mirror of
https://github.com/zitadel/zitadel.git
synced 2025-06-11 12:18:32 +00:00
8d13f170e8
* feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
94 lines
2.0 KiB
Go
94 lines
2.0 KiB
Go
package domain
|
|
|
|
import (
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
)
|
|
|
|
type LoginPolicy struct {
|
|
models.ObjectRoot
|
|
|
|
Default bool
|
|
AllowUsernamePassword bool
|
|
AllowRegister bool
|
|
AllowExternalIDP bool
|
|
IDPProviders []*IDPProvider
|
|
ForceMFA bool
|
|
SecondFactors []SecondFactorType
|
|
MultiFactors []MultiFactorType
|
|
PasswordlessType PasswordlessType
|
|
HidePasswordReset bool
|
|
IgnoreUnknownUsernames bool
|
|
AllowDomainDiscovery bool
|
|
DefaultRedirectURI string
|
|
PasswordCheckLifetime time.Duration
|
|
ExternalLoginCheckLifetime time.Duration
|
|
MFAInitSkipLifetime time.Duration
|
|
SecondFactorCheckLifetime time.Duration
|
|
MultiFactorCheckLifetime time.Duration
|
|
DisableLoginWithEmail bool
|
|
DisableLoginWithPhone bool
|
|
}
|
|
|
|
func ValidateDefaultRedirectURI(rawURL string) bool {
|
|
if rawURL == "" {
|
|
return true
|
|
}
|
|
parsedURL, err := url.Parse(rawURL)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
switch parsedURL.Scheme {
|
|
case "":
|
|
return false
|
|
case "http", "https":
|
|
return parsedURL.Host != ""
|
|
default:
|
|
return true
|
|
}
|
|
}
|
|
|
|
type IDPProvider struct {
|
|
models.ObjectRoot
|
|
Type IdentityProviderType
|
|
IDPConfigID string
|
|
|
|
Name string
|
|
StylingType IDPConfigStylingType // deprecated
|
|
IDPType IDPType
|
|
IDPState IDPConfigState
|
|
}
|
|
|
|
func (p IDPProvider) IsValid() bool {
|
|
return p.IDPConfigID != ""
|
|
}
|
|
|
|
// DisplayName returns the name or a default
|
|
// to be used when always a name must be displayed (e.g. login)
|
|
func (p IDPProvider) DisplayName() string {
|
|
return IDPName(p.Name, p.IDPType)
|
|
}
|
|
|
|
type PasswordlessType int32
|
|
|
|
const (
|
|
PasswordlessTypeNotAllowed PasswordlessType = iota
|
|
PasswordlessTypeAllowed
|
|
|
|
passwordlessCount
|
|
)
|
|
|
|
func (f PasswordlessType) Valid() bool {
|
|
return f >= 0 && f < passwordlessCount
|
|
}
|
|
|
|
func (p *LoginPolicy) HasSecondFactors() bool {
|
|
return len(p.SecondFactors) > 0
|
|
}
|
|
|
|
func (p *LoginPolicy) HasMultiFactors() bool {
|
|
return len(p.MultiFactors) > 0
|
|
}
|