mirror of
https://github.com/zitadel/zitadel.git
synced 2025-06-19 22:58:44 +00:00
202aae4954
* feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy on org * feat: add mfa to login policy on org * feat: append events on policy views * feat: iam login policy mfa definition * feat: login policies on orgs * feat: configured mfas in login process * feat: configured mfas in login process * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: rename software and hardware mfas * fix: pr requests * fix user mfa * fix: test * fix: oidc version * fix: oidc version * fix: proto gen Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch>
90 lines
1.7 KiB
Go
90 lines
1.7 KiB
Go
package model
|
|
|
|
import (
|
|
"github.com/caos/zitadel/internal/eventstore/models"
|
|
)
|
|
|
|
type LoginPolicy struct {
|
|
models.ObjectRoot
|
|
|
|
State PolicyState
|
|
Default bool
|
|
AllowUsernamePassword bool
|
|
AllowRegister bool
|
|
AllowExternalIdp bool
|
|
IDPProviders []*IDPProvider
|
|
ForceMFA bool
|
|
SecondFactors []SecondFactorType
|
|
MultiFactors []MultiFactorType
|
|
}
|
|
|
|
type IDPProvider struct {
|
|
models.ObjectRoot
|
|
Type IDPProviderType
|
|
IdpConfigID string
|
|
}
|
|
|
|
type PolicyState int32
|
|
|
|
const (
|
|
PolicyStateActive PolicyState = iota
|
|
PolicyStateRemoved
|
|
)
|
|
|
|
type IDPProviderType int32
|
|
|
|
const (
|
|
IDPProviderTypeSystem IDPProviderType = iota
|
|
IDPProviderTypeOrg
|
|
)
|
|
|
|
type SecondFactorType int32
|
|
|
|
const (
|
|
SecondFactorTypeUnspecified SecondFactorType = iota
|
|
SecondFactorTypeOTP
|
|
SecondFactorTypeU2F
|
|
)
|
|
|
|
type MultiFactorType int32
|
|
|
|
const (
|
|
MultiFactorTypeUnspecified MultiFactorType = iota
|
|
MultiFactorTypeU2FWithPIN
|
|
)
|
|
|
|
func (p *LoginPolicy) IsValid() bool {
|
|
return p.ObjectRoot.AggregateID != ""
|
|
}
|
|
|
|
func (p *IDPProvider) IsValid() bool {
|
|
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
|
|
}
|
|
|
|
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
|
|
for i, m := range p.IDPProviders {
|
|
if m.IdpConfigID == id {
|
|
return i, m
|
|
}
|
|
}
|
|
return -1, nil
|
|
}
|
|
|
|
func (p *LoginPolicy) GetSecondFactor(mfaType SecondFactorType) (int, SecondFactorType) {
|
|
for i, m := range p.SecondFactors {
|
|
if m == mfaType {
|
|
return i, m
|
|
}
|
|
}
|
|
return -1, 0
|
|
}
|
|
|
|
func (p *LoginPolicy) GetMultiFactor(mfaType MultiFactorType) (int, MultiFactorType) {
|
|
for i, m := range p.MultiFactors {
|
|
if m == mfaType {
|
|
return i, m
|
|
}
|
|
}
|
|
return -1, 0
|
|
}
|