mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 04:18:01 +00:00
2089992d75
* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
141 lines
4.0 KiB
Go
141 lines
4.0 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"reflect"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/idpconfig"
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
)
|
|
|
|
type IDPOIDCConfigWriteModel struct {
|
|
OIDCConfigWriteModel
|
|
}
|
|
|
|
func NewOrgIDPOIDCConfigWriteModel(idpConfigID, orgID string) *IDPOIDCConfigWriteModel {
|
|
return &IDPOIDCConfigWriteModel{
|
|
OIDCConfigWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
IDPConfigID: idpConfigID,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *IDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.IDPOIDCConfigAddedEvent:
|
|
if wm.IDPConfigID != e.IDPConfigID {
|
|
continue
|
|
}
|
|
wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigAddedEvent)
|
|
case *org.IDPOIDCConfigChangedEvent:
|
|
if wm.IDPConfigID != e.IDPConfigID {
|
|
continue
|
|
}
|
|
wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigChangedEvent)
|
|
case *org.IDPConfigReactivatedEvent:
|
|
if wm.IDPConfigID != e.ConfigID {
|
|
continue
|
|
}
|
|
wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigReactivatedEvent)
|
|
case *org.IDPConfigDeactivatedEvent:
|
|
if wm.IDPConfigID != e.ConfigID {
|
|
continue
|
|
}
|
|
wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigDeactivatedEvent)
|
|
case *org.IDPConfigRemovedEvent:
|
|
if wm.IDPConfigID != e.ConfigID {
|
|
continue
|
|
}
|
|
wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
|
|
default:
|
|
wm.OIDCConfigWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *IDPOIDCConfigWriteModel) Reduce() error {
|
|
if err := wm.OIDCConfigWriteModel.Reduce(); err != nil {
|
|
return err
|
|
}
|
|
return wm.WriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *IDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.IDPOIDCConfigAddedEventType,
|
|
org.IDPOIDCConfigChangedEventType,
|
|
org.IDPConfigReactivatedEventType,
|
|
org.IDPConfigDeactivatedEventType,
|
|
org.IDPConfigRemovedEventType).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *IDPOIDCConfigWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
idpConfigID,
|
|
clientID,
|
|
issuer,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
idpDisplayNameMapping,
|
|
userNameMapping domain.OIDCMappingField,
|
|
scopes ...string,
|
|
) (*org.IDPOIDCConfigChangedEvent, bool, error) {
|
|
|
|
changes := make([]idpconfig.OIDCConfigChanges, 0)
|
|
var clientSecret *crypto.CryptoValue
|
|
var err error
|
|
if clientSecretString != "" {
|
|
clientSecret, err = crypto.Crypt([]byte(clientSecretString), secretCrypto)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
changes = append(changes, idpconfig.ChangeClientSecret(clientSecret))
|
|
}
|
|
if wm.ClientID != clientID {
|
|
changes = append(changes, idpconfig.ChangeClientID(clientID))
|
|
}
|
|
if wm.Issuer != issuer {
|
|
changes = append(changes, idpconfig.ChangeIssuer(issuer))
|
|
}
|
|
if wm.AuthorizationEndpoint != authorizationEndpoint {
|
|
changes = append(changes, idpconfig.ChangeAuthorizationEndpoint(authorizationEndpoint))
|
|
}
|
|
if wm.TokenEndpoint != tokenEndpoint {
|
|
changes = append(changes, idpconfig.ChangeTokenEndpoint(tokenEndpoint))
|
|
}
|
|
if idpDisplayNameMapping.Valid() && wm.IDPDisplayNameMapping != idpDisplayNameMapping {
|
|
changes = append(changes, idpconfig.ChangeIDPDisplayNameMapping(idpDisplayNameMapping))
|
|
}
|
|
if userNameMapping.Valid() && wm.UserNameMapping != userNameMapping {
|
|
changes = append(changes, idpconfig.ChangeUserNameMapping(userNameMapping))
|
|
}
|
|
if !reflect.DeepEqual(wm.Scopes, scopes) {
|
|
changes = append(changes, idpconfig.ChangeScopes(scopes))
|
|
}
|
|
if len(changes) == 0 {
|
|
return nil, false, nil
|
|
}
|
|
changeEvent, err := org.NewIDPOIDCConfigChangedEvent(ctx, aggregate, idpConfigID, changes)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
return changeEvent, true, nil
|
|
}
|