zitadel/internal/command/user_human_access_token_model.go

package command

import (
	"time"

	"github.com/caos/zitadel/internal/eventstore"

	"github.com/caos/zitadel/internal/domain"
	"github.com/caos/zitadel/internal/repository/user"
)

type UserAccessTokenWriteModel struct {
	eventstore.WriteModel

	TokenID           string
	ApplicationID     string
	UserAgentID       string
	Audience          []string
	Scopes            []string
	Expiration        time.Time
	PreferredLanguage string

	UserState domain.UserState
}

func NewUserAccessTokenWriteModel(userID, resourceOwner, tokenID string) *UserAccessTokenWriteModel {
	return &UserAccessTokenWriteModel{
		WriteModel: eventstore.WriteModel{
			AggregateID:   userID,
			ResourceOwner: resourceOwner,
		},
		TokenID: tokenID,
	}
}

func (wm *UserAccessTokenWriteModel) AppendEvents(events ...eventstore.EventReader) {
	for _, event := range events {
		switch e := event.(type) {
		case *user.UserTokenAddedEvent:
			if wm.TokenID != e.TokenID {
				continue
			}
			wm.WriteModel.AppendEvents(e)
		case *user.UserTokenRemovedEvent:
			if wm.TokenID != e.TokenID {
				continue
			}
			wm.WriteModel.AppendEvents(e)
		case *user.HumanSignedOutEvent:
			if wm.UserAgentID != e.UserAgentID {
				continue
			}
			wm.WriteModel.AppendEvents(e)
		case *user.UserLockedEvent,
			*user.UserDeactivatedEvent,
			*user.UserRemovedEvent:
			wm.WriteModel.AppendEvents(e)
		}
	}
}

func (wm *UserAccessTokenWriteModel) Reduce() error {
	for _, event := range wm.Events {
		switch e := event.(type) {
		case *user.UserTokenAddedEvent:
			wm.TokenID = e.TokenID
			wm.ApplicationID = e.ApplicationID
			wm.UserAgentID = e.UserAgentID
			wm.Audience = e.Audience
			wm.Scopes = e.Scopes
			wm.Expiration = e.Expiration
			wm.PreferredLanguage = e.PreferredLanguage
			wm.UserState = domain.UserStateActive
			if e.Expiration.Before(time.Now()) {
				wm.UserState = domain.UserStateDeleted
			}
		case *user.UserTokenRemovedEvent,
			*user.HumanSignedOutEvent,
			*user.UserLockedEvent,
			*user.UserDeactivatedEvent,
			*user.UserRemovedEvent:
			wm.UserState = domain.UserStateDeleted
		}
	}
	return wm.WriteModel.Reduce()
}

func (wm *UserAccessTokenWriteModel) Query() *eventstore.SearchQueryBuilder {
	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
		AddQuery().
		AggregateTypes(user.AggregateType).
		AggregateIDs(wm.AggregateID).
		EventTypes(
			user.UserTokenAddedType,
			user.UserTokenRemovedType,
			user.HumanSignedOutType,
			user.UserLockedType,
			user.UserDeactivatedType,
			user.UserRemovedType).
		Builder()

	if wm.ResourceOwner != "" {
		query.ResourceOwner(wm.ResourceOwner)
	}
	return query
}
feat: token revocation and OP certification (#2594) * fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0 2021-11-03 07:35:24 +00:00			`package command`

			`import (`
			`"time"`

			`"github.com/caos/zitadel/internal/eventstore"`

			`"github.com/caos/zitadel/internal/domain"`
			`"github.com/caos/zitadel/internal/repository/user"`
			`)`

			`type UserAccessTokenWriteModel struct {`
			`eventstore.WriteModel`

			`TokenID string`
			`ApplicationID string`
			`UserAgentID string`
			`Audience []string`
			`Scopes []string`
			`Expiration time.Time`
			`PreferredLanguage string`

			`UserState domain.UserState`
			`}`

			`func NewUserAccessTokenWriteModel(userID, resourceOwner, tokenID string) *UserAccessTokenWriteModel {`
			`return &UserAccessTokenWriteModel{`
			`WriteModel: eventstore.WriteModel{`
			`AggregateID: userID,`
			`ResourceOwner: resourceOwner,`
			`},`
			`TokenID: tokenID,`
			`}`
			`}`

			`func (wm *UserAccessTokenWriteModel) AppendEvents(events ...eventstore.EventReader) {`
			`for _, event := range events {`
			`switch e := event.(type) {`
			`case *user.UserTokenAddedEvent:`
			`if wm.TokenID != e.TokenID {`
			`continue`
			`}`
			`wm.WriteModel.AppendEvents(e)`
			`case *user.UserTokenRemovedEvent:`
			`if wm.TokenID != e.TokenID {`
			`continue`
			`}`
			`wm.WriteModel.AppendEvents(e)`
			`case *user.HumanSignedOutEvent:`
			`if wm.UserAgentID != e.UserAgentID {`
			`continue`
			`}`
			`wm.WriteModel.AppendEvents(e)`
			`case *user.UserLockedEvent,`
			`*user.UserDeactivatedEvent,`
			`*user.UserRemovedEvent:`
			`wm.WriteModel.AppendEvents(e)`
			`}`
			`}`
			`}`

			`func (wm *UserAccessTokenWriteModel) Reduce() error {`
			`for _, event := range wm.Events {`
			`switch e := event.(type) {`
			`case *user.UserTokenAddedEvent:`
			`wm.TokenID = e.TokenID`
			`wm.ApplicationID = e.ApplicationID`
			`wm.UserAgentID = e.UserAgentID`
			`wm.Audience = e.Audience`
			`wm.Scopes = e.Scopes`
			`wm.Expiration = e.Expiration`
			`wm.PreferredLanguage = e.PreferredLanguage`
			`wm.UserState = domain.UserStateActive`
			`if e.Expiration.Before(time.Now()) {`
			`wm.UserState = domain.UserStateDeleted`
			`}`
			`case *user.UserTokenRemovedEvent,`
			`*user.HumanSignedOutEvent,`
			`*user.UserLockedEvent,`
			`*user.UserDeactivatedEvent,`
			`*user.UserRemovedEvent:`
			`wm.UserState = domain.UserStateDeleted`
			`}`
			`}`
			`return wm.WriteModel.Reduce()`
			`}`

			`func (wm UserAccessTokenWriteModel) Query() eventstore.SearchQueryBuilder {`
			`query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).`
			`AddQuery().`
			`AggregateTypes(user.AggregateType).`
			`AggregateIDs(wm.AggregateID).`
			`EventTypes(`
			`user.UserTokenAddedType,`
			`user.UserTokenRemovedType,`
			`user.HumanSignedOutType,`
			`user.UserLockedType,`
			`user.UserDeactivatedType,`
			`user.UserRemovedType).`
			`Builder()`

			`if wm.ResourceOwner != "" {`
			`query.ResourceOwner(wm.ResourceOwner)`
			`}`
			`return query`
			`}`