mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
fix: client secret verification (for introspection) (#2825)
* fix: client secret verification (for introspection) * revert change for ProjectIDAndOriginsByClientID
This commit is contained in:
parent
43f15953c3
commit
2f7d8ca557
@ -224,7 +224,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
|
return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
|
||||||
}
|
}
|
||||||
projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, clientID)
|
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
|
return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
|
||||||
}
|
}
|
||||||
@ -283,7 +283,7 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles []string) (map[string]map[string]string, error) {
|
func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles []string) (map[string]map[string]string, error) {
|
||||||
projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, applicationID)
|
projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ func (a *ApplicationRepo) AuthorizeClientIDSecret(ctx context.Context, clientID,
|
|||||||
ctx, span := tracing.NewSpan(ctx)
|
ctx, span := tracing.NewSpan(ctx)
|
||||||
defer func() { span.EndWithError(err) }()
|
defer func() { span.EndWithError(err) }()
|
||||||
|
|
||||||
app, err := a.Query.AppByOIDCClientID(ctx, clientID)
|
app, err := a.Query.AppByClientID(ctx, clientID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -230,6 +230,19 @@ func (q *Queries) AppByID(ctx context.Context, appID string) (*App, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (string, error) {
|
func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (string, error) {
|
||||||
|
stmt, scan := prepareProjectIDByAppQuery()
|
||||||
|
query, args, err := stmt.Where(
|
||||||
|
sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
|
||||||
|
).ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement")
|
||||||
|
}
|
||||||
|
|
||||||
|
row := q.client.QueryRowContext(ctx, query, args...)
|
||||||
|
return scan(row)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (string, error) {
|
||||||
stmt, scan := prepareProjectIDByAppQuery()
|
stmt, scan := prepareProjectIDByAppQuery()
|
||||||
query, args, err := stmt.Where(
|
query, args, err := stmt.Where(
|
||||||
sq.Or{
|
sq.Or{
|
||||||
@ -238,7 +251,7 @@ func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (
|
|||||||
},
|
},
|
||||||
).ToSql()
|
).ToSql()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement")
|
return "", errors.ThrowInternal(err, "QUERY-SDfg3", "Errors.Query.SQLStatement")
|
||||||
}
|
}
|
||||||
|
|
||||||
row := q.client.QueryRowContext(ctx, query, args...)
|
row := q.client.QueryRowContext(ctx, query, args...)
|
||||||
@ -273,6 +286,22 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (*App,
|
|||||||
return scan(row)
|
return scan(row)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (q *Queries) AppByClientID(ctx context.Context, clientID string) (*App, error) {
|
||||||
|
stmt, scan := prepareAppQuery()
|
||||||
|
query, args, err := stmt.Where(
|
||||||
|
sq.Or{
|
||||||
|
sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
|
||||||
|
sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
|
||||||
|
},
|
||||||
|
).ToSql()
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement")
|
||||||
|
}
|
||||||
|
|
||||||
|
row := q.client.QueryRowContext(ctx, query, args...)
|
||||||
|
return scan(row)
|
||||||
|
}
|
||||||
|
|
||||||
func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*Apps, error) {
|
func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*Apps, error) {
|
||||||
query, scan := prepareAppsQuery()
|
query, scan := prepareAppsQuery()
|
||||||
stmt, args, err := queries.toQuery(query).ToSql()
|
stmt, args, err := queries.toQuery(query).ToSql()
|
||||||
|
Loading…
Reference in New Issue
Block a user