TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
55b1188dd0
zitadel/internal/repository/user/human.go
Livio Spring a07b2f4677
feat: invite user link (#8578) 
# Which Problems Are Solved

As an administrator I want to be able to invite users to my application
with the API V2, some user data I will already prefil, the user should
add the authentication method themself (password, passkey, sso).

# How the Problems Are Solved

- A user can now be created with a email explicitly set to false.
- If a user has no verified email and no authentication method, an
`InviteCode` can be created through the User V2 API.
  - the code can be returned or sent through email
- additionally `URLTemplate` and an `ApplicatioName` can provided for
the email
- The code can be resent and verified through the User V2 API
- The V1 login allows users to verify and resend the code and set a
password (analog user initialization)
- The message text for the user invitation can be customized

# Additional Changes

- `verifyUserPasskeyCode` directly uses `crypto.VerifyCode` (instead of
`verifyEncryptedCode`)
- `verifyEncryptedCode` is removed (unnecessarily queried for the code
generator)

# Additional Context

- closes #8310
- TODO: login V2 will have to implement invite flow:
https://github.com/zitadel/typescript/issues/166
2024-09-11 10:53:55 +00:00

557 lines
16 KiB
Go
Raw Blame History

package user
import (
"context"
"time"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/zerrors"
)
const (
humanEventPrefix = userEventTypePrefix + "human."
HumanAddedType = humanEventPrefix + "added"
HumanRegisteredType = humanEventPrefix + "selfregistered"
HumanInitialCodeAddedType = humanEventPrefix + "initialization.code.added"
HumanInitialCodeSentType = humanEventPrefix + "initialization.code.sent"
HumanInitializedCheckSucceededType = humanEventPrefix + "initialization.check.succeeded"
HumanInitializedCheckFailedType = humanEventPrefix + "initialization.check.failed"
HumanInviteCodeAddedType = humanEventPrefix + "invite.code.added"
HumanInviteCodeSentType = humanEventPrefix + "invite.code.sent"
HumanInviteCheckSucceededType = humanEventPrefix + "invite.check.succeeded"
HumanInviteCheckFailedType = humanEventPrefix + "invite.check.failed"
HumanSignedOutType = humanEventPrefix + "signed.out"
)
type HumanAddedEvent struct {
eventstore.BaseEvent `json:"-"`
UserName string `json:"userName"`
userLoginMustBeDomain bool
FirstName string `json:"firstName,omitempty"`
LastName string `json:"lastName,omitempty"`
NickName string `json:"nickName,omitempty"`
DisplayName string `json:"displayName,omitempty"`
PreferredLanguage language.Tag `json:"preferredLanguage,omitempty"`
Gender domain.Gender `json:"gender,omitempty"`
EmailAddress domain.EmailAddress `json:"email,omitempty"`
PhoneNumber domain.PhoneNumber `json:"phone,omitempty"`
Country string `json:"country,omitempty"`
Locality string `json:"locality,omitempty"`
PostalCode string `json:"postalCode,omitempty"`
Region string `json:"region,omitempty"`
StreetAddress string `json:"streetAddress,omitempty"`
// New events only use EncodedHash. However, the secret field
// is preserved to handle events older than the switch to Passwap.
Secret *crypto.CryptoValue `json:"secret,omitempty"`
EncodedHash string `json:"encodedHash,omitempty"`
ChangeRequired bool `json:"changeRequired,omitempty"`
}
func (e *HumanAddedEvent) Payload() interface{} {
return e
}
func (e *HumanAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return []*eventstore.UniqueConstraint{NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain)}
}
func (e *HumanAddedEvent) AddAddressData(
country,
locality,
postalCode,
region,
streetAddress string,
) {
e.Country = country
e.Locality = locality
e.PostalCode = postalCode
e.Region = region
e.StreetAddress = streetAddress
}
func (e *HumanAddedEvent) AddPhoneData(
phoneNumber domain.PhoneNumber,
) {
e.PhoneNumber = phoneNumber
}
func (e *HumanAddedEvent) AddPasswordData(
encoded string,
changeRequired bool,
) {
e.EncodedHash = encoded
e.ChangeRequired = changeRequired
}
func NewHumanAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userName,
firstName,
lastName,
nickName,
displayName string,
preferredLanguage language.Tag,
gender domain.Gender,
emailAddress domain.EmailAddress,
userLoginMustBeDomain bool,
) *HumanAddedEvent {
return &HumanAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanAddedType,
),
UserName: userName,
FirstName: firstName,
LastName: lastName,
NickName: nickName,
DisplayName: displayName,
PreferredLanguage: preferredLanguage,
Gender: gender,
EmailAddress: emailAddress,
userLoginMustBeDomain: userLoginMustBeDomain,
}
}
func HumanAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
humanAdded := &HumanAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(humanAdded)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-vGlhy", "unable to unmarshal human added")
}
return humanAdded, nil
}
type HumanRegisteredEvent struct {
eventstore.BaseEvent `json:"-"`
UserName string `json:"userName"`
userLoginMustBeDomain bool
FirstName string `json:"firstName,omitempty"`
LastName string `json:"lastName,omitempty"`
NickName string `json:"nickName,omitempty"`
DisplayName string `json:"displayName,omitempty"`
PreferredLanguage language.Tag `json:"preferredLanguage,omitempty"`
Gender domain.Gender `json:"gender,omitempty"`
EmailAddress domain.EmailAddress `json:"email,omitempty"`
PhoneNumber domain.PhoneNumber `json:"phone,omitempty"`
Country string `json:"country,omitempty"`
Locality string `json:"locality,omitempty"`
PostalCode string `json:"postalCode,omitempty"`
Region string `json:"region,omitempty"`
StreetAddress string `json:"streetAddress,omitempty"`
// New events only use EncodedHash. However, the secret field
// is preserved to handle events older than the switch to Passwap.
Secret *crypto.CryptoValue `json:"secret,omitempty"` // legacy
EncodedHash string `json:"encodedHash,omitempty"`
ChangeRequired bool `json:"changeRequired,omitempty"`
UserAgentID string `json:"userAgentID,omitempty"`
}
func (e *HumanRegisteredEvent) Payload() interface{} {
return e
}
func (e *HumanRegisteredEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return []*eventstore.UniqueConstraint{NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain)}
}
func (e *HumanRegisteredEvent) AddAddressData(
country,
locality,
postalCode,
region,
streetAddress string,
) {
e.Country = country
e.Locality = locality
e.PostalCode = postalCode
e.Region = region
e.StreetAddress = streetAddress
}
func (e *HumanRegisteredEvent) AddPhoneData(
phoneNumber domain.PhoneNumber,
) {
e.PhoneNumber = phoneNumber
}
func (e *HumanRegisteredEvent) AddPasswordData(
encoded string,
changeRequired bool,
) {
e.EncodedHash = encoded
e.ChangeRequired = changeRequired
}
func NewHumanRegisteredEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userName,
firstName,
lastName,
nickName,
displayName string,
preferredLanguage language.Tag,
gender domain.Gender,
emailAddress domain.EmailAddress,
userLoginMustBeDomain bool,
userAgentID string,
) *HumanRegisteredEvent {
return &HumanRegisteredEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanRegisteredType,
),
UserName: userName,
FirstName: firstName,
LastName: lastName,
NickName: nickName,
DisplayName: displayName,
PreferredLanguage: preferredLanguage,
Gender: gender,
EmailAddress: emailAddress,
userLoginMustBeDomain: userLoginMustBeDomain,
UserAgentID: userAgentID,
}
}
func HumanRegisteredEventMapper(event eventstore.Event) (eventstore.Event, error) {
humanRegistered := &HumanRegisteredEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(humanRegistered)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-3Vm9s", "unable to unmarshal human registered")
}
return humanRegistered, nil
}
type HumanInitialCodeAddedEvent struct {
eventstore.BaseEvent `json:"-"`
Code *crypto.CryptoValue `json:"code,omitempty"`
Expiry time.Duration `json:"expiry,omitempty"`
TriggeredAtOrigin string `json:"triggerOrigin,omitempty"`
AuthRequestID string `json:"authRequestID,omitempty"`
}
func (e *HumanInitialCodeAddedEvent) Payload() interface{} {
return e
}
func (e *HumanInitialCodeAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func (e *HumanInitialCodeAddedEvent) TriggerOrigin() string {
return e.TriggeredAtOrigin
}
func NewHumanInitialCodeAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
code *crypto.CryptoValue,
expiry time.Duration,
authRequestID string,
) *HumanInitialCodeAddedEvent {
return &HumanInitialCodeAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInitialCodeAddedType,
),
Code: code,
Expiry: expiry,
TriggeredAtOrigin: http.DomainContext(ctx).Origin(),
AuthRequestID: authRequestID,
}
}
func HumanInitialCodeAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
humanRegistered := &HumanInitialCodeAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(humanRegistered)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-bM9se", "unable to unmarshal human initial code added")
}
return humanRegistered, nil
}
type HumanInitialCodeSentEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *HumanInitialCodeSentEvent) Payload() interface{} {
return nil
}
func (e *HumanInitialCodeSentEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInitialCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitialCodeSentEvent {
return &HumanInitialCodeSentEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInitialCodeSentType,
),
}
}
func HumanInitialCodeSentEventMapper(event eventstore.Event) (eventstore.Event, error) {
return &HumanInitialCodeSentEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}
type HumanInitializedCheckSucceededEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *HumanInitializedCheckSucceededEvent) Payload() interface{} {
return nil
}
func (e *HumanInitializedCheckSucceededEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInitializedCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckSucceededEvent {
return &HumanInitializedCheckSucceededEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInitializedCheckSucceededType,
),
}
}
func HumanInitializedCheckSucceededEventMapper(event eventstore.Event) (eventstore.Event, error) {
return &HumanInitializedCheckSucceededEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}
type HumanInitializedCheckFailedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *HumanInitializedCheckFailedEvent) Payload() interface{} {
return nil
}
func (e *HumanInitializedCheckFailedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInitializedCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInitializedCheckFailedEvent {
return &HumanInitializedCheckFailedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInitializedCheckFailedType,
),
}
}
func HumanInitializedCheckFailedEventMapper(event eventstore.Event) (eventstore.Event, error) {
return &HumanInitializedCheckFailedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}, nil
}
type HumanInviteCodeAddedEvent struct {
*eventstore.BaseEvent `json:"-"`
Code *crypto.CryptoValue `json:"code,omitempty"`
Expiry time.Duration `json:"expiry,omitempty"`
TriggeredAtOrigin string `json:"triggerOrigin,omitempty"`
URLTemplate string `json:"urlTemplate,omitempty"`
CodeReturned bool `json:"codeReturned,omitempty"`
ApplicationName string `json:"applicationName,omitempty"`
AuthRequestID string `json:"authRequestID,omitempty"`
}
func (e *HumanInviteCodeAddedEvent) SetBaseEvent(b *eventstore.BaseEvent) {
e.BaseEvent = b
}
func (e *HumanInviteCodeAddedEvent) Payload() interface{} {
return e
}
func (e *HumanInviteCodeAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func (e *HumanInviteCodeAddedEvent) TriggerOrigin() string {
return e.TriggeredAtOrigin
}
func NewHumanInviteCodeAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
code *crypto.CryptoValue,
expiry time.Duration,
urlTemplate string,
codeReturned bool,
applicationName string,
authRequestID string,
) *HumanInviteCodeAddedEvent {
return &HumanInviteCodeAddedEvent{
BaseEvent: eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInviteCodeAddedType,
),
Code: code,
Expiry: expiry,
TriggeredAtOrigin: http.DomainContext(ctx).Origin(),
URLTemplate: urlTemplate,
CodeReturned: codeReturned,
ApplicationName: applicationName,
AuthRequestID: authRequestID,
}
}
type HumanInviteCodeSentEvent struct {
*eventstore.BaseEvent `json:"-"`
}
func (e *HumanInviteCodeSentEvent) SetBaseEvent(b *eventstore.BaseEvent) {
e.BaseEvent = b
}
func (e *HumanInviteCodeSentEvent) Payload() interface{} {
return nil
}
func (e *HumanInviteCodeSentEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInviteCodeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInviteCodeSentEvent {
return &HumanInviteCodeSentEvent{
BaseEvent: eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInviteCodeSentType,
),
}
}
type HumanInviteCheckSucceededEvent struct {
*eventstore.BaseEvent `json:"-"`
}
func (e *HumanInviteCheckSucceededEvent) SetBaseEvent(b *eventstore.BaseEvent) {
e.BaseEvent = b
}
func (e *HumanInviteCheckSucceededEvent) Payload() interface{} {
return nil
}
func (e *HumanInviteCheckSucceededEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInviteCheckSucceededEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInviteCheckSucceededEvent {
return &HumanInviteCheckSucceededEvent{
BaseEvent: eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInviteCheckSucceededType,
),
}
}
type HumanInviteCheckFailedEvent struct {
*eventstore.BaseEvent `json:"-"`
}
func (e *HumanInviteCheckFailedEvent) SetBaseEvent(b *eventstore.BaseEvent) {
e.BaseEvent = b
}
func (e *HumanInviteCheckFailedEvent) Payload() interface{} {
return nil
}
func (e *HumanInviteCheckFailedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanInviteCheckFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanInviteCheckFailedEvent {
return &HumanInviteCheckFailedEvent{
BaseEvent: eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanInviteCheckFailedType,
),
}
}
type HumanSignedOutEvent struct {
eventstore.BaseEvent `json:"-"`
UserAgentID string `json:"userAgentID"`
}
func (e *HumanSignedOutEvent) Payload() interface{} {
return e
}
func (e *HumanSignedOutEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func NewHumanSignedOutEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userAgentID string,
) *HumanSignedOutEvent {
return &HumanSignedOutEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanSignedOutType,
),
UserAgentID: userAgentID,
}
}
func HumanSignedOutEventMapper(event eventstore.Event) (eventstore.Event, error) {
signedOut := &HumanSignedOutEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(signedOut)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-WFS3g", "unable to unmarshal human signed out")
}
return signedOut, nil
}
Reference in New Issue View Git Blame Copy Permalink