TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 11:04:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
11f0f54ce5
zitadel/internal/command/user_human_access_token_model.go

107 lines
2.6 KiB
Go
Raw Normal View History

feat: token revocation and OP certification (#2594) * fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2021-11-03 07:35:24 +00:00
package command
import (
"time"
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
"github.com/zitadel/zitadel/internal/eventstore"
feat: token revocation and OP certification (#2594) * fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2021-11-03 07:35:24 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/repository/user"
feat: token revocation and OP certification (#2594) * fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2021-11-03 07:35:24 +00:00
)
type UserAccessTokenWriteModel struct {
eventstore.WriteModel
TokenID string
ApplicationID string
UserAgentID string
Audience []string
Scopes []string
Expiration time.Time
PreferredLanguage string
UserState domain.UserState
}
func NewUserAccessTokenWriteModel(userID, resourceOwner, tokenID string) *UserAccessTokenWriteModel {
return &UserAccessTokenWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: userID,
ResourceOwner: resourceOwner,
},
TokenID: tokenID,
}
}
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907)
2022-01-03 08:19:07 +00:00
func (wm *UserAccessTokenWriteModel) AppendEvents(events ...eventstore.Event) {
feat: token revocation and OP certification (#2594) * fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2021-11-03 07:35:24 +00:00
for _, event := range events {
switch e := event.(type) {
case *user.UserTokenAddedEvent:
if wm.TokenID != e.TokenID {
continue
}
wm.WriteModel.AppendEvents(e)
case *user.UserTokenRemovedEvent:
if wm.TokenID != e.TokenID {
continue
}
wm.WriteModel.AppendEvents(e)
case *user.HumanSignedOutEvent:
if wm.UserAgentID != e.UserAgentID {
continue
}
wm.WriteModel.AppendEvents(e)
case *user.UserLockedEvent,
*user.UserDeactivatedEvent,
*user.UserRemovedEvent:
wm.WriteModel.AppendEvents(e)
}
}
}
func (wm *UserAccessTokenWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *user.UserTokenAddedEvent:
wm.TokenID = e.TokenID
wm.ApplicationID = e.ApplicationID
wm.UserAgentID = e.UserAgentID
wm.Audience = e.Audience
wm.Scopes = e.Scopes
wm.Expiration = e.Expiration
wm.PreferredLanguage = e.PreferredLanguage
wm.UserState = domain.UserStateActive
if e.Expiration.Before(time.Now()) {
wm.UserState = domain.UserStateDeleted
}
case *user.UserTokenRemovedEvent,
*user.HumanSignedOutEvent,
*user.UserLockedEvent,
*user.UserDeactivatedEvent,
*user.UserRemovedEvent:
wm.UserState = domain.UserStateDeleted
}
}
return wm.WriteModel.Reduce()
}
func (wm *UserAccessTokenWriteModel) Query() *eventstore.SearchQueryBuilder {
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
AddQuery().
AggregateTypes(user.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
user.UserTokenAddedType,
user.UserTokenRemovedType,
user.HumanSignedOutType,
user.UserLockedType,
user.UserDeactivatedType,
user.UserRemovedType).
Builder()
if wm.ResourceOwner != "" {
query.ResourceOwner(wm.ResourceOwner)
}
return query
}
Reference in New Issue Copy Permalink