mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-16 18:38:35 +00:00
2cf3ef4de4
# Which Problems Are Solved Currently if a user signs in using an IdP, once they sign out of Zitadel, the corresponding IdP session is not terminated. This can be the desired behavior. In some cases, e.g. when using a shared computer it results in a potential security risk, since a follower user might be able to sign in as the previous using the still open IdP session. # How the Problems Are Solved - Admins can enabled a federated logout option on SAML IdPs through the Admin and Management APIs. - During the termination of a login V1 session using OIDC end_session endpoint, Zitadel will check if an IdP was used to authenticate that session. - In case there was a SAML IdP used with Federated Logout enabled, it will intercept the logout process, store the information into the shared cache and redirect to the federated logout endpoint in the V1 login. - The V1 login federated logout endpoint checks every request on an existing cache entry. On success it will create a SAML logout request for the used IdP and either redirect or POST to the configured SLO endpoint. The cache entry is updated with a `redirected` state. - A SLO endpoint is added to the `/idp` handlers, which will handle the SAML logout responses. At the moment it will check again for an existing federated logout entry (with state `redirected`) in the cache. On success, the user is redirected to the initially provided `post_logout_redirect_uri` from the end_session request. # Additional Changes None # Additional Context - This PR merges the https://github.com/zitadel/zitadel/pull/9841 and https://github.com/zitadel/zitadel/pull/9854 to main, additionally updating the docs on Entra ID SAML. - closes #9228 - backport to 3.x --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
1047 lines
27 KiB
Go
1047 lines
27 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/idp"
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
)
|
|
|
|
type OrgOAuthIDPWriteModel struct {
|
|
OAuthIDPWriteModel
|
|
}
|
|
|
|
func NewOAuthOrgIDPWriteModel(orgID, id string) *OrgOAuthIDPWriteModel {
|
|
return &OrgOAuthIDPWriteModel{
|
|
OAuthIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgOAuthIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.OAuthIDPAddedEvent:
|
|
wm.OAuthIDPWriteModel.AppendEvents(&e.OAuthIDPAddedEvent)
|
|
case *org.OAuthIDPChangedEvent:
|
|
wm.OAuthIDPWriteModel.AppendEvents(&e.OAuthIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.OAuthIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.OAuthIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgOAuthIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.OAuthIDPAddedEventType,
|
|
org.OAuthIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgOAuthIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
userEndpoint,
|
|
idAttribute string,
|
|
scopes []string,
|
|
usePKCE bool,
|
|
options idp.Options,
|
|
) (*org.OAuthIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.OAuthIDPWriteModel.NewChanges(
|
|
name,
|
|
clientID,
|
|
clientSecretString,
|
|
secretCrypto,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
userEndpoint,
|
|
idAttribute,
|
|
scopes,
|
|
usePKCE,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewOAuthIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgOIDCIDPWriteModel struct {
|
|
OIDCIDPWriteModel
|
|
}
|
|
|
|
func NewOIDCOrgIDPWriteModel(orgID, id string) *OrgOIDCIDPWriteModel {
|
|
return &OrgOIDCIDPWriteModel{
|
|
OIDCIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgOIDCIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.OIDCIDPAddedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
|
|
case *org.OIDCIDPChangedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPChangedEvent)
|
|
case *org.OIDCIDPMigratedAzureADEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPMigratedAzureADEvent)
|
|
case *org.OIDCIDPMigratedGoogleEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPMigratedGoogleEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
|
|
// old events
|
|
case *org.IDPConfigAddedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
|
|
case *org.IDPConfigChangedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
|
|
case *org.IDPOIDCConfigAddedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigAddedEvent)
|
|
case *org.IDPOIDCConfigChangedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigChangedEvent)
|
|
case *org.IDPConfigRemovedEvent:
|
|
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
|
|
default:
|
|
wm.OIDCIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgOIDCIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.OIDCIDPAddedEventType,
|
|
org.OIDCIDPChangedEventType,
|
|
org.OIDCIDPMigratedAzureADEventType,
|
|
org.OIDCIDPMigratedGoogleEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Or(). // old events
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.IDPConfigAddedEventType,
|
|
org.IDPConfigChangedEventType,
|
|
org.IDPOIDCConfigAddedEventType,
|
|
org.IDPOIDCConfigChangedEventType,
|
|
org.IDPConfigRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgOIDCIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
issuer,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
idTokenMapping, usePKCE bool,
|
|
options idp.Options,
|
|
) (*org.OIDCIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.OIDCIDPWriteModel.NewChanges(
|
|
name,
|
|
issuer,
|
|
clientID,
|
|
clientSecretString,
|
|
secretCrypto,
|
|
scopes,
|
|
idTokenMapping,
|
|
usePKCE,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewOIDCIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgJWTIDPWriteModel struct {
|
|
JWTIDPWriteModel
|
|
}
|
|
|
|
func NewJWTOrgIDPWriteModel(orgID, id string) *OrgJWTIDPWriteModel {
|
|
return &OrgJWTIDPWriteModel{
|
|
JWTIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgJWTIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.JWTIDPAddedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
|
|
case *org.JWTIDPChangedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
|
|
// old events
|
|
case *org.IDPConfigAddedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
|
|
case *org.IDPConfigChangedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
|
|
case *org.IDPJWTConfigAddedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigAddedEvent)
|
|
case *org.IDPJWTConfigChangedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigChangedEvent)
|
|
case *org.IDPConfigRemovedEvent:
|
|
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
|
|
default:
|
|
wm.JWTIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgJWTIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.JWTIDPAddedEventType,
|
|
org.JWTIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Or(). // old events
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.IDPConfigAddedEventType,
|
|
org.IDPConfigChangedEventType,
|
|
org.IDPJWTConfigAddedEventType,
|
|
org.IDPJWTConfigChangedEventType,
|
|
org.IDPConfigRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgJWTIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
issuer,
|
|
jwtEndpoint,
|
|
keysEndpoint,
|
|
headerName string,
|
|
options idp.Options,
|
|
) (*org.JWTIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.JWTIDPWriteModel.NewChanges(
|
|
name,
|
|
issuer,
|
|
jwtEndpoint,
|
|
keysEndpoint,
|
|
headerName,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewJWTIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgAzureADIDPWriteModel struct {
|
|
AzureADIDPWriteModel
|
|
}
|
|
|
|
func NewAzureADOrgIDPWriteModel(orgID, id string) *OrgAzureADIDPWriteModel {
|
|
return &OrgAzureADIDPWriteModel{
|
|
AzureADIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgAzureADIDPWriteModel) Reduce() error {
|
|
return wm.AzureADIDPWriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *OrgAzureADIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.AzureADIDPAddedEvent:
|
|
wm.AzureADIDPWriteModel.AppendEvents(&e.AzureADIDPAddedEvent)
|
|
case *org.AzureADIDPChangedEvent:
|
|
wm.AzureADIDPWriteModel.AppendEvents(&e.AzureADIDPChangedEvent)
|
|
case *org.OIDCIDPMigratedAzureADEvent:
|
|
wm.AzureADIDPWriteModel.AppendEvents(&e.OIDCIDPMigratedAzureADEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.AzureADIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.AzureADIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgAzureADIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.AzureADIDPAddedEventType,
|
|
org.AzureADIDPChangedEventType,
|
|
org.OIDCIDPMigratedAzureADEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgAzureADIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
tenant string,
|
|
isEmailVerified bool,
|
|
options idp.Options,
|
|
) (*org.AzureADIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.AzureADIDPWriteModel.NewChanges(
|
|
name,
|
|
clientID,
|
|
clientSecretString,
|
|
secretCrypto,
|
|
scopes,
|
|
tenant,
|
|
isEmailVerified,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewAzureADIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgGitHubIDPWriteModel struct {
|
|
GitHubIDPWriteModel
|
|
}
|
|
|
|
func NewGitHubOrgIDPWriteModel(orgID, id string) *OrgGitHubIDPWriteModel {
|
|
return &OrgGitHubIDPWriteModel{
|
|
GitHubIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitHubIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.GitHubIDPAddedEvent:
|
|
wm.GitHubIDPWriteModel.AppendEvents(&e.GitHubIDPAddedEvent)
|
|
case *org.GitHubIDPChangedEvent:
|
|
wm.GitHubIDPWriteModel.AppendEvents(&e.GitHubIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.GitHubIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.GitHubIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitHubIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.GitHubIDPAddedEventType,
|
|
org.GitHubIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgGitHubIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.GitHubIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.GitHubIDPWriteModel.NewChanges(name, clientID, clientSecretString, secretCrypto, scopes, options)
|
|
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewGitHubIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgGitHubEnterpriseIDPWriteModel struct {
|
|
GitHubEnterpriseIDPWriteModel
|
|
}
|
|
|
|
func NewGitHubEnterpriseOrgIDPWriteModel(orgID, id string) *OrgGitHubEnterpriseIDPWriteModel {
|
|
return &OrgGitHubEnterpriseIDPWriteModel{
|
|
GitHubEnterpriseIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitHubEnterpriseIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.GitHubEnterpriseIDPAddedEvent:
|
|
wm.GitHubEnterpriseIDPWriteModel.AppendEvents(&e.GitHubEnterpriseIDPAddedEvent)
|
|
case *org.GitHubEnterpriseIDPChangedEvent:
|
|
wm.GitHubEnterpriseIDPWriteModel.AppendEvents(&e.GitHubEnterpriseIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.GitHubEnterpriseIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.GitHubEnterpriseIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitHubEnterpriseIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.GitHubEnterpriseIDPAddedEventType,
|
|
org.GitHubEnterpriseIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgGitHubEnterpriseIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID string,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
userEndpoint string,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.GitHubEnterpriseIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.GitHubEnterpriseIDPWriteModel.NewChanges(
|
|
name,
|
|
clientID,
|
|
clientSecretString,
|
|
secretCrypto,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
userEndpoint,
|
|
scopes,
|
|
options,
|
|
)
|
|
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewGitHubEnterpriseIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgGitLabIDPWriteModel struct {
|
|
GitLabIDPWriteModel
|
|
}
|
|
|
|
func NewGitLabOrgIDPWriteModel(orgID, id string) *OrgGitLabIDPWriteModel {
|
|
return &OrgGitLabIDPWriteModel{
|
|
GitLabIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitLabIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.GitLabIDPAddedEvent:
|
|
wm.GitLabIDPWriteModel.AppendEvents(&e.GitLabIDPAddedEvent)
|
|
case *org.GitLabIDPChangedEvent:
|
|
wm.GitLabIDPWriteModel.AppendEvents(&e.GitLabIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.GitLabIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.GitLabIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitLabIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.GitLabIDPAddedEventType,
|
|
org.GitLabIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgGitLabIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.GitLabIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.GitLabIDPWriteModel.NewChanges(name, clientID, clientSecretString, secretCrypto, scopes, options)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewGitLabIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgGitLabSelfHostedIDPWriteModel struct {
|
|
GitLabSelfHostedIDPWriteModel
|
|
}
|
|
|
|
func NewGitLabSelfHostedOrgIDPWriteModel(orgID, id string) *OrgGitLabSelfHostedIDPWriteModel {
|
|
return &OrgGitLabSelfHostedIDPWriteModel{
|
|
GitLabSelfHostedIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitLabSelfHostedIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.GitLabSelfHostedIDPAddedEvent:
|
|
wm.GitLabSelfHostedIDPWriteModel.AppendEvents(&e.GitLabSelfHostedIDPAddedEvent)
|
|
case *org.GitLabSelfHostedIDPChangedEvent:
|
|
wm.GitLabSelfHostedIDPWriteModel.AppendEvents(&e.GitLabSelfHostedIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.GitLabSelfHostedIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.GitLabSelfHostedIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGitLabSelfHostedIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.GitLabSelfHostedIDPAddedEventType,
|
|
org.GitLabSelfHostedIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgGitLabSelfHostedIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
issuer,
|
|
clientID string,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.GitLabSelfHostedIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.GitLabSelfHostedIDPWriteModel.NewChanges(name, issuer, clientID, clientSecretString, secretCrypto, scopes, options)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewGitLabSelfHostedIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgGoogleIDPWriteModel struct {
|
|
GoogleIDPWriteModel
|
|
}
|
|
|
|
func NewGoogleOrgIDPWriteModel(orgID, id string) *OrgGoogleIDPWriteModel {
|
|
return &OrgGoogleIDPWriteModel{
|
|
GoogleIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGoogleIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.GoogleIDPAddedEvent:
|
|
wm.GoogleIDPWriteModel.AppendEvents(&e.GoogleIDPAddedEvent)
|
|
case *org.GoogleIDPChangedEvent:
|
|
wm.GoogleIDPWriteModel.AppendEvents(&e.GoogleIDPChangedEvent)
|
|
case *org.OIDCIDPMigratedGoogleEvent:
|
|
wm.GoogleIDPWriteModel.AppendEvents(&e.OIDCIDPMigratedGoogleEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.GoogleIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.GoogleIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgGoogleIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.GoogleIDPAddedEventType,
|
|
org.GoogleIDPChangedEventType,
|
|
org.OIDCIDPMigratedGoogleEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgGoogleIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
clientSecretString string,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.GoogleIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.GoogleIDPWriteModel.NewChanges(name, clientID, clientSecretString, secretCrypto, scopes, options)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewGoogleIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgLDAPIDPWriteModel struct {
|
|
LDAPIDPWriteModel
|
|
}
|
|
|
|
func NewLDAPOrgIDPWriteModel(orgID, id string) *OrgLDAPIDPWriteModel {
|
|
return &OrgLDAPIDPWriteModel{
|
|
LDAPIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgLDAPIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.LDAPIDPAddedEvent:
|
|
wm.LDAPIDPWriteModel.AppendEvents(&e.LDAPIDPAddedEvent)
|
|
case *org.LDAPIDPChangedEvent:
|
|
wm.LDAPIDPWriteModel.AppendEvents(&e.LDAPIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.LDAPIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.LDAPIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgLDAPIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.LDAPIDPAddedEventType,
|
|
org.LDAPIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgLDAPIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name string,
|
|
servers []string,
|
|
startTLS bool,
|
|
baseDN string,
|
|
bindDN string,
|
|
bindPassword string,
|
|
userBase string,
|
|
userObjectClasses []string,
|
|
userFilters []string,
|
|
timeout time.Duration,
|
|
rootCA []byte,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
attributes idp.LDAPAttributes,
|
|
options idp.Options,
|
|
) (*org.LDAPIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.LDAPIDPWriteModel.NewChanges(
|
|
name,
|
|
servers,
|
|
startTLS,
|
|
baseDN,
|
|
bindDN,
|
|
bindPassword,
|
|
userBase,
|
|
userObjectClasses,
|
|
userFilters,
|
|
timeout,
|
|
rootCA,
|
|
secretCrypto,
|
|
attributes,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewLDAPIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgAppleIDPWriteModel struct {
|
|
AppleIDPWriteModel
|
|
}
|
|
|
|
func NewAppleOrgIDPWriteModel(orgID, id string) *OrgAppleIDPWriteModel {
|
|
return &OrgAppleIDPWriteModel{
|
|
AppleIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgAppleIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.AppleIDPAddedEvent:
|
|
wm.AppleIDPWriteModel.AppendEvents(&e.AppleIDPAddedEvent)
|
|
case *org.AppleIDPChangedEvent:
|
|
wm.AppleIDPWriteModel.AppendEvents(&e.AppleIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.AppleIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.AppleIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgAppleIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.AppleIDPAddedEventType,
|
|
org.AppleIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgAppleIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name,
|
|
clientID,
|
|
teamID,
|
|
keyID string,
|
|
privateKey []byte,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
scopes []string,
|
|
options idp.Options,
|
|
) (*org.AppleIDPChangedEvent, error) {
|
|
|
|
changes, err := wm.AppleIDPWriteModel.NewChanges(name, clientID, teamID, keyID, privateKey, secretCrypto, scopes, options)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewAppleIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgSAMLIDPWriteModel struct {
|
|
SAMLIDPWriteModel
|
|
}
|
|
|
|
func NewSAMLOrgIDPWriteModel(orgID, id string) *OrgSAMLIDPWriteModel {
|
|
return &OrgSAMLIDPWriteModel{
|
|
SAMLIDPWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgSAMLIDPWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.SAMLIDPAddedEvent:
|
|
wm.SAMLIDPWriteModel.AppendEvents(&e.SAMLIDPAddedEvent)
|
|
case *org.SAMLIDPChangedEvent:
|
|
wm.SAMLIDPWriteModel.AppendEvents(&e.SAMLIDPChangedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.SAMLIDPWriteModel.AppendEvents(&e.RemovedEvent)
|
|
default:
|
|
wm.SAMLIDPWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgSAMLIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.SAMLIDPAddedEventType,
|
|
org.SAMLIDPChangedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *OrgSAMLIDPWriteModel) NewChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
id,
|
|
name string,
|
|
metadata,
|
|
key,
|
|
certificate []byte,
|
|
secretCrypto crypto.EncryptionAlgorithm,
|
|
binding string,
|
|
withSignedRequest bool,
|
|
nameIDFormat *domain.SAMLNameIDFormat,
|
|
transientMappingAttributeName string,
|
|
federatedLogoutEnabled bool,
|
|
options idp.Options,
|
|
) (*org.SAMLIDPChangedEvent, error) {
|
|
changes, err := wm.SAMLIDPWriteModel.NewChanges(
|
|
name,
|
|
metadata,
|
|
key,
|
|
certificate,
|
|
secretCrypto,
|
|
binding,
|
|
withSignedRequest,
|
|
nameIDFormat,
|
|
transientMappingAttributeName,
|
|
federatedLogoutEnabled,
|
|
options,
|
|
)
|
|
if err != nil || len(changes) == 0 {
|
|
return nil, err
|
|
}
|
|
return org.NewSAMLIDPChangedEvent(ctx, aggregate, id, changes)
|
|
}
|
|
|
|
type OrgIDPRemoveWriteModel struct {
|
|
IDPRemoveWriteModel
|
|
}
|
|
|
|
func NewOrgIDPRemoveWriteModel(orgID, id string) *OrgIDPRemoveWriteModel {
|
|
return &OrgIDPRemoveWriteModel{
|
|
IDPRemoveWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: orgID,
|
|
ResourceOwner: orgID,
|
|
},
|
|
ID: id,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *OrgIDPRemoveWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *org.OAuthIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.OAuthIDPAddedEvent)
|
|
case *org.OIDCIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
|
|
case *org.JWTIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
|
|
case *org.AzureADIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.AzureADIDPAddedEvent)
|
|
case *org.GitHubIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.GitHubIDPAddedEvent)
|
|
case *org.GitHubEnterpriseIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.GitHubEnterpriseIDPAddedEvent)
|
|
case *org.GitLabIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.GitLabIDPAddedEvent)
|
|
case *org.GitLabSelfHostedIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.GitLabSelfHostedIDPAddedEvent)
|
|
case *org.GoogleIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.GoogleIDPAddedEvent)
|
|
case *org.LDAPIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.LDAPIDPAddedEvent)
|
|
case *org.AppleIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.AppleIDPAddedEvent)
|
|
case *org.SAMLIDPAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.SAMLIDPAddedEvent)
|
|
case *org.IDPRemovedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.RemovedEvent)
|
|
case *org.IDPConfigAddedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
|
|
case *org.IDPConfigRemovedEvent:
|
|
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
|
|
default:
|
|
wm.IDPRemoveWriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *OrgIDPRemoveWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.OAuthIDPAddedEventType,
|
|
org.OIDCIDPAddedEventType,
|
|
org.JWTIDPAddedEventType,
|
|
org.AzureADIDPAddedEventType,
|
|
org.GitHubIDPAddedEventType,
|
|
org.GitHubEnterpriseIDPAddedEventType,
|
|
org.GitLabIDPAddedEventType,
|
|
org.GitLabSelfHostedIDPAddedEventType,
|
|
org.GoogleIDPAddedEventType,
|
|
org.LDAPIDPAddedEventType,
|
|
org.AppleIDPAddedEventType,
|
|
org.SAMLIDPAddedEventType,
|
|
org.IDPRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"id": wm.ID}).
|
|
Or(). // old events
|
|
AggregateTypes(org.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
org.IDPConfigAddedEventType,
|
|
org.IDPConfigRemovedEventType,
|
|
).
|
|
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
|
|
Builder()
|
|
}
|