mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
07b2bac463
# Which Problems Are Solved User created through the User V2 API without any authentication method and possibly unverified email address was not able to login through the current hosted login UI. An unverified email address would result in a mail verification and not an initialization mail like it would with the management API. Also the login UI would then require the user to enter the init code, which the user never received. # How the Problems Are Solved - When verifying the email through the login UI, it will check for existing auth methods (password, IdP, passkeys). In case there are none, the user will be prompted to set a password. - When a user was created through the V2 API with a verified email and no auth method, the user will be prompted to set a password in the login UI. - Since setting a password requires a corresponding code, the code will be generated and sent when login in. # Additional Changes - Changed `RequestSetPassword` to get the codeGenerator from the eventstore instead of getting it from query. # Additional Context - closes https://github.com/zitadel/zitadel/issues/6600 - closes https://github.com/zitadel/zitadel/issues/8235 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
134 lines
4.1 KiB
Go
134 lines
4.1 KiB
Go
package eventsourcing
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/eventstore"
|
|
auth_handler "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/handler"
|
|
auth_view "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view"
|
|
"github.com/zitadel/zitadel/internal/auth_request/repository/cache"
|
|
"github.com/zitadel/zitadel/internal/command"
|
|
sd "github.com/zitadel/zitadel/internal/config/systemdefaults"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
eventstore2 "github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/id"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
)
|
|
|
|
type Config struct {
|
|
SearchLimit uint64
|
|
Spooler auth_handler.Config
|
|
AmountOfCachedAuthRequests uint16
|
|
}
|
|
|
|
type EsRepository struct {
|
|
eventstore.UserRepo
|
|
eventstore.AuthRequestRepo
|
|
eventstore.TokenRepo
|
|
eventstore.RefreshTokenRepo
|
|
eventstore.UserSessionRepo
|
|
eventstore.OrgRepository
|
|
}
|
|
|
|
func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, dbClient *database.DB, esV2 *eventstore2.Eventstore, oidcEncryption crypto.EncryptionAlgorithm, userEncryption crypto.EncryptionAlgorithm) (*EsRepository, error) {
|
|
view, err := auth_view.StartView(dbClient, oidcEncryption, queries, esV2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
auth_handler.Register(ctx, conf.Spooler, view, queries)
|
|
auth_handler.Start(ctx)
|
|
|
|
authReq := cache.Start(dbClient, conf.AmountOfCachedAuthRequests)
|
|
|
|
userRepo := eventstore.UserRepo{
|
|
SearchLimit: conf.SearchLimit,
|
|
Eventstore: esV2,
|
|
View: view,
|
|
Query: queries,
|
|
SystemDefaults: systemDefaults,
|
|
}
|
|
//TODO: remove as soon as possible
|
|
queryView := queryViewWrapper{
|
|
queries,
|
|
view,
|
|
}
|
|
return &EsRepository{
|
|
userRepo,
|
|
eventstore.AuthRequestRepo{
|
|
PrivacyPolicyProvider: queries,
|
|
LabelPolicyProvider: queries,
|
|
Command: command,
|
|
Query: queries,
|
|
OrgViewProvider: queries,
|
|
AuthRequests: authReq,
|
|
View: view,
|
|
UserCodeAlg: userEncryption,
|
|
UserSessionViewProvider: view,
|
|
UserViewProvider: view,
|
|
UserCommandProvider: command,
|
|
UserEventProvider: &userRepo,
|
|
IDPProviderViewProvider: queries,
|
|
IDPUserLinksProvider: queries,
|
|
LockoutPolicyViewProvider: queries,
|
|
LoginPolicyViewProvider: queries,
|
|
PasswordAgePolicyProvider: queries,
|
|
UserGrantProvider: queryView,
|
|
ProjectProvider: queryView,
|
|
ApplicationProvider: queries,
|
|
CustomTextProvider: queries,
|
|
PasswordReset: command,
|
|
IdGenerator: id.SonyFlakeGenerator(),
|
|
},
|
|
eventstore.TokenRepo{
|
|
View: view,
|
|
Eventstore: esV2,
|
|
},
|
|
eventstore.RefreshTokenRepo{
|
|
View: view,
|
|
Eventstore: esV2,
|
|
SearchLimit: conf.SearchLimit,
|
|
KeyAlgorithm: oidcEncryption,
|
|
},
|
|
eventstore.UserSessionRepo{
|
|
View: view,
|
|
},
|
|
eventstore.OrgRepository{
|
|
SearchLimit: conf.SearchLimit,
|
|
View: view,
|
|
SystemDefaults: systemDefaults,
|
|
Eventstore: esV2,
|
|
Query: queries,
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
type queryViewWrapper struct {
|
|
*query.Queries
|
|
*auth_view.View
|
|
}
|
|
|
|
func (q queryViewWrapper) UserGrantsByProjectAndUserID(ctx context.Context, projectID, userID string) ([]*query.UserGrant, error) {
|
|
userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID, userGrantProjectID}}
|
|
grants, err := q.Queries.UserGrants(ctx, queries, true)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return grants.UserGrants, nil
|
|
}
|
|
func (repo *EsRepository) Health(ctx context.Context) error {
|
|
if err := repo.UserRepo.Health(ctx); err != nil {
|
|
return err
|
|
}
|
|
return repo.AuthRequestRepo.Health(ctx)
|
|
}
|