209 Commits

Author SHA1 Message Date
Livio Spring
3c8640fbfd
fix: rename (t)otp to code in session checks (#6455)
* fix: rename (t)otp to code in session checks

* update integration tests

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-08-31 07:06:50 +00:00
Livio Spring
e17b49e4ca
feat: add apple as idp (#6442)
* feat: manage apple idp

* handle apple idp callback

* add tests for provider

* basic console implementation

* implement flow for login UI and add logos / styling

* tests

* cleanup

* add upload button

* begin i18n

* apple logo positioning, file upload component

* fix add apple instance idp

* add missing apple logos for login

* update to go 1.21

* fix slice compare

* revert permission changes

* concrete error messages

* translate login apple logo -y-2px

* change form parsing

* sign in button

* fix tests

* lint console

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-08-31 08:39:16 +02:00
Livio Spring
0d94947d3c
fix: rest path for StartIdentityProviderIntent (#6447) 2023-08-30 10:42:24 +02:00
Miguel Cabrerizo
fd00ac533a
feat: add reply-to header in email notification (#6393)
* feat: add reply-to header to smtp messages

* fix: grpc reply_to_address min 0 and js var name

* fix: add missing translations

* fix merge and linting

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-29 09:08:24 +02:00
Livio Spring
bb40e173bd
feat(api): add otp (sms and email) checks in session api (#6422)
* feat: add otp (sms and email) checks in session api

* implement sending

* fix tests

* add tests

* add integration tests

* fix merge main and add tests

* put default OTP Email url into config

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-08-24 09:41:52 +00:00
Elio Bischof
29fa3d417c
feat(console): enable ID token mapping for generic OIDC provider (#6426)
* fix: use IsIdTokenMapping request property

* feat(console): oidc provider id token mapping

* fix scss

* reduce styles

* fix lint

---------

Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-23 12:57:20 +00:00
Fabi
37c527f18e
docs: add auth header to new api docs (#6421) 2023-08-23 09:25:14 +02:00
Livio Spring
a9fb2a6e5c
fix(api): naming cleanup in user and session service (#6379)
* fix(api): rename first and last name to given and family name, intent to idp_intent, remove _ actions

* fix merge

* fully rename intent to idp intent in api

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-08-22 10:05:45 +00:00
Stefan Benz
52f68f8db8
feat: add ldap external idp to login api (#5938)
* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: add changes from code review

* fix: remove set intent credentials and handle ldap errors

* fix: remove set intent credentials and handle ldap errors

* refactor into separate methods and fix merge

* remove mocks

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-16 11:29:57 +00:00
Tim Möhlmann
0017542aa2
feat(api/v2): implement TOTP session check (#6362)
* feat(api/v2): implement TOTP session check

* add integration test

* correct typo in projection test

* fix event type typos

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-15 09:50:42 +00:00
Ahmed Fwela
133789fee9
feat: get multiple users by id (#6210)
* feat: introduce InTextQuery, and the ability to get multiple users by id

* added in query tests

* remove append call

* fix lints
2023-08-12 15:37:42 +02:00
Tim Möhlmann
86af67d1be
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00
Livio Spring
372755bddd
feat(api): add organisation service (#6340)
* setup org with multiple admins

* tests

* add missing proto

* remove machine users (for now)

* update tests with idp case

* fix package

* organisation -> organization

* fix test
2023-08-11 14:19:14 +00:00
Elio Bischof
343a9428b3
feat: SMS and email OTP texts (#6281)
* manage 2 custom texts proto

* implement methods

* default texts

* console

* improve translations

* lint

* test: fix e2e timeout

* fix translations

* add missing console translations

* remove unused text parts

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-09 05:49:12 +00:00
Stefan Benz
ef012d0081
feat: user v2 phone verification (#6309)
* feat: add phone change and code verification for user v2 api

* feat: add phone change and code verification for user v2 api

* fix: add ignored phone.proto

* fix: integration tests

* Update proto/zitadel/user/v2alpha/user_service.proto

* Update idp_template.go

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-03 06:42:59 +02:00
Livio Spring
a1942ecdaa
feat(api): add and remove OTP (SMS and email) (#6295)
* refactor: rename otp to totp

* feat: add otp sms and email

* implement tests
2023-08-02 18:57:53 +02:00
Elio Bischof
31ec1d83b9
feat: enable otp email and sms (#6260)
* feat: enable otp email and sms

* feat: enable otp factors in login settings

* remove tests without value

* translate second factors

* don't add new factors yet

* add comment

* add factors to docs

* backward compatible settings api

* compile tests

* add available 2fa types

* test: add mapping tests

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-28 07:39:30 +02:00
Livio Spring
2fe76acd14
feat: add secret generators for OTP (#6262)
This PR adds configuration options for OTP codes through Admin API.
2023-07-26 11:00:41 +00:00
Elio Bischof
4656020ea6
docs: fix add instance domain description (#6267) 2023-07-25 11:54:22 +00:00
Fabi
07ef9af513
fix: api docs (#6229)
Co-authored-by: Florian Forster <florian@zitadel.com>
2023-07-20 06:59:06 +00:00
Livio Spring
fed15574f6
feat: allow to force MFA local only (#6234)
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00
Silvan
1c354ca977
ci: improve performance (#5953)
* pipeline runs on ubuntu instead of docker
* added Makefile to build zitadel core (backend) and console (frontend)
* pipeline runs in parallel where possible
* pipeline is split into multiple jobs
* removed goreleaser
* added command to check if zitadel instance is running
2023-07-17 10:08:20 +02:00
Livio Spring
80961125a7
feat(API): support V2 token and session token usage (#6180)
This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
2023-07-14 11:16:16 +00:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing (#6196)
* feat: use passwap for human user passwords

* fix tests

* passwap config

* add the event mapper

* cleanup query side and api

* solve linting errors

* regression test

* try to fix linter errors again

* pass systemdefaults into externalConfigChange migration

* fix: user password set in auth view

* pin passwap v0.2.0

* v2: validate hashed password hash based on prefix

* resolve remaining comments

* add error tag and translation for unsupported hash encoding

* fix unit test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-07-14 09:49:57 +03:00
Livio Spring
14b8cf4894
feat(api): add OIDC session service (#6157)
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.


Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-07-10 13:27:00 +00:00
mffap
be1fe36776
fix: management proto delete machine key (#6179) 2023-07-10 12:50:17 +00:00
Fabi
5182cb3ce3
fix: rename to given and family name (#6152)
* fix: rename to given and family name

* fix: rename to given and family name

* fix: rename to given and family name
2023-07-07 13:13:45 +00:00
Fabi
5f5f1558d0
fix: Fix OIDC example (#6138)
* fix: oidc app additional origins example

* fix: oidc app additional origins example
2023-07-07 12:21:02 +00:00
Fabi
376d8e78b8
docs: Password reset (#6108)
* docs: add password reset to login ui guide

* docs: add password reset to login ui guide

* Update proto/zitadel/user/v2alpha/user_service.proto

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/password-reset.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/password-reset.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/password-reset.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* docs: replace image

* docs: replace vars in urls

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-28 13:52:53 +02:00
Livio Spring
bd5defa96a
fix: provide domain in session, passkey and u2f (#6097)
This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.
2023-06-27 14:36:07 +02:00
Tim Möhlmann
56e33ce1a7 fix: rename OTP to TOTP in v2 alpha user api
This change renames the v2 user OTP registration endpoints and objects
to TOTP.
Also the v2 related code paths have been renamed to TOTP.

This change was discussed during the sprint review.
2023-06-22 12:06:32 +02:00
Stefan Benz
1b5d6ce89e
feat: session checks with intent (#6031)
* feat: session checks with intent

* feat: session checks with intent

* fix: integration tests for intent session

* fix: integration tests for intent session

* fix merge

* fix: integration tests for intent session

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-06-21 14:06:18 +00:00
Livio Spring
7046194530
feat(api): list authentication method types in user api v2 (#6058) 2023-06-20 16:23:28 +00:00
Livio Spring
82e7333169
feat(api): add password reset and change to user service (#6036)
* feat(api): add password reset and change to user service

* integration tests

* invalidate password check after password change

* handle notification type

* fix proto
2023-06-20 17:34:06 +02:00
Livio Spring
1017568cf1
fix: provide more information in the retrieve idp information (#5927)
* fix: provide more information in the retrieve idp information

* change raw_information to proto struct

* change unmarshal

* improve description
2023-06-20 14:39:50 +02:00
Tim Möhlmann
83da9cada7
fix(v2): typo in register u2f endpoint summary (#6059)
Co-authored-by: Fabi <fabienne@zitadel.com>
2023-06-20 11:06:57 +00:00
Tim Möhlmann
5693e40930
chore(v2): user register factors proto definitions (#6017)
* chore(v2): user register factors proto definitions
* use uri
2023-06-12 13:24:51 +00:00
Stefan Benz
5562ee94a6
feat: migrate external idp to other types (#5984)
* feat: migrate instance oidc to azureAD

* feat: migrate instance oidc to azureAD

* feat: migrate org oidc to azureAD

* feat: migrate oidc to google

* fix: correct idp writemodels

* fix: review changes
2023-06-08 00:50:53 +02:00
Tim Möhlmann
f456168a74
feat: session v2 passkey authentication (#5952) 2023-06-07 17:28:42 +02:00
Stefan Benz
fa8f191812
feat: v2alpha user service idp endpoints (#5879)
* feat: v2alpha user service idp endpoints

* feat: v2alpha user service intent endpoints

* begin idp intents (callback)

* some cleanup

* runnable idp authentication

* cleanup

* proto cleanup

* retrieve idp info

* improve success and failure handling

* some unit tests

* grpc unit tests

* add permission check AddUserIDPLink

* feat: v2alpha intent writemodel refactoring

* feat: v2alpha intent writemodel refactoring

* feat: v2alpha intent writemodel refactoring

* provider from write model

* fix idp type model and add integration tests

* proto cleanup

* fix integration test

* add missing import

* add more integration tests

* auth url test

* feat: v2alpha intent writemodel refactoring

* remove unused functions

* check token on RetrieveIdentityProviderInformation

* feat: v2alpha intent writemodel refactoring

* fix TestServer_RetrieveIdentityProviderInformation

* fix test

* i18n and linting

* feat: v2alpha intent review changes

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-24 18:29:58 +00:00
Tim Möhlmann
a301c40f9f
feat: implement register Passkey user API v2 (#5873)
* command/crypto: DRY the code

- reuse the the algorithm switch to create a secret generator
- add a verifyCryptoCode function

* command: crypto code tests

* migrate webauthn package

* finish integration tests with webauthn mock client
2023-05-24 10:22:00 +00:00
Stefan Benz
80815e89cf
chore(api): proto definition of passkeys endpoints (user service) (#5864)
* feat: first proto definition of passkeys endpoints

* improve passkeys requests

* fix: some renaming of passkey endpoint attributes

* change to post methods

* improve passkeys requests

* add code id and make codes optional

* fix: some documentation for passkeys endpoints

* drop code from VerifyPasskeyRegistrationRequest

not needed, as disccussed

* put code_id and code in a nested object

* add passkey_id to RegisterPasskeyResponse

* improve description

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-17 07:06:11 +00:00
kotoriのねこ
a21d184790
docs(nginx): fix nginx directory, system api proto description (#5809)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-05-15 07:23:56 +00:00
Stefan Benz
8d13f170e8
feat(api): new settings service (#5775)
* feat: add v2alpha policies service

* feat: add v2alpha policies service

* fix: rename of attributes and messages in v2alpha api

* fix: rename of attributes and messages in v2alpha api

* fix: linter corrections

* fix: review corrections

* fix: review corrections

* fix: review corrections

* fix: review corrections

* fix grpc

* refactor: rename to settings and more

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

* add service to docs and rename legal settings

* unit tests for converters

* go mod tidy

* ensure idp name and return list details

* fix: use correct resource owner for active idps

* change query to join

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-11 09:23:40 +00:00
Livio Spring
c2cb84cd24
feat(api): new session service (#5801)
* backup new protoc plugin

* backup

* session

* backup

* initial implementation

* change to specific events

* implement tests

* cleanup

* refactor: use new protoc plugin for api v2

* change package

* simplify code

* cleanup

* cleanup

* fix merge

* start queries

* fix tests

* improve returned values

* add token to projection

* tests

* test db map

* update query

* permission checks

* fix tests and linting

* rework token creation

* i18n

* refactor token check and fix tests

* session to PB test

* request to query tests

* cleanup proto

* test user check

* add comment

* simplify database map type

* Update docs/docs/guides/integrate/access-zitadel-system-api.md

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* fix test

* cleanup

* docs

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-05-05 15:34:53 +00:00
Livio Spring
f1534c0c4c
refactor: use new protoc plugin for api v2 (#5798)
* refactor: use new protoc plugin for api v2

* simplify code
2023-05-04 08:50:19 +00:00
Livio Spring
e4a4b7cfbe
feat(api): add user creation to user service (#5745)
* chore(proto): update versions

* change protoc plugin

* some cleanups

* define api for setting emails in new api

* implement user.SetEmail

* move SetEmail buisiness logic into command

* resuse newCryptoCode

* command: add ChangeEmail unit tests

Not complete, was not able to mock the generator.

* Revert "resuse newCryptoCode"

This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65.

* undo change to crypto code generators

* command: use a generator so we can test properly

* command: reorganise ChangeEmail

improve test coverage

* implement VerifyEmail

including unit tests

* add URL template tests

* begin user creation

* change protos

* implement metadata and move context

* merge commands

* proto: change context to object

* remove old auth option

* remove old auth option

* fix linting errors

run gci on modified files

* add permission checks and fix some errors

* comments

* comments

* update email requests

* rename proto requests

* cleanup and docs

* simplify

* simplify

* fix setup

* remove unused proto messages / fields

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-04-26 07:47:57 +02:00
Silvan
095ec21678
feat: user v2alpha email API (#5708)
* chore(proto): update versions

* change protoc plugin

* some cleanups

* define api for setting emails in new api

* implement user.SetEmail

* move SetEmail buisiness logic into command

* resuse newCryptoCode

* command: add ChangeEmail unit tests

Not complete, was not able to mock the generator.

* Revert "resuse newCryptoCode"

This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65.

* undo change to crypto code generators

* command: use a generator so we can test properly

* command: reorganise ChangeEmail

improve test coverage

* implement VerifyEmail

including unit tests

* add URL template tests

* proto: change context to object

* remove old auth option

* remove old auth option

* fix linting errors

run gci on modified files

* add permission checks and fix some errors

* comments

* comments

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-04-25 09:02:29 +02:00
Tim Möhlmann
5819924275
feat: device authorization RFC 8628 (#5646)
* device auth: implement the write events

* add grant type device code

* fix(init): check if default value implements stringer

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-19 08:46:02 +00:00
Fabi
d306e8219f
docs: identity provider docs (#5565)
* docs: add github identity provider

* docs: add github identity provider

* docs: add github identity provider

* docs: github identity provider

* docs: google provider

* docs: google provider

* docs: gitlab identity provider

* docs: gitlab identity provider

* docs: general information identity providers

* docs: general information identity providers

* docs: add ldap and openldap identity provider docs

* docs: azure ad

* docs: azure ad

* docs: rename attribute for azure ad

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* docs: general config in one file

* docs: add ldap and openldap identity provider docs

* docs: general describtion add missing providers

* docs: typos and rewriting

* Update docs/docs/guides/integrate/identity-providers/gitlab.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* docs: add api idp docs

* docs: reuse idp content (#5656)

* docs: reuse idp content

* docs: generalize prefill action

* docs: eliminate prerequisites

* Update docs/docs/guides/integrate/identity-providers/github.mdx

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

* replace zitadel google login

* outdent optional action

---------

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-04-12 09:42:40 +02:00