From 1b4740c78f298932ffb6f58975af42bd7776d1e2 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Mon, 27 Jun 2022 09:24:23 +0200 Subject: [PATCH] fix: primary domain scope (handle context correctly) (#3872) --- internal/api/ui/login/custom_action.go | 8 ++++---- internal/api/ui/login/external_login_handler.go | 4 ++-- internal/api/ui/login/jwt_handler.go | 4 ++-- .../repository/eventsourcing/eventstore/auth_request.go | 6 +++--- .../authz/repository/eventsourcing/view/application.go | 4 ---- 5 files changed, 11 insertions(+), 15 deletions(-) diff --git a/internal/api/ui/login/custom_action.go b/internal/api/ui/login/custom_action.go index e2b7d35f63..4085af7791 100644 --- a/internal/api/ui/login/custom_action.go +++ b/internal/api/ui/login/custom_action.go @@ -35,8 +35,8 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte return user, err } -func (l *Login) customExternalUserToLoginUserMapping(user *domain.Human, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, metadata []*domain.Metadata, resourceOwner string) (*domain.Human, []*domain.Metadata, error) { - triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(context.TODO(), domain.FlowTypeExternalAuthentication, domain.TriggerTypePreCreation, resourceOwner) +func (l *Login) customExternalUserToLoginUserMapping(ctx context.Context, user *domain.Human, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, metadata []*domain.Metadata, resourceOwner string) (*domain.Human, []*domain.Metadata, error) { + triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePreCreation, resourceOwner) if err != nil { return nil, nil, err } @@ -51,8 +51,8 @@ func (l *Login) customExternalUserToLoginUserMapping(user *domain.Human, tokens return user, metadata, err } -func (l *Login) customGrants(userID string, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, resourceOwner string) ([]*domain.UserGrant, error) { - triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(context.TODO(), domain.FlowTypeExternalAuthentication, domain.TriggerTypePostCreation, resourceOwner) +func (l *Login) customGrants(ctx context.Context, userID string, tokens *oidc.Tokens, req *domain.AuthRequest, config *iam_model.IDPConfigView, resourceOwner string) ([]*domain.UserGrant, error) { + triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostCreation, resourceOwner) if err != nil { return nil, err } diff --git a/internal/api/ui/login/external_login_handler.go b/internal/api/ui/login/external_login_handler.go index 88bf6504e8..11bbc13ca8 100644 --- a/internal/api/ui/login/external_login_handler.go +++ b/internal/api/ui/login/external_login_handler.go @@ -353,7 +353,7 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR } linkingUser := authReq.LinkingUsers[len(authReq.LinkingUsers)-1] user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, linkingUser, idpConfig) - user, metadata, err = l.customExternalUserToLoginUserMapping(user, nil, authReq, idpConfig, metadata, resourceOwner) + user, metadata, err = l.customExternalUserToLoginUserMapping(r.Context(), user, nil, authReq, idpConfig, metadata, resourceOwner) if err != nil { l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, nil, nil, err) return @@ -368,7 +368,7 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR l.renderError(w, r, authReq, err) return } - userGrants, err := l.customGrants(authReq.UserID, nil, authReq, idpConfig, resourceOwner) + userGrants, err := l.customGrants(r.Context(), authReq.UserID, nil, authReq, idpConfig, resourceOwner) if err != nil { l.renderError(w, r, authReq, err) return diff --git a/internal/api/ui/login/jwt_handler.go b/internal/api/ui/login/jwt_handler.go index 8dd56331c0..b09f253513 100644 --- a/internal/api/ui/login/jwt_handler.go +++ b/internal/api/ui/login/jwt_handler.go @@ -128,7 +128,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request } user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, authReq.LinkingUsers[len(authReq.LinkingUsers)-1], idpConfig) - user, metadata, err = l.customExternalUserToLoginUserMapping(user, tokens, authReq, idpConfig, metadata, resourceOwner) + user, metadata, err = l.customExternalUserToLoginUserMapping(r.Context(), user, tokens, authReq, idpConfig, metadata, resourceOwner) if err != nil { l.renderError(w, r, authReq, err) return @@ -143,7 +143,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request l.renderError(w, r, authReq, err) return } - userGrants, err := l.customGrants(authReq.UserID, tokens, authReq, idpConfig, resourceOwner) + userGrants, err := l.customGrants(r.Context(), authReq.UserID, tokens, authReq, idpConfig, resourceOwner) if err != nil { l.renderError(w, r, authReq, err) return diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 2fa07e1f3d..c4a8ecf0b0 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -137,7 +137,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom request.AppendAudIfNotExisting(project.ID) request.ApplicationResourceOwner = project.ResourceOwner request.PrivateLabelingSetting = project.PrivateLabelingSetting - if err := setOrgID(repo.OrgViewProvider, request); err != nil { + if err := setOrgID(ctx, repo.OrgViewProvider, request); err != nil { return nil, err } if request.LoginHint != "" { @@ -1053,13 +1053,13 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma return app.OIDCConfig.AppType == domain.OIDCApplicationTypeNative, nil } -func setOrgID(orgViewProvider orgViewProvider, request *domain.AuthRequest) error { +func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *domain.AuthRequest) error { primaryDomain := request.GetScopeOrgPrimaryDomain() if primaryDomain == "" { return nil } - org, err := orgViewProvider.OrgByDomainGlobal(context.TODO(), primaryDomain) + org, err := orgViewProvider.OrgByDomainGlobal(ctx, primaryDomain) if err != nil { return err } diff --git a/internal/authz/repository/eventsourcing/view/application.go b/internal/authz/repository/eventsourcing/view/application.go index ef2dffdad9..424b108841 100644 --- a/internal/authz/repository/eventsourcing/view/application.go +++ b/internal/authz/repository/eventsourcing/view/application.go @@ -42,7 +42,3 @@ func (v *View) ApplicationByProjecIDAndAppName(ctx context.Context, projectID, a return apps.Apps[0], nil } - -func (v *View) SearchApplications(request *query.AppSearchQueries) (*query.Apps, error) { - return v.Query.SearchApps(context.TODO(), request) -}