mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 04:18:01 +00:00
a07b2f4677
# Which Problems Are Solved As an administrator I want to be able to invite users to my application with the API V2, some user data I will already prefil, the user should add the authentication method themself (password, passkey, sso). # How the Problems Are Solved - A user can now be created with a email explicitly set to false. - If a user has no verified email and no authentication method, an `InviteCode` can be created through the User V2 API. - the code can be returned or sent through email - additionally `URLTemplate` and an `ApplicatioName` can provided for the email - The code can be resent and verified through the User V2 API - The V1 login allows users to verify and resend the code and set a password (analog user initialization) - The message text for the user invitation can be customized # Additional Changes - `verifyUserPasskeyCode` directly uses `crypto.VerifyCode` (instead of `verifyEncryptedCode`) - `verifyEncryptedCode` is removed (unnecessarily queried for the code generator) # Additional Context - closes #8310 - TODO: login V2 will have to implement invite flow: https://github.com/zitadel/typescript/issues/166
91 lines
3.5 KiB
Go
91 lines
3.5 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/command/preparation"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
)
|
|
|
|
type encrypedCodeFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.EncryptionAlgorithm) (*EncryptedCode, error)
|
|
|
|
type encryptedCodeWithDefaultFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.EncryptionAlgorithm, defaultConfig *crypto.GeneratorConfig) (*EncryptedCode, error)
|
|
|
|
var emptyConfig = &crypto.GeneratorConfig{}
|
|
|
|
type EncryptedCode struct {
|
|
Crypted *crypto.CryptoValue
|
|
Plain string
|
|
Expiry time.Duration
|
|
}
|
|
|
|
func newEncryptedCode(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.EncryptionAlgorithm) (*EncryptedCode, error) {
|
|
return newEncryptedCodeWithDefaultConfig(ctx, filter, typ, alg, emptyConfig)
|
|
}
|
|
|
|
func newEncryptedCodeWithDefaultConfig(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.EncryptionAlgorithm, defaultConfig *crypto.GeneratorConfig) (*EncryptedCode, error) {
|
|
gen, config, err := encryptedCodeGenerator(ctx, filter, typ, alg, defaultConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
crypted, plain, err := crypto.NewCode(gen)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &EncryptedCode{
|
|
Crypted: crypted,
|
|
Plain: plain,
|
|
Expiry: config.Expiry,
|
|
}, nil
|
|
}
|
|
|
|
func encryptedCodeGenerator(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.EncryptionAlgorithm, defaultConfig *crypto.GeneratorConfig) (crypto.Generator, *crypto.GeneratorConfig, error) {
|
|
config, err := cryptoGeneratorConfigWithDefault(ctx, filter, typ, defaultConfig)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return crypto.NewEncryptionGenerator(*config, alg), config, nil
|
|
}
|
|
|
|
type hashedSecretFunc func(ctx context.Context, filter preparation.FilterToQueryReducer) (encodedHash, plain string, err error)
|
|
|
|
func newHashedSecretWithDefault(hasher *crypto.Hasher, defaultConfig *crypto.GeneratorConfig) hashedSecretFunc {
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) (encodedHash string, plain string, err error) {
|
|
config, err := cryptoGeneratorConfigWithDefault(ctx, filter, domain.SecretGeneratorTypeAppSecret, defaultConfig)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
generator := crypto.NewHashGenerator(*config, hasher)
|
|
return generator.NewCode()
|
|
}
|
|
}
|
|
|
|
func cryptoGeneratorConfig(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType) (*crypto.GeneratorConfig, error) {
|
|
return cryptoGeneratorConfigWithDefault(ctx, filter, typ, emptyConfig)
|
|
}
|
|
|
|
func cryptoGeneratorConfigWithDefault(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, defaultConfig *crypto.GeneratorConfig) (*crypto.GeneratorConfig, error) {
|
|
wm := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ)
|
|
events, err := filter(ctx, wm.Query())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
wm.AppendEvents(events...)
|
|
if err := wm.Reduce(); err != nil {
|
|
return nil, err
|
|
}
|
|
if wm.State != domain.SecretGeneratorStateActive {
|
|
return defaultConfig, nil
|
|
}
|
|
return &crypto.GeneratorConfig{
|
|
Length: wm.Length,
|
|
Expiry: wm.Expiry,
|
|
IncludeLowerLetters: wm.IncludeLowerLetters,
|
|
IncludeUpperLetters: wm.IncludeUpperLetters,
|
|
IncludeDigits: wm.IncludeDigits,
|
|
IncludeSymbols: wm.IncludeSymbols,
|
|
}, nil
|
|
}
|