fix: get orgID when missing on trigger logs (#7555)

This commit is contained in:
Livio Spring 2024-03-14 09:49:10 +01:00 committed by GitHub
parent bcff220cb4
commit 252e59d5cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 50 additions and 10 deletions

View File

@ -10,6 +10,8 @@ import (
"github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/authz"
http_utils "github.com/zitadel/zitadel/internal/api/http" http_utils "github.com/zitadel/zitadel/internal/api/http"
"github.com/zitadel/zitadel/internal/api/info" "github.com/zitadel/zitadel/internal/api/info"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/user"
) )
const ( const (
@ -50,7 +52,10 @@ func (t TriggerMethod) String() string {
} }
// Trigger is used to log a specific events for a user (e.g. session or oidc token creation) // Trigger is used to log a specific events for a user (e.g. session or oidc token creation)
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) { func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod, reducer func(ctx context.Context, r eventstore.QueryReducer) error) {
if orgID == "" && userID != "" {
orgID = getOrgOfUser(ctx, userID, reducer)
}
ai := info.ActivityInfoFromContext(ctx) ai := info.ActivityInfoFromContext(ctx)
triggerLog( triggerLog(
authz.GetInstance(ctx).InstanceID(), authz.GetInstance(ctx).InstanceID(),
@ -99,3 +104,38 @@ func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod,
"isSystemUser", isSystemUser, "isSystemUser", isSystemUser,
).Info(Activity) ).Info(Activity)
} }
func getOrgOfUser(ctx context.Context, userID string, reducer func(ctx context.Context, r eventstore.QueryReducer) error) string {
org := &orgIDOfUser{userID: userID}
err := reducer(ctx, org)
if err != nil {
logging.WithError(err).Error("could not get org id of user for trigger log")
return ""
}
return org.orgID
}
type orgIDOfUser struct {
eventstore.WriteModel
userID string
orgID string
}
func (u *orgIDOfUser) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
OrderDesc().
Limit(1).
AddQuery().
AggregateTypes(user.AggregateType).
AggregateIDs(u.userID).
Builder()
}
func (u *orgIDOfUser) Reduce() error {
if len(u.Events) == 0 {
return nil
}
u.orgID = u.Events[0].Aggregate().ResourceOwner
return nil
}

View File

@ -216,7 +216,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
userOrgID = authReq.UserOrgID userOrgID = authReq.UserOrgID
case *AuthRequestV2: case *AuthRequestV2:
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken) activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID()) return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
case op.IDTokenRequest: case op.IDTokenRequest:
applicationID = authReq.GetClientID() applicationID = authReq.GetClientID()
@ -233,7 +233,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
} }
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken) activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
return resp.TokenID, resp.Expiration, nil return resp.TokenID, resp.Expiration, nil
} }
@ -248,11 +248,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
switch tokenReq := req.(type) { switch tokenReq := req.(type) {
case *AuthRequestV2: case *AuthRequestV2:
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID()) return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
case *RefreshTokenRequestV2: case *RefreshTokenRequestV2:
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes) return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
} }
@ -281,7 +281,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
} }
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken) activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return resp.TokenID, token, resp.Expiration, nil return resp.TokenID, token, resp.Expiration, nil
} }
@ -315,7 +315,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
return nil, err return nil, err
} }
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken) activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
} }
@ -325,7 +325,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
} }
// trigger activity log for use of refresh token for user // trigger activity log for use of refresh token for user
activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken) activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
return RefreshTokenRequestFromBusiness(tokenView), nil return RefreshTokenRequestFromBusiness(tokenView), nil
} }

View File

@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin
setUserinfo(user, userinfo, attributes, customAttributes) setUserinfo(user, userinfo, attributes, customAttributes)
// trigger activity log for authentication for user // trigger activity log for authentication for user
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse) activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse, p.eventstore.FilterToQueryReducer)
return nil return nil
} }

View File

@ -228,7 +228,7 @@ func (s *SessionCommands) OTPEmailChecked(ctx context.Context, checkedAt time.Ti
func (s *SessionCommands) SetToken(ctx context.Context, tokenID string) { func (s *SessionCommands) SetToken(ctx context.Context, tokenID string) {
// trigger activity log for session for user // trigger activity log for session for user
activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI) activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI, s.eventstore.FilterToQueryReducer)
s.eventCommands = append(s.eventCommands, session.NewTokenSetEvent(ctx, s.sessionWriteModel.aggregate, tokenID)) s.eventCommands = append(s.eventCommands, session.NewTokenSetEvent(ctx, s.sessionWriteModel.aggregate, tokenID))
} }