mirror of
https://github.com/zitadel/zitadel.git
synced 2025-04-01 19:32:18 +00:00
3616b6b028
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
130 lines
3.3 KiB
Go
130 lines
3.3 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
|
)
|
|
|
|
type MachineWriteModel struct {
|
|
eventstore.WriteModel
|
|
|
|
UserName string
|
|
|
|
Name string
|
|
Description string
|
|
UserState domain.UserState
|
|
AccessTokenType domain.OIDCTokenType
|
|
|
|
ClientSecret *crypto.CryptoValue
|
|
}
|
|
|
|
func NewMachineWriteModel(userID, resourceOwner string) *MachineWriteModel {
|
|
return &MachineWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: userID,
|
|
ResourceOwner: resourceOwner,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *MachineWriteModel) Reduce() error {
|
|
for _, event := range wm.Events {
|
|
switch e := event.(type) {
|
|
case *user.MachineAddedEvent:
|
|
wm.UserName = e.UserName
|
|
wm.Name = e.Name
|
|
wm.Description = e.Description
|
|
wm.AccessTokenType = e.AccessTokenType
|
|
wm.UserState = domain.UserStateActive
|
|
case *user.UsernameChangedEvent:
|
|
wm.UserName = e.UserName
|
|
case *user.MachineChangedEvent:
|
|
if e.Name != nil {
|
|
wm.Name = *e.Name
|
|
}
|
|
if e.Description != nil {
|
|
wm.Description = *e.Description
|
|
}
|
|
if e.AccessTokenType != nil {
|
|
wm.AccessTokenType = *e.AccessTokenType
|
|
}
|
|
case *user.UserLockedEvent:
|
|
if wm.UserState != domain.UserStateDeleted {
|
|
wm.UserState = domain.UserStateLocked
|
|
}
|
|
case *user.UserUnlockedEvent:
|
|
if wm.UserState != domain.UserStateDeleted {
|
|
wm.UserState = domain.UserStateActive
|
|
}
|
|
case *user.UserDeactivatedEvent:
|
|
if wm.UserState != domain.UserStateDeleted {
|
|
wm.UserState = domain.UserStateInactive
|
|
}
|
|
case *user.UserReactivatedEvent:
|
|
if wm.UserState != domain.UserStateDeleted {
|
|
wm.UserState = domain.UserStateActive
|
|
}
|
|
case *user.UserRemovedEvent:
|
|
wm.UserState = domain.UserStateDeleted
|
|
case *user.MachineSecretSetEvent:
|
|
wm.ClientSecret = e.ClientSecret
|
|
case *user.MachineSecretRemovedEvent:
|
|
wm.ClientSecret = nil
|
|
}
|
|
}
|
|
return wm.WriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *MachineWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(user.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(user.MachineAddedEventType,
|
|
user.UserUserNameChangedType,
|
|
user.MachineChangedEventType,
|
|
user.UserLockedType,
|
|
user.UserUnlockedType,
|
|
user.UserDeactivatedType,
|
|
user.UserReactivatedType,
|
|
user.UserRemovedType,
|
|
user.MachineSecretSetType,
|
|
user.MachineSecretRemovedType).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *MachineWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
name,
|
|
description string,
|
|
accessTokenType domain.OIDCTokenType,
|
|
) (*user.MachineChangedEvent, bool, error) {
|
|
changes := make([]user.MachineChanges, 0)
|
|
var err error
|
|
|
|
if wm.Name != name {
|
|
changes = append(changes, user.ChangeName(name))
|
|
}
|
|
if wm.Description != description {
|
|
changes = append(changes, user.ChangeDescription(description))
|
|
}
|
|
if wm.AccessTokenType != accessTokenType {
|
|
changes = append(changes, user.ChangeAccessTokenType(accessTokenType))
|
|
}
|
|
if len(changes) == 0 {
|
|
return nil, false, nil
|
|
}
|
|
changeEvent, err := user.NewMachineChangedEvent(ctx, aggregate, changes)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
return changeEvent, true, nil
|
|
}
|