IntenseFinance/zitadel
3
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-25 18:55:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: password age policy (#8132)

Browse Source 
# Which Problems Are Solved

Some organizations / customers have the requirement, that there users
regularly need to change their password.
ZITADEL already had the possibility to manage a `password age policy` (
thought the API) with the maximum amount of days a password should be
valid, resp. days after with the user should be warned of the upcoming
expiration.
The policy could not be managed though the Console UI and was not
checked in the Login UI.

# How the Problems Are Solved

- The policy can be managed in the Console UI's settings sections on an
instance and organization level.
- During an authentication in the Login UI, if a policy is set with an
expiry (>0) and the user's last password change exceeds the amount of
days set, the user will be prompted to change their password.
- The prompt message of the Login UI can be customized in the Custom
Login Texts though the Console and API on the instance and each
organization.
- The information when the user last changed their password is returned
in the Auth, Management and User V2 API.
- The policy can be retrieved in the settings service as `password
expiry settings`.

# Additional Changes

None.

# Additional Context

- closes #8081

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This commit is contained in:
Livio Spring
2024-06-18 13:27:44 +02:00
committed by GitHub
parent 65f787cc02
commit fb8cd18f93
93 changed files with 1250 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/api/grpc/settings/v2/settings.go
View File

@@ -35,7 +35,22 @@ func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *setting
return nil, err
}
return &settings.GetPasswordComplexitySettingsResponse{
Settings: passwordSettingsToPb(current),
Settings: passwordComplexitySettingsToPb(current),
Details: &object_pb.Details{
Sequence: current.Sequence,
ChangeDate: timestamppb.New(current.ChangeDate),
ResourceOwner: current.ResourceOwner,
},
}, nil
}
func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
if err != nil {
return nil, err
}
return &settings.GetPasswordExpirySettingsResponse{
Settings: passwordExpirySettingsToPb(current),
Details: &object_pb.Details{
Sequence: current.Sequence,
ChangeDate: timestamppb.New(current.ChangeDate),

10
internal/api/grpc/settings/v2/settings_converter.go
View File

@@ -91,7 +91,7 @@ func multiFactorTypeToPb(typ domain.MultiFactorType) settings.MultiFactorType {
}
}
func passwordSettingsToPb(current *query.PasswordComplexityPolicy) *settings.PasswordComplexitySettings {
func passwordComplexitySettingsToPb(current *query.PasswordComplexityPolicy) *settings.PasswordComplexitySettings {
return &settings.PasswordComplexitySettings{
MinLength: current.MinLength,
RequiresUppercase: current.HasUppercase,
@@ -102,6 +102,14 @@ func passwordSettingsToPb(current *query.PasswordComplexityPolicy) *settings.Pas
}
}
func passwordExpirySettingsToPb(current *query.PasswordAgePolicy) *settings.PasswordExpirySettings {
return &settings.PasswordExpirySettings{
MaxAgeDays: current.MaxAgeDays,
ExpireWarnDays: current.ExpireWarnDays,
ResourceOwnerType: isDefaultToResourceOwnerTypePb(current.IsDefault),
}
}
func brandingSettingsToPb(current *query.LabelPolicy, assetPrefix string) *settings.BrandingSettings {
return &settings.BrandingSettings{
LightTheme: themeToPb(current.Light, assetPrefix, current.ResourceOwner),

25
internal/api/grpc/settings/v2/settings_converter_test.go
View File

@@ -213,7 +213,7 @@ func Test_multiFactorTypeToPb(t *testing.T) {
}
}
func Test_passwordSettingsToPb(t *testing.T) {
func Test_passwordComplexitySettingsToPb(t *testing.T) {
arg := &query.PasswordComplexityPolicy{
MinLength: 12,
HasUppercase: true,
@@ -231,10 +231,29 @@ func Test_passwordSettingsToPb(t *testing.T) {
ResourceOwnerType: settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE,
}
got := passwordSettingsToPb(arg)
got := passwordComplexitySettingsToPb(arg)
grpc.AllFieldsSet(t, got.ProtoReflect(), ignoreTypes...)
if !proto.Equal(got, want) {
t.Errorf("passwordSettingsToPb() =\n%v\nwant\n%v", got, want)
t.Errorf("passwordComplexitySettingsToPb() =\n%v\nwant\n%v", got, want)
}
}
func Test_passwordExpirySettingsToPb(t *testing.T) {
arg := &query.PasswordAgePolicy{
ExpireWarnDays: 80,
MaxAgeDays: 90,
IsDefault: true,
}
want := &settings.PasswordExpirySettings{
ExpireWarnDays: 80,
MaxAgeDays: 90,
ResourceOwnerType: settings.ResourceOwnerType_RESOURCE_OWNER_TYPE_INSTANCE,
}
got := passwordExpirySettingsToPb(arg)
grpc.AllFieldsSet(t, got.ProtoReflect(), ignoreTypes...)
if !proto.Equal(got, want) {
t.Errorf("passwordExpirySettingsToPb() =\n%v\nwant\n%v", got, want)
}
}

2
internal/api/grpc/text/custom_text.go
View File

@@ -316,6 +316,7 @@ func PasswordChangeScreenTextToPb(text domain.PasswordChangeScreenText) *text_pb
return &text_pb.PasswordChangeScreenText{
Title: text.Title,
Description: text.Description,
ExpiredDescription: text.ExpiredDescription,
OldPasswordLabel: text.OldPasswordLabel,
NewPasswordLabel: text.NewPasswordLabel,
NewPasswordConfirmLabel: text.NewPasswordConfirmLabel,
@@ -784,6 +785,7 @@ func PasswordChangeScreenTextPbToDomain(text *text_pb.PasswordChangeScreenText)
return domain.PasswordChangeScreenText{
Title: text.Title,
Description: text.Description,
ExpiredDescription: text.ExpiredDescription,
OldPasswordLabel: text.OldPasswordLabel,
NewPasswordLabel: text.NewPasswordLabel,
NewPasswordConfirmLabel: text.NewPasswordConfirmLabel,

7
internal/api/grpc/user/converter.go
View File

@@ -1,6 +1,8 @@
package user
import (
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/api/grpc/object"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -48,6 +50,10 @@ func UserTypeToPb(user *query.User, assetPrefix string) user_pb.UserType {
}
func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
var passwordChanged *timestamppb.Timestamp
if !view.PasswordChanged.IsZero() {
passwordChanged = timestamppb.New(view.PasswordChanged)
}
return &user_pb.Human{
Profile: &user_pb.Profile{
FirstName: view.FirstName,
@@ -66,6 +72,7 @@ func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
Phone: string(view.Phone),
IsPhoneVerified: view.IsPhoneVerified,
},
PasswordChanged: passwordChanged,
}
}

6
internal/api/grpc/user/v2/query.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"github.com/muhlemmer/gu"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
@@ -83,6 +84,10 @@ func userTypeToPb(userQ *query.User, assetPrefix string) user.UserType {
}
func humanToPb(userQ *query.Human, assetPrefix, owner string) *user.HumanUser {
var passwordChanged *timestamppb.Timestamp
if !userQ.PasswordChanged.IsZero() {
passwordChanged = timestamppb.New(userQ.PasswordChanged)
}
return &user.HumanUser{
Profile: &user.HumanProfile{
GivenName: userQ.FirstName,
@@ -102,6 +107,7 @@ func humanToPb(userQ *query.Human, assetPrefix, owner string) *user.HumanUser {
IsVerified: userQ.IsPhoneVerified,
},
PasswordChangeRequired: userQ.PasswordChangeRequired,
PasswordChanged: passwordChanged,
}
}

47
internal/api/grpc/user/v2/query_integration_test.go
View File

@@ -23,7 +23,7 @@ func TestServer_GetUserByID(t *testing.T) {
type args struct {
ctx context.Context
req *user.GetUserByIDRequest
dep func(ctx context.Context, username string, request *user.GetUserByIDRequest) error
dep func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error)
}
tests := []struct {
name string
@@ -38,8 +38,8 @@ func TestServer_GetUserByID(t *testing.T) {
&user.GetUserByIDRequest{
UserId: "",
},
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
return nil
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
return nil, nil
},
},
wantErr: true,
@@ -51,8 +51,8 @@ func TestServer_GetUserByID(t *testing.T) {
&user.GetUserByIDRequest{
UserId: "unknown",
},
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
return nil
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
return nil, nil
},
},
wantErr: true,
@@ -62,10 +62,10 @@ func TestServer_GetUserByID(t *testing.T) {
args: args{
IamCTX,
&user.GetUserByIDRequest{},
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
request.UserId = resp.GetUserId()
return nil
return nil, nil
},
},
want: &user.GetUserByIDResponse{
@@ -106,11 +106,11 @@ func TestServer_GetUserByID(t *testing.T) {
args: args{
IamCTX,
&user.GetUserByIDRequest{},
func(ctx context.Context, username string, request *user.GetUserByIDRequest) error {
func(ctx context.Context, username string, request *user.GetUserByIDRequest) (*timestamppb.Timestamp, error) {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
request.UserId = resp.GetUserId()
Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
return nil
changed := Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
return changed, nil
},
},
want: &user.GetUserByIDResponse{
@@ -138,6 +138,7 @@ func TestServer_GetUserByID(t *testing.T) {
IsVerified: true,
},
PasswordChangeRequired: true,
PasswordChanged: timestamppb.Now(),
},
},
},
@@ -151,7 +152,7 @@ func TestServer_GetUserByID(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
username := fmt.Sprintf("%d@mouse.com", time.Now().UnixNano())
err := tt.args.dep(tt.args.ctx, username, tt.args.req)
changed, err := tt.args.dep(tt.args.ctx, username, tt.args.req)
require.NoError(t, err)
retryDuration := time.Minute
if ctxDeadline, ok := CTX.Deadline(); ok {
@@ -173,6 +174,9 @@ func TestServer_GetUserByID(t *testing.T) {
tt.want.User.LoginNames = []string{username}
if human := tt.want.User.GetHuman(); human != nil {
human.Email.Email = username
if tt.want.User.GetHuman().GetPasswordChanged() != nil {
human.PasswordChanged = changed
}
}
assert.Equal(ttt, tt.want.User, got.User)
integration.AssertDetails(t, tt.want, got)
@@ -316,6 +320,7 @@ func TestServer_GetUserByID_Permission(t *testing.T) {
type userAttr struct {
UserID string
Username string
Changed *timestamppb.Timestamp
}
func TestServer_ListUsers(t *testing.T) {
@@ -369,7 +374,7 @@ func TestServer_ListUsers(t *testing.T) {
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
userIDs[i] = resp.GetUserId()
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
}
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
return infos, nil
@@ -423,8 +428,8 @@ func TestServer_ListUsers(t *testing.T) {
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
userIDs[i] = resp.GetUserId()
Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
infos[i] = userAttr{resp.GetUserId(), username}
changed := Tester.SetUserPassword(ctx, resp.GetUserId(), integration.UserPassword, true)
infos[i] = userAttr{resp.GetUserId(), username, changed}
}
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
return infos, nil
@@ -457,6 +462,7 @@ func TestServer_ListUsers(t *testing.T) {
IsVerified: true,
},
PasswordChangeRequired: true,
PasswordChanged: timestamppb.Now(),
},
},
},
@@ -479,7 +485,7 @@ func TestServer_ListUsers(t *testing.T) {
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
userIDs[i] = resp.GetUserId()
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
}
request.Queries = append(request.Queries, InUserIDsQuery(userIDs))
return infos, nil
@@ -575,7 +581,7 @@ func TestServer_ListUsers(t *testing.T) {
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
userIDs[i] = resp.GetUserId()
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
request.Queries = append(request.Queries, UsernameQuery(username))
}
return infos, nil
@@ -627,7 +633,7 @@ func TestServer_ListUsers(t *testing.T) {
infos := make([]userAttr, len(usernames))
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
}
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
return infos, nil
@@ -679,7 +685,7 @@ func TestServer_ListUsers(t *testing.T) {
infos := make([]userAttr, len(usernames))
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
}
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
return infos, nil
@@ -794,7 +800,7 @@ func TestServer_ListUsers(t *testing.T) {
infos := make([]userAttr, len(usernames))
for i, username := range usernames {
resp := Tester.CreateHumanUserVerified(ctx, orgResp.OrganizationId, username)
infos[i] = userAttr{resp.GetUserId(), username}
infos[i] = userAttr{resp.GetUserId(), username, nil}
}
request.Queries = append(request.Queries, OrganizationIdQuery(orgResp.OrganizationId))
request.Queries = append(request.Queries, InUserEmailsQuery(usernames))
@@ -910,6 +916,9 @@ func TestServer_ListUsers(t *testing.T) {
tt.want.Result[i].LoginNames = []string{infos[i].Username}
if human := tt.want.Result[i].GetHuman(); human != nil {
human.Email.Email = infos[i].Username
if tt.want.Result[i].GetHuman().GetPasswordChanged() != nil {
human.PasswordChanged = infos[i].Changed
}
}
}
for i := range tt.want.Result {

10
internal/api/ui/login/change_password_handler.go
View File

@@ -40,9 +40,19 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
errType, errMessage = l.getErrorMessage(r, err)
}
translator := l.getTranslator(r.Context(), authReq)
if authReq == nil || len(authReq.PossibleSteps) < 1 {
l.renderError(w, r, authReq, err)
return
}
step, ok := authReq.PossibleSteps[0].(*domain.ChangePasswordStep)
if !ok {
l.renderError(w, r, authReq, err)
return
}
data := passwordData{
baseData: l.getBaseData(r, authReq, translator, "PasswordChange.Title", "PasswordChange.Description", errType, errMessage),
profileData: l.getProfileData(authReq),
Expired: step.Expired,
}
policy := l.getPasswordComplexityPolicy(r, authReq.UserOrgID)
if policy != nil {

1
internal/api/ui/login/renderer.go
View File

@@ -683,6 +683,7 @@ type passwordData struct {
HasLowercase string
HasNumber string
HasSymbol string
Expired bool
}
type userSelectionData struct {

1
internal/api/ui/login/static/i18n/bg.yaml
View File

@@ -193,6 +193,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Промяна на паролата
Description: 'Променете паролата си. '
ExpiredDescription: Паролата ви е изтекла и трябва да бъде променена. Въведете старата и новата си парола.
OldPasswordLabel: Стара парола
NewPasswordLabel: нова парола
NewPasswordConfirmLabel: Потвърждение на парола

1
internal/api/ui/login/static/i18n/cs.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Změna hesla
Description: Změňte si heslo. Zadejte své staré a nové heslo.
ExpiredDescription: Heslo vypršelo a musí být změněno. Zadejte své staré a nové heslo.
OldPasswordLabel: Staré heslo
NewPasswordLabel: Nové heslo
NewPasswordConfirmLabel: Potvrzení hesla

1
internal/api/ui/login/static/i18n/de.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Passwort ändern
Description: Ändere dein Passwort indem du dein altes und dann dein neues Passwort eingibst.
ExpiredDescription: Dein Passwort ist abgelaufen und muss geändert werden. Gib dein altes und neues Passwort ein.
OldPasswordLabel: Altes Passwort
NewPasswordLabel: Neues Passwort
NewPasswordConfirmLabel: Passwort wiederholen

1
internal/api/ui/login/static/i18n/en.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Change Password
Description: Change your password. Enter your old and new password.
ExpiredDescription: You password has expired and has to be changed. Enter your old and new password.
OldPasswordLabel: Old Password
NewPasswordLabel: New Password
NewPasswordConfirmLabel: Password confirmation

1
internal/api/ui/login/static/i18n/es.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Cambiar contraseña
Description: Cambia tu contraseña. Introduce tu contraseña anterior y la nueva.
ExpiredDescription: Tu contraseña ha caducado y tiene que cambiarla. Introduzca tu contraseña anterior y la nueva.
OldPasswordLabel: Contraseña anterior
NewPasswordLabel: Nueva contraseña
NewPasswordConfirmLabel: Confirmación de contraseña

1
internal/api/ui/login/static/i18n/fr.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Changer le mot de passe
Description: Changez votre mot de passe. Entrez votre ancien et votre nouveau mot de passe.
ExpiredDescription: Votre mot de passe a expiré et doit être modifié. Entrez votre ancien et votre nouveau mot de passe.
OldPasswordLabel: Ancien mot de passe
NewPasswordLabel: Nouveau mot de passe
NewPasswordConfirmLabel: Confirmation du mot de passe

1
internal/api/ui/login/static/i18n/it.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Reimposta password
Description: Cambia la tua password. Inserisci la tua vecchia e la nuova password.
ExpiredDescription: La password è scaduta e deve essere modificata. Inserisci la tua vecchia e la nuova password.
OldPasswordLabel: Vecchia password
NewPasswordLabel: Nuova password
NewPasswordConfirmLabel: Conferma della password

1
internal/api/ui/login/static/i18n/ja.yaml
View File

@@ -183,6 +183,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: パスワードの変更
Description: 旧パスワードと新パスワードを入力し、パスワードを変更してください。
ExpiredDescription: パスワードの有効期限が切れたため、変更する必要があります。古いパスワードと新しいパスワードを入力してください。
OldPasswordLabel: 旧パスワード
NewPasswordLabel: 新パスワード
NewPasswordConfirmLabel: 新パスワードの確認

1
internal/api/ui/login/static/i18n/mk.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Промена на лозинка
Description: Променете ја вашата лозинка. Внесете ја старата и новата лозинка.
ExpiredDescription: Вашата лозинка е истечена и мора да се смени. Внесете ја старата и новата лозинка.
OldPasswordLabel: Стара лозинка
NewPasswordLabel: Нова лозинка
NewPasswordConfirmLabel: Потврда на лозинка

1
internal/api/ui/login/static/i18n/nl.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Verander Wachtwoord
Description: Verander uw wachtwoord. Voer uw oude en nieuwe wachtwoord in.
ExpiredDescription: Je wachtwoord is verlopen en moet worden gewijzigd. Voer uw oude en nieuwe wachtwoord in.
OldPasswordLabel: Oud Wachtwoord
NewPasswordLabel: Nieuw Wachtwoord
NewPasswordConfirmLabel: Bevestig Wachtwoord

1
internal/api/ui/login/static/i18n/pl.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Zmiana hasła
Description: Zmień swoje hasło. Wprowadź swoje stare i nowe hasło.
ExpiredDescription: Twoje hasło wygasło i musi zostać zmienione. Wprowadź swoje stare i nowe hasło.
OldPasswordLabel: Stare hasło
NewPasswordLabel: Nowe hasło
NewPasswordConfirmLabel: Potwierdzenie hasła

1
internal/api/ui/login/static/i18n/pt.yaml
View File

@@ -186,6 +186,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Alterar senha
Description: Altere sua senha. Insira sua senha antiga e nova.
ExpiredDescription: A sua palavra-passe expirou e tem de ser alterada. Insira sua senha antiga e nova.
OldPasswordLabel: Senha antiga
NewPasswordLabel: Nova senha
NewPasswordConfirmLabel: Confirmação de senha

1
internal/api/ui/login/static/i18n/ru.yaml
View File

@@ -189,6 +189,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Изменение пароля
Description: Измените ваш пароль. Введите старый и новый пароли.
ExpiredDescription: Срок действия вашего пароля истек, и его необходимо изменить. Введите старый и новый пароль.
OldPasswordLabel: Старый пароль
NewPasswordLabel: Новый пароль
NewPasswordConfirmLabel: Подтверждение пароля

3
internal/api/ui/login/static/i18n/sv.yaml
View File

@@ -28,7 +28,7 @@ SelectAccount:
SessionState1: Utloggad
MustBeMemberOfOrg: Användaren måste finnas i organisationen {{.OrgName}}.
Lösenord:
Password:
Title: Lösenord
Description: Ange dina användaruppgifter.
PasswordLabel: Lösenord
@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: Ändra lösenord
Description: Ändra diit lösenord. Ange både ditt gamla och det nya lösenordet.
ExpiredDescription: Ditt lösenord har gått ut och måste bytas ut. Ange ditt gamla och nya lösenord.
OldPasswordLabel: Gammalt lösenord
NewPasswordLabel: Nytt lösenord
NewPasswordConfirmLabel: Nytt lösenord igen

1
internal/api/ui/login/static/i18n/zh.yaml
View File

@@ -190,6 +190,7 @@ PasswordlessRegistrationDone:
PasswordChange:
Title: 更改密码
Description: 更改您的密码。输入您的旧密码和新密码。
ExpiredDescription: 您的密码已过期,需要更改。请输入您的新旧密码。
OldPasswordLabel: 旧密码
NewPasswordLabel: 新密码
NewPasswordConfirmLabel: 确认密码

4
internal/api/ui/login/static/templates/change_password.html
View File

@@ -4,7 +4,11 @@
<h1>{{t "PasswordChange.Title"}}</h1>
{{ template "user-profile" . }}
{{if .Expired}}
<p>{{t "PasswordChange.ExpiredDescription"}}</p>
{{else}}
<p>{{t "PasswordChange.Description"}}</p>
{{end}}
</div>
<form action="{{ changePasswordUrl }}" method="POST">

49
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -44,6 +44,7 @@ type AuthRequestRepo struct {
OrgViewProvider orgViewProvider
LoginPolicyViewProvider loginPolicyViewProvider
LockoutPolicyViewProvider lockoutPolicyViewProvider
PasswordAgePolicyProvider passwordAgePolicyProvider
PrivacyPolicyProvider privacyPolicyProvider
IDPProviderViewProvider idpProviderViewProvider
IDPUserLinksProvider idpUserLinksProvider
@@ -81,6 +82,10 @@ type lockoutPolicyViewProvider interface {
LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error)
}
type passwordAgePolicyProvider interface {
PasswordAgePolicyByOrg(context.Context, bool, string, bool) (*query.PasswordAgePolicy, error)
}
type idpProviderViewProvider interface {
IDPLoginPolicyLinks(context.Context, string, *query.IDPLoginPolicyLinksSearchQuery, bool) (*query.IDPLoginPolicyLinks, error)
}
@@ -685,6 +690,13 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
}
request.LabelPolicy = labelPolicy
}
if request.PasswordAgePolicy == nil || request.PolicyOrgID() != orgID {
passwordPolicy, err := repo.getPasswordAgePolicy(ctx, orgID)
if err != nil {
return err
}
request.PasswordAgePolicy = passwordPolicy
}
if len(request.DefaultTranslations) == 0 {
defaultLoginTranslations, err := repo.getLoginTexts(ctx, instance.InstanceID())
if err != nil {
@@ -1048,8 +1060,9 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
return append(steps, step), nil
}
if user.PasswordChangeRequired {
steps = append(steps, &domain.ChangePasswordStep{})
expired := passwordAgeChangeRequired(request.PasswordAgePolicy, user.PasswordChanged)
if expired || user.PasswordChangeRequired {
steps = append(steps, &domain.ChangePasswordStep{Expired: expired})
}
if !user.IsEmailVerified {
steps = append(steps, &domain.VerifyEMailStep{})
@@ -1058,7 +1071,7 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
steps = append(steps, &domain.ChangeUsernameStep{})
}
if user.PasswordChangeRequired || !user.IsEmailVerified || user.UsernameChangeRequired {
if expired || user.PasswordChangeRequired || !user.IsEmailVerified || user.UsernameChangeRequired {
return steps, nil
}
@@ -1093,6 +1106,14 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
return append(steps, &domain.RedirectToCallbackStep{}), nil
}
func passwordAgeChangeRequired(policy *domain.PasswordAgePolicy, changed time.Time) bool {
if policy == nil || policy.MaxAgeDays == 0 {
return false
}
maxDays := time.Duration(policy.MaxAgeDays) * 24 * time.Hour
return time.Now().Add(-maxDays).After(changed)
}
func (repo *AuthRequestRepo) nextStepsUser(ctx context.Context, request *domain.AuthRequest) (_ []domain.NextStep, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
@@ -1371,6 +1392,28 @@ func labelPolicyToDomain(p *query.LabelPolicy) *domain.LabelPolicy {
}
}
func (repo *AuthRequestRepo) getPasswordAgePolicy(ctx context.Context, orgID string) (*domain.PasswordAgePolicy, error) {
policy, err := repo.PasswordAgePolicyProvider.PasswordAgePolicyByOrg(ctx, false, orgID, false)
if err != nil {
return nil, err
}
return passwordAgePolicyToDomain(policy), nil
}
func passwordAgePolicyToDomain(policy *query.PasswordAgePolicy) *domain.PasswordAgePolicy {
return &domain.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{
AggregateID: policy.ID,
Sequence: policy.Sequence,
ResourceOwner: policy.ResourceOwner,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
},
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID string) ([]*domain.CustomText, error) {
loginTexts, err := repo.CustomTextProvider.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText, false)
if err != nil {

86
internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
View File

@@ -140,6 +140,7 @@ type mockViewUser struct {
InitRequired bool
PasswordInitRequired bool
PasswordSet bool
PasswordChanged time.Time
PasswordChangeRequired bool
IsEmailVerified bool
OTPState int32
@@ -189,6 +190,14 @@ func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string) (*
return m.policy, nil
}
type mockPasswordAgePolicy struct {
policy *query.PasswordAgePolicy
}
func (m *mockPasswordAgePolicy) PasswordAgePolicyByOrg(context.Context, bool, string, bool) (*query.PasswordAgePolicy, error) {
return m.policy, nil
}
func (m *mockViewUser) UserByID(string, string) (*user_view_model.UserView, error) {
return &user_view_model.UserView{
State: int32(user_model.UserStateActive),
@@ -291,21 +300,22 @@ func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPU
func TestAuthRequestRepo_nextSteps(t *testing.T) {
type fields struct {
AuthRequests cache.AuthRequestCache
View *view.View
userSessionViewProvider userSessionViewProvider
userViewProvider userViewProvider
userEventProvider userEventProvider
orgViewProvider orgViewProvider
userGrantProvider userGrantProvider
projectProvider projectProvider
applicationProvider applicationProvider
loginPolicyProvider loginPolicyViewProvider
lockoutPolicyProvider lockoutPolicyViewProvider
idpUserLinksProvider idpUserLinksProvider
privacyPolicyProvider privacyPolicyProvider
labelPolicyProvider labelPolicyProvider
customTextProvider customTextProvider
AuthRequests cache.AuthRequestCache
View *view.View
userSessionViewProvider userSessionViewProvider
userViewProvider userViewProvider
userEventProvider userEventProvider
orgViewProvider orgViewProvider
userGrantProvider userGrantProvider
projectProvider projectProvider
applicationProvider applicationProvider
loginPolicyProvider loginPolicyViewProvider
lockoutPolicyProvider lockoutPolicyViewProvider
idpUserLinksProvider idpUserLinksProvider
privacyPolicyProvider privacyPolicyProvider
labelPolicyProvider labelPolicyProvider
passwordAgePolicyProvider passwordAgePolicyProvider
customTextProvider customTextProvider
}
type args struct {
request *domain.AuthRequest
@@ -529,6 +539,9 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
labelPolicyProvider: &mockLabelPolicy{
policy: &query.LabelPolicy{},
},
passwordAgePolicyProvider: &mockPasswordAgePolicy{
policy: &query.PasswordAgePolicy{},
},
customTextProvider: &mockCustomText{
texts: &query.CustomTexts{},
},
@@ -1304,6 +1317,48 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
[]domain.NextStep{&domain.ChangePasswordStep{}, &domain.VerifyEMailStep{}},
nil,
},
{
"password change expired, password change step",
fields{
userSessionViewProvider: &mockViewUserSession{
PasswordVerification: testNow.Add(-5 * time.Minute),
SecondFactorVerification: testNow.Add(-5 * time.Minute),
},
userViewProvider: &mockViewUser{
PasswordSet: true,
PasswordChangeRequired: false,
PasswordChanged: testNow.Add(-50 * 24 * time.Hour),
IsEmailVerified: true,
MFAMaxSetUp: int32(domain.MFALevelSecondFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: domain.OrgStateActive},
lockoutPolicyProvider: &mockLockoutPolicy{
policy: &query.LockoutPolicy{
ShowFailures: true,
},
},
passwordAgePolicyProvider: &mockPasswordAgePolicy{
policy: &query.PasswordAgePolicy{
MaxAgeDays: 30,
},
},
idpUserLinksProvider: &mockIDPUserLinks{},
},
args{&domain.AuthRequest{
UserID: "UserID",
LoginPolicy: &domain.LoginPolicy{
SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP},
PasswordCheckLifetime: 10 * 24 * time.Hour,
SecondFactorCheckLifetime: 18 * time.Hour,
},
PasswordAgePolicy: &domain.PasswordAgePolicy{
MaxAgeDays: 30,
},
}, false},
[]domain.NextStep{&domain.ChangePasswordStep{Expired: true}},
nil,
},
{
"email verified and no password change required, redirect to callback step",
fields{
@@ -1662,6 +1717,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
IDPUserLinksProvider: tt.fields.idpUserLinksProvider,
PrivacyPolicyProvider: tt.fields.privacyPolicyProvider,
LabelPolicyProvider: tt.fields.labelPolicyProvider,
PasswordAgePolicyProvider: tt.fields.passwordAgePolicyProvider,
CustomTextProvider: tt.fields.customTextProvider,
}
got, err := repo.nextSteps(context.Background(), tt.args.request, tt.args.checkLoggedIn)

1
internal/auth/repository/eventsourcing/repository.go
View File

@@ -73,6 +73,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, c
IDPUserLinksProvider: queries,
LockoutPolicyViewProvider: queries,
LoginPolicyViewProvider: queries,
PasswordAgePolicyProvider: queries,
UserGrantProvider: queryView,
ProjectProvider: queryView,
ApplicationProvider: queries,

4
internal/command/custom_login_text.go
View File

@@ -687,6 +687,10 @@ func (c *Commands) createPasswordChangeEvents(ctx context.Context, agg *eventsto
if event != nil {
events = append(events, event)
}
event = c.createCustomLoginTextEvent(ctx, agg, domain.LoginKeyPasswordChangeExpiredDescription, existingText.PasswordChangeExpiredDescription, text.PasswordChange.ExpiredDescription, text.Language, defaultText)
if event != nil {
events = append(events, event)
}
event = c.createCustomLoginTextEvent(ctx, agg, domain.LoginKeyPasswordChangeOldPasswordLabel, existingText.PasswordChangeOldPasswordLabel, text.PasswordChange.OldPasswordLabel, text.Language, defaultText)
if event != nil {
events = append(events, event)

9
internal/command/custom_login_text_model.go
View File

@@ -186,6 +186,7 @@ type CustomLoginTextReadModel struct {
PasswordChangeTitle string
PasswordChangeDescription string
PasswordChangeExpiredDescription string
PasswordChangeOldPasswordLabel string
PasswordChangeNewPasswordLabel string
PasswordChangeNewPasswordConfirmLabel string
@@ -1767,6 +1768,10 @@ func (wm *CustomLoginTextReadModel) handlePasswordChangeScreenSetEvent(e *policy
wm.PasswordChangeDescription = e.Text
return
}
if e.Key == domain.LoginKeyPasswordChangeExpiredDescription {
wm.PasswordChangeExpiredDescription = e.Text
return
}
if e.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
wm.PasswordChangeOldPasswordLabel = e.Text
return
@@ -1798,6 +1803,10 @@ func (wm *CustomLoginTextReadModel) handlePasswordChangeScreenRemoveEvent(e *pol
wm.PasswordChangeDescription = ""
return
}
if e.Key == domain.LoginKeyPasswordChangeExpiredDescription {
wm.PasswordChangeExpiredDescription = ""
return
}
if e.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
wm.PasswordChangeOldPasswordLabel = ""
return

29
internal/command/instance_custom_login_text_test.go
View File

@@ -480,6 +480,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
),
@@ -942,6 +945,7 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
PasswordChange: domain.PasswordChangeScreenText{
Title: "Title",
Description: "Description",
ExpiredDescription: "ExpiredDescription",
OldPasswordLabel: "OldPasswordLabel",
NewPasswordLabel: "NewPasswordLabel",
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
@@ -1860,6 +1864,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextSetEvent(context.Background(),
@@ -2813,6 +2823,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
instance.NewCustomTextRemovedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
),
instance.NewCustomTextRemovedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
),
instance.NewCustomTextRemovedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
),
@@ -3934,6 +3947,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextSetEvent(context.Background(),
@@ -5279,6 +5298,12 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextRemovedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
),
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewCustomTextRemovedEvent(context.Background(),
@@ -6233,6 +6258,9 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
),
@@ -6695,6 +6723,7 @@ func TestCommandSide_SetCustomIAMLoginText(t *testing.T) {
PasswordChange: domain.PasswordChangeScreenText{
Title: "Title",
Description: "Description",
ExpiredDescription: "ExpiredDescription",
OldPasswordLabel: "OldPasswordLabel",
NewPasswordLabel: "NewPasswordLabel",
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",

28
internal/command/org_custom_login_text_test.go
View File

@@ -762,6 +762,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
@@ -1406,6 +1411,7 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
PasswordChange: domain.PasswordChangeScreenText{
Title: "Title",
Description: "Description",
ExpiredDescription: "ExpiredDescription",
OldPasswordLabel: "OldPasswordLabel",
NewPasswordLabel: "NewPasswordLabel",
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",
@@ -2192,6 +2198,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
@@ -3047,6 +3058,9 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
org.NewCustomTextRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
),
org.NewCustomTextRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
),
org.NewCustomTextRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
),
@@ -4035,6 +4049,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
),
eventFromEventPusher(
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
@@ -5150,6 +5169,11 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, language.English,
),
),
eventFromEventPusher(
org.NewCustomTextRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, language.English,
),
),
eventFromEventPusher(
org.NewCustomTextRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, language.English,
@@ -6005,6 +6029,9 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeDescription, "Description", language.English,
),
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeExpiredDescription, "ExpiredDescription", language.English,
),
org.NewCustomTextSetEvent(context.Background(),
&org.NewAggregate("org1").Aggregate, domain.LoginCustomText, domain.LoginKeyPasswordChangeOldPasswordLabel, "OldPasswordLabel", language.English,
),
@@ -6465,6 +6492,7 @@ func TestCommandSide_SetCustomOrgLoginText(t *testing.T) {
PasswordChange: domain.PasswordChangeScreenText{
Title: "Title",
Description: "Description",
ExpiredDescription: "ExpiredDescription",
OldPasswordLabel: "OldPasswordLabel",
NewPasswordLabel: "NewPasswordLabel",
NewPasswordConfirmLabel: "NewPasswordConfirmLabel",

1
internal/domain/auth_request.go
View File

@@ -56,6 +56,7 @@ type AuthRequest struct {
LabelPolicy *LabelPolicy
PrivacyPolicy *PrivacyPolicy
LockoutPolicy *LockoutPolicy
PasswordAgePolicy *PasswordAgePolicy
DefaultTranslations []*CustomText
OrgTranslations []*CustomText
SAMLRequestID string

2
internal/domain/custom_login_text.go
View File

@@ -185,6 +185,7 @@ const (
LoginKeyPasswordChange = "PasswordChange."
LoginKeyPasswordChangeTitle = LoginKeyPasswordChange + "Title"
LoginKeyPasswordChangeDescription = LoginKeyPasswordChange + "Description"
LoginKeyPasswordChangeExpiredDescription = LoginKeyPasswordChange + "ExpiredDescription"
LoginKeyPasswordChangeOldPasswordLabel = LoginKeyPasswordChange + "OldPasswordLabel"
LoginKeyPasswordChangeNewPasswordLabel = LoginKeyPasswordChange + "NewPasswordLabel"
LoginKeyPasswordChangeNewPasswordConfirmLabel = LoginKeyPasswordChange + "NewPasswordConfirmLabel"
@@ -529,6 +530,7 @@ type PasswordlessScreenText struct {
type PasswordChangeScreenText struct {
Title string
Description string
ExpiredDescription string
OldPasswordLabel string
NewPasswordLabel string
NewPasswordConfirmLabel string

4
internal/domain/next_step.go
View File

@@ -117,7 +117,9 @@ func (s *PasswordlessRegistrationPromptStep) Type() NextStepType {
return NextStepPasswordlessRegistrationPrompt
}
type ChangePasswordStep struct{}
type ChangePasswordStep struct {
Expired bool
}
func (s *ChangePasswordStep) Type() NextStepType {
return NextStepChangePassword

6
internal/integration/client.go
View File

@@ -17,6 +17,7 @@ import (
"google.golang.org/grpc"
"google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/structpb"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/command"
@@ -311,8 +312,8 @@ func (s *Tester) RegisterUserU2F(ctx context.Context, userID string) {
logging.OnError(err).Fatal("create user u2f")
}
func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, changeRequired bool) {
_, err := s.Client.UserV2.SetPassword(ctx, &user.SetPasswordRequest{
func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, changeRequired bool) *timestamppb.Timestamp {
resp, err := s.Client.UserV2.SetPassword(ctx, &user.SetPasswordRequest{
UserId: userID,
NewPassword: &user.Password{
Password: password,
@@ -320,6 +321,7 @@ func (s *Tester) SetUserPassword(ctx context.Context, userID, password string, c
},
})
logging.OnError(err).Fatal("set user password")
return resp.GetDetails().GetChangeDate()
}
func (s *Tester) AddGenericOAuthProvider(t *testing.T, ctx context.Context) string {

3
internal/query/custom_text.go
View File

@@ -891,6 +891,9 @@ func passwordChangeKeyToDomain(text *CustomText, result *domain.CustomLoginText)
if text.Key == domain.LoginKeyPasswordChangeDescription {
result.PasswordChange.Description = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeExpiredDescription {
result.PasswordChange.ExpiredDescription = text.Text
}
if text.Key == domain.LoginKeyPasswordChangeOldPasswordLabel {
result.PasswordChange.OldPasswordLabel = text.Text
}

26
internal/query/iam_member_test.go
View File

@@ -21,21 +21,21 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names3.login_name" +
", projections.users12_humans.email" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.display_name" +
", projections.users12_machines.name" +
", projections.users12_humans.avatar_key" +
", projections.users12.type" +
", projections.users13_humans.email" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.display_name" +
", projections.users13_machines.name" +
", projections.users13_humans.avatar_key" +
", projections.users13.type" +
", COUNT(*) OVER () " +
"FROM projections.instance_members4 AS members " +
"LEFT JOIN projections.users12_humans " +
"ON members.user_id = projections.users12_humans.user_id AND members.instance_id = projections.users12_humans.instance_id " +
"LEFT JOIN projections.users12_machines " +
"ON members.user_id = projections.users12_machines.user_id AND members.instance_id = projections.users12_machines.instance_id " +
"LEFT JOIN projections.users12 " +
"ON members.user_id = projections.users12.id AND members.instance_id = projections.users12.instance_id " +
"LEFT JOIN projections.users13_humans " +
"ON members.user_id = projections.users13_humans.user_id AND members.instance_id = projections.users13_humans.instance_id " +
"LEFT JOIN projections.users13_machines " +
"ON members.user_id = projections.users13_machines.user_id AND members.instance_id = projections.users13_machines.instance_id " +
"LEFT JOIN projections.users13 " +
"ON members.user_id = projections.users13.id AND members.instance_id = projections.users13.instance_id " +
"LEFT JOIN projections.login_names3 " +
"ON members.user_id = projections.login_names3.user_id AND members.instance_id = projections.login_names3.instance_id " +
"AS OF SYSTEM TIME '-1 ms' " +

32
internal/query/org_member_test.go
View File

@@ -21,24 +21,24 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names3.login_name" +
", projections.users12_humans.email" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.display_name" +
", projections.users12_machines.name" +
", projections.users12_humans.avatar_key" +
", projections.users12.type" +
", projections.users13_humans.email" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.display_name" +
", projections.users13_machines.name" +
", projections.users13_humans.avatar_key" +
", projections.users13.type" +
", COUNT(*) OVER () " +
"FROM projections.org_members4 AS members " +
"LEFT JOIN projections.users12_humans " +
"ON members.user_id = projections.users12_humans.user_id " +
"AND members.instance_id = projections.users12_humans.instance_id " +
"LEFT JOIN projections.users12_machines " +
"ON members.user_id = projections.users12_machines.user_id " +
"AND members.instance_id = projections.users12_machines.instance_id " +
"LEFT JOIN projections.users12 " +
"ON members.user_id = projections.users12.id " +
"AND members.instance_id = projections.users12.instance_id " +
"LEFT JOIN projections.users13_humans " +
"ON members.user_id = projections.users13_humans.user_id " +
"AND members.instance_id = projections.users13_humans.instance_id " +
"LEFT JOIN projections.users13_machines " +
"ON members.user_id = projections.users13_machines.user_id " +
"AND members.instance_id = projections.users13_machines.instance_id " +
"LEFT JOIN projections.users13 " +
"ON members.user_id = projections.users13.id " +
"AND members.instance_id = projections.users13.instance_id " +
"LEFT JOIN projections.login_names3 " +
"ON members.user_id = projections.login_names3.user_id " +
"AND members.instance_id = projections.login_names3.instance_id " +

32
internal/query/project_grant_member_test.go
View File

@@ -21,24 +21,24 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names3.login_name" +
", projections.users12_humans.email" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.display_name" +
", projections.users12_machines.name" +
", projections.users12_humans.avatar_key" +
", projections.users12.type" +
", projections.users13_humans.email" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.display_name" +
", projections.users13_machines.name" +
", projections.users13_humans.avatar_key" +
", projections.users13.type" +
", COUNT(*) OVER () " +
"FROM projections.project_grant_members4 AS members " +
"LEFT JOIN projections.users12_humans " +
"ON members.user_id = projections.users12_humans.user_id " +
"AND members.instance_id = projections.users12_humans.instance_id " +
"LEFT JOIN projections.users12_machines " +
"ON members.user_id = projections.users12_machines.user_id " +
"AND members.instance_id = projections.users12_machines.instance_id " +
"LEFT JOIN projections.users12 " +
"ON members.user_id = projections.users12.id " +
"AND members.instance_id = projections.users12.instance_id " +
"LEFT JOIN projections.users13_humans " +
"ON members.user_id = projections.users13_humans.user_id " +
"AND members.instance_id = projections.users13_humans.instance_id " +
"LEFT JOIN projections.users13_machines " +
"ON members.user_id = projections.users13_machines.user_id " +
"AND members.instance_id = projections.users13_machines.instance_id " +
"LEFT JOIN projections.users13 " +
"ON members.user_id = projections.users13.id " +
"AND members.instance_id = projections.users13.instance_id " +
"LEFT JOIN projections.login_names3 " +
"ON members.user_id = projections.login_names3.user_id " +
"AND members.instance_id = projections.login_names3.instance_id " +

32
internal/query/project_member_test.go
View File

@@ -21,24 +21,24 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names3.login_name" +
", projections.users12_humans.email" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.display_name" +
", projections.users12_machines.name" +
", projections.users12_humans.avatar_key" +
", projections.users12.type" +
", projections.users13_humans.email" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.display_name" +
", projections.users13_machines.name" +
", projections.users13_humans.avatar_key" +
", projections.users13.type" +
", COUNT(*) OVER () " +
"FROM projections.project_members4 AS members " +
"LEFT JOIN projections.users12_humans " +
"ON members.user_id = projections.users12_humans.user_id " +
"AND members.instance_id = projections.users12_humans.instance_id " +
"LEFT JOIN projections.users12_machines " +
"ON members.user_id = projections.users12_machines.user_id " +
"AND members.instance_id = projections.users12_machines.instance_id " +
"LEFT JOIN projections.users12 " +
"ON members.user_id = projections.users12.id " +
"AND members.instance_id = projections.users12.instance_id " +
"LEFT JOIN projections.users13_humans " +
"ON members.user_id = projections.users13_humans.user_id " +
"AND members.instance_id = projections.users13_humans.instance_id " +
"LEFT JOIN projections.users13_machines " +
"ON members.user_id = projections.users13_machines.user_id " +
"AND members.instance_id = projections.users13_machines.instance_id " +
"LEFT JOIN projections.users13 " +
"ON members.user_id = projections.users13.id " +
"AND members.instance_id = projections.users13.instance_id " +
"LEFT JOIN projections.login_names3 " +
"ON members.user_id = projections.login_names3.user_id " +
"AND members.instance_id = projections.login_names3.instance_id " +

13
internal/query/projection/user.go
View File

@@ -16,7 +16,7 @@ import (
)
const (
UserTable = "projections.users12"
UserTable = "projections.users13"
UserHumanTable = UserTable + "_" + UserHumanSuffix
UserMachineTable = UserTable + "_" + UserMachineSuffix
UserNotifyTable = UserTable + "_" + UserNotifySuffix
@@ -35,6 +35,7 @@ const (
HumanUserIDCol = "user_id"
HumanUserInstanceIDCol = "instance_id"
HumanPasswordChangeRequired = "password_change_required"
HumanPasswordChanged = "password_changed"
// profile
HumanFirstNameCol = "first_name"
@@ -116,6 +117,7 @@ func (*userProjection) Init() *old_handler.Check {
handler.NewColumn(HumanPhoneCol, handler.ColumnTypeText, handler.Nullable()),
handler.NewColumn(HumanIsPhoneVerifiedCol, handler.ColumnTypeBool, handler.Nullable()),
handler.NewColumn(HumanPasswordChangeRequired, handler.ColumnTypeBool),
handler.NewColumn(HumanPasswordChanged, handler.ColumnTypeTimestamp, handler.Nullable()),
},
handler.NewPrimaryKey(HumanUserInstanceIDCol, HumanUserIDCol),
UserHumanSuffix,
@@ -322,6 +324,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
if !ok {
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ebynp", "reduce.wrong.event.type %s", user.HumanAddedType)
}
passwordSet := crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""
return handler.NewMultiStatement(
e,
handler.AddCreateStatement(
@@ -350,6 +353,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
handler.NewCol(HumanEmailCol, e.EmailAddress),
handler.NewCol(HumanPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: passwordSet}),
},
handler.WithTableSuffix(UserHumanSuffix),
),
@@ -359,7 +363,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
handler.NewCol(NotifyPasswordSetCol, passwordSet),
},
handler.WithTableSuffix(UserNotifySuffix),
),
@@ -371,6 +375,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
if !ok {
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xE53M", "reduce.wrong.event.type %s", user.HumanRegisteredType)
}
passwordSet := crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""
return handler.NewMultiStatement(
e,
handler.AddCreateStatement(
@@ -399,6 +404,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
handler.NewCol(HumanEmailCol, e.EmailAddress),
handler.NewCol(HumanPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: passwordSet}),
},
handler.WithTableSuffix(UserHumanSuffix),
),
@@ -408,7 +414,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
handler.NewCol(NotifyPasswordSetCol, passwordSet),
},
handler.WithTableSuffix(UserNotifySuffix),
),
@@ -918,6 +924,7 @@ func (p *userProjection) reduceHumanPasswordChanged(event eventstore.Event) (*ha
handler.AddUpdateStatement(
[]handler.Column{
handler.NewCol(HumanPasswordChangeRequired, e.ChangeRequired),
handler.NewCol(HumanPasswordChanged, &sql.NullTime{Time: e.CreatedAt(), Valid: true}),
},
[]handler.Condition{
handler.NewCond(HumanUserIDCol, e.Aggregate().ID),

216
internal/query/projection/user_test.go
View File

@@ -3,6 +3,7 @@ package projection
import (
"database/sql"
"testing"
"time"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
@@ -14,6 +15,7 @@ import (
)
func TestUserProjection_reduces(t *testing.T) {
testNow := time.Now()
type args struct {
event func(t *testing.T) eventstore.Event
}
@@ -27,7 +29,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanAdded",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanAddedType,
user.AggregateType,
[]byte(`{
@@ -42,6 +44,7 @@ func TestUserProjection_reduces(t *testing.T) {
"phone": "+41 00 000 00 00",
"changeRequired": true
}`),
testNow,
), user.HumanAddedEventMapper),
},
reduce: (&userProjection{}).reduceHumanAdded,
@@ -51,7 +54,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -65,7 +68,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -78,10 +81,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
true,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -98,7 +102,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceUserV1Added",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.UserV1AddedType,
user.AggregateType,
[]byte(`{
@@ -112,6 +116,7 @@ func TestUserProjection_reduces(t *testing.T) {
"email": "email@zitadel.com",
"phone": "+41 00 000 00 00"
}`),
testNow,
), user.HumanAddedEventMapper),
},
reduce: (&userProjection{}).reduceHumanAdded,
@@ -121,7 +126,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -135,7 +140,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -148,10 +153,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
false,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -168,7 +174,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanAdded NULLs",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanAddedType,
user.AggregateType,
[]byte(`{
@@ -177,6 +183,7 @@ func TestUserProjection_reduces(t *testing.T) {
"lastName": "last-name",
"email": "email@zitadel.com"
}`),
testNow,
), user.HumanAddedEventMapper),
},
reduce: (&userProjection{}).reduceHumanAdded,
@@ -186,7 +193,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -200,7 +207,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -213,10 +220,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{},
false,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -233,7 +241,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanRegistered",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanRegisteredType,
user.AggregateType,
[]byte(`{
@@ -248,6 +256,7 @@ func TestUserProjection_reduces(t *testing.T) {
"phone": "+41 00 000 00 00",
"changeRequired": true
}`),
testNow,
), user.HumanRegisteredEventMapper),
},
reduce: (&userProjection{}).reduceHumanRegistered,
@@ -257,7 +266,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -271,7 +280,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -284,10 +293,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
true,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -304,7 +314,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceUserV1Registered",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.UserV1RegisteredType,
user.AggregateType,
[]byte(`{
@@ -318,6 +328,7 @@ func TestUserProjection_reduces(t *testing.T) {
"email": "email@zitadel.com",
"phone": "+41 00 000 00 00"
}`),
testNow,
), user.HumanRegisteredEventMapper),
},
reduce: (&userProjection{}).reduceHumanRegistered,
@@ -327,7 +338,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -341,7 +352,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -354,10 +365,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
false,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -374,7 +386,7 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanRegistered NULLs",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanRegisteredType,
user.AggregateType,
[]byte(`{
@@ -383,6 +395,7 @@ func TestUserProjection_reduces(t *testing.T) {
"lastName": "last-name",
"email": "email@zitadel.com"
}`),
testNow,
), user.HumanRegisteredEventMapper),
},
reduce: (&userProjection{}).reduceHumanRegistered,
@@ -392,7 +405,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -406,7 +419,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
expectedStmt: "INSERT INTO projections.users13_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required, password_changed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -419,10 +432,11 @@ func TestUserProjection_reduces(t *testing.T) {
domain.EmailAddress("email@zitadel.com"),
&sql.NullString{},
false,
&sql.NullTime{Time: testNow, Valid: false},
},
},
{
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -452,7 +466,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateInitial,
"agg-id",
@@ -480,7 +494,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateInitial,
"agg-id",
@@ -508,7 +522,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateActive,
"agg-id",
@@ -536,7 +550,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateActive,
"agg-id",
@@ -564,7 +578,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateLocked,
@@ -594,7 +608,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateActive,
@@ -624,7 +638,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateInactive,
@@ -654,7 +668,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateActive,
@@ -684,7 +698,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "DELETE FROM projections.users12 WHERE (id = $1) AND (instance_id = $2)",
expectedStmt: "DELETE FROM projections.users13 WHERE (id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -713,7 +727,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
"username",
@@ -745,7 +759,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedStmt: "UPDATE projections.users13 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
"id@temporary.domain",
@@ -782,7 +796,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -791,7 +805,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedStmt: "UPDATE projections.users13_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedArgs: []interface{}{
"first-name",
"last-name",
@@ -831,7 +845,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -840,7 +854,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedStmt: "UPDATE projections.users13_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedArgs: []interface{}{
"first-name",
"last-name",
@@ -875,7 +889,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -884,7 +898,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
domain.PhoneNumber("+41 00 000 00 00"),
false,
@@ -893,7 +907,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
"agg-id",
@@ -923,7 +937,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -932,7 +946,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
domain.PhoneNumber("+41 00 000 00 00"),
false,
@@ -941,7 +955,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
"agg-id",
@@ -969,7 +983,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -978,7 +992,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -987,7 +1001,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1016,7 +1030,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1025,7 +1039,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1034,7 +1048,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1063,7 +1077,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1072,7 +1086,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1080,7 +1094,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedStmt: "UPDATE projections.users13_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1107,7 +1121,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1116,7 +1130,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1124,7 +1138,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedStmt: "UPDATE projections.users13_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1153,7 +1167,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1162,7 +1176,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
domain.EmailAddress("email@zitadel.com"),
false,
@@ -1171,7 +1185,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "email@zitadel.com", Valid: true},
"agg-id",
@@ -1201,7 +1215,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1210,7 +1224,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
domain.EmailAddress("email@zitadel.com"),
false,
@@ -1219,7 +1233,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "email@zitadel.com", Valid: true},
"agg-id",
@@ -1247,7 +1261,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1256,7 +1270,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1264,7 +1278,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedStmt: "UPDATE projections.users13_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1291,7 +1305,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1300,7 +1314,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1308,7 +1322,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedStmt: "UPDATE projections.users13_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1337,7 +1351,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1346,7 +1360,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"users/agg-id/avatar",
"agg-id",
@@ -1374,7 +1388,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1383,7 +1397,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
nil,
"agg-id",
@@ -1398,12 +1412,13 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanPasswordChanged",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanPasswordChangedType,
user.AggregateType,
[]byte(`{
"changeRequired": true
}`),
testNow,
), user.HumanPasswordChangedEventMapper),
},
reduce: (&userProjection{}).reduceHumanPasswordChanged,
@@ -1413,15 +1428,16 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET (password_change_required, password_changed) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
true,
&sql.NullTime{Time: testNow, Valid: true},
"agg-id",
"instance-id",
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1436,12 +1452,13 @@ func TestUserProjection_reduces(t *testing.T) {
name: "reduceHumanPasswordChanged, false",
args: args{
event: getEvent(
testEvent(
timedTestEvent(
user.HumanPasswordChangedType,
user.AggregateType,
[]byte(`{
"changeRequired": false
}`),
testNow,
), user.HumanPasswordChangedEventMapper),
},
reduce: (&userProjection{}).reduceHumanPasswordChanged,
@@ -1451,15 +1468,16 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_humans SET (password_change_required, password_changed) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
false,
&sql.NullTime{Time: testNow, Valid: true},
"agg-id",
"instance-id",
},
},
{
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1490,7 +1508,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -1504,7 +1522,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1538,7 +1556,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedStmt: "INSERT INTO projections.users13 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -1552,7 +1570,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedStmt: "INSERT INTO projections.users13_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1585,7 +1603,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1594,7 +1612,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"machine-name",
"description",
@@ -1625,7 +1643,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1634,7 +1652,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"machine-name",
"agg-id",
@@ -1664,7 +1682,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1673,7 +1691,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"description",
"agg-id",
@@ -1722,7 +1740,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1731,7 +1749,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"secret",
"agg-id",
@@ -1761,7 +1779,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1770,7 +1788,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"secret",
"agg-id",
@@ -1800,7 +1818,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1809,7 +1827,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"secret",
"agg-id",
@@ -1837,7 +1855,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedStmt: "UPDATE projections.users13 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1846,7 +1864,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.users13_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
nil,
"agg-id",
@@ -1874,7 +1892,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1) AND (resource_owner = $2)",
expectedStmt: "DELETE FROM projections.users13 WHERE (instance_id = $1) AND (resource_owner = $2)",
expectedArgs: []interface{}{
"instance-id",
"agg-id",
@@ -1901,7 +1919,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1)",
expectedStmt: "DELETE FROM projections.users13 WHERE (instance_id = $1)",
expectedArgs: []interface{}{
"agg-id",
},

12
internal/query/sessions_test.go
View File

@@ -31,7 +31,7 @@ var (
` projections.sessions8.user_resource_owner,` +
` projections.sessions8.user_checked_at,` +
` projections.login_names3.login_name,` +
` projections.users12_humans.display_name,` +
` projections.users13_humans.display_name,` +
` projections.sessions8.password_checked_at,` +
` projections.sessions8.intent_checked_at,` +
` projections.sessions8.webauthn_checked_at,` +
@@ -48,8 +48,8 @@ var (
` projections.sessions8.expiration` +
` FROM projections.sessions8` +
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
` LEFT JOIN projections.users13_humans ON projections.sessions8.user_id = projections.users13_humans.user_id AND projections.sessions8.instance_id = projections.users13_humans.instance_id` +
` LEFT JOIN projections.users13 ON projections.sessions8.user_id = projections.users13.id AND projections.sessions8.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`)
expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions8.id,` +
` projections.sessions8.creation_date,` +
@@ -62,7 +62,7 @@ var (
` projections.sessions8.user_resource_owner,` +
` projections.sessions8.user_checked_at,` +
` projections.login_names3.login_name,` +
` projections.users12_humans.display_name,` +
` projections.users13_humans.display_name,` +
` projections.sessions8.password_checked_at,` +
` projections.sessions8.intent_checked_at,` +
` projections.sessions8.webauthn_checked_at,` +
@@ -75,8 +75,8 @@ var (
` COUNT(*) OVER ()` +
` FROM projections.sessions8` +
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
` LEFT JOIN projections.users13_humans ON projections.sessions8.user_id = projections.users13_humans.user_id AND projections.sessions8.instance_id = projections.users13_humans.instance_id` +
` LEFT JOIN projections.users13 ON projections.sessions8.user_id = projections.users13.id AND projections.sessions8.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`)
sessionCols = []string{

13
internal/query/user.go
View File

@@ -53,6 +53,7 @@ type Human struct {
Phone domain.PhoneNumber `json:"phone,omitempty"`
IsPhoneVerified bool `json:"is_phone_verified,omitempty"`
PasswordChangeRequired bool `json:"password_change_required,omitempty"`
PasswordChanged time.Time `json:"password_changed,omitempty"`
}
type Profile struct {
@@ -280,6 +281,10 @@ var (
name: projection.HumanPasswordChangeRequired,
table: humanTable,
}
HumanPasswordChangedCol = Column{
name: projection.HumanPasswordChanged,
table: humanTable,
}
)
var (
@@ -822,6 +827,7 @@ func scanUser(row *sql.Row) (*User, error) {
phone := sql.NullString{}
isPhoneVerified := sql.NullBool{}
passwordChangeRequired := sql.NullBool{}
passwordChanged := sql.NullTime{}
machineID := sql.NullString{}
name := sql.NullString{}
@@ -853,6 +859,7 @@ func scanUser(row *sql.Row) (*User, error) {
&phone,
&isPhoneVerified,
&passwordChangeRequired,
&passwordChanged,
&machineID,
&name,
&description,
@@ -884,6 +891,7 @@ func scanUser(row *sql.Row) (*User, error) {
Phone: domain.PhoneNumber(phone.String),
IsPhoneVerified: isPhoneVerified.Bool,
PasswordChangeRequired: passwordChangeRequired.Bool,
PasswordChanged: passwordChanged.Time,
}
} else if machineID.Valid {
u.Machine = &Machine{
@@ -929,6 +937,7 @@ func prepareUserQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder
HumanPhoneCol.identifier(),
HumanIsPhoneVerifiedCol.identifier(),
HumanPasswordChangeRequiredCol.identifier(),
HumanPasswordChangedCol.identifier(),
MachineUserIDCol.identifier(),
MachineNameCol.identifier(),
MachineDescriptionCol.identifier(),
@@ -1316,6 +1325,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
HumanPhoneCol.identifier(),
HumanIsPhoneVerifiedCol.identifier(),
HumanPasswordChangeRequiredCol.identifier(),
HumanPasswordChangedCol.identifier(),
MachineUserIDCol.identifier(),
MachineNameCol.identifier(),
MachineDescriptionCol.identifier(),
@@ -1355,6 +1365,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
phone := sql.NullString{}
isPhoneVerified := sql.NullBool{}
passwordChangeRequired := sql.NullBool{}
passwordChanged := sql.NullTime{}
machineID := sql.NullString{}
name := sql.NullString{}
@@ -1386,6 +1397,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
&phone,
&isPhoneVerified,
&passwordChangeRequired,
&passwordChanged,
&machineID,
&name,
&description,
@@ -1416,6 +1428,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
Phone: domain.PhoneNumber(phone.String),
IsPhoneVerified: isPhoneVerified.Bool,
PasswordChangeRequired: passwordChangeRequired.Bool,
PasswordChanged: passwordChanged.Time,
}
} else if machineID.Valid {
u.Machine = &Machine{

16
internal/query/user_auth_method_test.go
View File

@@ -40,29 +40,29 @@ var (
"method_type",
"count",
}
prepareActiveAuthMethodTypesStmt = `SELECT projections.users12_notifications.password_set,` +
prepareActiveAuthMethodTypesStmt = `SELECT projections.users13_notifications.password_set,` +
` auth_method_types.method_type,` +
` user_idps_count.count` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_notifications ON projections.users13.id = projections.users13_notifications.user_id AND projections.users13.instance_id = projections.users13_notifications.instance_id` +
` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` +
` WHERE auth_method_types.state = $1) AS auth_method_types` +
` ON auth_method_types.user_id = projections.users12.id AND auth_method_types.instance_id = projections.users12.instance_id` +
` ON auth_method_types.user_id = projections.users13.id AND auth_method_types.instance_id = projections.users13.instance_id` +
` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` +
` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` +
` ON user_idps_count.user_id = projections.users12.id AND user_idps_count.instance_id = projections.users12.instance_id` +
` ON user_idps_count.user_id = projections.users13.id AND user_idps_count.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms`
prepareActiveAuthMethodTypesCols = []string{
"password_set",
"method_type",
"idps_count",
}
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users12.type,` +
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users13.type,` +
` auth_methods_force_mfa.force_mfa,` +
` auth_methods_force_mfa.force_mfa_local_only` +
` FROM projections.users12` +
` FROM projections.users13` +
` LEFT JOIN (SELECT auth_methods_force_mfa.force_mfa, auth_methods_force_mfa.force_mfa_local_only, auth_methods_force_mfa.instance_id, auth_methods_force_mfa.aggregate_id, auth_methods_force_mfa.is_default FROM projections.login_policies5 AS auth_methods_force_mfa) AS auth_methods_force_mfa` +
` ON (auth_methods_force_mfa.aggregate_id = projections.users12.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users12.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users12.instance_id` +
` ON (auth_methods_force_mfa.aggregate_id = projections.users13.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users13.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users13.instance_id` +
` ORDER BY auth_methods_force_mfa.is_default LIMIT 1
`
prepareAuthMethodTypesRequiredCols = []string{

7
internal/query/user_by_id.sql
View File

@@ -59,20 +59,21 @@ SELECT
, h.phone
, h.is_phone_verified
, h.password_change_required
, h.password_changed
, m.user_id
, m.name
, m.description
, m.secret
, m.access_token_type
, count(*) OVER ()
FROM projections.users12 u
FROM projections.users13 u
LEFT JOIN
projections.users12_humans h
projections.users13_humans h
ON
u.id = h.user_id
AND u.instance_id = h.instance_id
LEFT JOIN
projections.users12_machines m
projections.users13_machines m
ON
u.id = m.user_id
AND u.instance_id = m.instance_id

7
internal/query/user_by_login_name.sql
View File

@@ -74,6 +74,7 @@ SELECT
, h.phone
, h.is_phone_verified
, h.password_change_required
, h.password_changed
, m.user_id
, m.name
, m.description
@@ -82,17 +83,17 @@ SELECT
, count(*) OVER ()
FROM found_users fu
JOIN
projections.users12 u
projections.users13 u
ON
fu.id = u.id
AND fu.instance_id = u.instance_id
LEFT JOIN
projections.users12_humans h
projections.users13_humans h
ON
fu.id = h.user_id
AND fu.instance_id = h.instance_id
LEFT JOIN
projections.users12_machines m
projections.users13_machines m
ON
fu.id = m.user_id
AND fu.instance_id = m.instance_id

44
internal/query/user_grant_test.go
View File

@@ -23,14 +23,14 @@ var (
", projections.user_grants5.roles" +
", projections.user_grants5.state" +
", projections.user_grants5.user_id" +
", projections.users12.username" +
", projections.users12.type" +
", projections.users12.resource_owner" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.email" +
", projections.users12_humans.display_name" +
", projections.users12_humans.avatar_key" +
", projections.users13.username" +
", projections.users13.type" +
", projections.users13.resource_owner" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.email" +
", projections.users13_humans.display_name" +
", projections.users13_humans.avatar_key" +
", projections.login_names3.login_name" +
", projections.user_grants5.resource_owner" +
", projections.orgs1.name" +
@@ -41,11 +41,11 @@ var (
", granted_orgs.name" +
", granted_orgs.primary_domain" +
" FROM projections.user_grants5" +
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
` AS OF SYSTEM TIME '-1 ms' ` +
" WHERE projections.login_names3.is_primary = $1")
@@ -85,14 +85,14 @@ var (
", projections.user_grants5.roles" +
", projections.user_grants5.state" +
", projections.user_grants5.user_id" +
", projections.users12.username" +
", projections.users12.type" +
", projections.users12.resource_owner" +
", projections.users12_humans.first_name" +
", projections.users12_humans.last_name" +
", projections.users12_humans.email" +
", projections.users12_humans.display_name" +
", projections.users12_humans.avatar_key" +
", projections.users13.username" +
", projections.users13.type" +
", projections.users13.resource_owner" +
", projections.users13_humans.first_name" +
", projections.users13_humans.last_name" +
", projections.users13_humans.email" +
", projections.users13_humans.display_name" +
", projections.users13_humans.avatar_key" +
", projections.login_names3.login_name" +
", projections.user_grants5.resource_owner" +
", projections.orgs1.name" +
@@ -104,11 +104,11 @@ var (
", granted_orgs.primary_domain" +
", COUNT(*) OVER ()" +
" FROM projections.user_grants5" +
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
` AS OF SYSTEM TIME '-1 ms' ` +
" WHERE projections.login_names3.is_primary = $1")

6
internal/query/user_notify_by_id.sql
View File

@@ -62,14 +62,14 @@ SELECT
, n.verified_phone
, n.password_set
, count(*) OVER ()
FROM projections.users12 u
FROM projections.users13 u
LEFT JOIN
projections.users12_humans h
projections.users13_humans h
ON
u.id = h.user_id
AND u.instance_id = h.instance_id
LEFT JOIN
projections.users12_notifications n
projections.users13_notifications n
ON
u.id = n.user_id
AND u.instance_id = n.instance_id

6
internal/query/user_notify_by_login_name.sql
View File

@@ -78,17 +78,17 @@ SELECT
, count(*) OVER ()
FROM found_users fu
JOIN
projections.users12 u
projections.users13 u
ON
fu.id = u.id
AND fu.instance_id = u.instance_id
LEFT JOIN
projections.users12_humans h
projections.users13_humans h
ON
fu.id = h.user_id
AND fu.instance_id = h.instance_id
LEFT JOIN
projections.users12_notifications n
projections.users13_notifications n
ON
fu.id = n.user_id
AND fu.instance_id = n.instance_id

277
internal/query/user_test.go
View File

@@ -147,44 +147,45 @@ var (
preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` +
` FROM projections.login_names3 AS preferred_login_name` +
` WHERE preferred_login_name.is_primary = $1`
userQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12.state,` +
` projections.users12.type,` +
` projections.users12.username,` +
userQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13.state,` +
` projections.users13.type,` +
` projections.users13.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.first_name,` +
` projections.users12_humans.last_name,` +
` projections.users12_humans.nick_name,` +
` projections.users12_humans.display_name,` +
` projections.users12_humans.preferred_language,` +
` projections.users12_humans.gender,` +
` projections.users12_humans.avatar_key,` +
` projections.users12_humans.email,` +
` projections.users12_humans.is_email_verified,` +
` projections.users12_humans.phone,` +
` projections.users12_humans.is_phone_verified,` +
` projections.users12_humans.password_change_required,` +
` projections.users12_machines.user_id,` +
` projections.users12_machines.name,` +
` projections.users12_machines.description,` +
` projections.users12_machines.secret,` +
` projections.users12_machines.access_token_type,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.first_name,` +
` projections.users13_humans.last_name,` +
` projections.users13_humans.nick_name,` +
` projections.users13_humans.display_name,` +
` projections.users13_humans.preferred_language,` +
` projections.users13_humans.gender,` +
` projections.users13_humans.avatar_key,` +
` projections.users13_humans.email,` +
` projections.users13_humans.is_email_verified,` +
` projections.users13_humans.phone,` +
` projections.users13_humans.is_phone_verified,` +
` projections.users13_humans.password_change_required,` +
` projections.users13_humans.password_changed,` +
` projections.users13_machines.user_id,` +
` projections.users13_machines.name,` +
` projections.users13_machines.description,` +
` projections.users13_machines.secret,` +
` projections.users13_machines.access_token_type,` +
` COUNT(*) OVER ()` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` LEFT JOIN projections.users13_machines ON projections.users13.id = projections.users13_machines.user_id AND projections.users13.instance_id = projections.users13_machines.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
userCols = []string{
"id",
@@ -211,6 +212,7 @@ var (
"phone",
"is_phone_verified",
"password_change_required",
"password_changed",
// machine
"user_id",
"name",
@@ -219,21 +221,21 @@ var (
"access_token_type",
"count",
}
profileQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.first_name,` +
` projections.users12_humans.last_name,` +
` projections.users12_humans.nick_name,` +
` projections.users12_humans.display_name,` +
` projections.users12_humans.preferred_language,` +
` projections.users12_humans.gender,` +
` projections.users12_humans.avatar_key` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
profileQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.first_name,` +
` projections.users13_humans.last_name,` +
` projections.users13_humans.nick_name,` +
` projections.users13_humans.display_name,` +
` projections.users13_humans.preferred_language,` +
` projections.users13_humans.gender,` +
` projections.users13_humans.avatar_key` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
profileCols = []string{
"id",
@@ -250,16 +252,16 @@ var (
"gender",
"avatar_key",
}
emailQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.email,` +
` projections.users12_humans.is_email_verified` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
emailQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.email,` +
` projections.users13_humans.is_email_verified` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
emailCols = []string{
"id",
@@ -271,16 +273,16 @@ var (
"email",
"is_email_verified",
}
phoneQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.phone,` +
` projections.users12_humans.is_phone_verified` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
phoneQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.phone,` +
` projections.users13_humans.is_phone_verified` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
phoneCols = []string{
"id",
@@ -292,14 +294,14 @@ var (
"phone",
"is_phone_verified",
}
userUniqueQuery = `SELECT projections.users12.id,` +
` projections.users12.state,` +
` projections.users12.username,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.email,` +
` projections.users12_humans.is_email_verified` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
userUniqueQuery = `SELECT projections.users13.id,` +
` projections.users13.state,` +
` projections.users13.username,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.email,` +
` projections.users13_humans.is_email_verified` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
userUniqueCols = []string{
"id",
@@ -309,40 +311,40 @@ var (
"email",
"is_email_verified",
}
notifyUserQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12.state,` +
` projections.users12.type,` +
` projections.users12.username,` +
notifyUserQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13.state,` +
` projections.users13.type,` +
` projections.users13.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.first_name,` +
` projections.users12_humans.last_name,` +
` projections.users12_humans.nick_name,` +
` projections.users12_humans.display_name,` +
` projections.users12_humans.preferred_language,` +
` projections.users12_humans.gender,` +
` projections.users12_humans.avatar_key,` +
` projections.users12_notifications.user_id,` +
` projections.users12_notifications.last_email,` +
` projections.users12_notifications.verified_email,` +
` projections.users12_notifications.last_phone,` +
` projections.users12_notifications.verified_phone,` +
` projections.users12_notifications.password_set,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.first_name,` +
` projections.users13_humans.last_name,` +
` projections.users13_humans.nick_name,` +
` projections.users13_humans.display_name,` +
` projections.users13_humans.preferred_language,` +
` projections.users13_humans.gender,` +
` projections.users13_humans.avatar_key,` +
` projections.users13_notifications.user_id,` +
` projections.users13_notifications.last_email,` +
` projections.users13_notifications.verified_email,` +
` projections.users13_notifications.last_phone,` +
` projections.users13_notifications.verified_phone,` +
` projections.users13_notifications.password_set,` +
` COUNT(*) OVER ()` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` LEFT JOIN projections.users13_notifications ON projections.users13.id = projections.users13_notifications.user_id AND projections.users13.instance_id = projections.users13_notifications.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
notifyUserCols = []string{
"id",
@@ -373,44 +375,45 @@ var (
"password_set",
"count",
}
usersQuery = `SELECT projections.users12.id,` +
` projections.users12.creation_date,` +
` projections.users12.change_date,` +
` projections.users12.resource_owner,` +
` projections.users12.sequence,` +
` projections.users12.state,` +
` projections.users12.type,` +
` projections.users12.username,` +
usersQuery = `SELECT projections.users13.id,` +
` projections.users13.creation_date,` +
` projections.users13.change_date,` +
` projections.users13.resource_owner,` +
` projections.users13.sequence,` +
` projections.users13.state,` +
` projections.users13.type,` +
` projections.users13.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
` projections.users12_humans.user_id,` +
` projections.users12_humans.first_name,` +
` projections.users12_humans.last_name,` +
` projections.users12_humans.nick_name,` +
` projections.users12_humans.display_name,` +
` projections.users12_humans.preferred_language,` +
` projections.users12_humans.gender,` +
` projections.users12_humans.avatar_key,` +
` projections.users12_humans.email,` +
` projections.users12_humans.is_email_verified,` +
` projections.users12_humans.phone,` +
` projections.users12_humans.is_phone_verified,` +
` projections.users12_humans.password_change_required,` +
` projections.users12_machines.user_id,` +
` projections.users12_machines.name,` +
` projections.users12_machines.description,` +
` projections.users12_machines.secret,` +
` projections.users12_machines.access_token_type,` +
` projections.users13_humans.user_id,` +
` projections.users13_humans.first_name,` +
` projections.users13_humans.last_name,` +
` projections.users13_humans.nick_name,` +
` projections.users13_humans.display_name,` +
` projections.users13_humans.preferred_language,` +
` projections.users13_humans.gender,` +
` projections.users13_humans.avatar_key,` +
` projections.users13_humans.email,` +
` projections.users13_humans.is_email_verified,` +
` projections.users13_humans.phone,` +
` projections.users13_humans.is_phone_verified,` +
` projections.users13_humans.password_change_required,` +
` projections.users13_humans.password_changed,` +
` projections.users13_machines.user_id,` +
` projections.users13_machines.name,` +
` projections.users13_machines.description,` +
` projections.users13_machines.secret,` +
` projections.users13_machines.access_token_type,` +
` COUNT(*) OVER ()` +
` FROM projections.users12` +
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
` FROM projections.users13` +
` LEFT JOIN projections.users13_humans ON projections.users13.id = projections.users13_humans.user_id AND projections.users13.instance_id = projections.users13_humans.instance_id` +
` LEFT JOIN projections.users13_machines ON projections.users13.id = projections.users13_machines.user_id AND projections.users13.instance_id = projections.users13_machines.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
` ON login_names.user_id = projections.users13.id AND login_names.instance_id = projections.users13.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
` ON preferred_login_name.user_id = projections.users13.id AND preferred_login_name.instance_id = projections.users13.instance_id` +
` AS OF SYSTEM TIME '-1 ms'`
usersCols = []string{
"id",
@@ -437,6 +440,7 @@ var (
"phone",
"is_phone_verified",
"password_change_required",
"password_changed",
// machine
"user_id",
"name",
@@ -508,6 +512,7 @@ func Test_UserPrepares(t *testing.T) {
"phone",
true,
true,
testNow,
// machine
nil,
nil,
@@ -542,6 +547,7 @@ func Test_UserPrepares(t *testing.T) {
Phone: "phone",
IsPhoneVerified: true,
PasswordChangeRequired: true,
PasswordChanged: testNow,
},
},
},
@@ -577,6 +583,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
// machine
"id",
"name",
@@ -638,6 +645,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
// machine
"id",
"name",
@@ -1226,6 +1234,7 @@ func Test_UserPrepares(t *testing.T) {
"phone",
true,
true,
testNow,
// machine
nil,
nil,
@@ -1265,6 +1274,7 @@ func Test_UserPrepares(t *testing.T) {
Phone: "phone",
IsPhoneVerified: true,
PasswordChangeRequired: true,
PasswordChanged: testNow,
},
},
},
@@ -1303,6 +1313,7 @@ func Test_UserPrepares(t *testing.T) {
"phone",
true,
true,
testNow,
// machine
nil,
nil,
@@ -1335,6 +1346,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
nil,
// machine
"id",
"name",
@@ -1374,6 +1386,7 @@ func Test_UserPrepares(t *testing.T) {
Phone: "phone",
IsPhoneVerified: true,
PasswordChangeRequired: true,
PasswordChanged: testNow,
},
},
{

6
internal/query/userinfo_by_id.sql
View File

@@ -1,6 +1,6 @@
with usr as (
select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name
from projections.users12 u
from projections.users13 u
left join projections.login_names3 n on u.id = n.user_id and u.instance_id = n.instance_id
where u.id = $1
and u.instance_id = $2
@@ -9,7 +9,7 @@ with usr as (
human as (
select $1 as user_id, row_to_json(r) as human from (
select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified
from projections.users12_humans
from projections.users13_humans
where user_id = $1
and instance_id = $2
) r
@@ -17,7 +17,7 @@ human as (
machine as (
select $1 as user_id, row_to_json(r) as machine from (
select name, description
from projections.users12_machines
from projections.users13_machines
where user_id = $1
and instance_id = $2
) r

6
internal/user/repository/view/user_by_id.sql
View File

@@ -73,15 +73,15 @@ SELECT
, u.instance_id
, (SELECT EXISTS (SELECT true FROM verified_auth_methods WHERE method_type = 6)) AS otp_sms_added
, (SELECT EXISTS (SELECT true FROM verified_auth_methods WHERE method_type = 7)) AS otp_email_added
FROM projections.users12 u
LEFT JOIN projections.users12_humans h
FROM projections.users13 u
LEFT JOIN projections.users13_humans h
ON u.instance_id = h.instance_id
AND u.id = h.user_id
LEFT JOIN projections.login_names3 l
ON u.instance_id = l.instance_id
AND u.id = l.user_id
AND l.is_primary = true
LEFT JOIN projections.users12_machines m
LEFT JOIN projections.users13_machines m
ON u.instance_id = m.instance_id
AND u.id = m.user_id
LEFT JOIN auth.users3 au

4
internal/user/repository/view/user_session_by_id.sql
View File

@@ -19,8 +19,8 @@ SELECT s.creation_date,
s.sequence,
s.instance_id
FROM auth.user_sessions s
LEFT JOIN projections.users12 u ON s.user_id = u.id AND s.instance_id = u.instance_id
LEFT JOIN projections.users12_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
LEFT JOIN projections.users13 u ON s.user_id = u.id AND s.instance_id = u.instance_id
LEFT JOIN projections.users13_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
WHERE (s.user_agent_id = $1)
AND (s.user_id = $2)

4
internal/user/repository/view/user_sessions_by_user_agent.sql
View File

@@ -19,8 +19,8 @@ SELECT s.creation_date,
s.sequence,
s.instance_id
FROM auth.user_sessions s
LEFT JOIN projections.users12 u ON s.user_id = u.id AND s.instance_id = u.instance_id
LEFT JOIN projections.users12_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
LEFT JOIN projections.users13 u ON s.user_id = u.id AND s.instance_id = u.instance_id
LEFT JOIN projections.users13_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
WHERE (s.user_agent_id = $1)
AND (s.instance_id = $2)