mirror of
https://github.com/zitadel/zitadel
synced 2024-11-23 19:19:19 +00:00
b6b5b1b782
* feat: jwt idp * feat: command side * feat: add tests * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * merge * handle jwt idp * cleanup * fixes * autoregister * get token from specific header name * error handling * fix texts * handle renderExternalNotFoundOption Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
195 lines
7.3 KiB
Go
195 lines
7.3 KiB
Go
package query
|
|
|
|
import (
|
|
"github.com/caos/zitadel/internal/domain"
|
|
"github.com/caos/zitadel/internal/eventstore"
|
|
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
|
"github.com/caos/zitadel/internal/iam/model"
|
|
)
|
|
|
|
func readModelToIAM(readModel *ReadModel) *model.IAM {
|
|
return &model.IAM{
|
|
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
|
|
GlobalOrgID: readModel.GlobalOrgID,
|
|
IAMProjectID: readModel.ProjectID,
|
|
SetUpDone: readModel.SetUpDone,
|
|
SetUpStarted: readModel.SetUpStarted,
|
|
Members: readModelToMembers(&readModel.Members),
|
|
DefaultLabelPolicy: readModelToLabelPolicy(&readModel.DefaultLabelPolicy),
|
|
DefaultLoginPolicy: readModelToLoginPolicy(&readModel.DefaultLoginPolicy),
|
|
DefaultOrgIAMPolicy: readModelToOrgIAMPolicy(&readModel.DefaultOrgIAMPolicy),
|
|
DefaultPasswordAgePolicy: readModelToPasswordAgePolicy(&readModel.DefaultPasswordAgePolicy),
|
|
DefaultPasswordComplexityPolicy: readModelToPasswordComplexityPolicy(&readModel.DefaultPasswordComplexityPolicy),
|
|
DefaultLockoutPolicy: readModelToPasswordLockoutPolicy(&readModel.DefaultPasswordLockoutPolicy),
|
|
IDPs: readModelToIDPConfigs(&readModel.IDPs),
|
|
}
|
|
}
|
|
|
|
func readModelToIDPConfigView(rm *IAMIDPConfigReadModel) *domain.IDPConfigView {
|
|
converted := &domain.IDPConfigView{
|
|
AggregateID: rm.AggregateID,
|
|
ChangeDate: rm.ChangeDate,
|
|
CreationDate: rm.CreationDate,
|
|
IDPConfigID: rm.ConfigID,
|
|
IDPProviderType: rm.ProviderType,
|
|
IsOIDC: rm.OIDCConfig != nil,
|
|
Name: rm.Name,
|
|
Sequence: rm.ProcessedSequence,
|
|
State: rm.State,
|
|
StylingType: rm.StylingType,
|
|
}
|
|
if rm.OIDCConfig != nil {
|
|
converted.OIDCClientID = rm.OIDCConfig.ClientID
|
|
converted.OIDCClientSecret = rm.OIDCConfig.ClientSecret
|
|
converted.OIDCIDPDisplayNameMapping = rm.OIDCConfig.IDPDisplayNameMapping
|
|
converted.OIDCIssuer = rm.OIDCConfig.Issuer
|
|
converted.OIDCScopes = rm.OIDCConfig.Scopes
|
|
converted.OIDCUsernameMapping = rm.OIDCConfig.UserNameMapping
|
|
converted.OAuthAuthorizationEndpoint = rm.OIDCConfig.AuthorizationEndpoint
|
|
converted.OAuthTokenEndpoint = rm.OIDCConfig.TokenEndpoint
|
|
}
|
|
if rm.JWTConfig != nil {
|
|
converted.JWTEndpoint = rm.JWTConfig.JWTEndpoint
|
|
converted.JWTIssuer = rm.JWTConfig.Issuer
|
|
converted.JWTKeysEndpoint = rm.JWTConfig.KeysEndpoint
|
|
}
|
|
return converted
|
|
}
|
|
|
|
func readModelToMember(readModel *MemberReadModel) *model.IAMMember {
|
|
return &model.IAMMember{
|
|
ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
|
|
Roles: readModel.Roles,
|
|
UserID: readModel.UserID,
|
|
}
|
|
}
|
|
|
|
func readModelToMembers(readModel *IAMMembersReadModel) []*model.IAMMember {
|
|
members := make([]*model.IAMMember, len(readModel.Members))
|
|
|
|
for i, member := range readModel.Members {
|
|
members[i] = &model.IAMMember{
|
|
ObjectRoot: readModelToObjectRoot(member.ReadModel),
|
|
Roles: member.Roles,
|
|
UserID: member.UserID,
|
|
}
|
|
}
|
|
|
|
return members
|
|
}
|
|
|
|
func readModelToLabelPolicy(readModel *IAMLabelPolicyReadModel) *model.LabelPolicy {
|
|
return &model.LabelPolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.LabelPolicyReadModel.ReadModel),
|
|
PrimaryColor: readModel.PrimaryColor,
|
|
BackgroundColor: readModel.BackgroundColor,
|
|
WarnColor: readModel.WarnColor,
|
|
FontColor: readModel.FontColor,
|
|
PrimaryColorDark: readModel.PrimaryColorDark,
|
|
BackgroundColorDark: readModel.BackgroundColorDark,
|
|
WarnColorDark: readModel.WarnColorDark,
|
|
FontColorDark: readModel.FontColorDark,
|
|
Default: true,
|
|
}
|
|
}
|
|
|
|
func readModelToLoginPolicy(readModel *IAMLoginPolicyReadModel) *model.LoginPolicy {
|
|
return &model.LoginPolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.LoginPolicyReadModel.ReadModel),
|
|
AllowExternalIdp: readModel.AllowExternalIDP,
|
|
AllowRegister: readModel.AllowRegister,
|
|
AllowUsernamePassword: readModel.AllowUserNamePassword,
|
|
Default: true,
|
|
}
|
|
}
|
|
func readModelToOrgIAMPolicy(readModel *IAMOrgIAMPolicyReadModel) *model.OrgIAMPolicy {
|
|
return &model.OrgIAMPolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.OrgIAMPolicyReadModel.ReadModel),
|
|
UserLoginMustBeDomain: readModel.UserLoginMustBeDomain,
|
|
Default: true,
|
|
}
|
|
}
|
|
func readModelToPasswordAgePolicy(readModel *IAMPasswordAgePolicyReadModel) *model.PasswordAgePolicy {
|
|
return &model.PasswordAgePolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.PasswordAgePolicyReadModel.ReadModel),
|
|
ExpireWarnDays: readModel.ExpireWarnDays,
|
|
MaxAgeDays: readModel.MaxAgeDays,
|
|
}
|
|
}
|
|
func readModelToPasswordComplexityPolicy(readModel *IAMPasswordComplexityPolicyReadModel) *model.PasswordComplexityPolicy {
|
|
return &model.PasswordComplexityPolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.PasswordComplexityPolicyReadModel.ReadModel),
|
|
HasLowercase: readModel.HasLowercase,
|
|
HasNumber: readModel.HasNumber,
|
|
HasSymbol: readModel.HasSymbol,
|
|
HasUppercase: readModel.HasUpperCase,
|
|
MinLength: readModel.MinLength,
|
|
}
|
|
}
|
|
func readModelToPasswordLockoutPolicy(readModel *IAMLockoutPolicyReadModel) *model.LockoutPolicy {
|
|
return &model.LockoutPolicy{
|
|
ObjectRoot: readModelToObjectRoot(readModel.LockoutPolicyReadModel.ReadModel),
|
|
MaxPasswordAttempts: readModel.MaxAttempts,
|
|
ShowLockOutFailures: readModel.ShowLockOutFailures,
|
|
}
|
|
}
|
|
|
|
func readModelToIDPConfigs(rm *IAMIDPConfigsReadModel) []*model.IDPConfig {
|
|
configs := make([]*model.IDPConfig, len(rm.Configs))
|
|
for i, config := range rm.Configs {
|
|
configs[i] = readModelToIDPConfig(&IAMIDPConfigReadModel{IDPConfigReadModel: *config})
|
|
}
|
|
return configs
|
|
}
|
|
|
|
func readModelToIDPConfig(rm *IAMIDPConfigReadModel) *model.IDPConfig {
|
|
config := &model.IDPConfig{
|
|
ObjectRoot: readModelToObjectRoot(rm.ReadModel),
|
|
IDPConfigID: rm.ConfigID,
|
|
Name: rm.Name,
|
|
State: model.IDPConfigState(rm.State),
|
|
StylingType: model.IDPStylingType(rm.StylingType),
|
|
}
|
|
if rm.OIDCConfig != nil {
|
|
config.OIDCConfig = readModelToIDPOIDCConfig(rm.OIDCConfig)
|
|
}
|
|
if rm.JWTConfig != nil {
|
|
config.JWTIDPConfig = readModelToIDPJWTConfig(rm.JWTConfig)
|
|
}
|
|
return config
|
|
}
|
|
|
|
func readModelToIDPOIDCConfig(rm *OIDCConfigReadModel) *model.OIDCIDPConfig {
|
|
return &model.OIDCIDPConfig{
|
|
ObjectRoot: readModelToObjectRoot(rm.ReadModel),
|
|
ClientID: rm.ClientID,
|
|
ClientSecret: rm.ClientSecret,
|
|
ClientSecretString: string(rm.ClientSecret.Crypted),
|
|
IDPConfigID: rm.IDPConfigID,
|
|
IDPDisplayNameMapping: model.OIDCMappingField(rm.IDPDisplayNameMapping),
|
|
Issuer: rm.Issuer,
|
|
Scopes: rm.Scopes,
|
|
UsernameMapping: model.OIDCMappingField(rm.UserNameMapping),
|
|
}
|
|
}
|
|
|
|
func readModelToIDPJWTConfig(rm *JWTConfigReadModel) *model.JWTIDPConfig {
|
|
return &model.JWTIDPConfig{
|
|
ObjectRoot: readModelToObjectRoot(rm.ReadModel),
|
|
IDPConfigID: rm.IDPConfigID,
|
|
JWTEndpoint: rm.JWTEndpoint,
|
|
Issuer: rm.Issuer,
|
|
KeysEndpoint: rm.KeysEndpoint,
|
|
}
|
|
}
|
|
|
|
func readModelToObjectRoot(readModel eventstore.ReadModel) models.ObjectRoot {
|
|
return models.ObjectRoot{
|
|
AggregateID: readModel.AggregateID,
|
|
ChangeDate: readModel.ChangeDate,
|
|
CreationDate: readModel.CreationDate,
|
|
ResourceOwner: readModel.ResourceOwner,
|
|
Sequence: readModel.ProcessedSequence,
|
|
}
|
|
}
|