TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: system api requires authenticated requests (#3570)

Browse Source 
* begin auth

* feat: system api requires authenticated requests

* fix tests
This commit is contained in:
Livio Amstutz
2022-05-30 13:38:30 +02:00
committed by GitHub
parent 41d78ef523
commit 2fc39c0da0
15 changed files with 179 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/grpc/server/middleware/auth_interceptor.go
View File

@@ -15,10 +15,6 @@ import (
func AuthorizationInterceptor(verifier *authz.TokenVerifier, authConfig authz.Config) grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
//TODO: Change as soon as we know how to authenticate system api
if verifier == nil {
return handler(ctx, req)
}
return authorize(ctx, req, info, handler, verifier, authConfig)
}
}

8
internal/api/grpc/server/middleware/auth_interceptor_test.go
View File

@@ -65,7 +65,7 @@ func Test_authorize(t *testing.T) {
info: mockInfo("/no/token/needed"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier := authz.Start(&verifierMock{}, "", nil)
verifier.RegisterServer("need", "need", authz.MethodMapping{})
return verifier
}(),
@@ -84,7 +84,7 @@ func Test_authorize(t *testing.T) {
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier := authz.Start(&verifierMock{}, "", nil)
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),
@@ -104,7 +104,7 @@ func Test_authorize(t *testing.T) {
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier := authz.Start(&verifierMock{}, "", nil)
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),
@@ -124,7 +124,7 @@ func Test_authorize(t *testing.T) {
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier := authz.Start(&verifierMock{}, "", nil)
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),

3
internal/api/grpc/server/middleware/instance_interceptor.go
View File

@@ -28,6 +28,9 @@ func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInf
interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
defer func() { span.EndWithError(err) }()
for _, service := range ignoredServices {
if !strings.HasPrefix(service, "/") {
service = "/" + service
}
if strings.HasPrefix(info.FullMethod, service) {
return handler(ctx, req)
}