fix(api): use organization instead of organisation (#6720)

* fix(api): use organization instead of organisation * fix test * docs: add deprecation notice * remove validation
2024-11-22 00:39:36 +00:00 · 2023-10-13 15:37:35 +03:00 · 2023-10-13 15:37:35 +03:00 · 95889cf576
commit 95889cf576
parent 27e03120dc
11 changed files with 79 additions and 19 deletions
--- a/internal/api/grpc/server/middleware/auth_interceptor.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor.go
@ -33,12 +33,7 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
 		return nil, status.Error(codes.Unauthenticated, "auth header missing")
 	}

-	var orgDomain string
-	orgID := grpc_util.GetHeader(authCtx, http.ZitadelOrgID)
-	if o, ok := req.(OrganisationFromRequest); ok {
-		orgID = o.OrganisationFromRequest().ID
-		orgDomain = o.OrganisationFromRequest().Domain
-	}
+	orgID, orgDomain := orgIDAndDomainFromRequest(authCtx, req)
 	ctxSetter, err := authz.CheckUserAuthorization(authCtx, req, authToken, orgID, orgDomain, verifier, authConfig, authOpt, info.FullMethod)
 	if err != nil {
 		return nil, err
@ -47,11 +42,38 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
 	return handler(ctxSetter(ctx), req)
 }

-type OrganisationFromRequest interface {
-	OrganisationFromRequest() *Organisation
+func orgIDAndDomainFromRequest(ctx context.Context, req interface{}) (id, domain string) {
+	orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
+	o, ok := req.(OrganizationFromRequest)
+	if !ok {
+		return orgID, ""
+	}
+	id = o.OrganizationFromRequest().ID
+	domain = o.OrganizationFromRequest().Domain
+	if id != "" || domain != "" {
+		return id, domain
+	}
+	// check if the deprecated organisation is used.
+	// to be removed before going GA (https://github.com/zitadel/zitadel/issues/6718)
+	id = o.OrganisationFromRequest().ID
+	domain = o.OrganisationFromRequest().Domain
+	if id != "" || domain != "" {
+		return id, domain
+	}
+	return orgID, domain
 }

-type Organisation struct {
+// Deprecated: will be removed in favor of OrganizationFromRequest (https://github.com/zitadel/zitadel/issues/6718)
+type OrganisationFromRequest interface {
+	OrganisationFromRequest() *Organization
+}
+
+type Organization struct {
 	ID     string
 	Domain string
 }
+
+type OrganizationFromRequest interface {
+	OrganizationFromRequest() *Organization
+	OrganisationFromRequest
+}
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@ -216,6 +216,7 @@ func userFactorToPb(factor query.SessionUserFactor) *session.UserFactor {
 		LoginName:      factor.LoginName,
 		DisplayName:    factor.DisplayName,
 		OrganisationId: factor.ResourceOwner,
+		OrganizationId: factor.ResourceOwner,
 	}
 }

--- a/internal/api/grpc/session/v2/session_test.go
+++ b/internal/api/grpc/session/v2/session_test.go
@ -10,10 +10,11 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"

+	"github.com/zitadel/zitadel/internal/api/authz"
+
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/query"
@ -151,6 +152,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 			},
 			Metadata: map[string][]byte{"hello": []byte("world")},
@ -167,6 +169,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				Password: &session.PasswordFactor{
 					VerifiedAt: timestamppb.New(past),
@ -186,6 +189,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				WebAuthN: &session.WebAuthNFactor{
 					VerifiedAt:   timestamppb.New(past),
@ -206,6 +210,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				Totp: &session.TOTPFactor{
 					VerifiedAt: timestamppb.New(past),
--- a/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl
+++ b/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl
@ -17,8 +17,8 @@ var {{.ServiceName}}_AuthMethods = authz.MethodMapping {
 }

 {{ range $m := .AuthContext}}
-func (r *{{ $m.Name }}) OrganisationFromRequest() *middleware.Organisation {
-	return &middleware.Organisation{
+func (r *{{ $m.Name }}) OrganizationFromRequest() *middleware.Organization {
+	return &middleware.Organization{
 		ID: r{{$m.OrgMethod}}.GetOrgId(),
 		Domain: r{{$m.OrgMethod}}.GetOrgDomain(),
 	}
--- a/pkg/grpc/user/v2beta/user_service_org.pb.zitadel.go
+++ b/pkg/grpc/user/v2beta/user_service_org.pb.zitadel.go
@ -0,0 +1,12 @@
+package user
+
+import "github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
+
+// OrganisationFromRequest implements deprecated [middleware.OrganisationFromRequest] interface.
+// it will be removed before going GA (https://github.com/zitadel/zitadel/issues/6718)
+func (r *AddHumanUserRequest) OrganisationFromRequest() *middleware.Organization {
+	return &middleware.Organization{
+		ID:     r.GetOrganisation().GetOrgId(),
+		Domain: r.GetOrganisation().GetOrgDomain(),
+	}
+}
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@ -3763,7 +3763,7 @@ service AdminService {

    // Activates the "LoginDefaultOrg" feature by setting the flag to "true"
    // This is irreversible!
-    // Once activated, the login UI will use the settings of the default org (and not from the instance) if not organisation context is set
+    // Once activated, the login UI will use the settings of the default org (and not from the instance) if not organization context is set
    rpc ActivateFeatureLoginDefaultOrg(ActivateFeatureLoginDefaultOrgRequest) returns (ActivateFeatureLoginDefaultOrgResponse) {
        option (google.api.http) = {
            put: "/features/login_default_org"
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@ -6806,7 +6806,7 @@ service ManagementService {
        };
    }

-    // Add a new Azure AD identity provider in the organisation
+    // Add a new Azure AD identity provider in the organization
    rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
        option (google.api.http) = {
            post: "/idps/azure"
@ -6824,7 +6824,7 @@ service ManagementService {
        };
    }

-    // Change an existing Azure AD identity provider in the organisation
+    // Change an existing Azure AD identity provider in the organization
    rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
        option (google.api.http) = {
            put: "/idps/azure/{id}"
--- a/proto/zitadel/object/v2beta/object.proto
+++ b/proto/zitadel/object/v2beta/object.proto
@ -8,6 +8,7 @@ import "google/protobuf/timestamp.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
 import "validate/validate.proto";

+// Deprecated: use Organization
 message Organisation {
  oneof org {
    string org_id = 1;
@ -15,6 +16,13 @@ message Organisation {
  }
 }

+message Organization {
+  oneof org {
+    string org_id = 1;
+    string org_domain = 2;
+  }
+}
+
 message RequestContext {
  oneof resource_owner {
    string org_id = 1;
--- a/proto/zitadel/project.proto
+++ b/proto/zitadel/project.proto
@ -48,7 +48,7 @@ message GrantedProject {
    ];
    string granted_org_name = 3 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-            example: "\"Some Organisation\""
+            example: "\"Some Organization\""
        }
    ];
    repeated string granted_role_keys = 4 [
--- a/proto/zitadel/session/v2beta/session.proto
+++ b/proto/zitadel/session/v2beta/session.proto
@ -73,9 +73,15 @@ message UserFactor {
      description: "\"display name of the checked user\"";
    }
  ];
+  // deprecated: use organization_id, will be remove before GA (https://github.com/zitadel/zitadel/issues/6718)
  string organisation_id = 5 [
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "\"organisation id of the checked user\"";
+      description: "\"organization id of the checked user; deprecated: use organization_id\"";
+    }
+  ];
+  string organization_id = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"organization id of the checked user\"";
    }
  ];
 }
--- a/proto/zitadel/user/v2beta/user_service.proto
+++ b/proto/zitadel/user/v2beta/user_service.proto
@ -119,7 +119,7 @@ service UserService {
    option (zitadel.protoc_gen_zitadel.v2.options) = {
      auth_option: {
        permission: "user.write"
-        org_field: "organisation"
+        org_field: "organization"
      }
      http_response: {
        success_code: 201
@ -655,7 +655,13 @@ message AddHumanUserRequest{
      example: "\"minnie-mouse\"";
    }
  ];
-  zitadel.object.v2beta.Organisation organisation = 3;
+  // deprecated: use organization (if both are set, organization will take precedence)
+  zitadel.object.v2beta.Organisation organisation = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "deprecated: use organization (if both are set, organization will take precedence)"
+    }
+  ];
+  zitadel.object.v2beta.Organization organization = 11;
  SetHumanProfile profile = 4 [
    (validate.rules).message.required = true,
    (google.api.field_behavior) = REQUIRED