Skip to content

Commit

Permalink
WPB-14306 [enterprise login] Implement common prerequisites for multi…
Browse files Browse the repository at this point in the history
…ple endpoints (#4364)

- new DB table
- internal endpoints in brig
- new optional config for audit mail recipients
- backoffice/stern support
  • Loading branch information
battermann authored Dec 13, 2024
1 parent 27849c6 commit d142082
Show file tree
Hide file tree
Showing 47 changed files with 1,662 additions and 107 deletions.
39 changes: 31 additions & 8 deletions cassandra-schema.cql
Original file line number Diff line number Diff line change
Expand Up @@ -245,9 +245,11 @@ CREATE TABLE brig_test.mls_key_package_refs (
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE brig_test.excluded_phones (
prefix text PRIMARY KEY,
comment text
CREATE TABLE brig_test.oauth_client (
id uuid PRIMARY KEY,
name text,
redirect_uri blob,
secret blob
) WITH bloom_filter_fp_chance = 0.01
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
Expand Down Expand Up @@ -432,6 +434,24 @@ CREATE TABLE brig_test.user_keys (
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE brig_test.excluded_phones (
prefix text PRIMARY KEY,
comment text
) WITH bloom_filter_fp_chance = 0.01
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
AND crc_check_chance = 1.0
AND dclocal_read_repair_chance = 0.1
AND default_time_to_live = 0
AND gc_grace_seconds = 864000
AND max_index_interval = 2048
AND memtable_flush_period_in_ms = 0
AND min_index_interval = 128
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE brig_test.mls_public_keys (
user uuid,
client text,
Expand Down Expand Up @@ -534,11 +554,14 @@ CREATE TABLE brig_test.federation_remote_teams (
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE brig_test.oauth_client (
id uuid PRIMARY KEY,
name text,
redirect_uri blob,
secret blob
CREATE TABLE brig_test.domain_registration (
domain text PRIMARY KEY,
backend_url blob,
dns_verification_token ascii,
domain_redirect int,
idp_id uuid,
team uuid,
team_invite int
) WITH bloom_filter_fp_chance = 0.01
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
Expand Down
1 change: 1 addition & 0 deletions changelog.d/2-features/WPB-14306
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Internal API and backoffice support for managing email domains for enterprise login
3 changes: 3 additions & 0 deletions charts/brig/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -368,5 +368,8 @@ data:
setOAuthMaxActiveRefreshTokens: {{ .setOAuthMaxActiveRefreshTokens }}
{{- end }}
setPasswordHashingOptions: {{ toYaml .setPasswordHashingOptions | nindent 8 }}
{{- if .setAuditLogEmailRecipient }}
setAuditLogEmailRecipient: {{ .setAuditLogEmailRecipient }}
{{- end }}
{{- end }}
{{- end }}
168 changes: 85 additions & 83 deletions charts/brig/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,39 +24,39 @@ config:
logNetStrings: false
cassandra:
host: aws-cassandra
# To enable TLS provide a CA:
# tlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# tlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
# To enable TLS provide a CA:
# tlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# tlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>

elasticsearch:
scheme: http
host: elasticsearch-client
port: 9200
index: directory
insecureSkipVerifyTls: false
# To configure custom TLS CA, please provide one of these:
# tlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# tlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
# To configure custom TLS CA, please provide one of these:
# tlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# tlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
additionalWriteScheme: http
# additionalWriteHost: <host>
additionalWritePort: 9200
# additionalWriteIndex: <index>
additionalInsecureSkipVerifyTls: false
# To configure custom TLS CA, please provide one of these:
# additionalTlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# additionalTlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
# To configure custom TLS CA, please provide one of these:
# additionalTlsCa: <CA in PEM format (can be self-signed)>
#
# Or refer to an existing secret (containing the CA):
# additionalTlsCaSecretRef:
# name: <secret-name>
# key: <ca-attribute>
aws:
region: "eu-west-1"
sesEndpoint: https://email.eu-west-1.amazonaws.com
Expand Down Expand Up @@ -147,7 +147,7 @@ config:
setOAuthMaxActiveRefreshTokens: 10
# Disable one ore more API versions. Please make sure the configuration value is the same in all these charts:
# brig, cannon, cargohold, galley, gundeck, proxy, spar.
setDisabledAPIVersions: [ development ]
setDisabledAPIVersions: [development]
setFederationStrategy: allowNone
setFederationDomainConfigsUpdateFreq: 10
setPasswordHashingOptions:
Expand All @@ -156,16 +156,17 @@ config:
# iterations: <iterations>
# parallelism: <paralellism>
# memory: <memory used in KiB>
# setAuditLogEmailRecipient: [email protected]
smtp:
passwordFile: /etc/wire/brig/secrets/smtp-password.txt
proxy: {}

turnStatic:
v1:
- turn:localhost:3478
- turn:localhost:3478
v2:
- turn:localhost:3478
- turn:localhost:3478?transport=tcp
- turn:localhost:3478
- turn:localhost:3478?transport=tcp

turn:
serversSource: files # files | dns
Expand All @@ -191,7 +192,8 @@ podSecurityContext:
seccompProfile:
type: RuntimeDefault
tests:
config: {}
config:
{}
# uploadXml:
# baseUrl: s3://bucket/path/

Expand All @@ -201,62 +203,62 @@ tests:

# These "secrets" are only used in tests and are therefore safe to be stored unencrypted
providerPrivateKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAu+Kg/PHHU3atXrUbKnw0G06FliXcNt3lMwl2os5twEDcPPFw
/feGiAKymxp+7JqZDrseS5D9THGrW+OQRIPHWvUBdiLfGrZqJO223DB6D8K2Su/o
dmnjZJ2z23rhXoEArTplu+Dg9K+c2LVeXTKVVPOaOzgtAB21XKRiQ4ermqgi3/nj
r03rXyq/qNkuNd6tNcg+HAfGxfGvvCSYBfiSbUKr/BeArYRcjzr/h5m1In6fG/if
9GEI6m8dxHT9JbY53wiksowy6ajCuqskIFg87X883H+LA/d6X5CTiPv1VMxXdBUi
GPuC9IT/6CNQ1/LFt0P37ax58+LGYlaFo7lanQIDAQABAoIBAQC0doVy7zgpLsBv
Sz0AnbPe1pjxEwRlntRbJSfSULySALqJvs5s4adSVGUBHX3z/LousAP1SRpCppuU
8wrLBFgjQVlaAzyQB84EEl+lNtrG8Jrvd2es9R/4sJDkqy50+yuPN5wnzWPFIjhg
3jP5CHDu29y0LMzsY5yjkzDe9B0bueXEZVU+guRjhpwHHKOFeAr9J9bugFUwgeAr
jF0TztzFAb0fsUNPiQAho1J5PyjSVgItaPfAPv/p30ROG+rz+Rd5NSSvBC5F+yOo
azb84zzwCg/knAfIz7SOMRrmBh2qhGZFZ8gXdq65UaYv+cpT/qo28mpAT2vOkyeD
aPZp0ysBAoGBAOQROoDipe/5BTHBcXYuUE1qa4RIj3wgql5I8igXr4K6ppYBmaOg
DL2rrnqD86chv0P4l/XOomKFwYhVGXtqRkeYnk6mQXwNVkgqcGbY5PSNyMg5+ekq
jSOOPHGzzTWKzYuUDUpB/Lf6jbTv8fq2GYW3ZYiqQ/xiugOvglZrTE7NAoGBANLl
irjByfxAWGhzCrDx0x5MBpsetadI9wUA8u1BDdymsRg73FDn3z7NipVUAMDXMGVj
lqbCRlHESO2yP4GaPEA4FM+MbTZSuhAYV+SY07mEPLHF64/nJas83Zp91r5rhaqJ
L9rWCl3KJ5OUnr3YizCnHIW72FxjwtpjxHJLupsRAoGAGIbhy8qUHeKh9F/hW9xP
NoQjW+6Rv7+jktA1eqpRbbW1BJzXcQldVWiJMxPNuEOg1iZ98SlvvTi1P3wnaWZc
eIapP7wRfs3QYaJuxCC/Pq2g0ieqALFazGAXkALOJtvujvw1Ea9XBlIjuzmyxEuh
Iwg+Gxx0g0f6yTquwax4YGECgYEAnpAK3qKFNO1ECzQDo8oNy0ep59MNDPtlDhQK
katJus5xdCD9oq7TQKrVOTTxZAvmzTQ1PqfuqueDVYOhD9Zg2n/P1cRlEGTek99Z
pfvppB/yak6+r3FA9yBKFS/r1zuMQg3nNweav62QV/tz5pT7AdeDMGFtaPlwtTYx
qyWY5aECgYBPySbPccNj+xxQzxcti2y/UXjC04RgOA/Hm1D0exa0vBqS9uxlOdG8
F47rKenpBrslvdfTVsCDB1xyP2ebWVzp6EqMycw6OLPxgo3fBfZ4pi6P+rByh0Cc
Lhfh+ET0CPnKCxtop3lUrn4ZvqchS0j3J+M0pDuqoWF5hfKxFhkEIw==
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAu+Kg/PHHU3atXrUbKnw0G06FliXcNt3lMwl2os5twEDcPPFw
/feGiAKymxp+7JqZDrseS5D9THGrW+OQRIPHWvUBdiLfGrZqJO223DB6D8K2Su/o
dmnjZJ2z23rhXoEArTplu+Dg9K+c2LVeXTKVVPOaOzgtAB21XKRiQ4ermqgi3/nj
r03rXyq/qNkuNd6tNcg+HAfGxfGvvCSYBfiSbUKr/BeArYRcjzr/h5m1In6fG/if
9GEI6m8dxHT9JbY53wiksowy6ajCuqskIFg87X883H+LA/d6X5CTiPv1VMxXdBUi
GPuC9IT/6CNQ1/LFt0P37ax58+LGYlaFo7lanQIDAQABAoIBAQC0doVy7zgpLsBv
Sz0AnbPe1pjxEwRlntRbJSfSULySALqJvs5s4adSVGUBHX3z/LousAP1SRpCppuU
8wrLBFgjQVlaAzyQB84EEl+lNtrG8Jrvd2es9R/4sJDkqy50+yuPN5wnzWPFIjhg
3jP5CHDu29y0LMzsY5yjkzDe9B0bueXEZVU+guRjhpwHHKOFeAr9J9bugFUwgeAr
jF0TztzFAb0fsUNPiQAho1J5PyjSVgItaPfAPv/p30ROG+rz+Rd5NSSvBC5F+yOo
azb84zzwCg/knAfIz7SOMRrmBh2qhGZFZ8gXdq65UaYv+cpT/qo28mpAT2vOkyeD
aPZp0ysBAoGBAOQROoDipe/5BTHBcXYuUE1qa4RIj3wgql5I8igXr4K6ppYBmaOg
DL2rrnqD86chv0P4l/XOomKFwYhVGXtqRkeYnk6mQXwNVkgqcGbY5PSNyMg5+ekq
jSOOPHGzzTWKzYuUDUpB/Lf6jbTv8fq2GYW3ZYiqQ/xiugOvglZrTE7NAoGBANLl
irjByfxAWGhzCrDx0x5MBpsetadI9wUA8u1BDdymsRg73FDn3z7NipVUAMDXMGVj
lqbCRlHESO2yP4GaPEA4FM+MbTZSuhAYV+SY07mEPLHF64/nJas83Zp91r5rhaqJ
L9rWCl3KJ5OUnr3YizCnHIW72FxjwtpjxHJLupsRAoGAGIbhy8qUHeKh9F/hW9xP
NoQjW+6Rv7+jktA1eqpRbbW1BJzXcQldVWiJMxPNuEOg1iZ98SlvvTi1P3wnaWZc
eIapP7wRfs3QYaJuxCC/Pq2g0ieqALFazGAXkALOJtvujvw1Ea9XBlIjuzmyxEuh
Iwg+Gxx0g0f6yTquwax4YGECgYEAnpAK3qKFNO1ECzQDo8oNy0ep59MNDPtlDhQK
katJus5xdCD9oq7TQKrVOTTxZAvmzTQ1PqfuqueDVYOhD9Zg2n/P1cRlEGTek99Z
pfvppB/yak6+r3FA9yBKFS/r1zuMQg3nNweav62QV/tz5pT7AdeDMGFtaPlwtTYx
qyWY5aECgYBPySbPccNj+xxQzxcti2y/UXjC04RgOA/Hm1D0exa0vBqS9uxlOdG8
F47rKenpBrslvdfTVsCDB1xyP2ebWVzp6EqMycw6OLPxgo3fBfZ4pi6P+rByh0Cc
Lhfh+ET0CPnKCxtop3lUrn4ZvqchS0j3J+M0pDuqoWF5hfKxFhkEIw==
-----END RSA PRIVATE KEY-----
providerPublicKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+Kg/PHHU3atXrUbKnw0
G06FliXcNt3lMwl2os5twEDcPPFw/feGiAKymxp+7JqZDrseS5D9THGrW+OQRIPH
WvUBdiLfGrZqJO223DB6D8K2Su/odmnjZJ2z23rhXoEArTplu+Dg9K+c2LVeXTKV
VPOaOzgtAB21XKRiQ4ermqgi3/njr03rXyq/qNkuNd6tNcg+HAfGxfGvvCSYBfiS
bUKr/BeArYRcjzr/h5m1In6fG/if9GEI6m8dxHT9JbY53wiksowy6ajCuqskIFg8
7X883H+LA/d6X5CTiPv1VMxXdBUiGPuC9IT/6CNQ1/LFt0P37ax58+LGYlaFo7la
nQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+Kg/PHHU3atXrUbKnw0
G06FliXcNt3lMwl2os5twEDcPPFw/feGiAKymxp+7JqZDrseS5D9THGrW+OQRIPH
WvUBdiLfGrZqJO223DB6D8K2Su/odmnjZJ2z23rhXoEArTplu+Dg9K+c2LVeXTKV
VPOaOzgtAB21XKRiQ4ermqgi3/njr03rXyq/qNkuNd6tNcg+HAfGxfGvvCSYBfiS
bUKr/BeArYRcjzr/h5m1In6fG/if9GEI6m8dxHT9JbY53wiksowy6ajCuqskIFg8
7X883H+LA/d6X5CTiPv1VMxXdBUiGPuC9IT/6CNQ1/LFt0P37ax58+LGYlaFo7la
nQIDAQAB
-----END PUBLIC KEY-----
providerPublicCert: |
-----BEGIN CERTIFICATE-----
MIIDdjCCAl4CCQCm0AiwERR/qjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJE
RTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD1dp
cmUgU3dpc3MgR21iSDERMA8GA1UEAwwId2lyZS5jb20xHzAdBgkqhkiG9w0BCQEW
EGJhY2tlbmRAd2lyZS5jb20wHhcNMTYwODA0MTMxNDQyWhcNMzYwNzMwMTMxNDQy
WjB9MQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJs
aW4xGDAWBgNVBAoMD1dpcmUgU3dpc3MgR21iSDERMA8GA1UEAwwId2lyZS5jb20x
HzAdBgkqhkiG9w0BCQEWEGJhY2tlbmRAd2lyZS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC74qD88cdTdq1etRsqfDQbToWWJdw23eUzCXaizm3A
QNw88XD994aIArKbGn7smpkOux5LkP1Mcatb45BEg8da9QF2It8atmok7bbcMHoP
wrZK7+h2aeNknbPbeuFegQCtOmW74OD0r5zYtV5dMpVU85o7OC0AHbVcpGJDh6ua
qCLf+eOvTetfKr+o2S413q01yD4cB8bF8a+8JJgF+JJtQqv8F4CthFyPOv+HmbUi
fp8b+J/0YQjqbx3EdP0ltjnfCKSyjDLpqMK6qyQgWDztfzzcf4sD93pfkJOI+/VU
zFd0FSIY+4L0hP/oI1DX8sW3Q/ftrHnz4sZiVoWjuVqdAgMBAAEwDQYJKoZIhvcN
AQELBQADggEBAEuwlHElIGR56KVC1dJiw238mDGjMfQzSP76Wi4zWS6/zZwJUuog
BkC+vacfju8UAMvL+vdqkjOVUHor84/2wuq0qn91AjOITD7tRAZB+XLXxsikKv/v
OXE3A/lCiNi882NegPyXAfFPp/71CIiTQZps1eQkAvhD5t5WiFYPESxDlvEJrHFY
XP4+pp8fL8YPS7iZNIq+z+P8yVIw+B/Hs0ht7wFIYN0xACbU8m9+Rs08JMoT16c+
hZMuK3BWD3fzkQVfW0yMwz6fWRXB483ZmekGkgndOTDoJQMdJXZxHpI3t2FcxQYj
T45GXxRd18neXtuYa/OoAw9UQFDN5XfXN0g=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdjCCAl4CCQCm0AiwERR/qjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJE
RTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xGDAWBgNVBAoMD1dp
cmUgU3dpc3MgR21iSDERMA8GA1UEAwwId2lyZS5jb20xHzAdBgkqhkiG9w0BCQEW
EGJhY2tlbmRAd2lyZS5jb20wHhcNMTYwODA0MTMxNDQyWhcNMzYwNzMwMTMxNDQy
WjB9MQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJs
aW4xGDAWBgNVBAoMD1dpcmUgU3dpc3MgR21iSDERMA8GA1UEAwwId2lyZS5jb20x
HzAdBgkqhkiG9w0BCQEWEGJhY2tlbmRAd2lyZS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC74qD88cdTdq1etRsqfDQbToWWJdw23eUzCXaizm3A
QNw88XD994aIArKbGn7smpkOux5LkP1Mcatb45BEg8da9QF2It8atmok7bbcMHoP
wrZK7+h2aeNknbPbeuFegQCtOmW74OD0r5zYtV5dMpVU85o7OC0AHbVcpGJDh6ua
qCLf+eOvTetfKr+o2S413q01yD4cB8bF8a+8JJgF+JJtQqv8F4CthFyPOv+HmbUi
fp8b+J/0YQjqbx3EdP0ltjnfCKSyjDLpqMK6qyQgWDztfzzcf4sD93pfkJOI+/VU
zFd0FSIY+4L0hP/oI1DX8sW3Q/ftrHnz4sZiVoWjuVqdAgMBAAEwDQYJKoZIhvcN
AQELBQADggEBAEuwlHElIGR56KVC1dJiw238mDGjMfQzSP76Wi4zWS6/zZwJUuog
BkC+vacfju8UAMvL+vdqkjOVUHor84/2wuq0qn91AjOITD7tRAZB+XLXxsikKv/v
OXE3A/lCiNi882NegPyXAfFPp/71CIiTQZps1eQkAvhD5t5WiFYPESxDlvEJrHFY
XP4+pp8fL8YPS7iZNIq+z+P8yVIw+B/Hs0ht7wFIYN0xACbU8m9+Rs08JMoT16c+
hZMuK3BWD3fzkQVfW0yMwz6fWRXB483ZmekGkgndOTDoJQMdJXZxHpI3t2FcxQYj
T45GXxRd18neXtuYa/OoAw9UQFDN5XfXN0g=
-----END CERTIFICATE-----
11 changes: 11 additions & 0 deletions docs/src/developer/reference/config-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -822,6 +822,17 @@ brig:
accountPages: https://account.wire.com
```

### Enterprise Login Audit Log

Audit logs for any update (POST, PUT, DELETE) of a domain registration via the internal API are sent via email to the specified email address. If not specified no audit logs will be sent.

```yaml
brig:
config:
optSettings:
setAuditLogEmailRecipient: [email protected]
```

## Settings in cargohold

AWS S3 (or an alternative provider / service) is used to upload and download
Expand Down
1 change: 1 addition & 0 deletions integration/integration.cabal
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ library
Test.Conversation
Test.Demo
Test.EJPD
Test.EnterpriseLogin
Test.Errors
Test.Events
Test.ExternalPartner
Expand Down
35 changes: 35 additions & 0 deletions integration/test/API/BrigInternal.hs
Original file line number Diff line number Diff line change
Expand Up @@ -329,3 +329,38 @@ putSSOId user args = do
"subject" .= args.subject,
"tenant" .= args.tenant
]

domainRegistrationLock :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
domainRegistrationLock domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain, "lock"]
submit "POST" req

domainRegistrationUnlock :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
domainRegistrationUnlock domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain, "unlock"]
submit "POST" req

domainRegistrationPreAuthorize :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
domainRegistrationPreAuthorize domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain, "preauthorize"]
submit "POST" req

domainRegistrationUnAuthorize :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
domainRegistrationUnAuthorize domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain, "unauthorize"]
submit "POST" req

updateDomainRegistration :: (HasCallStack, MakesValue domain) => domain -> String -> Value -> App Response
updateDomainRegistration domain registrationDomain payload = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain]
submit "PUT" $ req & addJSON payload

deleteDomainRegistration :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
deleteDomainRegistration domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain]
submit "DELETE" req

getDomainRegistration :: (HasCallStack, MakesValue domain) => domain -> String -> App Response
getDomainRegistration domain registrationDomain = do
req <- baseRequest domain Brig Unversioned $ joinHttpPath ["i", "domain-registration", registrationDomain]
submit "GET" req
5 changes: 5 additions & 0 deletions integration/test/API/Common.hs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ randomEmail = do
u <- randomName
pure $ u <> "@example.com"

randomDomain :: App String
randomDomain = do
u <- randomName
pure $ (fmap toLower u) <> ".com"

randomExternalId :: App String
randomExternalId = liftIO $ do
-- external ID has no constraints, but we only generate human-readable samples
Expand Down
Loading

0 comments on commit d142082

Please sign in to comment.