mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-25 09:07:48 +00:00
39c35c9455
* job queue * wg improvements * start handler * statement * statements * imporve handler * improve statement * statement in seperate file * move handlers * move query/old to query * handler * read models * bulk works * cleanup * contrib * rename readmodel to projection * rename read_models schema to projections * rename read_models schema to projections * search query as func, bulk iterates as long as new events * add event sequence less query * update checks for events between current sequence and sequence of first statement if it has previous sequence 0 * cleanup crdb projection * refactor projection handler * start with testing * tests for handler * remove todo * refactor statement: remove table name, add tests * improve projection handler shutdown, no savepoint if noop stmt, tests for stmt handler * tests * start failed events * seperate branch for contrib * move statement constructors to crdb pkg * correct import * Subscribe for eventtypes (#1800) * fix: is default (#1737) * fix: use email as username on global org (#1738) * fix: use email as username on global org * Update user_human.go * Update register_handler.go * chore(deps): update docusaurus (#1739) * chore: remove PAT and use GH Token (#1716) * chore: remove PAT and use GH Token * fix env * fix env * fix env * md lint * trigger ci * change user * fix GH bug * replace login part * chore: add GH Token to sem rel (#1746) * chore: add GH Token to sem rel * try branch * add GH Token * remove test branch again * docs: changes acme to acme-caos (#1744) * changes acme to acme-caos * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * feat: add additional origins on applications (#1691) * feat: add additional origins on applications * app additional redirects * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/google-protobuf in /console (#1681) Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666) Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7. - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * lock * chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * package lock * downgrade grpc * downgrade protobuf types * revert npm packs 🥸 Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> * docs: update run and start section texts (#1745) * update run and start section texts * adds showcase Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> * fix: additional origin list (#1753) * fix: handle api configs in authz handler (#1755) * fix(console): add model for api keys, fix toast, binding (#1757) * fix: add model for api keys, fix toast, binding * show api clientid * fix: missing patchvalue (#1758) * feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: correct json name of clientId in key.json (#1760) * fix: migration version (#1767) * start subscription * eventtypes * fix(login): links (#1778) * fix(login): href for help * fix(login): correct link to tos * fix: access tokens for service users and refresh token infos (#1779) * fix: access token for service user * handle info from refresh request * uniqueness * postpone access token uniqueness change * chore(coc): recommend code of conduct (#1782) * subscribe for events * feat(console): refresh toggle out of granttype context (#1785) * refresh toggle * disable if not code flow, lint * lint * fix: change oidc config order * accept refresh option within flow Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: refresh token activation (#1795) * fix: oidc grant type check * docs: add offline_access scope * docs: update refresh token status in supported grant types * fix: update oidc pkg * fix: check refresh token grant type (#1796) * configuration structs * org admins * failed events * fixes Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * remove comment * aggregate reducer * remove eventtypes * add protoc-get-validate to mod * fix transaltion * upsert * add gender on org admins, allow to retry failed stmts after configurable time * remove if * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * current sequences * make org and org_admins work again * add aggregate type to current sequence * fix(contibute): listing * add validate module * fix: search queries * feat(eventstore): previous aggregate root sequence (#1810) * feat(eventstore): previous aggregate root sequence * fix tests * fix: eventstore v1 test * add col to all mocked rows * next try * fix mig * rename aggregate root to aggregate type * update comment Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> * small refactorings * allow update multiple current sequences * unique log id * fix migrations * rename org admin to org owner * improve error handling and logging * fix(migration): optimize prev agg root seq * fix: projection handler test * fix: sub queries * small fixes * additional event types * correct org owner projection * fix primary key * feat(eventstore): jobs for projections (#2026) * fix: template names in login (#1974) * fix: template names in login * fix: error.html * fix: check for features on mgmt only (#1976) * fix: add sentry in ui, http and projection handlers (#1977) * fix: add sentry in ui, http and projection handlers * fix test * fix(eventstore): sub queries (#1805) * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * fix(contibute): listing * add validate module * fix: search queries * remove unused event type in query * ignore query if error in marshal * go mod tidy * update privacy policy query * update queries Co-authored-by: Livio Amstutz <livio.a@gmail.com> * feat: Extend oidc idp with oauth endpoints (#1980) * feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests * docs: update to beta 3 (#1984) * fix: role assertion (#1986) * fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer * docs: eventstore (#1982) * docs: eventstore * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch> * fix(sentry): trigger sentry release (#1989) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix: set version for sentry release (#1990) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix(corrected var name): corrected var name Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: log error reason on terminate session (#1973) * fix: return default language file, if requested lang does not exist for default login texts (#1988) * fix: return default language file, if requested lang doesnt exists * feat: read default translation file * feat: docs * fix: race condition in auth request unmarshalling (#1993) * feat: handle ui_locales in login (#1994) * fix: handle ui_locales in login * move supportedlanguage func into i18n package * update oidc pkg * fix: handle closed channels on unsubscribe (#1995) * fix: give restore more time (#1997) * fix: translation file read (#2009) * feat: translation file read * feat: readme * fix: enable idp add button for iam users (#2010) * fix: filter event_data (#2011) * feat: Custom message files (#1992) * feat: add get custom message text to admin api * feat: read custom message texts from files * feat: get languages in apis * feat: get languages in apis * feat: get languages in apis * feat: pr feedback * feat: docs * feat: merge main * fix: sms notification (#2013) * fix: phone verifications * feat: fix password reset as sms * fix: phone verification * fix: grpc status in sentry and validation interceptors (#2012) * fix: remove oauth endpoints from oidc config proto (#2014) * try with view * fix(console): disable sw (#2021) * fix: disable sw * angular.json disable sw * project projections * fix typos * customize projections * customizable projections, add change date to projects Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> * env file * typo * correct users * correct migration * fix: merge fail * fix test * fix(tests): unordered matcher * improve currentSequenceMatcher * correct certs * correct certs * add zitadel database on database list * refctor switch in match * enable all handlers * Delete io.env * cleanup * add handlers * rename view to projection * rename view to projection * fix type typo * remove unnecessary logs * refactor stmts * simplify interval calculation * fix tests * fix unlock test * fix migration * migs * fix(operator): update cockroach and flyway versions (#2138) * chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3 Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * start update dependencies * update mods and otlp * fix(build): update to go 1.16 * old version for k8s mods * update k8s versions * update orbos * fix(operator): update cockroach and flyway version * Update images.go Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stefan Benz <stefan@caos.ch> * fix import * fix typo * fix(migration): add org projection * fix(projection): correct table for org events in org owners * better insert stmt * fix typo * fix typo * set max connection lifetime * set max conns and conn lifetime in eventstore v1 * configure sql connection settings * add mig for agg type index * fix replace tab in yaml * handler interfaces * subscription * first try * handler * move sql client initialization * first part implemented * removed all occurencies of org by id and search orgs * fix merge issues * cleanup code * fix: queries implements orgviewprovider * cleanup * refactor text comparison * remove unused file * remove unused code * log * remove unused code * remove unused field * remove unused file * refactor * tests for search query * remove try * simplify state change mappers * projection tests * query functions * move reusable objects to separate files * rename domain column to primar_domain * fix tests * add current sequence * remove log prints * fix tests * fix: verifier * fix test * rename domain col migrations * simplify search response * add custom column constructors * fix: org projection table const * fix: full column name * feat: text query extension * fix: tests for query * number query * add deprection message * column in a single place (#2416) * column in a single place * use projection for columns * query column with aliases * rename methods * remove unused code * column for current sequences * global counter column * fix is org unique * fix: merge main and change actions / flow projections to new query side (#2434) * feat: actions (#2377) * feat(actions): begin api * feat(actions): begin api * api and projections * fix: handle multiple statements for a single event in projections * export func type * fix test * update to new reduce interface * flows in login * feat: jwt idp * feat: command side * feat: add tests * actions and flows * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * add feature * merge * merge * handle jwt idp * cleanup * bug fixes * autoregister * get token from specific header name * fix: proto * fixes * i18n * begin tests * fix and log http proxy * remove docker cache * fixes * usergrants in actions api * tests adn cleanup * cleanup * fix add user grant * set login context * i18n Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * change actions / flow projections to new query side * fixes * enable org projection Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fixes * cleanup * add tests Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
470 lines
16 KiB
Go
470 lines
16 KiB
Go
package eventstore
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/caos/logging"
|
|
"github.com/golang/protobuf/ptypes"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
"github.com/caos/zitadel/internal/config/systemdefaults"
|
|
"github.com/caos/zitadel/internal/domain"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
|
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
|
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
|
key_model "github.com/caos/zitadel/internal/key/model"
|
|
key_view_model "github.com/caos/zitadel/internal/key/repository/view/model"
|
|
"github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
|
|
usr_model "github.com/caos/zitadel/internal/user/model"
|
|
usr_view "github.com/caos/zitadel/internal/user/repository/view"
|
|
"github.com/caos/zitadel/internal/user/repository/view/model"
|
|
"github.com/caos/zitadel/internal/view/repository"
|
|
)
|
|
|
|
type UserRepo struct {
|
|
v1.Eventstore
|
|
SearchLimit uint64
|
|
View *view.View
|
|
SystemDefaults systemdefaults.SystemDefaults
|
|
PrefixAvatarURL string
|
|
}
|
|
|
|
func (repo *UserRepo) UserByID(ctx context.Context, id string) (*usr_model.UserView, error) {
|
|
user, viewErr := repo.View.UserByID(id)
|
|
if viewErr != nil && !errors.IsNotFound(viewErr) {
|
|
return nil, viewErr
|
|
}
|
|
if errors.IsNotFound(viewErr) {
|
|
user = new(model.UserView)
|
|
}
|
|
|
|
events, esErr := repo.getUserEvents(ctx, id, user.Sequence)
|
|
if errors.IsNotFound(viewErr) && len(events) == 0 {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-Lsoj7", "Errors.User.NotFound")
|
|
}
|
|
if esErr != nil {
|
|
logging.Log("EVENT-PSoc3").WithError(esErr).Debug("error retrieving new events")
|
|
return model.UserToModel(user, repo.PrefixAvatarURL), nil
|
|
}
|
|
userCopy := *user
|
|
for _, event := range events {
|
|
if err := userCopy.AppendEvent(event); err != nil {
|
|
return model.UserToModel(user, repo.PrefixAvatarURL), nil
|
|
}
|
|
}
|
|
if userCopy.State == int32(usr_model.UserStateDeleted) {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-4Fm9s", "Errors.User.NotFound")
|
|
}
|
|
return model.UserToModel(&userCopy, repo.PrefixAvatarURL), nil
|
|
}
|
|
|
|
func (repo *UserRepo) UserByIDAndResourceOwner(ctx context.Context, id, resourceOwner string) (*usr_model.UserView, error) {
|
|
user, viewErr := repo.View.UserByIDAndResourceOwner(id, resourceOwner)
|
|
if viewErr != nil && !errors.IsNotFound(viewErr) {
|
|
return nil, viewErr
|
|
}
|
|
if errors.IsNotFound(viewErr) {
|
|
user = new(model.UserView)
|
|
}
|
|
|
|
events, esErr := repo.getUserEvents(ctx, id, user.Sequence)
|
|
if errors.IsNotFound(viewErr) && len(events) == 0 {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-Lsoj7", "Errors.User.NotFound")
|
|
}
|
|
if esErr != nil {
|
|
logging.Log("EVENT-PSoc3").WithError(esErr).Debug("error retrieving new events")
|
|
return model.UserToModel(user, repo.PrefixAvatarURL), nil
|
|
}
|
|
userCopy := *user
|
|
for _, event := range events {
|
|
if err := userCopy.AppendEvent(event); err != nil {
|
|
return model.UserToModel(user, repo.PrefixAvatarURL), nil
|
|
}
|
|
}
|
|
if userCopy.State == int32(usr_model.UserStateDeleted) || userCopy.ResourceOwner != resourceOwner {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-4Fm9s", "Errors.User.NotFound")
|
|
}
|
|
return model.UserToModel(&userCopy, repo.PrefixAvatarURL), nil
|
|
}
|
|
|
|
func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest, ensureLimit bool) (*usr_model.UserSearchResponse, error) {
|
|
if ensureLimit {
|
|
err := request.EnsureLimit(repo.SearchLimit)
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
sequence, sequenceErr := repo.View.GetLatestUserSequence()
|
|
logging.Log("EVENT-Lcn7d").OnError(sequenceErr).Warn("could not read latest user sequence")
|
|
users, count, err := repo.View.SearchUsers(request)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result := &usr_model.UserSearchResponse{
|
|
Offset: request.Offset,
|
|
Limit: request.Limit,
|
|
TotalResult: count,
|
|
Result: model.UsersToModel(users, repo.PrefixAvatarURL),
|
|
}
|
|
if sequenceErr == nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (repo *UserRepo) UserIDsByDomain(ctx context.Context, domain string) ([]string, error) {
|
|
return repo.View.UserIDsByDomain(domain)
|
|
}
|
|
|
|
func (repo *UserRepo) UserChanges(ctx context.Context, id string, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*usr_model.UserChanges, error) {
|
|
changes, err := repo.getUserChanges(ctx, id, lastSequence, limit, sortAscending, retention)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, change := range changes.Changes {
|
|
change.ModifierName = change.ModifierID
|
|
change.ModifierLoginName = change.ModifierID
|
|
user, _ := repo.UserByID(ctx, change.ModifierID)
|
|
if user != nil {
|
|
change.ModifierLoginName = user.PreferredLoginName
|
|
if user.HumanView != nil {
|
|
change.ModifierName = user.HumanView.DisplayName
|
|
change.ModifierAvatarURL = user.HumanView.AvatarURL
|
|
}
|
|
if user.MachineView != nil {
|
|
change.ModifierName = user.MachineView.Name
|
|
}
|
|
}
|
|
}
|
|
return changes, nil
|
|
}
|
|
|
|
func (repo *UserRepo) GetUserByLoginNameGlobal(ctx context.Context, loginName string) (*usr_model.UserView, error) {
|
|
user, err := repo.View.GetGlobalUserByLoginName(loginName)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return model.UserToModel(user, repo.PrefixAvatarURL), nil
|
|
}
|
|
|
|
func (repo *UserRepo) IsUserUnique(ctx context.Context, userName, email string) (bool, error) {
|
|
return repo.View.IsUserUnique(userName, email)
|
|
}
|
|
|
|
func (repo *UserRepo) GetMetadataByKey(ctx context.Context, userID, resourceOwner, key string) (*domain.Metadata, error) {
|
|
data, err := repo.View.MetadataByKeyAndResourceOwner(userID, resourceOwner, key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return iam_model.MetadataViewToDomain(data), nil
|
|
}
|
|
|
|
func (repo *UserRepo) SearchMetadata(ctx context.Context, userID, resourceOwner string, req *domain.MetadataSearchRequest) (*domain.MetadataSearchResponse, error) {
|
|
err := req.EnsureLimit(repo.SearchLimit)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sequence, sequenceErr := repo.View.GetLatestUserSequence()
|
|
logging.Log("EVENT-m0ds3").OnError(sequenceErr).Warn("could not read latest user sequence")
|
|
req.AppendAggregateIDQuery(userID)
|
|
req.AppendResourceOwnerQuery(resourceOwner)
|
|
metadata, count, err := repo.View.SearchMetadata(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result := &domain.MetadataSearchResponse{
|
|
Offset: req.Offset,
|
|
Limit: req.Limit,
|
|
TotalResult: count,
|
|
Result: iam_model.MetadataViewsToDomain(metadata),
|
|
}
|
|
if sequenceErr == nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (repo *UserRepo) UserMFAs(ctx context.Context, userID string) ([]*usr_model.MultiFactor, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-xx0hV", "Errors.User.NotHuman")
|
|
}
|
|
mfas := make([]*usr_model.MultiFactor, 0)
|
|
if user.OTPState != usr_model.MFAStateUnspecified {
|
|
mfas = append(mfas, &usr_model.MultiFactor{Type: usr_model.MFATypeOTP, State: user.OTPState})
|
|
}
|
|
for _, u2f := range user.U2FTokens {
|
|
mfas = append(mfas, &usr_model.MultiFactor{Type: usr_model.MFATypeU2F, State: u2f.State, Attribute: u2f.Name, ID: u2f.TokenID})
|
|
}
|
|
return mfas, nil
|
|
}
|
|
|
|
func (repo *UserRepo) GetPasswordless(ctx context.Context, userID string) ([]*usr_model.WebAuthNView, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9anf8", "Errors.User.NotHuman")
|
|
}
|
|
return user.HumanView.PasswordlessTokens, nil
|
|
}
|
|
|
|
func (repo *UserRepo) ProfileByID(ctx context.Context, userID string) (*usr_model.Profile, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-gDFC2", "Errors.User.NotHuman")
|
|
}
|
|
return user.GetProfile()
|
|
}
|
|
|
|
func (repo *UserRepo) SearchExternalIDPs(ctx context.Context, request *usr_model.ExternalIDPSearchRequest) (*usr_model.ExternalIDPSearchResponse, error) {
|
|
err := request.EnsureLimit(repo.SearchLimit)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sequence, seqErr := repo.View.GetLatestExternalIDPSequence()
|
|
logging.Log("EVENT-Qs7uf").OnError(seqErr).Warn("could not read latest external idp sequence")
|
|
externalIDPS, count, err := repo.View.SearchExternalIDPs(request)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result := &usr_model.ExternalIDPSearchResponse{
|
|
Offset: request.Offset,
|
|
Limit: request.Limit,
|
|
TotalResult: count,
|
|
Result: model.ExternalIDPViewsToModel(externalIDPS),
|
|
}
|
|
if seqErr == nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (repo *UserRepo) ExternalIDPsByIDPConfigID(ctx context.Context, idpConfigID string) ([]*usr_model.ExternalIDPView, error) {
|
|
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(idpConfigID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return model.ExternalIDPViewsToModel(externalIDPs), nil
|
|
}
|
|
|
|
func (repo *UserRepo) ExternalIDPsByIDPConfigIDAndResourceOwner(ctx context.Context, idpConfigID, resourceOwner string) ([]*usr_model.ExternalIDPView, error) {
|
|
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigIDAndResourceOwner(idpConfigID, resourceOwner)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return model.ExternalIDPViewsToModel(externalIDPs), nil
|
|
}
|
|
|
|
func (repo *UserRepo) GetMachineKey(ctx context.Context, userID, keyID string) (*key_model.AuthNKeyView, error) {
|
|
key, err := repo.View.AuthNKeyByIDs(userID, keyID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return key_view_model.AuthNKeyToModel(key), nil
|
|
}
|
|
|
|
func (repo *UserRepo) SearchMachineKeys(ctx context.Context, request *key_model.AuthNKeySearchRequest) (*key_model.AuthNKeySearchResponse, error) {
|
|
err := request.EnsureLimit(repo.SearchLimit)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sequence, seqErr := repo.View.GetLatestAuthNKeySequence()
|
|
logging.Log("EVENT-Sk8fs").OnError(seqErr).Warn("could not read latest authn key sequence")
|
|
keys, count, err := repo.View.SearchAuthNKeys(request)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result := &key_model.AuthNKeySearchResponse{
|
|
Offset: request.Offset,
|
|
Limit: request.Limit,
|
|
TotalResult: count,
|
|
Result: key_view_model.AuthNKeysToModel(keys),
|
|
}
|
|
if seqErr == nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (repo *UserRepo) EmailByID(ctx context.Context, userID string) (*usr_model.Email, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-pt7HY", "Errors.User.NotHuman")
|
|
}
|
|
return user.GetEmail()
|
|
}
|
|
|
|
func (repo *UserRepo) PhoneByID(ctx context.Context, userID string) (*usr_model.Phone, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-hliQl", "Errors.User.NotHuman")
|
|
}
|
|
return user.GetPhone()
|
|
}
|
|
|
|
func (repo *UserRepo) AddressByID(ctx context.Context, userID string) (*usr_model.Address, error) {
|
|
user, err := repo.UserByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user.HumanView == nil {
|
|
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-LQh4I", "Errors.User.NotHuman")
|
|
}
|
|
return user.GetAddress()
|
|
}
|
|
|
|
func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_model.UserMembershipSearchRequest) (*usr_model.UserMembershipSearchResponse, error) {
|
|
err := request.EnsureLimit(repo.SearchLimit)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence()
|
|
logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence")
|
|
|
|
result := handleSearchUserMembershipsPermissions(ctx, request, sequence)
|
|
if result != nil {
|
|
return result, nil
|
|
}
|
|
|
|
memberships, count, err := repo.View.SearchUserMemberships(request)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result = &usr_model.UserMembershipSearchResponse{
|
|
Offset: request.Offset,
|
|
Limit: request.Limit,
|
|
TotalResult: count,
|
|
Result: model.UserMembershipsToModel(memberships),
|
|
}
|
|
if sequenceErr == nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (repo *UserRepo) UserMembershipsByUserID(ctx context.Context, userID string) ([]*usr_model.UserMembershipView, error) {
|
|
memberships, err := repo.View.UserMembershipsByUserID(userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return model.UserMembershipsToModel(memberships), nil
|
|
}
|
|
|
|
func (r *UserRepo) getUserChanges(ctx context.Context, userID string, lastSequence uint64, limit uint64, sortAscending bool, retention time.Duration) (*usr_model.UserChanges, error) {
|
|
query := usr_view.ChangesQuery(userID, lastSequence, limit, sortAscending, retention)
|
|
|
|
events, err := r.Eventstore.FilterEvents(ctx, query)
|
|
if err != nil {
|
|
logging.Log("EVENT-g9HCv").WithError(err).Warn("eventstore unavailable")
|
|
return nil, errors.ThrowInternal(err, "EVENT-htuG9", "Errors.Internal")
|
|
}
|
|
if len(events) == 0 {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-6cAxe", "Errors.User.NoChanges")
|
|
}
|
|
|
|
result := make([]*usr_model.UserChange, len(events))
|
|
|
|
for i, event := range events {
|
|
creationDate, err := ptypes.TimestampProto(event.CreationDate)
|
|
logging.Log("EVENT-8GTGS").OnError(err).Debug("unable to parse timestamp")
|
|
change := &usr_model.UserChange{
|
|
ChangeDate: creationDate,
|
|
EventType: event.Type.String(),
|
|
ModifierID: event.EditorUser,
|
|
Sequence: event.Sequence,
|
|
}
|
|
|
|
//TODO: now all types should be unmarshalled, e.g. password
|
|
// if len(event.Data) != 0 {
|
|
// user := new(model.User)
|
|
// err := json.Unmarshal(event.Data, user)
|
|
// logging.Log("EVENT-Rkg7X").OnError(err).Debug("unable to unmarshal data")
|
|
// change.Data = user
|
|
// }
|
|
|
|
result[i] = change
|
|
if lastSequence < event.Sequence {
|
|
lastSequence = event.Sequence
|
|
}
|
|
}
|
|
|
|
return &usr_model.UserChanges{
|
|
Changes: result,
|
|
LastSequence: lastSequence,
|
|
}, nil
|
|
}
|
|
|
|
func (r *UserRepo) getUserEvents(ctx context.Context, userID string, sequence uint64) ([]*models.Event, error) {
|
|
query, err := usr_view.UserByIDQuery(userID, sequence)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return r.Eventstore.FilterEvents(ctx, query)
|
|
}
|
|
|
|
func handleSearchUserMembershipsPermissions(ctx context.Context, request *usr_model.UserMembershipSearchRequest, sequence *repository.CurrentSequence) *usr_model.UserMembershipSearchResponse {
|
|
permissions := authz.GetAllPermissionsFromCtx(ctx)
|
|
iamPerm := authz.HasGlobalExplicitPermission(permissions, iamMemberReadPerm)
|
|
orgPerm := authz.HasGlobalExplicitPermission(permissions, orgMemberReadPerm)
|
|
projectPerm := authz.HasGlobalExplicitPermission(permissions, projectMemberReadPerm)
|
|
projectGrantPerm := authz.HasGlobalExplicitPermission(permissions, projectGrantMemberReadPerm)
|
|
if iamPerm && orgPerm && projectPerm && projectGrantPerm {
|
|
return nil
|
|
}
|
|
if !iamPerm {
|
|
request.Queries = append(request.Queries, &usr_model.UserMembershipSearchQuery{Key: usr_model.UserMembershipSearchKeyMemberType, Method: domain.SearchMethodNotEquals, Value: usr_model.MemberTypeIam})
|
|
}
|
|
if !orgPerm {
|
|
request.Queries = append(request.Queries, &usr_model.UserMembershipSearchQuery{Key: usr_model.UserMembershipSearchKeyMemberType, Method: domain.SearchMethodNotEquals, Value: usr_model.MemberTypeOrganisation})
|
|
}
|
|
|
|
ids := authz.GetExplicitPermissionCtxIDs(permissions, projectMemberReadPerm)
|
|
ids = append(ids, authz.GetExplicitPermissionCtxIDs(permissions, projectGrantMemberReadPerm)...)
|
|
if _, q := request.GetSearchQuery(usr_model.UserMembershipSearchKeyObjectID); q != nil {
|
|
containsID := false
|
|
for _, id := range ids {
|
|
if id == q.Value {
|
|
containsID = true
|
|
break
|
|
}
|
|
}
|
|
if !containsID {
|
|
result := &usr_model.UserMembershipSearchResponse{
|
|
Offset: request.Offset,
|
|
Limit: request.Limit,
|
|
TotalResult: uint64(0),
|
|
Result: []*usr_model.UserMembershipView{},
|
|
}
|
|
if sequence != nil {
|
|
result.Sequence = sequence.CurrentSequence
|
|
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
|
}
|
|
return result
|
|
}
|
|
}
|
|
request.Queries = append(request.Queries, &usr_model.UserMembershipSearchQuery{Key: usr_model.UserMembershipSearchKeyObjectID, Method: domain.SearchMethodIsOneOf, Value: ids})
|
|
return nil
|
|
}
|