245 Commits

Author SHA1 Message Date
Elio Bischof
ed0bc39ea4
feat: block instances (#7129)
* docs: fix init description typos

* feat: block instances using limits

* translate

* unit tests

* fix translations

* redirect /ui/login

* fix http interceptor

* cleanup

* fix http interceptor

* fix: delete cookies on gateway 200

* add integration tests

* add command test

* docs

* fix integration tests

* add bulk api and integration test

* optimize bulk set limits

* unit test bulk limits

* fix broken link

* fix assets middleware

* fix broken link

* validate instance id format

* Update internal/eventstore/search_query.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* remove support for owner bulk limit commands

* project limits to instances

* migrate instances projection

* Revert "migrate instances projection"

This reverts commit 214218732a56e6df823beac1972adfcf8beeded5.

* join limits, remove owner

* remove todo

* use optional bool

* normally validate instance ids

* use 302

* cleanup

* cleanup

* Update internal/api/grpc/system/limits_converter.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

* remove owner

* remove owner from reset

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-01-17 10:16:48 +00:00
Stefan Benz
d9d376a275
feat: user v2 service query (#7095)
* feat: add query endpoints for user v2 api

* fix: correct integration tests

* fix: correct linting

* fix: correct linting

* fix: comment out permission check on user get and list

* fix: permission check on user v2 query

* fix: merge back origin/main

* fix: add search query in user emails

* fix: reset count for SearchUser if users are removed due to permissions

* fix: reset count for SearchUser if users are removed due to permissions

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-01-17 10:00:10 +01:00
Miguel Cabrerizo
17153b694e
feat: search users by list of emails (users/_search) (#6983)
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-01-08 18:45:54 +01:00
Stefan Benz
a0a82b59e1
feat: user service v2 create, update and remove (#6996)
* feat: user service v2 remove user

* feat: user service v2 add user human

* feat: user service v2 change user human

* feat: user service v2 change user human unit tests

* feat: user service v2 reactivate, deactivate, lock, unlock user

* feat: user service v2 integration tests

* fix: merge back origin/main

* lint: linter corrections

* fix: move permission check for isVerfied and password change

* fix: add deprecated notices and other review comments

* fix: consistent naming in proto

* fix: errors package renaming

* fix: remove / delete user renaming in integration test

* fix: machine user status changes through user v2 api

* fix: linting changes

* fix: linting changes

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

* fix: changes from review

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-12-21 10:03:37 +01:00
Elio Bischof
9da4abd459
feat: add time range events filter (#7005)
* feat(console): add time range events filter

* deprecate creation_date, use oneof filter

* use range or from

* implement api

* fix timestamp format

* translate

* styles

* lint

* integration tests

* fix until date

* rearrange sorting control

* sort creation date

* fix events e2e test

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/app/modules/filter-events/filter-events.component.html

Co-authored-by: Max Peintner <max@caos.ch>

* lint

* lint

* don't use utc call time

---------

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-12-07 10:15:53 +00:00
Elio Bischof
8c85318fbd
fix: restrict languages in console (#6964)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* fix(console): switch back to saved language

* feat(API): get allowed languages

* fix(console): only make allowed languages selectable

* warn when editing not allowed languages

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* allow unsupported preferred languages

* lint

* load languages for tests

* cleanup

* lint

* cleanup

* get allowed only on admin

* cleanup

* reduce flakiness on very limited postgres

* simplify langSvc

* refactor according to suggestions in pr

* lint

* set first allowed language as default

* selectionchange for language in msg texts

* initialize login texts

* init message texts

* lint

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-12-07 08:43:23 +00:00
Elio Bischof
dd33538c0a
feat: restrict languages (#6931)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
2023-12-05 11:12:01 +00:00
Livio Spring
236930f109
docs(api): add session lifetime format for REST calls (#7019) 2023-12-05 10:25:52 +01:00
Tim Möhlmann
2de7ce99c5
chore(docs): improve on password hashing (#6951) 2023-11-22 10:29:06 +00:00
Elio Bischof
76fe032b5f
feat: option to disallow public org registration (#6917)
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* lint
2023-11-22 09:29:38 +00:00
Livio Spring
2e8c3b5a53
feat: allow session deletion without session token (#6889)
* fix: add resource owner of user and change the one of session to instance

* use user resource owner from session projection

* fix session permission check

* integration tests and fixes

* update api docs
2023-11-16 07:35:50 +01:00
Ahmed Fwela
3f22fb3a5c
feat(user/v1): support composite queries (#6361)
* feat(user/v1): support composite queries

* fix: added proper error handling for NotQuery

* Added error when there are too many levels of nesting

* Add localization keys for english

* Update internal/api/grpc/user/query.go
2023-11-09 11:38:34 +01:00
sp132
9a708b1b78
feat: extend session search service (#6746)
* feat: extend session search service (#6029)

add two more searching criteria - human user id and session creation date

optional sorting by the session creation date

* fix: use correct column identifier

* fix: implement Col()

* chore: fix unit tests

* chore: fix linter warnings

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-11-08 11:32:13 +01:00
Livio Spring
f3b8a3aece
feat: add possibility to set an expiration to a session (#6851)
* add lifetime to session api

* extend session with lifetime

* check session token expiration

* fix typo

* integration test to check session token expiration

* integration test to check session token expiration

* i18n

* cleanup

* improve tests

* prevent negative lifetime

* fix error message

* fix lifetime check
2023-11-06 10:48:28 +01:00
Elio Bischof
1b6e3dcf27
fix: creation date argument in search events filters (#6855)
* fix: creation date filter in event queries

* fix: creation date with ordering filter

* simplify code

* simplify review

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-11-03 14:52:48 +00:00
Stefan Benz
cb7b50b513
feat: add attribute to only enable specific themes (#6798)
* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* feat: enable only specific themes in label policy

* add management in console

* pass enabledTheme

* render login ui based on enabled theme

* add in branding / settings service and name consistently

* update console to latest proto state

* fix console linting

* fix linting

* cleanup

* add translations

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-10-26 05:54:09 +00:00
Tim Möhlmann
ad26ca88d7
feat(system api): list instances by domains (#6806)
Allow to list instances by their domains on the system API.

closes #6785
2023-10-25 19:20:12 +00:00
Elio Bischof
4980cd6a0c
feat: add SYSTEM_OWNER role (#6765)
* define roles and permissions

* support system user memberships

* don't limit system users

* cleanup permissions

* restrict memberships to aggregates

* default to SYSTEM_OWNER

* update unit tests

* test: system user token test (#6778)

* update unit tests

* refactor: make authz testable

* move session constants

* cleanup

* comment

* comment

* decode member type string to enum (#6780)

* decode member type string to enum

* handle all membership types

* decode enums where necessary

* decode member type in steps config

* update system api docs

* add technical advisory

* tweak docs a bit

* comment in comment

* lint

* extract token from Bearer header prefix

* review changes

* fix tests

* fix: add fix for activityhandler

* add isSystemUser

* remove IsSystemUser from activity info

* fix: add fix for activityhandler

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
2023-10-25 15:10:45 +00:00
Elio Bischof
385a55bd21
feat: limit audit trail (#6744)
* feat: enable limiting audit trail

* support AddExclusiveQuery

* fix invalid condition

* register event mappers

* fix NullDuration validity

* test query side for limits

* lint

* acceptance test audit trail limit

* fix acceptance test

* translate limits not found

* update tests

* fix linting

* add audit log retention to default instance

* fix tests

* update docs

* remove todo

* improve test name
2023-10-25 11:42:00 +00:00
Elio Bischof
1c839e308b
perf: query projected milestones for onboarding view (#6760)
* feat: support list milestones api

* show milestones in onboarding view

* add authenticated milestone

* add icon to login milestone

* update main

* lint

* fix import

* fix import

* lint

* reuse proto milestone type mapping
2023-10-25 11:16:34 +00:00
Livio Spring
cb0a0f996e
fix(api): add remove otp sms and email to management api (#6721)
* fix(api): add remove otp sms and email to management api

* fix(console): remove otpsms and otpemail from user

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-10-16 10:49:02 +03:00
Livio Spring
95889cf576
fix(api): use organization instead of organisation (#6720)
* fix(api): use organization instead of organisation

* fix test

* docs: add deprecation notice

* remove validation
2023-10-13 12:37:35 +00:00
Livio Spring
27e03120dc
fix(api): extend client_secret length for generic oauth and oidc providers to 1000 (#6722) 2023-10-13 14:31:39 +03:00
Austin Turner
b24e120c66
fix: typo in verify email default text (#6694)
Fix typo in Verify email default text

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-10-12 15:12:22 +00:00
Tim Möhlmann
c71bf85b7a
feat(api/v2): store user agent details in the session (#6711)
This change adds the ability to set and get user agent data, such as fingerprint, IP, request headers and a description to the session. All fields are optional.

Closes #6028
2023-10-12 12:16:59 +00:00
Livio Spring
827ce8809d
fix: use enum for instance feature in system api (#6682)
* fix: use enum for instance feature in system api

* add feature.proto to lint ignore
2023-10-09 12:33:23 +02:00
Stefan Benz
15fd3045e0
feat: add SAML as identity provider (#6454)
* feat: first implementation for saml sp

* fix: add command side instance and org for saml provider

* fix: add query side instance and org for saml provider

* fix: request handling in event and retrieval of finished intent

* fix: add review changes and integration tests

* fix: add integration tests for saml idp

* fix: correct unit tests with review changes

* fix: add saml session unit test

* fix: add saml session unit test

* fix: add saml session unit test

* fix: changes from review

* fix: changes from review

* fix: proto build error

* fix: proto build error

* fix: proto build error

* fix: proto require metadata oneof

* fix: login with saml provider

* fix: integration test for saml assertion

* lint client.go

* fix json tag

* fix: linting

* fix import

* fix: linting

* fix saml idp query

* fix: linting

* lint: try all issues

* revert linting config

* fix: add regenerate endpoints

* fix: translations

* fix mk.yaml

* ignore acs path for user agent cookie

* fix: add AuthFromProvider test for saml

* fix: integration test for saml retrieve information

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-29 11:26:14 +02:00
Livio Spring
68bfab2fb3
feat(login): use default org for login without provided org context (#6625)
* start feature flags

* base feature events on domain const

* setup default features

* allow setting feature in system api

* allow setting feature in admin api

* set settings in login based on feature

* fix rebasing

* unit tests

* i18n

* update policy after domain discovery

* some changes from review

* check feature and value type

* check feature and value type
2023-09-29 08:21:32 +00:00
Stefan Benz
2823678eb6
fix: add userID to intent responses (#6566)
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-25 05:21:50 +00:00
Elio Bischof
ae1af6bc8c
fix: set quotas (#6597)
* feat: set quotas

* fix: start new period on younger anchor

* cleanup e2e config

* fix set notifications

* lint

* test: fix quota projection tests

* fix add quota tests

* make quota fields nullable

* enable amount 0

* fix initial setup

* create a prerelease

* avoid success comments

* fix quota projection primary key

* Revert "fix quota projection primary key"

This reverts commit e72f4d7fa17d03d36493912168490350a320e04f.

* simplify write model

* fix aggregate id

* avoid push without changes

* test set quota lifecycle

* test set quota mutations

* fix quota unit test

* fix: quotas

* test quota.set event projection

* use SetQuota in integration tests

* fix: release quotas 3

* reset releaserc

* fix comment

* test notification order doesn't matter

* test notification order doesn't matter

* test with unmarshalled events

* test with unmarshalled events
2023-09-22 09:37:16 +00:00
Fabi
7edc73bd5e
fix: Domains problematic (#6564)
* docs: disable validate org domains per default, and have a better label

* docs: rename to $CUSTOM-DOMAIN

* docs: translation

* docs: tranlsations

* docs: tranlsations

* docs: allow domain discovery

---------

Co-authored-by: Max Peintner <max@caos.ch>
2023-09-20 12:45:11 +02:00
Livio Spring
be81570fb5
feat(api): move resource apis to beta (#6530)
Moves UserService, SessionService, SettingsService and OIDCService to beta state. This includes gRPC and HTTP path changes.
2023-09-13 12:43:01 +00:00
Fabi
3c6168d026
fix: increase limit for action scripts (#6520)
fix: increase action limit
2023-09-11 05:26:31 +00:00
Fabi
aca5de8e40
docs: add mfa login docs (u2f, totp, sms, email) (#6456)
* docs: add mfa login docs (u2f, totp)

* docs: add sms otp registration

* docs: add required in the proto docs

* docs: authenticate with sms code

* docs: authenticate with email code

* docs: fix email code part

* docs: add otp email/sms to self service

* docs: secret generator naming

* docs: fix docs

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-08 11:28:40 +00:00
Fabi
8c444a8442
fix: extend message text lengths and change to bytes (#6429)
* fix: extend message text lengths and change to bytes

* fix: change phone message text length

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-07 14:30:14 +00:00
Miguel Cabrerizo
dd80109969
feat: delete organizations (#6083)
* feat: delete organizations

* feat: tests and delete all that depends on org

* fix: grpc delete description

* fix: get back reduce OrgRemovedEvent

* fix: add @muhlemmer review suggestions

* fix: new e2e for add/delete org
2023-09-07 04:54:51 +00:00
Livio Spring
3c8640fbfd
fix: rename (t)otp to code in session checks (#6455)
* fix: rename (t)otp to code in session checks

* update integration tests

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2023-08-31 07:06:50 +00:00
Livio Spring
e17b49e4ca
feat: add apple as idp (#6442)
* feat: manage apple idp

* handle apple idp callback

* add tests for provider

* basic console implementation

* implement flow for login UI and add logos / styling

* tests

* cleanup

* add upload button

* begin i18n

* apple logo positioning, file upload component

* fix add apple instance idp

* add missing apple logos for login

* update to go 1.21

* fix slice compare

* revert permission changes

* concrete error messages

* translate login apple logo -y-2px

* change form parsing

* sign in button

* fix tests

* lint console

---------

Co-authored-by: peintnermax <max@caos.ch>
2023-08-31 08:39:16 +02:00
Livio Spring
0d94947d3c
fix: rest path for StartIdentityProviderIntent (#6447) 2023-08-30 10:42:24 +02:00
Miguel Cabrerizo
fd00ac533a
feat: add reply-to header in email notification (#6393)
* feat: add reply-to header to smtp messages

* fix: grpc reply_to_address min 0 and js var name

* fix: add missing translations

* fix merge and linting

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-29 09:08:24 +02:00
Livio Spring
bb40e173bd
feat(api): add otp (sms and email) checks in session api (#6422)
* feat: add otp (sms and email) checks in session api

* implement sending

* fix tests

* add tests

* add integration tests

* fix merge main and add tests

* put default OTP Email url into config

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-08-24 09:41:52 +00:00
Elio Bischof
29fa3d417c
feat(console): enable ID token mapping for generic OIDC provider (#6426)
* fix: use IsIdTokenMapping request property

* feat(console): oidc provider id token mapping

* fix scss

* reduce styles

* fix lint

---------

Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-23 12:57:20 +00:00
Fabi
37c527f18e
docs: add auth header to new api docs (#6421) 2023-08-23 09:25:14 +02:00
Livio Spring
a9fb2a6e5c
fix(api): naming cleanup in user and session service (#6379)
* fix(api): rename first and last name to given and family name, intent to idp_intent, remove _ actions

* fix merge

* fully rename intent to idp intent in api

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2023-08-22 10:05:45 +00:00
Stefan Benz
52f68f8db8
feat: add ldap external idp to login api (#5938)
* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: handling of ldap login through separate endpoint

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: successful intent for ldap

* fix: add changes from code review

* fix: remove set intent credentials and handle ldap errors

* fix: remove set intent credentials and handle ldap errors

* refactor into separate methods and fix merge

* remove mocks

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-16 11:29:57 +00:00
Tim Möhlmann
0017542aa2
feat(api/v2): implement TOTP session check (#6362)
* feat(api/v2): implement TOTP session check

* add integration test

* correct typo in projection test

* fix event type typos

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-15 09:50:42 +00:00
Ahmed Fwela
133789fee9
feat: get multiple users by id (#6210)
* feat: introduce InTextQuery, and the ability to get multiple users by id

* added in query tests

* remove append call

* fix lints
2023-08-12 15:37:42 +02:00
Tim Möhlmann
86af67d1be
feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00
Livio Spring
372755bddd
feat(api): add organisation service (#6340)
* setup org with multiple admins

* tests

* add missing proto

* remove machine users (for now)

* update tests with idp case

* fix package

* organisation -> organization

* fix test
2023-08-11 14:19:14 +00:00
Elio Bischof
343a9428b3
feat: SMS and email OTP texts (#6281)
* manage 2 custom texts proto

* implement methods

* default texts

* console

* improve translations

* lint

* test: fix e2e timeout

* fix translations

* add missing console translations

* remove unused text parts

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-08-09 05:49:12 +00:00