diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json index 9ea937ec220..7e9bf6527fb 100644 --- a/console/src/assets/i18n/bg.json +++ b/console/src/assets/i18n/bg.json @@ -45,16 +45,16 @@ } }, "USERS": { - "TITLE": "Потребители", + "TITLE": "потребители", "DESCRIPTION": "Потребител е човек или машина, която може да достъпва вашите приложения.", "HUMANS": { - "TITLE": "Хора", + "TITLE": "потребители", "DESCRIPTION": "Хората се удостоверяват интерактивно в сесия на браузъра с искане за вход.", "METADATA": "Добавете персонализирани атрибути към потребителя, като отдела. Можете да използвате тази информация във вашите действия." }, "MACHINES": { - "TITLE": "Машини", - "DESCRIPTION": "Машините се удостоверяват неинтерактивно, използвайки JWT bearer token, подписан с личен ключ. Те също могат да използват личен токен за достъп.", + "TITLE": "потребители на услугата", + "DESCRIPTION": "Потребителите на услугата се удостоверяват неинтерактивно, като използват JWT носител, подписан с частен ключ. Те могат също да използват личен маркер за достъп.", "METADATA": "Добавете персонализирани атрибути към потребителя, като системата за удостоверяване. Можете да използвате тази информация във вашите действия." }, "SELF": { diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json index b1c2e1c2f00..9dba1a33c1a 100644 --- a/console/src/assets/i18n/cs.json +++ b/console/src/assets/i18n/cs.json @@ -48,13 +48,13 @@ "TITLE": "Uživatelé", "DESCRIPTION": "Uživatel je člověk nebo stroj, který může přistupovat k vašim aplikacím.", "HUMANS": { - "TITLE": "Lidé", - "DESCRIPTION": "Lidé se autentizují interaktivně v prohlížečové relaci s výzvou k přihlášení.", + "TITLE": "Uživatelé", + "DESCRIPTION": "Uživatelé se autentizují interaktivně v prohlížečové relaci s výzvou k přihlášení.", "METADATA": "Přidejte vlastní atributy k uživateli, jako je oddělení. Tyto informace můžete využít ve vašich akcích." }, "MACHINES": { - "TITLE": "Stroje", - "DESCRIPTION": "Stroje se autentizují neinteraktivně pomocí JWT bearer tokenu podepsaného soukromým klíčem. Mohou také používat osobní přístupový token.", + "TITLE": "Uživatelé služby", + "DESCRIPTION": "Uživatelé služby se ověřují neinteraktivně pomocí tokenu nosiče JWT podepsaného soukromým klíčem. Mohou také použít osobní přístupový token.", "METADATA": "Přidejte vlastní atributy k uživateli, jako je autentizační systém. Tyto informace můžete využít ve vašich akcích." }, "SELF": { diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 4936d66aa2e..179bff31895 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -45,15 +45,15 @@ } }, "USERS": { - "TITLE": "Benutzer", + "TITLE": "Users", "DESCRIPTION": "Ein Benutzer ist ein Mensch oder eine Maschine, die auf deine Anwendungen zugreifen kann.", "HUMANS": { - "TITLE": "Menschen", - "DESCRIPTION": "Menschen authentifizieren sich interaktiv in einer Browsersitzung mit einer Anmeldeaufforderung.", + "TITLE": "Users", + "DESCRIPTION": "User authentifizieren sich interaktiv in einer Browsersitzung mit einer Anmeldeaufforderung.", "METADATA": "Füge dem Benutzer benutzerdefinierte Attribute hinzu, wie die Abteilung. Du kannst diese Informationen in deinen Aktionen nutzen." }, "MACHINES": { - "TITLE": "Maschinen", + "TITLE": "Service users", "DESCRIPTION": "Maschinen authentifizieren sich nicht-interaktiv mit einem JWT Bearer-Token, das mit einem privaten Schlüssel signiert ist. Sie können auch ein persönliches Zugangstoken verwenden.", "METADATA": "Füge dem Benutzer benutzerdefinierte Attribute hinzu, wie das authentifizierende System. Du kannst diese Informationen in deinen Aktionen nutzen." }, diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index 008e4e29f1f..6400376c736 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -48,13 +48,13 @@ "TITLE": "Users", "DESCRIPTION": "A user is a human or a machine that can access your applications.", "HUMANS": { - "TITLE": "Humans", - "DESCRIPTION": "Humans authenticate interactively in a browser session with a login prompt.", + "TITLE": "Users", + "DESCRIPTION": "Users authenticate interactively in a browser session with a login prompt.", "METADATA": "Add custom attributes to the user like the department. You can use this information in your actions." }, "MACHINES": { - "TITLE": "Machines", - "DESCRIPTION": "Machines authenticate non-interactively using a JWT bearer token signed with a private key. They can also use a personal access token.", + "TITLE": "Service Users", + "DESCRIPTION": "Les utilisateurs du service s'authentifient de manière non interactive à l'aide d'un jeton de porteur JWT signé avec une clé privée. Ils peuvent également utiliser un jeton d'accès personnel.", "METADATA": "Add custom attributes to the user like the authenticating system. You can use this information in your actions." }, "SELF": { diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json index 9e9f2766e19..e092de6ca6d 100644 --- a/console/src/assets/i18n/es.json +++ b/console/src/assets/i18n/es.json @@ -48,13 +48,13 @@ "TITLE": "Usuarios", "DESCRIPTION": "Un usuario es un humano o una máquina que puede acceder a tus aplicaciones.", "HUMANS": { - "TITLE": "Humanos", - "DESCRIPTION": "Los humanos se autentican de manera interactiva en una sesión de navegador con una solicitud de inicio de sesión.", + "TITLE": "Usuarios", + "DESCRIPTION": "Los Usuarios se autentican de manera interactiva en una sesión de navegador con una solicitud de inicio de sesión.", "METADATA": "Añade atributos personalizados al usuario como el departamento. Puedes usar esta información en tus acciones." }, "MACHINES": { - "TITLE": "Máquinas", - "DESCRIPTION": "Las máquinas se autentican de manera no interactiva usando un token portador JWT firmado con una clave privada. También pueden usar un token de acceso personal.", + "TITLE": "Usuarios del servicio", + "DESCRIPTION": "Los Usuarios del servicio se autentican de manera no interactiva usando un token portador JWT firmado con una clave privada. También pueden usar un token de acceso personal.", "METADATA": "Añade atributos personalizados al usuario como el sistema autenticador. Puedes usar esta información en tus acciones." }, "SELF": { diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json index ae81a43e06e..a18ee2e1d39 100644 --- a/console/src/assets/i18n/fr.json +++ b/console/src/assets/i18n/fr.json @@ -48,13 +48,13 @@ "TITLE": "Utilisateurs", "DESCRIPTION": "Un utilisateur est un humain ou une machine qui peut accéder à tes applications.", "HUMANS": { - "TITLE": "Humains", - "DESCRIPTION": "Les humains s'authentifient de manière interactive dans une session de navigateur avec une invite de connexion.", + "TITLE": "utilisateurs", + "DESCRIPTION": "Les utilisateurs s'authentifient de manière interactive dans une session de navigateur avec une invite de connexion.", "METADATA": "Ajoute des attributs personnalisés à l'utilisateur comme le département. Tu peux utiliser cette information dans tes actions." }, "MACHINES": { - "TITLE": "Machines", - "DESCRIPTION": "Les machines s'authentifient de manière non interactive en utilisant un token porteur JWT signé avec une clé privée. Elles peuvent également utiliser un token d'accès personnel.", + "TITLE": "Utilisateurs des services", + "DESCRIPTION": "Les utilisateurs des services s'authentifient de manière non interactive en utilisant un token porteur JWT signé avec une clé privée. Elles peuvent également utiliser un token d'accès personnel.", "METADATA": "Ajoute des attributs personnalisés à l'utilisateur comme le système d'authentification. Tu peux utiliser cette information dans tes actions." }, "SELF": { diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json index 55eddea64d1..fe53d89b3fd 100644 --- a/console/src/assets/i18n/it.json +++ b/console/src/assets/i18n/it.json @@ -48,13 +48,13 @@ "TITLE": "Utenti", "DESCRIPTION": "Un utente è un essere umano o una macchina che può accedere alle tue applicazioni.", "HUMANS": { - "TITLE": "Umani", - "DESCRIPTION": "Gli umani si autenticano interattivamente in una sessione del browser con un prompt di login.", + "TITLE": "Utenti", + "DESCRIPTION": "Gli utenti si autenticano interattivamente in una sessione del browser con un prompt di login.", "METADATA": "Aggiungi attributi personalizzati all'utente come il dipartimento. Puoi utilizzare queste informazioni nelle tue azioni." }, "MACHINES": { - "TITLE": "Macchine", - "DESCRIPTION": "Le macchine si autenticano in modo non interattivo utilizzando un token JWT firmato con una chiave privata. Possono anche utilizzare un token di accesso personale.", + "TITLE": "Utenti di servizio", + "DESCRIPTION": "Utenti di servizio si autenticano in modo non interattivo utilizzando un token JWT firmato con una chiave privata. Possono anche utilizzare un token di accesso personale.", "METADATA": "Aggiungi attributi personalizzati all'utente come il sistema di autenticazione. Puoi utilizzare queste informazioni nelle tue azioni." }, "SELF": { diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json index 3e30cffb111..79b174e23c8 100644 --- a/console/src/assets/i18n/ja.json +++ b/console/src/assets/i18n/ja.json @@ -48,13 +48,13 @@ "TITLE": "ユーザー", "DESCRIPTION": "ユーザーは、あなたのアプリケーションにアクセスできる人間または機械です。", "HUMANS": { - "TITLE": "人間", - "DESCRIPTION": "人間は、ログインプロンプトを伴うブラウザセッションで対話的に認証します。", + "TITLE": "ユーザー", + "DESCRIPTION": "ユーザーは、ログイン プロンプトを使用してブラウザ セッションで対話的に認証を行います。", "METADATA": "部門のようなユーザーにカスタム属性を追加してください。この情報をあなたのアクションで使用できます。" }, "MACHINES": { - "TITLE": "マシン", - "DESCRIPTION": "マシンは、プライベートキーで署名されたJWTベアラートークンを使用して非対話的に認証します。パーソナルアクセストークンも使用できます。", + "TITLE": "サービス利用者", + "DESCRIPTION": "サービス ユーザーは、秘密キーで署名された JWT ベアラー トークンを使用して非対話的に認証されます。個人のアクセス トークンを使用することもできます。", "METADATA": "認証システムのようなユーザーにカスタム属性を追加してください。この情報をあなたのアクションで使用できます。" }, "SELF": { diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json index c5bcd375dad..cfadf4afa54 100644 --- a/console/src/assets/i18n/mk.json +++ b/console/src/assets/i18n/mk.json @@ -48,13 +48,13 @@ "TITLE": "Корисници", "DESCRIPTION": "Корисник е човек или машина кој може да пристапи до твоите апликации.", "HUMANS": { - "TITLE": "Луѓе", - "DESCRIPTION": "Луѓето се автентицираат интерактивно во сесија на прелистувач со логин подсетник.", + "TITLE": "Корисници", + "DESCRIPTION": "Корисниците интерактивно се автентицираат во сесија на прелистувач со барање за најава.", "METADATA": "Додади прилагодени атрибути на корисникот како оддел. Можеш да ги користиш овие информации во твоите активности." }, "MACHINES": { - "TITLE": "Машини", - "DESCRIPTION": "Машините се автентицираат неинтерактивно користејќи JWT bearer token потпишан со приватен клуч. Тие исто така можат да користат личен пристапен токен.", + "TITLE": "Корисници на услуги", + "DESCRIPTION": "Корисниците на услугата неинтерактивно ја автентицираат користејќи токен на носител JWT потпишан со приватен клуч. Тие исто така можат да користат токен за личен пристап.", "METADATA": "Додади прилагодени атрибути на корисникот како систем за автентикација. Можеш да ги користиш овие информации во твоите активности." }, "SELF": { diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json index c8ea11d950c..4c556bfa54b 100644 --- a/console/src/assets/i18n/nl.json +++ b/console/src/assets/i18n/nl.json @@ -48,13 +48,13 @@ "TITLE": "Gebruikers", "DESCRIPTION": "Een gebruiker is een mens of een machine die toegang kan krijgen tot je applicaties.", "HUMANS": { - "TITLE": "Mensen", - "DESCRIPTION": "Mensen authenticeren interactief in een browsersessie met een loginprompt.", + "TITLE": "Gebruikers", + "DESCRIPTION": "Gebruikers authenticeren interactief in een browsersessie met een loginprompt.", "METADATA": "Voeg aangepaste attributen toe aan de gebruiker zoals de afdeling. Je kunt deze informatie gebruiken in je acties." }, "MACHINES": { - "TITLE": "Machines", - "DESCRIPTION": "Machines authenticeren niet-interactief met een JWT bearer token ondertekend met een privésleutel. Ze kunnen ook een persoonlijke toegangstoken gebruiken.", + "TITLE": "Servicegebruikers", + "DESCRIPTION": "Servicegebruikers authenticeren niet-interactief met behulp van een JWT-bearertoken ondertekend met een privésleutel. Ze kunnen ook een persoonlijk toegangstoken gebruiken.", "METADATA": "Voeg aangepaste attributen toe aan de gebruiker zoals het authenticatiesysteem. Je kunt deze informatie gebruiken in je acties." }, "SELF": { diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json index 8e15255e5c3..e899d172caf 100644 --- a/console/src/assets/i18n/pl.json +++ b/console/src/assets/i18n/pl.json @@ -48,13 +48,13 @@ "TITLE": "Użytkownicy", "DESCRIPTION": "Użytkownik to człowiek lub maszyna, która może uzyskać dostęp do twoich aplikacji.", "HUMANS": { - "TITLE": "Ludzie", - "DESCRIPTION": "Ludzie uwierzytelniają się interaktywnie w sesji przeglądarki z monitem logowania.", + "TITLE": "Użytkownicy", + "DESCRIPTION": "Użytkownicy uwierzytelniają się interaktywnie w sesji przeglądarki z monitem logowania.", "METADATA": "Dodaj niestandardowe atrybuty do użytkownika, takie jak dział. Możesz użyć tych informacji w swoich działaniach." }, "MACHINES": { - "TITLE": "Maszyny", - "DESCRIPTION": "Maszyny uwierzytelniają się nieinteraktywnie, używając tokena JWT podpisanego prywatnym kluczem. Mogą również używać osobistego tokena dostępu.", + "TITLE": "Użytkownicy serwisu", + "DESCRIPTION": "Użytkownicy usługi uwierzytelniają się w sposób nieinteraktywny przy użyciu tokena okaziciela JWT podpisanego kluczem prywatnym. Mogą także skorzystać z osobistego tokena dostępu.", "METADATA": "Dodaj niestandardowe atrybuty do użytkownika, takie jak system uwierzytelniający. Możesz użyć tych informacji w swoich działaniach." }, "SELF": { diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json index 4809efb02f0..93e0ca2cb6c 100644 --- a/console/src/assets/i18n/pt.json +++ b/console/src/assets/i18n/pt.json @@ -48,13 +48,13 @@ "TITLE": "Usuários", "DESCRIPTION": "Um usuário é um humano ou uma máquina que pode acessar seus aplicativos.", "HUMANS": { - "TITLE": "Humanos", - "DESCRIPTION": "Humanos autenticam interativamente em uma sessão de navegador com um prompt de login.", + "TITLE": "Usuários", + "DESCRIPTION": "Os usuários são autenticados interativamente em uma sessão do navegador com um prompt de login.", "METADATA": "Adicione atributos personalizados ao usuário, como o departamento. Você pode usar essas informações em suas ações." }, "MACHINES": { - "TITLE": "Máquinas", - "DESCRIPTION": "Máquinas autenticam de forma não interativa usando um token JWT assinado com uma chave privada. Eles também podem usar um token de acesso pessoal.", + "TITLE": "Usuários do serviço", + "DESCRIPTION": "Os usuários do serviço autenticam-se de forma não interativa usando um token de portador JWT assinado com uma chave privada. Eles também podem usar um token de acesso pessoal.", "METADATA": "Adicione atributos personalizados ao usuário, como o sistema de autenticação. Você pode usar essas informações em suas ações." }, "SELF": { diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json index 943de8dd1b5..a0c43388725 100644 --- a/console/src/assets/i18n/ru.json +++ b/console/src/assets/i18n/ru.json @@ -48,13 +48,13 @@ "TITLE": "Пользователи", "DESCRIPTION": "Пользователь - это человек или машина, которая может получить доступ к вашим приложениям.", "HUMANS": { - "TITLE": "Люди", - "DESCRIPTION": "Люди аутентифицируются интерактивно в сессии браузера с запросом на вход.", + "TITLE": "Пользователи", + "DESCRIPTION": "Пользователи проходят аутентификацию в интерактивном режиме в сеансе браузера с помощью приглашения на вход.", "METADATA": "Добавьте пользовательские атрибуты к пользователю, такие как отдел. Вы можете использовать эту информацию в своих действиях." }, "MACHINES": { - "TITLE": "Машины", - "DESCRIPTION": "Машины аутентифицируются неинтерактивно, используя токен JWT, подписанный частным ключом. Они также могут использовать персональный токен доступа.", + "TITLE": "Пользователи сервиса", + "DESCRIPTION": "Пользователи службы проходят аутентификацию в неинтерактивном режиме с использованием токена носителя JWT, подписанного закрытым ключом. Они также могут использовать токен личного доступа.", "METADATA": "Добавьте пользовательские атрибуты к пользователю, такие как система аутентификации. Вы можете использовать эту информацию в своих действиях." }, "SELF": { diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json index 31d9dcb09a8..47808e52fb2 100644 --- a/console/src/assets/i18n/zh.json +++ b/console/src/assets/i18n/zh.json @@ -48,13 +48,13 @@ "TITLE": "用户", "DESCRIPTION": "用户是可以访问你的应用的人或机器。", "HUMANS": { - "TITLE": "人类", - "DESCRIPTION": "人类在浏览器会话中通过登录提示进行交互式认证。", + "TITLE": "用户", + "DESCRIPTION": "用户在浏览器会话中通过登录提示进行交互身份验证。", "METADATA": "为用户添加自定义属性,如部门。你可以在你的行动中使用这些信息。" }, "MACHINES": { - "TITLE": "机器", - "DESCRIPTION": "机器使用私钥签名的JWT bearer令牌进行非交互式认证。它们也可以使用个人访问令牌。", + "TITLE": "服务用户", + "DESCRIPTION": "服务用户使用使用私钥签名的 JWT 不记名令牌进行非交互式身份验证。他们还可以使用个人访问令牌。", "METADATA": "为用户添加自定义属性,如认证系统。你可以在你的行动中使用这些信息。" }, "SELF": { diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 1d0446249dd..efdb20505a8 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -551,7 +551,7 @@ func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, regis } } human := command.AddHumanFromDomain(registerUser, metadatas, request, externalIDP) - err = repo.Command.AddUserHuman(ctx, resourceOwner, human, true, repo.UserCodeAlg) + err = repo.Command.AddUserHuman(ctx, resourceOwner, human, false, repo.UserCodeAlg) if err != nil { return err } diff --git a/internal/command/user_human.go b/internal/command/user_human.go index cbe2464f8a8..4a7ef97add9 100644 --- a/internal/command/user_human.go +++ b/internal/command/user_human.go @@ -288,7 +288,7 @@ func (c *Commands) addHumanCommandEmail(ctx context.Context, filter preparation. if human.Email.ReturnCode { human.EmailCode = &emailCode.Plain } - return append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &a.Aggregate, emailCode.Crypted, emailCode.Expiry, human.Email.URLTemplate, human.Email.ReturnCode)), nil + return append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &a.Aggregate, emailCode.Crypted, emailCode.Expiry, human.Email.URLTemplate, human.Email.ReturnCode, human.AuthRequestID)), nil } return cmds, nil } @@ -411,10 +411,9 @@ func (h *AddHuman) ensureDisplayName() { // and / or // - have no authentication method (password / passwordless) func (h *AddHuman) shouldAddInitCode() bool { - return !h.ExternalIDP && - !h.Email.Verified || - !h.Passwordless && - h.Password == "" + return len(h.Links) == 0 && + (!h.Email.Verified || + (!h.Passwordless && h.Password == "")) } // Deprecated: use commands.AddUserHuman diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go index 7010d417561..daf037c951b 100644 --- a/internal/command/user_human_test.go +++ b/internal/command/user_human_test.go @@ -519,6 +519,7 @@ func TestCommandSide_AddHuman(t *testing.T) { 1*time.Hour, "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}", false, + "", ), ), ), @@ -591,6 +592,7 @@ func TestCommandSide_AddHuman(t *testing.T) { 1*time.Hour, "", true, + "", ), ), ), diff --git a/internal/command/user_v2_email.go b/internal/command/user_v2_email.go index 9053b577dd1..cc81f7399c5 100644 --- a/internal/command/user_v2_email.go +++ b/internal/command/user_v2_email.go @@ -250,7 +250,7 @@ func generateCodeCommand(ctx context.Context, agg *eventstore.Aggregate, gen cry return nil, "", err } - cmd := user.NewHumanEmailCodeAddedEventV2(ctx, agg, value, gen.Expiry(), urlTmpl, returnCode) + cmd := user.NewHumanEmailCodeAddedEventV2(ctx, agg, value, gen.Expiry(), urlTmpl, returnCode, "") if returnCode { return cmd, plain, nil } diff --git a/internal/command/user_v2_email_test.go b/internal/command/user_v2_email_test.go index fc8fc1c7035..5a7b4fb2acd 100644 --- a/internal/command/user_v2_email_test.go +++ b/internal/command/user_v2_email_test.go @@ -448,7 +448,7 @@ func TestCommands_ResendUserEmailCode(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -577,7 +577,7 @@ func TestCommands_ResendUserEmailCodeURLTemplate(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -696,7 +696,7 @@ func TestCommands_ResendUserEmailReturnCode(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1070,7 +1070,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1126,7 +1126,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", true, + "", true, "", ), ), ), @@ -1183,7 +1183,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, + "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, "", ), ), ), @@ -1308,7 +1308,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1352,7 +1352,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1366,7 +1366,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1416,7 +1416,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1430,7 +1430,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", true, + "", true, "", ), ), ), @@ -1481,7 +1481,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1495,7 +1495,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, + "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, "", ), ), ), @@ -1642,7 +1642,7 @@ func TestCommands_VerifyUserEmail(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1757,7 +1757,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), @@ -1804,7 +1804,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) { Crypted: []byte("a"), }, time.Hour*1, - "", false, + "", false, "", ), ), ), diff --git a/internal/command/user_v2_human.go b/internal/command/user_v2_human.go index 3cd3269e4bb..68955b4a075 100644 --- a/internal/command/user_v2_human.go +++ b/internal/command/user_v2_human.go @@ -317,7 +317,7 @@ func (c *Commands) changeUserEmail(ctx context.Context, cmds []eventstore.Comman if err != nil { return cmds, code, err } - cmds = append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, email.URLTemplate, email.ReturnCode)) + cmds = append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, email.URLTemplate, email.ReturnCode, "")) if email.ReturnCode { code = &cryptoCode.Plain } diff --git a/internal/command/user_v2_human_test.go b/internal/command/user_v2_human_test.go index 4a11ba0ea13..59f0935968d 100644 --- a/internal/command/user_v2_human_test.go +++ b/internal/command/user_v2_human_test.go @@ -16,6 +16,7 @@ import ( "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/id" id_mock "github.com/zitadel/zitadel/internal/id/mock" + "github.com/zitadel/zitadel/internal/repository/idp" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/zerrors" @@ -492,6 +493,7 @@ func TestCommandSide_AddUserHuman(t *testing.T) { 1*time.Hour, "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}", false, + "", ), ), ), @@ -565,6 +567,7 @@ func TestCommandSide_AddUserHuman(t *testing.T) { 1*time.Hour, "", true, + "", ), ), ), @@ -1224,6 +1227,173 @@ func TestCommandSide_AddUserHuman(t *testing.T) { wantID: "user1", }, }, + { + name: "register human with idp, unverified email, allow init mail, ok (verify mail)", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewGoogleIDPAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "google", + "clientID", + nil, + []string{"openid"}, + idp.Options{}, + ), + ), + ), + expectPush( + newRegisterHumanEvent("email@test.ch", "", false, true, "", language.English), + user.NewHumanEmailCodeAddedEvent( + context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("mailVerify"), + }, + time.Hour, + "authRequestID", + ), + user.NewUserIDPLinkAddedEvent( + context.Background(), + &userAgg.Aggregate, + "idpID", + "displayName", + "externalID", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockEncryptedCode("mailVerify", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "email@test.ch", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + }, + PreferredLanguage: language.English, + Register: true, + Links: []*AddLink{ + { + IDPID: "idpID", + DisplayName: "displayName", + IDPExternalID: "externalID", + }, + }, + AuthRequestID: "authRequestID", + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, + { + name: "register human with idp, verified email, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewGoogleIDPAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "idpID", + "google", + "clientID", + nil, + []string{"openid"}, + idp.Options{}, + ), + ), + ), + expectPush( + newRegisterHumanEvent("email@test.ch", "", false, true, "", language.English), + user.NewHumanEmailVerifiedEvent( + context.Background(), + &userAgg.Aggregate, + ), + user.NewUserIDPLinkAddedEvent( + context.Background(), + &userAgg.Aggregate, + "idpID", + "displayName", + "externalID", + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + newCode: mockEncryptedCode("mailVerify", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "email@test.ch", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + PreferredLanguage: language.English, + Register: true, + Links: []*AddLink{ + { + IDPID: "idpID", + DisplayName: "displayName", + IDPExternalID: "externalID", + }, + }, + AuthRequestID: "authRequestID", + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: false, + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -1566,6 +1736,7 @@ func TestCommandSide_ChangeUserHuman(t *testing.T) { time.Hour, "", false, + "", ), ), ), @@ -1745,6 +1916,7 @@ func TestCommandSide_ChangeUserHuman(t *testing.T) { time.Hour, "", true, + "", ), ), ), diff --git a/internal/command/user_v2_model_test.go b/internal/command/user_v2_model_test.go index 73513a86a65..a62bf4546ad 100644 --- a/internal/command/user_v2_model_test.go +++ b/internal/command/user_v2_model_test.go @@ -672,6 +672,7 @@ func TestCommandSide_userHumanWriteModel_email(t *testing.T) { time.Hour*1, "", false, + "", ), ), ), @@ -733,6 +734,7 @@ func TestCommandSide_userHumanWriteModel_email(t *testing.T) { time.Hour*1, "", false, + "", ), ), eventFromEventPusher( @@ -791,6 +793,7 @@ func TestCommandSide_userHumanWriteModel_email(t *testing.T) { time.Hour*1, "", false, + "", ), ), eventFromEventPusher( @@ -858,6 +861,7 @@ func TestCommandSide_userHumanWriteModel_email(t *testing.T) { time.Hour*1, "", false, + "", ), ), eventFromEventPusher( diff --git a/internal/repository/user/human_email.go b/internal/repository/user/human_email.go index aeb2011c7a1..942f1019124 100644 --- a/internal/repository/user/human_email.go +++ b/internal/repository/user/human_email.go @@ -149,17 +149,7 @@ func NewHumanEmailCodeAddedEvent( expiry time.Duration, authRequestID string, ) *HumanEmailCodeAddedEvent { - return &HumanEmailCodeAddedEvent{ - BaseEvent: *eventstore.NewBaseEventForPush( - ctx, - aggregate, - HumanEmailCodeAddedType, - ), - Code: code, - Expiry: expiry, - TriggeredAtOrigin: http.ComposedOrigin(ctx), - AuthRequestID: authRequestID, - } + return NewHumanEmailCodeAddedEventV2(ctx, aggregate, code, expiry, "", false, authRequestID) } func NewHumanEmailCodeAddedEventV2( @@ -169,6 +159,7 @@ func NewHumanEmailCodeAddedEventV2( expiry time.Duration, urlTemplate string, codeReturned bool, + authRequestID string, ) *HumanEmailCodeAddedEvent { return &HumanEmailCodeAddedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -181,6 +172,7 @@ func NewHumanEmailCodeAddedEventV2( URLTemplate: urlTemplate, CodeReturned: codeReturned, TriggeredAtOrigin: http.ComposedOrigin(ctx), + AuthRequestID: authRequestID, } }