implememtn user controller tenant add user to tenant from invite token

MadAppGang · Jul 13, 2023 · a416766 · a416766
1 parent 8edfe10
commit a416766
Show file tree

Hide file tree

Showing 18 changed files with 342 additions and 482 deletions.
diff --git a/l/localized_error.go b/l/localized_error.go
@@ -10,6 +10,14 @@ type LocalizedError struct {
 	Details []any
 }
 
+// NewError creates localized error with details with no locale.
+func NewError(errID LocalizedString, details ...any) LocalizedError {
+	return LocalizedError{
+		ErrID:   errID,
+		Details: details,
+	}
+}
+
 // Error returns raw error message. We are missing locale to print the localized version.
 func (e LocalizedError) Error() string {
 	return fmt.Sprintf("localized error: %v. Details: %v.", e.ErrID, e.Details)

diff --git a/l/messages_const.go b/l/messages_const.go
diff --git a/l/translations/en.yaml b/l/translations/en.yaml
@@ -91,6 +91,9 @@ error.validation.token.invalid.issuer: "JWT token has unexpected issuer claim."
 error.validation.token.invalid.subject: "JWT token has unexpected subject claim."
 error.validation.token.invalid.type: "JWT token is unexpected type."
 error.validation.token.invalid.audience: "JWT token has unexpected audience."
+error.invalid.invite.token: "Invalid invite token."
+error.invalid.invite.token.bad.invitee: "Unable to get inviter for invite token %v."
+
 
 # App errors
 error.api.app.inactive: The app is inactive.

diff --git a/model/app.go b/model/app.go
@@ -0,0 +1,61 @@
+package model
+
+import "encoding/json"
+
+// AppData represents Application data information.
+type AppData struct {
+	ID                   string               `bson:"_id" json:"id"`
+	Secret               string               `bson:"secret" json:"secret"`
+	Active               bool                 `bson:"active" json:"active"`
+	Name                 string               `bson:"name" json:"name"`
+	Description          string               `bson:"description" json:"description"`
+	Scopes               []string             `bson:"scopes" json:"scopes"`   // Scopes is the list of all allowed scopes. If it's empty, no limitations (opaque scope).
+	Offline              bool                 `bson:"offline" json:"offline"` // Offline is a boolean value that indicates whether on not the app supports refresh tokens. Do not use refresh tokens with apps that does not have secure storage.
+	Type                 AppType              `bson:"type" json:"type"`
+	RedirectURLs         []string             `bson:"redirect_urls" json:"redirect_urls"`           // RedirectURLs is the list of allowed urls where user will be redirected after successful login. Useful not only for web apps, mobile and desktop apps could use custom scheme for that.
+	LoginAppSettings     *LoginWebAppSettings `bson:"login_app_settings" json:"login_app_settings"` // Rewrite login app settings for custom login, reset password and other settings
+	CustomEmailTemplates bool                 `bson:"custom_email_templates" json:"custom_email_templates"`
+	AuthStrategies       []AuthStrategy       `bson:"auth_strategies" json:"auth_strategies"`
+
+	// map of map of custom sms message templates
+	// root map is language map, the key is a language.Tag.String()
+	// one special key is "default", which is language agnostic fall-back.
+	// the second map is SMS message templates with a key of SMSMessageType.
+	// to get message for OTPCode for english: CustomMessages["en"][SMSTypeOTPCode]
+	CustomSMSMessages map[string]map[SMSMessageType]string `bson:"custom_sms_messages" json:"custom_sms_messages"`
+
+	// registration settings
+	RegistrationForbidden           bool   `bson:"registration_forbidden" json:"registration_forbidden"`
+	PasswordlessRegistrationAllowed bool   `bson:"passwordless_registration_allowed" json:"passwordless_registration_allowed"`
+	AnonymousRegistrationAllowed    bool   `bson:"anonymous_registration_allowed" json:"anonymous_registration_allowed"`
+	NewUserDefaultRole              string `bson:"new_user_default_role" json:"new_user_default_role"`
+	DebugOTPCodeAllowed             bool   `bson:"debug_otp_code_allowed" json:"debug_otp_code_allowed"`
+	DebugOTPCodeForRegistration     string `bson:"debug_otp_code_for_registration" json:"debug_otp_code_for_registration"`
+
+	// TODO: extract it from here
+	OIDCSettings OIDCSettings `json:"oidc_settings" bson:"oidc_settings"`
+}
+
+// AppType is a type of application.
+type AppType string
+
+const (
+	Web     AppType = "web"     // Web is a web app.
+	Android AppType = "android" // Android is an Android app.
+	IOS     AppType = "ios"     // IOS is an iOS app.
+	Desktop AppType = "desktop" // Desktop is a desktop app.
+)
+
+// AppDataFromJSON unmarshal AppData from JSON string
+func AppDataFromJSON(d []byte) (AppData, error) {
+	var apd AppData
+	if err := json.Unmarshal(d, &apd); err != nil {
+		return AppData{}, err
+	}
+	return apd, nil
+}
+
+func (a AppData) Sanitized() AppData {
+	a.Secret = ""
+	return a
+}
diff --git a/model/app_storage.go b/model/app_storage.go
@@ -1,17 +1,5 @@
 package model
 
-import "encoding/json"
-
-// The list of default claims. Custom claims could be used as well.
-// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
-const (
-	AppScopeOpenID        = "openid"
-	AppScopeOfflineAccess = "offline_access"
-	AppScopeProfile       = "profile"
-	AppScopeEmail         = "email"
-	AppScopeAddress       = "address"
-)
-
 // AppStorage is an abstract representation of applications data storage.
 type AppStorage interface {
 	AppByID(id string) (AppData, error)
@@ -25,60 +13,3 @@ type AppStorage interface {
 	TestDatabaseConnection() error
 	Close()
 }
-
-// AppData represents Application data information.
-type AppData struct {
-	ID                   string               `bson:"_id" json:"id"`
-	Secret               string               `bson:"secret" json:"secret"`
-	Active               bool                 `bson:"active" json:"active"`
-	Name                 string               `bson:"name" json:"name"`
-	Description          string               `bson:"description" json:"description"`
-	Scopes               []string             `bson:"scopes" json:"scopes"`   // Scopes is the list of all allowed scopes. If it's empty, no limitations (opaque scope).
-	Offline              bool                 `bson:"offline" json:"offline"` // Offline is a boolean value that indicates whether on not the app supports refresh tokens. Do not use refresh tokens with apps that does not have secure storage.
-	Type                 AppType              `bson:"type" json:"type"`
-	RedirectURLs         []string             `bson:"redirect_urls" json:"redirect_urls"`           // RedirectURLs is the list of allowed urls where user will be redirected after successful login. Useful not only for web apps, mobile and desktop apps could use custom scheme for that.
-	LoginAppSettings     *LoginWebAppSettings `bson:"login_app_settings" json:"login_app_settings"` // Rewrite login app settings for custom login, reset password and other settings
-	CustomEmailTemplates bool                 `bson:"custom_email_templates" json:"custom_email_templates"`
-	AuthStrategies       []AuthStrategy       `bson:"auth_strategies" json:"auth_strategies"`
-	// map of map of custom sms message templates
-	// root map is language map, the key is a language.Tag.String()
-	// one special key is "default", which is language agnostic fall-back.
-	// the second map is SMS message templates with a key of SMSMessageType.
-	// to get message for OTPCode for english: CustomMessages["en"][SMSTypeOTPCode]
-	CustomSMSMessages map[string]map[SMSMessageType]string `bson:"custom_sms_messages" json:"custom_sms_messages"`
-
-	// registration settings
-	RegistrationForbidden           bool   `bson:"registration_forbidden" json:"registration_forbidden"`
-	PasswordlessRegistrationAllowed bool   `bson:"passwordless_registration_allowed" json:"passwordless_registration_allowed"`
-	AnonymousRegistrationAllowed    bool   `bson:"anonymous_registration_allowed" json:"anonymous_registration_allowed"`
-	NewUserDefaultRole              string `bson:"new_user_default_role" json:"new_user_default_role"`
-	DebugOTPCodeAllowed             bool   `bson:"debug_otp_code_allowed" json:"debug_otp_code_allowed"`
-	DebugOTPCodeForRegistration     string `bson:"debug_otp_code_for_registration" json:"debug_otp_code_for_registration"`
-
-	// TODO: extract it from here
-	OIDCSettings OIDCSettings `json:"oidc_settings" bson:"oidc_settings"`
-}
-
-// AppType is a type of application.
-type AppType string
-
-const (
-	Web     AppType = "web"     // Web is a web app.
-	Android AppType = "android" // Android is an Android app.
-	IOS     AppType = "ios"     // IOS is an iOS app.
-	Desktop AppType = "desktop" // Desktop is a desktop app.
-)
-
-// AppDataFromJSON unmarshal AppData from JSON string
-func AppDataFromJSON(d []byte) (AppData, error) {
-	var apd AppData
-	if err := json.Unmarshal(d, &apd); err != nil {
-		return AppData{}, err
-	}
-	return apd, nil
-}
-
-func (a AppData) Sanitized() AppData {
-	a.Secret = ""
-	return a
-}
diff --git a/model/schemas/user.dbd b/model/schemas/user.dbd
diff --git a/model/server_settings.go b/model/server_settings.go
@@ -342,6 +342,9 @@ type SecurityServerSettings struct {
 	SigninTokenLifetime     int                `json:"signin_token_lifetime" yaml:"signinTokenLifetime"`
 	WebCookieTokenLifetime  int                `json:"web_cookie_token_lifetime" yaml:"webCookieTokenLifetime"`
 	ActorTokenLifetime      int                `json:"actor_token_lifetime" yaml:"actorTokenLifetime"`
+
+	// TODO: replace with OPA: https://www.openpolicyagent.org/
+	TenantMembershipManagementRole []string `json:"managementRoles" yaml:"managementRoles"`
 }
 
 const DefaultTokenLifetime = 60 * 60 // 1 hour