mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 19:44:21 +00:00
5b433dcaa3
* feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming
302 lines
9.9 KiB
Go
302 lines
9.9 KiB
Go
package iam
|
|
|
|
import (
|
|
"context"
|
|
"github.com/caos/zitadel/internal/crypto"
|
|
"github.com/caos/zitadel/internal/eventstore/v2"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/label"
|
|
iam_login "github.com/caos/zitadel/internal/v2/repository/iam/policy/login"
|
|
factors2 "github.com/caos/zitadel/internal/v2/repository/iam/policy/login/factors"
|
|
iam_factors "github.com/caos/zitadel/internal/v2/repository/iam/policy/login/factors"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/login/idpprovider"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/org_iam"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_age"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_complexity"
|
|
"github.com/caos/zitadel/internal/v2/repository/iam/policy/password_lockout"
|
|
"github.com/caos/zitadel/internal/v2/repository/idp"
|
|
"github.com/caos/zitadel/internal/v2/repository/idp/oidc"
|
|
"github.com/caos/zitadel/internal/v2/repository/idp/provider"
|
|
"github.com/caos/zitadel/internal/v2/repository/policy/login"
|
|
"github.com/caos/zitadel/internal/v2/repository/policy/login/factors"
|
|
)
|
|
|
|
const (
|
|
IamEventTypePrefix = eventstore.EventType("iam.")
|
|
)
|
|
|
|
const (
|
|
AggregateType = "iam"
|
|
AggregateVersion = "v1"
|
|
)
|
|
|
|
type Aggregate struct {
|
|
eventstore.Aggregate
|
|
}
|
|
|
|
func NewAggregate(
|
|
id,
|
|
resourceOwner string,
|
|
previousSequence uint64,
|
|
) *Aggregate {
|
|
|
|
return &Aggregate{
|
|
Aggregate: *eventstore.NewAggregate(
|
|
id,
|
|
AggregateType,
|
|
resourceOwner,
|
|
AggregateVersion,
|
|
previousSequence,
|
|
),
|
|
}
|
|
}
|
|
|
|
func AggregateFromWriteModel(wm *eventstore.WriteModel) *Aggregate {
|
|
return &Aggregate{
|
|
Aggregate: *eventstore.AggregateFromWriteModel(wm, AggregateType, AggregateVersion),
|
|
}
|
|
}
|
|
|
|
func AggregateFromReadModel(rm *ReadModel) *Aggregate {
|
|
return &Aggregate{
|
|
Aggregate: *eventstore.NewAggregate(
|
|
rm.AggregateID,
|
|
AggregateType,
|
|
rm.ResourceOwner,
|
|
AggregateVersion,
|
|
rm.ProcessedSequence,
|
|
),
|
|
}
|
|
}
|
|
|
|
func (a *Aggregate) PushMemberAdded(ctx context.Context, userID string, roles ...string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewMemberAddedEvent(ctx, userID, roles...))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushMemberChangedFromExisting(ctx context.Context, current *MemberWriteModel, roles ...string) *Aggregate {
|
|
e, err := MemberChangedEventFromExisting(ctx, current, roles...)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushMemberRemoved(ctx context.Context, userID string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewMemberRemovedEvent(ctx, userID))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushStepStarted(ctx context.Context, step Step) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewSetupStepStartedEvent(ctx, step))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushStepDone(ctx context.Context, step Step) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewSetupStepDoneEvent(ctx, step))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushOrgIAMPolicyAddedEvent(ctx context.Context, userLoginMustBeDomain bool) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(org_iam.NewAddedEvent(ctx, userLoginMustBeDomain))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushOrgIAMPolicyChangedFromExisting(ctx context.Context, current *org_iam.WriteModel, userLoginMustBeDomain bool) *Aggregate {
|
|
e, err := org_iam.ChangedEventFromExisting(ctx, current, userLoginMustBeDomain)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordAgePolicyAddedEvent(ctx context.Context, expireWarnDays, maxAgeDays uint64) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(password_age.NewAddedEvent(ctx, expireWarnDays, maxAgeDays))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordAgePolicyChangedFromExisting(ctx context.Context, current *password_age.WriteModel, expireWarnDays, maxAgeDays uint64) *Aggregate {
|
|
e, err := password_age.ChangedEventFromExisting(ctx, current, expireWarnDays, maxAgeDays)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordComplexityPolicyAddedEvent(ctx context.Context, minLength uint64, hasLowercase, hasUppercase, hasNumber, hasSymbol bool) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(password_complexity.NewAddedEvent(ctx, minLength, hasLowercase, hasUppercase, hasNumber, hasSymbol))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordComplexityPolicyChangedFromExisting(ctx context.Context, current *password_complexity.WriteModel, minLength uint64, hasLowercase, hasUppercase, hasNumber, hasSymbol bool) *Aggregate {
|
|
e, err := password_complexity.ChangedEventFromExisting(ctx, current, minLength, hasLowercase, hasUppercase, hasNumber, hasSymbol)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordLockoutPolicyAddedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(password_lockout.NewAddedEvent(ctx, maxAttempts, showLockoutFailure))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushPasswordLockoutPolicyChangedFromExisting(ctx context.Context, current *password_lockout.WriteModel, maxAttempts uint64, showLockoutFailure bool) *Aggregate {
|
|
e, err := password_lockout.ChangedEventFromExisting(ctx, current, maxAttempts, showLockoutFailure)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLabelPolicyAddedEvent(ctx context.Context, primaryColor, secondaryColor string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(label.NewAddedEvent(ctx, primaryColor, secondaryColor))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLabelPolicyChangedFromExisting(ctx context.Context, current *label.WriteModel, primaryColor, secondaryColor string) *Aggregate {
|
|
e, err := label.ChangedEventFromExisting(ctx, current, primaryColor, secondaryColor)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyAddedEvent(ctx context.Context, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA bool, passwordlessType login.PasswordlessType) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(iam_login.NewAddedEvent(ctx, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA, passwordlessType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyChangedFromExisting(ctx context.Context, current *iam_login.WriteModel, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA bool, passwordlessType login.PasswordlessType) *Aggregate {
|
|
e, err := iam_login.ChangedEventFromExisting(ctx, current, allowUsernamePassword, allowRegister, allowExternalIDP, forceMFA, passwordlessType)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(e)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicySecondFactorAdded(ctx context.Context, mfaType factors.SecondFactorType) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(iam_factors.NewLoginPolicySecondFactorAddedEvent(ctx, mfaType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicySecondFactorRemoved(ctx context.Context, mfaType factors.SecondFactorType) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(iam_factors.NewLoginPolicySecondFactorRemovedEvent(ctx, mfaType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyMultiFactorAdded(ctx context.Context, mfaType factors.MultiFactorType) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(factors2.NewLoginPolicyMultiFactorAddedEvent(ctx, mfaType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyMultiFactorRemoved(ctx context.Context, mfaType factors.MultiFactorType) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(factors2.NewLoginPolicyMultiFactorRemovedEvent(ctx, mfaType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPConfigAdded(
|
|
ctx context.Context,
|
|
configID,
|
|
name string,
|
|
configType idp.ConfigType,
|
|
stylingType idp.StylingType,
|
|
) *Aggregate {
|
|
|
|
a.Aggregate = *a.PushEvents(NewIDPConfigAddedEvent(ctx, configID, name, configType, stylingType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPConfigChanged(
|
|
ctx context.Context,
|
|
current *IDPConfigWriteModel,
|
|
configID,
|
|
name string,
|
|
configType idp.ConfigType,
|
|
stylingType idp.StylingType,
|
|
) *Aggregate {
|
|
|
|
event, err := NewIDPConfigChangedEvent(ctx, current, configID, name, configType, stylingType)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
a.Aggregate = *a.PushEvents(event)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPConfigDeactivated(ctx context.Context, configID string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewIDPConfigDeactivatedEvent(ctx, configID))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPConfigReactivated(ctx context.Context, configID string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewIDPConfigReactivatedEvent(ctx, configID))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPConfigRemoved(ctx context.Context, configID string) *Aggregate {
|
|
a.Aggregate = *a.PushEvents(NewIDPConfigRemovedEvent(ctx, configID))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPOIDCConfigAdded(
|
|
ctx context.Context,
|
|
clientID,
|
|
idpConfigID,
|
|
issuer string,
|
|
clientSecret *crypto.CryptoValue,
|
|
idpDisplayNameMapping,
|
|
userNameMapping oidc.MappingField,
|
|
scopes ...string,
|
|
) *Aggregate {
|
|
|
|
a.Aggregate = *a.PushEvents(NewIDPOIDCConfigAddedEvent(ctx, clientID, idpConfigID, issuer, clientSecret, idpDisplayNameMapping, userNameMapping, scopes...))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushIDPOIDCConfigChanged(
|
|
ctx context.Context,
|
|
current *IDPOIDCConfigWriteModel,
|
|
clientID,
|
|
issuer string,
|
|
clientSecret *crypto.CryptoValue,
|
|
idpDisplayNameMapping,
|
|
userNameMapping oidc.MappingField,
|
|
scopes ...string,
|
|
) *Aggregate {
|
|
|
|
event, err := NewIDPOIDCConfigChangedEvent(ctx, current, clientID, issuer, clientSecret, idpDisplayNameMapping, userNameMapping, scopes...)
|
|
if err != nil {
|
|
return a
|
|
}
|
|
|
|
a.Aggregate = *a.PushEvents(event)
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyIDPProviderAddedEvent(
|
|
ctx context.Context,
|
|
idpConfigID string,
|
|
providerType provider.Type,
|
|
) *Aggregate {
|
|
|
|
a.Aggregate = *a.PushEvents(idpprovider.NewAddedEvent(ctx, idpConfigID, providerType))
|
|
return a
|
|
}
|
|
|
|
func (a *Aggregate) PushLoginPolicyIDPProviderRemovedEvent(
|
|
ctx context.Context,
|
|
idpConfigID string,
|
|
providerType provider.Type,
|
|
) *Aggregate {
|
|
|
|
a.Aggregate = *a.PushEvents(idpprovider.NewRemovedEvent(ctx, idpConfigID))
|
|
return a
|
|
}
|