Livio Spring 40094bee87

fix: permission checks on session API ...

# Which Problems Are Solved

The session API allowed any authenticated user to update sessions by their ID without any further check.
This was unintentionally introduced with version 2.53.0 when the requirement of providing the latest session token on every session update was removed and no other permission check (e.g. session.write) was ensured.

# How the Problems Are Solved

- Granted `session.write` to `IAM_OWNER` and `IAM_LOGIN_CLIENT` in the defaults.yaml
- Granted `session.read` to `IAM_ORG_MANAGER`, `IAM_USER_MANAGER` and `ORG_OWNER` in the defaults.yaml
- Pass the session token to the UpdateSession command.
- Check for `session.write` permission on session creation and update.
  - Alternatively, the (latest) sessionToken can be used to update the session.
- Setting an auth request to failed on the OIDC Service `CreateCallback` endpoint now ensures it's either the same user as used to create the auth request (for backwards compatibilty) or requires `session.link` permission.
- Setting an device auth request to failed on the OIDC Service `AuthorizeOrDenyDeviceAuthorization` endpoint now requires `session.link` permission.
- Setting an auth request to failed on the SAML Service `CreateResponse` endpoint now requires `session.link` permission.

# Additional Changes

none

# Additional Context

none

(cherry picked from commit 4c942f3477b073e3e270079e6424b2b3797765d6)

2025-07-15 15:11:49 +02:00

..

errors

feat(session/v2): user password lockout error response (#9233)

2025-01-29 10:29:00 +00:00

preparation

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

action_v2_execution_model_test.go

feat: add action v2 execution on requests and responses (#7637)

2024-05-04 11:55:57 +02:00

action_v2_execution_model.go

feat(v3alpha): write actions (#8225)

2024-07-31 14:42:12 +02:00

action_v2_execution_test.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

action_v2_execution.go

feat(v3alpha): write actions (#8225)

2024-07-31 14:42:12 +02:00

action_v2_target_model_test.go

feat: action v2 signing (#8779)

2024-11-28 10:06:52 +00:00

action_v2_target_model.go

feat: action v2 signing (#8779)

2024-11-28 10:06:52 +00:00

action_v2_target_test.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

action_v2_target.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

auth_checks.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

auth_request_model.go

fix: SAML and OIDC issuer (in proxied use cases) (#9638)

2025-03-26 17:08:13 +00:00

auth_request_test.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

auth_request.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

cache.go

feat(cache): redis cache (#8822)

2024-11-04 10:44:51 +00:00

command_test.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

command.go

Merge commit from fork

2025-05-02 13:44:24 +02:00

converter.go

fix(permissions): chunked synchronization of role permission events (#9403)

2025-02-26 16:06:50 +00:00

crypto_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

crypto.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

custom_login_text_model.go

fix: automatically link user without prompt (#8487)

2024-08-28 05:33:20 +00:00

custom_login_text.go

fix: automatically link user without prompt (#8487)

2024-08-28 05:33:20 +00:00

custom_message_text_model.go

fix(logintexts): fix several custom text attributes for get and set (#4733)

2022-12-01 13:31:46 +01:00

debug_events_model.go

feat: add debug events API (#8533)

2024-09-11 08:24:00 +00:00

debug_events_test.go

feat: add debug events API (#8533)

2024-09-11 08:24:00 +00:00

debug_events.go

feat: add debug events API (#8533)

2024-09-11 08:24:00 +00:00

debug_notification_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

device_auth_model.go

feat(api): allow Device Authorization Grant using custom login UI (#9387)

2025-02-25 07:33:13 +01:00

device_auth_test.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

device_auth.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

email.go

feat: invite user link (#8578)

2024-09-11 10:53:55 +00:00

flow_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

hosted_login_translation_model.go

feat: Hosted login translation API (#10011)

2025-06-18 13:24:39 +02:00

hosted_login_translation_test.go

feat: Hosted login translation API (#10011)

2025-06-18 13:24:39 +02:00

hosted_login_translation.go

feat: Hosted login translation API (#10011)

2025-06-18 13:24:39 +02:00

identity_provider_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

idp_config_model.go

feat(login): additionally use email/phone for authentication (#4563)

2022-10-17 19:19:15 +00:00

idp_intent_model.go

Merge commit from fork

2025-05-02 13:44:24 +02:00

idp_intent_test.go

fix(api): return typed saml form post data in idp intent (#10136)

2025-06-30 15:07:33 +00:00

idp_intent.go

Merge commit from fork

2025-05-02 13:44:24 +02:00

idp_model_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

idp_model.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

idp.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

instance_converter.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

instance_custom_login_text_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_custom_login_text_test.go

fix: automatically link user without prompt (#8487)

2024-08-28 05:33:20 +00:00

instance_custom_login_text.go

fix: empty custom text changes push no events (#8054)

2024-06-17 12:47:38 +00:00

instance_custom_message_text_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_custom_message_text_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_custom_message_text.go

fix: empty custom text changes push no events (#8054)

2024-06-17 12:47:38 +00:00

instance_debug_notification_file_model.go

feat(eventstore): increase parallel write capabilities (#5940)

2023-10-19 12:19:10 +02:00

instance_debug_notification_file_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_debug_notification_file.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_debug_notification_log_model.go

feat(eventstore): increase parallel write capabilities (#5940)

2023-10-19 12:19:10 +02:00

instance_debug_notification_log_test.go

feat(eventstore): accept transaction in push (#8945)

2024-11-22 17:25:28 +01:00

instance_debug_notification_log.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_domain_model.go

fix(eventstore): prevent allocation of filtered events (#6749)

2023-10-19 15:21:31 +00:00

instance_domain_test.go

feat: specify login UI version on instance and apps (#9071)

2024-12-19 10:37:46 +01:00

instance_domain.go

feat: trusted (instance) domains (#8369)

2024-07-31 18:00:38 +03:00

instance_features_model.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

instance_features_test.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

instance_features.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

instance_idp_config_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_idp_config_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_idp_config.go

fix: check idp existence by org id (#7667)

2024-04-09 19:32:00 +00:00

instance_idp_jwt_config_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_idp_jwt_config_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_idp_jwt_config.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_idp_model.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 14:59:34 +02:00

instance_idp_oidc_config_model.go

feat(crypto): use passwap for machine and app secrets (#7657)

2024-04-05 09:35:49 +00:00

instance_idp_oidc_config_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_idp_oidc_config.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_idp_test.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

instance_idp.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

instance_member_model.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

instance_member_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

instance_member.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

instance_model.go

feat: SMTP Templates (#6932)

2024-04-11 09:16:10 +02:00

instance_oidc_settings_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

instance_oidc_settings_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_oidc_settings.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_domain_model.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_domain_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_domain.go

feat: user service v2 create, update and remove (#6996)

2023-12-21 10:03:37 +01:00

instance_policy_label_model.go

feat: add attribute to only enable specific themes (#6798)

2023-10-26 05:54:09 +00:00

instance_policy_label_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_label.go

fix: setup instance with human an machine user at creation (#7997)

2024-05-23 12:28:46 +02:00

instance_policy_login_factors_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

instance_policy_login_identity_provider_model.go

feat(eventstore): increase parallel write capabilities (#5940)

2023-10-19 12:19:10 +02:00

instance_policy_login_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_policy_login_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_login.go

fix: keep user idp links (#7079)

2023-12-19 10:25:50 +00:00

instance_policy_mail_template_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_policy_mail_template_test.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_policy_mail_template.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_notification_model.go

feat: add notification policy and password change message (#5065)

2023-01-25 09:49:41 +01:00

instance_policy_notification_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_notification.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_password_age_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_policy_password_age_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_password_age.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_password_complexity_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

instance_policy_password_complexity_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_password_complexity.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_policy_password_lockout_model.go

feat: provide option to limit (T)OTP checks (#7693)

2024-04-10 09:14:55 +00:00

instance_policy_password_lockout_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_password_lockout.go

feat(session api): respect lockout policy (#8027)

2024-05-30 22:08:48 +00:00

instance_policy_privacy_model.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

instance_policy_privacy_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_policy_privacy.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

instance_policy_security_model.go

feat(oidc): token exchange impersonation (#7516)

2024-03-20 10:18:46 +00:00

instance_policy_security.go

feat: impersonation roles (#7442)

2024-02-28 10:21:11 +00:00

instance_role_permissions_sync.sql

fix(permissions): chunked synchronization of role permission events (#9403)

2025-02-26 16:06:50 +00:00

instance_role_permissions_test.go

fix(permissions): chunked synchronization of role permission events (#9403)

2025-02-26 16:06:50 +00:00

instance_role_permissions.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

instance_secret_generator_model.go

feat(eventstore): increase parallel write capabilities (#5940)

2023-10-19 12:19:10 +02:00

instance_settings_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

instance_settings.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

instance_smtp_config_model.go

fix: smtp provider (#8610)

2024-09-13 13:22:25 +00:00

instance_test.go

feat: initial admin PAT has IAM_LOGIN_CLIENT (#10143)

2025-07-02 09:14:36 +00:00

instance_trusted_domain_test.go

feat: instance requests implementation for resource API (#9830)

2025-05-21 10:50:44 +02:00

instance_trusted_domain.go

feat: instance requests implementation for resource API (#9830)

2025-05-21 10:50:44 +02:00

instance_trusted_domains_model.go

feat: trusted (instance) domains (#8369)

2024-07-31 18:00:38 +03:00

instance.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

jwt_config_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

key_pair_model.go

feat(v3alpha): web key resource (#8262)

2024-08-14 14:18:14 +00:00

key_pair.go

chore(oidc): graduate webkey to stable (#10122)

2025-06-26 19:17:45 +03:00

limits_bulk_model.go

feat: block instances (#7129)

2024-01-17 10:16:48 +00:00

limits_model.go

feat: block instances (#7129)

2024-01-17 10:16:48 +00:00

limits_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

limits.go

feat: block instances (#7129)

2024-01-17 10:16:48 +00:00

logout_session_model.go

feat(OIDC): add back channel logout (#8837)

2024-10-31 15:57:17 +01:00

logout_session.go

feat(OIDC): add back channel logout (#8837)

2024-10-31 15:57:17 +01:00

main_test.go

feat: permission check on OIDC and SAML service session API (#9304)

2025-02-11 18:45:09 +00:00

member_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

metadata_model.go

fix(metadata): corrected handling of remove metadata events (#4505)

2022-10-07 09:44:28 +00:00

milestone_model.go

perf(milestones): refactor (#8788)

2024-10-28 08:29:34 +00:00

milestone_test.go

feat(cache): redis cache (#8822)

2024-11-04 10:44:51 +00:00

milestone.go

fix(permissions_v2): add membership fields migration (#9199)

2025-01-17 16:16:26 +01:00

oidc_config_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

oidc_session_model.go

perf(oidc): optimize token creation (#7822)

2024-05-16 07:07:56 +02:00

oidc_session_test.go

fix: SAML and OIDC issuer (in proxied use cases) (#9638)

2025-03-26 17:08:13 +00:00

oidc_session.go

fix(OIDC): back channel logout work for custom UI (#9487)

2025-03-11 14:19:09 +00:00

org_action_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_action_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_action.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_converter.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

org_custom_login_text_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_custom_login_text_test.go

fix: automatically link user without prompt (#8487)

2024-08-28 05:33:20 +00:00

org_custom_login_text.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_custom_message_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_custom_message_text_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_custom_message_text.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_domain_model.go

fix: process org remove event in domain verified writemodel (#8790)

2024-11-28 17:09:00 +00:00

org_domain_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_domain.go

fix: case changes on org domain (#9196)

2025-01-16 16:05:55 +01:00

org_flow_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_flow_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_flow.go

fix(actions): preserve order of execution (#8895)

2024-11-14 14:04:39 +00:00

org_idp_config_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_idp_config_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_idp_config.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_idp_jwt_config_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_idp_jwt_config_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_idp_jwt_config.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_idp_model.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

org_idp_oidc_config_model.go

feat(crypto): use passwap for machine and app secrets (#7657)

2024-04-05 09:35:49 +00:00

org_idp_oidc_config_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_idp_oidc_config.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_idp_test.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

org_idp.go

feat: federated logout for SAML IdPs (#9931)

2025-05-23 13:52:25 +02:00

org_member_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_member_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

org_member.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

org_metadata_model.go

feat(org): add org metadata functionality (#4234)

2022-09-20 14:32:09 +00:00

org_metadata_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_metadata.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_model.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

org_policy_domain_model.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_policy_domain_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_domain.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_policy_label_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_policy_label_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_label.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_policy_lockout_model.go

feat: provide option to limit (T)OTP checks (#7693)

2024-04-10 09:14:55 +00:00

org_policy_lockout_test.go

feat: provide option to limit (T)OTP checks (#7693)

2024-04-10 09:14:55 +00:00

org_policy_lockout.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_policy_login_factors_model.go

feat: remove org (#4148)

2022-11-30 17:01:17 +01:00

org_policy_login_identity_provider_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

org_policy_login_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_policy_login_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_login.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_policy_mail_template_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_policy_mail_template_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_policy_mail_template.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_policy_notification_model.go

feat: add notification policy and password change message (#5065)

2023-01-25 09:49:41 +01:00

org_policy_notification_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_notification.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_policy_password_age_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_policy_password_age_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_password_age.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

org_policy_password_complexity_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

org_policy_password_complexity_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_password_complexity.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_policy_privacy_model.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

org_policy_privacy_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

org_policy_privacy.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

org_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

org.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

permission_checks_test.go

fix: allow user self deletion (#9828)

2025-05-07 15:24:24 +02:00

permission_checks.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

phone_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

phone.go

feat: patch user scim v2 endpoint (#9219)

2025-01-27 13:36:07 +01:00

policy_label_model.go

feat: add attribute to only enable specific themes (#6798)

2023-10-26 05:54:09 +00:00

policy_login_factors_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

policy_login_model.go

feat: allow to force MFA local only (#6234)

2023-07-20 04:06:16 +00:00

policy_mail_template_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

policy_notification_model.go

feat: add notification policy and password change message (#5065)

2023-01-25 09:49:41 +01:00

policy_org_model.go

fix: remove domain and user correctly in DomainPolicyUsernamesWriteModel (#4850)

2022-12-08 08:11:49 +01:00

policy_password_age_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

policy_password_complexity_model.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

policy_password_lockout_model.go

feat: provide option to limit (T)OTP checks (#7693)

2024-04-10 09:14:55 +00:00

policy_privacy_model.go

feat(cnsl): docs link can be customized and custom button is available (#7840)

2024-05-13 16:01:50 +02:00

preparation_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

project_application_api_model.go

feat(crypto): use passwap for machine and app secrets (#7657)

2024-04-05 09:35:49 +00:00

project_application_api_test.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_api.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_key_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

project_application_key_test.go

feat: App Keys API v2 (#10140)

2025-07-02 07:34:19 +00:00

project_application_key.go

feat: App Keys API v2 (#10140)

2025-07-02 07:34:19 +00:00

project_application_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

project_application_oidc_model.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_oidc_test.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_oidc.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_saml_model.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_saml_test.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_saml.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application_test.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_application.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_converter.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_grant_member_model.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_grant_member_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_grant_member.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_grant_model.go

fix: correct permissions for projects on v2 api (#9973)

2025-06-04 11:46:10 +00:00

project_grant_test.go

fix: correct permissions for projects on v2 api (#9973)

2025-06-04 11:46:10 +00:00

project_grant.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_member_model.go

fix(permissions_v2): add membership fields migration (#9199)

2025-01-17 16:16:26 +01:00

project_member_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_member.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

project_model.go

feat: App API v2 (#10077)

2025-06-27 17:25:44 +02:00

project_old.go

fix: correct permissions for projects on v2 api (#9973)

2025-06-04 11:46:10 +00:00

project_role_model.go

feat: project v2beta resource API (#9742)

2025-05-21 14:40:47 +02:00

project_role_test.go

feat: project v2beta resource API (#9742)

2025-05-21 14:40:47 +02:00

project_role.go

feat: project v2beta resource API (#9742)

2025-05-21 14:40:47 +02:00

project_test.go

feat: project v2beta resource API (#9742)

2025-05-21 14:40:47 +02:00

project.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

quota_model_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

quota_model.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

quota_report_test.go

feat(eventstore): increase parallel write capabilities (#5940)

2023-10-19 12:19:10 +02:00

quota_report.go

perf: project quotas and usages (#6441)

2023-09-15 16:58:45 +02:00

quota_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

quota.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

resource_owner_model.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

restrictions_model.go

feat: restrict languages (#6931)

2023-12-05 11:12:01 +00:00

restrictions_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

restrictions.go

chore: fix function names in comment (#7723)

2024-04-08 08:15:44 +00:00

saml_request_model.go

fix: SAML and OIDC issuer (in proxied use cases) (#9638)

2025-03-26 17:08:13 +00:00

saml_request_test.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

saml_request.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

saml_session_model.go

feat: add saml request to link to sessions (#9001)

2024-12-19 11:11:40 +00:00

saml_session_test.go

fix: SAML and OIDC issuer (in proxied use cases) (#9638)

2025-03-26 17:08:13 +00:00

saml_session.go

feat: add saml request to link to sessions (#9001)

2024-12-19 11:11:40 +00:00

session_model_test.go

feat(api/v2): implement U2F session check (#6339)

2023-08-11 15:36:18 +00:00

session_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

session_otp_test.go

fix: twilio code generation and verification (#8728)

2024-10-07 07:12:44 +02:00

session_otp.go

fix: pass sessionID to OTP email link (#8745)

2024-10-10 13:53:32 +00:00

session_test.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

session_webauhtn.go

feat(session api): respect lockout policy (#8027)

2024-05-30 22:08:48 +00:00

session_webauthn_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

session.go

fix: permission checks on session API

2025-07-15 15:11:49 +02:00

sms_config_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

sms_config_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

sms_config.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

smtp_test.go

feat: add http as smtp provider (#8545)

2024-09-12 06:27:29 +02:00

smtp.go

feat: add http as smtp provider (#8545)

2024-09-12 06:27:29 +02:00

statics.go

chore(deps): upgrade go mods from zitadel organization (#9601)

2025-03-24 06:03:24 +00:00

system_features_model.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

system_features_test.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

system_features.go

chore(oidc): remove feature flag for introspection triggers (#10132)

2025-06-30 05:48:04 +00:00

system_model.go

fix(eventstore): prevent allocation of filtered events (#6749)

2023-10-19 15:21:31 +00:00

unique_constraints_model.go

refactor: cleanup unused code (#7130)

2024-01-02 14:26:31 +00:00

user_converter.go

perf(oidc): optimize token creation (#7822)

2024-05-16 07:07:56 +02:00

user_domain_policy_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_domain_policy.go

fix(import): add tracing spans to all import related functions (#8160)

2024-06-19 12:56:33 +02:00

user_grant_converter.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

user_grant_model.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_grant_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_grant.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_human_access_token_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

user_human_address_model.go

chore(v2): move to new org (#3499)

2022-04-26 23:01:45 +00:00

user_human_address.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_human_adress_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_human_avatar_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_human_avatar.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_human_email_model.go

feat: pass and handle auth request context for email links (#7815)

2024-04-24 17:50:58 +02:00

user_human_email_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_human_email.go

fix: allow login with user created through v2 api without password (#8291)

2024-07-17 06:43:07 +02:00

user_human_init_model.go

feat: pass and handle auth request context for email links (#7815)

2024-04-24 17:50:58 +02:00

user_human_init_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_human_init.go

fix: check password complexity policy and respect changeRequired on password change (#7884)

2024-05-02 11:50:13 +02:00

user_human_model.go

fix: handle password data correct on user creation (#6515)

2023-09-07 14:06:11 +00:00

user_human_otp_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_otp_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_otp.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_human_password_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_password_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_password.go

feat(session/v2): user password lockout error response (#9233)

2025-01-29 10:29:00 +00:00

user_human_phone_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_phone_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_phone.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_human_profile_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

user_human_profile_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_human_profile.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_human_refresh_token_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

user_human_refresh_token_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_human_refresh_token.go

perf(oidc): optimize token creation (#7822)

2024-05-16 07:07:56 +02:00

user_human_test.go

fix(import/export): fix for deactivated user/organization being imported as active (#9992)

2025-06-11 12:50:31 +01:00

user_human_webauthn_model.go

feat(api/v2): implement U2F session check (#6339)

2023-08-11 15:36:18 +00:00

user_human_webauthn.go

fix: consistent permission check on user v2 (#8807)

2024-12-03 10:14:04 +00:00

user_human.go

fix(import/export): fix for deactivated user/organization being imported as active (#9992)

2025-06-11 12:50:31 +01:00

user_idp_link_model.go

fix: migrate external id of federated users (#6312)

2023-08-04 11:35:36 +02:00

user_idp_link_test.go

feat(idp): provide auto only options (#8420)

2024-08-14 13:04:26 +00:00

user_idp_link.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_machine_key_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

user_machine_key_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_machine_key.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_machine_model.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_machine_secret_test.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_machine_secret.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_machine_test.go

fix(import/export): fix for deactivated user/organization being imported as active (#9992)

2025-06-11 12:50:31 +01:00

user_machine.go

fix(import/export): fix for deactivated user/organization being imported as active (#9992)

2025-06-11 12:50:31 +01:00

user_membership.go

fix(notify): notify user in projection (#3889)

2022-07-06 14:09:49 +02:00

user_metadata_model.go

feat: remove org (#4148)

2022-11-30 17:01:17 +01:00

user_metadata_test.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_metadata.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_model.go

feat: replace user scim v2 endpoint (#9163)

2025-01-14 15:44:41 +01:00

user_password_complexity_policy_test.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_password_complexity_policy.go

refactor: rename package errors to zerrors (#7039)

2023-12-08 15:30:55 +01:00

user_personal_access_token_model.go

refactor(fmt): run gci on complete project (#7557)

2024-04-03 10:43:43 +00:00

user_personal_access_token_test.go

feat(v3alpha): read actions (#8357)

2024-08-12 22:32:01 +02:00

user_personal_access_token.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_schema_model.go

chore: updating go to 1.24 (#9507)

2025-03-25 07:01:29 +00:00

user_schema_test.go

feat: add schema user create and remove (#8494)

2024-08-28 19:46:45 +00:00

user_schema.go

feat: user v3 api update (#8582)

2024-09-17 08:27:48 +00:00

user_test.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_email_test.go

fix: restructure resend email code to send email code (#9099)

2024-12-27 16:34:38 +01:00

user_v2_email.go

fix: restructure resend email code to send email code (#9099)

2024-12-27 16:34:38 +01:00

user_v2_human_test.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_human.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_invite_model.go

fix: allow invite codes for users with verified mails (#9962)

2025-05-26 13:59:20 +02:00

user_v2_invite_test.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_invite.go

fix: allow invite codes for users with verified mails (#9962)

2025-05-26 13:59:20 +02:00

user_v2_machine_test.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_machine.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_model_test.go

fix: scim v2 endpoints enforce user resource owner (#9273)

2025-01-30 16:43:13 +01:00

user_v2_model.go

feat: user api requests to resource API (#9794)

2025-06-04 07:17:23 +00:00

user_v2_passkey_test.go

fix: consistent permission check on user v2 (#8807)

2024-12-03 10:14:04 +00:00

user_v2_passkey.go

fix: consistent permission check on user v2 (#8807)

2024-12-03 10:14:04 +00:00

user_v2_password_test.go

fix: twilio code generation and verification (#8728)

2024-10-07 07:12:44 +02:00

user_v2_password.go

fix: consistent permission check on user v2 (#8807)

2024-12-03 10:14:04 +00:00

user_v2_phone_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_v2_phone.go

fix: consistent permission check on user v2 (#8807)

2024-12-03 10:14:04 +00:00

user_v2_test.go

fix: allow user self deletion (#9828)

2025-05-07 15:24:24 +02:00

user_v2_totp_test.go

fix: import totp in add human user with secret (#7936)

2024-05-14 09:20:31 +02:00

user_v2_totp.go

fix: allow other users to set up MFAs (#7914)

2024-05-07 05:38:26 +00:00

user_v2_u2f_test.go

feat: trusted (instance) domains (#8369)

2024-07-31 18:00:38 +03:00

user_v2_u2f.go

fix: allow other users to set up MFAs (#7914)

2024-05-07 05:38:26 +00:00

user_v2_username.go

perf(import): optimize search for domains claimed by other organizations (#8200)

2024-07-05 09:36:00 +02:00

user_v2.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

user_v3_email_test.go

feat: user v3 contact email and phone (#8644)

2024-09-25 13:31:31 +00:00

user_v3_email.go

feat: user v3 contact email and phone (#8644)

2024-09-25 13:31:31 +00:00

user_v3_model.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_v3_phone_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_v3_phone.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_v3_test.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user_v3.go

feat: Add Twilio Verification Service (#8678)

2024-09-26 09:14:33 +02:00

user.go

feat: user profile requests in resource APIs (#10151)

2025-07-04 18:12:59 +02:00

web_key_model.go

feat(v3alpha): web key resource (#8262)

2024-08-14 14:18:14 +00:00

web_key_test.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00

web_key.go

chore!: Introduce ZITADEL v3 (#9645)

2025-04-02 16:53:06 +02:00