mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-13 21:44:05 +00:00
.artifacts
.codecov
.github
build
cmd
console
deploy
docs
e2e
internal
actions
admin
api
auth
auth_request
authz
cache
command
preparation
auth_checks.go
command.go
converter.go
crypto.go
crypto_test.go
custom_login_text.go
custom_login_text_model.go
custom_message_text_model.go
custom_text_model.go
debug_notification_model.go
device_auth.go
device_auth_model.go
device_auth_test.go
email.go
existing_label_policies_model.go
flow_model.go
identity_provider_model.go
idp.go
idp_config_model.go
idp_intent.go
idp_intent_model.go
idp_intent_test.go
idp_model.go
idp_model_test.go
instance.go
instance_converter.go
instance_custom_login_text.go
instance_custom_login_text_model.go
instance_custom_login_text_test.go
instance_custom_message_text.go
instance_custom_message_text_model.go
instance_custom_message_text_test.go
instance_custom_text.go
instance_custom_text_model.go
instance_debug_notification_file.go
instance_debug_notification_file_model.go
instance_debug_notification_file_test.go
instance_debug_notification_log.go
instance_debug_notification_log_model.go
instance_debug_notification_log_test.go
instance_domain.go
instance_domain_model.go
instance_domain_test.go
instance_idp.go
instance_idp_config.go
instance_idp_config_model.go
instance_idp_config_test.go
instance_idp_jwt_config.go
instance_idp_jwt_config_model.go
instance_idp_jwt_config_test.go
instance_idp_model.go
instance_idp_oidc_config.go
instance_idp_oidc_config_model.go
instance_idp_oidc_config_test.go
instance_idp_test.go
instance_member.go
instance_member_model.go
instance_member_test.go
instance_model.go
instance_oidc_settings.go
instance_oidc_settings_model.go
instance_oidc_settings_test.go
instance_policy_domain.go
instance_policy_domain_model.go
instance_policy_domain_test.go
instance_policy_label.go
instance_policy_label_model.go
instance_policy_label_test.go
instance_policy_login.go
instance_policy_login_factors_model.go
instance_policy_login_identity_provider_model.go
instance_policy_login_model.go
instance_policy_login_test.go
instance_policy_mail_template.go
instance_policy_mail_template_model.go
instance_policy_mail_template_test.go
instance_policy_notification.go
instance_policy_notification_model.go
instance_policy_notification_test.go
instance_policy_password_age.go
instance_policy_password_age_model.go
instance_policy_password_age_test.go
instance_policy_password_complexity.go
instance_policy_password_complexity_model.go
instance_policy_password_complexity_test.go
instance_policy_password_lockout.go
instance_policy_password_lockout_model.go
instance_policy_password_lockout_test.go
instance_policy_privacy.go
instance_policy_privacy_model.go
instance_policy_privacy_test.go
instance_policy_security.go
instance_policy_security_model.go
instance_secret_generator_model.go
instance_settings.go
instance_settings_test.go
instance_smtp_config_model.go
instance_test.go
jwt_config_model.go
key_pair.go
key_pair_model.go
main_test.go
member_model.go
metadata_model.go
milestone.go
oidc_config_model.go
org.go
org_action.go
org_action_model.go
org_action_test.go
org_converter.go
org_custom_login_text.go
org_custom_login_text_model.go
org_custom_login_text_test.go
org_custom_message_model.go
org_custom_message_text.go
org_custom_message_text_test.go
org_domain.go
org_domain_model.go
org_domain_test.go
org_flow.go
org_flow_model.go
org_flow_test.go
org_idp.go
org_idp_config.go
org_idp_config_model.go
org_idp_config_test.go
org_idp_jwt_config.go
org_idp_jwt_config_model.go
org_idp_jwt_config_test.go
org_idp_model.go
org_idp_oidc_config.go
org_idp_oidc_config_model.go
org_idp_oidc_config_test.go
org_idp_test.go
org_member.go
org_member_model.go
org_member_test.go
org_metadata.go
org_metadata_model.go
org_metadata_test.go
org_model.go
org_policy_domain.go
org_policy_domain_model.go
org_policy_domain_test.go
org_policy_label.go
org_policy_label_model.go
org_policy_label_test.go
org_policy_lockout.go
org_policy_lockout_model.go
org_policy_lockout_test.go
org_policy_login.go
org_policy_login_factors_model.go
org_policy_login_identity_provider_model.go
org_policy_login_model.go
org_policy_login_test.go
org_policy_mail_template.go
org_policy_mail_template_model.go
org_policy_mail_template_test.go
org_policy_notification.go
org_policy_notification_model.go
org_policy_notification_test.go
org_policy_password_age.go
org_policy_password_age_model.go
org_policy_password_age_test.go
org_policy_password_complexity.go
org_policy_password_complexity_model.go
org_policy_password_complexity_test.go
org_policy_privacy.go
org_policy_privacy_model.go
org_policy_privacy_test.go
org_test.go
phone.go
phone_test.go
policy_label_model.go
policy_login_factors_model.go
policy_login_model.go
policy_mail_template_model.go
policy_notification_model.go
policy_org_model.go
policy_password_age_model.go
policy_password_complexity_model.go
policy_password_lockout_model.go
policy_privacy_model.go
preparation_test.go
project.go
project_application.go
project_application_api.go
project_application_api_model.go
project_application_api_test.go
project_application_key.go
project_application_key_model.go
project_application_key_test.go
project_application_model.go
project_application_oidc.go
project_application_oidc_model.go
project_application_oidc_test.go
project_application_saml.go
project_application_saml_model.go
project_application_saml_test.go
project_application_test.go
project_converter.go
project_grant.go
project_grant_member.go
project_grant_member_model.go
project_grant_member_test.go
project_grant_model.go
project_grant_test.go
project_member.go
project_member_model.go
project_member_test.go
project_model.go
project_role.go
project_role_model.go
project_role_test.go
project_test.go
quota.go
quota_model.go
quota_report.go
session.go
session_model.go
session_passkey.go
session_passkeys_test.go
session_test.go
sms_config.go
sms_config_model.go
sms_config_test.go
smtp.go
smtp_test.go
statics.go
system_model.go
unique_constraints_model.go
user.go
user_converter.go
user_domain_policy.go
user_domain_policy_test.go
user_grant.go
user_grant_converter.go
user_grant_model.go
user_grant_test.go
user_human.go
user_human_access_token_model.go
user_human_address.go
user_human_address_model.go
user_human_adress_test.go
user_human_avatar.go
user_human_avatar_test.go
user_human_email.go
user_human_email_model.go
user_human_email_test.go
user_human_init.go
user_human_init_model.go
user_human_init_test.go
user_human_model.go
user_human_otp.go
user_human_otp_model.go
user_human_otp_test.go
user_human_password.go
user_human_password_model.go
user_human_password_test.go
user_human_phone.go
user_human_phone_model.go
user_human_phone_test.go
user_human_profile.go
user_human_profile_model.go
user_human_profile_test.go
user_human_refresh_token.go
user_human_refresh_token_model.go
user_human_refresh_token_test.go
user_human_test.go
user_human_webauthn.go
user_human_webauthn_model.go
user_idp_link.go
user_idp_link_model.go
user_idp_link_test.go
user_machine.go
user_machine_key.go
user_machine_key_model.go
user_machine_key_test.go
user_machine_model.go
user_machine_secret.go
user_machine_secret_test.go
user_machine_test.go
user_membership.go
user_metadata.go
user_metadata_model.go
user_metadata_test.go
user_model.go
user_password_complexity_policy.go
user_password_complexity_policy_test.go
user_personal_access_token.go
user_personal_access_token_model.go
user_personal_access_token_test.go
user_test.go
user_v2_email.go
user_v2_email_test.go
user_v2_passkey.go
user_v2_passkey_test.go
user_v2_password.go
user_v2_password_test.go
user_v2_totp.go
user_v2_totp_test.go
user_v2_u2f.go
user_v2_u2f_test.go
config
crypto
database
domain
errors
eventstore
form
i18n
iam
id
idp
integration
logstore
migration
notification
org
project
proto
protoc
qrcode
query
renderer
repository
static
statik
telemetry
test
user
view
webauthn
openapi
pkg
proto
statik
tools
.dockerignore
.gitignore
.golangci.yaml
.goreleaser.yaml
.releaserc.js
CODE_OF_CONDUCT.md
CONTRIBUTING.md
LICENSE
README.md
SECURITY.md
buf.work.yaml
changelog.config.js
go.mod
go.sum
main.go
release-channels.yaml
yarn.lock
5819924275
* device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
114 lines
3.2 KiB
Go
114 lines
3.2 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
caos_errs "github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/deviceauth"
|
|
)
|
|
|
|
func (c *Commands) AddDeviceAuth(ctx context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) (string, *domain.ObjectDetails, error) {
|
|
aggrID, err := c.idGenerator.Next()
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
|
|
aggr := deviceauth.NewAggregate(aggrID, authz.GetInstance(ctx).InstanceID())
|
|
model := NewDeviceAuthWriteModel(aggrID, aggr.ResourceOwner)
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewAddedEvent(
|
|
ctx,
|
|
aggr,
|
|
clientID,
|
|
deviceCode,
|
|
userCode,
|
|
expires,
|
|
scopes,
|
|
))
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
err = AppendAndReduce(model, pushedEvents...)
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
|
|
return model.AggregateID, writeModelToObjectDetails(&model.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) ApproveDeviceAuth(ctx context.Context, id, subject string) (*domain.ObjectDetails, error) {
|
|
model, err := c.getDeviceAuthWriteModelByID(ctx, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !model.State.Exists() {
|
|
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Hief9", "Errors.DeviceAuth.NotFound")
|
|
}
|
|
aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID)
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewApprovedEvent(ctx, aggr, subject))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(model, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return writeModelToObjectDetails(&model.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) CancelDeviceAuth(ctx context.Context, id string, reason domain.DeviceAuthCanceled) (*domain.ObjectDetails, error) {
|
|
model, err := c.getDeviceAuthWriteModelByID(ctx, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !model.State.Exists() {
|
|
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-gee5A", "Errors.DeviceAuth.NotFound")
|
|
}
|
|
aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID)
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewCanceledEvent(ctx, aggr, reason))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(model, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return writeModelToObjectDetails(&model.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) RemoveDeviceAuth(ctx context.Context, id string) (*domain.ObjectDetails, error) {
|
|
model, err := c.getDeviceAuthWriteModelByID(ctx, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aggr := deviceauth.NewAggregate(model.AggregateID, model.InstanceID)
|
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, deviceauth.NewRemovedEvent(ctx, aggr, model.ClientID, model.DeviceCode, model.UserCode))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(model, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return writeModelToObjectDetails(&model.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) getDeviceAuthWriteModelByID(ctx context.Context, id string) (*DeviceAuthWriteModel, error) {
|
|
model := &DeviceAuthWriteModel{WriteModel: eventstore.WriteModel{AggregateID: id}}
|
|
err := c.eventstore.FilterToQueryReducer(ctx, model)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return model, nil
|
|
}
|