mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-08 13:27:41 +00:00
2e8fa82261
* feat: add additional origins on applications * app additional redirects * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/google-protobuf in /console (#1681) Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666) Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7. - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * lock * chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * package lock * downgrade grpc * downgrade protobuf types * revert npm packs 🥸 Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Silvan <silvan.reusser@gmail.com>
392 lines
12 KiB
Go
392 lines
12 KiB
Go
package project
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"time"
|
|
|
|
"github.com/caos/zitadel/internal/crypto"
|
|
"github.com/caos/zitadel/internal/domain"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
"github.com/caos/zitadel/internal/eventstore"
|
|
"github.com/caos/zitadel/internal/eventstore/repository"
|
|
)
|
|
|
|
const (
|
|
OIDCConfigAddedType = applicationEventTypePrefix + "config.oidc.added"
|
|
OIDCConfigChangedType = applicationEventTypePrefix + "config.oidc.changed"
|
|
OIDCConfigSecretChangedType = applicationEventTypePrefix + "config.oidc.secret.changed"
|
|
OIDCClientSecretCheckSucceededType = applicationEventTypePrefix + "oidc.secret.check.succeeded"
|
|
OIDCClientSecretCheckFailedType = applicationEventTypePrefix + "oidc.secret.check.failed"
|
|
)
|
|
|
|
type OIDCConfigAddedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
Version domain.OIDCVersion `json:"oidcVersion,omitempty"`
|
|
AppID string `json:"appId"`
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
RedirectUris []string `json:"redirectUris,omitempty"`
|
|
ResponseTypes []domain.OIDCResponseType `json:"responseTypes,omitempty"`
|
|
GrantTypes []domain.OIDCGrantType `json:"grantTypes,omitempty"`
|
|
ApplicationType domain.OIDCApplicationType `json:"applicationType,omitempty"`
|
|
AuthMethodType domain.OIDCAuthMethodType `json:"authMethodType,omitempty"`
|
|
PostLogoutRedirectUris []string `json:"postLogoutRedirectUris,omitempty"`
|
|
DevMode bool `json:"devMode,omitempty"`
|
|
AccessTokenType domain.OIDCTokenType `json:"accessTokenType,omitempty"`
|
|
AccessTokenRoleAssertion bool `json:"accessTokenRoleAssertion,omitempty"`
|
|
IDTokenRoleAssertion bool `json:"idTokenRoleAssertion,omitempty"`
|
|
IDTokenUserinfoAssertion bool `json:"idTokenUserinfoAssertion,omitempty"`
|
|
ClockSkew time.Duration `json:"clockSkew,omitempty"`
|
|
AdditionalOrigins []string `json:"additionalOrigins,omitempty"`
|
|
}
|
|
|
|
func (e *OIDCConfigAddedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *OIDCConfigAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewOIDCConfigAddedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
version domain.OIDCVersion,
|
|
appID string,
|
|
clientID string,
|
|
clientSecret *crypto.CryptoValue,
|
|
redirectUris []string,
|
|
responseTypes []domain.OIDCResponseType,
|
|
grantTypes []domain.OIDCGrantType,
|
|
applicationType domain.OIDCApplicationType,
|
|
authMethodType domain.OIDCAuthMethodType,
|
|
postLogoutRedirectUris []string,
|
|
devMode bool,
|
|
accessTokenType domain.OIDCTokenType,
|
|
accessTokenRoleAssertion bool,
|
|
idTokenRoleAssertion bool,
|
|
idTokenUserinfoAssertion bool,
|
|
clockSkew time.Duration,
|
|
additionalOrigins []string,
|
|
) *OIDCConfigAddedEvent {
|
|
return &OIDCConfigAddedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
OIDCConfigAddedType,
|
|
),
|
|
Version: version,
|
|
AppID: appID,
|
|
ClientID: clientID,
|
|
ClientSecret: clientSecret,
|
|
RedirectUris: redirectUris,
|
|
ResponseTypes: responseTypes,
|
|
GrantTypes: grantTypes,
|
|
ApplicationType: applicationType,
|
|
AuthMethodType: authMethodType,
|
|
PostLogoutRedirectUris: postLogoutRedirectUris,
|
|
DevMode: devMode,
|
|
AccessTokenType: accessTokenType,
|
|
AccessTokenRoleAssertion: accessTokenRoleAssertion,
|
|
IDTokenRoleAssertion: idTokenRoleAssertion,
|
|
IDTokenUserinfoAssertion: idTokenUserinfoAssertion,
|
|
ClockSkew: clockSkew,
|
|
AdditionalOrigins: additionalOrigins,
|
|
}
|
|
}
|
|
|
|
func OIDCConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
|
|
e := &OIDCConfigAddedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
|
|
err := json.Unmarshal(event.Data, e)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config")
|
|
}
|
|
|
|
return e, nil
|
|
}
|
|
|
|
type OIDCConfigChangedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
Version *domain.OIDCVersion `json:"oidcVersion,omitempty"`
|
|
AppID string `json:"appId"`
|
|
RedirectUris *[]string `json:"redirectUris,omitempty"`
|
|
ResponseTypes *[]domain.OIDCResponseType `json:"responseTypes,omitempty"`
|
|
GrantTypes *[]domain.OIDCGrantType `json:"grantTypes,omitempty"`
|
|
ApplicationType *domain.OIDCApplicationType `json:"applicationType,omitempty"`
|
|
AuthMethodType *domain.OIDCAuthMethodType `json:"authMethodType,omitempty"`
|
|
PostLogoutRedirectUris *[]string `json:"postLogoutRedirectUris,omitempty"`
|
|
DevMode *bool `json:"devMode,omitempty"`
|
|
AccessTokenType *domain.OIDCTokenType `json:"accessTokenType,omitempty"`
|
|
AccessTokenRoleAssertion *bool `json:"accessTokenRoleAssertion,omitempty"`
|
|
IDTokenRoleAssertion *bool `json:"idTokenRoleAssertion,omitempty"`
|
|
IDTokenUserinfoAssertion *bool `json:"idTokenUserinfoAssertion,omitempty"`
|
|
ClockSkew *time.Duration `json:"clockSkew,omitempty"`
|
|
AdditionalOrigins *[]string `json:"additionalOrigins,omitempty"`
|
|
}
|
|
|
|
func (e *OIDCConfigChangedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *OIDCConfigChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewOIDCConfigChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
appID string,
|
|
changes []OIDCConfigChanges,
|
|
) (*OIDCConfigChangedEvent, error) {
|
|
if len(changes) == 0 {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-i8idç", "Errors.NoChangesFound")
|
|
}
|
|
|
|
changeEvent := &OIDCConfigChangedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
OIDCConfigChangedType,
|
|
),
|
|
AppID: appID,
|
|
}
|
|
for _, change := range changes {
|
|
change(changeEvent)
|
|
}
|
|
return changeEvent, nil
|
|
}
|
|
|
|
type OIDCConfigChanges func(event *OIDCConfigChangedEvent)
|
|
|
|
func ChangeVersion(version domain.OIDCVersion) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.Version = &version
|
|
}
|
|
}
|
|
|
|
func ChangeRedirectURIs(uris []string) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.RedirectUris = &uris
|
|
}
|
|
}
|
|
|
|
func ChangeResponseTypes(responseTypes []domain.OIDCResponseType) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.ResponseTypes = &responseTypes
|
|
}
|
|
}
|
|
|
|
func ChangeGrantTypes(grantTypes []domain.OIDCGrantType) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.GrantTypes = &grantTypes
|
|
}
|
|
}
|
|
|
|
func ChangeApplicationType(appType domain.OIDCApplicationType) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.ApplicationType = &appType
|
|
}
|
|
}
|
|
|
|
func ChangeAuthMethodType(authMethodType domain.OIDCAuthMethodType) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.AuthMethodType = &authMethodType
|
|
}
|
|
}
|
|
|
|
func ChangePostLogoutRedirectURIs(logoutRedirects []string) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.PostLogoutRedirectUris = &logoutRedirects
|
|
}
|
|
}
|
|
|
|
func ChangeDevMode(devMode bool) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.DevMode = &devMode
|
|
}
|
|
}
|
|
|
|
func ChangeAccessTokenType(accessTokenType domain.OIDCTokenType) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.AccessTokenType = &accessTokenType
|
|
}
|
|
}
|
|
|
|
func ChangeAccessTokenRoleAssertion(accessTokenRoleAssertion bool) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.AccessTokenRoleAssertion = &accessTokenRoleAssertion
|
|
}
|
|
}
|
|
|
|
func ChangeIDTokenRoleAssertion(idTokenRoleAssertion bool) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.IDTokenRoleAssertion = &idTokenRoleAssertion
|
|
}
|
|
}
|
|
|
|
func ChangeIDTokenUserinfoAssertion(idTokenUserinfoAssertion bool) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.IDTokenUserinfoAssertion = &idTokenUserinfoAssertion
|
|
}
|
|
}
|
|
|
|
func ChangeClockSkew(clockSkew time.Duration) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.ClockSkew = &clockSkew
|
|
}
|
|
}
|
|
|
|
func ChangeAdditionalOrigins(additionalOrigins []string) func(event *OIDCConfigChangedEvent) {
|
|
return func(e *OIDCConfigChangedEvent) {
|
|
e.AdditionalOrigins = &additionalOrigins
|
|
}
|
|
}
|
|
|
|
func OIDCConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
|
|
e := &OIDCConfigChangedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
|
|
err := json.Unmarshal(event.Data, e)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "OIDC-BFd15", "unable to unmarshal oidc config")
|
|
}
|
|
|
|
return e, nil
|
|
}
|
|
|
|
type OIDCConfigSecretChangedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
AppID string `json:"appId"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
}
|
|
|
|
func (e *OIDCConfigSecretChangedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *OIDCConfigSecretChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewOIDCConfigSecretChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
appID string,
|
|
clientSecret *crypto.CryptoValue,
|
|
) *OIDCConfigSecretChangedEvent {
|
|
return &OIDCConfigSecretChangedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
OIDCConfigSecretChangedType,
|
|
),
|
|
AppID: appID,
|
|
ClientSecret: clientSecret,
|
|
}
|
|
}
|
|
|
|
func OIDCConfigSecretChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
|
|
e := &OIDCConfigSecretChangedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
|
|
err := json.Unmarshal(event.Data, e)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "OIDC-M893d", "unable to unmarshal oidc config")
|
|
}
|
|
|
|
return e, nil
|
|
}
|
|
|
|
type OIDCConfigSecretCheckSucceededEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
AppID string `json:"appId"`
|
|
}
|
|
|
|
func (e *OIDCConfigSecretCheckSucceededEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *OIDCConfigSecretCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewOIDCConfigSecretCheckSucceededEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
appID string,
|
|
) *OIDCConfigSecretCheckSucceededEvent {
|
|
return &OIDCConfigSecretCheckSucceededEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
OIDCClientSecretCheckSucceededType,
|
|
),
|
|
AppID: appID,
|
|
}
|
|
}
|
|
|
|
func OIDCConfigSecretCheckSucceededEventMapper(event *repository.Event) (eventstore.EventReader, error) {
|
|
e := &OIDCConfigSecretCheckSucceededEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
|
|
err := json.Unmarshal(event.Data, e)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "OIDC-837gV", "unable to unmarshal oidc config")
|
|
}
|
|
|
|
return e, nil
|
|
}
|
|
|
|
type OIDCConfigSecretCheckFailedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
AppID string `json:"appId"`
|
|
}
|
|
|
|
func (e *OIDCConfigSecretCheckFailedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *OIDCConfigSecretCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewOIDCConfigSecretCheckFailedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
appID string,
|
|
) *OIDCConfigSecretCheckFailedEvent {
|
|
return &OIDCConfigSecretCheckFailedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
OIDCClientSecretCheckFailedType,
|
|
),
|
|
AppID: appID,
|
|
}
|
|
}
|
|
|
|
func OIDCConfigSecretCheckFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
|
|
e := &OIDCConfigSecretCheckFailedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
|
|
err := json.Unmarshal(event.Data, e)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "OIDC-987g%", "unable to unmarshal oidc config")
|
|
}
|
|
|
|
return e, nil
|
|
}
|