Commit Graph

3363 Commits

Author SHA1 Message Date
Livio Spring
f846616a3f
fix: sanitize output for email (#8373)
# Which Problems Are Solved

ZITADEL uses HTML for emails and renders certain information such as
usernames dynamically. That information can be entered by users or
administrators. Due to a missing output sanitization, these emails could
include malicious code.
This may potentially lead to a threat where an attacker, without
privileges, could send out altered notifications that are part of the
registration processes. An attacker could create a malicious link, where
the injected code would be rendered as part of the email.

During investigation of this issue a related issue was found and
mitigated, where on the user's detail page the username was not
sanitized and would also render HTML, giving an attacker the same
vulnerability.

While it was possible to inject HTML including javascript, the execution
of such scripts would be prevented by most email clients and the Content
Security Policy in Console UI.

# How the Problems Are Solved

- All arguments used for email are sanitized (`html.EscapeString`)
- The email text no longer `html.UnescapeString` (HTML in custom text is
still possible)
- Console no longer uses `[innerHtml]` to render the username

# Additional Changes

None

# Additional Context

- raised via email

---------

Co-authored-by: peintnermax <max@caos.ch>
(cherry picked from commit 189505c80f)
2024-07-31 14:34:07 +02:00
Max Peintner
fd57ffc345
fix(console): fill cachedorgs when read from local storage (#8363)
This fixes a problem where the org settings were hidden.
The console reads the context from either a query param or the local
storage. When one context was found, it executed a single request with
orgId filter. This let to a single org and then to a hidden org setting,
as we hide org settings for instances with a single result.

(cherry picked from commit 51210c8e34)
2024-07-31 07:10:58 +02:00
Stefan Benz
ce29a78d1b
feat: api v2beta to api v2 (#8283)
# Which Problems Are Solved

The v2beta services are stable but not GA.

# How the Problems Are Solved

The v2beta services are copied to v2. The corresponding v1 and v2beta
services are deprecated.

# Additional Context

Closes #7236

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
(cherry picked from commit 7d2d85f57c)
2024-07-29 12:50:41 +02:00
Stefan Benz
40c348a75e
feat: api v2beta to api v2 protos (#8343)
# Which Problems Are Solved

The go linter can't limit the checks to the diff in
https://github.com/zitadel/zitadel/pull/8283 because it's too large

# How the Problems Are Solved

The protos from https://github.com/zitadel/zitadel/pull/8283 are merged
separately

# Additional Context

Contributes to #7236

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
(cherry picked from commit bc16962aac)
2024-07-29 12:50:40 +02:00
Livio Spring
24ab096e13
Merge branch 'refs/heads/main' into next 2024-07-24 15:47:02 +02:00
Joey Biscoglia
f34897a8c8
feat: add delete phone endpoint to v2 api (#8321)
# Which Problems Are Solved

- Adds delete phone endpoint to v2 api

# How the Problems Are Solved

- Adds new endpoint with DELETE method to /v2beta/users/:userId/phone
which removes currently set phone number

# Additional Changes

- Added integration test for new endpoint.

# Additional Context

- Solves
https://discord.com/channels/927474939156643850/1255557862286032996
2024-07-24 13:46:07 +00:00
Livio Spring
8d13247413
revert: "feat(IDP): use single callback endpoint"
This reverts commit e126ccc9aa.

# Which Problems Are Solved

#8295 introduced the possibility to handle idps on a single callback,
but broke current setups.

# How the Problems Are Solved

- Revert the change until a proper solution is found. Revert is needed
as docs were also changed.

# Additional Changes

None.

# Additional Context

- relates to #8295
2024-07-24 12:29:05 +00:00
Elio Bischof
c3f8439a49
fix: vue logout url (#8353)
# Which Problems Are Solved

The default vue logout URL doesn't work with the @zitadel/vue defaults

# How the Problems Are Solved

A trailing slash is added to the default logout URL.

# Additional Context

Found while testing https://github.com/zitadel/zitadel-vue/pull/53
2024-07-24 11:03:02 +02:00
mffap
91dcebbfc9
docs(migrate): update password section (#8232)
# Which Problems Are Solved

Password reset in combination of md5 was not clear

# How the Problems Are Solved

Some additional information in the docs
2024-07-23 14:13:35 +00:00
Silvan
f8b711ca5c
docs(actions): correct actions examples (#8350)
# Which Problems Are Solved

The docs currently link to the wrong trigger.

# How the Problems Are Solved

Changed the links.
2024-07-23 15:45:11 +02:00
Max Peintner
215dbf0cf6
fix(console): reduce initial load time (#8273)
This reduces the initial payload of the `listMyProjectOrgs` to get the
active org by setting the limit of the initial orgs to 100.

Partial of #8272

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-22 14:18:26 +00:00
Livio Spring
0e99c8356a
fix: correctly check user auth methods and enable button (#8342)
# Which Problems Are Solved

#8291 added backwards compatibilty for users who were created through
the user V2 API and want to sign in to the login UI.
There were however to issues, where users might be prompted to set a
password even if they already had one set or they would not be able to
submit the email verification code.

# How the Problems Are Solved

- Replaced `SearchUserAuthMethods `with `ListUserAuthMethodTypes` to
check for set up auth methods.
- Fixed page / javascript to disable submit button.

# Additional Changes

- Changed `ListActiveUserAuthMethodTypes ` to `ListUserAuthMethodTypes`
and a `activeOnly` boolean parameter

# Additional Context

- relates to #8291
- noticed internally on QA
2024-07-22 14:46:27 +02:00
Silvan
8f300f0a96
chore: set defaults for fields projections (#8311)
# Which Problems Are Solved

Bigger systems need to process many events during the initialisation
phase of the `eventstore.fields`-table. During setup these calls can
time out.

# How the Problems Are Solved

Changed the default behaviour of these projections to not time out and
increased the bulk limit.

(cherry picked from commit 6c1df83071)
2024-07-22 13:55:16 +02:00
Zach H
6a97be7bde
fix: always use pgxpool config if MaxOpenConns isn't set (#8328)
# Which Problems Are Solved

- `pgxpool -> pgx` dependency throws "MaxSize must be >= 1" on init if
`postgres.MaxOpenConns` isn't set in the ZItadel config

# How the Problems Are Solved

Only override the `MaxConns` with the Zitadel configured `MaxOpenConns`
if greater than 0 (default value). The default `MaxConns` [is derived by
`pgxpool`](ea9610f672/pgxpool/pool.go (L309-L324))
itself in a sensible way, but somewhat undocumented: checks for explicit
config in connection url or config and falls back on max(num_cpus, 4).

# Additional Changes

Applied same check in cockroach config

# Additional Context

This is likely a regression from the changes in
https://github.com/zitadel/zitadel/pull/8325

(cherry picked from commit e009ed9fe4)
2024-07-22 13:29:09 +02:00
Harsha Reddy
07210a0d60
fix: update IDP Success and Failure URLs to accept up to 2048 characters (#8327)
# Which Problems Are Solved

The success and failure URLs post IDP intent are limited to 200
characters. This is very low given the standard for URL lengths is much
higher
https://www.baeldung.com/cs/max-url-length#maximum-length-of-a-url-in-different-browsers

Name of the Browser | URL Length
-- | --
Google Chrome | Maximum of 2048 characters for a URL
Mozilla Firefox | The address bar no longer shows the URL after 65536
characters
Internet Explorer | Maximum length of the URL is 2083 characters
Safari | Supports up to 80000 characters for a URL
Opera | Can display up to 190000 characters in its address bar
Apache | Supports a maximum of 4000 characters

The user post SSO login w/ Zitadel, sees deep links to out app e.g.
`www.mycompany.com/idp/success?deeplink=app/mypage/id/test#thing=abcdef`
and these are usually greater than 200 characters.

# How the Problems Are Solved

Replace this example text with a concise list of changes that this PR
introduces.
- Update validation check for SuccessURL length on v2 and v3 APIs to a
max of 2048 characters
- Update validation check for FailureURL length on v2 and v3 APIs to a
max of 2048 characters

I didn't find any docs t update reflecting this change in length

# Additional Context
Fixes the error

```<PreparedRequest [POST]>, status: 400, reason: Bad Request, response: {"code":3,"message":"invalid StartIdentityProviderIntentRequest.Urls: embedded message failed validation | caused by: invalid RedirectURLs.SuccessUrl: value length must be between 1 and 200 runes, inclusive"}```

(cherry picked from commit d90db6693c)
2024-07-22 13:29:06 +02:00
Silvan
93be062d30
refactor(database): exchange connection pool (#8325)
# Which Problems Are Solved

The connection pool of go uses a high amount of database connections.

# How the Problems Are Solved

The standard lib connection pool was replaced by `pgxpool.Pool`

# Additional Changes

The `db.BeginTx`-spans are removed because they cause to much noise in
the traces.

# Additional Context

- part of https://github.com/zitadel/zitadel/issues/7639

(cherry picked from commit 99c645cc60)
2024-07-22 13:28:57 +02:00
Livio Spring
d85af6ad9f
fix: correctly differ between grpc and grpc-web (#8292)
# Which Problems Are Solved

While #8285 also checked for `+proto` and `+json` grpc content types, it
accidentally matched all grpc-web requests to grpc.

# How the Problems Are Solved

- fixed the regex by checking for an exact match (added start `^` and
end `$` anchors)

# Additional Changes

None

# Additional Context

- relates to #8285

(cherry picked from commit d7c0ec282a)
2024-07-22 13:27:07 +02:00
Silvan
7cb16ef982
fix(api): grpc content type matcher all grpc types (#8285)
# Which Problems Are Solved

ZITADEL returned a 404 Unimplemented error if the client sent
'application/grpc+proto' or 'application/grpc+json' which are both valid
content types.

# How the Problems Are Solved

changed the header matcher to regexp

# Additional Context

Problem occured in
https://github.com/zitadel/typescript/tree/grpc-transport

(cherry picked from commit aa273ad000)
2024-07-22 13:27:06 +02:00
Silvan
99b4fd0bc2
fix(fields): add index to improve search by aggregate (#8267)
# Which Problems Are Solved

During performance testing of the `eventstore.fields` table we found
some long running queries which searched for the aggregate id.

# How the Problems Are Solved

A new index was added to the `eventstore.fields`-table called
`f_aggregate_object_type_idx`.

# Additional Changes

None

# Additional Context

- Table was added in https://github.com/zitadel/zitadel/pull/8191
- Part of https://github.com/zitadel/zitadel/issues/7639

(cherry picked from commit 23bebc7e30)
2024-07-22 13:26:49 +02:00
Zach H
e009ed9fe4
fix: always use pgxpool config if MaxOpenConns isn't set (#8328)
# Which Problems Are Solved

- `pgxpool -> pgx` dependency throws "MaxSize must be >= 1" on init if
`postgres.MaxOpenConns` isn't set in the ZItadel config

# How the Problems Are Solved

Only override the `MaxConns` with the Zitadel configured `MaxOpenConns`
if greater than 0 (default value). The default `MaxConns` [is derived by
`pgxpool`](ea9610f672/pgxpool/pool.go (L309-L324))
itself in a sensible way, but somewhat undocumented: checks for explicit
config in connection url or config and falls back on max(num_cpus, 4).

# Additional Changes

Applied same check in cockroach config 

# Additional Context

This is likely a regression from the changes in
https://github.com/zitadel/zitadel/pull/8325
2024-07-22 05:29:20 +00:00
Harsha Reddy
d90db6693c
fix: update IDP Success and Failure URLs to accept up to 2048 characters (#8327)
# Which Problems Are Solved

The success and failure URLs post IDP intent are limited to 200
characters. This is very low given the standard for URL lengths is much
higher
https://www.baeldung.com/cs/max-url-length#maximum-length-of-a-url-in-different-browsers


Name of the Browser | URL Length
-- | --
Google Chrome | Maximum of 2048 characters for a URL
Mozilla Firefox | The address bar no longer shows the URL after 65536
characters
Internet Explorer | Maximum length of the URL is 2083 characters
Safari | Supports up to 80000 characters for a URL
Opera | Can display up to 190000 characters in its address bar
Apache | Supports a maximum of 4000 characters



The user post SSO login w/ Zitadel, sees deep links to out app e.g.
`www.mycompany.com/idp/success?deeplink=app/mypage/id/test#thing=abcdef`
and these are usually greater than 200 characters.

# How the Problems Are Solved

Replace this example text with a concise list of changes that this PR
introduces.
- Update validation check for SuccessURL length on v2 and v3 APIs to a
max of 2048 characters
- Update validation check for FailureURL length on v2 and v3 APIs to a
max of 2048 characters

I didn't find any docs t update reflecting this change in length

# Additional Context
Fixes the error

```<PreparedRequest [POST]>, status: 400, reason: Bad Request, response: {"code":3,"message":"invalid StartIdentityProviderIntentRequest.Urls: embedded message failed validation | caused by: invalid RedirectURLs.SuccessUrl: value length must be between 1 and 200 runes, inclusive"}```
2024-07-19 12:27:28 +00:00
Silvan
0ea3c5691f
fix(mirror): read config correctly (#8330)
# Which Problems Are Solved

The mirror command read the configurations in the wrong order

# How the Problems Are Solved

The Pre execution run of `mirror` reads the default config first and
then applies the custom configs
2024-07-18 14:00:58 +00:00
Miguel Cabrerizo
b3a60863f5
feat(console): replace secret generator dialogs with cards (#8307) 2024-07-18 05:33:10 +00:00
Silvan
99c645cc60
refactor(database): exchange connection pool (#8325)
# Which Problems Are Solved

The connection pool of go uses a high amount of database connections.

# How the Problems Are Solved

The standard lib connection pool was replaced by `pgxpool.Pool`

# Additional Changes

The `db.BeginTx`-spans are removed because they cause to much noise in
the traces.

# Additional Context

- part of https://github.com/zitadel/zitadel/issues/7639
2024-07-17 15:16:02 +00:00
Elio Bischof
d95c9508a3
chore(lint): print error locations (#8246)
# Which Problems Are Solved

If golangci-lint fails, it is hard to find out how to fix it.

# How the Problems Are Solved

The official GitHub action for golangci-lint is upgraded from v4 to
[v6](https://github.com/golangci/golangci-lint-action/releases/tag/v6.0.1).

## Before Upgrade

![image](https://github.com/zitadel/zitadel/assets/12727842/d25bcb0d-5e86-4f8d-92e9-f24e53319062)

## After Upgrade

![image](https://github.com/zitadel/zitadel/assets/12727842/91c6c9ff-832b-49f5-ba92-ff835d8179c0)

# Additional Changes

Removes the config properties `skip-pkg-cache` and `skip-build-cache` as
support was removed with
[v5](https://github.com/golangci/golangci-lint-action/releases/tag/v5.0.0).

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-07-17 07:20:45 +00:00
Silvan
6c1df83071
chore: set defaults for fields projections (#8311)
# Which Problems Are Solved

Bigger systems need to process many events during the initialisation
phase of the `eventstore.fields`-table. During setup these calls can
time out.

# How the Problems Are Solved

Changed the default behaviour of these projections to not time out and
increased the bulk limit.
2024-07-17 05:23:29 +00:00
Livio Spring
07b2bac463
fix: allow login with user created through v2 api without password (#8291)
# Which Problems Are Solved

User created through the User V2 API without any authentication method
and possibly unverified email address was not able to login through the
current hosted login UI.

An unverified email address would result in a mail verification and not
an initialization mail like it would with the management API. Also the
login UI would then require the user to enter the init code, which the
user never received.

# How the Problems Are Solved

- When verifying the email through the login UI, it will check for
existing auth methods (password, IdP, passkeys). In case there are none,
the user will be prompted to set a password.
- When a user was created through the V2 API with a verified email and
no auth method, the user will be prompted to set a password in the login
UI.
- Since setting a password requires a corresponding code, the code will
be generated and sent when login in.

# Additional Changes

- Changed `RequestSetPassword` to get the codeGenerator from the
eventstore instead of getting it from query.

# Additional Context

- closes https://github.com/zitadel/zitadel/issues/6600
- closes https://github.com/zitadel/zitadel/issues/8235

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-07-17 06:43:07 +02:00
Livio Spring
e126ccc9aa
feat(IDP): use single callback endpoint (#8295)
# Which Problems Are Solved

Both the login UI and the IdP intent flow have their own IdP callback
endpoints.

This makes configuration hard to impossible (e.g. Github only allows one
endpoint) for customers.

# How the Problems Are Solved

- The login UI prefixes the `state` parameter when creating an auth /
SAML request.
- All requests now use the `/idp/callback` or the corresponding
variation (e.g. SAML)
- On callback, the state, resp. its prefix is checked. In case of the
login UI prefix, the request will be forwarded to the existing login UI
handler without the prefix state.
Existing setups will therefore not be affected and also requests started
before this release can be handled without any impact.
- Console only lists the "new" endpoint(s). Any
`/login/externalidp/callback` is removed.

# Additional Changes

- Cleaned up some images  from the IdP documentation.
- fix the error handling in `handleExternalNotFoundOptionCheck`

# Additional Context

- closes #8236
2024-07-16 13:58:22 +00:00
Stefan Benz
19561a092c
fix: add OrgIDQuery to the queries for organizations (#8312)
# Which Problems Are Solved

ListOrgs has no option to select for organizations specific to Ids.

# How the Problems Are Solved

Add OrgIDQuery to ListOrgs.

# Additional Changes

Clean up double mapping for the OrgQueries.

# Additional Context

- noted internally while checking performance issues (in Console)
2024-07-16 13:12:19 +00:00
Fabi
3d45c5dee5
fix: fix wrong translation (#8309)
# Which Problems Are Solved

In the console a wrong translation is shown for the password re auth
time, it is shown that it is the time after which users have to renew
their password, but it is the time, after which they have to
authenticate again with their password

# How the Problems Are Solved

Translations are changed in all languages

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-16 11:15:10 +00:00
Norman-Lee
1e3b350042
feat(cmd): Added machine ID mode to zitadel start up logs (#8251)
# Which Problems Are Solved

Logs the type of sonyflake strategy used for generating unique machine
IDs

# How the Problems Are Solved

- Created function to log machine id strategy on the start up logs

# Additional Changes
- Added public function for retrieving current strategy set by
configuration

# Additional Context
- Closes #7750
2024-07-16 09:53:57 +00:00
borisroman
7d0c7e5b54
feat: allow machine user id to be set during creation (#8265)
# Which Problems Are Solved
Solves the problem described in #8264.

# How the Problems Are Solved

Added a UserID field which can be set during Machine User creation.

# Additional Changes

Added addition unit and integration tests to cover the cases where a
UserID field is present.

# Additional Context

- Closes #8264

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-07-16 09:27:37 +02:00
Miguel Cabrerizo
832a55a78e
feat(console): note about function names must match in action dialog (#8294)
# Which Problems Are Solved

- A note should be added to the ZITADEL management console showing that
the name and function in the javascript have to be the same

# How the Problems Are Solved

- A new cnsl-info-section is added to the create/update action dialog

# Additional Context

Here's a screenshot showing the note:

![Captura desde 2024-07-12
13-08-35](https://github.com/user-attachments/assets/62de5491-1895-4101-8bcf-1c8433661fd2)

- Closes #7874

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-07-15 15:16:36 +00:00
Max Peintner
9d29098aa6
fix(console): identity provider title layout (#8302)
# Which Problems Are Solved

Fixes the alignment of the identity provider layouts

<img width="432" alt="Screenshot 2024-07-15 at 08 42 21"
src="https://github.com/user-attachments/assets/c45e4226-fc7e-4b5e-a25b-164bd31864c5">

# Context

- noted internally while implementing
https://github.com/zitadel/zitadel/pull/8295

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-15 11:25:59 +00:00
Silvan
8dd21a7292
chore(stable): update to v2.51.4 (#8304)
# Which Problems Are Solved

Update stable to next minor version.
2024-07-15 13:03:51 +02:00
Miguel Cabrerizo
ffe73645e8
fix(console): missing styles for ProfilePictureComponent dialog (#8293)
# Which Problems Are Solved

- The UI layout is broken in Upload your Profile Picture

# How the Problems Are Solved

- MatDialog module was missing

# Additional Context

Here's a screenshot showing the fix

![Captura desde 2024-07-12
12-18-43](https://github.com/user-attachments/assets/7a01fa0e-3e89-4679-9606-085610f5adfe)

- Closes #8284

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-07-15 09:31:46 +00:00
Zhang Zhe
8afdcd99c6
fix: Correct misspelling in zh.yaml file (#8299)
# Which Problems Are Solved

- Corrected a typo in the file
`internal/api/ui/login/static/i18n/zh.yaml` where "Migrosoft" was
changed to "Microsoft".

# How the Problems Are Solved

- Updated the misspelled word "Migrosoft" to "Microsoft" for consistency
and accuracy.

# Additional Changes

- None

# Additional Context

- None
2024-07-15 10:13:55 +02:00
Livio Spring
d7c0ec282a
fix: correctly differ between grpc and grpc-web (#8292)
# Which Problems Are Solved

While #8285 also checked for `+proto` and `+json` grpc content types, it
accidentally matched all grpc-web requests to grpc.

# How the Problems Are Solved

- fixed the regex by checking for an exact match (added start `^` and
end `$` anchors)

# Additional Changes

None

# Additional Context

- relates to #8285
2024-07-12 11:54:02 +02:00
Silvan
aa273ad000
fix(api): grpc content type matcher all grpc types (#8285)
# Which Problems Are Solved

ZITADEL returned a 404 Unimplemented error if the client sent
'application/grpc+proto' or 'application/grpc+json' which are both valid
content types.

# How the Problems Are Solved

changed the header matcher to regexp

# Additional Context

Problem occured in
https://github.com/zitadel/typescript/tree/grpc-transport
2024-07-11 13:22:01 +00:00
Fabi
86c124955d
fix: multiple docs issues (#8244)
# Which Problems Are Solved

- `<details>` tag is rendered in some cases in the docs, instead of
rendering a detail section which can be expanded
- New API V2 and V3 services where not rendered correctly
- The plugin which made it possible to integrate external code files and
show them on the docs didn't work anymore

# How the Problems Are Solved

- remove / from details tag, so it is properly rendered
- changing link source from tag to auto
- Someone already forked the repository and made it available for
docusaurus v3, we integrated the forked version

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-07-11 07:54:04 +02:00
Stefan Benz
fb2d4545b9
fix: add details to ListUsers for user results (#8255)
# Which Problems Are Solved

In User v2 API, the ListUsers endpoint doesn't provide the information
to which organization the user belongs to.

# How the Problems Are Solved

Add the details to the user results from the ListUsers endpoint, so that
the OrgID is also included as ResourceOwner.

# Additional Changes
 
None

# Additional Context

Closes #8172
2024-07-10 17:49:35 +02:00
Stefan Benz
19a8ab02ad
fix: add missing totp remove endpoint in user v2 API (#8256)
# Which Problems Are Solved

TOTP remove endpoint available in management API, not in user v2 API.

# How the Problems Are Solved

Add endpoint RemoveTOTP to user v2 API.

# Additional Changes

None

# Additional Context

close #6605

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-10 12:31:28 +00:00
adlerhurst
c57dfa43b1 Merge branch 'next-rc' into next 2024-07-10 13:46:33 +02:00
Silvan
82d950019f
test: add load test for session creation (#8088)
# Which Problems Are Solved

Extends load tests by testing session creation.

# How the Problems Are Solved

The test creates a session including a check for user id.

# Additional Context

- part of https://github.com/zitadel/zitadel/issues/7639
2024-07-09 15:16:50 +00:00
Silvan
23bebc7e30
fix(fields): add index to improve search by aggregate (#8267)
# Which Problems Are Solved

During performance testing of the `eventstore.fields` table we found
some long running queries which searched for the aggregate id.

# How the Problems Are Solved

A new index was added to the `eventstore.fields`-table called
`f_aggregate_object_type_idx`.

# Additional Changes

None

# Additional Context

- Table was added in https://github.com/zitadel/zitadel/pull/8191
- Part of https://github.com/zitadel/zitadel/issues/7639
2024-07-08 15:54:19 +00:00
Dakshitha Ratnayake
ab7c484157
docs: Add the SAML intro docs (#8112)
Please refer to this issue for more information:
https://github.com/zitadel/zitadel/issues/7436
2024-07-08 11:11:09 +00:00
Mario Andrija Balug
6cd467d773
docs: note audience scope for service user (#8252)
# Which Problems Are Solved
- It is not possible to introspect service user token if
`urn:zitadel:iam:org:project🆔{projectid}:aud` scope is not added in
token request.
- Adding this note to the document could reduce confusion and debugging
time
-
https://discord.com/channels/927474939156643850/1168857403945660436/1168930850029707386

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-07-08 06:03:30 +00:00
adlerhurst
7a552bd495 Merge branch 'main' into next-rc 2024-07-05 10:17:43 +02:00
Silvan
5ca8ad2075
fix(eventstore): early return if no events in field handler (#8254)
# Which Problems Are Solved

Fixes a panic which can occur if there are no events to reduce in the fields handler

# How the Problems Are Solved

Check if there are any events to reduce

# Additional Context

- Panic was added in https://github.com/zitadel/zitadel/pull/8191
2024-07-05 10:16:12 +02:00
Tim Möhlmann
7967e6f98b
perf(import): optimize search for domains claimed by other organizations (#8200)
# Which Problems Are Solved

Improve the performance of human imports by optimizing the query that
finds domains claimed by other organizations.

# How the Problems Are Solved

Use the fields search table introduced in
https://github.com/zitadel/zitadel/pull/8191 by storing each
organization domain as Object ID and the verified status as field value.

# Additional Changes

- Feature flag for this optimization

# Additional Context

- Performance improvements for import are evaluated and acted upon
internally at the moment

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2024-07-05 09:36:00 +02:00