Merge branch 'main' into main

Aurel004 · May 12, 2024 · ceeda1d · ceeda1d
2 parents 778059f + 3396657
commit ceeda1d
Show file tree

Hide file tree

Showing 9 changed files with 116 additions and 58 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -1,15 +1,27 @@
-### Definition of Ready
-
-- [ ] I am happy with the code
-- [ ] Short description of the feature/issue is added in the pr description
-- [ ] PR is linked to the corresponding user story
-- [ ] Acceptance criteria are met
-- [ ] All open todos and follow ups are defined in a new ticket and justified
-- [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
-- [ ] No debug or dead code
-- [ ] My code has no repetitions
-- [ ] Critical parts are tested automatically
-- [ ] Where possible E2E tests are implemented
-- [ ] Documentation/examples are up-to-date
-- [ ] All non-functional requirements are met
-- [ ] Functionality of the acceptance criteria is checked manually on the dev system.
+# Which Problems Are Solved
+
+Replace this example text with a concise list of problems that this PR solves.
+For example:
+- If the property XY is not given, the system crashes with a nil pointer exception.
+
+# How the Problems Are Solved
+
+Replace this example text with a concise list of changes that this PR introduces.
+For example:
+- Validates if property XY is given and throws an error if not
+
+# Additional Changes
+
+Replace this example text with a concise list of additional changes that this PR introduces, that are not directly solving the initial problem but are related.
+For example:
+- The docs explicitly describe that the property XY is mandatory
+- Adds missing translations for validations.
+
+# Additional Context
+
+Replace this example with links to related issues, discussions, discord threads, or other sources with more context.
+Use the Closing #issue syntax for issues that are resolved with this PR.
+- Closes #123
+- Discussion #456
+- Follow-up for PR #789
+- https://discord.com/channels/123/456
diff --git a/.github/workflows/ready_for_review.yml b/.github/workflows/ready_for_review.yml
@@ -0,0 +1,31 @@
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const content = `### Thanks for your contribution! 🎉
+
+            Please make sure you tick the following checkboxes before marking this Pull Request (PR) as ready for review:
+            
+              - [ ] I am happy with the code
+              - [ ] Documentations and examples are up-to-date
+              - [ ] Logical behavior changes are tested automatically
+              - [ ] No debug or dead code
+              - [ ] My code has no repetitions
+              - [ ] The PR title adheres to the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/)
+              - [ ] The example texts in the PR description are replaced.
+              - [ ] If there are any open TODOs or follow-ups, they are described in issues and link to this PR
+              - [ ] If there are deviations from a user stories acceptance criteria or design, they are agreed upon with the PO and documented.
+              `;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: content
+            })
diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
@@ -438,32 +438,25 @@ SystemDefaults:
     # Passwords previously hashed with a different algorithm
     # or cost are automatically re-hashed using this config,
     # upon password validation or update.
+    # Configure the Hasher config by environment variable using JSON notation:
+    # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER='{"Algorithm":"pbkdf2","Rounds":290000,"Hash":"sha256"}'
     Hasher:
-      Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
+      # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
+      # Depending on the algorithm, different configuration options take effect.
+      Algorithm: bcrypt
+      # Cost takes effect for the algorithms bcrypt and scrypt
       Cost: 14 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
-
-    # Other supported Hasher configs:
-
-    # Hasher:
-    #   Algorithm: "argon2i" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
-    #   Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
-    #   Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
-    #   Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
-
-    # Hasher:
-    #   Algorithm: "argon2id" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
-    #   Time: 1 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
-    #   Memory: 65536 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
-    #   Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
-
-    # Hasher:
-    #   Algorithm: "scrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
-    #   Cost: 15 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST
-
-    # Hasher:
-    #   Algorithm: "pbkdf2" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
-    #   Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
-    #   Hash: "sha256" # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
+      # Time takes effect for the algorithms argon2i and argon2id
+      Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME
+      # Memory takes effect for the algorithms argon2i and argon2id
+      Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
+      # Threads takes effect for the algorithms argon2i and argon2id
+      Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
+      # Rounds takes effect for the algorithm pbkdf2
+      Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
+      # Hash takes effect for the algorithm pbkdf2
+      # Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
+      Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
 
     # Verifiers enable the possibility of verifying
     # passwords that are previously hashed using another
@@ -478,19 +471,32 @@ SystemDefaults:
     # https://passlib.readthedocs.io/en/stable/modular_crypt_format.html
     #
     # Supported verifiers: (uncomment to enable)
-    Verifiers:
+    Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
     #   - "argon2" # verifier for both argon2i and argon2id.
     #   - "bcrypt"
     #   - "md5"
     #   - "scrypt"
     #   - "pbkdf2" # verifier for all pbkdf2 hash modes.
   SecretHasher:
     # Set hasher configuration for machine users, API and OIDC client secrets.
-    # See PasswordHasher for all possible options
     Hasher:
-      Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ALGORITHM
+      # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
+      # Depending on the algorithm, different configuration options take effect.
+      Algorithm: bcrypt
+      # Cost takes effect for the algorithms bcrypt and scrypt
       Cost: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST
-    Verifiers:
+      # Time takes effect for the algorithms argon2i and argon2id
+      Time: 3 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_TIME
+      # Memory takes effect for the algorithms argon2i and argon2id
+      Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_MEMORY
+      # Threads takes effect for the algorithms argon2i and argon2id
+      Threads: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_THREADS
+      # Rounds takes effect for the algorithm pbkdf2
+      Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ROUNDS
+      # Hash takes effect for the algorithm pbkdf2
+      # Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
+      Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_HASH
+    Verifiers: # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_VERIFIERS
   Multifactors:
     OTP:
       # If this is empty, the issuer is the requested domain

diff --git a/docs/docs/guides/manage/console/default-settings.mdx b/docs/docs/guides/manage/console/default-settings.mdx
@@ -207,7 +207,7 @@ The following properties can be set:
 - Has Uppercase
 - Has Lowercase
 - Has Number
-- Has Symbol
+- Has Symbol (Everything that is not a number or letter)
 
 <img
   src="/docs/img/guides/console/complexity.png"

diff --git a/docs/docs/sdk-examples/introduction.mdx b/docs/docs/sdk-examples/introduction.mdx
@@ -6,14 +6,20 @@ sidebar_label: Introduction
 You can integrate ZITADEL quickly into your application and be up and running within minutes.
 To achieve your goals as fast as possible, we provide you with SDKs, Example Repositories and Guides.
 
-The SDKs and Integration depend on the framework and language you are using.
+The SDKs and integration depend on the framework and language you are using.
 
 import { Frameworks } from "../../src/components/frameworks";
 
 ### Resources
 
 <Frameworks />
 
+To further streamline your setup, simply visit the console in ZITADEL where you can select one of the languages or frameworks. This will allow you to instantly set up the configuration for that specific sample in ZITADEL, ensuring you have everything you need to get started right away.
+
+![Console](/img/sdk-examples/console.png)
+
+To begin configuring login for any of these samples, start [here](https://zitadel.com/signin).
+
 ### OIDC Libraries
 
 OIDC is a standard for authentication and most languages and frameworks do provide a OIDC library which can be easily integrated to your application.

diff --git a/docs/static/img/sdk-examples/console.png b/docs/static/img/sdk-examples/console.png
diff --git a/internal/command/instance.go b/internal/command/instance.go
@@ -389,7 +389,7 @@ func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation
 		return
 	}
 	*validations = append(*validations,
-		commands.prepareAddSMTPConfig(
+		commands.prepareAddAndActivateSMTPConfig(
 			instanceAgg,
 			smtpConfig.Description,
 			smtpConfig.From,

diff --git a/internal/command/smtp.go b/internal/command/smtp.go
@@ -306,7 +306,7 @@ func (c *Commands) getSMTPConfig(ctx context.Context, instanceID, id, domain str
 }
 
 // TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed
-func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
+func (c *Commands) prepareAddAndActivateSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
 	return func() (preparation.CreateCommands, error) {
 		if from = strings.TrimSpace(from); from == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument")
@@ -358,6 +358,11 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from
 					user,
 					smtpPassword,
 				),
+				instance.NewSMTPConfigActivatedEvent(
+					ctx,
+					&a.Aggregate,
+					id,
+				),
 			}, nil
 		}, nil
 	}

diff --git a/internal/repository/instance/smtp_config.go b/internal/repository/instance/smtp_config.go
@@ -4,7 +4,6 @@ import (
 	"context"
 
 	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -22,16 +21,15 @@ const (
 type SMTPConfigAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
-	ID             string                 `json:"id,omitempty"`
-	Description    string                 `json:"description,omitempty"`
-	SenderAddress  string                 `json:"senderAddress,omitempty"`
-	SenderName     string                 `json:"senderName,omitempty"`
-	ReplyToAddress string                 `json:"replyToAddress,omitempty"`
-	TLS            bool                   `json:"tls,omitempty"`
-	Host           string                 `json:"host,omitempty"`
-	User           string                 `json:"user,omitempty"`
-	Password       *crypto.CryptoValue    `json:"password,omitempty"`
-	State          domain.SMTPConfigState `json:"state,omitempty"`
+	ID             string              `json:"id,omitempty"`
+	Description    string              `json:"description,omitempty"`
+	SenderAddress  string              `json:"senderAddress,omitempty"`
+	SenderName     string              `json:"senderName,omitempty"`
+	ReplyToAddress string              `json:"replyToAddress,omitempty"`
+	TLS            bool                `json:"tls,omitempty"`
+	Host           string              `json:"host,omitempty"`
+	User           string              `json:"user,omitempty"`
+	Password       *crypto.CryptoValue `json:"password,omitempty"`
 }
 
 func NewSMTPConfigAddedEvent(