TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: check if org exists (#480)

Browse Source 
* feat: check if org exists

* feat: check if org exists

* Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: err handling

Co-authored-by: Silvan <silvan.reusser@gmail.com>
This commit is contained in:
Fabi
2020-07-16 13:27:36 +02:00
committed by GitHub
parent 423b86a03b
commit 5e00f1c9db
10 changed files with 152 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/api/authz/context.go
View File

@@ -2,6 +2,7 @@ package authz
import (
"context"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/logging"
)
@@ -33,6 +34,10 @@ type Grant struct {
}
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
err = t.ExistsOrg(ctx, orgID)
if err != nil {
return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
}
userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
if err != nil {
return nil, err

4
internal/api/authz/permissions_test.go
View File

@@ -27,6 +27,10 @@ func (v *testVerifier) ProjectIDByClientID(ctx context.Context, clientID string)
return "", nil
}
func (v *testVerifier) ExistsOrg(ctx context.Context, orgID string) error {
return nil
}
func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (string, error) {
return "clientID", nil
}

5
internal/api/authz/token.go
View File

@@ -23,6 +23,7 @@ type authZRepo interface {
VerifierClientID(ctx context.Context, name string) (clientID string, err error)
ResolveGrants(ctx context.Context) (grant *Grant, err error)
ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error)
ExistsOrg(ctx context.Context, orgID string) error
}
func Start(authZRepo authZRepo) (v *TokenVerifier) {
@@ -91,6 +92,10 @@ func (v *TokenVerifier) GetProjectIDByClientID(ctx context.Context, clientID str
return v.authZRepo.ProjectIDByClientID(ctx, clientID)
}
func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) error {
return v.authZRepo.ExistsOrg(ctx, orgID)
}
func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool) {
authOpt, ok := v.authMethods[method]
return authOpt, ok

3
internal/api/grpc/server/middleware/auth_interceptor_test.go
View File

@@ -30,6 +30,9 @@ func (v *verifierMock) ResolveGrants(ctx context.Context) (*authz.Grant, error)
func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
return "", nil
}
func (v *verifierMock) ExistsOrg(ctx context.Context, orgID string) error {
return nil
}
func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
return "", nil
}