TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 05:17:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: tokens on user aggregate (#837)

Browse Source 
* fix: fix remove policies in spoolers

* fix: reread of token by id

* fix: update oidc package

* fix: possible nil pointer on token split

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2020-10-15 13:52:41 +02:00
committed by GitHub
parent fbb30840f1
commit 265b491696
24 changed files with 518 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/oidc/auth_request.go
View File

@@ -70,7 +70,7 @@ func (o *OPStorage) CreateToken(ctx context.Context, req op.TokenRequest) (strin
if err != nil {
return "", time.Time{}, err
}
return resp.ID, resp.Expiration, nil
return resp.TokenID, resp.Expiration, nil
}
func grantsToScopes(grants []*grant_model.UserGrantView) []string {

4
internal/api/oidc/client.go
View File

@@ -65,8 +65,8 @@ func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secr
return o.repo.AuthorizeOIDCApplication(ctx, id, secret)
}
func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID, origin string) (*oidc.Userinfo, error) {
token, err := o.repo.TokenByID(ctx, tokenID)
func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID, subject, origin string) (*oidc.Userinfo, error) {
token, err := o.repo.TokenByID(ctx, tokenID, subject)
if err != nil {
return nil, err
}

75
internal/auth/repository/eventsourcing/eventstore/token.go
View File

@@ -2,38 +2,83 @@ package eventstore
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/repository/view/model"
"time"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
token_model "github.com/caos/zitadel/internal/token/model"
token_view_model "github.com/caos/zitadel/internal/token/repository/view/model"
)
type TokenRepo struct {
View *view.View
UserEvents *user_event.UserEventstore
View *view.View
}
func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*token_model.Token, error) {
func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) {
preferredLanguage := ""
user, _ := repo.View.UserByID(userID)
if user != nil {
preferredLanguage = user.PreferredLanguage
}
token, err := repo.View.CreateToken(agentID, applicationID, userID, preferredLanguage, audience, scopes, lifetime)
if err != nil {
return nil, err
now := time.Now().UTC()
token := &usr_model.Token{
ObjectRoot: models.ObjectRoot{
AggregateID: userID,
},
UserAgentID: agentID,
ApplicationID: applicationID,
Audience: audience,
Scopes: scopes,
Expiration: now.Add(lifetime),
PreferredLanguage: preferredLanguage,
}
return token_view_model.TokenToModel(token), nil
return repo.UserEvents.TokenAdded(ctx, token)
}
func (repo *TokenRepo) IsTokenValid(ctx context.Context, tokenID string) (bool, error) {
return repo.View.IsTokenValid(tokenID)
func (repo *TokenRepo) IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error) {
token, err := repo.TokenByID(ctx, userID, tokenID)
if err == nil {
return token.Expiration.After(time.Now().UTC()), nil
}
if errors.IsNotFound(err) {
return false, nil
}
return false, err
}
func (repo *TokenRepo) TokenByID(ctx context.Context, tokenID string) (*token_model.Token, error) {
token, err := repo.View.TokenByID(tokenID)
if err != nil {
return nil, err
func (repo *TokenRepo) TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) {
token, viewErr := repo.View.TokenByID(tokenID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
return nil, viewErr
}
return token_view_model.TokenToModel(token), nil
if errors.IsNotFound(viewErr) {
token = new(model.TokenView)
token.ID = tokenID
token.UserID = userID
}
events, esErr := repo.UserEvents.UserEventsByID(ctx, userID, token.Sequence)
if errors.IsNotFound(viewErr) && len(events) == 0 {
return nil, errors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound")
}
if esErr != nil {
logging.Log("EVENT-5Nm9s").WithError(viewErr).Debug("error retrieving new events")
return model.TokenViewToModel(token), nil
}
viewToken := *token
for _, event := range events {
err := token.AppendEventIfMyToken(event)
if err != nil {
return model.TokenViewToModel(&viewToken), nil
}
}
if !token.Expiration.After(time.Now().UTC()) || token.Deactivated {
return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound")
}
return model.TokenViewToModel(token), nil
}

7
internal/auth/repository/eventsourcing/handler/token.go
View File

@@ -43,6 +43,13 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) {
func (u *Token) Reduce(event *models.Event) (err error) {
switch event.Type {
case user_es_model.UserTokenAdded:
token := new(view_model.TokenView)
err := token.AppendEvent(event)
if err != nil {
return err
}
return u.view.PutToken(token)
case user_es_model.UserProfileChanged,
user_es_model.HumanProfileChanged:
user := new(view_model.UserView)

5
internal/auth/repository/eventsourcing/repository.go
View File

@@ -143,7 +143,10 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
MfaHardwareCheckLifeTime: systemDefaults.VerificationLifetimes.MfaHardwareCheck.Duration,
IAMID: systemDefaults.IamID,
},
eventstore.TokenRepo{View: view},
eventstore.TokenRepo{
UserEvents: user,
View: view,
},
eventstore.KeyRepository{
KeyEvents: key,
View: view,

57
internal/auth/repository/eventsourcing/view/token.go
View File

@@ -1,62 +1,33 @@
package view
import (
usr_view "github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
"github.com/caos/zitadel/internal/token/repository/view"
"github.com/caos/zitadel/internal/token/repository/view/model"
)
const (
tokenTable = "auth.tokens"
)
func (v *View) TokenByID(tokenID string) (*model.Token, error) {
return view.TokenByID(v.Db, tokenTable, tokenID)
func (v *View) TokenByID(tokenID string) (*model.TokenView, error) {
return usr_view.TokenByID(v.Db, tokenTable, tokenID)
}
func (v *View) TokensByUserID(userID string) ([]*model.Token, error) {
return view.TokensByUserID(v.Db, tokenTable, userID)
func (v *View) TokensByUserID(userID string) ([]*model.TokenView, error) {
return usr_view.TokensByUserID(v.Db, tokenTable, userID)
}
func (v *View) IsTokenValid(tokenID string) (bool, error) {
return view.IsTokenValid(v.Db, tokenTable, tokenID)
}
func (v *View) CreateToken(agentID, applicationID, userID, preferredLanguage string, audience, scopes []string, lifetime time.Duration) (*model.Token, error) {
id, err := v.idGenerator.Next()
if err != nil {
return nil, err
}
now := time.Now().UTC()
token := &model.Token{
ID: id,
CreationDate: now,
UserID: userID,
ApplicationID: applicationID,
UserAgentID: agentID,
Scopes: scopes,
Audience: audience,
Expiration: now.Add(lifetime),
PreferredLanguage: preferredLanguage,
}
if err := view.PutToken(v.Db, tokenTable, token); err != nil {
return nil, err
}
return token, nil
}
func (v *View) PutToken(token *model.Token) error {
err := view.PutToken(v.Db, tokenTable, token)
func (v *View) PutToken(token *model.TokenView) error {
err := usr_view.PutToken(v.Db, tokenTable, token)
if err != nil {
return err
}
return v.ProcessedTokenSequence(token.Sequence)
}
func (v *View) PutTokens(token []*model.Token, sequence uint64) error {
err := view.PutTokens(v.Db, tokenTable, token...)
func (v *View) PutTokens(token []*model.TokenView, sequence uint64) error {
err := usr_view.PutTokens(v.Db, tokenTable, token...)
if err != nil {
return err
}
@@ -64,7 +35,7 @@ func (v *View) PutTokens(token []*model.Token, sequence uint64) error {
}
func (v *View) DeleteToken(tokenID string, eventSequence uint64) error {
err := view.DeleteToken(v.Db, tokenTable, tokenID)
err := usr_view.DeleteToken(v.Db, tokenTable, tokenID)
if err != nil {
return nil
}
@@ -72,7 +43,7 @@ func (v *View) DeleteToken(tokenID string, eventSequence uint64) error {
}
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) error {
err := view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
if err != nil {
return nil
}
@@ -80,7 +51,7 @@ func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64)
}
func (v *View) DeleteUserTokens(userID string, eventSequence uint64) error {
err := view.DeleteUserTokens(v.Db, tokenTable, userID)
err := usr_view.DeleteUserTokens(v.Db, tokenTable, userID)
if err != nil {
return nil
}
@@ -88,7 +59,7 @@ func (v *View) DeleteUserTokens(userID string, eventSequence uint64) error {
}
func (v *View) DeleteApplicationTokens(eventSequence uint64, ids ...string) error {
err := view.DeleteApplicationTokens(v.Db, tokenTable, ids)
err := usr_view.DeleteApplicationTokens(v.Db, tokenTable, ids)
if err != nil {
return nil
}

9
internal/auth/repository/token.go
View File

@@ -2,13 +2,12 @@ package repository
import (
"context"
usr_model "github.com/caos/zitadel/internal/user/model"
"time"
"github.com/caos/zitadel/internal/token/model"
)
type TokenRepository interface {
CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*model.Token, error)
IsTokenValid(ctx context.Context, tokenID string) (bool, error)
TokenByID(ctx context.Context, tokenID string) (*model.Token, error)
CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error)
IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error)
TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error)
}

48
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@@ -2,6 +2,11 @@ package eventstore
import (
"context"
"github.com/caos/logging"
usr_model "github.com/caos/zitadel/internal/user/model"
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/repository/view/model"
"strings"
"time"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
@@ -16,16 +21,55 @@ type TokenVerifierRepo struct {
IAMID string
IAMEvents *iam_event.IAMEventstore
ProjectEvents *proj_event.ProjectEventstore
UserEvents *usr_event.UserEventstore
View *view.View
}
func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) {
token, viewErr := repo.View.TokenByID(tokenID)
if viewErr != nil && !caos_errs.IsNotFound(viewErr) {
return nil, viewErr
}
if caos_errs.IsNotFound(viewErr) {
token = new(model.TokenView)
token.ID = tokenID
token.UserID = userID
}
events, esErr := repo.UserEvents.UserEventsByID(ctx, userID, token.Sequence)
if caos_errs.IsNotFound(viewErr) && len(events) == 0 {
return nil, caos_errs.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound")
}
if esErr != nil {
logging.Log("EVENT-5Nm9s").WithError(viewErr).Debug("error retrieving new events")
return model.TokenViewToModel(token), nil
}
viewToken := *token
for _, event := range events {
err := token.AppendEventIfMyToken(event)
if err != nil {
return model.TokenViewToModel(&viewToken), nil
}
}
if !token.Expiration.After(time.Now().UTC()) || token.Deactivated {
return nil, caos_errs.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.Token.NotFound")
}
return model.TokenViewToModel(token), nil
}
func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang string, err error) {
//TODO: use real key
tokenID, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32]))
tokenIDSubject, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32]))
if err != nil {
return "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token")
}
token, err := repo.View.TokenByID(tokenID)
splittedToken := strings.Split(tokenIDSubject, ":")
if len(splittedToken) != 2 {
return "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-GDg3a", "invalid token")
}
token, err := repo.TokenByID(ctx, splittedToken[0], splittedToken[1])
if err != nil {
return "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token")
}

12
internal/authz/repository/eventsourcing/repository.go
View File

@@ -2,6 +2,7 @@ package eventsourcing
import (
"context"
es_user "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/auth_request/repository/cache"
@@ -65,6 +66,16 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
if err != nil {
return nil, err
}
user, err := es_user.StartUser(
es_user.UserConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
},
systemDefaults,
)
if err != nil {
return nil, err
}
repos := handler.EventstoreRepos{IamEvents: iam}
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, repos, systemDefaults)
@@ -85,6 +96,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
IAMID: systemDefaults.IamID,
IAMEvents: iam,
ProjectEvents: project,
UserEvents: user,
View: view,
},
}, nil

20
internal/authz/repository/eventsourcing/view/token.go
View File

@@ -1,8 +1,8 @@
package view
import (
"github.com/caos/zitadel/internal/token/repository/view"
"github.com/caos/zitadel/internal/token/repository/view/model"
usr_view "github.com/caos/zitadel/internal/user/repository/view"
usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
)
@@ -10,16 +10,12 @@ const (
tokenTable = "auth.tokens"
)
func (v *View) TokenByID(tokenID string) (*model.Token, error) {
return view.TokenByID(v.Db, tokenTable, tokenID)
func (v *View) TokenByID(tokenID string) (*usr_view_model.TokenView, error) {
return usr_view.TokenByID(v.Db, tokenTable, tokenID)
}
func (v *View) IsTokenValid(tokenID string) (bool, error) {
return view.IsTokenValid(v.Db, tokenTable, tokenID)
}
func (v *View) PutToken(token *model.Token) error {
err := view.PutToken(v.Db, tokenTable, token)
func (v *View) PutToken(token *usr_view_model.TokenView) error {
err := usr_view.PutToken(v.Db, tokenTable, token)
if err != nil {
return err
}
@@ -27,7 +23,7 @@ func (v *View) PutToken(token *model.Token) error {
}
func (v *View) DeleteToken(tokenID string, eventSequence uint64) error {
err := view.DeleteToken(v.Db, tokenTable, tokenID)
err := usr_view.DeleteToken(v.Db, tokenTable, tokenID)
if err != nil {
return nil
}
@@ -35,7 +31,7 @@ func (v *View) DeleteToken(tokenID string, eventSequence uint64) error {
}
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64) error {
err := view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
if err != nil {
return nil
}

1
internal/project/repository/view/model/application.go
View File

@@ -162,6 +162,7 @@ func (a *ApplicationView) AppendEventIfMyApp(event *models.Event) (err error) {
}
return nil
}
func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
a.Sequence = event.Sequence
a.ChangeDate = event.CreationDate

67
internal/token/repository/view/model/token.go
View File

@@ -1,67 +0,0 @@
package model
import (
"time"
"github.com/lib/pq"
"github.com/caos/zitadel/internal/token/model"
)
const (
TokenKeyTokenID = "id"
TokenKeyUserID = "user_id"
TokenKeyApplicationID = "application_id"
TokenKeyUserAgentID = "user_agent_id"
TokenKeyExpiration = "expiration"
TokenKeyResourceOwner = "resource_owner"
)
type Token struct {
ID string `json:"-" gorm:"column:id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
ResourceOwner string `json:"-" gorm:"column:resource_owner"`
UserID string `json:"-" gorm:"column:user_id"`
ApplicationID string `json:"-" gorm:"column:application_id"`
UserAgentID string `json:"-" gorm:"column:user_agent_id"`
Audience pq.StringArray `json:"-" gorm:"column:audience"`
Scopes pq.StringArray `json:"-" gorm:"column:scopes"`
Expiration time.Time `json:"-" gorm:"column:expiration"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
PreferredLanguage string `json:"-" gorm:"column:preferred_language"`
}
func TokenFromModel(token *model.Token) *Token {
return &Token{
ID: token.ID,
CreationDate: token.CreationDate,
ChangeDate: token.ChangeDate,
ResourceOwner: token.ResourceOwner,
UserID: token.UserID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
Sequence: token.Sequence,
PreferredLanguage: token.PreferredLanguage,
}
}
func TokenToModel(token *Token) *model.Token {
return &model.Token{
ID: token.ID,
CreationDate: token.CreationDate,
ChangeDate: token.ChangeDate,
ResourceOwner: token.ResourceOwner,
UserID: token.UserID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
Sequence: token.Sequence,
PreferredLanguage: token.PreferredLanguage,
}
}

85
internal/token/repository/view/token.go
View File

@@ -1,85 +0,0 @@
package view
import (
"time"
"github.com/caos/zitadel/internal/errors"
global_model "github.com/caos/zitadel/internal/model"
token_model "github.com/caos/zitadel/internal/token/model"
"github.com/caos/zitadel/internal/token/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
"github.com/lib/pq"
)
func TokenByID(db *gorm.DB, table, tokenID string) (*model.Token, error) {
token := new(model.Token)
query := repository.PrepareGetByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyTokenID), tokenID)
err := query(db, token)
if errors.IsNotFound(err) {
return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound")
}
return token, err
}
func TokensByUserID(db *gorm.DB, table, userID string) ([]*model.Token, error) {
tokens := make([]*model.Token, 0)
userIDQuery := &token_model.TokenSearchQuery{
Key: token_model.TokenSearchKeyUserID,
Method: global_model.SearchMethodEquals,
Value: userID,
}
query := repository.PrepareSearchQuery(table, model.TokenSearchRequest{
Queries: []*token_model.TokenSearchQuery{userIDQuery},
})
_, err := query(db, &tokens)
return tokens, err
}
func IsTokenValid(db *gorm.DB, table, tokenID string) (bool, error) {
token, err := TokenByID(db, table, tokenID)
if err == nil {
return token.Expiration.After(time.Now().UTC()), nil
}
if errors.IsNotFound(err) {
return false, nil
}
return false, err
}
func PutToken(db *gorm.DB, table string, token *model.Token) error {
save := repository.PrepareSave(table)
return save(db, token)
}
func PutTokens(db *gorm.DB, table string, tokens ...*model.Token) error {
save := repository.PrepareBulkSave(table)
t := make([]interface{}, len(tokens))
for i, token := range tokens {
t[i] = token
}
return save(db, t...)
}
func DeleteToken(db *gorm.DB, table, tokenID string) error {
delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyTokenID), tokenID)
return delete(db)
}
func DeleteSessionTokens(db *gorm.DB, table, agentID, userID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.TokenSearchKey(token_model.TokenSearchKeyUserAgentID), Value: agentID},
repository.Key{Key: model.TokenSearchKey(token_model.TokenSearchKeyUserID), Value: userID},
)
return delete(db)
}
func DeleteUserTokens(db *gorm.DB, table, userID string) error {
delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyUserID), userID)
return delete(db)
}
func DeleteApplicationTokens(db *gorm.DB, table string, appIDs []string) error {
delete := repository.PrepareDeleteByKey(table, model.TokenSearchKey(token_model.TokenSearchKeyApplicationID), pq.StringArray(appIDs))
return delete(db)
}

18
internal/user/model/token.go Normal file
View File

@@ -0,0 +1,18 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
"time"
)
type Token struct {
es_models.ObjectRoot
TokenID string
ApplicationID string
UserAgentID string
Audience []string
Expiration time.Time
Scopes []string
PreferredLanguage string
}

2
internal/token/model/token.go → internal/user/model/token_view.go
View File

@@ -6,7 +6,7 @@ import (
"github.com/caos/zitadel/internal/model"
)
type Token struct {
type TokenView struct {
ID string
CreationDate time.Time
ChangeDate time.Time

21
internal/user/repository/eventsourcing/eventstore.go
View File

@@ -634,6 +634,27 @@ func (es *UserEventstore) ExternalLoginChecked(ctx context.Context, userID strin
return nil
}
func (es *UserEventstore) TokenAdded(ctx context.Context, token *usr_model.Token) (*usr_model.Token, error) {
user, err := es.UserByID(ctx, token.AggregateID)
if err != nil {
return nil, err
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
token.TokenID = id
repoUser := model.UserFromModel(user)
repoToken := model.TokenFromModel(token)
agg := TokenAddedAggregate(es.AggregateCreator(), repoUser, repoToken)
err = es_sdk.Push(ctx, es.PushAggregates, repoToken.AppendEvents, agg)
if err != nil {
return nil, err
}
es.userCache.cacheUser(repoUser)
return model.TokenToModel(repoToken), nil
}
func (es *UserEventstore) ChangeMachine(ctx context.Context, machine *usr_model.Machine) (*usr_model.Machine, error) {
user, err := es.UserByID(ctx, machine.AggregateID)
if err != nil {

80
internal/user/repository/eventsourcing/model/token.go Normal file
View File

@@ -0,0 +1,80 @@
package model
import (
"encoding/json"
"time"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/user/model"
)
type Token struct {
es_models.ObjectRoot
TokenID string `json:"tokenId" gorm:"column:token_id"`
ApplicationID string `json:"applicationId" gorm:"column:application_id"`
UserAgentID string `json:"userAgentId" gorm:"column:user_agent_id"`
Audience []string `json:"audience" gorm:"column:audience"`
Scopes []string `json:"scopes" gorm:"column:scopes"`
Expiration time.Time `json:"expiration" gorm:"column:expiration"`
PreferredLanguage string `json:"preferredLanguage" gorm:"column:preferred_language"`
}
func TokenFromModel(token *model.Token) *Token {
return &Token{
ObjectRoot: token.ObjectRoot,
TokenID: token.TokenID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
PreferredLanguage: token.PreferredLanguage,
}
}
func TokenToModel(token *Token) *model.Token {
return &model.Token{
ObjectRoot: token.ObjectRoot,
TokenID: token.TokenID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
PreferredLanguage: token.PreferredLanguage,
}
}
func (t *Token) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := t.AppendEvent(event); err != nil {
return err
}
}
return nil
}
func (t *Token) AppendEvent(event *es_models.Event) error {
switch event.Type {
case UserTokenAdded:
err := t.setData(event)
if err != nil {
return err
}
t.CreationDate = event.CreationDate
}
return nil
}
func (t *Token) setData(event *es_models.Event) error {
t.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, t); err != nil {
logging.Log("EVEN-4Fm9s").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event")
}
return nil
}

2
internal/user/repository/eventsourcing/model/types.go
View File

@@ -67,6 +67,8 @@ const (
UserDeactivated models.EventType = "user.deactivated"
UserReactivated models.EventType = "user.reactivated"
UserRemoved models.EventType = "user.removed"
UserTokenAdded models.EventType = "user.token.added"
)
// the following consts are for user(v2).human

10
internal/user/repository/eventsourcing/user.go
View File

@@ -474,6 +474,16 @@ func ExternalLoginCheckSucceededAggregate(aggCreator *es_models.AggregateCreator
}
}
func TokenAddedAggregate(aggCreator *es_models.AggregateCreator, user *model.User, token *model.Token) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := UserAggregateOverwriteContext(ctx, aggCreator, user, user.ResourceOwner, user.AggregateID)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.UserTokenAdded, token)
}
}
func MachineChangeAggregate(aggCreator *es_models.AggregateCreator, user *model.User, machine *model.Machine) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if machine == nil {

127
internal/user/repository/view/model/token.go Normal file
View File

@@ -0,0 +1,127 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"time"
"github.com/lib/pq"
)
const (
TokenKeyTokenID = "id"
TokenKeyUserID = "user_id"
TokenKeyApplicationID = "application_id"
TokenKeyUserAgentID = "user_agent_id"
TokenKeyExpiration = "expiration"
TokenKeyResourceOwner = "resource_owner"
)
type TokenView struct {
ID string `json:"tokenId" gorm:"column:id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
ResourceOwner string `json:"-" gorm:"column:resource_owner"`
UserID string `json:"-" gorm:"column:user_id"`
ApplicationID string `json:"applicationId" gorm:"column:application_id"`
UserAgentID string `json:"userAgentId" gorm:"column:user_agent_id"`
Audience pq.StringArray `json:"audience" gorm:"column:audience"`
Scopes pq.StringArray `json:"scopes" gorm:"column:scopes"`
Expiration time.Time `json:"expiration" gorm:"column:expiration"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
PreferredLanguage string `json:"preferredLanguage" gorm:"column:preferred_language"`
Deactivated bool `json:"-" gorm:"-"`
}
func TokenViewFromModel(token *usr_model.TokenView) *TokenView {
return &TokenView{
ID: token.ID,
CreationDate: token.CreationDate,
ChangeDate: token.ChangeDate,
ResourceOwner: token.ResourceOwner,
UserID: token.UserID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
Sequence: token.Sequence,
PreferredLanguage: token.PreferredLanguage,
}
}
func TokenViewToModel(token *TokenView) *usr_model.TokenView {
return &usr_model.TokenView{
ID: token.ID,
CreationDate: token.CreationDate,
ChangeDate: token.ChangeDate,
ResourceOwner: token.ResourceOwner,
UserID: token.UserID,
ApplicationID: token.ApplicationID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
Expiration: token.Expiration,
Sequence: token.Sequence,
PreferredLanguage: token.PreferredLanguage,
}
}
func (t *TokenView) AppendEventIfMyToken(event *models.Event) (err error) {
view := new(TokenView)
switch event.Type {
case usr_es_model.UserTokenAdded:
view.setRootData(event)
err = view.setData(event)
case usr_es_model.UserRemoved,
usr_es_model.UserDeactivated,
usr_es_model.UserLocked:
t.Deactivated = true
return nil
case usr_es_model.UserUnlocked,
usr_es_model.UserReactivated:
if t.ID != "" && event.CreationDate.Before(t.CreationDate) {
t.Deactivated = false
}
return nil
default:
return nil
}
if view.ID == t.ID {
return t.AppendEvent(event)
}
return nil
}
func (t *TokenView) AppendEvent(event *es_models.Event) error {
t.ChangeDate = event.CreationDate
t.Sequence = event.Sequence
switch event.Type {
case usr_es_model.UserTokenAdded:
t.setRootData(event)
err := t.setData(event)
if err != nil {
return err
}
t.CreationDate = event.CreationDate
}
return nil
}
func (t *TokenView) setRootData(event *models.Event) {
t.UserID = event.AggregateID
t.ResourceOwner = event.ResourceOwner
}
func (t *TokenView) setData(event *es_models.Event) error {
if err := json.Unmarshal(event.Data, t); err != nil {
logging.Log("EVEN-3Gm9s").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event")
}
return nil
}

24
internal/token/repository/view/model/token_query.go → internal/user/repository/view/model/token_query.go
View File

@@ -2,13 +2,13 @@ package model
import (
global_model "github.com/caos/zitadel/internal/model"
token_model "github.com/caos/zitadel/internal/token/model"
"github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/view/repository"
)
type TokenSearchRequest token_model.TokenSearchRequest
type TokenSearchQuery token_model.TokenSearchQuery
type TokenSearchKey token_model.TokenSearchKey
type TokenSearchRequest model.TokenSearchRequest
type TokenSearchQuery model.TokenSearchQuery
type TokenSearchKey model.TokenSearchKey
func (req TokenSearchRequest) GetLimit() uint64 {
return req.Limit
@@ -19,7 +19,7 @@ func (req TokenSearchRequest) GetOffset() uint64 {
}
func (req TokenSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == token_model.TokenSearchKeyUnspecified {
if req.SortingColumn == model.TokenSearchKeyUnspecified {
return nil
}
return TokenSearchKey(req.SortingColumn)
@@ -50,18 +50,18 @@ func (req TokenSearchQuery) GetValue() interface{} {
}
func (key TokenSearchKey) ToColumnName() string {
switch token_model.TokenSearchKey(key) {
case token_model.TokenSearchKeyTokenID:
switch model.TokenSearchKey(key) {
case model.TokenSearchKeyTokenID:
return TokenKeyTokenID
case token_model.TokenSearchKeyUserAgentID:
case model.TokenSearchKeyUserAgentID:
return TokenKeyUserAgentID
case token_model.TokenSearchKeyUserID:
case model.TokenSearchKeyUserID:
return TokenKeyUserID
case token_model.TokenSearchKeyApplicationID:
case model.TokenSearchKeyApplicationID:
return TokenKeyApplicationID
case token_model.TokenSearchKeyExpiration:
case model.TokenSearchKeyExpiration:
return TokenKeyExpiration
case token_model.TokenSearchKeyResourceOwner:
case model.TokenSearchKeyResourceOwner:
return TokenKeyResourceOwner
default:
return ""

72
internal/user/repository/view/token_view.go Normal file
View File

@@ -0,0 +1,72 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/user/model"
usr_model "github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
"github.com/lib/pq"
)
func TokenByID(db *gorm.DB, table, tokenID string) (*usr_model.TokenView, error) {
token := new(usr_model.TokenView)
query := repository.PrepareGetByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID)
err := query(db, token)
if errors.IsNotFound(err) {
return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound")
}
return token, err
}
func TokensByUserID(db *gorm.DB, table, userID string) ([]*usr_model.TokenView, error) {
tokens := make([]*usr_model.TokenView, 0)
userIDQuery := &model.TokenSearchQuery{
Key: model.TokenSearchKeyUserID,
Method: global_model.SearchMethodEquals,
Value: userID,
}
query := repository.PrepareSearchQuery(table, usr_model.TokenSearchRequest{
Queries: []*model.TokenSearchQuery{userIDQuery},
})
_, err := query(db, &tokens)
return tokens, err
}
func PutToken(db *gorm.DB, table string, token *usr_model.TokenView) error {
save := repository.PrepareSave(table)
return save(db, token)
}
func PutTokens(db *gorm.DB, table string, tokens ...*usr_model.TokenView) error {
save := repository.PrepareBulkSave(table)
t := make([]interface{}, len(tokens))
for i, token := range tokens {
t[i] = token
}
return save(db, t...)
}
func DeleteToken(db *gorm.DB, table, tokenID string) error {
delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID)
return delete(db)
}
func DeleteSessionTokens(db *gorm.DB, table, agentID, userID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserAgentID), Value: agentID},
repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserID), Value: userID},
)
return delete(db)
}
func DeleteUserTokens(db *gorm.DB, table, userID string) error {
delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyUserID), userID)
return delete(db)
}
func DeleteApplicationTokens(db *gorm.DB, table string, appIDs []string) error {
delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyApplicationID), pq.StringArray(appIDs))
return delete(db)
}