zitadel/internal/user/repository/view
Livio Spring 0af37d45e9
fix: handle user remove correctly in v1 sessions for login (#8432)
# Which Problems Are Solved

In case a user was deleted and recreated with the same id, they would
never be able to authenticate through the login UI, since it would
return an error "User not active".
This was due to the check in the auth request / session handling for the
login UI, where the user removed event would terminate an further event
check and ignore the newly added user.

# How the Problems Are Solved

- The user removed event no longer returns an error, but is handled as a
session termination event.
(A user removed event will already delete the user and the preceding
`activeUserById` function will deny the authentication.)

# Additional Changes

Updated tests to be able to handle multiple events in the mocks.

# Additional Context

closes https://github.com/zitadel/zitadel/issues/8201

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-08-15 05:39:54 +00:00
..
model fix: handle user remove correctly in v1 sessions for login (#8432) 2024-08-15 05:39:54 +00:00
query.go fix: reduce eventual consistency (#7075) 2023-12-14 11:07:47 +01:00
refresh_token_view.go fix(login): improve auth handlers (#7969) 2024-05-22 15:26:02 +00:00
token_view.go fix(login): improve auth handlers (#7969) 2024-05-22 15:26:02 +00:00
user_by_id.sql feat: password age policy (#8132) 2024-06-18 11:27:44 +00:00
user_session_by_id.sql feat: password age policy (#8132) 2024-06-18 11:27:44 +00:00
user_session_view.go fix(login): improve auth handlers (#7969) 2024-05-22 15:26:02 +00:00
user_sessions_by_user_agent.sql fix: correctly set user agent / fingerprint id on user sessions (#8231) 2024-07-03 09:43:34 +02:00
user_view.go fix: prevent error reason leakage in case of IgnoreUnknownUsernames (#8372) 2024-07-31 14:23:57 +02:00