package command import ( "context" "github.com/zitadel/zitadel/internal/domain" caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/telemetry/tracing" ) func (c *Commands) getDefaultPasswordComplexityPolicy(ctx context.Context) (*domain.PasswordComplexityPolicy, error) { policyWriteModel := NewInstancePasswordComplexityPolicyWriteModel(ctx) err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel) if err != nil { return nil, err } if !policyWriteModel.State.Exists() { return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-M0gsf", "Errors.IAM.PasswordComplexityPolicy.NotFound") } policy := writeModelToPasswordComplexityPolicy(&policyWriteModel.PasswordComplexityPolicyWriteModel) policy.Default = true return policy, nil } func (c *Commands) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { addedPolicy := NewInstancePasswordComplexityPolicyWriteModel(ctx) instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel) events, err := c.addDefaultPasswordComplexityPolicy(ctx, instanceAgg, addedPolicy, policy) if err != nil { return nil, err } pushedEvents, err := c.eventstore.Push(ctx, events) if err != nil { return nil, err } err = AppendAndReduce(addedPolicy, pushedEvents...) if err != nil { return nil, err } return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil } func (c *Commands) addDefaultPasswordComplexityPolicy(ctx context.Context, instanceAgg *eventstore.Aggregate, addedPolicy *InstancePasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) (eventstore.Command, error) { if err := policy.IsValid(); err != nil { return nil, err } err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy) if err != nil { return nil, err } if addedPolicy.State == domain.PolicyStateActive { return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-Lk0dS", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists") } return instance.NewPasswordComplexityPolicyAddedEvent(ctx, instanceAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol), nil } func (c *Commands) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { if err := policy.IsValid(); err != nil { return nil, err } existingPolicy, err := c.defaultPasswordComplexityPolicyWriteModelByID(ctx) if err != nil { return nil, err } if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound") } instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol) if !hasChanged { return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") } pushedEvents, err := c.eventstore.Push(ctx, changedEvent) if err != nil { return nil, err } err = AppendAndReduce(existingPolicy, pushedEvents...) if err != nil { return nil, err } return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil } func (c *Commands) defaultPasswordComplexityPolicyWriteModelByID(ctx context.Context) (policy *InstancePasswordComplexityPolicyWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() writeModel := NewInstancePasswordComplexityPolicyWriteModel(ctx) err = c.eventstore.FilterToQueryReducer(ctx, writeModel) if err != nil { return nil, err } return writeModel, nil }