zitadel/internal/api/grpc/management/login_policy_converter.go
Livio Amstutz c2e6e782a8
feat: idps (#1188)
* add setup steps

* refactoring

* omitempty

* cleanup

* begin org

* create org

* setup org

* setup org

* merge

* fixes

* fixes

* fixes

* add project

* add oidc application

* fix app creation

* add resourceOwner to writemodels

* resource owner

* cleanup

* global org, iam project and iam member in setup

* logs

* logs

* logs

* cleanup

* Update internal/v2/command/project.go

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* check project state

* add org domain commands

* add org status changes and member commands

* fixes

* policies

* login policy

* fix iam project event

* mapper

* label policy

* change to command

* fix

* fix

* handle change event differently and lot of fixes

* idps

* fixes

* fixes

* fixes

* changedEvent handling

* fix change events

* remove creation date

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2021-01-20 11:06:52 +01:00

293 lines
9.7 KiB
Go

package management
import (
"context"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/pkg/grpc/management"
)
func loginPolicyRequestToDomain(ctx context.Context, policy *management.LoginPolicyRequest) *domain.LoginPolicy {
return &domain.LoginPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
ForceMFA: policy.ForceMfa,
PasswordlessType: passwordlessTypeToDomain(policy.PasswordlessType),
}
}
func loginPolicyFromDomain(policy *domain.LoginPolicy) *management.LoginPolicy {
return &management.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
ChangeDate: timestamppb.New(policy.ChangeDate),
ForceMfa: policy.ForceMFA,
PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType),
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-5Tsm8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-8dJgs").OnError(err).Debug("date parse failed")
return &management.LoginPolicyView{
Default: policy.Default,
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
ForceMfa: policy.ForceMFA,
PasswordlessType: passwordlessTypeFromModel(policy.PasswordlessType),
}
}
func idpProviderSearchRequestToModel(request *management.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
return &iam_model.IDPProviderSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
}
}
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *management.IdpProviderSearchResponse {
return &management.IdpProviderSearchResponse{
Limit: response.Limit,
Offset: response.Offset,
TotalResult: response.TotalResult,
Result: idpProviderViewsFromModel(response.Result),
}
}
func idpProviderIDToDomain(ctx context.Context, provider *management.IdpProviderID) *domain.IDPProvider {
return &domain.IDPProvider{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: provider.IdpConfigId,
}
}
func idpProviderAddToDomain(ctx context.Context, provider *management.IdpProviderAdd) *domain.IDPProvider {
return &domain.IDPProvider{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: provider.IdpConfigId,
Type: idpProviderTypeToDomain(provider.IdpProviderType),
}
}
func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
return &management.IdpProviderID{
IdpConfigId: provider.IDPConfigID,
}
}
func idpProviderFromDomain(provider *domain.IDPProvider) *management.IdpProvider {
return &management.IdpProvider{
IdpConfigId: provider.IDPConfigID,
IdpProvider_Type: idpProviderTypeFromDomain(provider.Type),
}
}
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*management.IdpProviderView {
converted := make([]*management.IdpProviderView, len(providers))
for i, provider := range providers {
converted[i] = idpProviderViewFromModel(provider)
}
return converted
}
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *management.IdpProviderView {
return &management.IdpProviderView{
IdpConfigId: provider.IDPConfigID,
Name: provider.Name,
Type: idpConfigTypeToModel(provider.IDPConfigType),
}
}
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) management.IdpType {
switch providerType {
case iam_model.IDPConfigTypeOIDC:
return management.IdpType_IDPTYPE_OIDC
case iam_model.IDPConfigTypeSAML:
return management.IdpType_IDPTYPE_SAML
default:
return management.IdpType_IDPTYPE_UNSPECIFIED
}
}
func idpProviderTypeToDomain(providerType management.IdpProviderType) domain.IdentityProviderType {
switch providerType {
case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
return domain.IdentityProviderTypeSystem
case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
return domain.IdentityProviderTypeOrg
default:
return domain.IdentityProviderTypeSystem
}
}
func idpProviderTypeFromDomain(providerType domain.IdentityProviderType) management.IdpProviderType {
switch providerType {
case domain.IdentityProviderTypeSystem:
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
case domain.IdentityProviderTypeOrg:
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
default:
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
}
}
func idpProviderTypeFromModel(providerType iam_model.IDPProviderType) management.IdpProviderType {
switch providerType {
case iam_model.IDPProviderTypeSystem:
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
case iam_model.IDPProviderTypeOrg:
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
default:
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
}
}
func secondFactorResultFromModel(result *iam_model.SecondFactorsSearchResponse) *management.SecondFactorsResult {
converted := make([]management.SecondFactorType, len(result.Result))
for i, mfaType := range result.Result {
converted[i] = secondFactorTypeFromModel(mfaType)
}
return &management.SecondFactorsResult{
SecondFactors: converted,
}
}
func secondFactorFromDomain(mfaType domain.SecondFactorType) *management.SecondFactor {
return &management.SecondFactor{
SecondFactor: secondFactorTypeFromDomain(mfaType),
}
}
func secondFactorFromModel(mfaType iam_model.SecondFactorType) *management.SecondFactor {
return &management.SecondFactor{
SecondFactor: secondFactorTypeFromModel(mfaType),
}
}
func secondFactorTypeFromDomain(mfaType domain.SecondFactorType) management.SecondFactorType {
switch mfaType {
case domain.SecondFactorTypeOTP:
return management.SecondFactorType_SECONDFACTORTYPE_OTP
case domain.SecondFactorTypeU2F:
return management.SecondFactorType_SECONDFACTORTYPE_U2F
default:
return management.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
}
}
func secondFactorTypeFromModel(mfaType iam_model.SecondFactorType) management.SecondFactorType {
switch mfaType {
case iam_model.SecondFactorTypeOTP:
return management.SecondFactorType_SECONDFACTORTYPE_OTP
case iam_model.SecondFactorTypeU2F:
return management.SecondFactorType_SECONDFACTORTYPE_U2F
default:
return management.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
}
}
func secondFactorTypeToDomain(mfaType *management.SecondFactor) domain.SecondFactorType {
switch mfaType.SecondFactor {
case management.SecondFactorType_SECONDFACTORTYPE_OTP:
return domain.SecondFactorTypeOTP
case management.SecondFactorType_SECONDFACTORTYPE_U2F:
return domain.SecondFactorTypeU2F
default:
return domain.SecondFactorTypeUnspecified
}
}
func multiFactorResultFromModel(result *iam_model.MultiFactorsSearchResponse) *management.MultiFactorsResult {
converted := make([]management.MultiFactorType, len(result.Result))
for i, mfaType := range result.Result {
converted[i] = multiFactorTypeFromModel(mfaType)
}
return &management.MultiFactorsResult{
MultiFactors: converted,
}
}
func multiFactorFromDomain(mfaType domain.MultiFactorType) *management.MultiFactor {
return &management.MultiFactor{
MultiFactor: multiFactorTypeFromDomain(mfaType),
}
}
func multiFactorTypeFromDomain(mfaType domain.MultiFactorType) management.MultiFactorType {
switch mfaType {
case domain.MultiFactorTypeU2FWithPIN:
return management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
default:
return management.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
}
}
func multiFactorTypeFromModel(mfaType iam_model.MultiFactorType) management.MultiFactorType {
switch mfaType {
case iam_model.MultiFactorTypeU2FWithPIN:
return management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
default:
return management.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
}
}
func multiFactorTypeToDomain(mfaType *management.MultiFactor) domain.MultiFactorType {
switch mfaType.MultiFactor {
case management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN:
return domain.MultiFactorTypeU2FWithPIN
default:
return domain.MultiFactorTypeUnspecified
}
}
func passwordlessTypeFromModel(passwordlessType iam_model.PasswordlessType) management.PasswordlessType {
switch passwordlessType {
case iam_model.PasswordlessTypeAllowed:
return management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED
default:
return management.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED
}
}
func passwordlessTypeFromDomain(passwordlessType domain.PasswordlessType) management.PasswordlessType {
switch passwordlessType {
case domain.PasswordlessTypeAllowed:
return management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED
default:
return management.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED
}
}
func passwordlessTypeToDomain(passwordlessType management.PasswordlessType) domain.PasswordlessType {
switch passwordlessType {
case management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED:
return domain.PasswordlessTypeAllowed
default:
return domain.PasswordlessTypeNotAllowed
}
}