TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-10-09 11:12:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fed15574f6f3a389606a80c5bf2a6c1725bf9354
zitadel/internal/api/grpc/policy/login_policy.go
Livio Spring fed15574f6 feat: allow to force MFA local only (#6234) 
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00

67 lines
2.8 KiB
Go
Raw Blame History

package policy
import (
"google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/timestamppb"
idp_grpc "github.com/zitadel/zitadel/internal/api/grpc/idp"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/pkg/grpc/object"
policy_pb "github.com/zitadel/zitadel/pkg/grpc/policy"
)
func ModelLoginPolicyToPb(policy *query.LoginPolicy) *policy_pb.LoginPolicy {
return &policy_pb.LoginPolicy{
IsDefault: policy.IsDefault,
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIDPs,
ForceMfa: policy.ForceMFA,
ForceMfaLocalOnly: policy.ForceMFALocalOnly,
PasswordlessType: ModelPasswordlessTypeToPb(policy.PasswordlessType),
HidePasswordReset: policy.HidePasswordReset,
IgnoreUnknownUsernames: policy.IgnoreUnknownUsernames,
AllowDomainDiscovery: policy.AllowDomainDiscovery,
DisableLoginWithEmail: policy.DisableLoginWithEmail,
DisableLoginWithPhone: policy.DisableLoginWithPhone,
DefaultRedirectUri: policy.DefaultRedirectURI,
PasswordCheckLifetime: durationpb.New(policy.PasswordCheckLifetime),
ExternalLoginCheckLifetime: durationpb.New(policy.ExternalLoginCheckLifetime),
MfaInitSkipLifetime: durationpb.New(policy.MFAInitSkipLifetime),
SecondFactorCheckLifetime: durationpb.New(policy.SecondFactorCheckLifetime),
MultiFactorCheckLifetime: durationpb.New(policy.MultiFactorCheckLifetime),
SecondFactors: ModelSecondFactorTypesToPb(policy.SecondFactors),
MultiFactors: ModelMultiFactorTypesToPb(policy.MultiFactors),
Idps: idp_grpc.IDPLoginPolicyLinksToPb(policy.IDPLinks),
Details: &object.ObjectDetails{
Sequence: policy.Sequence,
CreationDate: timestamppb.New(policy.CreationDate),
ChangeDate: timestamppb.New(policy.ChangeDate),
ResourceOwner: policy.OrgID,
},
}
}
func PasswordlessTypeToDomain(passwordlessType policy_pb.PasswordlessType) domain.PasswordlessType {
switch passwordlessType {
case policy_pb.PasswordlessType_PASSWORDLESS_TYPE_ALLOWED:
return domain.PasswordlessTypeAllowed
case policy_pb.PasswordlessType_PASSWORDLESS_TYPE_NOT_ALLOWED:
return domain.PasswordlessTypeNotAllowed
default:
return -1
}
}
func ModelPasswordlessTypeToPb(passwordlessType domain.PasswordlessType) policy_pb.PasswordlessType {
switch passwordlessType {
case domain.PasswordlessTypeAllowed:
return policy_pb.PasswordlessType_PASSWORDLESS_TYPE_ALLOWED
case domain.PasswordlessTypeNotAllowed:
return policy_pb.PasswordlessType_PASSWORDLESS_TYPE_NOT_ALLOWED
default:
return policy_pb.PasswordlessType_PASSWORDLESS_TYPE_NOT_ALLOWED
}
}
Reference in New Issue View Git Blame Copy Permalink