feat: session checks with intent (#6031)

* feat: session checks with intent * feat: session checks with intent * fix: integration tests for intent session * fix: integration tests for intent session * fix merge * fix: integration tests for intent session --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2023-06-21 16:06:18 +02:00
parent c12d94f7d4
commit 1b5d6ce89e
29 changed files with 727 additions and 153 deletions
--- a/internal/command/session.go
+++ b/internal/command/session.go
@@ -23,8 +23,10 @@ type SessionCommands struct {

 	sessionWriteModel  *SessionWriteModel
 	passwordWriteModel *HumanPasswordWriteModel
+	intentWriteModel   *IDPIntentWriteModel
 	eventstore         *eventstore.Eventstore
 	userPasswordAlg    crypto.HashAlgorithm
+	intentAlg          crypto.EncryptionAlgorithm
 	createToken        func(sessionID string) (id string, token string, err error)
 	now                func() time.Time
 }
@@ -35,6 +37,7 @@ func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWri
 		sessionWriteModel: session,
 		eventstore:        c.eventstore,
 		userPasswordAlg:   c.userPasswordAlg,
+		intentAlg:         c.idpConfigEncryption,
 		createToken:       c.sessionTokenCreator,
 		now:               time.Now,
 	}
@@ -80,6 +83,42 @@ func CheckPassword(password string) SessionCommand {
 	}
 }

+// CheckIntent defines a check for a succeeded intent to be executed for a session update
+func CheckIntent(intentID, token string) SessionCommand {
+	return func(ctx context.Context, cmd *SessionCommands) error {
+		if cmd.sessionWriteModel.UserID == "" {
+			return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Sfw3r", "Errors.User.UserIDMissing")
+		}
+		if err := crypto.CheckToken(cmd.intentAlg, token, intentID); err != nil {
+			return err
+		}
+		cmd.intentWriteModel = NewIDPIntentWriteModel(intentID, "")
+		err := cmd.eventstore.FilterToQueryReducer(ctx, cmd.intentWriteModel)
+		if err != nil {
+			return err
+		}
+		if cmd.intentWriteModel.State != domain.IDPIntentStateSucceeded {
+			return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded")
+		}
+		if cmd.intentWriteModel.UserID != "" {
+			if cmd.intentWriteModel.UserID != cmd.sessionWriteModel.UserID {
+				return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser")
+			}
+		} else {
+			linkWriteModel := NewUserIDPLinkWriteModel(cmd.sessionWriteModel.UserID, cmd.intentWriteModel.IDPID, cmd.intentWriteModel.IDPUserID, cmd.intentWriteModel.ResourceOwner)
+			err := cmd.eventstore.FilterToQueryReducer(ctx, linkWriteModel)
+			if err != nil {
+				return err
+			}
+			if linkWriteModel.State != domain.UserIDPLinkStateActive {
+				return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser")
+			}
+		}
+		cmd.sessionWriteModel.IntentChecked(ctx, cmd.now())
+		return nil
+	}
+}
+
 // Exec will execute the commands specified and returns an error on the first occurrence
 func (s *SessionCommands) Exec(ctx context.Context) error {
 	for _, cmd := range s.cmds {