From 121f9f8da159470f31c2aff939bdbad6f0a6668b Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 26 Jan 2024 09:56:10 +0100 Subject: [PATCH] feat(actions): add org metadata in complement token and saml response flows (#7263) * feat(actions): add org metadata in complement token and saml response flows * document actions --- docs/docs/apis/actions/complement-token.md | 4 ++ .../apis/actions/customize-samlresponse.md | 2 + internal/actions/object/metadata.go | 38 +++++++++++++++++++ internal/api/oidc/client.go | 36 ++++++++++++++++++ internal/api/oidc/userinfo.go | 18 +++++++++ internal/api/saml/storage.go | 18 +++++++++ 6 files changed, 116 insertions(+) diff --git a/docs/docs/apis/actions/complement-token.md b/docs/docs/apis/actions/complement-token.md index c7e579ed9e..336a5a740a 100644 --- a/docs/docs/apis/actions/complement-token.md +++ b/docs/docs/apis/actions/complement-token.md @@ -18,6 +18,8 @@ This trigger is called before userinfo are set in the id_token or userinfo and i - `user` - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `grants` [*UserGrantList*](./objects#user-grant-list) + - `org` + - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `api` The second parameter contains the following fields: - `v1` @@ -46,6 +48,8 @@ This trigger is called before the claims are set in the access token and the tok - `user` - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `grants` [*UserGrantList*](./objects#user-grant-list) + - `org` + - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `api` The second parameter contains the following fields: - `v1` diff --git a/docs/docs/apis/actions/customize-samlresponse.md b/docs/docs/apis/actions/customize-samlresponse.md index 33183b7ac8..d52205c7e6 100644 --- a/docs/docs/apis/actions/customize-samlresponse.md +++ b/docs/docs/apis/actions/customize-samlresponse.md @@ -17,6 +17,8 @@ This trigger is called before attributes are set in the SAMLResponse. - `user` - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `grants` [*UserGrantList*](./objects#user-grant-list) + - `org` + - `getMetadata()` [*metadataResult*](./objects#metadata-result) - `api` The second parameter contains the following fields: - `v1` diff --git a/internal/actions/object/metadata.go b/internal/actions/object/metadata.go index 55bf239094..87ad69737a 100644 --- a/internal/actions/object/metadata.go +++ b/internal/actions/object/metadata.go @@ -12,6 +12,28 @@ import ( "github.com/zitadel/zitadel/internal/query" ) +func OrgMetadataListFromQuery(c *actions.FieldConfig, orgMetadata *query.OrgMetadataList) goja.Value { + result := &metadataList{ + Count: orgMetadata.Count, + Sequence: orgMetadata.Sequence, + Timestamp: orgMetadata.LastRun, + Metadata: make([]*metadata, len(orgMetadata.Metadata)), + } + + for i, md := range orgMetadata.Metadata { + result.Metadata[i] = &metadata{ + CreationDate: md.CreationDate, + ChangeDate: md.ChangeDate, + ResourceOwner: md.ResourceOwner, + Sequence: md.Sequence, + Key: md.Key, + Value: metadataByteArrayToValue(md.Value, c.Runtime), + } + } + + return c.Runtime.ToValue(result) +} + func UserMetadataListFromQuery(c *actions.FieldConfig, metadata *query.UserMetadataList) goja.Value { result := &userMetadataList{ Count: metadata.Count, @@ -73,6 +95,22 @@ func metadataByteArrayToValue(val []byte, runtime *goja.Runtime) goja.Value { return runtime.ToValue(value) } +type metadataList struct { + Count uint64 + Sequence uint64 + Timestamp time.Time + Metadata []*metadata +} + +type metadata struct { + CreationDate time.Time + ChangeDate time.Time + ResourceOwner string + Sequence uint64 + Key string + Value goja.Value +} + type userMetadataList struct { Count uint64 Sequence uint64 diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 394ecd834b..9af51bff61 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -491,6 +491,24 @@ func (o *OPStorage) userinfoFlows(ctx context.Context, user *query.User, userGra return object.UserGrantsFromQuery(c, userGrants) }), ), + actions.SetFields("org", + actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} { + return func(goja.FunctionCall) goja.Value { + metadata, err := o.query.SearchOrgMetadata( + ctx, + true, + user.ResourceOwner, + &query.OrgMetadataSearchQueries{}, + false, + ) + if err != nil { + logging.WithError(err).Info("unable to get org metadata in action") + panic(err) + } + return object.OrgMetadataListFromQuery(c, metadata) + } + }), + ), ), ) @@ -690,6 +708,24 @@ func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, userG return object.UserGrantsFromQuery(c, userGrants) }), ), + actions.SetFields("org", + actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} { + return func(goja.FunctionCall) goja.Value { + metadata, err := o.query.SearchOrgMetadata( + ctx, + true, + user.ResourceOwner, + &query.OrgMetadataSearchQueries{}, + false, + ) + if err != nil { + logging.WithError(err).Info("unable to get org metadata in action") + panic(err) + } + return object.OrgMetadataListFromQuery(c, metadata) + } + }), + ), ), ) diff --git a/internal/api/oidc/userinfo.go b/internal/api/oidc/userinfo.go index 3b6a2053bc..b1ccac395c 100644 --- a/internal/api/oidc/userinfo.go +++ b/internal/api/oidc/userinfo.go @@ -194,6 +194,24 @@ func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, user return object.UserGrantsFromSlice(c, qu.UserGrants) }), ), + actions.SetFields("org", + actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} { + return func(goja.FunctionCall) goja.Value { + metadata, err := s.query.SearchOrgMetadata( + ctx, + true, + qu.User.ResourceOwner, + &query.OrgMetadataSearchQueries{}, + false, + ) + if err != nil { + logging.WithError(err).Info("unable to get org metadata in action") + panic(err) + } + return object.OrgMetadataListFromQuery(c, metadata) + } + }), + ), ), ) diff --git a/internal/api/saml/storage.go b/internal/api/saml/storage.go index fb051dec51..49c95b5d05 100644 --- a/internal/api/saml/storage.go +++ b/internal/api/saml/storage.go @@ -249,6 +249,24 @@ func (p *Storage) getCustomAttributes(ctx context.Context, user *query.User, use return object.UserGrantsFromQuery(c, userGrants) }), ), + actions.SetFields("org", + actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} { + return func(goja.FunctionCall) goja.Value { + metadata, err := p.query.SearchOrgMetadata( + ctx, + true, + user.ResourceOwner, + &query.OrgMetadataSearchQueries{}, + false, + ) + if err != nil { + logging.WithError(err).Info("unable to get org metadata in action") + panic(err) + } + return object.OrgMetadataListFromQuery(c, metadata) + } + }), + ), ), )