TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-01 07:57:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/command
History
Tim Möhlmann 3f6ea78c87
perf: role permissions in database (#9152) 
# Which Problems Are Solved

Currently ZITADEL defines organization and instance member roles and
permissions in defaults.yaml. The permission check is done on API call
level. For example: "is this user allowed to make this call on this
org". This makes sense on the V1 API where the API is permission-level
shaped. For example, a search for users always happens in the context of
the organization. (Either the organization the calling user belongs to,
or through member ship and the x-zitadel-orgid header.

However, for resource based APIs we must be able to resolve permissions
by object. For example, an IAM_OWNER listing users should be able to get
all users in an instance based on the query filters. Alternatively a
user may have user.read permissions on one or more orgs. They should be
able to read just those users.

# How the Problems Are Solved

## Role permission mapping

The role permission mappings defined from `defaults.yaml` or local
config override are synchronized to the database on every run of
`zitadel setup`:

- A single query per **aggregate** builds a list of `add` and `remove`
actions needed to reach the desired state or role permission mappings
from the config.
- The required events based on the actions are pushed to the event
store.
- Events define search fields so that permission checking can use the
indices and is strongly consistent for both query and command sides.

The migration is split in the following aggregates:

- System aggregate for for roles prefixed with `SYSTEM`
- Each instance for roles not prefixed with `SYSTEM`. This is in
anticipation of instance level management over the API.

## Membership

Current instance / org / project membership events now have field table
definitions. Like the role permissions this ensures strong consistency
while still being able to use the indices of the fields table. A
migration is provided to fill the membership fields.

## Permission check

I aimed keeping the mental overhead to the developer to a minimal. The
provided implementation only provides a permission check for list
queries for org level resources, for example users. In the `query`
package there is a simple helper function `wherePermittedOrgs` which
makes sure the underlying database function is called as part of the
`SELECT` query and the permitted organizations are part of the `WHERE`
clause. This makes sure results from non-permitted organizations are
omitted. Under the hood:

- A Pg/PlSQL function searches for a list of organization IDs the passed
user has the passed permission.
- When the user has the permission on instance level, it returns early
with all organizations.
- The functions uses a number of views. The views help mapping the
fields entries into relational data and simplify the code use for the
function. The views provide some pre-filters which allow proper index
usage once the final `WHERE` clauses are set by the function.

# Additional Changes



# Additional Context

Closes #9032
Closes https://github.com/zitadel/zitadel/issues/9014

https://github.com/zitadel/zitadel/issues/9188 defines follow-ups for
the new permission framework based on this concept.
2025-01-16 10:09:15 +00:00
..
preparation
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
action_v2_execution_model_test.go
feat: add action v2 execution on requests and responses (#7637)
2024-05-04 11:55:57 +02:00
action_v2_execution_model.go
feat(v3alpha): write actions (#8225)
2024-07-31 14:42:12 +02:00
action_v2_execution_test.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
action_v2_execution.go
feat(v3alpha): write actions (#8225)
2024-07-31 14:42:12 +02:00
action_v2_target_model_test.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
action_v2_target_model.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
action_v2_target_test.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
action_v2_target.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
auth_checks.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
auth_request_model.go
fix(oidc): store requested response_mode (#8145)
2024-06-17 09:50:12 +00:00
auth_request_test.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
auth_request.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
cache.go
feat(cache): redis cache (#8822)
2024-11-04 10:44:51 +00:00
command_test.go
perf(oidc): optimize client verification (#6999)
2023-12-05 17:01:03 +00:00
command.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
converter.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
crypto_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
crypto.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
custom_login_text_model.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
custom_login_text.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
custom_message_text_model.go
fix(logintexts): fix several custom text attributes for get and set (#4733)
2022-12-01 13:31:46 +01:00
debug_events_model.go
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
debug_events_test.go
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
debug_events.go
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
debug_notification_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
device_auth_model.go
feat(oidc): sid claim for id_tokens issued through login V1 (#8525)
2024-09-03 13:19:00 +00:00
device_auth_test.go
fix: correctly check user state (#8631)
2024-09-17 13:21:49 +00:00
device_auth.go
fix: correctly check user state (#8631)
2024-09-17 13:21:49 +00:00
email.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
existing_label_policies_model.go
fix(eventstore): prevent allocation of filtered events (#6749)
2023-10-19 15:21:31 +00:00
flow_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
identity_provider_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
idp_config_model.go
feat(login): additionally use email/phone for authentication (#4563)
2022-10-17 19:19:15 +00:00
idp_intent_model.go
fix: allow start and retrieve IdP intents with IdPs from other organizations (#7871)
2024-05-07 06:11:20 +00:00
idp_intent_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
idp_intent.go
fix: error handling to prevent panics (#8248)
2024-07-04 14:11:06 +00:00
idp_model_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
idp_model.go
feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979)
2024-05-23 05:04:07 +00:00
idp.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
instance_converter.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
instance_custom_login_text_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_custom_login_text_test.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
instance_custom_login_text.go
fix: empty custom text changes push no events (#8054)
2024-06-17 12:47:38 +00:00
instance_custom_message_text_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_custom_message_text_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_custom_message_text.go
fix: empty custom text changes push no events (#8054)
2024-06-17 12:47:38 +00:00
instance_debug_notification_file_model.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
instance_debug_notification_file_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_debug_notification_file.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_debug_notification_log_model.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
instance_debug_notification_log_test.go
feat(eventstore): accept transaction in push (#8945)
2024-11-22 17:25:28 +01:00
instance_debug_notification_log.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_domain_model.go
fix(eventstore): prevent allocation of filtered events (#6749)
2023-10-19 15:21:31 +00:00
instance_domain_test.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
instance_domain.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance_features_model.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
instance_features_test.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
instance_features.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
instance_idp_config_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_idp_config_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_idp_config.go
fix: check idp existence by org id (#7667)
2024-04-09 19:32:00 +00:00
instance_idp_jwt_config_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_idp_jwt_config_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_idp_jwt_config.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_idp_model.go
feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979)
2024-05-23 05:04:07 +00:00
instance_idp_oidc_config_model.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
instance_idp_oidc_config_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_idp_oidc_config.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_idp_test.go
fix(saml): improve error handling (#8928)
2024-12-03 10:38:28 +00:00
instance_idp.go
fix(saml): improve error handling (#8928)
2024-12-03 10:38:28 +00:00
instance_member_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
instance_member_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_member.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_model.go
feat: SMTP Templates (#6932)
2024-04-11 09:16:10 +02:00
instance_oidc_settings_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
instance_oidc_settings_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_oidc_settings.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_permissions.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
instance_policy_domain_model.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_policy_domain_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_domain.go
feat: user service v2 create, update and remove (#6996)
2023-12-21 10:03:37 +01:00
instance_policy_label_model.go
feat: add attribute to only enable specific themes (#6798)
2023-10-26 05:54:09 +00:00
instance_policy_label_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_label.go
fix: setup instance with human an machine user at creation (#7997)
2024-05-23 12:28:46 +02:00
instance_policy_login_factors_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
instance_policy_login_identity_provider_model.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
instance_policy_login_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_policy_login_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_login.go
fix: keep user idp links (#7079)
2023-12-19 10:25:50 +00:00
instance_policy_mail_template_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_policy_mail_template_test.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_policy_mail_template.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_policy_notification_model.go
feat: add notification policy and password change message (#5065)
2023-01-25 09:49:41 +01:00
instance_policy_notification_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_notification.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_policy_password_age_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_policy_password_age_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_password_age.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_policy_password_complexity_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_policy_password_complexity_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_password_complexity.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_policy_password_lockout_model.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
instance_policy_password_lockout_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_password_lockout.go
feat(session api): respect lockout policy (#8027)
2024-05-30 22:08:48 +00:00
instance_policy_privacy_model.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
instance_policy_privacy_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_policy_privacy.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
instance_policy_security_model.go
feat(oidc): token exchange impersonation (#7516)
2024-03-20 10:18:46 +00:00
instance_policy_security.go
feat: impersonation roles (#7442)
2024-02-28 10:21:11 +00:00
instance_secret_generator_model.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
instance_settings_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_settings.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_smtp_config_model.go
fix: smtp provider (#8610)
2024-09-13 13:22:25 +00:00
instance_test.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
instance_trusted_domain_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
instance_trusted_domain.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance_trusted_domains_model.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
jwt_config_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
key_pair_model.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
key_pair.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
limits_bulk_model.go
feat: block instances (#7129)
2024-01-17 10:16:48 +00:00
limits_model.go
feat: block instances (#7129)
2024-01-17 10:16:48 +00:00
limits_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
limits.go
feat: block instances (#7129)
2024-01-17 10:16:48 +00:00
logout_session_model.go
feat(OIDC): add back channel logout (#8837)
2024-10-31 15:57:17 +01:00
logout_session.go
feat(OIDC): add back channel logout (#8837)
2024-10-31 15:57:17 +01:00
main_test.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
member_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
metadata_model.go
fix(metadata): corrected handling of remove metadata events (#4505)
2022-10-07 09:44:28 +00:00
milestone_model.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
milestone_test.go
feat(cache): redis cache (#8822)
2024-11-04 10:44:51 +00:00
milestone.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
notification.go
feat(notification): use event worker pool (#8962)
2024-11-27 15:01:17 +00:00
oidc_config_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
oidc_session_model.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
oidc_session_test.go
fix(oidc): do not return access token for response type id_token (#8777)
2024-11-12 15:20:48 +00:00
oidc_session.go
fix(oidc): do not return access token for response type id_token (#8777)
2024-11-12 15:20:48 +00:00
org_action_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_action_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_action.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_converter.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
org_custom_login_text_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_custom_login_text_test.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
org_custom_login_text.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_custom_message_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_custom_message_text_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_custom_message_text.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_domain_model.go
fix: process org remove event in domain verified writemodel (#8790)
2024-11-28 17:09:00 +00:00
org_domain_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_domain.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
org_flow_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_flow_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_flow.go
fix(actions): preserve order of execution (#8895)
2024-11-14 14:04:39 +00:00
org_idp_config_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_idp_config_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_idp_config.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_idp_jwt_config_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_idp_jwt_config_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_idp_jwt_config.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_idp_model.go
feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979)
2024-05-23 05:04:07 +00:00
org_idp_oidc_config_model.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
org_idp_oidc_config_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_idp_oidc_config.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_idp_test.go
fix(saml): improve error handling (#8928)
2024-12-03 10:38:28 +00:00
org_idp.go
fix(saml): improve error handling (#8928)
2024-12-03 10:38:28 +00:00
org_member_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_member_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_member.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_metadata_model.go
feat(org): add org metadata functionality (#4234)
2022-09-20 14:32:09 +00:00
org_metadata_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_metadata.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_model.go
feat: remove org (#4148)
2022-11-30 17:01:17 +01:00
org_policy_domain_model.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_policy_domain_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_domain.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_policy_label_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_policy_label_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_label.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_policy_lockout_model.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
org_policy_lockout_test.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
org_policy_lockout.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_policy_login_factors_model.go
feat: remove org (#4148)
2022-11-30 17:01:17 +01:00
org_policy_login_identity_provider_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
org_policy_login_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_policy_login_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_login.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_policy_mail_template_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_policy_mail_template_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_policy_mail_template.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_policy_notification_model.go
feat: add notification policy and password change message (#5065)
2023-01-25 09:49:41 +01:00
org_policy_notification_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_notification.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_policy_password_age_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_policy_password_age_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_password_age.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_policy_password_complexity_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_policy_password_complexity_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_password_complexity.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_policy_privacy_model.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
org_policy_privacy_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
org_policy_privacy.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
org_test.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
org.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
phone_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
phone.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
policy_label_model.go
feat: add attribute to only enable specific themes (#6798)
2023-10-26 05:54:09 +00:00
policy_login_factors_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
policy_login_model.go
feat: allow to force MFA local only (#6234)
2023-07-20 04:06:16 +00:00
policy_mail_template_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
policy_notification_model.go
feat: add notification policy and password change message (#5065)
2023-01-25 09:49:41 +01:00
policy_org_model.go
fix: remove domain and user correctly in DomainPolicyUsernamesWriteModel (#4850)
2022-12-08 08:11:49 +01:00
policy_password_age_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
policy_password_complexity_model.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
policy_password_lockout_model.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
policy_privacy_model.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
preparation_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
project_application_api_model.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
project_application_api_test.go
fix(oidc): don't push introspection client events (#8481)
2024-08-28 18:19:50 +00:00
project_application_api.go
fix(oidc): don't push introspection client events (#8481)
2024-08-28 18:19:50 +00:00
project_application_key_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
project_application_key_test.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
project_application_key.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
project_application_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
project_application_oidc_model.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
project_application_oidc_test.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
project_application_oidc.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
project_application_saml_model.go
fix(saml): correct handling of remove (#5606)
2023-04-05 11:42:00 +00:00
project_application_saml_test.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
project_application_saml.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
project_application_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
project_application.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
project_converter.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
project_grant_member_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
project_grant_member_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
project_grant_member.go
perf(import): do not check for existing grant ID (#8164)
2024-06-20 13:31:58 +00:00
project_grant_model.go
fix: add resourceowner to check for project in project grant (#8785)
2024-10-30 08:53:00 +00:00
project_grant_test.go
fix: project existing check removed from project grant remove (#9004)
2024-12-03 14:38:25 +00:00
project_grant.go
fix: project existing check removed from project grant remove (#9004)
2024-12-03 14:38:25 +00:00
project_member_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
project_member_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
project_member.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
project_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
project_old.go
fix: add resourceowner to check for project in project grant (#8785)
2024-10-30 08:53:00 +00:00
project_role_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
project_role_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
project_role.go
feat(eventstore): add search table (#8191)
2024-07-03 15:00:56 +00:00
project_test.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
project.go
perf(milestones): refactor (#8788)
2024-10-28 08:29:34 +00:00
quota_model_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
quota_model.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
quota_report_test.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
quota_report.go
perf: project quotas and usages (#6441)
2023-09-15 16:58:45 +02:00
quota_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
quota.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
resource_ower_model.go
fix: correctly delete sessions created before 2.42 (#7050)
2023-12-09 08:59:51 +00:00
restrictions_model.go
feat: restrict languages (#6931)
2023-12-05 11:12:01 +00:00
restrictions_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
restrictions.go
chore: fix function names in comment (#7723)
2024-04-08 08:15:44 +00:00
saml_request_model.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_request_test.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_request.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_session_model.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_session_test.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_session.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
session_model_test.go
feat(api/v2): implement U2F session check (#6339)
2023-08-11 15:36:18 +00:00
session_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
session_otp_test.go
fix: twilio code generation and verification (#8728)
2024-10-07 07:12:44 +02:00
session_otp.go
fix: pass sessionID to OTP email link (#8745)
2024-10-10 13:53:32 +00:00
session_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
session_webauhtn.go
feat(session api): respect lockout policy (#8027)
2024-05-30 22:08:48 +00:00
session_webauthn_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
session.go
fix: twilio code generation and verification (#8728)
2024-10-07 07:12:44 +02:00
sms_config_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
sms_config_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
sms_config.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
smtp_test.go
feat: add http as smtp provider (#8545)
2024-09-12 06:27:29 +02:00
smtp.go
feat: add http as smtp provider (#8545)
2024-09-12 06:27:29 +02:00
statics.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
system_features_model.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
system_features_test.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
system_features.go
perf: role permissions in database (#9152)
2025-01-16 10:09:15 +00:00
system_model.go
fix(eventstore): prevent allocation of filtered events (#6749)
2023-10-19 15:21:31 +00:00
unique_constraints_model.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
user_converter.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
user_domain_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_domain_policy.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
user_grant_converter.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
user_grant_model.go
fix: improve user grants precondition checks (#4237)
2022-08-24 11:38:59 +02:00
user_grant_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_grant.go
perf(command): user grant pre-condition check using the search table (#8230)
2024-07-04 16:18:43 +00:00
user_human_access_token_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_human_address_model.go
chore(v2): move to new org (#3499)
2022-04-26 23:01:45 +00:00
user_human_address.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_human_adress_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_human_avatar_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_human_avatar.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_human_email_model.go
feat: pass and handle auth request context for email links (#7815)
2024-04-24 17:50:58 +02:00
user_human_email_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_human_email.go
fix: allow login with user created through v2 api without password (#8291)
2024-07-17 06:43:07 +02:00
user_human_init_model.go
feat: pass and handle auth request context for email links (#7815)
2024-04-24 17:50:58 +02:00
user_human_init_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_human_init.go
fix: check password complexity policy and respect changeRequired on password change (#7884)
2024-05-02 11:50:13 +02:00
user_human_model.go
fix: handle password data correct on user creation (#6515)
2023-09-07 14:06:11 +00:00
user_human_otp_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_otp_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_otp.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_human_password_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_password_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_password.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_human_phone_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_phone_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_phone.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_human_profile_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_human_profile_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_human_profile.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_human_refresh_token_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_human_refresh_token_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_human_refresh_token.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
user_human_test.go
feat(OIDC): add back channel logout (#8837)
2024-10-31 15:57:17 +01:00
user_human_webauthn_model.go
feat(api/v2): implement U2F session check (#6339)
2023-08-11 15:36:18 +00:00
user_human_webauthn.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_human.go
feat: replace user scim v2 endpoint (#9163)
2025-01-14 15:44:41 +01:00
user_idp_link_model.go
fix: migrate external id of federated users (#6312)
2023-08-04 11:35:36 +02:00
user_idp_link_test.go
feat(idp): provide auto only options (#8420)
2024-08-14 13:04:26 +00:00
user_idp_link.go
feat(idp): provide auto only options (#8420)
2024-08-14 13:04:26 +00:00
user_machine_key_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_machine_key_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_machine_key.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
user_machine_model.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
user_machine_secret_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_machine_secret.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
user_machine_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_machine.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
user_membership.go
fix(notify): notify user in projection (#3889)
2022-07-06 14:09:49 +02:00
user_metadata_model.go
feat: remove org (#4148)
2022-11-30 17:01:17 +01:00
user_metadata_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_metadata.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
user_model.go
feat: replace user scim v2 endpoint (#9163)
2025-01-14 15:44:41 +01:00
user_password_complexity_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_password_complexity_policy.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_personal_access_token_model.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_personal_access_token_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_personal_access_token.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_schema_model.go
feat: user v3 api update (#8582)
2024-09-17 08:27:48 +00:00
user_schema_test.go
feat: add schema user create and remove (#8494)
2024-08-28 19:46:45 +00:00
user_schema.go
feat: user v3 api update (#8582)
2024-09-17 08:27:48 +00:00
user_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_v2_email_test.go
fix: restructure resend email code to send email code (#9099)
2024-12-27 16:34:38 +01:00
user_v2_email.go
fix: restructure resend email code to send email code (#9099)
2024-12-27 16:34:38 +01:00
user_v2_human_test.go
fix: process org remove event in domain verified writemodel (#8790)
2024-11-28 17:09:00 +00:00
user_v2_human.go
feat: replace user scim v2 endpoint (#9163)
2025-01-14 15:44:41 +01:00
user_v2_invite_model.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
user_v2_invite_test.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
user_v2_invite.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v2_model_test.go
fix: twilio code generation and verification (#8728)
2024-10-07 07:12:44 +02:00
user_v2_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v2_passkey_test.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v2_passkey.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v2_password_test.go
fix: twilio code generation and verification (#8728)
2024-10-07 07:12:44 +02:00
user_v2_password.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v2_phone_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v2_phone.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v2_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
user_v2_totp_test.go
fix: import totp in add human user with secret (#7936)
2024-05-14 09:20:31 +02:00
user_v2_totp.go
fix: allow other users to set up MFAs (#7914)
2024-05-07 05:38:26 +00:00
user_v2_u2f_test.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
user_v2_u2f.go
fix: allow other users to set up MFAs (#7914)
2024-05-07 05:38:26 +00:00
user_v2_username.go
perf(import): optimize search for domains claimed by other organizations (#8200)
2024-07-05 09:36:00 +02:00
user_v2.go
fix: consistent permission check on user v2 (#8807)
2024-12-03 10:14:04 +00:00
user_v3_email_test.go
feat: user v3 contact email and phone (#8644)
2024-09-25 13:31:31 +00:00
user_v3_email.go
feat: user v3 contact email and phone (#8644)
2024-09-25 13:31:31 +00:00
user_v3_model.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v3_phone_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v3_phone.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v3_test.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user_v3.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
user.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
web_key_model.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
web_key_test.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
web_key.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00