feat(auth): update password authentication handling to use new AuthenticationSettings structure

Author: Ubisoft-potato

api-description/apidocs.swagger.yaml

@@ -7020,7 +7020,7 @@ definitions:
       - ORGANIZATION_OWNER_EMAIL_CHANGED
       - ORGANIZATION_UPDATED
       - DEMO_ORGANIZATION_CREATED
-      - ORGANIZATION_PASSWORD_AUTHENTICATION_CHANGED
+      - ORGANIZATION_AUTHENTICATION_SETTINGS_UPDATED
       - FLAG_TRIGGER_CREATED
       - FLAG_TRIGGER_RESET
       - FLAG_TRIGGER_DESCRIPTION_CHANGED

api-description/web-api.swagger.yaml

@@ -11094,7 +11094,7 @@ definitions:
       - ORGANIZATION_OWNER_EMAIL_CHANGED
       - ORGANIZATION_UPDATED
       - DEMO_ORGANIZATION_CREATED
-      - ORGANIZATION_PASSWORD_AUTHENTICATION_CHANGED
+      - ORGANIZATION_AUTHENTICATION_SETTINGS_UPDATED
       - FLAG_TRIGGER_CREATED
       - FLAG_TRIGGER_RESET
       - FLAG_TRIGGER_DESCRIPTION_CHANGED
@@ -11314,8 +11314,8 @@ definitions:
         type: boolean
       ownerEmail:
         type: string
-      passwordAuthenticationEnabled:
-        type: boolean
+      authenticationSettings:
+        $ref: '#/definitions/environmentAuthenticationSettings'
     required:
       - name
       - urlCode
@@ -11727,8 +11727,8 @@ definitions:
         type: string
       ownerEmail:
         type: string
-      passwordAuthenticationEnabled:
-        type: boolean
+      authenticationSettings:
+        $ref: '#/definitions/environmentAuthenticationSettings'
   environmentUpdateOrganizationResponse:
     type: object
   environmentUpdateProjectRequest:

pkg/domainevent/domain/message.go

@@ -1380,7 +1380,7 @@ func LocalizedMessage(eventType proto.Event_Type, localizer locale.Localizer) *p
 				localizer.MustLocalizeWithTemplate(locale.Organization),
 			),
 		}
-	case proto.Event_ORGANIZATION_PASSWORD_AUTHENTICATION_CHANGED:
+	case proto.Event_ORGANIZATION_AUTHENTICATION_SETTINGS_UPDATED:
 		return &proto.LocalizedMessage{
 			Locale: localizer.GetLocale(),
 			Message: localizer.MustLocalizeWithTemplate(

pkg/environment/api/organization.go

@@ -238,6 +238,13 @@ func (s *EnvironmentService) CreateDemoOrganization(
 		return nil, err
 	}
 
+	// Demo organizations need both Google and Password authentication enabled
+	authSettings := &environmentproto.AuthenticationSettings{
+		EnabledTypes: []environmentproto.AuthenticationType{
+			environmentproto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE,
+			environmentproto.AuthenticationType_AUTHENTICATION_TYPE_PASSWORD,
+		},
+	}
 	organization, err := s.createOrganizationMySQL(
 		ctx,
 		req.Name,
@@ -246,7 +253,7 @@ func (s *EnvironmentService) CreateDemoOrganization(
 		req.Description,
 		false,
 		false,
-		true, // Enable password auth for demo organizations
+		authSettings,
 		localizer,
 	)
 	if err != nil {
@@ -391,14 +398,20 @@ func (s *EnvironmentService) CreateOrganization(
 	}
 	name := strings.TrimSpace(req.Command.Name)
 	urlCode := strings.TrimSpace(req.Command.UrlCode)
+	// Default authentication settings: Google only
+	defaultAuthSettings := &environmentproto.AuthenticationSettings{
+		EnabledTypes: []environmentproto.AuthenticationType{
+			environmentproto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE,
+		},
+	}
 	organization, err := domain.NewOrganization(
 		name,
 		urlCode,
 		req.Command.OwnerEmail,
 		req.Command.Description,
 		req.Command.IsTrial,
 		req.Command.IsSystemAdmin,
-		true, // Default password auth enabled for backward compatibility
+		defaultAuthSettings,
 	)
 	if err != nil {
 		s.logger.Error(
@@ -496,7 +509,7 @@ func (s *EnvironmentService) createOrganizationNoCommand(
 		req.Description,
 		req.IsTrial,
 		req.IsSystemAdmin,
-		req.PasswordAuthenticationEnabled,
+		req.AuthenticationSettings,
 		localizer,
 	)
 	if err != nil {
@@ -542,7 +555,7 @@ func (s *EnvironmentService) createOrganizationMySQL(
 	description string,
 	isTrial bool,
 	isSystemAdmin bool,
-	passwordAuthenticationEnabled bool,
+	authenticationSettings *environmentproto.AuthenticationSettings,
 	localizer locale.Localizer,
 ) (*domain.Organization, error) {
 	organization, err := domain.NewOrganization(
@@ -552,7 +565,7 @@ func (s *EnvironmentService) createOrganizationMySQL(
 		description,
 		isTrial,
 		isSystemAdmin,
-		passwordAuthenticationEnabled,
+		authenticationSettings,
 	)
 	if err != nil {
 		s.logger.Error(
@@ -881,25 +894,12 @@ func (s *EnvironmentService) updateOrganizationNoCommand(
 			return err
 		}
 		prevOwnerEmail = organization.OwnerEmail
-		// Convert boolean password auth to authentication settings
-		var authSettings *environmentproto.AuthenticationSettings
-		if req.PasswordAuthenticationEnabled != nil {
-			// Start with Google authentication always enabled
-			authTypes := []environmentproto.AuthenticationType{environmentproto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE}
-			// Add password auth if enabled
-			if req.PasswordAuthenticationEnabled.Value {
-				authTypes = append(authTypes, environmentproto.AuthenticationType_AUTHENTICATION_TYPE_PASSWORD)
-			}
-			authSettings = &environmentproto.AuthenticationSettings{
-				EnabledTypes: authTypes,
-			}
-		}
 
 		updated, err := organization.Update(
 			req.Name,
 			req.Description,
 			req.OwnerEmail,
-			authSettings,
+			req.AuthenticationSettings,
 		)
 		if err != nil {
 			return err

pkg/environment/api/project.go

@@ -561,14 +561,20 @@ func (s *EnvironmentService) CreateTrialProject(
 	}
 	// TODO: Temporary implementations that create Organization at the same time as Project.
 	// This should be removed when the Organization management page is added.
+	// Default authentication settings: Google only
+	defaultAuthSettings := &environmentproto.AuthenticationSettings{
+		EnabledTypes: []environmentproto.AuthenticationType{
+			environmentproto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE,
+		},
+	}
 	organization, err := domain.NewOrganization(
 		name,
 		urlCode,
 		req.Command.OwnerEmail,
 		"",
 		true,
 		false,
-		true, // Default password auth enabled
+		defaultAuthSettings,
 	)
 	if err != nil {
 		s.logger.Error(

pkg/environment/command/organization.go

@@ -72,8 +72,8 @@ func (h *organizationCommandHandler) Handle(ctx context.Context, cmd Command) er
 		return h.convertTrial(ctx, c)
 	case *proto.ChangeOwnerEmailOrganizationCommand:
 		return h.changeOwnerEmail(ctx, c)
-	case *proto.ChangePasswordAuthenticationOrganizationCommand:
-		return h.changePasswordAuthentication(ctx, c)
+	case *proto.UpdateAuthenticationSettingsOrganizationCommand:
+		return h.updateAuthenticationSettings(ctx, c)
 	default:
 		return errUnknownCommand
 	}
@@ -91,22 +91,15 @@ func (h *organizationCommandHandler) changeOwnerEmail(
 		})
 }
 
-func (h *organizationCommandHandler) changePasswordAuthentication(
+func (h *organizationCommandHandler) updateAuthenticationSettings(
 	ctx context.Context,
-	cmd *proto.ChangePasswordAuthenticationOrganizationCommand,
+	cmd *proto.UpdateAuthenticationSettingsOrganizationCommand,
 ) error {
-	if cmd.PasswordAuthenticationEnabled {
-		h.organization.EnableAuthenticationType(proto.AuthenticationType_AUTHENTICATION_TYPE_PASSWORD)
-	} else {
-		err := h.organization.DisableAuthenticationType(proto.AuthenticationType_AUTHENTICATION_TYPE_PASSWORD)
-		if err != nil {
-			return err
-		}
-	}
-	return h.send(ctx, eventproto.Event_ORGANIZATION_PASSWORD_AUTHENTICATION_CHANGED,
-		&eventproto.OrganizationPasswordAuthenticationChangedEvent{
-			Id:                            h.organization.Id,
-			PasswordAuthenticationEnabled: cmd.PasswordAuthenticationEnabled,
+	h.organization.UpdateAuthenticationSettings(cmd.AuthenticationSettings)
+	return h.send(ctx, eventproto.Event_ORGANIZATION_AUTHENTICATION_SETTINGS_UPDATED,
+		&eventproto.OrganizationAuthenticationSettingsUpdatedEvent{
+			Id:                     h.organization.Id,
+			AuthenticationSettings: cmd.AuthenticationSettings,
 		})
 }
 

pkg/environment/domain/organization.go

@@ -46,35 +46,35 @@ var (
 
 func NewOrganization(
 	name, urlCode, ownerEmail, description string,
-	trial, systemAdmin, passwordAuthenticationEnabled bool,
+	trial, systemAdmin bool,
+	authenticationSettings *proto.AuthenticationSettings,
 ) (*Organization, error) {
 	now := time.Now().Unix()
 	uid, err := uuid.NewUUID()
 	if err != nil {
 		return nil, err
 	}
 
-	// Set default authentication settings: Google is always enabled, Password based on parameter
-	authTypes := []proto.AuthenticationType{proto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE}
-	if passwordAuthenticationEnabled {
-		authTypes = append(authTypes, proto.AuthenticationType_AUTHENTICATION_TYPE_PASSWORD)
+	// Set default authentication settings if not provided: Google is always enabled
+	if authenticationSettings == nil {
+		authenticationSettings = &proto.AuthenticationSettings{
+			EnabledTypes: []proto.AuthenticationType{proto.AuthenticationType_AUTHENTICATION_TYPE_GOOGLE},
+		}
 	}
 
 	return &Organization{&proto.Organization{
-		Id:          uid.String(),
-		Name:        name,
-		UrlCode:     urlCode,
-		OwnerEmail:  ownerEmail,
-		Description: description,
-		Disabled:    false,
-		Archived:    false,
-		Trial:       trial,
-		SystemAdmin: systemAdmin,
-		AuthenticationSettings: &proto.AuthenticationSettings{
-			EnabledTypes: authTypes,
-		},
-		CreatedAt: now,
-		UpdatedAt: now,
+		Id:                     uid.String(),
+		Name:                   name,
+		UrlCode:                urlCode,
+		OwnerEmail:             ownerEmail,
+		Description:            description,
+		Disabled:               false,
+		Archived:               false,
+		Trial:                  trial,
+		SystemAdmin:            systemAdmin,
+		AuthenticationSettings: authenticationSettings,
+		CreatedAt:              now,
+		UpdatedAt:              now,
 	}}, nil
 }