TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 13:57:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: get orgID when missing on trigger logs (#7555)

Browse Source
This commit is contained in:
Livio Spring 2024-03-14 09:49:10 +01:00 committed by GitHub
parent bcff220cb4
commit 252e59d5cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 50 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
internal/activity/activity.go
View File

@ -10,6 +10,8 @@ import (
"github.com/zitadel/zitadel/internal/api/authz"
http_utils "github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/api/info"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/user"
)
const (
@ -50,7 +52,10 @@ func (t TriggerMethod) String() string {
}
// Trigger is used to log a specific events for a user (e.g. session or oidc token creation)
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod, reducer func(ctx context.Context, r eventstore.QueryReducer) error) {
if orgID == "" && userID != "" {
orgID = getOrgOfUser(ctx, userID, reducer)
}
ai := info.ActivityInfoFromContext(ctx)
triggerLog(
authz.GetInstance(ctx).InstanceID(),
@ -99,3 +104,38 @@ func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod,
"isSystemUser", isSystemUser,
).Info(Activity)
}
func getOrgOfUser(ctx context.Context, userID string, reducer func(ctx context.Context, r eventstore.QueryReducer) error) string {
org := &orgIDOfUser{userID: userID}
err := reducer(ctx, org)
if err != nil {
logging.WithError(err).Error("could not get org id of user for trigger log")
return ""
}
return org.orgID
}
type orgIDOfUser struct {
eventstore.WriteModel
userID string
orgID string
}
func (u *orgIDOfUser) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
OrderDesc().
Limit(1).
AddQuery().
AggregateTypes(user.AggregateType).
AggregateIDs(u.userID).
Builder()
}
func (u *orgIDOfUser) Reduce() error {
if len(u.Events) == 0 {
return nil
}
u.orgID = u.Events[0].Aggregate().ResourceOwner
return nil
}

14
internal/api/oidc/auth_request.go
View File

@ -216,7 +216,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
userOrgID = authReq.UserOrgID
case *AuthRequestV2:
// trigger activity log for authentication for user
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
case op.IDTokenRequest:
applicationID = authReq.GetClientID()
@ -233,7 +233,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
}
// trigger activity log for authentication for user
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
return resp.TokenID, resp.Expiration, nil
}
@ -248,11 +248,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
switch tokenReq := req.(type) {
case *AuthRequestV2:
// trigger activity log for authentication for user
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
case *RefreshTokenRequestV2:
// trigger activity log for authentication for user
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
}
@ -281,7 +281,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
}
// trigger activity log for authentication for user
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return resp.TokenID, token, resp.Expiration, nil
}
@ -315,7 +315,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
return nil, err
}
// trigger activity log for authentication for user
activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
}
@ -325,7 +325,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
}
// trigger activity log for use of refresh token for user
activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return RefreshTokenRequestFromBusiness(tokenView), nil
}

2
internal/api/saml/storage.go
View File

@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin
setUserinfo(user, userinfo, attributes, customAttributes)
// trigger activity log for authentication for user
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse, p.eventstore.FilterToQueryReducer)
return nil
}

2
internal/command/session.go
View File

@ -228,7 +228,7 @@ func (s *SessionCommands) OTPEmailChecked(ctx context.Context, checkedAt time.Ti
func (s *SessionCommands) SetToken(ctx context.Context, tokenID string) {
// trigger activity log for session for user
activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI)
activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI, s.eventstore.FilterToQueryReducer)
s.eventCommands = append(s.eventCommands, session.NewTokenSetEvent(ctx, s.sessionWriteModel.aggregate, tokenID))
}