mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 11:34:26 +00:00
fbb30840f1
* feat: move pw policy * feat: default pw complexity policy * fix: org password complexity policy * fix: org password complexity policy * fix: pw complexity policy with setup * fix: age and lockout policies on aggregates * fix: migration * fix: org iam policy * fix: org iam policy * fix: org iam policy * fix: tests * fix: policy request * fix: merge master * fix(console): policies frontend (#817) * fix policy build * fix: age, complexity, lockout policies * fix: ready return err of setup not done * fix: fix remove policies in spoolers * fix: fix remove policies in spoolers * feat(console): policy settings for iam and org (#824) * fix policy build * fix: age, complexity, lockout policies * fix pwd complexity * policy remove action * add imports * fix accounts card, enable mgmt login policy * lint * add iam policy to admin * toasts, i18n, show default * routing, i18n * reset policy, toast i18n, cleanup, routing * policy delete permission * lint style * delete iam policy * delete non project from grid list, i18n * lint ts, style * fix: remove instead delete * feat(console): delete external idp from user (#835) * dialog i18n, delete column and function * dialog i18n * fix rm button * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: revert env, rename policy, remove comments * fix: lowercase sich * fix: pr requests * Update internal/iam/repository/eventsourcing/eventstore_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: tests * fix: tests * fix(console): policies (#839) * fix: nil pointer on get userdata (#815) * fix: external login (#818) * fix: external login * fix: external login * feat(console): delete user (#819) * add action col to user table, i18n * delete user from detail component * lint * fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808) * fix: remove user.write guard for filtering * border color * fix user routing from member tables * idp detail layout * generic contact component * fix redirect to auth user, user grant disable * disable policy action without permission, i18n * user-create flex fix, contact ng-content * rm unused styles * sidenav divider * lint * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/mgechev/codelyzer/releases) - [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md) - [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps-dev): bump @angular-devkit/build-angular in /console Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802) * fix: user session with external login (#797) * fix: user session with external login * fix: tests * fix: tests * fix: change idp config name * fix(container): stop copying / and instead only copy zitadel (#691) * chore: stop copying / and instead only copy zitadel * Update Dockerfile * Update release.yml * enable anchors debug * fix(container): don't copy alpine content into scratch execpt pwd * chore: remove need step * merge master * chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * create memberstable as common component * iam member cleanup * iam + org m table, user table service user avatar * toast config * fix selection emitter * fix project grant table width * project grant members refactor * theme optimizations * member table col delete * lint * fix table row color * refactor grey color * lint scss * org list redirect on click, fix user table undef * refresh table after grant add Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820) * i18n interceptor, set language to browser lang * nullcheck * rm external idp log * fix module imports, rm user displayname from i18n * Update console/src/assets/i18n/de.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: delete external idps from users (#822) * fix(console): permission regex, account switcher null check, restrict app and member create access (#821) * fix member table disable, gerneal regexp * fix user session card, app disable * memberships max count * fix policy permissions * permission check for member add dialog * lint * rm accounts log * rm id regex * fix: handle usermemberships on project and project grant delete (#825) * fix: go handler Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix: tests * fix: not needed error handling Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch>
260 lines
7.6 KiB
Go
260 lines
7.6 KiB
Go
package model
|
|
|
|
import (
|
|
"encoding/json"
|
|
"github.com/caos/zitadel/internal/iam/model"
|
|
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
|
|
|
"github.com/caos/zitadel/internal/errors"
|
|
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
|
org_model "github.com/caos/zitadel/internal/org/model"
|
|
)
|
|
|
|
const (
|
|
OrgVersion = "v1"
|
|
)
|
|
|
|
type Org struct {
|
|
es_models.ObjectRoot `json:"-"`
|
|
|
|
Name string `json:"name,omitempty"`
|
|
State int32 `json:"-"`
|
|
|
|
Domains []*OrgDomain `json:"-"`
|
|
Members []*OrgMember `json:"-"`
|
|
OrgIAMPolicy *iam_es_model.OrgIAMPolicy `json:"-"`
|
|
IDPs []*iam_es_model.IDPConfig `json:"-"`
|
|
LoginPolicy *iam_es_model.LoginPolicy `json:"-"`
|
|
PasswordComplexityPolicy *iam_es_model.PasswordComplexityPolicy `json:"-"`
|
|
PasswordAgePolicy *iam_es_model.PasswordAgePolicy `json:"-"`
|
|
PasswordLockoutPolicy *iam_es_model.PasswordLockoutPolicy `json:"-"`
|
|
}
|
|
|
|
func OrgFromModel(org *org_model.Org) *Org {
|
|
members := OrgMembersFromModel(org.Members)
|
|
domains := OrgDomainsFromModel(org.Domains)
|
|
idps := iam_es_model.IDPConfigsFromModel(org.IDPs)
|
|
converted := &Org{
|
|
ObjectRoot: org.ObjectRoot,
|
|
Name: org.Name,
|
|
State: int32(org.State),
|
|
Domains: domains,
|
|
Members: members,
|
|
IDPs: idps,
|
|
}
|
|
if org.OrgIamPolicy != nil {
|
|
converted.OrgIAMPolicy = iam_es_model.OrgIAMPolicyFromModel(org.OrgIamPolicy)
|
|
}
|
|
if org.LoginPolicy != nil {
|
|
converted.LoginPolicy = iam_es_model.LoginPolicyFromModel(org.LoginPolicy)
|
|
}
|
|
if org.PasswordComplexityPolicy != nil {
|
|
converted.PasswordComplexityPolicy = iam_es_model.PasswordComplexityPolicyFromModel(org.PasswordComplexityPolicy)
|
|
}
|
|
if org.PasswordAgePolicy != nil {
|
|
converted.PasswordAgePolicy = iam_es_model.PasswordAgePolicyFromModel(org.PasswordAgePolicy)
|
|
}
|
|
if org.PasswordLockoutPolicy != nil {
|
|
converted.PasswordLockoutPolicy = iam_es_model.PasswordLockoutPolicyFromModel(org.PasswordLockoutPolicy)
|
|
}
|
|
return converted
|
|
}
|
|
|
|
func OrgToModel(org *Org) *org_model.Org {
|
|
converted := &org_model.Org{
|
|
ObjectRoot: org.ObjectRoot,
|
|
Name: org.Name,
|
|
State: org_model.OrgState(org.State),
|
|
Domains: OrgDomainsToModel(org.Domains),
|
|
Members: OrgMembersToModel(org.Members),
|
|
IDPs: iam_es_model.IDPConfigsToModel(org.IDPs),
|
|
}
|
|
if org.OrgIAMPolicy != nil {
|
|
converted.OrgIamPolicy = iam_es_model.OrgIAMPolicyToModel(org.OrgIAMPolicy)
|
|
}
|
|
if org.LoginPolicy != nil {
|
|
converted.LoginPolicy = iam_es_model.LoginPolicyToModel(org.LoginPolicy)
|
|
}
|
|
if org.PasswordComplexityPolicy != nil {
|
|
converted.PasswordComplexityPolicy = iam_es_model.PasswordComplexityPolicyToModel(org.PasswordComplexityPolicy)
|
|
}
|
|
if org.PasswordAgePolicy != nil {
|
|
converted.PasswordAgePolicy = iam_es_model.PasswordAgePolicyToModel(org.PasswordAgePolicy)
|
|
}
|
|
if org.PasswordLockoutPolicy != nil {
|
|
converted.PasswordLockoutPolicy = iam_es_model.PasswordLockoutPolicyToModel(org.PasswordLockoutPolicy)
|
|
}
|
|
return converted
|
|
}
|
|
|
|
func OrgFromEvents(org *Org, events ...*es_models.Event) (*Org, error) {
|
|
if org == nil {
|
|
org = new(Org)
|
|
}
|
|
|
|
return org, org.AppendEvents(events...)
|
|
}
|
|
|
|
func (o *Org) AppendEvents(events ...*es_models.Event) error {
|
|
for _, event := range events {
|
|
err := o.AppendEvent(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (o *Org) AppendEvent(event *es_models.Event) (err error) {
|
|
switch event.Type {
|
|
case OrgAdded:
|
|
*o = Org{}
|
|
err = o.setData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
case OrgChanged:
|
|
err = o.setData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
case OrgDeactivated:
|
|
o.State = int32(org_model.OrgStateInactive)
|
|
case OrgReactivated:
|
|
o.State = int32(org_model.OrgStateActive)
|
|
case OrgMemberAdded:
|
|
member, err := OrgMemberFromEvent(nil, event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
member.CreationDate = event.CreationDate
|
|
|
|
o.setMember(member)
|
|
case OrgMemberChanged:
|
|
member, err := OrgMemberFromEvent(nil, event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
existingMember := o.getMember(member.UserID)
|
|
member.CreationDate = existingMember.CreationDate
|
|
|
|
o.setMember(member)
|
|
case OrgMemberRemoved:
|
|
member, err := OrgMemberFromEvent(nil, event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
o.removeMember(member.UserID)
|
|
case OrgDomainAdded:
|
|
err = o.appendAddDomainEvent(event)
|
|
case OrgDomainVerificationAdded:
|
|
err = o.appendVerificationDomainEvent(event)
|
|
case OrgDomainVerified:
|
|
err = o.appendVerifyDomainEvent(event)
|
|
case OrgDomainPrimarySet:
|
|
err = o.appendPrimaryDomainEvent(event)
|
|
case OrgDomainRemoved:
|
|
err = o.appendRemoveDomainEvent(event)
|
|
case OrgIAMPolicyAdded:
|
|
err = o.appendAddOrgIAMPolicyEvent(event)
|
|
case OrgIAMPolicyChanged:
|
|
err = o.appendChangeOrgIAMPolicyEvent(event)
|
|
case OrgIAMPolicyRemoved:
|
|
o.appendRemoveOrgIAMPolicyEvent()
|
|
case IDPConfigAdded:
|
|
err = o.appendAddIDPConfigEvent(event)
|
|
case IDPConfigChanged:
|
|
err = o.appendChangeIDPConfigEvent(event)
|
|
case IDPConfigRemoved:
|
|
err = o.appendRemoveIDPConfigEvent(event)
|
|
case IDPConfigDeactivated:
|
|
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
|
|
case IDPConfigReactivated:
|
|
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
|
|
case OIDCIDPConfigAdded:
|
|
err = o.appendAddOIDCIDPConfigEvent(event)
|
|
case OIDCIDPConfigChanged:
|
|
err = o.appendChangeOIDCIDPConfigEvent(event)
|
|
case LoginPolicyAdded:
|
|
err = o.appendAddLoginPolicyEvent(event)
|
|
case LoginPolicyChanged:
|
|
err = o.appendChangeLoginPolicyEvent(event)
|
|
case LoginPolicyRemoved:
|
|
o.appendRemoveLoginPolicyEvent(event)
|
|
case LoginPolicyIDPProviderAdded:
|
|
err = o.appendAddIdpProviderToLoginPolicyEvent(event)
|
|
case LoginPolicyIDPProviderRemoved:
|
|
err = o.appendRemoveIdpProviderFromLoginPolicyEvent(event)
|
|
case PasswordComplexityPolicyAdded:
|
|
err = o.appendAddPasswordComplexityPolicyEvent(event)
|
|
case PasswordComplexityPolicyChanged:
|
|
err = o.appendChangePasswordComplexityPolicyEvent(event)
|
|
case PasswordComplexityPolicyRemoved:
|
|
o.appendRemovePasswordComplexityPolicyEvent(event)
|
|
case PasswordAgePolicyAdded:
|
|
err = o.appendAddPasswordAgePolicyEvent(event)
|
|
case PasswordAgePolicyChanged:
|
|
err = o.appendChangePasswordAgePolicyEvent(event)
|
|
case PasswordAgePolicyRemoved:
|
|
o.appendRemovePasswordAgePolicyEvent(event)
|
|
case PasswordLockoutPolicyAdded:
|
|
err = o.appendAddPasswordLockoutPolicyEvent(event)
|
|
case PasswordLockoutPolicyChanged:
|
|
err = o.appendChangePasswordLockoutPolicyEvent(event)
|
|
case PasswordLockoutPolicyRemoved:
|
|
o.appendRemovePasswordLockoutPolicyEvent(event)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
o.ObjectRoot.AppendEvent(event)
|
|
return nil
|
|
}
|
|
|
|
func (o *Org) setData(event *es_models.Event) error {
|
|
err := json.Unmarshal(event.Data, o)
|
|
if err != nil {
|
|
return errors.ThrowInternal(err, "EVENT-BpbQZ", "unable to unmarshal event")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (o *Org) getMember(userID string) *OrgMember {
|
|
for _, member := range o.Members {
|
|
if member.UserID == userID {
|
|
return member
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (o *Org) setMember(member *OrgMember) {
|
|
for i, existingMember := range o.Members {
|
|
if existingMember.UserID == member.UserID {
|
|
o.Members[i] = member
|
|
return
|
|
}
|
|
}
|
|
o.Members = append(o.Members, member)
|
|
}
|
|
|
|
func (o *Org) removeMember(userID string) {
|
|
for i := len(o.Members) - 1; i >= 0; i-- {
|
|
if o.Members[i].UserID == userID {
|
|
copy(o.Members[i:], o.Members[i+1:])
|
|
o.Members[len(o.Members)-1] = nil
|
|
o.Members = o.Members[:len(o.Members)-1]
|
|
}
|
|
}
|
|
}
|
|
|
|
func (o *Org) Changes(changed *Org) map[string]interface{} {
|
|
changes := make(map[string]interface{}, 2)
|
|
|
|
if changed.Name != "" && changed.Name != o.Name {
|
|
changes["name"] = changed.Name
|
|
}
|
|
|
|
return changes
|
|
}
|