zitadel/internal/query/lockout_policy.go
Tim Möhlmann 25ef3da9d5
refactor(fmt): run gci on complete project (#7557)
chore(fmt): run gci on complete project

Fix global import formatting in go code by running the `gci` command. This allows us to just use the command directly, instead of fixing the import order manually for the linter, on each PR.

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 10:43:43 +00:00

183 lines
5.1 KiB
Go

package query
import (
"context"
"database/sql"
"errors"
"time"
sq "github.com/Masterminds/squirrel"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/call"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
"github.com/zitadel/zitadel/internal/query/projection"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
"github.com/zitadel/zitadel/internal/zerrors"
)
type LockoutPolicy struct {
ID string
Sequence uint64
CreationDate time.Time
ChangeDate time.Time
ResourceOwner string
State domain.PolicyState
MaxPasswordAttempts uint64
ShowFailures bool
IsDefault bool
}
var (
lockoutTable = table{
name: projection.LockoutPolicyTable,
instanceIDCol: projection.LockoutPolicyInstanceIDCol,
}
LockoutColID = Column{
name: projection.LockoutPolicyIDCol,
table: lockoutTable,
}
LockoutColInstanceID = Column{
name: projection.LockoutPolicyInstanceIDCol,
table: lockoutTable,
}
LockoutColSequence = Column{
name: projection.LockoutPolicySequenceCol,
table: lockoutTable,
}
LockoutColCreationDate = Column{
name: projection.LockoutPolicyCreationDateCol,
table: lockoutTable,
}
LockoutColChangeDate = Column{
name: projection.LockoutPolicyChangeDateCol,
table: lockoutTable,
}
LockoutColResourceOwner = Column{
name: projection.LockoutPolicyResourceOwnerCol,
table: lockoutTable,
}
LockoutColShowFailures = Column{
name: projection.LockoutPolicyShowLockOutFailuresCol,
table: lockoutTable,
}
LockoutColMaxPasswordAttempts = Column{
name: projection.LockoutPolicyMaxPasswordAttemptsCol,
table: lockoutTable,
}
LockoutColIsDefault = Column{
name: projection.LockoutPolicyIsDefaultCol,
table: lockoutTable,
}
LockoutColState = Column{
name: projection.LockoutPolicyStateCol,
table: lockoutTable,
}
LockoutPolicyOwnerRemoved = Column{
name: projection.LockoutPolicyOwnerRemovedCol,
table: lockoutTable,
}
)
func (q *Queries) LockoutPolicyByOrg(ctx context.Context, shouldTriggerBulk bool, orgID string, withOwnerRemoved bool) (policy *LockoutPolicy, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
if shouldTriggerBulk {
_, traceSpan := tracing.NewNamedSpan(ctx, "TriggerLockoutPolicyProjection")
ctx, err = projection.LockoutPolicyProjection.Trigger(ctx, handler.WithAwaitRunning())
logging.OnError(err).Debug("trigger failed")
traceSpan.EndWithError(err)
}
eq := sq.Eq{
LockoutColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
}
if !withOwnerRemoved {
eq[LockoutPolicyOwnerRemoved.identifier()] = false
}
stmt, scan := prepareLockoutPolicyQuery(ctx, q.client)
query, args, err := stmt.Where(
sq.And{
eq,
sq.Or{
sq.Eq{LockoutColID.identifier(): orgID},
sq.Eq{LockoutColID.identifier(): authz.GetInstance(ctx).InstanceID()},
},
}).
OrderBy(LockoutColIsDefault.identifier()).
Limit(1).ToSql()
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement")
}
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
policy, err = scan(row)
return err
}, query, args...)
return policy, err
}
func (q *Queries) DefaultLockoutPolicy(ctx context.Context) (policy *LockoutPolicy, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
stmt, scan := prepareLockoutPolicyQuery(ctx, q.client)
query, args, err := stmt.Where(sq.Eq{
LockoutColID.identifier(): authz.GetInstance(ctx).InstanceID(),
LockoutColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
}).
OrderBy(LockoutColIsDefault.identifier()).
Limit(1).ToSql()
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement")
}
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
policy, err = scan(row)
return err
}, query, args...)
return policy, err
}
func prepareLockoutPolicyQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*LockoutPolicy, error)) {
return sq.Select(
LockoutColID.identifier(),
LockoutColSequence.identifier(),
LockoutColCreationDate.identifier(),
LockoutColChangeDate.identifier(),
LockoutColResourceOwner.identifier(),
LockoutColShowFailures.identifier(),
LockoutColMaxPasswordAttempts.identifier(),
LockoutColIsDefault.identifier(),
LockoutColState.identifier(),
).
From(lockoutTable.identifier() + db.Timetravel(call.Took(ctx))).
PlaceholderFormat(sq.Dollar),
func(row *sql.Row) (*LockoutPolicy, error) {
policy := new(LockoutPolicy)
err := row.Scan(
&policy.ID,
&policy.Sequence,
&policy.CreationDate,
&policy.ChangeDate,
&policy.ResourceOwner,
&policy.ShowFailures,
&policy.MaxPasswordAttempts,
&policy.IsDefault,
&policy.State,
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, zerrors.ThrowNotFound(err, "QUERY-63mtI", "Errors.PasswordComplexityPolicy.NotFound")
}
return nil, zerrors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal")
}
return policy, nil
}
}