TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-10-09 11:12:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fed15574f6f3a389606a80c5bf2a6c1725bf9354
zitadel/internal/repository/org/policy_login.go
Livio Spring fed15574f6 feat: allow to force MFA local only (#6234) 
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
2023-07-20 04:06:16 +00:00

138 lines
3.4 KiB
Go
Raw Blame History

package org
import (
"context"
"time"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/repository"
"github.com/zitadel/zitadel/internal/repository/policy"
)
var (
LoginPolicyAddedEventType = orgEventTypePrefix + policy.LoginPolicyAddedEventType
LoginPolicyChangedEventType = orgEventTypePrefix + policy.LoginPolicyChangedEventType
LoginPolicyRemovedEventType = orgEventTypePrefix + policy.LoginPolicyRemovedEventType
)
type LoginPolicyAddedEvent struct {
policy.LoginPolicyAddedEvent
}
func NewLoginPolicyAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA,
forceMFALocalOnly,
hidePasswordReset,
ignoreUnknownUsernames,
allowDomainDiscovery,
disableLoginWithEmail,
disableLoginWithPhone bool,
passwordlessType domain.PasswordlessType,
defaultRedirectURI string,
passwordCheckLifetime,
externalLoginCheckLifetime,
mfaInitSkipLifetime,
secondFactorCheckLifetime,
multiFactorCheckLifetime time.Duration,
) *LoginPolicyAddedEvent {
return &LoginPolicyAddedEvent{
LoginPolicyAddedEvent: *policy.NewLoginPolicyAddedEvent(
eventstore.NewBaseEventForPush(
ctx,
aggregate,
LoginPolicyAddedEventType),
allowUsernamePassword,
allowRegister,
allowExternalIDP,
forceMFA,
forceMFALocalOnly,
hidePasswordReset,
ignoreUnknownUsernames,
allowDomainDiscovery,
disableLoginWithEmail,
disableLoginWithPhone,
passwordlessType,
defaultRedirectURI,
passwordCheckLifetime,
externalLoginCheckLifetime,
mfaInitSkipLifetime,
secondFactorCheckLifetime,
multiFactorCheckLifetime,
),
}
}
func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
e, err := policy.LoginPolicyAddedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyAddedEvent{LoginPolicyAddedEvent: *e.(*policy.LoginPolicyAddedEvent)}, nil
}
type LoginPolicyChangedEvent struct {
policy.LoginPolicyChangedEvent
}
func NewLoginPolicyChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
changes []policy.LoginPolicyChanges,
) (*LoginPolicyChangedEvent, error) {
changedEvent, err := policy.NewLoginPolicyChangedEvent(
eventstore.NewBaseEventForPush(
ctx,
aggregate,
LoginPolicyChangedEventType),
changes,
)
if err != nil {
return nil, err
}
return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *changedEvent}, nil
}
func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
e, err := policy.LoginPolicyChangedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *e.(*policy.LoginPolicyChangedEvent)}, nil
}
type LoginPolicyRemovedEvent struct {
policy.LoginPolicyRemovedEvent
}
func NewLoginPolicyRemovedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
) *LoginPolicyRemovedEvent {
return &LoginPolicyRemovedEvent{
LoginPolicyRemovedEvent: *policy.NewLoginPolicyRemovedEvent(
eventstore.NewBaseEventForPush(
ctx,
aggregate,
LoginPolicyRemovedEventType),
),
}
}
func LoginPolicyRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
e, err := policy.LoginPolicyRemovedEventMapper(event)
if err != nil {
return nil, err
}
return &LoginPolicyRemovedEvent{LoginPolicyRemovedEvent: *e.(*policy.LoginPolicyRemovedEvent)}, nil
}
Reference in New Issue View Git Blame Copy Permalink