TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-07 21:06:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/api/ui/login/register_option_handler.go
Elio Bischof e00cc187fa
fix: make user creation errors helpful (#5382) 
* fix: make user creation errors helpful

* fix linting and unit testing errors

* fix linting

* make zitadel config reusable

* fix human validations

* translate ssr errors

* make zitadel config reusable

* cover more translations for ssr

* handle email validation message centrally

* fix unit tests

* fix linting

* align signatures

* use more precise wording

* handle phone validation message centrally

* fix: return specific profile errors

* docs: edit comments

* fix unit tests

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-14 19:20:38 +00:00

125 lines
4.0 KiB
Go
Raw Blame History

package login
import (
"net/http"
"strings"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query"
)
const (
tmplRegisterOption = "registeroption"
)
type registerOptionFormData struct {
UsernamePassword bool `schema:"usernamepassword"`
}
type registerOptionData struct {
baseData
}
func (l *Login) handleRegisterOption(w http.ResponseWriter, r *http.Request) {
data := new(registerOptionFormData)
authRequest, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
l.renderError(w, r, authRequest, err)
return
}
l.renderRegisterOption(w, r, authRequest, nil)
}
func (l *Login) renderRegisterOption(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) {
var errID, errMessage string
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
allowed := registrationAllowed(authReq)
externalAllowed := externalRegistrationAllowed(authReq)
if err == nil {
// if only external allowed with a single idp then use that
if !allowed && externalAllowed && len(authReq.AllowedExternalIDPs) == 1 {
l.handleIDP(w, r, authReq, authReq.AllowedExternalIDPs[0].IDPConfigID)
return
}
// if only direct registration is allowed, show the form
if allowed && !externalAllowed {
data := l.passLoginHintToRegistration(r, authReq)
l.renderRegister(w, r, authReq, data, nil)
return
}
}
translator := l.getTranslator(r.Context(), authReq)
data := registerOptionData{
baseData: l.getBaseData(r, authReq, "RegisterOption.Title", "RegisterOption.Description", errID, errMessage),
}
funcs := map[string]interface{}{
"hasRegistration": func() bool {
return allowed
},
"hasExternalLogin": func() bool {
return externalAllowed
},
}
l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplRegisterOption], data, funcs)
}
func (l *Login) handleRegisterOptionCheck(w http.ResponseWriter, r *http.Request) {
data := new(registerOptionFormData)
authReq, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
l.renderError(w, r, authReq, err)
return
}
if data.UsernamePassword {
l.handleRegister(w, r)
return
}
l.handleRegisterOption(w, r)
}
func registrationAllowed(authReq *domain.AuthRequest) bool {
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowRegister && authReq.LoginPolicy.AllowUsernamePassword
}
func externalRegistrationAllowed(authReq *domain.AuthRequest) bool {
return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowExternalIDP && authReq.AllowedExternalIDPs != nil && len(authReq.AllowedExternalIDPs) > 0
}
func (l *Login) passLoginHintToRegistration(r *http.Request, authReq *domain.AuthRequest) *registerFormData {
data := &registerFormData{}
if authReq == nil {
return data
}
data.Email = domain.EmailAddress(authReq.LoginHint)
domainPolicy, err := l.getOrgDomainPolicy(r, authReq.RequestedOrgID)
if err != nil {
logging.WithFields("authRequest", authReq.ID, "org", authReq.RequestedOrgID).Error("unable to load domain policy for registration loginHint")
return data
}
data.Username = authReq.LoginHint
if !domainPolicy.UserLoginMustBeDomain {
return data
}
searchQuery, err := query.NewOrgDomainOrgIDSearchQuery(authReq.RequestedOrgID)
if err != nil {
logging.WithFields("authRequest", authReq.ID, "org", authReq.RequestedOrgID).Error("unable to search query for registration loginHint")
return data
}
domains, err := l.query.SearchOrgDomains(r.Context(), &query.OrgDomainSearchQueries{Queries: []query.SearchQuery{searchQuery}}, false)
if err != nil {
logging.WithFields("authRequest", authReq.ID, "org", authReq.RequestedOrgID).Error("unable to load domains for registration loginHint")
return data
}
for _, orgDomain := range domains.Domains {
if orgDomain.IsVerified && strings.HasSuffix(authReq.LoginHint, "@"+orgDomain.Domain) {
data.Username = strings.TrimSuffix(authReq.LoginHint, "@"+orgDomain.Domain)
return data
}
}
return data
}
Reference in New Issue View Git Blame Copy Permalink