mirror of
https://github.com/zitadel/zitadel.git
synced 2025-05-15 20:08:19 +00:00
411d7c6c5c
* feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch>
85 lines
1.7 KiB
Go
85 lines
1.7 KiB
Go
package domain
|
|
|
|
import (
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
)
|
|
|
|
type LoginPolicy struct {
|
|
models.ObjectRoot
|
|
|
|
Default bool
|
|
AllowUsernamePassword bool
|
|
AllowRegister bool
|
|
AllowExternalIDP bool
|
|
IDPProviders []*IDPProvider
|
|
ForceMFA bool
|
|
SecondFactors []SecondFactorType
|
|
MultiFactors []MultiFactorType
|
|
PasswordlessType PasswordlessType
|
|
HidePasswordReset bool
|
|
IgnoreUnknownUsernames bool
|
|
DefaultRedirectURI string
|
|
PasswordCheckLifetime time.Duration
|
|
ExternalLoginCheckLifetime time.Duration
|
|
MFAInitSkipLifetime time.Duration
|
|
SecondFactorCheckLifetime time.Duration
|
|
MultiFactorCheckLifetime time.Duration
|
|
}
|
|
|
|
func ValidateDefaultRedirectURI(rawURL string) bool {
|
|
if rawURL == "" {
|
|
return true
|
|
}
|
|
parsedURL, err := url.Parse(rawURL)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
switch parsedURL.Scheme {
|
|
case "":
|
|
return false
|
|
case "http", "https":
|
|
return parsedURL.Host != ""
|
|
default:
|
|
return true
|
|
}
|
|
}
|
|
|
|
type IDPProvider struct {
|
|
models.ObjectRoot
|
|
Type IdentityProviderType
|
|
IDPConfigID string
|
|
|
|
Name string
|
|
StylingType IDPConfigStylingType
|
|
IDPConfigType IDPConfigType
|
|
IDPState IDPConfigState
|
|
}
|
|
|
|
func (p IDPProvider) IsValid() bool {
|
|
return p.IDPConfigID != ""
|
|
}
|
|
|
|
type PasswordlessType int32
|
|
|
|
const (
|
|
PasswordlessTypeNotAllowed PasswordlessType = iota
|
|
PasswordlessTypeAllowed
|
|
|
|
passwordlessCount
|
|
)
|
|
|
|
func (f PasswordlessType) Valid() bool {
|
|
return f >= 0 && f < passwordlessCount
|
|
}
|
|
|
|
func (p *LoginPolicy) HasSecondFactors() bool {
|
|
return len(p.SecondFactors) > 0
|
|
}
|
|
|
|
func (p *LoginPolicy) HasMultiFactors() bool {
|
|
return len(p.MultiFactors) > 0
|
|
}
|