diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 899ab5a036a..25969473d29 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,15 +1,27 @@ -### Definition of Ready - -- [ ] I am happy with the code -- [ ] Short description of the feature/issue is added in the pr description -- [ ] PR is linked to the corresponding user story -- [ ] Acceptance criteria are met -- [ ] All open todos and follow ups are defined in a new ticket and justified -- [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented. -- [ ] No debug or dead code -- [ ] My code has no repetitions -- [ ] Critical parts are tested automatically -- [ ] Where possible E2E tests are implemented -- [ ] Documentation/examples are up-to-date -- [ ] All non-functional requirements are met -- [ ] Functionality of the acceptance criteria is checked manually on the dev system. +# Which Problems Are Solved + +Replace this example text with a concise list of problems that this PR solves. +For example: +- If the property XY is not given, the system crashes with a nil pointer exception. + +# How the Problems Are Solved + +Replace this example text with a concise list of changes that this PR introduces. +For example: +- Validates if property XY is given and throws an error if not + +# Additional Changes + +Replace this example text with a concise list of additional changes that this PR introduces, that are not directly solving the initial problem but are related. +For example: +- The docs explicitly describe that the property XY is mandatory +- Adds missing translations for validations. + +# Additional Context + +Replace this example with links to related issues, discussions, discord threads, or other sources with more context. +Use the Closing #issue syntax for issues that are resolved with this PR. +- Closes #123 +- Discussion #456 +- Follow-up for PR #789 +- https://discord.com/channels/123/456 \ No newline at end of file diff --git a/.github/workflows/ready_for_review.yml b/.github/workflows/ready_for_review.yml new file mode 100644 index 00000000000..f46ee4a407b --- /dev/null +++ b/.github/workflows/ready_for_review.yml @@ -0,0 +1,31 @@ +on: + pull_request: + types: [opened] + +jobs: + comment: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v7 + with: + script: | + const content = `### Thanks for your contribution! 🎉 + + Please make sure you tick the following checkboxes before marking this Pull Request (PR) as ready for review: + + - [ ] I am happy with the code + - [ ] Documentations and examples are up-to-date + - [ ] Logical behavior changes are tested automatically + - [ ] No debug or dead code + - [ ] My code has no repetitions + - [ ] The PR title adheres to the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/) + - [ ] The example texts in the PR description are replaced. + - [ ] If there are any open TODOs or follow-ups, they are described in issues and link to this PR + - [ ] If there are deviations from a user stories acceptance criteria or design, they are agreed upon with the PO and documented. + `; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: content + }) \ No newline at end of file diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml index 6c7e1cf5303..b8d7952be3f 100644 --- a/cmd/defaults.yaml +++ b/cmd/defaults.yaml @@ -438,32 +438,25 @@ SystemDefaults: # Passwords previously hashed with a different algorithm # or cost are automatically re-hashed using this config, # upon password validation or update. + # Configure the Hasher config by environment variable using JSON notation: + # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER='{"Algorithm":"pbkdf2","Rounds":290000,"Hash":"sha256"}' Hasher: - Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM + # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2" + # Depending on the algorithm, different configuration options take effect. + Algorithm: bcrypt + # Cost takes effect for the algorithms bcrypt and scrypt Cost: 14 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST - - # Other supported Hasher configs: - - # Hasher: - # Algorithm: "argon2i" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM - # Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME - # Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY - # Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS - - # Hasher: - # Algorithm: "argon2id" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM - # Time: 1 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME - # Memory: 65536 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY - # Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS - - # Hasher: - # Algorithm: "scrypt" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM - # Cost: 15 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST - - # Hasher: - # Algorithm: "pbkdf2" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM - # Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS - # Hash: "sha256" # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH + # Time takes effect for the algorithms argon2i and argon2id + Time: 3 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME + # Memory takes effect for the algorithms argon2i and argon2id + Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY + # Threads takes effect for the algorithms argon2i and argon2id + Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS + # Rounds takes effect for the algorithm pbkdf2 + Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS + # Hash takes effect for the algorithm pbkdf2 + # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" + Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH # Verifiers enable the possibility of verifying # passwords that are previously hashed using another @@ -478,7 +471,7 @@ SystemDefaults: # https://passlib.readthedocs.io/en/stable/modular_crypt_format.html # # Supported verifiers: (uncomment to enable) - Verifiers: + Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS # - "argon2" # verifier for both argon2i and argon2id. # - "bcrypt" # - "md5" @@ -486,11 +479,24 @@ SystemDefaults: # - "pbkdf2" # verifier for all pbkdf2 hash modes. SecretHasher: # Set hasher configuration for machine users, API and OIDC client secrets. - # See PasswordHasher for all possible options Hasher: - Algorithm: "bcrypt" # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ALGORITHM + # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2" + # Depending on the algorithm, different configuration options take effect. + Algorithm: bcrypt + # Cost takes effect for the algorithms bcrypt and scrypt Cost: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST - Verifiers: + # Time takes effect for the algorithms argon2i and argon2id + Time: 3 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_TIME + # Memory takes effect for the algorithms argon2i and argon2id + Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_MEMORY + # Threads takes effect for the algorithms argon2i and argon2id + Threads: 4 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_THREADS + # Rounds takes effect for the algorithm pbkdf2 + Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ROUNDS + # Hash takes effect for the algorithm pbkdf2 + # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" + Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_HASH + Verifiers: # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_VERIFIERS Multifactors: OTP: # If this is empty, the issuer is the requested domain diff --git a/docs/docs/guides/manage/console/default-settings.mdx b/docs/docs/guides/manage/console/default-settings.mdx index 239e43297f2..4a0090a7c00 100644 --- a/docs/docs/guides/manage/console/default-settings.mdx +++ b/docs/docs/guides/manage/console/default-settings.mdx @@ -207,7 +207,7 @@ The following properties can be set: - Has Uppercase - Has Lowercase - Has Number -- Has Symbol +- Has Symbol (Everything that is not a number or letter) +To further streamline your setup, simply visit the console in ZITADEL where you can select one of the languages or frameworks. This will allow you to instantly set up the configuration for that specific sample in ZITADEL, ensuring you have everything you need to get started right away. + +![Console](/img/sdk-examples/console.png) + +To begin configuring login for any of these samples, start [here](https://zitadel.com/signin). + ### OIDC Libraries OIDC is a standard for authentication and most languages and frameworks do provide a OIDC library which can be easily integrated to your application. diff --git a/docs/static/img/sdk-examples/console.png b/docs/static/img/sdk-examples/console.png new file mode 100644 index 00000000000..4dce7de502c Binary files /dev/null and b/docs/static/img/sdk-examples/console.png differ diff --git a/internal/command/instance.go b/internal/command/instance.go index 4bd3194706c..a31c00aadf2 100644 --- a/internal/command/instance.go +++ b/internal/command/instance.go @@ -389,7 +389,7 @@ func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation return } *validations = append(*validations, - commands.prepareAddSMTPConfig( + commands.prepareAddAndActivateSMTPConfig( instanceAgg, smtpConfig.Description, smtpConfig.From, diff --git a/internal/command/smtp.go b/internal/command/smtp.go index fc51cabd596..87c8acb4f17 100644 --- a/internal/command/smtp.go +++ b/internal/command/smtp.go @@ -306,7 +306,7 @@ func (c *Commands) getSMTPConfig(ctx context.Context, instanceID, id, domain str } // TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed -func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation { +func (c *Commands) prepareAddAndActivateSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation { return func() (preparation.CreateCommands, error) { if from = strings.TrimSpace(from); from == "" { return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument") @@ -358,6 +358,11 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from user, smtpPassword, ), + instance.NewSMTPConfigActivatedEvent( + ctx, + &a.Aggregate, + id, + ), }, nil }, nil } diff --git a/internal/repository/instance/smtp_config.go b/internal/repository/instance/smtp_config.go index 907375160be..3f08fc8e8a4 100644 --- a/internal/repository/instance/smtp_config.go +++ b/internal/repository/instance/smtp_config.go @@ -4,7 +4,6 @@ import ( "context" "github.com/zitadel/zitadel/internal/crypto" - "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/zerrors" ) @@ -22,16 +21,15 @@ const ( type SMTPConfigAddedEvent struct { eventstore.BaseEvent `json:"-"` - ID string `json:"id,omitempty"` - Description string `json:"description,omitempty"` - SenderAddress string `json:"senderAddress,omitempty"` - SenderName string `json:"senderName,omitempty"` - ReplyToAddress string `json:"replyToAddress,omitempty"` - TLS bool `json:"tls,omitempty"` - Host string `json:"host,omitempty"` - User string `json:"user,omitempty"` - Password *crypto.CryptoValue `json:"password,omitempty"` - State domain.SMTPConfigState `json:"state,omitempty"` + ID string `json:"id,omitempty"` + Description string `json:"description,omitempty"` + SenderAddress string `json:"senderAddress,omitempty"` + SenderName string `json:"senderName,omitempty"` + ReplyToAddress string `json:"replyToAddress,omitempty"` + TLS bool `json:"tls,omitempty"` + Host string `json:"host,omitempty"` + User string `json:"user,omitempty"` + Password *crypto.CryptoValue `json:"password,omitempty"` } func NewSMTPConfigAddedEvent(