-Build (go) (push) Waiting to run
Code Scanning / CodeQL-Build (javascript) (push) Waiting to run
# Which Problems Are Solved

Previously, the login lifetime input fields allowed negative values and,
in some cases, zero values, which were not valid according to the
business rules.

# How the Problems Are Solved

The issue was resolved by adding min and step properties to the relevant
HTML input fields. This ensures that only valid values are entered,
adhering to the specific requirements for each field.

Co-authored-by: Max Peintner <max@caos.ch>
2024-10-25 10:44:15 +02:00
Mark Stosberg
70449caafb docs: standardize multi-factor spelling and related string updates (#8752)
Some checks are pending
Code Scanning / CodeQL-Build (javascript) (push) Waiting to run
ZITADEL CI/CD / core (push) Waiting to run
ZITADEL CI/CD / console (push) Waiting to run
ZITADEL CI/CD / version (push) Waiting to run
ZITADEL CI/CD / compile (push) Blocked by required conditions
ZITADEL CI/CD / core-unit-test (push) Blocked by required conditions
ZITADEL CI/CD / core-integration-test (push) Blocked by required conditions
ZITADEL CI/CD / lint (push) Blocked by required conditions
ZITADEL CI/CD / container (push) Blocked by required conditions
ZITADEL CI/CD / e2e (push) Blocked by required conditions
ZITADEL CI/CD / release (push) Blocked by required conditions
Code Scanning / CodeQL-Build (go) (push) Waiting to run
- **docs: s/Secondfactor/Second factor/**
- **docs: s/IDP/IdP/**
- **docs: s/Hardwaretokens/Hardware tokens/**
- **docs: standardize multi-factor vs multi factor vs multifactor**

# Which Problems Are Solved

 - English strings are improved

# How the Problems Are Solved

 - With better strings

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-10-22 14:59:16 +00:00
TrueQAP
c455b8b1eb feat(i18n): Add Hungarian language support to ZITADEL (#8645)
- Fully translated all UI elements, documentation, and error messages
- Added Hungarian as a new supported language option
- Updated language selection menus and related configuration files
- Ensured consistency across all translated content

# Which Problems Are Solved

- ZITADEL was not accessible for Hungarian-speaking users due to lack of
language support
- Hungarian users had to rely on English or other languages to use the
platform
- Potential user base was limited due to language barrier

# How the Problems Are Solved

- Translated all user interface elements, including console and login
interfaces
- Translated all documentation files to Hungarian
- Added Hungarian translations for all error messages and notifications
- Implemented Hungarian as a selectable language option in the system

# Additional Changes

- Updated language selection menus to include Hungarian
- Modified configuration files to support Hungarian language
- Ensured consistent terminology and style across all translated content
- Added Hungarian language option to relevant dropdown menus and
settings

# Additional Context

- Relates to the ongoing internationalization efforts of ZITADEL
- Enhances accessibility for Hungarian-speaking developers and users
- Expands ZITADEL's potential user base in Hungary and
Hungarian-speaking regions

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-10-11 09:00:50 +00:00
Elio Bischof
464ca0bd00 fix: always create SAML with metadata (#8696)
# Which Problems Are Solved

Adding a SAML IDPs with an empty metadata XML and URL leads to failed
projection events. The main IDP template projection succeeds, but the
subtable projection for SAML template fails, because the metadata field
is not nullable in that table. The SAML IDP shows up in list queries,
because the list method only queries the main template projection.
However, getting a SAML IDP created without metadata by ID misses the
SAML specific IDP data.

# How the Problems Are Solved

- The command for adding a SAML IDP properly ensures that non-empty
metadata is either given by XML or resolved by URL.
- The console doesn't send requests with empty metadata anymore. This
works by explicitly setting a single oneof option for either XML or URL
and emptying the other one.

# Additional Context

Closes #8443
2024-10-11 08:09:51 +00:00
Livio Spring
14e2aba1bc feat: Add Twilio Verification Service (#8678)
# Which Problems Are Solved
Twilio supports a robust, multi-channel verification service that
notably supports multi-region SMS sender numbers required for our use
case. Currently, Zitadel does much of the work of the Twilio Verify (eg.
localization, code generation, messaging) but doesn't support the pool
of sender numbers that Twilio Verify does.

# How the Problems Are Solved
To support this API, we need to be able to store the Twilio Service ID
and send that in a verification request where appropriate: phone number
verification and SMS 2FA code paths.

This PR does the following: 
- Adds the ability to use Twilio Verify of standard messaging through
Twilio
- Adds support for international numbers and more reliable verification
messages sent from multiple numbers
- Adds a new Twilio configuration option to support Twilio Verify in the
admin console
- Sends verification SMS messages through Twilio Verify
- Implements Twilio Verification Checks for codes generated through the
same

# Additional Changes

# Additional Context
- base was implemented by @zhirschtritt in
https://github.com/zitadel/zitadel/pull/8268 ❤️
- closes https://github.com/zitadel/zitadel/issues/8581

---------

Co-authored-by: Zachary Hirschtritt <zachary.hirschtritt@klaviyo.com>
Co-authored-by: Joey Biscoglia <joey.biscoglia@klaviyo.com>
2024-09-26 09:14:33 +02:00
Livio Spring
ca1914e235 fix: user grants deactivation (#8634)
# Which Problems Are Solved

ZITADEL's user grants deactivation mechanism did not work correctly.
Deactivated user grants were still provided in token, which could lead
to unauthorized access to applications and resources.
Additionally, the management and auth API always returned the state as
active or did not provide any information about the state.

# How the Problems Are Solved

- Correctly check the user grant state on active for tokens and user
information (userinfo, introspection, saml attributes)
- Map state in API and display in Console
2024-09-17 12:18:29 +00:00
Stefan Benz
289378713e fix: smtp provider (#8610)
There were some problems after changing from SMTP providers to email
providers (https://github.com/zitadel/zitadel/pull/8545):
- panic (nil pointer) on SMTP provider retrieval for HTTP configs
- old SMTP configuration created before the multi SMTP configurations
(without id)
  - were not projected / listed
  - could not be always be activated
- Console treated HTTP configs as SMTP

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-09-13 13:22:25 +00:00
Max Peintner
f6da528296 fix(console): dynamic documentation button (#8596)
This PR makes the documenation dynamic according to the external links
2024-09-11 12:55:19 +00:00
Stygmates
05af47b9ab feat(console): Display seconds and milliseconds in the tooltip of the user audit log (#8495)
# Which Problems Are Solved

The exact timestamp including the seconds and milliseconds in the user
audit log is not shown, either in the direct log or in the tooltip that
appears when hovering over the item.


![353743484-e9f18fa8-4691-4e8f-a0c9-e223e2c48ffe](https://github.com/user-attachments/assets/aaeff804-62a6-435d-a15d-e0d05106e6b5)


# How the Problems Are Solved

The exact timestamp is added to the tooltip that appears when hovering
over the item.


![image](https://github.com/user-attachments/assets/d1052d85-1558-45f4-9d7f-49340acc684e)

# Additional Changes

None

# Additional Context
- Closes #8371

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <fabienne@zitadel.com>
2024-09-11 11:52:44 +00:00
Livio Spring
a07b2f4677 feat: invite user link (#8578)
# Which Problems Are Solved

As an administrator I want to be able to invite users to my application
with the API V2, some user data I will already prefil, the user should
add the authentication method themself (password, passkey, sso).

# How the Problems Are Solved

- A user can now be created with a email explicitly set to false.
- If a user has no verified email and no authentication method, an
`InviteCode` can be created through the User V2 API.
  - the code can be returned or sent through email
- additionally `URLTemplate` and an `ApplicatioName` can provided for
the email
- The code can be resent and verified through the User V2 API
- The V1 login allows users to verify and resend the code and set a
password (analog user initialization)
- The message text for the user invitation can be customized

# Additional Changes

- `verifyUserPasskeyCode` directly uses `crypto.VerifyCode` (instead of
`verifyEncryptedCode`)
- `verifyEncryptedCode` is removed (unnecessarily queried for the code
generator)

# Additional Context

- closes #8310
- TODO: login V2 will have to implement invite flow:
https://github.com/zitadel/typescript/issues/166
2024-09-11 10:53:55 +00:00
Mark Stosberg
762efd0a20 docs: some English spelling and grammar fixes (#8592)
- English typo and grammar fixes.

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-09-11 06:51:01 +00:00
Livio Spring
382a97c30f feat(oidc): end session by id_token_hint and without cookie (#8542)
# Which Problems Are Solved

The end_session_endpoint currently always requires the userAgent cookie
to be able to terminate session created through the hosted login UI.
Only tokens issued through the Login V2 can be used to directly
terminate a specific session and without the need of a cookie.
This PR adds the possibility to terminate a single V1 session or all V1
sessions belonging to the same user agent without the need of the
userAgent cookie by providing an id_token as `id_token_hint` which
contains the id of a V1 session as `sid`.

# How the Problems Are Solved

- #8525 added the `sid` claim for id_tokens issued through the login UI
- The `sid` can now be checked for the `V1_` prefix and queries for
either the userAgentID and depending on the
`OIDCSingleV1SessionTermination` flag all userIDs of active session from
the same user agent id
- The `OIDCSingleV1SessionTermination` flag is added with default value
false to keep the existing behavior of terminating all sessions even in
case of providing an id_token_hint

# Additional Changes

- pass `context.Context` into session view functions for querying the
database with that context

# Additional Context

- relates to #8499 
- closes #8501
2024-09-04 10:14:50 +00:00
Stygmates
d47ce93025 fix(console): Verify if the LDAP IDP has just been created (#8496)
# Which Problems Are Solved

After the creation of an LDAP IDP on instance or org level, the button
changes to 'Save' and with each click a new IDP will be created.

# How the Problems Are Solved

Similar to what was done in #7572, we check if the IDP was just created

# Additional Changes

None

# Additional Context

- Closes #8444
- Follow-up for PR #7572

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-09-04 05:52:42 +00:00
Eko Eryanto
889201568d feat: add indonesia translation (#8459)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-09-03 16:05:47 +00:00
Livio Spring
ca8f82423a fix: automatically link user without prompt (#8487)
# Which Problems Are Solved

There were UX issue with the autolinking prompt page and users were not
able to link their account or would not understand what to do. Since the
trust to the IdP is already bound by the configuration, the user can
directly be linked without any user input.

# How the Problems Are Solved

- remove the prompt page and directly link the user if possible
- remove corresponding customization texts from the API and Console

# Additional Changes

None

# Additional Context

- relates to https://github.com/zitadel/zitadel/issues/7977
- discussed with customers
- created as a `fix` to be able to backport

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-08-28 05:33:20 +00:00
Max Peintner
5faaf87b22 fix(console): change external links dynamically (#8423)
This PR fixes a problem, where the external links were not replaced
dynamically on an org change.
2024-08-26 08:07:23 +00:00
Elio Bischof
fdf0434133 fix(console): remove navigation flakiness (#8439)
# Which Problems Are Solved

The navigation in the console default settings is flaky. Sometimes it
arbitrarily jumps to the organizations page.

# How the Problems Are Solved

The lifecycle hooks were extended to react differently to changes that
come from 'outside' and from the component itself.

# Additional Changes

The e2e tests are supposed to run against Firefox and Chrome. However
they are run twice against Electon. Fixing this revealed the console
navigation flakiness that was less visible on Electron.

The following issues are also fixed with this PR to reduce flakiness in
e2e tests.

- The custom command in the pipeline is removed from the e2e action
step, so the browser argument is respected.
- The npm packages of the e2e tests are updated to their latest version.
- Notification tests run against a clean state now so they don't depend
on each other anymore. This resolved some flakiness and improved
debuggability of the tests.
- E2E page load timeout is increased, reducing flakiness.
- E2E tests wait on some elements to be enabled before they interact
with them, reducing flakiness.

# Additional Context

- Closes #8404 
- Follow-up: https://github.com/zitadel/zitadel/issues/8471

The e2e tests ran three times in a row successfully in the pipeline
against both browsers.

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-08-22 09:48:36 +02:00
Livio Spring
11d01b9b35 fix(console): allow user filtering with read permission (#8152)
# Which Problems Are Solved

The filter option was not displayed on the user list page for users who
only have `user.read` permission, e.g. an IAM_OWNER_VIEWER or
ORG_OWNER_VIEWER

# How the Problems Are Solved

- Filter is correctly displayed.

# Additional Changes

None.

# Additional Context

- noticed by a customer
- needs backports
2024-08-15 22:08:52 +00:00
Livio Spring
e2e1100124 feat(idp): provide auto only options (#8420)
# Which Problems Are Solved

As of now, **automatic creation** and **automatic linking options** were
only considered if the corresponding **allowed option** (account
creation / linking allowed) was enabled.

With this PR, this is no longer needed and allows administrators to
address cases, where only an **automatic creation** is allowed, but
users themselves should not be allowed to **manually** create new
accounts using an identity provider or edit the information during the
process.
Also, allowing users to only link to the proposed existing account is
now possible with an enabled **automatic linking option**, while
disabling **account linking allowed**.

# How the Problems Are Solved

- Check for **automatic** options without the corresponding **allowed**
option.
- added technical advisory to notify about the possible behavior change

# Additional Changes

- display the error message on the IdP linking step in the login UI (in
case there is one)
- display an error in case no option is possible
- exchanged deprecated `eventstoreExpect` with `expectEventstore` in
touched test files

# Additional Context

closes https://github.com/zitadel/zitadel/issues/7393

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-08-14 13:04:26 +00:00
Livio Spring
189505c80f fix: sanitize output for email (#8373)
# Which Problems Are Solved

ZITADEL uses HTML for emails and renders certain information such as
usernames dynamically. That information can be entered by users or
administrators. Due to a missing output sanitization, these emails could
include malicious code.
This may potentially lead to a threat where an attacker, without
privileges, could send out altered notifications that are part of the
registration processes. An attacker could create a malicious link, where
the injected code would be rendered as part of the email.

During investigation of this issue a related issue was found and
mitigated, where on the user's detail page the username was not
sanitized and would also render HTML, giving an attacker the same
vulnerability.

While it was possible to inject HTML including javascript, the execution
of such scripts would be prevented by most email clients and the Content
Security Policy in Console UI.

# How the Problems Are Solved

- All arguments used for email are sanitized (`html.EscapeString`)
- The email text no longer `html.UnescapeString` (HTML in custom text is
still possible)
- Console no longer uses `[innerHtml]` to render the username

# Additional Changes

None

# Additional Context

- raised via email

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-07-31 14:21:10 +02:00
Max Peintner
918736c026 chore(console): upgrade dependencies (#8368)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-30 16:12:39 +02:00
Max Peintner
51210c8e34 fix(console): fill cachedorgs when read from local storage (#8363)
This fixes a problem where the org settings were hidden.
The console reads the context from either a query param or the local
storage. When one context was found, it executed a single request with
orgId filter. This let to a single org and then to a hidden org setting,
as we hide org settings for instances with a single result.
2024-07-30 11:38:20 +00:00
RedstonePfalz
57428a1281 fix: Fixed more spelling and grammar misstakes (#8359)
# Which Problems Are Solved

I fixed more spelling and grammar misstakes in the German language
files.

# Additional Context

- Follow-up for PR #8240

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-07-26 11:33:01 +02:00
Livio Spring
8d13247413 revert: "feat(IDP): use single callback endpoint"
This reverts commit e126ccc9aa.

# Which Problems Are Solved

#8295 introduced the possibility to handle idps on a single callback,
but broke current setups.

# How the Problems Are Solved

- Revert the change until a proper solution is found. Revert is needed
as docs were also changed.

# Additional Changes

None.

# Additional Context

- relates to #8295
2024-07-24 12:29:05 +00:00
Elio Bischof
c3f8439a49 fix: vue logout url (#8353)
# Which Problems Are Solved

The default vue logout URL doesn't work with the @zitadel/vue defaults

# How the Problems Are Solved

A trailing slash is added to the default logout URL.

# Additional Context

Found while testing https://github.com/zitadel/zitadel-vue/pull/53
2024-07-24 11:03:02 +02:00
Max Peintner
215dbf0cf6 fix(console): reduce initial load time (#8273)
This reduces the initial payload of the `listMyProjectOrgs` to get the
active org by setting the limit of the initial orgs to 100.

Partial of #8272

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-22 14:18:26 +00:00
Miguel Cabrerizo
b3a60863f5 feat(console): replace secret generator dialogs with cards (#8307) 2024-07-18 05:33:10 +00:00
Livio Spring
e126ccc9aa feat(IDP): use single callback endpoint (#8295)
# Which Problems Are Solved

Both the login UI and the IdP intent flow have their own IdP callback
endpoints.

This makes configuration hard to impossible (e.g. Github only allows one
endpoint) for customers.

# How the Problems Are Solved

- The login UI prefixes the `state` parameter when creating an auth /
SAML request.
- All requests now use the `/idp/callback` or the corresponding
variation (e.g. SAML)
- On callback, the state, resp. its prefix is checked. In case of the
login UI prefix, the request will be forwarded to the existing login UI
handler without the prefix state.
Existing setups will therefore not be affected and also requests started
before this release can be handled without any impact.
- Console only lists the "new" endpoint(s). Any
`/login/externalidp/callback` is removed.

# Additional Changes

- Cleaned up some images  from the IdP documentation.
- fix the error handling in `handleExternalNotFoundOptionCheck`

# Additional Context

- closes #8236
2024-07-16 13:58:22 +00:00
Fabi
3d45c5dee5 fix: fix wrong translation (#8309)
# Which Problems Are Solved

In the console a wrong translation is shown for the password re auth
time, it is shown that it is the time after which users have to renew
their password, but it is the time, after which they have to
authenticate again with their password

# How the Problems Are Solved

Translations are changed in all languages

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-16 11:15:10 +00:00
Miguel Cabrerizo
832a55a78e feat(console): note about function names must match in action dialog (#8294)
# Which Problems Are Solved

- A note should be added to the ZITADEL management console showing that
the name and function in the javascript have to be the same

# How the Problems Are Solved

- A new cnsl-info-section is added to the create/update action dialog

# Additional Context

Here's a screenshot showing the note:

![Captura desde 2024-07-12
13-08-35](https://github.com/user-attachments/assets/62de5491-1895-4101-8bcf-1c8433661fd2)

- Closes #7874

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-07-15 15:16:36 +00:00
Max Peintner
9d29098aa6 fix(console): identity provider title layout (#8302)
# Which Problems Are Solved

Fixes the alignment of the identity provider layouts

<img width="432" alt="Screenshot 2024-07-15 at 08 42 21"
src="https://github.com/user-attachments/assets/c45e4226-fc7e-4b5e-a25b-164bd31864c5">

# Context

- noted internally while implementing
https://github.com/zitadel/zitadel/pull/8295

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-15 11:25:59 +00:00
Miguel Cabrerizo
ffe73645e8 fix(console): missing styles for ProfilePictureComponent dialog (#8293)
# Which Problems Are Solved

- The UI layout is broken in Upload your Profile Picture

# How the Problems Are Solved

- MatDialog module was missing

# Additional Context

Here's a screenshot showing the fix

![Captura desde 2024-07-12
12-18-43](https://github.com/user-attachments/assets/7a01fa0e-3e89-4679-9606-085610f5adfe)

- Closes #8284

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-07-15 09:31:46 +00:00
Andy Vo
c17ab9f82a feat(console): add tooltip for indicator on inherit button in feature settings (#8238)
# Which Problems Are Solved

- Bubble indicator on inherit button in feature settings is not clear on
what system default behavior is inherited

# How the Problems Are Solved

- Creates tooltip to show what system default behavior is inherited when
cursor hovers over indicator. When indicator is red "Disabled" is
inherited and when the indicator is green "Enabled" is inherited.


![Zitadel_Inherit_Indicator_Disabled](https://github.com/zitadel/zitadel/assets/121371226/2b90cd79-09bf-499f-bf85-f499dccf5b96)


![Zitadel_Inherit_Indicator_Enabled](https://github.com/zitadel/zitadel/assets/121371226/98a838ec-d228-4974-b251-96e548163222)

# Additional Changes

- Adds translations for indicator tooltip message

# Additional Context

- Closes #8129 
- https://discord.com/channels/927474939156643850/1250477939431178363

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-07-04 13:06:52 +02:00
Daniel Moisa
d9a9c013a6 feat: add expiry and domain chip to sms and email otp (#8163)
# Which Problems Are Solved

There are some undocumented parameters that can be used. A good example
is on the "Verify SMS OTP" page.

# How the Problems Are Solved

Expiry and Domain chips are added to the Verify SMS OTP and Verify Email
OTP message text configs in the console.

# Additional Context

- Closes #7134

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-07-04 09:04:22 +00:00
Miguel Cabrerizo
50c1d638d7 fix: add a height element to mat-calendar-table-header that works for FF (#8159)
# Which Problems Are Solved

- In Firefox there's an issue with mat-calendar. The header for days of
the week has a height that fills the entire space making dates to
overlap. This happens for both Personal Access Tokens and Keys dialogs.


![image](https://github.com/zitadel/zitadel/assets/30386061/78cc183d-f73d-4667-9281-64981092cc3e)

# How the Problems Are Solved

- In FF there seems to be a problem with the following style in
tables.scss. If I remove that style in FF everything works fine:

```
th,
  td {
    padding: 0 0.5rem !important;
  }
```
Although I tried to override it or remove !important I didn't like the
idea of having side effects all around the tables. As the issue was the
height for the header I tried to add a fixed height for the th elements
using a new specific selector in the tables.scss file. That way FF seems
to calculate the right height for the header and dates are shown
correctly.

If @peintnermax agrees maybe an issue can be opened for a future work to
remove as many !important properties as possible

Here's a screenshot for FF 


![image](https://github.com/zitadel/zitadel/assets/30386061/6d9e47d3-8cc1-4d45-a01d-8d7a00eb010b)

And another one for Chrome


![image](https://github.com/zitadel/zitadel/assets/30386061/ca83a004-9d12-4182-a768-61dc943a1aa2)

Maybe it's not too elegant but as it seems a bug on Firefox I think it's
a contained solution.

# Additional Context

- Closes #7877

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-04 07:29:18 +00:00
Fabi
637f441a7d fix: change saml sp to saml idp (#8233)
# Which Problems Are Solved

In the configuration of external idps we show SAML SP as provider which
is confusing, as it is a SAML IdP which is configured

# How the Problems Are Solved

Rename SAML SP to SAML IdP
2024-07-03 13:43:20 +02:00
Miguel Cabrerizo
728158298d fix(console): filters on user's list ignored if you go back from user details (#8180)
# Which Problems Are Solved

- As @stebenz reported, if we apply some user filters and show user's
details clicking on the table's entry, if we go back again (maybe the
action has to be repeated many times to see the error in action) the
filter seems to be ignored and the table shows all users.

# How the Problems Are Solved

- There's an issue with getting data for the user's table. On ngOnInit
the data is retrieved but also the data is retrieved again when the
filter is applied after going back from the user details view. Due to
asynchronous calls there are some times when the getData, called from
ngOnInit, finishes after the call from applySearchQuery, which applies
the filter, and that's why the data in the tables shows unfiltered data.
In the screenshot we see that we get two results from ngOnInit call
after getting the filtered data (1 result) overwriting the filtered
results.

![Captura desde 2024-06-23
14-02-30](https://github.com/zitadel/zitadel/assets/30386061/fdfa8353-04c6-4892-bd39-aa75dd4d2049)

- I've added a check on ngOnInit that verifies if we have already a
filter (query params) which means that we don't need to getData there as
the filter and getData is going to be applied when applySearchQuery is
called. Here's a video checking that the issue no longer happens:


https://github.com/zitadel/zitadel/assets/30386061/9907d94f-1326-4975-8664-2a0ff51f4568

# Additional Changes

- I think it's better to change the button text to apply the filter from
Finish to Apply

# Additional Context

- Closes #8049
2024-06-28 13:04:05 +00:00
Miguel Cabrerizo
da592ccf57 fix(console): minor UI issues (#8192)
# Which Problems Are Solved

- The console has some dialog UI issues reported in #7404 
- There's some horizontal scrolling in dialogs due to field errors width
overflow. In dialogs like Twilio or add flow the x-scroll show always.

![action_trigger_scroll](https://github.com/zitadel/zitadel/assets/30386061/6b574dd7-e309-4a21-a34a-6a1a98ef57ab)

![twilio_scroll](https://github.com/zitadel/zitadel/assets/30386061/48bf5af8-a8cd-4594-acf6-ef61b678443a)

- New Factor MFA title has no styles applied
![Captura desde 2024-06-25
08-37-40](https://github.com/zitadel/zitadel/assets/30386061/931419b4-7f37-4cd1-9b37-9b7fa9ff8453)

# How the Problems Are Solved

- A new style for field wrappers inside mat-dialog-component to
form-field scss that sets width to auto.
- This PR fix a missing MFA mat-dialog-title to apply styles to New
Factor title
- Issues with secret generators had been already fixed in #8141
- Issues with padding for Twilio and Actions were fixed by @peintnermax

# Additional Changes


# Additional Context

- Closes #7404

---------

Co-authored-by: Max Peintner <max@caos.ch>
2024-06-27 09:40:00 +00:00
Miguel Cabrerizo
88182f98ba fix: replace Instance Settings with Default Settings in i18n and docs (#8143)
# Which Problems Are Solved

- The console shows the Instance Settings title and a description.
Instance settings should be replaced with Default settings

# How the Problems Are Solved

- The DESCRIPTIONS.SETTINGS.INSTANCE.TITLE and
DESCRIPTIONS.SETTINGS.INSTANCE.DESCRIPTION have been replaced with
Default Settings and in the corresponding translation files.

Here's a screenshot:


![image](https://github.com/zitadel/zitadel/assets/30386061/b404f209-2043-414c-b06d-3291771d54fb)

# Additional Changes

- The docs have been updated to replace remaining texts mentioning
Instance Settings with Default Settings
- Two unused texts have been deleted from the translation files
- VSCode with Prettier have applied some markdown changes

# Additional Context

- Closes #7632

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-06-25 09:18:06 +00:00
Miguel Cabrerizo
3635320ce8 feat: send test mail (#7968)
# Which Problems Are Solved

- Zitadel doesn't have a way to test SMTP settings either before
creating a new provider or once the SMTP provider has been created.
- Zitadel SMTP messages can be more informative for usual errors

# How the Problems Are Solved

- A new step is added to the new/update SMTP provider wizard that allows
us to test a configuration. The result is shown in a text area.
- From the table of SMTP providers you can test your settings too.
- The email address to send the email is by default the email address
for the logged in user as suggested.
- Some of the SMTP error messages have been changed to give more
information about the possible situation. For example: could not contact
with the SMTP server, check the port, firewall issues... instead of
could not dial

Here's a video showing this new option in action:


https://github.com/zitadel/zitadel/assets/30386061/50128ba1-c9fa-4481-8eec-e79a3ca69bda

# Additional Changes

Replace this example text with a concise list of additional changes that
this PR introduces, that are not directly solving the initial problem
but are related.
For example:
- The docs explicitly describe that the property XY is mandatory
- Adds missing translations for validations.

# Additional Context

- Closes #4504
2024-06-20 19:51:42 +00:00
Livio Spring
fb8cd18f93 feat: password age policy (#8132)
# Which Problems Are Solved

Some organizations / customers have the requirement, that there users
regularly need to change their password.
ZITADEL already had the possibility to manage a `password age policy` (
thought the API) with the maximum amount of days a password should be
valid, resp. days after with the user should be warned of the upcoming
expiration.
The policy could not be managed though the Console UI and was not
checked in the Login UI.

# How the Problems Are Solved

- The policy can be managed in the Console UI's settings sections on an
instance and organization level.
- During an authentication in the Login UI, if a policy is set with an
expiry (>0) and the user's last password change exceeds the amount of
days set, the user will be prompted to change their password.
- The prompt message of the Login UI can be customized in the Custom
Login Texts though the Console and API on the instance and each
organization.
- The information when the user last changed their password is returned
in the Auth, Management and User V2 API.
- The policy can be retrieved in the settings service as `password
expiry settings`.

# Additional Changes

None.

# Additional Context

- closes #8081

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-06-18 11:27:44 +00:00
Miguel Cabrerizo
7576f09de6 fix: pat token overflow in dialog (#8131)
# Which Problems Are Solved

@mffap reported in issue #8084 that there was an oferflow error when the
PAT token was displayed which made copying it almost impossible

# How the Problems Are Solved

It seems there was an issue with the token text not wrapping well as the
token is a long word. Sometimes the token was displayed well but it was
only because the token contains hyphens that made the text go into a new
line but if no hyphen was there there was an overflow issue.

I've used a new class for the token to be displayed and used the css
properties explained in
[mdn](https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_text/Wrapping_breaking_text)

```
overflow-wrap: break-word;
word-break: break-all;

```

Here's a video showing the fix in action:


https://github.com/zitadel/zitadel/assets/30386061/096de18d-4424-46b8-a287-cce6539c2053

# Additional Context

- Closes #8084

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-06-17 12:19:19 +00:00
Daniel Moisa
efcb41398d fix(8076): last name chip on text messages (#8147)
# Which Problems Are Solved

fix {{.Lastname}} chip on test message settings

# How the Problems Are Solved

{{.LastName}} should appear in the text field

# Additional Changes

No additional changes

# Additional Context

- Closes #8076

Co-authored-by: Daniel Moisa <dani93moisa@gmail.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
2024-06-17 11:54:43 +00:00
Miguel Cabrerizo
a873d960d1 fix: show "Default settings" for small screens < 600px (#8144)
# Which Problems Are Solved

- For devices with screen width lower than 600 px the "Default Settings"
button is not shown unless you put the device in landscape mode

# How the Problems Are Solved

- I've modified the styles so this button is always displayed (I've
tested up to 350 px devices) but for devices width lower than 375px the
font size will be x-small. Thanks to the cog icon and the smaller text
if seems to work fine

Here are two screenshots for a 400 px device:

![Captura desde 2024-06-14
18-31-52](https://github.com/zitadel/zitadel/assets/30386061/1734dc77-312b-4c93-baa7-8d5e90ad68f3)

and a 360 px device:

![Captura desde 2024-06-14
18-32-45](https://github.com/zitadel/zitadel/assets/30386061/37876f26-e097-47af-bf06-b4cc67fcbfb8)

# Additional Context

- Closes #7574
2024-06-17 11:31:11 +00:00
Miguel Cabrerizo
8daaf3d199 fix: mdc dialog styles not being applied to secret generator module (#8141)
# Which Problems Are Solved

- Styles from the material design component dialog are not being applied
(no padding, wrong theme colors for titles...)

# How the Problems Are Solved

- The MatDialogModule has been added to secret-generator.module.ts so
the styles are applied

Here's a video showing the fix in action:


https://github.com/doncicuto/zitadel/assets/30386061/32567e58-b7d6-48da-8369-b48e23828a5c

# Additional Context

- Closes #8085

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-06-17 10:34:12 +00:00
Jesper We
18222008b6 feat: Contribute i18n swedish language (#8105)
# Which Problems Are Solved

- Swedish speakers cannot use their beautiful native language ;-)

# How the Problems Are Solved

- Contributes Swedish language for Login, Console, common texts and
Emails


# Additional Changes

- none

# Additional Context

- The PR currently provides all translation files according to
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#contribute-internationalization.

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-06-15 13:45:19 +00:00
Max Peintner
7ede3ec189 fix(console): projects descriptions (#8037)
# Which Problems Are Solved

This PR fixes a visualization issue for the projects description
<img width="826" alt="Screenshot 2024-05-29 at 17 05 50"
src="https://github.com/zitadel/zitadel/assets/10165752/18407fad-1e11-47f2-a1df-ba9a5ebf4e69">

# How the Problems Are Solved

The [innerHTML] directive renders the `<br/>` line breaks in the
translation.

# Additional Context

-
https://discord.com/channels/927474939156643850/1245354943926374422/1245354943926374422

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-05-30 15:40:37 +00:00
Livio Spring
ec222a13d7 fix(oidc): IDP and passwordless user auth methods (#7998)
# Which Problems Are Solved

As already mentioned and (partially) fixed in #7992 we discovered,
issues with v2 tokens that where obtained through an IDP, with
passwordless authentication or with password authentication (wihtout any
2FA set up) using the v1 login for zitadel API calls
- (Previous) authentication through an IdP is now correctly treated as
auth method in case of a reauth even when the user is not redirected to
the IdP
- There were some cases where passwordless authentication was
successfully checked but not correctly set as auth method, which denied
access to ZITADEL API
- Users with password and passwordless, but no 2FA set up which
authenticate just wich password can access the ZITADEL API again

Additionally while testing we found out that because of #7969 the login
UI could completely break / block with the following error:
`sql: Scan error on column index 3, name "state": converting NULL to
int32 is unsupported (Internal)`
# How the Problems Are Solved

- IdP checks are treated the same way as other factors and it's ensured
that a succeeded check within the configured timeframe will always
provide the idp auth method
- `MFATypesAllowed` checks for possible passwordless authentication
- As with the v1 login, the token check now only requires MFA if the
policy is set or the user has 2FA set up
- UserAuthMethodsRequirements now always uses the correctly policy to
check for MFA enforcement
- `State` column is handled as nullable and additional events set the
state to active (as before #7969)

# Additional Changes

- Console now also checks for 403 (mfa required) errors (e.g. after
setting up the first 2FA in console) and redirects the user to the login
UI (with the current id_token as id_token_hint)
- Possible duplicates in auth methods / AMRs are removed now as well.

# Additional Context

- Bugs were introduced in #7822 and # and 7969 and only part of a
pre-release.
- partially already fixed with #7992
- Reported internally.
2024-05-28 08:59:49 +00:00
Fuzzbizz
0b366bece6 fix: Service User Description in English localization (#8011)
# Which Problems Are Solved

- The text was in French instead of English

# How the Problems Are Solved

- I wrote the text in English

# Additional Changes

No Additional Changes
# Additional Context

This is a followup to https://github.com/zitadel/zitadel/pull/8007/
which has German in the English file.

---------

Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
2024-05-27 09:30:07 +02:00
Sujoy B
cfa3d013a4 feat: show max password length in complexity components (#7810)
# Which Problems Are Solved

There is confusing ambiguity in the error messages for setting too long
passwords in different places.

# How the Problems Are Solved

A check for maximum password length is added so it's clear that
passwords can't exceed a maximum length of 70 or 72 bytes.
Password validation now provides a live updating check mark or cross
mark to indicate if the maximum length requirement is met.

# Additional Changes

Clarified requirement descriptions on the registration page with
complete sentences.

# Additional Context

Closes #6301

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-05-23 08:07:36 +00:00