From 9571dc51dba738edff1dbf29f44a4dee62ff54e2 Mon Sep 17 00:00:00 2001 From: Silvan Date: Wed, 20 Oct 2021 15:02:58 +0200 Subject: [PATCH] fix(queries): password age policy (#2418) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * job queue * wg improvements * start handler * statement * statements * imporve handler * improve statement * statement in seperate file * move handlers * move query/old to query * handler * read models * bulk works * cleanup * contrib * rename readmodel to projection * rename read_models schema to projections * rename read_models schema to projections * search query as func, bulk iterates as long as new events * add event sequence less query * update checks for events between current sequence and sequence of first statement if it has previous sequence 0 * cleanup crdb projection * refactor projection handler * start with testing * tests for handler * remove todo * refactor statement: remove table name, add tests * improve projection handler shutdown, no savepoint if noop stmt, tests for stmt handler * tests * start failed events * seperate branch for contrib * move statement constructors to crdb pkg * correct import * Subscribe for eventtypes (#1800) * fix: is default (#1737) * fix: use email as username on global org (#1738) * fix: use email as username on global org * Update user_human.go * Update register_handler.go * chore(deps): update docusaurus (#1739) * chore: remove PAT and use GH Token (#1716) * chore: remove PAT and use GH Token * fix env * fix env * fix env * md lint * trigger ci * change user * fix GH bug * replace login part * chore: add GH Token to sem rel (#1746) * chore: add GH Token to sem rel * try branch * add GH Token * remove test branch again * docs: changes acme to acme-caos (#1744) * changes acme to acme-caos * Apply suggestions from code review Co-authored-by: Florian Forster Co-authored-by: Maximilian Panne Co-authored-by: Florian Forster * feat: add additional origins on applications (#1691) * feat: add additional origins on applications * app additional redirects * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11) Signed-off-by: dependabot[bot] Co-authored-by: Max Peintner Co-authored-by: Silvan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1) Signed-off-by: dependabot[bot] Co-authored-by: Max Peintner Co-authored-by: Silvan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] Co-authored-by: Max Peintner Co-authored-by: Silvan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0) Signed-off-by: dependabot[bot] Co-authored-by: Max Peintner Co-authored-by: Silvan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/google-protobuf in /console (#1681) Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666) Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7. - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * lock * chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service) Signed-off-by: dependabot[bot] Co-authored-by: Max Peintner Co-authored-by: Silvan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * package lock * downgrade grpc * downgrade protobuf types * revert npm packs 🥸 Co-authored-by: Max Peintner Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Silvan * docs: update run and start section texts (#1745) * update run and start section texts * adds showcase Co-authored-by: Maximilian Panne * fix: additional origin list (#1753) * fix: handle api configs in authz handler (#1755) * fix(console): add model for api keys, fix toast, binding (#1757) * fix: add model for api keys, fix toast, binding * show api clientid * fix: missing patchvalue (#1758) * feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: correct json name of clientId in key.json (#1760) * fix: migration version (#1767) * start subscription * eventtypes * fix(login): links (#1778) * fix(login): href for help * fix(login): correct link to tos * fix: access tokens for service users and refresh token infos (#1779) * fix: access token for service user * handle info from refresh request * uniqueness * postpone access token uniqueness change * chore(coc): recommend code of conduct (#1782) * subscribe for events * feat(console): refresh toggle out of granttype context (#1785) * refresh toggle * disable if not code flow, lint * lint * fix: change oidc config order * accept refresh option within flow Co-authored-by: Livio Amstutz * fix: refresh token activation (#1795) * fix: oidc grant type check * docs: add offline_access scope * docs: update refresh token status in supported grant types * fix: update oidc pkg * fix: check refresh token grant type (#1796) * configuration structs * org admins * failed events * fixes Co-authored-by: Max Peintner Co-authored-by: Livio Amstutz Co-authored-by: Florian Forster Co-authored-by: mffap Co-authored-by: Maximilian Panne Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * remove comment * aggregate reducer * remove eventtypes * add protoc-get-validate to mod * fix transaltion * upsert * add gender on org admins, allow to retry failed stmts after configurable time * remove if * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * current sequences * make org and org_admins work again * add aggregate type to current sequence * fix(contibute): listing * add validate module * fix: search queries * feat(eventstore): previous aggregate root sequence (#1810) * feat(eventstore): previous aggregate root sequence * fix tests * fix: eventstore v1 test * add col to all mocked rows * next try * fix mig * rename aggregate root to aggregate type * update comment Co-authored-by: Livio Amstutz Co-authored-by: Livio Amstutz * small refactorings * allow update multiple current sequences * unique log id * fix migrations * rename org admin to org owner * improve error handling and logging * fix(migration): optimize prev agg root seq * fix: projection handler test * fix: sub queries * small fixes * additional event types * correct org owner projection * fix primary key * feat(eventstore): jobs for projections (#2026) * fix: template names in login (#1974) * fix: template names in login * fix: error.html * fix: check for features on mgmt only (#1976) * fix: add sentry in ui, http and projection handlers (#1977) * fix: add sentry in ui, http and projection handlers * fix test * fix(eventstore): sub queries (#1805) * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * fix(contibute): listing * add validate module * fix: search queries * remove unused event type in query * ignore query if error in marshal * go mod tidy * update privacy policy query * update queries Co-authored-by: Livio Amstutz * feat: Extend oidc idp with oauth endpoints (#1980) * feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests * docs: update to beta 3 (#1984) * fix: role assertion (#1986) * fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer * docs: eventstore (#1982) * docs: eventstore * Apply suggestions from code review Co-authored-by: Florian Forster Co-authored-by: Florian Forster * fix(sentry): trigger sentry release (#1989) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix: set version for sentry release (#1990) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix(corrected var name): corrected var name Co-authored-by: Livio Amstutz * fix: log error reason on terminate session (#1973) * fix: return default language file, if requested lang does not exist for default login texts (#1988) * fix: return default language file, if requested lang doesnt exists * feat: read default translation file * feat: docs * fix: race condition in auth request unmarshalling (#1993) * feat: handle ui_locales in login (#1994) * fix: handle ui_locales in login * move supportedlanguage func into i18n package * update oidc pkg * fix: handle closed channels on unsubscribe (#1995) * fix: give restore more time (#1997) * fix: translation file read (#2009) * feat: translation file read * feat: readme * fix: enable idp add button for iam users (#2010) * fix: filter event_data (#2011) * feat: Custom message files (#1992) * feat: add get custom message text to admin api * feat: read custom message texts from files * feat: get languages in apis * feat: get languages in apis * feat: get languages in apis * feat: pr feedback * feat: docs * feat: merge main * fix: sms notification (#2013) * fix: phone verifications * feat: fix password reset as sms * fix: phone verification * fix: grpc status in sentry and validation interceptors (#2012) * fix: remove oauth endpoints from oidc config proto (#2014) * try with view * fix(console): disable sw (#2021) * fix: disable sw * angular.json disable sw * project projections * fix typos * customize projections * customizable projections, add change date to projects Co-authored-by: Livio Amstutz Co-authored-by: Max Peintner Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster Co-authored-by: mffap Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof * env file * typo * correct users * correct migration * fix: merge fail * fix test * fix(tests): unordered matcher * improve currentSequenceMatcher * correct certs * correct certs * add zitadel database on database list * refctor switch in match * enable all handlers * Delete io.env * cleanup * add handlers * rename view to projection * rename view to projection * fix type typo * remove unnecessary logs * refactor stmts * simplify interval calculation * fix tests * fix unlock test * fix migration * migs * fix(operator): update cockroach and flyway versions (#2138) * chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3 Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * start update dependencies * update mods and otlp * fix(build): update to go 1.16 * old version for k8s mods * update k8s versions * update orbos * fix(operator): update cockroach and flyway version * Update images.go Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stefan Benz * fix import * fix typo * fix(migration): add org projection * fix(projection): correct table for org events in org owners * better insert stmt * fix typo * fix typo * set max connection lifetime * set max conns and conn lifetime in eventstore v1 * configure sql connection settings * add mig for agg type index * fix replace tab in yaml * handler interfaces * subscription * first try * handler * move sql client initialization * first part implemented * removed all occurencies of org by id and search orgs * fix merge issues * cleanup code * fix: queries implements orgviewprovider * cleanup * refactor text comparison * remove unused file * remove unused code * log * remove unused code * remove unused field * remove unused file * refactor * tests for search query * remove try * simplify state change mappers * projection tests * query functions * move reusable objects to separate files * rename domain column to primar_domain * fix tests * add current sequence * remove log prints * fix tests * fix: verifier * fix test * rename domain col migrations * simplify search response * add custom column constructors * fix: org projection table const * fix: full column name * feat: text query extension * fix: tests for query * number query * add deprection message * projection * correct migration * projection * column in a single place (#2416) * column in a single place * use projection for columns * query column with aliases * rename methods * remove unused code * column for current sequences * global counter column * fix is org unique * query * fix wrong code * remove unused code * query * remove unused code * remove unused code * remove unused code * remove unused code * tests * tests * fix: tests * migrations * fixes * errors * fix test * add converter option * fix(auth-repo): add queries to struct * error messages * rename method, correct log message Co-authored-by: Max Peintner Co-authored-by: Livio Amstutz Co-authored-by: Florian Forster Co-authored-by: mffap Co-authored-by: Maximilian Panne Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof Co-authored-by: Stefan Benz Co-authored-by: fabi --- .../eventsourcing/eventstore/iam.go | 26 --- .../eventsourcing/handler/handler.go | 2 - .../handler/password_age_policy.go | 111 --------- .../eventsourcing/view/password_age_policy.go | 53 ----- internal/admin/repository/iam.go | 2 - internal/api/grpc/admin/password_age.go | 2 +- .../grpc/management/policy_password_age.go | 7 +- .../api/grpc/policy/password_age_policy.go | 8 +- .../model/password_age_policy.go | 9 - .../view/model/password_age_policy.go | 81 ------- .../view/model/password_age_policy_query.go | 59 ----- .../view/password_age_policy_view.go | 32 --- .../eventsourcing/eventstore/org.go | 51 ----- .../eventsourcing/handler/handler.go | 2 - .../handler/password_age_policy.go | 109 --------- .../eventsourcing/view/password_age_policy.go | 53 ----- internal/management/repository/org.go | 3 - internal/query/password_age_policy.go | 125 +++++++++++ internal/query/projection/org.go | 2 +- .../query/projection/password_age_policy.go | 149 +++++++++++++ .../projection/password_age_policy_test.go | 210 ++++++++++++++++++ .../projection/password_complexity_policy.go | 6 +- internal/query/projection/project.go | 2 +- internal/query/projection/project_grant.go | 14 +- internal/query/projection/project_role.go | 8 +- internal/query/projection/projection.go | 1 + internal/static/i18n/en.yaml | 2 +- .../cockroach/V1.81__password_age_policy.sql | 14 ++ 28 files changed, 525 insertions(+), 618 deletions(-) delete mode 100644 internal/admin/repository/eventsourcing/handler/password_age_policy.go delete mode 100644 internal/admin/repository/eventsourcing/view/password_age_policy.go delete mode 100644 internal/iam/repository/view/model/password_age_policy.go delete mode 100644 internal/iam/repository/view/model/password_age_policy_query.go delete mode 100644 internal/iam/repository/view/password_age_policy_view.go delete mode 100644 internal/management/repository/eventsourcing/handler/password_age_policy.go delete mode 100644 internal/management/repository/eventsourcing/view/password_age_policy.go create mode 100644 internal/query/password_age_policy.go create mode 100644 internal/query/projection/password_age_policy.go create mode 100644 internal/query/projection/password_age_policy_test.go create mode 100644 migrations/cockroach/V1.81__password_age_policy.sql diff --git a/internal/admin/repository/eventsourcing/eventstore/iam.go b/internal/admin/repository/eventsourcing/eventstore/iam.go index 51e22d4b6c..4d69d8ca34 100644 --- a/internal/admin/repository/eventsourcing/eventstore/iam.go +++ b/internal/admin/repository/eventsourcing/eventstore/iam.go @@ -167,32 +167,6 @@ func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, reques return result, nil } -func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) { - policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID) - if viewErr != nil && !caos_errs.IsNotFound(viewErr) { - return nil, viewErr - } - if caos_errs.IsNotFound(viewErr) { - policy = new(iam_es_model.PasswordAgePolicyView) - } - - events, esErr := repo.getIAMEvents(ctx, policy.Sequence) - if caos_errs.IsNotFound(viewErr) && len(events) == 0 { - return nil, caos_errs.ThrowNotFound(nil, "EVENT-vMyS3", "Errors.IAM.PasswordAgePolicy.NotFound") - } - if esErr != nil { - logging.Log("EVENT-3M0xs").WithError(esErr).Debug("error retrieving new events") - return iam_es_model.PasswordAgeViewToModel(policy), nil - } - policyCopy := *policy - for _, event := range events { - if err := policyCopy.AppendEvent(event); err != nil { - return iam_es_model.PasswordAgeViewToModel(policy), nil - } - } - return iam_es_model.PasswordAgeViewToModel(policy), nil -} - func (repo *IAMRepository) GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) { policy, viewErr := repo.View.LockoutPolicyByAggregateID(repo.SystemDefaults.IamID) if viewErr != nil && !caos_errs.IsNotFound(viewErr) { diff --git a/internal/admin/repository/eventsourcing/handler/handler.go b/internal/admin/repository/eventsourcing/handler/handler.go index 0805384025..1e176af992 100644 --- a/internal/admin/repository/eventsourcing/handler/handler.go +++ b/internal/admin/repository/eventsourcing/handler/handler.go @@ -45,8 +45,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es newUser( handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es}, defaults), - newPasswordAgePolicy( - handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount, es}), newLockoutPolicy( handler{view, bulkLimit, configs.cycleDuration("LockoutPolicy"), errorCount, es}), newOrgIAMPolicy( diff --git a/internal/admin/repository/eventsourcing/handler/password_age_policy.go b/internal/admin/repository/eventsourcing/handler/password_age_policy.go deleted file mode 100644 index 66065cc2ea..0000000000 --- a/internal/admin/repository/eventsourcing/handler/password_age_policy.go +++ /dev/null @@ -1,111 +0,0 @@ -package handler - -import ( - "github.com/caos/logging" - - "github.com/caos/zitadel/internal/eventstore/v1" - iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model" - - es_models "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/eventstore/v1/query" - "github.com/caos/zitadel/internal/eventstore/v1/spooler" - iam_model "github.com/caos/zitadel/internal/iam/repository/view/model" - "github.com/caos/zitadel/internal/org/repository/eventsourcing/model" -) - -const ( - passwordAgePolicyTable = "adminapi.password_age_policies" -) - -type PasswordAgePolicy struct { - handler - subscription *v1.Subscription -} - -func newPasswordAgePolicy(handler handler) *PasswordAgePolicy { - h := &PasswordAgePolicy{ - handler: handler, - } - - h.subscribe() - - return h -} - -func (p *PasswordAgePolicy) subscribe() { - p.subscription = p.es.Subscribe(p.AggregateTypes()...) - go func() { - for event := range p.subscription.Events { - query.ReduceEvent(p, event) - } - }() -} - -func (p *PasswordAgePolicy) ViewModel() string { - return passwordAgePolicyTable -} - -func (p *PasswordAgePolicy) Subscription() *v1.Subscription { - return p.subscription -} - -func (p *PasswordAgePolicy) AggregateTypes() []es_models.AggregateType { - return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate} -} - -func (p *PasswordAgePolicy) CurrentSequence() (uint64, error) { - sequence, err := p.view.GetLatestPasswordAgePolicySequence() - if err != nil { - return 0, err - } - return sequence.CurrentSequence, nil -} - -func (p *PasswordAgePolicy) EventQuery() (*es_models.SearchQuery, error) { - sequence, err := p.view.GetLatestPasswordAgePolicySequence() - if err != nil { - return nil, err - } - return es_models.NewSearchQuery(). - AggregateTypeFilter(p.AggregateTypes()...). - LatestSequenceFilter(sequence.CurrentSequence), nil -} - -func (p *PasswordAgePolicy) Reduce(event *es_models.Event) (err error) { - switch event.AggregateType { - case model.OrgAggregate, iam_es_model.IAMAggregate: - err = p.processPasswordAgePolicy(event) - } - return err -} - -func (p *PasswordAgePolicy) processPasswordAgePolicy(event *es_models.Event) (err error) { - policy := new(iam_model.PasswordAgePolicyView) - switch event.Type { - case iam_es_model.PasswordAgePolicyAdded, model.PasswordAgePolicyAdded: - err = policy.AppendEvent(event) - case iam_es_model.PasswordAgePolicyChanged, model.PasswordAgePolicyChanged: - policy, err = p.view.PasswordAgePolicyByAggregateID(event.AggregateID) - if err != nil { - return err - } - err = policy.AppendEvent(event) - case model.PasswordAgePolicyRemoved: - return p.view.DeletePasswordAgePolicy(event.AggregateID, event) - default: - return p.view.ProcessedPasswordAgePolicySequence(event) - } - if err != nil { - return err - } - return p.view.PutPasswordAgePolicy(policy, event) -} - -func (p *PasswordAgePolicy) OnError(event *es_models.Event, err error) error { - logging.LogWithFields("SPOOL-nD8sie", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordAge policy handler") - return spooler.HandleError(event, err, p.view.GetLatestPasswordAgePolicyFailedEvent, p.view.ProcessedPasswordAgePolicyFailedEvent, p.view.ProcessedPasswordAgePolicySequence, p.errorCountUntilSkip) -} - -func (p *PasswordAgePolicy) OnSuccess() error { - return spooler.HandleSuccess(p.view.UpdateProcessedPasswordAgePolicySpoolerRunTimestamp) -} diff --git a/internal/admin/repository/eventsourcing/view/password_age_policy.go b/internal/admin/repository/eventsourcing/view/password_age_policy.go deleted file mode 100644 index 0d3a5c8293..0000000000 --- a/internal/admin/repository/eventsourcing/view/password_age_policy.go +++ /dev/null @@ -1,53 +0,0 @@ -package view - -import ( - "github.com/caos/zitadel/internal/errors" - "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/iam/repository/view" - "github.com/caos/zitadel/internal/iam/repository/view/model" - global_view "github.com/caos/zitadel/internal/view/repository" -) - -const ( - passwordAgePolicyTable = "adminapi.password_age_policies" -) - -func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.PasswordAgePolicyView, error) { - return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID) -} - -func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, event *models.Event) error { - err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy) - if err != nil { - return err - } - return v.ProcessedPasswordAgePolicySequence(event) -} - -func (v *View) DeletePasswordAgePolicy(aggregateID string, event *models.Event) error { - err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID) - if err != nil && !errors.IsNotFound(err) { - return err - } - return v.ProcessedPasswordAgePolicySequence(event) -} - -func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) { - return v.latestSequence(passwordAgePolicyTable) -} - -func (v *View) ProcessedPasswordAgePolicySequence(event *models.Event) error { - return v.saveCurrentSequence(passwordAgePolicyTable, event) -} - -func (v *View) UpdateProcessedPasswordAgePolicySpoolerRunTimestamp() error { - return v.updateSpoolerRunSequence(passwordAgePolicyTable) -} - -func (v *View) GetLatestPasswordAgePolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) { - return v.latestFailedEvent(passwordAgePolicyTable, sequence) -} - -func (v *View) ProcessedPasswordAgePolicyFailedEvent(failedEvent *global_view.FailedEvent) error { - return v.saveFailedEvent(failedEvent) -} diff --git a/internal/admin/repository/iam.go b/internal/admin/repository/iam.go index 15dbaf6167..d7983b0d5c 100644 --- a/internal/admin/repository/iam.go +++ b/internal/admin/repository/iam.go @@ -35,8 +35,6 @@ type IAMRepository interface { GetDefaultLoginTexts(ctx context.Context, lang string) (*domain.CustomLoginText, error) GetCustomLoginTexts(ctx context.Context, lang string) (*domain.CustomLoginText, error) - GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) - GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) GetDefaultPrivacyPolicy(ctx context.Context) (*iam_model.PrivacyPolicyView, error) diff --git a/internal/api/grpc/admin/password_age.go b/internal/api/grpc/admin/password_age.go index 11884cfc9a..af7d4dbc81 100644 --- a/internal/api/grpc/admin/password_age.go +++ b/internal/api/grpc/admin/password_age.go @@ -9,7 +9,7 @@ import ( ) func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *admin_pb.GetPasswordAgePolicyRequest) (*admin_pb.GetPasswordAgePolicyResponse, error) { - policy, err := s.iam.GetDefaultPasswordAgePolicy(ctx) + policy, err := s.query.DefaultPasswordAgePolicy(ctx) if err != nil { return nil, err } diff --git a/internal/api/grpc/management/policy_password_age.go b/internal/api/grpc/management/policy_password_age.go index ad154f0954..b2d6ec8e57 100644 --- a/internal/api/grpc/management/policy_password_age.go +++ b/internal/api/grpc/management/policy_password_age.go @@ -2,6 +2,7 @@ package management import ( "context" + "github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/grpc/object" policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy" @@ -9,18 +10,18 @@ import ( ) func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetPasswordAgePolicyRequest) (*mgmt_pb.GetPasswordAgePolicyResponse, error) { - policy, err := s.org.GetPasswordAgePolicy(ctx) + policy, err := s.query.PasswordAgePolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID) if err != nil { return nil, err } return &mgmt_pb.GetPasswordAgePolicyResponse{ Policy: policy_grpc.ModelPasswordAgePolicyToPb(policy), - IsDefault: policy.Default, + IsDefault: policy.IsDefault, }, nil } func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetDefaultPasswordAgePolicyRequest) (*mgmt_pb.GetDefaultPasswordAgePolicyResponse, error) { - policy, err := s.org.GetDefaultPasswordAgePolicy(ctx) + policy, err := s.query.DefaultPasswordAgePolicy(ctx) if err != nil { return nil, err } diff --git a/internal/api/grpc/policy/password_age_policy.go b/internal/api/grpc/policy/password_age_policy.go index 5bc0866a0a..c8de09b61f 100644 --- a/internal/api/grpc/policy/password_age_policy.go +++ b/internal/api/grpc/policy/password_age_policy.go @@ -2,20 +2,20 @@ package policy import ( "github.com/caos/zitadel/internal/api/grpc/object" - "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/query" policy_pb "github.com/caos/zitadel/pkg/grpc/policy" ) -func ModelPasswordAgePolicyToPb(policy *model.PasswordAgePolicyView) *policy_pb.PasswordAgePolicy { +func ModelPasswordAgePolicyToPb(policy *query.PasswordAgePolicy) *policy_pb.PasswordAgePolicy { return &policy_pb.PasswordAgePolicy{ - IsDefault: policy.Default, + IsDefault: policy.IsDefault, MaxAgeDays: policy.MaxAgeDays, ExpireWarnDays: policy.ExpireWarnDays, Details: object.ToViewDetailsPb( policy.Sequence, policy.CreationDate, policy.ChangeDate, - "", //TODO: resourceowner + policy.ResourceOwner, ), } } diff --git a/internal/iam/repository/eventsourcing/model/password_age_policy.go b/internal/iam/repository/eventsourcing/model/password_age_policy.go index 77469d82bf..e3b70f8538 100644 --- a/internal/iam/repository/eventsourcing/model/password_age_policy.go +++ b/internal/iam/repository/eventsourcing/model/password_age_policy.go @@ -16,15 +16,6 @@ type PasswordAgePolicy struct { ExpireWarnDays uint64 `json:"expireWarnDays"` } -func PasswordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *PasswordAgePolicy { - return &PasswordAgePolicy{ - ObjectRoot: policy.ObjectRoot, - State: int32(policy.State), - MaxAgeDays: policy.MaxAgeDays, - ExpireWarnDays: policy.ExpireWarnDays, - } -} - func PasswordAgePolicyToModel(policy *PasswordAgePolicy) *iam_model.PasswordAgePolicy { return &iam_model.PasswordAgePolicy{ ObjectRoot: policy.ObjectRoot, diff --git a/internal/iam/repository/view/model/password_age_policy.go b/internal/iam/repository/view/model/password_age_policy.go deleted file mode 100644 index dfc3dec7d8..0000000000 --- a/internal/iam/repository/view/model/password_age_policy.go +++ /dev/null @@ -1,81 +0,0 @@ -package model - -import ( - "encoding/json" - org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model" - "time" - - iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model" - - "github.com/caos/logging" - caos_errs "github.com/caos/zitadel/internal/errors" - "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/iam/model" -) - -const ( - PasswordAgeKeyAggregateID = "aggregate_id" -) - -type PasswordAgePolicyView struct { - AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - State int32 `json:"-" gorm:"column:age_policy_state"` - - MaxAgeDays uint64 `json:"maxAgeDays" gorm:"column:max_age_days"` - ExpireWarnDays uint64 `json:"expireWarnDays" gorm:"column:expire_warn_days"` - Default bool `json:"-" gorm:"-"` - - Sequence uint64 `json:"-" gorm:"column:sequence"` -} - -func PasswordAgeViewFromModel(policy *model.PasswordAgePolicyView) *PasswordAgePolicyView { - return &PasswordAgePolicyView{ - AggregateID: policy.AggregateID, - Sequence: policy.Sequence, - CreationDate: policy.CreationDate, - ChangeDate: policy.ChangeDate, - MaxAgeDays: policy.MaxAgeDays, - ExpireWarnDays: policy.ExpireWarnDays, - Default: policy.Default, - } -} - -func PasswordAgeViewToModel(policy *PasswordAgePolicyView) *model.PasswordAgePolicyView { - return &model.PasswordAgePolicyView{ - AggregateID: policy.AggregateID, - Sequence: policy.Sequence, - CreationDate: policy.CreationDate, - ChangeDate: policy.ChangeDate, - MaxAgeDays: policy.MaxAgeDays, - ExpireWarnDays: policy.ExpireWarnDays, - Default: policy.Default, - } -} - -func (i *PasswordAgePolicyView) AppendEvent(event *models.Event) (err error) { - i.Sequence = event.Sequence - i.ChangeDate = event.CreationDate - switch event.Type { - case iam_es_model.PasswordAgePolicyAdded, org_es_model.PasswordAgePolicyAdded: - i.setRootData(event) - i.CreationDate = event.CreationDate - err = i.SetData(event) - case iam_es_model.PasswordAgePolicyChanged, org_es_model.PasswordAgePolicyChanged: - err = i.SetData(event) - } - return err -} - -func (r *PasswordAgePolicyView) setRootData(event *models.Event) { - r.AggregateID = event.AggregateID -} - -func (r *PasswordAgePolicyView) SetData(event *models.Event) error { - if err := json.Unmarshal(event.Data, r); err != nil { - logging.Log("EVEN-gH9os").WithError(err).Error("could not unmarshal event data") - return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data") - } - return nil -} diff --git a/internal/iam/repository/view/model/password_age_policy_query.go b/internal/iam/repository/view/model/password_age_policy_query.go deleted file mode 100644 index 3bf51e273b..0000000000 --- a/internal/iam/repository/view/model/password_age_policy_query.go +++ /dev/null @@ -1,59 +0,0 @@ -package model - -import ( - "github.com/caos/zitadel/internal/domain" - iam_model "github.com/caos/zitadel/internal/iam/model" - "github.com/caos/zitadel/internal/view/repository" -) - -type PasswordAgePolicySearchRequest iam_model.PasswordAgePolicySearchRequest -type PasswordAgePolicySearchQuery iam_model.PasswordAgePolicySearchQuery -type PasswordAgePolicySearchKey iam_model.PasswordAgePolicySearchKey - -func (req PasswordAgePolicySearchRequest) GetLimit() uint64 { - return req.Limit -} - -func (req PasswordAgePolicySearchRequest) GetOffset() uint64 { - return req.Offset -} - -func (req PasswordAgePolicySearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == iam_model.PasswordAgePolicySearchKeyUnspecified { - return nil - } - return PasswordAgePolicySearchKey(req.SortingColumn) -} - -func (req PasswordAgePolicySearchRequest) GetAsc() bool { - return req.Asc -} - -func (req PasswordAgePolicySearchRequest) GetQueries() []repository.SearchQuery { - result := make([]repository.SearchQuery, len(req.Queries)) - for i, q := range req.Queries { - result[i] = PasswordAgePolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method} - } - return result -} - -func (req PasswordAgePolicySearchQuery) GetKey() repository.ColumnKey { - return PasswordAgePolicySearchKey(req.Key) -} - -func (req PasswordAgePolicySearchQuery) GetMethod() domain.SearchMethod { - return req.Method -} - -func (req PasswordAgePolicySearchQuery) GetValue() interface{} { - return req.Value -} - -func (key PasswordAgePolicySearchKey) ToColumnName() string { - switch iam_model.PasswordAgePolicySearchKey(key) { - case iam_model.PasswordAgePolicySearchKeyAggregateID: - return PasswordAgeKeyAggregateID - default: - return "" - } -} diff --git a/internal/iam/repository/view/password_age_policy_view.go b/internal/iam/repository/view/password_age_policy_view.go deleted file mode 100644 index 76da3f5f48..0000000000 --- a/internal/iam/repository/view/password_age_policy_view.go +++ /dev/null @@ -1,32 +0,0 @@ -package view - -import ( - "github.com/caos/zitadel/internal/domain" - caos_errs "github.com/caos/zitadel/internal/errors" - iam_model "github.com/caos/zitadel/internal/iam/model" - "github.com/caos/zitadel/internal/iam/repository/view/model" - "github.com/caos/zitadel/internal/view/repository" - "github.com/jinzhu/gorm" -) - -func GetPasswordAgePolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordAgePolicyView, error) { - policy := new(model.PasswordAgePolicyView) - aggregateIDQuery := &model.PasswordAgePolicySearchQuery{Key: iam_model.PasswordAgePolicySearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals} - query := repository.PrepareGetByQuery(table, aggregateIDQuery) - err := query(db, policy) - if caos_errs.IsNotFound(err) { - return nil, caos_errs.ThrowNotFound(nil, "VIEW-6M9vs", "Errors.IAM.PasswordAgePolicy.NotExisting") - } - return policy, err -} - -func PutPasswordAgePolicy(db *gorm.DB, table string, policy *model.PasswordAgePolicyView) error { - save := repository.PrepareSave(table) - return save(db, policy) -} - -func DeletePasswordAgePolicy(db *gorm.DB, table, aggregateID string) error { - delete := repository.PrepareDeleteByKey(table, model.PasswordAgePolicySearchKey(iam_model.PasswordAgePolicySearchKeyAggregateID), aggregateID) - - return delete(db) -} diff --git a/internal/management/repository/eventsourcing/eventstore/org.go b/internal/management/repository/eventsourcing/eventstore/org.go index 6de42371ce..01909b1f34 100644 --- a/internal/management/repository/eventsourcing/eventstore/org.go +++ b/internal/management/repository/eventsourcing/eventstore/org.go @@ -285,57 +285,6 @@ func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_ return result, nil } -func (repo *OrgRepository) GetPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) { - policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(authz.GetCtxData(ctx).OrgID) - if viewErr != nil && !errors.IsNotFound(viewErr) { - return nil, viewErr - } - if errors.IsNotFound(viewErr) { - policy = new(iam_view_model.PasswordAgePolicyView) - } - events, esErr := repo.getOrgEvents(ctx, repo.SystemDefaults.IamID, policy.Sequence) - if errors.IsNotFound(viewErr) && len(events) == 0 { - return repo.GetDefaultPasswordAgePolicy(ctx) - } - if esErr != nil { - logging.Log("EVENT-5Mx7s").WithError(esErr).Debug("error retrieving new events") - return iam_view_model.PasswordAgeViewToModel(policy), nil - } - policyCopy := *policy - for _, event := range events { - if err := policyCopy.AppendEvent(event); err != nil { - return iam_view_model.PasswordAgeViewToModel(policy), nil - } - } - return iam_view_model.PasswordAgeViewToModel(policy), nil -} - -func (repo *OrgRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) { - policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID) - if viewErr != nil && !errors.IsNotFound(viewErr) { - return nil, viewErr - } - if errors.IsNotFound(viewErr) { - policy = new(iam_view_model.PasswordAgePolicyView) - } - events, esErr := repo.getIAMEvents(ctx, policy.Sequence) - if errors.IsNotFound(viewErr) && len(events) == 0 { - return nil, errors.ThrowNotFound(nil, "EVENT-cmO9s", "Errors.IAM.PasswordAgePolicy.NotFound") - } - if esErr != nil { - logging.Log("EVENT-3I90s").WithError(esErr).Debug("error retrieving new events") - return iam_view_model.PasswordAgeViewToModel(policy), nil - } - policyCopy := *policy - for _, event := range events { - if err := policyCopy.AppendEvent(event); err != nil { - return iam_view_model.PasswordAgeViewToModel(policy), nil - } - } - policy.Default = true - return iam_view_model.PasswordAgeViewToModel(policy), nil -} - func (repo *OrgRepository) GetLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) { policy, viewErr := repo.View.LockoutPolicyByAggregateID(authz.GetCtxData(ctx).OrgID) if viewErr != nil && !errors.IsNotFound(viewErr) { diff --git a/internal/management/repository/eventsourcing/handler/handler.go b/internal/management/repository/eventsourcing/handler/handler.go index 6e893971ff..43c947c1bf 100644 --- a/internal/management/repository/eventsourcing/handler/handler.go +++ b/internal/management/repository/eventsourcing/handler/handler.go @@ -57,8 +57,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es newExternalIDP( handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount, es}, defaults), - newPasswordAgePolicy( - handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount, es}), newLockoutPolicy( handler{view, bulkLimit, configs.cycleDuration("LockoutPolicy"), errorCount, es}), newOrgIAMPolicy( diff --git a/internal/management/repository/eventsourcing/handler/password_age_policy.go b/internal/management/repository/eventsourcing/handler/password_age_policy.go deleted file mode 100644 index 857d83078f..0000000000 --- a/internal/management/repository/eventsourcing/handler/password_age_policy.go +++ /dev/null @@ -1,109 +0,0 @@ -package handler - -import ( - "github.com/caos/logging" - "github.com/caos/zitadel/internal/eventstore/v1" - es_models "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/eventstore/v1/query" - "github.com/caos/zitadel/internal/eventstore/v1/spooler" - iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model" - iam_model "github.com/caos/zitadel/internal/iam/repository/view/model" - "github.com/caos/zitadel/internal/org/repository/eventsourcing/model" -) - -const ( - passwordAgePolicyTable = "management.password_age_policies" -) - -type PasswordAgePolicy struct { - handler - subscription *v1.Subscription -} - -func newPasswordAgePolicy(handler handler) *PasswordAgePolicy { - h := &PasswordAgePolicy{ - handler: handler, - } - - h.subscribe() - - return h -} - -func (m *PasswordAgePolicy) subscribe() { - m.subscription = m.es.Subscribe(m.AggregateTypes()...) - go func() { - for event := range m.subscription.Events { - query.ReduceEvent(m, event) - } - }() -} - -func (m *PasswordAgePolicy) ViewModel() string { - return passwordAgePolicyTable -} - -func (p *PasswordAgePolicy) Subscription() *v1.Subscription { - return p.subscription -} - -func (_ *PasswordAgePolicy) AggregateTypes() []es_models.AggregateType { - return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate} -} - -func (o *PasswordAgePolicy) CurrentSequence() (uint64, error) { - sequence, err := o.view.GetLatestPasswordAgePolicySequence() - if err != nil { - return 0, err - } - return sequence.CurrentSequence, nil -} - -func (p *PasswordAgePolicy) EventQuery() (*es_models.SearchQuery, error) { - sequence, err := p.view.GetLatestPasswordAgePolicySequence() - if err != nil { - return nil, err - } - return es_models.NewSearchQuery(). - AggregateTypeFilter(p.AggregateTypes()...). - LatestSequenceFilter(sequence.CurrentSequence), nil -} - -func (m *PasswordAgePolicy) Reduce(event *es_models.Event) (err error) { - switch event.AggregateType { - case model.OrgAggregate, iam_es_model.IAMAggregate: - err = m.processPasswordAgePolicy(event) - } - return err -} - -func (m *PasswordAgePolicy) processPasswordAgePolicy(event *es_models.Event) (err error) { - policy := new(iam_model.PasswordAgePolicyView) - switch event.Type { - case iam_es_model.PasswordAgePolicyAdded, model.PasswordAgePolicyAdded: - err = policy.AppendEvent(event) - case iam_es_model.PasswordAgePolicyChanged, model.PasswordAgePolicyChanged: - policy, err = m.view.PasswordAgePolicyByAggregateID(event.AggregateID) - if err != nil { - return err - } - err = policy.AppendEvent(event) - case model.PasswordAgePolicyRemoved: - return m.view.DeletePasswordAgePolicy(event.AggregateID, event) - default: - return m.view.ProcessedPasswordAgePolicySequence(event) - } - if err != nil { - return err - } - return m.view.PutPasswordAgePolicy(policy, event) -} - -func (m *PasswordAgePolicy) OnError(event *es_models.Event, err error) error { - logging.LogWithFields("SPOOL-Bs89f", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordAge policy handler") - return spooler.HandleError(event, err, m.view.GetLatestPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicySequence, m.errorCountUntilSkip) -} - -func (m *PasswordAgePolicy) OnSuccess() error { - return spooler.HandleSuccess(m.view.UpdatePasswordAgePolicySpoolerRunTimestamp) -} diff --git a/internal/management/repository/eventsourcing/view/password_age_policy.go b/internal/management/repository/eventsourcing/view/password_age_policy.go deleted file mode 100644 index 9b74ae1e98..0000000000 --- a/internal/management/repository/eventsourcing/view/password_age_policy.go +++ /dev/null @@ -1,53 +0,0 @@ -package view - -import ( - "github.com/caos/zitadel/internal/errors" - "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/iam/repository/view" - "github.com/caos/zitadel/internal/iam/repository/view/model" - global_view "github.com/caos/zitadel/internal/view/repository" -) - -const ( - passwordAgePolicyTable = "management.password_age_policies" -) - -func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.PasswordAgePolicyView, error) { - return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID) -} - -func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, event *models.Event) error { - err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy) - if err != nil { - return err - } - return v.ProcessedPasswordAgePolicySequence(event) -} - -func (v *View) DeletePasswordAgePolicy(aggregateID string, event *models.Event) error { - err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID) - if err != nil && !errors.IsNotFound(err) { - return err - } - return v.ProcessedPasswordAgePolicySequence(event) -} - -func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) { - return v.latestSequence(passwordAgePolicyTable) -} - -func (v *View) ProcessedPasswordAgePolicySequence(event *models.Event) error { - return v.saveCurrentSequence(passwordAgePolicyTable, event) -} - -func (v *View) UpdatePasswordAgePolicySpoolerRunTimestamp() error { - return v.updateSpoolerRunSequence(passwordAgePolicyTable) -} - -func (v *View) GetLatestPasswordAgePolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) { - return v.latestFailedEvent(passwordAgePolicyTable, sequence) -} - -func (v *View) ProcessedPasswordAgePolicyFailedEvent(failedEvent *global_view.FailedEvent) error { - return v.saveFailedEvent(failedEvent) -} diff --git a/internal/management/repository/org.go b/internal/management/repository/org.go index 8327908571..6cb6d5a9fb 100644 --- a/internal/management/repository/org.go +++ b/internal/management/repository/org.go @@ -28,9 +28,6 @@ type OrgRepository interface { SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) GetIDPProvidersByIDPConfigID(ctx context.Context, aggregateID, idpConfigID string) ([]*iam_model.IDPProviderView, error) - GetPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) - GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) - GetLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) diff --git a/internal/query/password_age_policy.go b/internal/query/password_age_policy.go new file mode 100644 index 0000000000..9f7a8a5e5e --- /dev/null +++ b/internal/query/password_age_policy.go @@ -0,0 +1,125 @@ +package query + +import ( + "context" + "database/sql" + errs "errors" + "time" + + sq "github.com/Masterminds/squirrel" + "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/query/projection" +) + +type PasswordAgePolicy struct { + ID string + Sequence uint64 + CreationDate time.Time + ChangeDate time.Time + ResourceOwner string + + ExpireWarnDays uint64 + MaxAgeDays uint64 + + IsDefault bool +} + +var ( + passwordAgeTable = table{ + name: projection.PasswordAgeTable, + } + PasswordAgeColID = Column{ + name: projection.AgePolicyIDCol, + } + PasswordAgeColSequence = Column{ + name: projection.AgePolicySequenceCol, + } + PasswordAgeColCreationDate = Column{ + name: projection.AgePolicyCreationDateCol, + } + PasswordAgeColChangeDate = Column{ + name: projection.AgePolicyChangeDateCol, + } + PasswordAgeColResourceOwner = Column{ + name: projection.AgePolicyResourceOwnerCol, + } + PasswordAgeColWarnDays = Column{ + name: projection.AgePolicyExpireWarnDaysCol, + } + PasswordAgeColMaxAge = Column{ + name: projection.AgePolicyMaxAgeDaysCol, + } + PasswordAgeColIsDefault = Column{ + name: projection.AgePolicyIsDefaultCol, + } +) + +func (q *Queries) PasswordAgePolicyByOrg(ctx context.Context, orgID string) (*PasswordAgePolicy, error) { + stmt, scan := preparePasswordAgePolicyQuery() + query, args, err := stmt.Where( + sq.Or{ + sq.Eq{ + PasswordAgeColID.identifier(): orgID, + }, + sq.Eq{ + PasswordAgeColID.identifier(): q.iamID, + }, + }). + OrderBy(PasswordAgeColIsDefault.identifier()). + Limit(1).ToSql() + if err != nil { + return nil, errors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement") + } + + row := q.client.QueryRowContext(ctx, query, args...) + return scan(row) +} + +func (q *Queries) DefaultPasswordAgePolicy(ctx context.Context) (*PasswordAgePolicy, error) { + stmt, scan := preparePasswordAgePolicyQuery() + query, args, err := stmt.Where(sq.Eq{ + PasswordAgeColID.identifier(): q.iamID, + }). + OrderBy(PasswordAgeColIsDefault.identifier()). + Limit(1).ToSql() + if err != nil { + return nil, errors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement") + } + + row := q.client.QueryRowContext(ctx, query, args...) + return scan(row) +} + +func preparePasswordAgePolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*PasswordAgePolicy, error)) { + return sq.Select( + PasswordAgeColID.identifier(), + PasswordAgeColSequence.identifier(), + PasswordAgeColCreationDate.identifier(), + PasswordAgeColChangeDate.identifier(), + PasswordAgeColResourceOwner.identifier(), + PasswordAgeColWarnDays.identifier(), + PasswordAgeColMaxAge.identifier(), + PasswordAgeColIsDefault.identifier(), + ). + From(passwordAgeTable.identifier()).PlaceholderFormat(sq.Dollar), + func(row *sql.Row) (*PasswordAgePolicy, error) { + policy := new(PasswordAgePolicy) + err := row.Scan( + &policy.ID, + &policy.Sequence, + &policy.CreationDate, + &policy.ChangeDate, + &policy.ResourceOwner, + &policy.ExpireWarnDays, + &policy.MaxAgeDays, + &policy.IsDefault, + ) + if err != nil { + if errs.Is(err, sql.ErrNoRows) { + return nil, errors.ThrowNotFound(err, "QUERY-63mtI", "Errors.Org.PasswordComplexity.NotFound") + } + return nil, errors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal") + } + return policy, nil + } +} diff --git a/internal/query/projection/org.go b/internal/query/projection/org.go index 21e5d14bec..c3f93f9a73 100644 --- a/internal/query/projection/org.go +++ b/internal/query/projection/org.go @@ -75,7 +75,7 @@ const ( func (p *OrgProjection) reduceOrgAdded(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*org.OrgAddedEvent) if !ok { - logging.LogWithFields("HANDL-zWCk3", "seq", event.Sequence(), "expectedType", org.OrgAddedEventType).Error("was not an event") + logging.LogWithFields("HANDL-zWCk3", "seq", event.Sequence(), "expectedType", org.OrgAddedEventType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-uYq4r", "reduce.wrong.event.type") } return crdb.NewCreateStatement( diff --git a/internal/query/projection/password_age_policy.go b/internal/query/projection/password_age_policy.go new file mode 100644 index 0000000000..a558384edf --- /dev/null +++ b/internal/query/projection/password_age_policy.go @@ -0,0 +1,149 @@ +package projection + +import ( + "context" + + "github.com/caos/logging" + "github.com/caos/zitadel/internal/domain" + "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore" + "github.com/caos/zitadel/internal/eventstore/handler" + "github.com/caos/zitadel/internal/eventstore/handler/crdb" + "github.com/caos/zitadel/internal/repository/iam" + "github.com/caos/zitadel/internal/repository/org" + "github.com/caos/zitadel/internal/repository/policy" +) + +type PasswordAgeProjection struct { + crdb.StatementHandler +} + +const ( + PasswordAgeTable = "zitadel.projections.password_age_policies" +) + +func NewPasswordAgeProjection(ctx context.Context, config crdb.StatementHandlerConfig) *PasswordAgeProjection { + p := &PasswordAgeProjection{} + config.ProjectionName = PasswordAgeTable + config.Reducers = p.reducers() + p.StatementHandler = crdb.NewStatementHandler(ctx, config) + return p +} + +func (p *PasswordAgeProjection) reducers() []handler.AggregateReducer { + return []handler.AggregateReducer{ + { + Aggregate: org.AggregateType, + EventRedusers: []handler.EventReducer{ + { + Event: org.PasswordAgePolicyAddedEventType, + Reduce: p.reduceAdded, + }, + { + Event: org.PasswordAgePolicyChangedEventType, + Reduce: p.reduceChanged, + }, + { + Event: org.PasswordAgePolicyRemovedEventType, + Reduce: p.reduceRemoved, + }, + }, + }, + { + Aggregate: iam.AggregateType, + EventRedusers: []handler.EventReducer{ + { + Event: iam.PasswordAgePolicyAddedEventType, + Reduce: p.reduceAdded, + }, + { + Event: iam.PasswordAgePolicyChangedEventType, + Reduce: p.reduceChanged, + }, + }, + }, + } +} + +func (p *PasswordAgeProjection) reduceAdded(event eventstore.EventReader) (*handler.Statement, error) { + var policyEvent policy.PasswordAgePolicyAddedEvent + var isDefault bool + switch e := event.(type) { + case *org.PasswordAgePolicyAddedEvent: + policyEvent = e.PasswordAgePolicyAddedEvent + isDefault = false + case *iam.PasswordAgePolicyAddedEvent: + policyEvent = e.PasswordAgePolicyAddedEvent + isDefault = true + default: + logging.LogWithFields("PROJE-stxcL", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordAgePolicyAddedEventType, iam.PasswordAgePolicyAddedEventType}).Error("wrong event type") + return nil, errors.ThrowInvalidArgument(nil, "PROJE-CJqF0", "reduce.wrong.event.type") + } + return crdb.NewCreateStatement( + &policyEvent, + []handler.Column{ + handler.NewCol(AgePolicyCreationDateCol, policyEvent.CreationDate()), + handler.NewCol(AgePolicyChangeDateCol, policyEvent.CreationDate()), + handler.NewCol(AgePolicySequenceCol, policyEvent.Sequence()), + handler.NewCol(AgePolicyIDCol, policyEvent.Aggregate().ID), + handler.NewCol(AgePolicyStateCol, domain.PolicyStateActive), + handler.NewCol(AgePolicyExpireWarnDaysCol, policyEvent.ExpireWarnDays), + handler.NewCol(AgePolicyMaxAgeDaysCol, policyEvent.MaxAgeDays), + handler.NewCol(AgePolicyIsDefaultCol, isDefault), + handler.NewCol(AgePolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner), + }), nil +} + +func (p *PasswordAgeProjection) reduceChanged(event eventstore.EventReader) (*handler.Statement, error) { + var policyEvent policy.PasswordAgePolicyChangedEvent + switch e := event.(type) { + case *org.PasswordAgePolicyChangedEvent: + policyEvent = e.PasswordAgePolicyChangedEvent + case *iam.PasswordAgePolicyChangedEvent: + policyEvent = e.PasswordAgePolicyChangedEvent + default: + logging.LogWithFields("PROJE-EZ53p", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordAgePolicyChangedEventType, iam.PasswordAgePolicyChangedEventType}).Error("wrong event type") + return nil, errors.ThrowInvalidArgument(nil, "PROJE-i7FZt", "reduce.wrong.event.type") + } + cols := []handler.Column{ + handler.NewCol(AgePolicyChangeDateCol, policyEvent.CreationDate()), + handler.NewCol(AgePolicySequenceCol, policyEvent.Sequence()), + } + if policyEvent.ExpireWarnDays != nil { + cols = append(cols, handler.NewCol(AgePolicyExpireWarnDaysCol, *policyEvent.ExpireWarnDays)) + } + if policyEvent.MaxAgeDays != nil { + cols = append(cols, handler.NewCol(AgePolicyMaxAgeDaysCol, *policyEvent.MaxAgeDays)) + } + return crdb.NewUpdateStatement( + &policyEvent, + cols, + []handler.Condition{ + handler.NewCond(AgePolicyIDCol, policyEvent.Aggregate().ID), + }), nil +} + +func (p *PasswordAgeProjection) reduceRemoved(event eventstore.EventReader) (*handler.Statement, error) { + policyEvent, ok := event.(*org.PasswordAgePolicyRemovedEvent) + if !ok { + logging.LogWithFields("PROJE-iwqfN", "seq", event.Sequence(), "expectedType", org.PasswordAgePolicyRemovedEventType).Error("wrong event type") + return nil, errors.ThrowInvalidArgument(nil, "PROJE-EtHWB", "reduce.wrong.event.type") + } + return crdb.NewDeleteStatement( + policyEvent, + []handler.Condition{ + handler.NewCond(AgePolicyIDCol, policyEvent.Aggregate().ID), + }), nil +} + +const ( + AgePolicyCreationDateCol = "creation_date" + AgePolicyChangeDateCol = "change_date" + AgePolicySequenceCol = "sequence" + AgePolicyIDCol = "id" + AgePolicyStateCol = "state" + AgePolicyExpireWarnDaysCol = "expire_warn_days" + AgePolicyMaxAgeDaysCol = "max_age_days" + AgePolicyIsDefaultCol = "is_default" + AgePolicyResourceOwnerCol = "resource_owner" +) diff --git a/internal/query/projection/password_age_policy_test.go b/internal/query/projection/password_age_policy_test.go new file mode 100644 index 0000000000..9348c250e8 --- /dev/null +++ b/internal/query/projection/password_age_policy_test.go @@ -0,0 +1,210 @@ +package projection + +import ( + "testing" + + "github.com/caos/zitadel/internal/domain" + "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore" + "github.com/caos/zitadel/internal/eventstore/handler" + "github.com/caos/zitadel/internal/eventstore/repository" + "github.com/caos/zitadel/internal/repository/iam" + "github.com/caos/zitadel/internal/repository/org" +) + +func TestPasswordAgeProjection_reduces(t *testing.T) { + type args struct { + event func(t *testing.T) eventstore.EventReader + } + tests := []struct { + name string + args args + reduce func(event eventstore.EventReader) (*handler.Statement, error) + want wantReduce + }{ + { + name: "org.reduceAdded", + args: args{ + event: getEvent(testEvent( + repository.EventType(org.PasswordAgePolicyAddedEventType), + org.AggregateType, + []byte(`{ + "expireWarnDays": 10, + "maxAgeDays": 13 +}`), + ), org.PasswordAgePolicyAddedEventMapper), + }, + reduce: (&PasswordAgeProjection{}).reduceAdded, + want: wantReduce{ + aggregateType: eventstore.AggregateType("org"), + sequence: 15, + previousSequence: 10, + projection: PasswordAgeTable, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "INSERT INTO zitadel.projections.password_age_policies (creation_date, change_date, sequence, id, state, expire_warn_days, max_age_days, is_default, resource_owner) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedArgs: []interface{}{ + anyArg{}, + anyArg{}, + uint64(15), + "agg-id", + domain.PolicyStateActive, + uint64(10), + uint64(13), + false, + "ro-id", + }, + }, + }, + }, + }, + }, + { + name: "org.reduceChanged", + reduce: (&PasswordAgeProjection{}).reduceChanged, + args: args{ + event: getEvent(testEvent( + repository.EventType(org.PasswordAgePolicyChangedEventType), + org.AggregateType, + []byte(`{ + "expireWarnDays": 10, + "maxAgeDays": 13 + }`), + ), org.PasswordAgePolicyChangedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("org"), + sequence: 15, + previousSequence: 10, + projection: PasswordAgeTable, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE zitadel.projections.password_age_policies SET (change_date, sequence, expire_warn_days, max_age_days) = ($1, $2, $3, $4) WHERE (id = $5)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + uint64(10), + uint64(13), + "agg-id", + }, + }, + }, + }, + }, + }, + { + name: "org.reduceRemoved", + reduce: (&PasswordAgeProjection{}).reduceRemoved, + args: args{ + event: getEvent(testEvent( + repository.EventType(org.PasswordAgePolicyRemovedEventType), + org.AggregateType, + nil, + ), org.PasswordAgePolicyRemovedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("org"), + sequence: 15, + previousSequence: 10, + projection: PasswordAgeTable, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM zitadel.projections.password_age_policies WHERE (id = $1)", + expectedArgs: []interface{}{ + "agg-id", + }, + }, + }, + }, + }, + }, + { + name: "iam.reduceAdded", + reduce: (&PasswordAgeProjection{}).reduceAdded, + args: args{ + event: getEvent(testEvent( + repository.EventType(iam.PasswordAgePolicyAddedEventType), + iam.AggregateType, + []byte(`{ + "expireWarnDays": 10, + "maxAgeDays": 13 + }`), + ), iam.PasswordAgePolicyAddedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("iam"), + sequence: 15, + previousSequence: 10, + projection: PasswordAgeTable, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "INSERT INTO zitadel.projections.password_age_policies (creation_date, change_date, sequence, id, state, expire_warn_days, max_age_days, is_default, resource_owner) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)", + expectedArgs: []interface{}{ + anyArg{}, + anyArg{}, + uint64(15), + "agg-id", + domain.PolicyStateActive, + uint64(10), + uint64(13), + true, + "ro-id", + }, + }, + }, + }, + }, + }, + { + name: "iam.reduceChanged", + reduce: (&PasswordAgeProjection{}).reduceChanged, + args: args{ + event: getEvent(testEvent( + repository.EventType(iam.PasswordAgePolicyChangedEventType), + iam.AggregateType, + []byte(`{ + "expireWarnDays": 10, + "maxAgeDays": 13 + }`), + ), iam.PasswordAgePolicyChangedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("iam"), + sequence: 15, + previousSequence: 10, + projection: PasswordAgeTable, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE zitadel.projections.password_age_policies SET (change_date, sequence, expire_warn_days, max_age_days) = ($1, $2, $3, $4) WHERE (id = $5)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + uint64(10), + uint64(13), + "agg-id", + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + event := baseEvent(t) + got, err := tt.reduce(event) + if _, ok := err.(errors.InvalidArgument); !ok { + t.Errorf("no wrong event mapping: %v, got: %v", err, got) + } + + event = tt.args.event(t) + got, err = tt.reduce(event) + assertReduce(t, got, err, tt.want) + }) + } +} diff --git a/internal/query/projection/password_complexity_policy.go b/internal/query/projection/password_complexity_policy.go index 2c9786450c..89448b6935 100644 --- a/internal/query/projection/password_complexity_policy.go +++ b/internal/query/projection/password_complexity_policy.go @@ -76,7 +76,7 @@ func (p *PasswordComplexityProjection) reduceAdded(event eventstore.EventReader) policyEvent = e.PasswordComplexityPolicyAddedEvent isDefault = true default: - logging.LogWithFields("PROJE-mP8AR", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventType}).Error("was not an event") + logging.LogWithFields("PROJE-mP8AR", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventType}).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "PROJE-KTHmJ", "reduce.wrong.event.type") } return crdb.NewCreateStatement( @@ -105,7 +105,7 @@ func (p *PasswordComplexityProjection) reduceChanged(event eventstore.EventReade case *iam.PasswordComplexityPolicyChangedEvent: policyEvent = e.PasswordComplexityPolicyChangedEvent default: - logging.LogWithFields("PROJE-L4UHn", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventType}).Error("was not an event") + logging.LogWithFields("PROJE-L4UHn", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventType}).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "PROJE-cf3Xb", "reduce.wrong.event.type") } cols := []handler.Column{ @@ -138,7 +138,7 @@ func (p *PasswordComplexityProjection) reduceChanged(event eventstore.EventReade func (p *PasswordComplexityProjection) reduceRemoved(event eventstore.EventReader) (*handler.Statement, error) { policyEvent, ok := event.(*org.PasswordComplexityPolicyRemovedEvent) if !ok { - logging.LogWithFields("PROJE-ibd0c", "seq", event.Sequence(), "expectedType", org.PasswordComplexityPolicyRemovedEventType).Error("was not an event") + logging.LogWithFields("PROJE-ibd0c", "seq", event.Sequence(), "expectedType", org.PasswordComplexityPolicyRemovedEventType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "PROJE-wttCd", "reduce.wrong.event.type") } return crdb.NewDeleteStatement( diff --git a/internal/query/projection/project.go b/internal/query/projection/project.go index b6a6997e7c..1b700f4fc5 100644 --- a/internal/query/projection/project.go +++ b/internal/query/projection/project.go @@ -76,7 +76,7 @@ const ( func (p *ProjectProjection) reduceProjectAdded(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.ProjectAddedEvent) if !ok { - logging.LogWithFields("HANDL-MFOsd", "seq", event.Sequence(), "expectedType", project.ProjectAddedType).Error("was not an event") + logging.LogWithFields("HANDL-MFOsd", "seq", event.Sequence(), "expectedType", project.ProjectAddedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-l000S", "reduce.wrong.event.type") } return crdb.NewCreateStatement( diff --git a/internal/query/projection/project_grant.go b/internal/query/projection/project_grant.go index ca66308c0e..9a8771e0cc 100644 --- a/internal/query/projection/project_grant.go +++ b/internal/query/projection/project_grant.go @@ -81,7 +81,7 @@ const ( func (p *ProjectGrantProjection) reduceProjectGrantAdded(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantAddedEvent) if !ok { - logging.LogWithFields("HANDL-Mi4g9", "seq", event.Sequence(), "expectedType", project.GrantAddedType).Error("was not an event") + logging.LogWithFields("HANDL-Mi4g9", "seq", event.Sequence(), "expectedType", project.GrantAddedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-g92Fg", "reduce.wrong.event.type") } return crdb.NewCreateStatement( @@ -104,7 +104,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantAdded(event eventstore.EventR func (p *ProjectGrantProjection) reduceProjectGrantChanged(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantChangedEvent) if !ok { - logging.LogWithFields("HANDL-M00fH", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("was not an event") + logging.LogWithFields("HANDL-M00fH", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-g0fg4", "reduce.wrong.event.type") } return crdb.NewUpdateStatement( @@ -124,7 +124,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantChanged(event eventstore.Even func (p *ProjectGrantProjection) reduceProjectGrantCascadeChanged(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantCascadeChangedEvent) if !ok { - logging.LogWithFields("HANDL-K0fwR", "seq", event.Sequence(), "expectedType", project.GrantCascadeChangedType).Error("was not an event") + logging.LogWithFields("HANDL-K0fwR", "seq", event.Sequence(), "expectedType", project.GrantCascadeChangedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-ll9Ts", "reduce.wrong.event.type") } return crdb.NewUpdateStatement( @@ -144,7 +144,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantCascadeChanged(event eventsto func (p *ProjectGrantProjection) reduceProjectGrantDeactivated(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantDeactivateEvent) if !ok { - logging.LogWithFields("HANDL-Ple9f", "seq", event.Sequence(), "expectedType", project.GrantDeactivatedType).Error("was not an event") + logging.LogWithFields("HANDL-Ple9f", "seq", event.Sequence(), "expectedType", project.GrantDeactivatedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-0fj2f", "reduce.wrong.event.type") } return crdb.NewUpdateStatement( @@ -164,7 +164,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantDeactivated(event eventstore. func (p *ProjectGrantProjection) reduceProjectGrantReactivated(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantReactivatedEvent) if !ok { - logging.LogWithFields("HANDL-Ip0hr", "seq", event.Sequence(), "expectedType", project.GrantReactivatedType).Error("was not an event") + logging.LogWithFields("HANDL-Ip0hr", "seq", event.Sequence(), "expectedType", project.GrantReactivatedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-2M0ve", "reduce.wrong.event.type") } return crdb.NewUpdateStatement( @@ -184,7 +184,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantReactivated(event eventstore. func (p *ProjectGrantProjection) reduceProjectGrantRemoved(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.GrantRemovedEvent) if !ok { - logging.LogWithFields("HANDL-M0pfs", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("was not an event") + logging.LogWithFields("HANDL-M0pfs", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-o0w4f", "reduce.wrong.event.type") } return crdb.NewDeleteStatement( @@ -199,7 +199,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantRemoved(event eventstore.Even func (p *ProjectGrantProjection) reduceProjectRemoved(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - logging.LogWithFields("HANDL-Ms0fe", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("was not an event") + logging.LogWithFields("HANDL-Ms0fe", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-gn9rw", "reduce.wrong.event.type") } return crdb.NewDeleteStatement( diff --git a/internal/query/projection/project_role.go b/internal/query/projection/project_role.go index 17283c2ec7..644be5b724 100644 --- a/internal/query/projection/project_role.go +++ b/internal/query/projection/project_role.go @@ -66,7 +66,7 @@ const ( func (p *ProjectRoleProjection) reduceProjectRoleAdded(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.RoleAddedEvent) if !ok { - logging.LogWithFields("HANDL-Fmre5", "seq", event.Sequence(), "expectedType", project.RoleAddedType).Error("was not an event") + logging.LogWithFields("HANDL-Fmre5", "seq", event.Sequence(), "expectedType", project.RoleAddedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-g92Fg", "reduce.wrong.event.type") } return crdb.NewCreateStatement( @@ -88,7 +88,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleAdded(event eventstore.EventRea func (p *ProjectRoleProjection) reduceProjectRoleChanged(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.RoleChangedEvent) if !ok { - logging.LogWithFields("HANDL-M0fwg", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("was not an event") + logging.LogWithFields("HANDL-M0fwg", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-sM0f", "reduce.wrong.event.type") } if e.DisplayName == nil && e.Group == nil { @@ -116,7 +116,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleChanged(event eventstore.EventR func (p *ProjectRoleProjection) reduceProjectRoleRemoved(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.RoleRemovedEvent) if !ok { - logging.LogWithFields("HANDL-MlokF", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("was not an event") + logging.LogWithFields("HANDL-MlokF", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-L0fJf", "reduce.wrong.event.type") } return crdb.NewDeleteStatement( @@ -131,7 +131,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleRemoved(event eventstore.EventR func (p *ProjectRoleProjection) reduceProjectRemoved(event eventstore.EventReader) (*handler.Statement, error) { e, ok := event.(*project.ProjectRemovedEvent) if !ok { - logging.LogWithFields("HANDL-hm90R", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("was not an event") + logging.LogWithFields("HANDL-hm90R", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("wrong event type") return nil, errors.ThrowInvalidArgument(nil, "HANDL-l0geG", "reduce.wrong.event.type") } return crdb.NewDeleteStatement( diff --git a/internal/query/projection/projection.go b/internal/query/projection/projection.go index 63c3f4386b..a03c62af49 100644 --- a/internal/query/projection/projection.go +++ b/internal/query/projection/projection.go @@ -38,6 +38,7 @@ func Start(ctx context.Context, sqlClient *sql.DB, es *eventstore.Eventstore, co NewFlowProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["flows"])) NewProjectProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["projects"])) NewPasswordComplexityProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["password_complexities"])) + NewPasswordAgeProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["password_age_policy"])) NewProjectGrantProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["project_grants"])) NewProjectRoleProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["project_roles"])) // owner.NewOrgOwnerProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["org_owners"])) diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index c6d7bd0f58..30b4b69bda 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -169,7 +169,7 @@ Errors: AlreadyExists: Default Message Text already exists Invalid: Default Message Text is invalid PasswordComplexity: - NotFound: Password Complexity Policy not found + NotFound: Password Complexity Policy not found Empty: Password Complexity Policy is empty NotExisting: Password Complexity Policy doesn't exist AlreadyExists: Password Complexity Policy already exists diff --git a/migrations/cockroach/V1.81__password_age_policy.sql b/migrations/cockroach/V1.81__password_age_policy.sql new file mode 100644 index 0000000000..54f78c29d6 --- /dev/null +++ b/migrations/cockroach/V1.81__password_age_policy.sql @@ -0,0 +1,14 @@ +CREATE TABLE zitadel.projections.password_age_policies ( + id STRING NOT NULL, + creation_date TIMESTAMPTZ NULL, + change_date TIMESTAMPTZ NULL, + sequence INT8 NULL, + state INT2 NULL, + resource_owner TEXT, + + is_default BOOLEAN, + max_age_days INT8 NULL, + expire_warn_days INT8 NULL, + + PRIMARY KEY (id) +); \ No newline at end of file