mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 12:09:20 +00:00 
			
		
		
		
	 202aae4954
			
		
	
	202aae4954
	
	
	
		
			
			* feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy * feat: add mfa to login policy on org * feat: add mfa to login policy on org * feat: append events on policy views * feat: iam login policy mfa definition * feat: login policies on orgs * feat: configured mfas in login process * feat: configured mfas in login process * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: rename software and hardware mfas * fix: pr requests * fix user mfa * fix: test * fix: oidc version * fix: oidc version * fix: proto gen Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch>
		
			
				
	
	
		
			179 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			179 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package model
 | |
| 
 | |
| import (
 | |
| 	"encoding/json"
 | |
| 	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 | |
| 	"github.com/lib/pq"
 | |
| 	"time"
 | |
| 
 | |
| 	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 | |
| 
 | |
| 	"github.com/caos/logging"
 | |
| 	caos_errs "github.com/caos/zitadel/internal/errors"
 | |
| 	"github.com/caos/zitadel/internal/eventstore/models"
 | |
| 	"github.com/caos/zitadel/internal/iam/model"
 | |
| )
 | |
| 
 | |
| const (
 | |
| 	LoginPolicyKeyAggregateID = "aggregate_id"
 | |
| )
 | |
| 
 | |
| type LoginPolicyView struct {
 | |
| 	AggregateID  string    `json:"-" gorm:"column:aggregate_id;primary_key"`
 | |
| 	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
 | |
| 	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
 | |
| 	State        int32     `json:"-" gorm:"column:login_policy_state"`
 | |
| 
 | |
| 	AllowRegister         bool          `json:"allowRegister" gorm:"column:allow_register"`
 | |
| 	AllowUsernamePassword bool          `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
 | |
| 	AllowExternalIDP      bool          `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
 | |
| 	ForceMFA              bool          `json:"forceMFA" gorm:"column:force_mfa"`
 | |
| 	SecondFactors         pq.Int64Array `json:"-" gorm:"column:second_factors"`
 | |
| 	MultiFactors          pq.Int64Array `json:"-" gorm:"column:multi_factors"`
 | |
| 	Default               bool          `json:"-" gorm:"-"`
 | |
| 
 | |
| 	Sequence uint64 `json:"-" gorm:"column:sequence"`
 | |
| }
 | |
| 
 | |
| func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
 | |
| 	return &LoginPolicyView{
 | |
| 		AggregateID:           policy.AggregateID,
 | |
| 		Sequence:              policy.Sequence,
 | |
| 		CreationDate:          policy.CreationDate,
 | |
| 		ChangeDate:            policy.ChangeDate,
 | |
| 		AllowRegister:         policy.AllowRegister,
 | |
| 		AllowExternalIDP:      policy.AllowExternalIDP,
 | |
| 		AllowUsernamePassword: policy.AllowUsernamePassword,
 | |
| 		ForceMFA:              policy.ForceMFA,
 | |
| 		SecondFactors:         secondFactorsFromModel(policy.SecondFactors),
 | |
| 		MultiFactors:          multiFactorsFromModel(policy.MultiFactors),
 | |
| 		Default:               policy.Default,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func secondFactorsFromModel(mfas []model.SecondFactorType) []int64 {
 | |
| 	convertedMFAs := make([]int64, len(mfas))
 | |
| 	for i, m := range mfas {
 | |
| 		convertedMFAs[i] = int64(m)
 | |
| 	}
 | |
| 	return convertedMFAs
 | |
| }
 | |
| 
 | |
| func multiFactorsFromModel(mfas []model.MultiFactorType) []int64 {
 | |
| 	convertedMFAs := make([]int64, len(mfas))
 | |
| 	for i, m := range mfas {
 | |
| 		convertedMFAs[i] = int64(m)
 | |
| 	}
 | |
| 	return convertedMFAs
 | |
| }
 | |
| 
 | |
| func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
 | |
| 	return &model.LoginPolicyView{
 | |
| 		AggregateID:           policy.AggregateID,
 | |
| 		Sequence:              policy.Sequence,
 | |
| 		CreationDate:          policy.CreationDate,
 | |
| 		ChangeDate:            policy.ChangeDate,
 | |
| 		AllowRegister:         policy.AllowRegister,
 | |
| 		AllowExternalIDP:      policy.AllowExternalIDP,
 | |
| 		AllowUsernamePassword: policy.AllowUsernamePassword,
 | |
| 		ForceMFA:              policy.ForceMFA,
 | |
| 		SecondFactors:         secondFactorsToModel(policy.SecondFactors),
 | |
| 		MultiFactors:          multiFactorsToToModel(policy.MultiFactors),
 | |
| 		Default:               policy.Default,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func secondFactorsToModel(mfas []int64) []model.SecondFactorType {
 | |
| 	convertedMFAs := make([]model.SecondFactorType, len(mfas))
 | |
| 	for i, m := range mfas {
 | |
| 		convertedMFAs[i] = model.SecondFactorType(m)
 | |
| 	}
 | |
| 	return convertedMFAs
 | |
| }
 | |
| 
 | |
| func multiFactorsToToModel(mfas []int64) []model.MultiFactorType {
 | |
| 	convertedMFAs := make([]model.MultiFactorType, len(mfas))
 | |
| 	for i, m := range mfas {
 | |
| 		convertedMFAs[i] = model.MultiFactorType(m)
 | |
| 	}
 | |
| 	return convertedMFAs
 | |
| }
 | |
| 
 | |
| func (p *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
 | |
| 	p.Sequence = event.Sequence
 | |
| 	p.ChangeDate = event.CreationDate
 | |
| 	switch event.Type {
 | |
| 	case es_model.LoginPolicyAdded, org_es_model.LoginPolicyAdded:
 | |
| 		p.setRootData(event)
 | |
| 		p.CreationDate = event.CreationDate
 | |
| 		err = p.SetData(event)
 | |
| 	case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
 | |
| 		err = p.SetData(event)
 | |
| 	case es_model.LoginPolicySecondFactorAdded, org_es_model.LoginPolicySecondFactorAdded:
 | |
| 		mfa := new(es_model.MFA)
 | |
| 		err := mfa.SetData(event)
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 		p.SecondFactors = append(p.SecondFactors, int64(mfa.MfaType))
 | |
| 	case es_model.LoginPolicySecondFactorRemoved, org_es_model.LoginPolicySecondFactorRemoved:
 | |
| 		err = p.removeSecondFactor(event)
 | |
| 	case es_model.LoginPolicyMultiFactorAdded, org_es_model.LoginPolicyMultiFactorAdded:
 | |
| 		mfa := new(es_model.MFA)
 | |
| 		err := mfa.SetData(event)
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 		p.MultiFactors = append(p.MultiFactors, int64(mfa.MfaType))
 | |
| 	case es_model.LoginPolicyMultiFactorRemoved, org_es_model.LoginPolicyMultiFactorRemoved:
 | |
| 		err = p.removeMultiFactor(event)
 | |
| 	}
 | |
| 	return err
 | |
| }
 | |
| 
 | |
| func (r *LoginPolicyView) setRootData(event *models.Event) {
 | |
| 	r.AggregateID = event.AggregateID
 | |
| }
 | |
| 
 | |
| func (r *LoginPolicyView) SetData(event *models.Event) error {
 | |
| 	if err := json.Unmarshal(event.Data, r); err != nil {
 | |
| 		logging.Log("EVEN-Kn7ds").WithError(err).Error("could not unmarshal event data")
 | |
| 		return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
 | |
| 	}
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| func (p *LoginPolicyView) removeSecondFactor(event *models.Event) error {
 | |
| 	mfa := new(es_model.MFA)
 | |
| 	err := mfa.SetData(event)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	for i := len(p.SecondFactors) - 1; i >= 0; i-- {
 | |
| 		if p.SecondFactors[i] == int64(mfa.MfaType) {
 | |
| 			copy(p.SecondFactors[i:], p.SecondFactors[i+1:])
 | |
| 			p.SecondFactors[len(p.SecondFactors)-1] = 0
 | |
| 			p.SecondFactors = p.SecondFactors[:len(p.SecondFactors)-1]
 | |
| 			return nil
 | |
| 		}
 | |
| 	}
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| func (p *LoginPolicyView) removeMultiFactor(event *models.Event) error {
 | |
| 	mfa := new(es_model.MFA)
 | |
| 	err := mfa.SetData(event)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	for i := len(p.MultiFactors) - 1; i >= 0; i-- {
 | |
| 		if p.MultiFactors[i] == int64(mfa.MfaType) {
 | |
| 			copy(p.MultiFactors[i:], p.MultiFactors[i+1:])
 | |
| 			p.MultiFactors[len(p.MultiFactors)-1] = 0
 | |
| 			p.MultiFactors = p.MultiFactors[:len(p.MultiFactors)-1]
 | |
| 			return nil
 | |
| 		}
 | |
| 	}
 | |
| 	return nil
 | |
| }
 |