mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-16 22:47:49 +00:00
.codecov
.devcontainer
.github
build
cmd
console
deploy
docs
e2e
internal
actions
activity
admin
api
auth
auth_request
authz
cache
command
errors
preparation
action_v2_execution.go
action_v2_execution_model.go
action_v2_execution_model_test.go
action_v2_execution_test.go
action_v2_target.go
action_v2_target_model.go
action_v2_target_model_test.go
action_v2_target_test.go
auth_checks.go
auth_request.go
auth_request_model.go
auth_request_test.go
cache.go
command.go
command_test.go
converter.go
crypto.go
crypto_test.go
custom_login_text.go
custom_login_text_model.go
custom_message_text_model.go
debug_events.go
debug_events_model.go
debug_events_test.go
debug_notification_model.go
device_auth.go
device_auth_model.go
device_auth_test.go
email.go
existing_label_policies_model.go
flow_model.go
identity_provider_model.go
idp.go
idp_config_model.go
idp_intent.go
idp_intent_model.go
idp_intent_test.go
idp_model.go
idp_model_test.go
instance.go
instance_converter.go
instance_custom_login_text.go
instance_custom_login_text_model.go
instance_custom_login_text_test.go
instance_custom_message_text.go
instance_custom_message_text_model.go
instance_custom_message_text_test.go
instance_debug_notification_file.go
instance_debug_notification_file_model.go
instance_debug_notification_file_test.go
instance_debug_notification_log.go
instance_debug_notification_log_model.go
instance_debug_notification_log_test.go
instance_domain.go
instance_domain_model.go
instance_domain_test.go
instance_features.go
instance_features_model.go
instance_features_test.go
instance_idp.go
instance_idp_config.go
instance_idp_config_model.go
instance_idp_config_test.go
instance_idp_jwt_config.go
instance_idp_jwt_config_model.go
instance_idp_jwt_config_test.go
instance_idp_model.go
instance_idp_oidc_config.go
instance_idp_oidc_config_model.go
instance_idp_oidc_config_test.go
instance_idp_test.go
instance_member.go
instance_member_model.go
instance_member_test.go
instance_model.go
instance_oidc_settings.go
instance_oidc_settings_model.go
instance_oidc_settings_test.go
instance_permissions.go
instance_policy_domain.go
instance_policy_domain_model.go
instance_policy_domain_test.go
instance_policy_label.go
instance_policy_label_model.go
instance_policy_label_test.go
instance_policy_login.go
instance_policy_login_factors_model.go
instance_policy_login_identity_provider_model.go
instance_policy_login_model.go
instance_policy_login_test.go
instance_policy_mail_template.go
instance_policy_mail_template_model.go
instance_policy_mail_template_test.go
instance_policy_notification.go
instance_policy_notification_model.go
instance_policy_notification_test.go
instance_policy_password_age.go
instance_policy_password_age_model.go
instance_policy_password_age_test.go
instance_policy_password_complexity.go
instance_policy_password_complexity_model.go
instance_policy_password_complexity_test.go
instance_policy_password_lockout.go
instance_policy_password_lockout_model.go
instance_policy_password_lockout_test.go
instance_policy_privacy.go
instance_policy_privacy_model.go
instance_policy_privacy_test.go
instance_policy_security.go
instance_policy_security_model.go
instance_secret_generator_model.go
instance_settings.go
instance_settings_test.go
instance_smtp_config_model.go
instance_test.go
instance_trusted_domain.go
instance_trusted_domain_test.go
instance_trusted_domains_model.go
jwt_config_model.go
key_pair.go
key_pair_model.go
limits.go
limits_bulk_model.go
limits_model.go
limits_test.go
logout_session.go
logout_session_model.go
main_test.go
member_model.go
metadata_model.go
milestone.go
milestone_model.go
milestone_test.go
notification.go
oidc_config_model.go
oidc_session.go
oidc_session_model.go
oidc_session_test.go
org.go
org_action.go
org_action_model.go
org_action_test.go
org_converter.go
org_custom_login_text.go
org_custom_login_text_model.go
org_custom_login_text_test.go
org_custom_message_model.go
org_custom_message_text.go
org_custom_message_text_test.go
org_domain.go
org_domain_model.go
org_domain_test.go
org_flow.go
org_flow_model.go
org_flow_test.go
org_idp.go
org_idp_config.go
org_idp_config_model.go
org_idp_config_test.go
org_idp_jwt_config.go
org_idp_jwt_config_model.go
org_idp_jwt_config_test.go
org_idp_model.go
org_idp_oidc_config.go
org_idp_oidc_config_model.go
org_idp_oidc_config_test.go
org_idp_test.go
org_member.go
org_member_model.go
org_member_test.go
org_metadata.go
org_metadata_model.go
org_metadata_test.go
org_model.go
org_policy_domain.go
org_policy_domain_model.go
org_policy_domain_test.go
org_policy_label.go
org_policy_label_model.go
org_policy_label_test.go
org_policy_lockout.go
org_policy_lockout_model.go
org_policy_lockout_test.go
org_policy_login.go
org_policy_login_factors_model.go
org_policy_login_identity_provider_model.go
org_policy_login_model.go
org_policy_login_test.go
org_policy_mail_template.go
org_policy_mail_template_model.go
org_policy_mail_template_test.go
org_policy_notification.go
org_policy_notification_model.go
org_policy_notification_test.go
org_policy_password_age.go
org_policy_password_age_model.go
org_policy_password_age_test.go
org_policy_password_complexity.go
org_policy_password_complexity_model.go
org_policy_password_complexity_test.go
org_policy_privacy.go
org_policy_privacy_model.go
org_policy_privacy_test.go
org_test.go
phone.go
phone_test.go
policy_label_model.go
policy_login_factors_model.go
policy_login_model.go
policy_mail_template_model.go
policy_notification_model.go
policy_org_model.go
policy_password_age_model.go
policy_password_complexity_model.go
policy_password_lockout_model.go
policy_privacy_model.go
preparation_test.go
project.go
project_application.go
project_application_api.go
project_application_api_model.go
project_application_api_test.go
project_application_key.go
project_application_key_model.go
project_application_key_test.go
project_application_model.go
project_application_oidc.go
project_application_oidc_model.go
project_application_oidc_test.go
project_application_saml.go
project_application_saml_model.go
project_application_saml_test.go
project_application_test.go
project_converter.go
project_grant.go
project_grant_member.go
project_grant_member_model.go
project_grant_member_test.go
project_grant_model.go
project_grant_test.go
project_member.go
project_member_model.go
project_member_test.go
project_model.go
project_old.go
project_role.go
project_role_model.go
project_role_test.go
project_test.go
quota.go
quota_model.go
quota_model_test.go
quota_report.go
quota_report_test.go
quota_test.go
resource_ower_model.go
restrictions.go
restrictions_model.go
restrictions_test.go
saml_request.go
saml_request_model.go
saml_request_test.go
saml_session.go
saml_session_model.go
saml_session_test.go
session.go
session_model.go
session_model_test.go
session_otp.go
session_otp_test.go
session_test.go
session_webauhtn.go
session_webauthn_test.go
sms_config.go
sms_config_model.go
sms_config_test.go
smtp.go
smtp_test.go
statics.go
system_features.go
system_features_model.go
system_features_test.go
system_model.go
unique_constraints_model.go
user.go
user_converter.go
user_domain_policy.go
user_domain_policy_test.go
user_grant.go
user_grant_converter.go
user_grant_model.go
user_grant_test.go
user_human.go
user_human_access_token_model.go
user_human_address.go
user_human_address_model.go
user_human_adress_test.go
user_human_avatar.go
user_human_avatar_test.go
user_human_email.go
user_human_email_model.go
user_human_email_test.go
user_human_init.go
user_human_init_model.go
user_human_init_test.go
user_human_model.go
user_human_otp.go
user_human_otp_model.go
user_human_otp_test.go
user_human_password.go
user_human_password_model.go
user_human_password_test.go
user_human_phone.go
user_human_phone_model.go
user_human_phone_test.go
user_human_profile.go
user_human_profile_model.go
user_human_profile_test.go
user_human_refresh_token.go
user_human_refresh_token_model.go
user_human_refresh_token_test.go
user_human_test.go
user_human_webauthn.go
user_human_webauthn_model.go
user_idp_link.go
user_idp_link_model.go
user_idp_link_test.go
user_machine.go
user_machine_key.go
user_machine_key_model.go
user_machine_key_test.go
user_machine_model.go
user_machine_secret.go
user_machine_secret_test.go
user_machine_test.go
user_membership.go
user_metadata.go
user_metadata_model.go
user_metadata_test.go
user_model.go
user_password_complexity_policy.go
user_password_complexity_policy_test.go
user_personal_access_token.go
user_personal_access_token_model.go
user_personal_access_token_test.go
user_schema.go
user_schema_model.go
user_schema_test.go
user_test.go
user_v2.go
user_v2_email.go
user_v2_email_test.go
user_v2_human.go
user_v2_human_test.go
user_v2_invite.go
user_v2_invite_model.go
user_v2_invite_test.go
user_v2_model.go
user_v2_model_test.go
user_v2_passkey.go
user_v2_passkey_test.go
user_v2_password.go
user_v2_password_test.go
user_v2_phone.go
user_v2_phone_test.go
user_v2_test.go
user_v2_totp.go
user_v2_totp_test.go
user_v2_u2f.go
user_v2_u2f_test.go
user_v2_username.go
user_v3.go
user_v3_email.go
user_v3_email_test.go
user_v3_model.go
user_v3_phone.go
user_v3_phone_test.go
user_v3_test.go
web_key.go
web_key_model.go
web_key_test.go
config
crypto
database
domain
eventstore
execution
feature
form
i18n
iam
id
idp
integration
logstore
migration
net
notification
org
project
protoc
qrcode
query
renderer
repository
static
statik
telemetry
test
user
v2
view
webauthn
zerrors
load-test
openapi
pkg
proto
statik
.dockerignore
.gitattributes
.gitignore
.golangci.yaml
.releaserc.js
ADOPTERS.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md
LICENSE
MEETING_SCHEDULE.md
Makefile
README.md
SECURITY.md
buf.gen.yaml
buf.work.yaml
changelog.config.js
go.mod
go.sum
main.go
f680dd934d
* chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
158 lines
5.3 KiB
Go
158 lines
5.3 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/command/preparation"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
func (c *Commands) AddSecretGeneratorConfig(ctx context.Context, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) {
|
|
agg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
|
|
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddSecretGeneratorConfig(agg, typ, config))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
events, err := c.eventstore.Push(ctx, cmds...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &domain.ObjectDetails{
|
|
Sequence: events[len(events)-1].Sequence(),
|
|
EventDate: events[len(events)-1].CreatedAt(),
|
|
ResourceOwner: agg.ResourceOwner,
|
|
}, nil
|
|
}
|
|
|
|
func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) preparation.Validation {
|
|
return func() (preparation.CreateCommands, error) {
|
|
if !typ.Valid() {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "V2-FGqVj", "Errors.InvalidArgument")
|
|
}
|
|
if config.Length < 1 {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "V2-jEqCt", "Errors.InvalidArgument")
|
|
}
|
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
writeModel := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ)
|
|
events, err := filter(ctx, writeModel.Query())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
writeModel.AppendEvents(events...)
|
|
if err = writeModel.Reduce(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if writeModel.State == domain.SecretGeneratorStateActive {
|
|
return nil, zerrors.ThrowAlreadyExists(nil, "V2-6CqKo", "Errors.SecretGenerator.AlreadyExists")
|
|
}
|
|
|
|
return []eventstore.Command{
|
|
instance.NewSecretGeneratorAddedEvent(
|
|
ctx,
|
|
&a.Aggregate,
|
|
typ,
|
|
config.Length,
|
|
config.Expiry,
|
|
config.IncludeLowerLetters,
|
|
config.IncludeUpperLetters,
|
|
config.IncludeDigits,
|
|
config.IncludeSymbols,
|
|
),
|
|
}, nil
|
|
}, nil
|
|
}
|
|
}
|
|
|
|
func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) {
|
|
if generatorType == domain.SecretGeneratorTypeUnspecified {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing")
|
|
}
|
|
|
|
generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
|
|
if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
|
|
err = c.pushAppendAndReduce(ctx, generatorWriteModel,
|
|
instance.NewSecretGeneratorAddedEvent(
|
|
ctx,
|
|
instanceAgg,
|
|
generatorType,
|
|
config.Length,
|
|
config.Expiry,
|
|
config.IncludeLowerLetters,
|
|
config.IncludeUpperLetters,
|
|
config.IncludeDigits,
|
|
config.IncludeSymbols,
|
|
),
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
|
|
}
|
|
|
|
changedEvent, hasChanged, err := generatorWriteModel.NewChangedEvent(
|
|
ctx,
|
|
instanceAgg,
|
|
generatorType,
|
|
config.Length,
|
|
config.Expiry,
|
|
config.IncludeLowerLetters,
|
|
config.IncludeUpperLetters,
|
|
config.IncludeDigits,
|
|
config.IncludeSymbols)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !hasChanged {
|
|
return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound")
|
|
}
|
|
if err = c.pushAppendAndReduce(ctx, generatorWriteModel, changedEvent); err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (*domain.ObjectDetails, error) {
|
|
if generatorType == domain.SecretGeneratorTypeUnspecified {
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing")
|
|
}
|
|
|
|
generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
|
|
return nil, zerrors.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound")
|
|
}
|
|
instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
|
|
pushedEvents, err := c.eventstore.Push(ctx, instance.NewSecretGeneratorRemovedEvent(ctx, instanceAgg, generatorType))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = AppendAndReduce(generatorWriteModel, pushedEvents...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
|
|
}
|
|
|
|
func (c *Commands) getSecretConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (_ *InstanceSecretGeneratorConfigWriteModel, err error) {
|
|
writeModel := NewInstanceSecretGeneratorConfigWriteModel(ctx, generatorType)
|
|
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return writeModel, nil
|
|
}
|