zitadel/internal/api/grpc/user/converter.go
Tim Möhlmann ec03340b67
perf(oidc): optimize client verification (#6999)
* fix some spelling errors

* client credential auth

* implementation of client auth

* improve error handling

* unit test command package

* unit test database package

* unit test query package

* cleanup unused tracing func

* fix integration tests

* errz to zerrors

* fix linting and import issues

* fix another linting error

* integration test with client secret

* Revert "integration test with client secret"

This reverts commit 0814ba522f.

* add integration tests

* client credentials integration test

* resolve comments

* pin oidc v3.5.0
2023-12-05 17:01:03 +00:00

278 lines
7.6 KiB
Go

package user
import (
"github.com/zitadel/zitadel/internal/api/grpc/object"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
"github.com/zitadel/zitadel/internal/query"
user_pb "github.com/zitadel/zitadel/pkg/grpc/user"
)
func UsersToPb(users []*query.User, assetPrefix string) []*user_pb.User {
u := make([]*user_pb.User, len(users))
for i, user := range users {
u[i] = UserToPb(user, assetPrefix)
}
return u
}
func UserToPb(user *query.User, assetPrefix string) *user_pb.User {
return &user_pb.User{
Id: user.ID,
State: UserStateToPb(user.State),
UserName: user.Username,
LoginNames: user.LoginNames,
PreferredLoginName: user.PreferredLoginName,
Type: UserTypeToPb(user, assetPrefix),
Details: object.ToViewDetailsPb(
user.Sequence,
user.CreationDate,
user.ChangeDate,
user.ResourceOwner,
),
}
}
func UserTypeToPb(user *query.User, assetPrefix string) user_pb.UserType {
if user.Human != nil {
return &user_pb.User_Human{
Human: HumanToPb(user.Human, assetPrefix, user.ResourceOwner),
}
}
if user.Machine != nil {
return &user_pb.User_Machine{
Machine: MachineToPb(user.Machine),
}
}
return nil
}
func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
return &user_pb.Human{
Profile: &user_pb.Profile{
FirstName: view.FirstName,
LastName: view.LastName,
NickName: view.NickName,
DisplayName: view.DisplayName,
PreferredLanguage: view.PreferredLanguage.String(),
Gender: GenderToPb(view.Gender),
AvatarUrl: domain.AvatarURL(assetPrefix, owner, view.AvatarKey),
},
Email: &user_pb.Email{
Email: string(view.Email),
IsEmailVerified: view.IsEmailVerified,
},
Phone: &user_pb.Phone{
Phone: string(view.Phone),
IsPhoneVerified: view.IsPhoneVerified,
},
}
}
func MachineToPb(view *query.Machine) *user_pb.Machine {
return &user_pb.Machine{
Name: view.Name,
Description: view.Description,
HasSecret: view.Secret != nil,
AccessTokenType: AccessTokenTypeToPb(view.AccessTokenType),
}
}
func ProfileToPb(profile *query.Profile, assetPrefix string) *user_pb.Profile {
return &user_pb.Profile{
FirstName: profile.FirstName,
LastName: profile.LastName,
NickName: profile.NickName,
DisplayName: profile.DisplayName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: GenderToPb(profile.Gender),
AvatarUrl: domain.AvatarURL(assetPrefix, profile.ResourceOwner, profile.AvatarKey),
}
}
func EmailToPb(email *query.Email) *user_pb.Email {
return &user_pb.Email{
Email: string(email.Email),
IsEmailVerified: email.IsVerified,
}
}
func PhoneToPb(phone *query.Phone) *user_pb.Phone {
return &user_pb.Phone{
Phone: phone.Phone,
IsPhoneVerified: phone.IsVerified,
}
}
func ModelEmailToPb(email *query.Email) *user_pb.Email {
return &user_pb.Email{
Email: string(email.Email),
IsEmailVerified: email.IsVerified,
}
}
func ModelPhoneToPb(phone *query.Phone) *user_pb.Phone {
return &user_pb.Phone{
Phone: phone.Phone,
IsPhoneVerified: phone.IsVerified,
}
}
func GenderToDomain(gender user_pb.Gender) domain.Gender {
switch gender {
case user_pb.Gender_GENDER_DIVERSE:
return domain.GenderDiverse
case user_pb.Gender_GENDER_MALE:
return domain.GenderMale
case user_pb.Gender_GENDER_FEMALE:
return domain.GenderFemale
default:
return -1
}
}
func AccessTokenTypeToDomain(accessTokenType user_pb.AccessTokenType) domain.OIDCTokenType {
switch accessTokenType {
case user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER:
return domain.OIDCTokenTypeBearer
case user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_JWT:
return domain.OIDCTokenTypeJWT
default:
return -1
}
}
func UserStateToPb(state domain.UserState) user_pb.UserState {
switch state {
case domain.UserStateActive:
return user_pb.UserState_USER_STATE_ACTIVE
case domain.UserStateInactive:
return user_pb.UserState_USER_STATE_INACTIVE
case domain.UserStateDeleted:
return user_pb.UserState_USER_STATE_DELETED
case domain.UserStateInitial:
return user_pb.UserState_USER_STATE_INITIAL
case domain.UserStateLocked:
return user_pb.UserState_USER_STATE_LOCKED
case domain.UserStateSuspend:
return user_pb.UserState_USER_STATE_SUSPEND
default:
return user_pb.UserState_USER_STATE_UNSPECIFIED
}
}
func GenderToPb(gender domain.Gender) user_pb.Gender {
switch gender {
case domain.GenderDiverse:
return user_pb.Gender_GENDER_DIVERSE
case domain.GenderFemale:
return user_pb.Gender_GENDER_FEMALE
case domain.GenderMale:
return user_pb.Gender_GENDER_MALE
default:
return user_pb.Gender_GENDER_UNSPECIFIED
}
}
func AccessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user_pb.AccessTokenType {
switch accessTokenType {
case domain.OIDCTokenTypeBearer:
return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER
case domain.OIDCTokenTypeJWT:
return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_JWT
default:
return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER
}
}
func AuthMethodsToPb(mfas *query.AuthMethods) []*user_pb.AuthFactor {
factors := make([]*user_pb.AuthFactor, len(mfas.AuthMethods))
for i, mfa := range mfas.AuthMethods {
factors[i] = AuthMethodToPb(mfa)
}
return factors
}
func AuthMethodToPb(mfa *query.AuthMethod) *user_pb.AuthFactor {
factor := &user_pb.AuthFactor{
State: MFAStateToPb(mfa.State),
}
switch mfa.Type {
case domain.UserAuthMethodTypeTOTP:
factor.Type = &user_pb.AuthFactor_Otp{
Otp: &user_pb.AuthFactorOTP{},
}
case domain.UserAuthMethodTypeU2F:
factor.Type = &user_pb.AuthFactor_U2F{
U2F: &user_pb.AuthFactorU2F{
Id: mfa.TokenID,
Name: mfa.Name,
},
}
case domain.UserAuthMethodTypeOTPSMS:
factor.Type = &user_pb.AuthFactor_OtpSms{
OtpSms: &user_pb.AuthFactorOTPSMS{},
}
case domain.UserAuthMethodTypeOTPEmail:
factor.Type = &user_pb.AuthFactor_OtpEmail{
OtpEmail: &user_pb.AuthFactorOTPEmail{},
}
}
return factor
}
func MFAStateToPb(state domain.MFAState) user_pb.AuthFactorState {
switch state {
case domain.MFAStateNotReady:
return user_pb.AuthFactorState_AUTH_FACTOR_STATE_NOT_READY
case domain.MFAStateReady:
return user_pb.AuthFactorState_AUTH_FACTOR_STATE_READY
default:
return user_pb.AuthFactorState_AUTH_FACTOR_STATE_UNSPECIFIED
}
}
func UserAuthMethodsToWebAuthNTokenPb(methods *query.AuthMethods) []*user_pb.WebAuthNToken {
t := make([]*user_pb.WebAuthNToken, len(methods.AuthMethods))
for i, token := range methods.AuthMethods {
t[i] = UserAuthMethodToWebAuthNTokenPb(token)
}
return t
}
func UserAuthMethodToWebAuthNTokenPb(token *query.AuthMethod) *user_pb.WebAuthNToken {
return &user_pb.WebAuthNToken{
Id: token.TokenID,
State: MFAStateToPb(token.State),
Name: token.Name,
}
}
func ExternalIDPViewsToExternalIDPs(externalIDPs []*query.IDPUserLink) []*domain.UserIDPLink {
idps := make([]*domain.UserIDPLink, len(externalIDPs))
for i, idp := range externalIDPs {
idps[i] = &domain.UserIDPLink{
ObjectRoot: models.ObjectRoot{
AggregateID: idp.UserID,
ResourceOwner: idp.ResourceOwner,
},
IDPConfigID: idp.IDPID,
ExternalUserID: idp.ProvidedUserID,
DisplayName: idp.ProvidedUsername,
}
}
return idps
}
func TypeToPb(userType domain.UserType) user_pb.Type {
switch userType {
case domain.UserTypeHuman:
return user_pb.Type_TYPE_HUMAN
case domain.UserTypeMachine:
return user_pb.Type_TYPE_MACHINE
case domain.UserTypeUnspecified:
return user_pb.Type_TYPE_UNSPECIFIED
default:
return user_pb.Type_TYPE_UNSPECIFIED
}
}