diff --git a/cmd/admin/setup/01_sql/auth.sql b/cmd/admin/setup/01_sql/auth.sql index 6392eab15c..f2d4ebac0f 100644 --- a/cmd/admin/setup/01_sql/auth.sql +++ b/cmd/admin/setup/01_sql/auth.sql @@ -156,7 +156,7 @@ CREATE TABLE auth.refresh_tokens ( instance_id STRING NOT NULL, PRIMARY KEY (id, instance_id), - UNIQUE INDEX unique_client_user_index (client_id ASC, user_agent_id ASC, user_id ASC, instance_id) + UNIQUE INDEX unique_client_user_index (client_id, user_agent_id, user_id) ); CREATE TABLE auth.org_project_mapping ( diff --git a/cmd/admin/start/start.go b/cmd/admin/start/start.go index 56410f608a..89c6a39bab 100644 --- a/cmd/admin/start/start.go +++ b/cmd/admin/start/start.go @@ -153,7 +153,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman verifier := internal_authz.Start(repo) authenticatedAPIs := api.New(config.Port, router, &repo, config.InternalAuthZ, config.ExternalSecure, config.HTTP2HostHeader) - authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, assets.HandlerPrefix, keys.OIDC, keys.User) + authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, keys.OIDC, keys.User) if err != nil { return fmt.Errorf("error starting auth repo: %w", err) } diff --git a/internal/api/grpc/auth/user.go b/internal/api/grpc/auth/user.go index 17d510be90..66fdb657a8 100644 --- a/internal/api/grpc/auth/user.go +++ b/internal/api/grpc/auth/user.go @@ -100,7 +100,7 @@ func (s *Server) ListMyUserSessions(ctx context.Context, req *auth_pb.ListMyUser return nil, err } return &auth_pb.ListMyUserSessionsResponse{ - Result: user_grpc.UserSessionsToPb(userSessions), + Result: user_grpc.UserSessionsToPb(userSessions, s.assetsAPIDomain(ctx)), }, nil } diff --git a/internal/api/grpc/user/session.go b/internal/api/grpc/user/session.go index a55c576e49..299abfa911 100644 --- a/internal/api/grpc/user/session.go +++ b/internal/api/grpc/user/session.go @@ -7,15 +7,15 @@ import ( "github.com/zitadel/zitadel/pkg/grpc/user" ) -func UserSessionsToPb(sessions []*user_model.UserSessionView) []*user.Session { +func UserSessionsToPb(sessions []*user_model.UserSessionView, avatarPrefix string) []*user.Session { s := make([]*user.Session, len(sessions)) for i, session := range sessions { - s[i] = UserSessionToPb(session) + s[i] = UserSessionToPb(session, avatarPrefix) } return s } -func UserSessionToPb(session *user_model.UserSessionView) *user.Session { +func UserSessionToPb(session *user_model.UserSessionView, avatarPrefix string) *user.Session { return &user.Session{ // SessionId: session.,//TOOD: not return from be AgentId: session.UserAgentID, @@ -24,7 +24,7 @@ func UserSessionToPb(session *user_model.UserSessionView) *user.Session { LoginName: session.LoginName, DisplayName: session.DisplayName, AuthState: SessionStateToPb(session.State), - AvatarUrl: session.AvatarURL, + AvatarUrl: domain.AvatarURL(avatarPrefix, session.ResourceOwner, session.AvatarKey), Details: object.ToViewDetailsPb( session.Sequence, session.CreationDate, diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 03d73a2ae6..da68381f8e 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -65,11 +65,9 @@ type privacyPolicyProvider interface { type userSessionViewProvider interface { UserSessionByIDs(string, string, string) (*user_view_model.UserSessionView, error) UserSessionsByAgentID(string, string) ([]*user_view_model.UserSessionView, error) - PrefixAvatarURL() string } type userViewProvider interface { UserByID(string, string) (*user_view_model.UserView, error) - PrefixAvatarURL() string } type loginPolicyViewProvider interface { @@ -1105,7 +1103,7 @@ func userSessionsByUserAgentID(provider userSessionViewProvider, agentID, instan if err != nil { return nil, err } - return user_view_model.UserSessionsToModel(session, provider.PrefixAvatarURL()), nil + return user_view_model.UserSessionsToModel(session), nil } func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eventProvider userEventProvider, agentID string, user *user_model.UserView) (*user_model.UserSessionView, error) { @@ -1119,7 +1117,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve events, err := eventProvider.UserEventsByID(ctx, user.ID, session.Sequence) if err != nil { logging.Log("EVENT-Hse6s").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error retrieving new events") - return user_view_model.UserSessionToModel(session, provider.PrefixAvatarURL()), nil + return user_view_model.UserSessionToModel(session), nil } sessionCopy := *session for _, event := range events { @@ -1144,7 +1142,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve eventData, err := user_view_model.UserSessionFromEvent(event) if err != nil { logging.Log("EVENT-sdgT3").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error getting event data") - return user_view_model.UserSessionToModel(session, provider.PrefixAvatarURL()), nil + return user_view_model.UserSessionToModel(session), nil } if eventData.UserAgentID != agentID { continue @@ -1155,7 +1153,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve err := sessionCopy.AppendEvent(event) logging.Log("EVENT-qbhj3").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("error appending event") } - return user_view_model.UserSessionToModel(&sessionCopy, provider.PrefixAvatarURL()), nil + return user_view_model.UserSessionToModel(&sessionCopy), nil } func activeUserByID(ctx context.Context, userViewProvider userViewProvider, userEventProvider userEventProvider, queries orgViewProvider, lockoutPolicyProvider lockoutPolicyViewProvider, userID string, ignoreUnknownUsernames bool) (user *user_model.UserView, err error) { @@ -1200,24 +1198,24 @@ func userByID(ctx context.Context, viewProvider userViewProvider, eventProvider events, err := eventProvider.UserEventsByID(ctx, userID, user.Sequence) if err != nil { logging.Log("EVENT-dfg42").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error retrieving new events") - return user_view_model.UserToModel(user, viewProvider.PrefixAvatarURL()), nil + return user_view_model.UserToModel(user), nil } if len(events) == 0 { if viewErr != nil { return nil, viewErr } - return user_view_model.UserToModel(user, viewProvider.PrefixAvatarURL()), viewErr + return user_view_model.UserToModel(user), viewErr } userCopy := *user for _, event := range events { if err := userCopy.AppendEvent(event); err != nil { - return user_view_model.UserToModel(user, viewProvider.PrefixAvatarURL()), nil + return user_view_model.UserToModel(user), nil } } if userCopy.State == int32(user_model.UserStateDeleted) { return nil, errors.ThrowNotFound(nil, "EVENT-3F9so", "Errors.User.NotFound") } - return user_view_model.UserToModel(&userCopy, viewProvider.PrefixAvatarURL()), nil + return user_view_model.UserToModel(&userCopy), nil } func linkExternalIDPs(ctx context.Context, userCommandProvider userCommandProvider, request *domain.AuthRequest) error { diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index b18a028471..a404a59618 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -32,10 +32,6 @@ func (m *mockViewNoUserSession) UserSessionsByAgentID(string, string) ([]*user_v return nil, nil } -func (m *mockViewNoUserSession) PrefixAvatarURL() string { - return "" -} - type mockViewErrUserSession struct{} func (m *mockViewErrUserSession) UserSessionByIDs(string, string, string) (*user_view_model.UserSessionView, error) { @@ -46,10 +42,6 @@ func (m *mockViewErrUserSession) UserSessionsByAgentID(string, string) ([]*user_ return nil, errors.ThrowInternal(nil, "id", "internal error") } -func (m *mockViewErrUserSession) PrefixAvatarURL() string { - return "" -} - type mockViewUserSession struct { ExternalLoginVerification time.Time PasswordlessVerification time.Time @@ -87,20 +79,12 @@ func (m *mockViewUserSession) UserSessionsByAgentID(string, string) ([]*user_vie return sessions, nil } -func (m *mockViewUserSession) PrefixAvatarURL() string { - return "prefix/" -} - type mockViewNoUser struct{} func (m *mockViewNoUser) UserByID(string, string) (*user_view_model.UserView, error) { return nil, errors.ThrowNotFound(nil, "id", "user not found") } -func (m *mockViewNoUser) PrefixAvatarURL() string { - return "" -} - type mockEventUser struct { Event *es_models.Event } @@ -176,10 +160,6 @@ func (m *mockViewUser) UserByID(string, string) (*user_view_model.UserView, erro }, nil } -func (m *mockViewUser) PrefixAvatarURL() string { - return "" -} - type mockViewOrg struct { State domain.OrgState } diff --git a/internal/auth/repository/eventsourcing/eventstore/user.go b/internal/auth/repository/eventsourcing/eventstore/user.go index 39b4ba3e30..2370e1c1bd 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user.go +++ b/internal/auth/repository/eventsourcing/eventstore/user.go @@ -14,12 +14,11 @@ import ( ) type UserRepo struct { - SearchLimit uint64 - Eventstore v1.Eventstore - View *view.View - Query *query.Queries - SystemDefaults systemdefaults.SystemDefaults - PrefixAvatarURL string + SearchLimit uint64 + Eventstore v1.Eventstore + View *view.View + Query *query.Queries + SystemDefaults systemdefaults.SystemDefaults } func (repo *UserRepo) Health(ctx context.Context) error { diff --git a/internal/auth/repository/eventsourcing/eventstore/user_session.go b/internal/auth/repository/eventsourcing/eventstore/user_session.go index b72376e287..3fb60fc75e 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user_session.go +++ b/internal/auth/repository/eventsourcing/eventstore/user_session.go @@ -18,7 +18,7 @@ func (repo *UserSessionRepo) GetMyUserSessions(ctx context.Context) ([]*usr_mode if err != nil { return nil, err } - return model.UserSessionsToModel(userSessions, repo.View.PrefixAvatarURL()), nil + return model.UserSessionsToModel(userSessions), nil } func (repo *UserSessionRepo) ActiveUserSessionCount() int64 { diff --git a/internal/auth/repository/eventsourcing/repository.go b/internal/auth/repository/eventsourcing/repository.go index 87d82a9ee6..ce41cd5930 100644 --- a/internal/auth/repository/eventsourcing/repository.go +++ b/internal/auth/repository/eventsourcing/repository.go @@ -33,14 +33,14 @@ type EsRepository struct { eventstore.OrgRepository } -func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, dbClient *sql.DB, assetsPrefix string, oidcEncryption crypto.EncryptionAlgorithm, userEncryption crypto.EncryptionAlgorithm) (*EsRepository, error) { +func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, dbClient *sql.DB, oidcEncryption crypto.EncryptionAlgorithm, userEncryption crypto.EncryptionAlgorithm) (*EsRepository, error) { es, err := v1.Start(dbClient) if err != nil { return nil, err } idGenerator := id.SonyFlakeGenerator() - view, err := auth_view.StartView(dbClient, oidcEncryption, queries, idGenerator, assetsPrefix) + view, err := auth_view.StartView(dbClient, oidcEncryption, queries, idGenerator) if err != nil { return nil, err } @@ -50,12 +50,11 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Comma spool := spooler.StartSpooler(conf.Spooler, es, view, dbClient, systemDefaults, queries) userRepo := eventstore.UserRepo{ - SearchLimit: conf.SearchLimit, - Eventstore: es, - View: view, - Query: queries, - SystemDefaults: systemDefaults, - PrefixAvatarURL: assetsPrefix, + SearchLimit: conf.SearchLimit, + Eventstore: es, + View: view, + Query: queries, + SystemDefaults: systemDefaults, } //TODO: remove as soon as possible queryView := queryViewWrapper{ diff --git a/internal/auth/repository/eventsourcing/view/view.go b/internal/auth/repository/eventsourcing/view/view.go index 6ebec6ba9d..0bb91801e6 100644 --- a/internal/auth/repository/eventsourcing/view/view.go +++ b/internal/auth/repository/eventsourcing/view/view.go @@ -11,31 +11,25 @@ import ( ) type View struct { - Db *gorm.DB - keyAlgorithm crypto.EncryptionAlgorithm - idGenerator id.Generator - prefixAvatarURL string - query *query.Queries + Db *gorm.DB + keyAlgorithm crypto.EncryptionAlgorithm + idGenerator id.Generator + query *query.Queries } -func StartView(sqlClient *sql.DB, keyAlgorithm crypto.EncryptionAlgorithm, queries *query.Queries, idGenerator id.Generator, prefixAvatarURL string) (*View, error) { +func StartView(sqlClient *sql.DB, keyAlgorithm crypto.EncryptionAlgorithm, queries *query.Queries, idGenerator id.Generator) (*View, error) { gorm, err := gorm.Open("postgres", sqlClient) if err != nil { return nil, err } return &View{ - Db: gorm, - keyAlgorithm: keyAlgorithm, - idGenerator: idGenerator, - prefixAvatarURL: prefixAvatarURL, - query: queries, + Db: gorm, + keyAlgorithm: keyAlgorithm, + idGenerator: idGenerator, + query: queries, }, nil } func (v *View) Health() (err error) { return v.Db.DB().Ping() } - -func (v *View) PrefixAvatarURL() string { - return v.prefixAvatarURL -} diff --git a/internal/user/model/profile.go b/internal/user/model/profile.go index 30f9d5236c..3a315769a0 100644 --- a/internal/user/model/profile.go +++ b/internal/user/model/profile.go @@ -17,7 +17,7 @@ type Profile struct { Gender Gender PreferredLoginName string LoginNames []string - AvatarURL string + AvatarKey string } func (p *Profile) IsValid() bool { diff --git a/internal/user/model/user_session_view.go b/internal/user/model/user_session_view.go index e328865d8f..ad06d095cc 100644 --- a/internal/user/model/user_session_view.go +++ b/internal/user/model/user_session_view.go @@ -18,7 +18,6 @@ type UserSessionView struct { LoginName string DisplayName string AvatarKey string - AvatarURL string SelectedIDPConfigID string PasswordVerification time.Time PasswordlessVerification time.Time diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go index 297b24a805..9de08fddfd 100644 --- a/internal/user/model/user_view.go +++ b/internal/user/model/user_view.go @@ -37,7 +37,6 @@ type HumanView struct { NickName string DisplayName string AvatarKey string - AvatarURL string PreferredLanguage string Gender Gender Email string @@ -249,7 +248,7 @@ func (u *UserView) GetProfile() (*Profile, error) { Gender: u.Gender, PreferredLoginName: u.PreferredLoginName, LoginNames: u.LoginNames, - AvatarURL: u.AvatarURL, + AvatarKey: u.AvatarKey, }, nil } diff --git a/internal/user/repository/view/model/user.go b/internal/user/repository/view/model/user.go index be424453f7..f8ac3a9260 100644 --- a/internal/user/repository/view/model/user.go +++ b/internal/user/repository/view/model/user.go @@ -139,7 +139,7 @@ func (m *MachineView) IsZero() bool { return m == nil || m.Name == "" } -func UserToModel(user *UserView, prefixAvatarURL string) *model.UserView { +func UserToModel(user *UserView) *model.UserView { userView := &model.UserView{ ID: user.ID, UserName: user.UserName, @@ -165,7 +165,6 @@ func UserToModel(user *UserView, prefixAvatarURL string) *model.UserView { NickName: user.NickName, DisplayName: user.DisplayName, AvatarKey: user.AvatarKey, - AvatarURL: domain.AvatarURL(prefixAvatarURL, user.ResourceOwner, user.AvatarKey), PreferredLanguage: user.PreferredLanguage, Gender: model.Gender(user.Gender), Email: user.Email, @@ -194,14 +193,6 @@ func UserToModel(user *UserView, prefixAvatarURL string) *model.UserView { return userView } -func UsersToModel(users []*UserView, prefixAvatarURL string) []*model.UserView { - result := make([]*model.UserView, len(users)) - for i, p := range users { - result[i] = UserToModel(p, prefixAvatarURL) - } - return result -} - func WebauthnTokensToModel(tokens []*WebAuthNView) []*model.WebAuthNView { if tokens == nil { return nil diff --git a/internal/user/repository/view/model/user_session.go b/internal/user/repository/view/model/user_session.go index f5bbf83a6a..22989f28e0 100644 --- a/internal/user/repository/view/model/user_session.go +++ b/internal/user/repository/view/model/user_session.go @@ -55,7 +55,7 @@ func UserSessionFromEvent(event *models.Event) (*UserSessionView, error) { return v, nil } -func UserSessionToModel(userSession *UserSessionView, prefixAvatarURL string) *model.UserSessionView { +func UserSessionToModel(userSession *UserSessionView) *model.UserSessionView { return &model.UserSessionView{ ChangeDate: userSession.ChangeDate, CreationDate: userSession.CreationDate, @@ -67,7 +67,6 @@ func UserSessionToModel(userSession *UserSessionView, prefixAvatarURL string) *m LoginName: userSession.LoginName, DisplayName: userSession.DisplayName, AvatarKey: userSession.AvatarKey, - AvatarURL: domain.AvatarURL(prefixAvatarURL, userSession.ResourceOwner, userSession.AvatarKey), SelectedIDPConfigID: userSession.SelectedIDPConfigID, PasswordVerification: userSession.PasswordVerification, PasswordlessVerification: userSession.PasswordlessVerification, @@ -80,10 +79,10 @@ func UserSessionToModel(userSession *UserSessionView, prefixAvatarURL string) *m } } -func UserSessionsToModel(userSessions []*UserSessionView, prefixAvatarURL string) []*model.UserSessionView { +func UserSessionsToModel(userSessions []*UserSessionView) []*model.UserSessionView { result := make([]*model.UserSessionView, len(userSessions)) for i, s := range userSessions { - result[i] = UserSessionToModel(s, prefixAvatarURL) + result[i] = UserSessionToModel(s) } return result }