mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
00220e9532
* begin pw less registration * create pwless one time codes * send pwless link * separate send and add passwordless link * separate send and add passwordless link events * custom message text for passwordless registration * begin custom login texts for passwordless * i18n * i18n message * i18n message * custom message text * custom login text * org design and texts * create link in human import process * fix import human tests * begin passwordless init required step * passwordless init * passwordless init * do not return link in mgmt api * prompt * passwordless init only (no additional prompt) * cleanup * cleanup * add passwordless prompt to custom login text * increase init code complexity * fix grpc * cleanup * fix and add some cases for nextStep tests * fix tests * Update internal/notification/static/i18n/en.yaml * Update internal/notification/static/i18n/de.yaml * Update proto/zitadel/management.proto * Update internal/ui/login/static/i18n/de.yaml * Update internal/ui/login/static/i18n/de.yaml * Update internal/ui/login/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
155 lines
5.9 KiB
Go
155 lines
5.9 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
|
"github.com/caos/zitadel/internal/config/types"
|
|
"github.com/caos/zitadel/internal/domain"
|
|
"github.com/caos/zitadel/internal/eventstore"
|
|
|
|
"github.com/caos/zitadel/internal/api/http"
|
|
sd "github.com/caos/zitadel/internal/config/systemdefaults"
|
|
"github.com/caos/zitadel/internal/crypto"
|
|
"github.com/caos/zitadel/internal/id"
|
|
iam_repo "github.com/caos/zitadel/internal/repository/iam"
|
|
"github.com/caos/zitadel/internal/repository/keypair"
|
|
"github.com/caos/zitadel/internal/repository/org"
|
|
proj_repo "github.com/caos/zitadel/internal/repository/project"
|
|
usr_repo "github.com/caos/zitadel/internal/repository/user"
|
|
usr_grant_repo "github.com/caos/zitadel/internal/repository/usergrant"
|
|
"github.com/caos/zitadel/internal/static"
|
|
"github.com/caos/zitadel/internal/telemetry/tracing"
|
|
webauthn_helper "github.com/caos/zitadel/internal/webauthn"
|
|
)
|
|
|
|
type Commands struct {
|
|
eventstore *eventstore.Eventstore
|
|
static static.Storage
|
|
idGenerator id.Generator
|
|
iamDomain string
|
|
zitadelRoles []authz.RoleMapping
|
|
|
|
idpConfigSecretCrypto crypto.EncryptionAlgorithm
|
|
|
|
userPasswordAlg crypto.HashAlgorithm
|
|
initializeUserCode crypto.Generator
|
|
emailVerificationCode crypto.Generator
|
|
phoneVerificationCode crypto.Generator
|
|
passwordVerificationCode crypto.Generator
|
|
passwordlessInitCode crypto.Generator
|
|
machineKeyAlg crypto.EncryptionAlgorithm
|
|
machineKeySize int
|
|
applicationKeySize int
|
|
applicationSecretGenerator crypto.Generator
|
|
domainVerificationAlg crypto.EncryptionAlgorithm
|
|
domainVerificationGenerator crypto.Generator
|
|
domainVerificationValidator func(domain, token, verifier string, checkType http.CheckType) error
|
|
multifactors domain.MultifactorConfigs
|
|
|
|
webauthn *webauthn_helper.WebAuthN
|
|
keySize int
|
|
keyAlgorithm crypto.EncryptionAlgorithm
|
|
privateKeyLifetime time.Duration
|
|
publicKeyLifetime time.Duration
|
|
tokenVerifier *authz.TokenVerifier
|
|
}
|
|
|
|
type Config struct {
|
|
Eventstore types.SQLUser
|
|
}
|
|
|
|
func StartCommands(eventstore *eventstore.Eventstore, defaults sd.SystemDefaults, authZConfig authz.Config, staticStore static.Storage, authZRepo *authz_repo.EsRepository) (repo *Commands, err error) {
|
|
repo = &Commands{
|
|
eventstore: eventstore,
|
|
static: staticStore,
|
|
idGenerator: id.SonyFlakeGenerator,
|
|
iamDomain: defaults.Domain,
|
|
zitadelRoles: authZConfig.RolePermissionMappings,
|
|
keySize: defaults.KeyConfig.Size,
|
|
privateKeyLifetime: defaults.KeyConfig.PrivateKeyLifetime.Duration,
|
|
publicKeyLifetime: defaults.KeyConfig.PublicKeyLifetime.Duration,
|
|
}
|
|
iam_repo.RegisterEventMappers(repo.eventstore)
|
|
org.RegisterEventMappers(repo.eventstore)
|
|
usr_repo.RegisterEventMappers(repo.eventstore)
|
|
usr_grant_repo.RegisterEventMappers(repo.eventstore)
|
|
proj_repo.RegisterEventMappers(repo.eventstore)
|
|
keypair.RegisterEventMappers(repo.eventstore)
|
|
|
|
repo.idpConfigSecretCrypto, err = crypto.NewAESCrypto(defaults.IDPConfigVerificationKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
userEncryptionAlgorithm, err := crypto.NewAESCrypto(defaults.UserVerificationKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo.initializeUserCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.InitializeUserCode, userEncryptionAlgorithm)
|
|
repo.emailVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.EmailVerificationCode, userEncryptionAlgorithm)
|
|
repo.phoneVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.PhoneVerificationCode, userEncryptionAlgorithm)
|
|
repo.passwordVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.PasswordVerificationCode, userEncryptionAlgorithm)
|
|
repo.passwordlessInitCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.PasswordlessInitCode, userEncryptionAlgorithm)
|
|
repo.userPasswordAlg = crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost)
|
|
repo.machineKeyAlg = userEncryptionAlgorithm
|
|
repo.machineKeySize = int(defaults.SecretGenerators.MachineKeySize)
|
|
repo.applicationKeySize = int(defaults.SecretGenerators.ApplicationKeySize)
|
|
|
|
aesOTPCrypto, err := crypto.NewAESCrypto(defaults.Multifactors.OTP.VerificationKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo.multifactors = domain.MultifactorConfigs{
|
|
OTP: domain.OTPConfig{
|
|
CryptoMFA: aesOTPCrypto,
|
|
Issuer: defaults.Multifactors.OTP.Issuer,
|
|
},
|
|
}
|
|
passwordAlg := crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost)
|
|
repo.applicationSecretGenerator = crypto.NewHashGenerator(defaults.SecretGenerators.ClientSecretGenerator, passwordAlg)
|
|
|
|
repo.domainVerificationAlg, err = crypto.NewAESCrypto(defaults.DomainVerification.VerificationKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo.domainVerificationGenerator = crypto.NewEncryptionGenerator(defaults.DomainVerification.VerificationGenerator, repo.domainVerificationAlg)
|
|
repo.domainVerificationValidator = http.ValidateDomain
|
|
web, err := webauthn_helper.StartServer(defaults.WebAuthN)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo.webauthn = web
|
|
|
|
keyAlgorithm, err := crypto.NewAESCrypto(defaults.KeyConfig.EncryptionConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo.keyAlgorithm = keyAlgorithm
|
|
|
|
repo.tokenVerifier = authz.Start(authZRepo)
|
|
return repo, nil
|
|
}
|
|
|
|
func (c *Commands) getIAMWriteModel(ctx context.Context) (_ *IAMWriteModel, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
writeModel := NewIAMWriteModel()
|
|
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return writeModel, nil
|
|
}
|
|
|
|
func AppendAndReduce(object interface {
|
|
AppendEvents(...eventstore.EventReader)
|
|
Reduce() error
|
|
}, events ...eventstore.EventReader) error {
|
|
object.AppendEvents(events...)
|
|
return object.Reduce()
|
|
}
|