zitadel/internal/auth/repository
Livio Spring 0af37d45e9
fix: handle user remove correctly in v1 sessions for login (#8432)
# Which Problems Are Solved

In case a user was deleted and recreated with the same id, they would
never be able to authenticate through the login UI, since it would
return an error "User not active".
This was due to the check in the auth request / session handling for the
login UI, where the user removed event would terminate an further event
check and ignore the newly added user.

# How the Problems Are Solved

- The user removed event no longer returns an error, but is handled as a
session termination event.
(A user removed event will already delete the user and the preceding
`activeUserById` function will deny the authentication.)

# Additional Changes

Updated tests to be able to handle multiple events in the mocks.

# Additional Context

closes https://github.com/zitadel/zitadel/issues/8201

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-08-15 05:39:54 +00:00
..
eventsourcing fix: handle user remove correctly in v1 sessions for login (#8432) 2024-08-15 05:39:54 +00:00
auth_request.go feat(idp): provide option to auto link user (#7734) 2024-04-10 15:46:30 +00:00
org.go feat(login): use new IDP templates (#5315) 2023-02-28 21:20:58 +01:00
refresh_token.go chore: upgrade to oidc v2 release (#5437) 2023-03-28 11:28:56 +00:00
repository.go fix: move activity log to queries and remove old code (#3096) 2022-01-26 10:16:33 +01:00
token.go feat(eventstore): increase parallel write capabilities (#5940) 2023-10-19 12:19:10 +02:00
user_session.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
user.go fix: change to repository event types and removed unused code (#3386) 2022-03-31 11:36:26 +02:00