mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
43fb3fd1a6
* fix: potential memory leak * feat(actions): possibility to parse json feat(actions): possibility to perform http calls * add query call * feat(api): list flow and trigger types fix(api): switch flow and trigger types to dynamic objects * fix(translations): add action translations * use `domain.FlowType` * localizers * localization * trigger types * options on `query.Action` * add functions for actions * feat: management api: add list flow and trigger (#4352) * console changes * cleanup * fix: wrong localization Co-authored-by: Max Peintner <max@caos.ch> * id token works * check if claims not nil * feat(actions): metadata api * refactor(actions): modules * fix: allow prerelease * fix: test * feat(actions): deny list for http hosts * feat(actions): deny list for http hosts * refactor: actions * fix: different error ids * fix: rename statusCode to status * Actions objects as options (#4418) * fix: rename statusCode to status * fix(actions): objects as options * fix(actions): objects as options * fix(actions): set fields * add http client to old actions * fix(actions): add log module * fix(actions): add user to context where possible * fix(actions): add user to ctx in external authorization/pre creation * fix(actions): query correct flow in claims * test: actions * fix(id-generator): panic if no machine id * tests * maybe this? * fix linting * refactor: improve code * fix: metadata and usergrant usage in actions * fix: appendUserGrant * fix: allowedToFail and timeout in action execution * fix: allowed to fail in token complement flow * docs: add action log claim * Update defaults.yaml * fix log claim * remove prerelease build Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com>
203 lines
7.0 KiB
Go
203 lines
7.0 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
)
|
|
|
|
func (c *Commands) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
|
|
if config.OIDCConfig == nil && config.JWTConfig == nil {
|
|
return nil, errors.ThrowInvalidArgument(nil, "IDP-s8nn3", "Errors.IDPConfig.Invalid")
|
|
}
|
|
idpConfigID, err := c.idGenerator.Next()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
addedConfig := NewInstanceIDPConfigWriteModel(ctx, idpConfigID)
|
|
|
|
instanceAgg := InstanceAggregateFromWriteModel(&addedConfig.WriteModel)
|
|
events := []eventstore.Command{
|
|
instance.NewIDPConfigAddedEvent(
|
|
ctx,
|
|
instanceAgg,
|
|
idpConfigID,
|
|
config.Name,
|
|
config.Type,
|
|
config.StylingType,
|
|
config.AutoRegister,
|
|
),
|
|
}
|
|
if config.OIDCConfig != nil {
|
|
clientSecret, err := crypto.Encrypt([]byte(config.OIDCConfig.ClientSecretString), c.idpConfigEncryption)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
events = append(events, instance.NewIDPOIDCConfigAddedEvent(
|
|
ctx,
|
|
instanceAgg,
|
|
config.OIDCConfig.ClientID,
|
|
idpConfigID,
|
|
config.OIDCConfig.Issuer,
|
|
config.OIDCConfig.AuthorizationEndpoint,
|
|
config.OIDCConfig.TokenEndpoint,
|
|
clientSecret,
|
|
config.OIDCConfig.IDPDisplayNameMapping,
|
|
config.OIDCConfig.UsernameMapping,
|
|
config.OIDCConfig.Scopes...,
|
|
))
|
|
} else if config.JWTConfig != nil {
|
|
events = append(events, instance.NewIDPJWTConfigAddedEvent(
|
|
ctx,
|
|
instanceAgg,
|
|
idpConfigID,
|
|
config.JWTConfig.JWTEndpoint,
|
|
config.JWTConfig.Issuer,
|
|
config.JWTConfig.KeysEndpoint,
|
|
config.JWTConfig.HeaderName,
|
|
))
|
|
}
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(addedConfig, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
|
|
if config.IDPConfigID == "" {
|
|
return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-4m9gs", "Errors.IDMissing")
|
|
}
|
|
existingIDP, err := c.instanceIDPConfigWriteModelByID(ctx, config.IDPConfigID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified {
|
|
return nil, errors.ThrowNotFound(nil, "INSTANCE-m0e3r", "Errors.IDPConfig.NotExisting")
|
|
}
|
|
|
|
instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel)
|
|
changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, instanceAgg, config.IDPConfigID, config.Name, config.StylingType, config.AutoRegister)
|
|
if !hasChanged {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-3k0fs", "Errors.IAM.IDPConfig.NotChanged")
|
|
}
|
|
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.ObjectDetails, error) {
|
|
existingIDP, err := c.instanceIDPConfigWriteModelByID(ctx, idpID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if existingIDP.State != domain.IDPConfigStateActive {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-2n0fs", "Errors.IAM.IDPConfig.NotActive")
|
|
}
|
|
instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel)
|
|
pushedEvents, err := c.eventstore.Push(ctx, instance.NewIDPConfigDeactivatedEvent(ctx, instanceAgg, idpID))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.ObjectDetails, error) {
|
|
existingIDP, err := c.instanceIDPConfigWriteModelByID(ctx, idpID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if existingIDP.State != domain.IDPConfigStateInactive {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-5Mo0d", "Errors.IAM.IDPConfig.NotInactive")
|
|
}
|
|
instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel)
|
|
pushedEvents, err := c.eventstore.Push(ctx, instance.NewIDPConfigReactivatedEvent(ctx, instanceAgg, idpID))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idpProviders []*domain.IDPProvider, externalIDPs ...*domain.UserIDPLink) (*domain.ObjectDetails, error) {
|
|
existingIDP, err := c.instanceIDPConfigWriteModelByID(ctx, idpID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified {
|
|
return nil, errors.ThrowNotFound(nil, "INSTANCE-4M0xy", "Errors.IDPConfig.NotExisting")
|
|
}
|
|
|
|
instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel)
|
|
events := []eventstore.Command{
|
|
instance.NewIDPConfigRemovedEvent(ctx, instanceAgg, idpID, existingIDP.Name),
|
|
}
|
|
|
|
for _, idpProvider := range idpProviders {
|
|
if idpProvider.AggregateID == authz.GetInstance(ctx).InstanceID() {
|
|
userEvents := c.removeIDPProviderFromDefaultLoginPolicy(ctx, instanceAgg, idpProvider, true, externalIDPs...)
|
|
events = append(events, userEvents...)
|
|
}
|
|
orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel)
|
|
orgEvents := c.removeIDPFromLoginPolicy(ctx, orgAgg, idpID, true)
|
|
events = append(events, orgEvents...)
|
|
}
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, events...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(existingIDP, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) getInstanceIDPConfigByID(ctx context.Context, idpID string) (*domain.IDPConfig, error) {
|
|
config, err := c.instanceIDPConfigWriteModelByID(ctx, idpID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !config.State.Exists() {
|
|
return nil, errors.ThrowNotFound(nil, "INSTANCE-p0pFF", "Errors.IDPConfig.NotExisting")
|
|
}
|
|
return writeModelToIDPConfig(&config.IDPConfigWriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) instanceIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *InstanceIDPConfigWriteModel, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
writeModel := NewInstanceIDPConfigWriteModel(ctx, idpID)
|
|
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModel, nil
|
|
}
|