diff --git a/go.mod b/go.mod index e5ef470931..4c08f2f997 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/aws/aws-sdk-go v1.34.24 // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc github.com/caos/logging v0.0.2 - github.com/caos/oidc v0.10.0 + github.com/caos/oidc v0.11.1 github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect github.com/cockroachdb/cockroach-go/v2 v2.0.7 github.com/envoyproxy/protoc-gen-validate v0.4.1 @@ -37,6 +37,7 @@ require ( github.com/kevinburke/go.uuid v1.2.0 // indirect github.com/kevinburke/rest v0.0.0-20200429221318-0d2892b400f8 // indirect github.com/kevinburke/twilio-go v0.0.0-20200810163702-320748330fac + github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect github.com/lib/pq v1.8.0 github.com/mattn/go-colorable v0.1.7 // indirect github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect diff --git a/go.sum b/go.sum index 0a66f56405..0046b6b425 100644 --- a/go.sum +++ b/go.sum @@ -73,6 +73,10 @@ github.com/caos/logging v0.0.2 h1:ebg5C/HN0ludYR+WkvnFjwSExF4wvyiWPyWGcKMYsoo= github.com/caos/logging v0.0.2/go.mod h1:9LKiDE2ChuGv6CHYif/kiugrfEXu9AwDiFWSreX7Wp0= github.com/caos/oidc v0.10.0 h1:/GKyQgKHvkc2jNCXzmdJs9hCXDYdArCMm3d5FXaiNWA= github.com/caos/oidc v0.10.0/go.mod h1:RREtWSRzH/mXQXJkxB63mFDZ/RUNyzoU6czd6UJfvJI= +github.com/caos/oidc v0.11.0 h1:larwR0ur4hcHXkMtlXbHApv4DUr5yu/zbxBeGjcpTXk= +github.com/caos/oidc v0.11.0/go.mod h1:R9UKITZmSo5vNhSLUYcTDH8pAaV2xwPASXg8wpEs2xQ= +github.com/caos/oidc v0.11.1 h1:7Nkup+fiU/zZVN61BfGOTzuloD7aOdqA3V9eNrJv5xc= +github.com/caos/oidc v0.11.1/go.mod h1:R9UKITZmSo5vNhSLUYcTDH8pAaV2xwPASXg8wpEs2xQ= github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -347,6 +351,8 @@ github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM= github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -403,6 +409,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnk golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee h1:4yd7jl+vXjalO5ztz6Vc1VADv+S/80LGJmyl1ROJ2AI= +golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -476,6 +484,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200904194848-62affa334b73 h1:MXfv8rhZWmFeqX3GNZRsd6vOLoaCHjYEX3qkRo3YBUA= golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201010224723-4f7140c49acb h1:mUVeFHoDKis5nxCAzoAi7E8Ghb86EXh/RK6wtvJIqRY= +golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -512,6 +522,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191206220618-eeba5f6aabab h1:FvshnhkKW+LO3HWHodML8kuVX8rnJTxKm9dFPuI68UM= golang.org/x/sys v0.0.0-20191206220618-eeba5f6aabab/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -535,6 +546,9 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zr golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642 h1:B6caxRw+hozq68X2MY7jEpZh/cr4/aHLv9xU8Kkadrw= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201013081832-0aaa2718063a h1:bhXnJ7fn2SiL+C8iOWPfNBJKDTjUByftpPW7b9CX94U= +golang.org/x/sys v0.0.0-20201013081832-0aaa2718063a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go index b3c48dff19..ad37f60f68 100644 --- a/internal/api/oidc/auth_request.go +++ b/internal/api/oidc/auth_request.go @@ -70,7 +70,7 @@ func (o *OPStorage) CreateToken(ctx context.Context, req op.TokenRequest) (strin if err != nil { return "", time.Time{}, err } - return resp.ID, resp.Expiration, nil + return resp.TokenID, resp.Expiration, nil } func grantsToScopes(grants []*grant_model.UserGrantView) []string { diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 13131aaf1c..b379f5cba6 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -65,8 +65,8 @@ func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secr return o.repo.AuthorizeOIDCApplication(ctx, id, secret) } -func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID, origin string) (*oidc.Userinfo, error) { - token, err := o.repo.TokenByID(ctx, tokenID) +func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID, subject, origin string) (*oidc.Userinfo, error) { + token, err := o.repo.TokenByID(ctx, tokenID, subject) if err != nil { return nil, err } diff --git a/internal/auth/repository/eventsourcing/eventstore/token.go b/internal/auth/repository/eventsourcing/eventstore/token.go index 98240e9023..c96298507f 100644 --- a/internal/auth/repository/eventsourcing/eventstore/token.go +++ b/internal/auth/repository/eventsourcing/eventstore/token.go @@ -2,38 +2,83 @@ package eventstore import ( "context" + "github.com/caos/logging" + "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore/models" + usr_model "github.com/caos/zitadel/internal/user/model" + user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing" + "github.com/caos/zitadel/internal/user/repository/view/model" "time" "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view" - token_model "github.com/caos/zitadel/internal/token/model" - token_view_model "github.com/caos/zitadel/internal/token/repository/view/model" ) type TokenRepo struct { - View *view.View + UserEvents *user_event.UserEventstore + View *view.View } -func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*token_model.Token, error) { +func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) { preferredLanguage := "" user, _ := repo.View.UserByID(userID) if user != nil { preferredLanguage = user.PreferredLanguage } - token, err := repo.View.CreateToken(agentID, applicationID, userID, preferredLanguage, audience, scopes, lifetime) - if err != nil { - return nil, err + now := time.Now().UTC() + token := &usr_model.Token{ + ObjectRoot: models.ObjectRoot{ + AggregateID: userID, + }, + UserAgentID: agentID, + ApplicationID: applicationID, + Audience: audience, + Scopes: scopes, + Expiration: now.Add(lifetime), + PreferredLanguage: preferredLanguage, } - return token_view_model.TokenToModel(token), nil + return repo.UserEvents.TokenAdded(ctx, token) } -func (repo *TokenRepo) IsTokenValid(ctx context.Context, tokenID string) (bool, error) { - return repo.View.IsTokenValid(tokenID) +func (repo *TokenRepo) IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error) { + token, err := repo.TokenByID(ctx, userID, tokenID) + if err == nil { + return token.Expiration.After(time.Now().UTC()), nil + } + if errors.IsNotFound(err) { + return false, nil + } + return false, err } -func (repo *TokenRepo) TokenByID(ctx context.Context, tokenID string) (*token_model.Token, error) { - token, err := repo.View.TokenByID(tokenID) - if err != nil { - return nil, err +func (repo *TokenRepo) TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) { + token, viewErr := repo.View.TokenByID(tokenID) + if viewErr != nil && !errors.IsNotFound(viewErr) { + return nil, viewErr } - return token_view_model.TokenToModel(token), nil + if errors.IsNotFound(viewErr) { + token = new(model.TokenView) + token.ID = tokenID + token.UserID = userID + } + + events, esErr := repo.UserEvents.UserEventsByID(ctx, userID, token.Sequence) + if errors.IsNotFound(viewErr) && len(events) == 0 { + return nil, errors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") + } + + if esErr != nil { + logging.Log("EVENT-5Nm9s").WithError(viewErr).Debug("error retrieving new events") + return model.TokenViewToModel(token), nil + } + viewToken := *token + for _, event := range events { + err := token.AppendEventIfMyToken(event) + if err != nil { + return model.TokenViewToModel(&viewToken), nil + } + } + if !token.Expiration.After(time.Now().UTC()) || token.Deactivated { + return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") + } + return model.TokenViewToModel(token), nil } diff --git a/internal/auth/repository/eventsourcing/handler/token.go b/internal/auth/repository/eventsourcing/handler/token.go index c9f7fc7355..22557cfba9 100644 --- a/internal/auth/repository/eventsourcing/handler/token.go +++ b/internal/auth/repository/eventsourcing/handler/token.go @@ -43,6 +43,13 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) { func (u *Token) Reduce(event *models.Event) (err error) { switch event.Type { + case user_es_model.UserTokenAdded: + token := new(view_model.TokenView) + err := token.AppendEvent(event) + if err != nil { + return err + } + return u.view.PutToken(token) case user_es_model.UserProfileChanged, user_es_model.HumanProfileChanged: user := new(view_model.UserView) diff --git a/internal/auth/repository/eventsourcing/repository.go b/internal/auth/repository/eventsourcing/repository.go index b889cbcd68..c7eb3733cf 100644 --- a/internal/auth/repository/eventsourcing/repository.go +++ b/internal/auth/repository/eventsourcing/repository.go @@ -143,7 +143,10 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au MfaHardwareCheckLifeTime: systemDefaults.VerificationLifetimes.MfaHardwareCheck.Duration, IAMID: systemDefaults.IamID, }, - eventstore.TokenRepo{View: view}, + eventstore.TokenRepo{ + UserEvents: user, + View: view, + }, eventstore.KeyRepository{ KeyEvents: key, View: view, diff --git a/internal/auth/repository/eventsourcing/view/token.go b/internal/auth/repository/eventsourcing/view/token.go index 3737e60356..94ecabd9b3 100644 --- a/internal/auth/repository/eventsourcing/view/token.go +++ b/internal/auth/repository/eventsourcing/view/token.go @@ -1,62 +1,33 @@ package view import ( + usr_view "github.com/caos/zitadel/internal/user/repository/view" + "github.com/caos/zitadel/internal/user/repository/view/model" "github.com/caos/zitadel/internal/view/repository" - "time" - - "github.com/caos/zitadel/internal/token/repository/view" - "github.com/caos/zitadel/internal/token/repository/view/model" ) const ( tokenTable = "auth.tokens" ) -func (v *View) TokenByID(tokenID string) (*model.Token, error) { - return view.TokenByID(v.Db, tokenTable, tokenID) +func (v *View) TokenByID(tokenID string) (*model.TokenView, error) { + return usr_view.TokenByID(v.Db, tokenTable, tokenID) } -func (v *View) TokensByUserID(userID string) ([]*model.Token, error) { - return view.TokensByUserID(v.Db, tokenTable, userID) +func (v *View) TokensByUserID(userID string) ([]*model.TokenView, error) { + return usr_view.TokensByUserID(v.Db, tokenTable, userID) } -func (v *View) IsTokenValid(tokenID string) (bool, error) { - return view.IsTokenValid(v.Db, tokenTable, tokenID) -} - -func (v *View) CreateToken(agentID, applicationID, userID, preferredLanguage string, audience, scopes []string, lifetime time.Duration) (*model.Token, error) { - id, err := v.idGenerator.Next() - if err != nil { - return nil, err - } - now := time.Now().UTC() - token := &model.Token{ - ID: id, - CreationDate: now, - UserID: userID, - ApplicationID: applicationID, - UserAgentID: agentID, - Scopes: scopes, - Audience: audience, - Expiration: now.Add(lifetime), - PreferredLanguage: preferredLanguage, - } - if err := view.PutToken(v.Db, tokenTable, token); err != nil { - return nil, err - } - return token, nil -} - -func (v *View) PutToken(token *model.Token) error { - err := view.PutToken(v.Db, tokenTable, token) +func (v *View) PutToken(token *model.TokenView) error { + err := usr_view.PutToken(v.Db, tokenTable, token) if err != nil { return err } return v.ProcessedTokenSequence(token.Sequence) } -func (v *View) PutTokens(token []*model.Token, sequence uint64) error { - err := view.PutTokens(v.Db, tokenTable, token...) +func (v *View) PutTokens(token []*model.TokenView, sequence uint64) error { + err := usr_view.PutTokens(v.Db, tokenTable, token...) if err != nil { return err } @@ -64,7 +35,7 @@ func (v *View) PutTokens(token []*model.Token, sequence uint64) error { } func (v *View) DeleteToken(tokenID string, eventSequence uint64) error { - err := view.DeleteToken(v.Db, tokenTable, tokenID) + err := usr_view.DeleteToken(v.Db, tokenTable, tokenID) if err != nil { return nil } @@ -72,7 +43,7 @@ func (v *View) DeleteToken(tokenID string, eventSequence uint64) error { } func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) error { - err := view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID) + err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID) if err != nil { return nil } @@ -80,7 +51,7 @@ func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) } func (v *View) DeleteUserTokens(userID string, eventSequence uint64) error { - err := view.DeleteUserTokens(v.Db, tokenTable, userID) + err := usr_view.DeleteUserTokens(v.Db, tokenTable, userID) if err != nil { return nil } @@ -88,7 +59,7 @@ func (v *View) DeleteUserTokens(userID string, eventSequence uint64) error { } func (v *View) DeleteApplicationTokens(eventSequence uint64, ids ...string) error { - err := view.DeleteApplicationTokens(v.Db, tokenTable, ids) + err := usr_view.DeleteApplicationTokens(v.Db, tokenTable, ids) if err != nil { return nil } diff --git a/internal/auth/repository/token.go b/internal/auth/repository/token.go index 17db69118e..7c998725ad 100644 --- a/internal/auth/repository/token.go +++ b/internal/auth/repository/token.go @@ -2,13 +2,12 @@ package repository import ( "context" + usr_model "github.com/caos/zitadel/internal/user/model" "time" - - "github.com/caos/zitadel/internal/token/model" ) type TokenRepository interface { - CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*model.Token, error) - IsTokenValid(ctx context.Context, tokenID string) (bool, error) - TokenByID(ctx context.Context, tokenID string) (*model.Token, error) + CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) + IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error) + TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) } diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go index c4b041c8ce..2e386289c9 100644 --- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go +++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go @@ -2,6 +2,11 @@ package eventstore import ( "context" + "github.com/caos/logging" + usr_model "github.com/caos/zitadel/internal/user/model" + usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing" + "github.com/caos/zitadel/internal/user/repository/view/model" + "strings" "time" "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view" @@ -16,16 +21,55 @@ type TokenVerifierRepo struct { IAMID string IAMEvents *iam_event.IAMEventstore ProjectEvents *proj_event.ProjectEventstore + UserEvents *usr_event.UserEventstore View *view.View } +func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) { + token, viewErr := repo.View.TokenByID(tokenID) + if viewErr != nil && !caos_errs.IsNotFound(viewErr) { + return nil, viewErr + } + if caos_errs.IsNotFound(viewErr) { + token = new(model.TokenView) + token.ID = tokenID + token.UserID = userID + } + + events, esErr := repo.UserEvents.UserEventsByID(ctx, userID, token.Sequence) + if caos_errs.IsNotFound(viewErr) && len(events) == 0 { + return nil, caos_errs.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") + } + + if esErr != nil { + logging.Log("EVENT-5Nm9s").WithError(viewErr).Debug("error retrieving new events") + return model.TokenViewToModel(token), nil + } + viewToken := *token + for _, event := range events { + err := token.AppendEventIfMyToken(event) + if err != nil { + return model.TokenViewToModel(&viewToken), nil + } + } + if !token.Expiration.After(time.Now().UTC()) || token.Deactivated { + return nil, caos_errs.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound") + } + return model.TokenViewToModel(token), nil +} + func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang string, err error) { //TODO: use real key - tokenID, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32])) + tokenIDSubject, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32])) if err != nil { return "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token") } - token, err := repo.View.TokenByID(tokenID) + + splittedToken := strings.Split(tokenIDSubject, ":") + if len(splittedToken) != 2 { + return "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-GDg3a", "invalid token") + } + token, err := repo.TokenByID(ctx, splittedToken[0], splittedToken[1]) if err != nil { return "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token") } diff --git a/internal/authz/repository/eventsourcing/repository.go b/internal/authz/repository/eventsourcing/repository.go index 2116f9d5a6..b39ad5e2e8 100644 --- a/internal/authz/repository/eventsourcing/repository.go +++ b/internal/authz/repository/eventsourcing/repository.go @@ -2,6 +2,7 @@ package eventsourcing import ( "context" + es_user "github.com/caos/zitadel/internal/user/repository/eventsourcing" "github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/auth_request/repository/cache" @@ -65,6 +66,16 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (* if err != nil { return nil, err } + user, err := es_user.StartUser( + es_user.UserConfig{ + Eventstore: es, + Cache: conf.Eventstore.Cache, + }, + systemDefaults, + ) + if err != nil { + return nil, err + } repos := handler.EventstoreRepos{IamEvents: iam} spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, repos, systemDefaults) @@ -85,6 +96,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (* IAMID: systemDefaults.IamID, IAMEvents: iam, ProjectEvents: project, + UserEvents: user, View: view, }, }, nil diff --git a/internal/authz/repository/eventsourcing/view/token.go b/internal/authz/repository/eventsourcing/view/token.go index 91975b158a..7c5a7163f6 100644 --- a/internal/authz/repository/eventsourcing/view/token.go +++ b/internal/authz/repository/eventsourcing/view/token.go @@ -1,8 +1,8 @@ package view import ( - "github.com/caos/zitadel/internal/token/repository/view" - "github.com/caos/zitadel/internal/token/repository/view/model" + usr_view "github.com/caos/zitadel/internal/user/repository/view" + usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model" "github.com/caos/zitadel/internal/view/repository" ) @@ -10,16 +10,12 @@ const ( tokenTable = "auth.tokens" ) -func (v *View) TokenByID(tokenID string) (*model.Token, error) { - return view.TokenByID(v.Db, tokenTable, tokenID) +func (v *View) TokenByID(tokenID string) (*usr_view_model.TokenView, error) { + return usr_view.TokenByID(v.Db, tokenTable, tokenID) } -func (v *View) IsTokenValid(tokenID string) (bool, error) { - return view.IsTokenValid(v.Db, tokenTable, tokenID) -} - -func (v *View) PutToken(token *model.Token) error { - err := view.PutToken(v.Db, tokenTable, token) +func (v *View) PutToken(token *usr_view_model.TokenView) error { + err := usr_view.PutToken(v.Db, tokenTable, token) if err != nil { return err } @@ -27,7 +23,7 @@ func (v *View) PutToken(token *model.Token) error { } func (v *View) DeleteToken(tokenID string, eventSequence uint64) error { - err := view.DeleteToken(v.Db, tokenTable, tokenID) + err := usr_view.DeleteToken(v.Db, tokenTable, tokenID) if err != nil { return nil } @@ -35,7 +31,7 @@ func (v *View) DeleteToken(tokenID string, eventSequence uint64) error { } func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) error { - err := view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID) + err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID) if err != nil { return nil } diff --git a/internal/project/repository/view/model/application.go b/internal/project/repository/view/model/application.go index c26acbd6ce..509278b4b2 100644 --- a/internal/project/repository/view/model/application.go +++ b/internal/project/repository/view/model/application.go @@ -162,6 +162,7 @@ func (a *ApplicationView) AppendEventIfMyApp(event *models.Event) (err error) { } return nil } + func (a *ApplicationView) AppendEvent(event *models.Event) (err error) { a.Sequence = event.Sequence a.ChangeDate = event.CreationDate diff --git a/internal/token/repository/view/model/token.go b/internal/token/repository/view/model/token.go deleted file mode 100644 index bd0cb83168..0000000000 --- a/internal/token/repository/view/model/token.go +++ /dev/null @@ -1,67 +0,0 @@ -package model - -import ( - "time" - - "github.com/lib/pq" - - "github.com/caos/zitadel/internal/token/model" -) - -const ( - TokenKeyTokenID = "id" - TokenKeyUserID = "user_id" - TokenKeyApplicationID = "application_id" - TokenKeyUserAgentID = "user_agent_id" - TokenKeyExpiration = "expiration" - TokenKeyResourceOwner = "resource_owner" -) - -type Token struct { - ID string `json:"-" gorm:"column:id;primary_key"` - CreationDate time.Time `json:"-" gorm:"column:creation_date"` - ChangeDate time.Time `json:"-" gorm:"column:change_date"` - ResourceOwner string `json:"-" gorm:"column:resource_owner"` - UserID string `json:"-" gorm:"column:user_id"` - ApplicationID string `json:"-" gorm:"column:application_id"` - UserAgentID string `json:"-" gorm:"column:user_agent_id"` - Audience pq.StringArray `json:"-" gorm:"column:audience"` - Scopes pq.StringArray `json:"-" gorm:"column:scopes"` - Expiration time.Time `json:"-" gorm:"column:expiration"` - Sequence uint64 `json:"-" gorm:"column:sequence"` - PreferredLanguage string `json:"-" gorm:"column:preferred_language"` -} - -func TokenFromModel(token *model.Token) *Token { - return &Token{ - ID: token.ID, - CreationDate: token.CreationDate, - ChangeDate: token.ChangeDate, - ResourceOwner: token.ResourceOwner, - UserID: token.UserID, - ApplicationID: token.ApplicationID, - UserAgentID: token.UserAgentID, - Audience: token.Audience, - Scopes: token.Scopes, - Expiration: token.Expiration, - Sequence: token.Sequence, - PreferredLanguage: token.PreferredLanguage, - } -} - -func TokenToModel(token *Token) *model.Token { - return &model.Token{ - ID: token.ID, - CreationDate: token.CreationDate, - ChangeDate: token.ChangeDate, - ResourceOwner: token.ResourceOwner, - UserID: token.UserID, - ApplicationID: token.ApplicationID, - UserAgentID: token.UserAgentID, - Audience: token.Audience, - Scopes: token.Scopes, - Expiration: token.Expiration, - Sequence: token.Sequence, - PreferredLanguage: token.PreferredLanguage, - } -} diff --git a/internal/token/repository/view/token.go b/internal/token/repository/view/token.go deleted file mode 100644 index 24ae43d8a6..0000000000 --- a/internal/token/repository/view/token.go +++ /dev/null @@ -1,85 +0,0 @@ -package view - -import ( - "time" - - "github.com/caos/zitadel/internal/errors" - global_model "github.com/caos/zitadel/internal/model" - token_model "github.com/caos/zitadel/internal/token/model" - "github.com/caos/zitadel/internal/token/repository/view/model" - "github.com/caos/zitadel/internal/view/repository" - "github.com/jinzhu/gorm" - "github.com/lib/pq" -) - -func TokenByID(db *gorm.DB, table, tokenID string) (*model.Token, error) { - token := new(model.Token) - query := repository.PrepareGetByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyTokenID), tokenID) - err := query(db, token) - if errors.IsNotFound(err) { - return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound") - } - return token, err -} - -func TokensByUserID(db *gorm.DB, table, userID string) ([]*model.Token, error) { - tokens := make([]*model.Token, 0) - userIDQuery := &token_model.TokenSearchQuery{ - Key: token_model.TokenSearchKeyUserID, - Method: global_model.SearchMethodEquals, - Value: userID, - } - query := repository.PrepareSearchQuery(table, model.TokenSearchRequest{ - Queries: []*token_model.TokenSearchQuery{userIDQuery}, - }) - _, err := query(db, &tokens) - return tokens, err -} - -func IsTokenValid(db *gorm.DB, table, tokenID string) (bool, error) { - token, err := TokenByID(db, table, tokenID) - if err == nil { - return token.Expiration.After(time.Now().UTC()), nil - } - if errors.IsNotFound(err) { - return false, nil - } - return false, err -} - -func PutToken(db *gorm.DB, table string, token *model.Token) error { - save := repository.PrepareSave(table) - return save(db, token) -} - -func PutTokens(db *gorm.DB, table string, tokens ...*model.Token) error { - save := repository.PrepareBulkSave(table) - t := make([]interface{}, len(tokens)) - for i, token := range tokens { - t[i] = token - } - return save(db, t...) -} - -func DeleteToken(db *gorm.DB, table, tokenID string) error { - delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyTokenID), tokenID) - return delete(db) -} - -func DeleteSessionTokens(db *gorm.DB, table, agentID, userID string) error { - delete := repository.PrepareDeleteByKeys(table, - repository.Key{Key: model.TokenSearchKey(token_model.TokenSearchKeyUserAgentID), Value: agentID}, - repository.Key{Key: model.TokenSearchKey(token_model.TokenSearchKeyUserID), Value: userID}, - ) - return delete(db) -} - -func DeleteUserTokens(db *gorm.DB, table, userID string) error { - delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyUserID), userID) - return delete(db) -} - -func DeleteApplicationTokens(db *gorm.DB, table string, appIDs []string) error { - delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyApplicationID), pq.StringArray(appIDs)) - return delete(db) -} diff --git a/internal/user/model/token.go b/internal/user/model/token.go new file mode 100644 index 0000000000..02113552ea --- /dev/null +++ b/internal/user/model/token.go @@ -0,0 +1,18 @@ +package model + +import ( + es_models "github.com/caos/zitadel/internal/eventstore/models" + "time" +) + +type Token struct { + es_models.ObjectRoot + + TokenID string + ApplicationID string + UserAgentID string + Audience []string + Expiration time.Time + Scopes []string + PreferredLanguage string +} diff --git a/internal/token/model/token.go b/internal/user/model/token_view.go similarity index 97% rename from internal/token/model/token.go rename to internal/user/model/token_view.go index 5f9a8d0843..b89c6cb6e4 100644 --- a/internal/token/model/token.go +++ b/internal/user/model/token_view.go @@ -6,7 +6,7 @@ import ( "github.com/caos/zitadel/internal/model" ) -type Token struct { +type TokenView struct { ID string CreationDate time.Time ChangeDate time.Time diff --git a/internal/user/repository/eventsourcing/eventstore.go b/internal/user/repository/eventsourcing/eventstore.go index f63fab95c1..7d15a6f359 100644 --- a/internal/user/repository/eventsourcing/eventstore.go +++ b/internal/user/repository/eventsourcing/eventstore.go @@ -634,6 +634,27 @@ func (es *UserEventstore) ExternalLoginChecked(ctx context.Context, userID strin return nil } +func (es *UserEventstore) TokenAdded(ctx context.Context, token *usr_model.Token) (*usr_model.Token, error) { + user, err := es.UserByID(ctx, token.AggregateID) + if err != nil { + return nil, err + } + id, err := es.idGenerator.Next() + if err != nil { + return nil, err + } + token.TokenID = id + repoUser := model.UserFromModel(user) + repoToken := model.TokenFromModel(token) + agg := TokenAddedAggregate(es.AggregateCreator(), repoUser, repoToken) + err = es_sdk.Push(ctx, es.PushAggregates, repoToken.AppendEvents, agg) + if err != nil { + return nil, err + } + es.userCache.cacheUser(repoUser) + return model.TokenToModel(repoToken), nil +} + func (es *UserEventstore) ChangeMachine(ctx context.Context, machine *usr_model.Machine) (*usr_model.Machine, error) { user, err := es.UserByID(ctx, machine.AggregateID) if err != nil { diff --git a/internal/user/repository/eventsourcing/model/token.go b/internal/user/repository/eventsourcing/model/token.go new file mode 100644 index 0000000000..d562cece7e --- /dev/null +++ b/internal/user/repository/eventsourcing/model/token.go @@ -0,0 +1,80 @@ +package model + +import ( + "encoding/json" + "time" + + "github.com/caos/logging" + caos_errs "github.com/caos/zitadel/internal/errors" + es_models "github.com/caos/zitadel/internal/eventstore/models" + "github.com/caos/zitadel/internal/user/model" +) + +type Token struct { + es_models.ObjectRoot + + TokenID string `json:"tokenId" gorm:"column:token_id"` + ApplicationID string `json:"applicationId" gorm:"column:application_id"` + UserAgentID string `json:"userAgentId" gorm:"column:user_agent_id"` + Audience []string `json:"audience" gorm:"column:audience"` + Scopes []string `json:"scopes" gorm:"column:scopes"` + Expiration time.Time `json:"expiration" gorm:"column:expiration"` + PreferredLanguage string `json:"preferredLanguage" gorm:"column:preferred_language"` +} + +func TokenFromModel(token *model.Token) *Token { + return &Token{ + ObjectRoot: token.ObjectRoot, + TokenID: token.TokenID, + ApplicationID: token.ApplicationID, + UserAgentID: token.UserAgentID, + Audience: token.Audience, + Scopes: token.Scopes, + Expiration: token.Expiration, + PreferredLanguage: token.PreferredLanguage, + } +} + +func TokenToModel(token *Token) *model.Token { + return &model.Token{ + ObjectRoot: token.ObjectRoot, + TokenID: token.TokenID, + ApplicationID: token.ApplicationID, + UserAgentID: token.UserAgentID, + Audience: token.Audience, + Scopes: token.Scopes, + Expiration: token.Expiration, + PreferredLanguage: token.PreferredLanguage, + } +} + +func (t *Token) AppendEvents(events ...*es_models.Event) error { + for _, event := range events { + if err := t.AppendEvent(event); err != nil { + return err + } + } + + return nil +} + +func (t *Token) AppendEvent(event *es_models.Event) error { + switch event.Type { + case UserTokenAdded: + err := t.setData(event) + if err != nil { + return err + } + t.CreationDate = event.CreationDate + } + return nil +} + +func (t *Token) setData(event *es_models.Event) error { + t.ObjectRoot.AppendEvent(event) + if err := json.Unmarshal(event.Data, t); err != nil { + logging.Log("EVEN-4Fm9s").WithError(err).Error("could not unmarshal event data") + return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") + } + return nil +} diff --git a/internal/user/repository/eventsourcing/model/types.go b/internal/user/repository/eventsourcing/model/types.go index d637d77595..bc5efdf1a1 100644 --- a/internal/user/repository/eventsourcing/model/types.go +++ b/internal/user/repository/eventsourcing/model/types.go @@ -67,6 +67,8 @@ const ( UserDeactivated models.EventType = "user.deactivated" UserReactivated models.EventType = "user.reactivated" UserRemoved models.EventType = "user.removed" + + UserTokenAdded models.EventType = "user.token.added" ) // the following consts are for user(v2).human diff --git a/internal/user/repository/eventsourcing/user.go b/internal/user/repository/eventsourcing/user.go index 7ee4e30ad6..754991f1b6 100644 --- a/internal/user/repository/eventsourcing/user.go +++ b/internal/user/repository/eventsourcing/user.go @@ -474,6 +474,16 @@ func ExternalLoginCheckSucceededAggregate(aggCreator *es_models.AggregateCreator } } +func TokenAddedAggregate(aggCreator *es_models.AggregateCreator, user *model.User, token *model.Token) es_sdk.AggregateFunc { + return func(ctx context.Context) (*es_models.Aggregate, error) { + agg, err := UserAggregateOverwriteContext(ctx, aggCreator, user, user.ResourceOwner, user.AggregateID) + if err != nil { + return nil, err + } + return agg.AppendEvent(model.UserTokenAdded, token) + } +} + func MachineChangeAggregate(aggCreator *es_models.AggregateCreator, user *model.User, machine *model.Machine) func(ctx context.Context) (*es_models.Aggregate, error) { return func(ctx context.Context) (*es_models.Aggregate, error) { if machine == nil { diff --git a/internal/user/repository/view/model/token.go b/internal/user/repository/view/model/token.go new file mode 100644 index 0000000000..725132ad52 --- /dev/null +++ b/internal/user/repository/view/model/token.go @@ -0,0 +1,127 @@ +package model + +import ( + "encoding/json" + "github.com/caos/logging" + caos_errs "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore/models" + es_models "github.com/caos/zitadel/internal/eventstore/models" + usr_model "github.com/caos/zitadel/internal/user/model" + usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model" + "time" + + "github.com/lib/pq" +) + +const ( + TokenKeyTokenID = "id" + TokenKeyUserID = "user_id" + TokenKeyApplicationID = "application_id" + TokenKeyUserAgentID = "user_agent_id" + TokenKeyExpiration = "expiration" + TokenKeyResourceOwner = "resource_owner" +) + +type TokenView struct { + ID string `json:"tokenId" gorm:"column:id;primary_key"` + CreationDate time.Time `json:"-" gorm:"column:creation_date"` + ChangeDate time.Time `json:"-" gorm:"column:change_date"` + ResourceOwner string `json:"-" gorm:"column:resource_owner"` + UserID string `json:"-" gorm:"column:user_id"` + ApplicationID string `json:"applicationId" gorm:"column:application_id"` + UserAgentID string `json:"userAgentId" gorm:"column:user_agent_id"` + Audience pq.StringArray `json:"audience" gorm:"column:audience"` + Scopes pq.StringArray `json:"scopes" gorm:"column:scopes"` + Expiration time.Time `json:"expiration" gorm:"column:expiration"` + Sequence uint64 `json:"-" gorm:"column:sequence"` + PreferredLanguage string `json:"preferredLanguage" gorm:"column:preferred_language"` + Deactivated bool `json:"-" gorm:"-"` +} + +func TokenViewFromModel(token *usr_model.TokenView) *TokenView { + return &TokenView{ + ID: token.ID, + CreationDate: token.CreationDate, + ChangeDate: token.ChangeDate, + ResourceOwner: token.ResourceOwner, + UserID: token.UserID, + ApplicationID: token.ApplicationID, + UserAgentID: token.UserAgentID, + Audience: token.Audience, + Scopes: token.Scopes, + Expiration: token.Expiration, + Sequence: token.Sequence, + PreferredLanguage: token.PreferredLanguage, + } +} + +func TokenViewToModel(token *TokenView) *usr_model.TokenView { + return &usr_model.TokenView{ + ID: token.ID, + CreationDate: token.CreationDate, + ChangeDate: token.ChangeDate, + ResourceOwner: token.ResourceOwner, + UserID: token.UserID, + ApplicationID: token.ApplicationID, + UserAgentID: token.UserAgentID, + Audience: token.Audience, + Scopes: token.Scopes, + Expiration: token.Expiration, + Sequence: token.Sequence, + PreferredLanguage: token.PreferredLanguage, + } +} + +func (t *TokenView) AppendEventIfMyToken(event *models.Event) (err error) { + view := new(TokenView) + switch event.Type { + case usr_es_model.UserTokenAdded: + view.setRootData(event) + err = view.setData(event) + case usr_es_model.UserRemoved, + usr_es_model.UserDeactivated, + usr_es_model.UserLocked: + t.Deactivated = true + return nil + case usr_es_model.UserUnlocked, + usr_es_model.UserReactivated: + if t.ID != "" && event.CreationDate.Before(t.CreationDate) { + t.Deactivated = false + } + return nil + default: + return nil + } + if view.ID == t.ID { + return t.AppendEvent(event) + } + return nil +} + +func (t *TokenView) AppendEvent(event *es_models.Event) error { + t.ChangeDate = event.CreationDate + t.Sequence = event.Sequence + switch event.Type { + case usr_es_model.UserTokenAdded: + t.setRootData(event) + err := t.setData(event) + if err != nil { + return err + } + t.CreationDate = event.CreationDate + } + return nil +} + +func (t *TokenView) setRootData(event *models.Event) { + t.UserID = event.AggregateID + t.ResourceOwner = event.ResourceOwner +} + +func (t *TokenView) setData(event *es_models.Event) error { + if err := json.Unmarshal(event.Data, t); err != nil { + logging.Log("EVEN-3Gm9s").WithError(err).Error("could not unmarshal event data") + return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event") + } + return nil +} diff --git a/internal/token/repository/view/model/token_query.go b/internal/user/repository/view/model/token_query.go similarity index 68% rename from internal/token/repository/view/model/token_query.go rename to internal/user/repository/view/model/token_query.go index 28a8f5dddc..1148956371 100644 --- a/internal/token/repository/view/model/token_query.go +++ b/internal/user/repository/view/model/token_query.go @@ -2,13 +2,13 @@ package model import ( global_model "github.com/caos/zitadel/internal/model" - token_model "github.com/caos/zitadel/internal/token/model" + "github.com/caos/zitadel/internal/user/model" "github.com/caos/zitadel/internal/view/repository" ) -type TokenSearchRequest token_model.TokenSearchRequest -type TokenSearchQuery token_model.TokenSearchQuery -type TokenSearchKey token_model.TokenSearchKey +type TokenSearchRequest model.TokenSearchRequest +type TokenSearchQuery model.TokenSearchQuery +type TokenSearchKey model.TokenSearchKey func (req TokenSearchRequest) GetLimit() uint64 { return req.Limit @@ -19,7 +19,7 @@ func (req TokenSearchRequest) GetOffset() uint64 { } func (req TokenSearchRequest) GetSortingColumn() repository.ColumnKey { - if req.SortingColumn == token_model.TokenSearchKeyUnspecified { + if req.SortingColumn == model.TokenSearchKeyUnspecified { return nil } return TokenSearchKey(req.SortingColumn) @@ -50,18 +50,18 @@ func (req TokenSearchQuery) GetValue() interface{} { } func (key TokenSearchKey) ToColumnName() string { - switch token_model.TokenSearchKey(key) { - case token_model.TokenSearchKeyTokenID: + switch model.TokenSearchKey(key) { + case model.TokenSearchKeyTokenID: return TokenKeyTokenID - case token_model.TokenSearchKeyUserAgentID: + case model.TokenSearchKeyUserAgentID: return TokenKeyUserAgentID - case token_model.TokenSearchKeyUserID: + case model.TokenSearchKeyUserID: return TokenKeyUserID - case token_model.TokenSearchKeyApplicationID: + case model.TokenSearchKeyApplicationID: return TokenKeyApplicationID - case token_model.TokenSearchKeyExpiration: + case model.TokenSearchKeyExpiration: return TokenKeyExpiration - case token_model.TokenSearchKeyResourceOwner: + case model.TokenSearchKeyResourceOwner: return TokenKeyResourceOwner default: return "" diff --git a/internal/user/repository/view/token_view.go b/internal/user/repository/view/token_view.go new file mode 100644 index 0000000000..5666661fdd --- /dev/null +++ b/internal/user/repository/view/token_view.go @@ -0,0 +1,72 @@ +package view + +import ( + "github.com/caos/zitadel/internal/errors" + global_model "github.com/caos/zitadel/internal/model" + "github.com/caos/zitadel/internal/user/model" + usr_model "github.com/caos/zitadel/internal/user/repository/view/model" + "github.com/caos/zitadel/internal/view/repository" + "github.com/jinzhu/gorm" + "github.com/lib/pq" +) + +func TokenByID(db *gorm.DB, table, tokenID string) (*usr_model.TokenView, error) { + token := new(usr_model.TokenView) + query := repository.PrepareGetByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID) + err := query(db, token) + if errors.IsNotFound(err) { + return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound") + } + return token, err +} + +func TokensByUserID(db *gorm.DB, table, userID string) ([]*usr_model.TokenView, error) { + tokens := make([]*usr_model.TokenView, 0) + userIDQuery := &model.TokenSearchQuery{ + Key: model.TokenSearchKeyUserID, + Method: global_model.SearchMethodEquals, + Value: userID, + } + query := repository.PrepareSearchQuery(table, usr_model.TokenSearchRequest{ + Queries: []*model.TokenSearchQuery{userIDQuery}, + }) + _, err := query(db, &tokens) + return tokens, err +} + +func PutToken(db *gorm.DB, table string, token *usr_model.TokenView) error { + save := repository.PrepareSave(table) + return save(db, token) +} + +func PutTokens(db *gorm.DB, table string, tokens ...*usr_model.TokenView) error { + save := repository.PrepareBulkSave(table) + t := make([]interface{}, len(tokens)) + for i, token := range tokens { + t[i] = token + } + return save(db, t...) +} + +func DeleteToken(db *gorm.DB, table, tokenID string) error { + delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID) + return delete(db) +} + +func DeleteSessionTokens(db *gorm.DB, table, agentID, userID string) error { + delete := repository.PrepareDeleteByKeys(table, + repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserAgentID), Value: agentID}, + repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserID), Value: userID}, + ) + return delete(db) +} + +func DeleteUserTokens(db *gorm.DB, table, userID string) error { + delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyUserID), userID) + return delete(db) +} + +func DeleteApplicationTokens(db *gorm.DB, table string, appIDs []string) error { + delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyApplicationID), pq.StringArray(appIDs)) + return delete(db) +}