mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 22:47:41 +00:00
fix: get orgID when missing on trigger logs (#7555)
This commit is contained in:
parent
bcff220cb4
commit
252e59d5cd
@ -10,6 +10,8 @@ import (
|
|||||||
"github.com/zitadel/zitadel/internal/api/authz"
|
"github.com/zitadel/zitadel/internal/api/authz"
|
||||||
http_utils "github.com/zitadel/zitadel/internal/api/http"
|
http_utils "github.com/zitadel/zitadel/internal/api/http"
|
||||||
"github.com/zitadel/zitadel/internal/api/info"
|
"github.com/zitadel/zitadel/internal/api/info"
|
||||||
|
"github.com/zitadel/zitadel/internal/eventstore"
|
||||||
|
"github.com/zitadel/zitadel/internal/repository/user"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -50,7 +52,10 @@ func (t TriggerMethod) String() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Trigger is used to log a specific events for a user (e.g. session or oidc token creation)
|
// Trigger is used to log a specific events for a user (e.g. session or oidc token creation)
|
||||||
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
|
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod, reducer func(ctx context.Context, r eventstore.QueryReducer) error) {
|
||||||
|
if orgID == "" && userID != "" {
|
||||||
|
orgID = getOrgOfUser(ctx, userID, reducer)
|
||||||
|
}
|
||||||
ai := info.ActivityInfoFromContext(ctx)
|
ai := info.ActivityInfoFromContext(ctx)
|
||||||
triggerLog(
|
triggerLog(
|
||||||
authz.GetInstance(ctx).InstanceID(),
|
authz.GetInstance(ctx).InstanceID(),
|
||||||
@ -99,3 +104,38 @@ func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod,
|
|||||||
"isSystemUser", isSystemUser,
|
"isSystemUser", isSystemUser,
|
||||||
).Info(Activity)
|
).Info(Activity)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getOrgOfUser(ctx context.Context, userID string, reducer func(ctx context.Context, r eventstore.QueryReducer) error) string {
|
||||||
|
org := &orgIDOfUser{userID: userID}
|
||||||
|
err := reducer(ctx, org)
|
||||||
|
if err != nil {
|
||||||
|
logging.WithError(err).Error("could not get org id of user for trigger log")
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return org.orgID
|
||||||
|
}
|
||||||
|
|
||||||
|
type orgIDOfUser struct {
|
||||||
|
eventstore.WriteModel
|
||||||
|
|
||||||
|
userID string
|
||||||
|
orgID string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *orgIDOfUser) Query() *eventstore.SearchQueryBuilder {
|
||||||
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
||||||
|
OrderDesc().
|
||||||
|
Limit(1).
|
||||||
|
AddQuery().
|
||||||
|
AggregateTypes(user.AggregateType).
|
||||||
|
AggregateIDs(u.userID).
|
||||||
|
Builder()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *orgIDOfUser) Reduce() error {
|
||||||
|
if len(u.Events) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
u.orgID = u.Events[0].Aggregate().ResourceOwner
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@ -216,7 +216,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
|
|||||||
userOrgID = authReq.UserOrgID
|
userOrgID = authReq.UserOrgID
|
||||||
case *AuthRequestV2:
|
case *AuthRequestV2:
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
|
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
|
||||||
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
|
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
|
||||||
case op.IDTokenRequest:
|
case op.IDTokenRequest:
|
||||||
applicationID = authReq.GetClientID()
|
applicationID = authReq.GetClientID()
|
||||||
@ -233,7 +233,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
|
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken, o.eventstore.FilterToQueryReducer)
|
||||||
return resp.TokenID, resp.Expiration, nil
|
return resp.TokenID, resp.Expiration, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -248,11 +248,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
|
|||||||
switch tokenReq := req.(type) {
|
switch tokenReq := req.(type) {
|
||||||
case *AuthRequestV2:
|
case *AuthRequestV2:
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
|
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
|
||||||
return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
|
return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
|
||||||
case *RefreshTokenRequestV2:
|
case *RefreshTokenRequestV2:
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
|
activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
|
||||||
return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
|
return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -281,7 +281,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
|
|||||||
}
|
}
|
||||||
|
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
|
activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
|
||||||
return resp.TokenID, token, resp.Expiration, nil
|
return resp.TokenID, token, resp.Expiration, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -315,7 +315,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
|
activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
|
||||||
return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
|
return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -325,7 +325,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
|
|||||||
}
|
}
|
||||||
|
|
||||||
// trigger activity log for use of refresh token for user
|
// trigger activity log for use of refresh token for user
|
||||||
activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
|
activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken, o.eventstore.FilterToQueryReducer)
|
||||||
return RefreshTokenRequestFromBusiness(tokenView), nil
|
return RefreshTokenRequestFromBusiness(tokenView), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin
|
|||||||
setUserinfo(user, userinfo, attributes, customAttributes)
|
setUserinfo(user, userinfo, attributes, customAttributes)
|
||||||
|
|
||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
|
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse, p.eventstore.FilterToQueryReducer)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -228,7 +228,7 @@ func (s *SessionCommands) OTPEmailChecked(ctx context.Context, checkedAt time.Ti
|
|||||||
|
|
||||||
func (s *SessionCommands) SetToken(ctx context.Context, tokenID string) {
|
func (s *SessionCommands) SetToken(ctx context.Context, tokenID string) {
|
||||||
// trigger activity log for session for user
|
// trigger activity log for session for user
|
||||||
activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI)
|
activity.Trigger(ctx, s.sessionWriteModel.UserResourceOwner, s.sessionWriteModel.UserID, activity.SessionAPI, s.eventstore.FilterToQueryReducer)
|
||||||
s.eventCommands = append(s.eventCommands, session.NewTokenSetEvent(ctx, s.sessionWriteModel.aggregate, tokenID))
|
s.eventCommands = append(s.eventCommands, session.NewTokenSetEvent(ctx, s.sessionWriteModel.aggregate, tokenID))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user