mirror of
https://github.com/zitadel/zitadel.git
synced 2025-04-03 09:17:27 +00:00
bffb10a4b4
* fix: wait for projection initialization to be done * feat: allow domain discovery for unknown usernames * fix linting * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/en.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update console/src/assets/i18n/fr.json Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * fix zh i18n text * fix projection table name Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
132 lines
4.3 KiB
Go
132 lines
4.3 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
"github.com/zitadel/zitadel/internal/repository/policy"
|
|
)
|
|
|
|
type InstanceLoginPolicyWriteModel struct {
|
|
LoginPolicyWriteModel
|
|
}
|
|
|
|
func NewInstanceLoginPolicyWriteModel(ctx context.Context) *InstanceLoginPolicyWriteModel {
|
|
return &InstanceLoginPolicyWriteModel{
|
|
LoginPolicyWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: authz.GetInstance(ctx).InstanceID(),
|
|
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *InstanceLoginPolicyWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *instance.LoginPolicyAddedEvent:
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyAddedEvent)
|
|
case *instance.LoginPolicyChangedEvent:
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyChangedEvent)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *InstanceLoginPolicyWriteModel) IsValid() bool {
|
|
return wm.AggregateID != ""
|
|
}
|
|
|
|
func (wm *InstanceLoginPolicyWriteModel) Reduce() error {
|
|
return wm.LoginPolicyWriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *InstanceLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(instance.AggregateType).
|
|
AggregateIDs(wm.LoginPolicyWriteModel.AggregateID).
|
|
EventTypes(
|
|
instance.LoginPolicyAddedEventType,
|
|
instance.LoginPolicyChangedEventType).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *InstanceLoginPolicyWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
allowUsernamePassword,
|
|
allowRegister,
|
|
allowExternalIDP,
|
|
forceMFA,
|
|
hidePasswordReset,
|
|
ignoreUnknownUsernames,
|
|
allowDomainDiscovery bool,
|
|
passwordlessType domain.PasswordlessType,
|
|
defaultRedirectURI string,
|
|
passwordCheckLifetime,
|
|
externalLoginCheckLifetime,
|
|
mfaInitSkipLifetime,
|
|
secondFactorCheckLifetime,
|
|
multiFactorCheckLifetime time.Duration,
|
|
) (*instance.LoginPolicyChangedEvent, bool) {
|
|
|
|
changes := make([]policy.LoginPolicyChanges, 0)
|
|
if wm.AllowUserNamePassword != allowUsernamePassword {
|
|
changes = append(changes, policy.ChangeAllowUserNamePassword(allowUsernamePassword))
|
|
}
|
|
if wm.AllowRegister != allowRegister {
|
|
changes = append(changes, policy.ChangeAllowRegister(allowRegister))
|
|
}
|
|
if wm.AllowExternalIDP != allowExternalIDP {
|
|
changes = append(changes, policy.ChangeAllowExternalIDP(allowExternalIDP))
|
|
}
|
|
if wm.ForceMFA != forceMFA {
|
|
changes = append(changes, policy.ChangeForceMFA(forceMFA))
|
|
}
|
|
if passwordlessType.Valid() && wm.PasswordlessType != passwordlessType {
|
|
changes = append(changes, policy.ChangePasswordlessType(passwordlessType))
|
|
}
|
|
if wm.HidePasswordReset != hidePasswordReset {
|
|
changes = append(changes, policy.ChangeHidePasswordReset(hidePasswordReset))
|
|
}
|
|
if wm.IgnoreUnknownUsernames != ignoreUnknownUsernames {
|
|
changes = append(changes, policy.ChangeIgnoreUnknownUsernames(ignoreUnknownUsernames))
|
|
}
|
|
if wm.AllowDomainDiscovery != allowDomainDiscovery {
|
|
changes = append(changes, policy.ChangeAllowDomainDiscovery(allowDomainDiscovery))
|
|
}
|
|
if wm.DefaultRedirectURI != defaultRedirectURI {
|
|
changes = append(changes, policy.ChangeDefaultRedirectURI(defaultRedirectURI))
|
|
}
|
|
if wm.PasswordCheckLifetime != passwordCheckLifetime {
|
|
changes = append(changes, policy.ChangePasswordCheckLifetime(passwordCheckLifetime))
|
|
}
|
|
if wm.ExternalLoginCheckLifetime != externalLoginCheckLifetime {
|
|
changes = append(changes, policy.ChangeExternalLoginCheckLifetime(externalLoginCheckLifetime))
|
|
}
|
|
if wm.MFAInitSkipLifetime != mfaInitSkipLifetime {
|
|
changes = append(changes, policy.ChangeMFAInitSkipLifetime(mfaInitSkipLifetime))
|
|
}
|
|
if wm.SecondFactorCheckLifetime != secondFactorCheckLifetime {
|
|
changes = append(changes, policy.ChangeSecondFactorCheckLifetime(secondFactorCheckLifetime))
|
|
}
|
|
if wm.MultiFactorCheckLifetime != multiFactorCheckLifetime {
|
|
changes = append(changes, policy.ChangeMultiFactorCheckLifetime(multiFactorCheckLifetime))
|
|
}
|
|
if len(changes) == 0 {
|
|
return nil, false
|
|
}
|
|
changedEvent, err := instance.NewLoginPolicyChangedEvent(ctx, aggregate, changes)
|
|
if err != nil {
|
|
return nil, false
|
|
}
|
|
return changedEvent, true
|
|
}
|