feat: check if org exists (#480)

* feat: check if org exists * feat: check if org exists * Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err handling Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-12-12 11:04:25 +00:00 · 2020-07-16 13:27:36 +02:00 · 2020-07-16 13:27:36 +02:00 · 5e00f1c9db
commit 5e00f1c9db
parent 423b86a03b
10 changed files with 152 additions and 0 deletions
--- a/internal/api/authz/context.go
+++ b/internal/api/authz/context.go
@ -2,6 +2,7 @@ package authz
 import (
 	"context"
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/logging"
 )
@ -33,6 +34,10 @@ type Grant struct {
 }
 func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
 	err = t.ExistsOrg(ctx, orgID)
 	if err != nil {
 		return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
 	}
 	userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
 	if err != nil {
 		return nil, err
--- a/internal/api/authz/permissions_test.go
+++ b/internal/api/authz/permissions_test.go
@ -27,6 +27,10 @@ func (v *testVerifier) ProjectIDByClientID(ctx context.Context, clientID string)
 	return "", nil
 }
 func (v *testVerifier) ExistsOrg(ctx context.Context, orgID string) error {
 	return nil
 }
 func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (string, error) {
 	return "clientID", nil
 }
--- a/internal/api/authz/token.go
+++ b/internal/api/authz/token.go
@ -23,6 +23,7 @@ type authZRepo interface {
 	VerifierClientID(ctx context.Context, name string) (clientID string, err error)
 	ResolveGrants(ctx context.Context) (grant *Grant, err error)
 	ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error)
 	ExistsOrg(ctx context.Context, orgID string) error
 }
 func Start(authZRepo authZRepo) (v *TokenVerifier) {
@ -91,6 +92,10 @@ func (v *TokenVerifier) GetProjectIDByClientID(ctx context.Context, clientID str
 	return v.authZRepo.ProjectIDByClientID(ctx, clientID)
 }
 func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) error {
 	return v.authZRepo.ExistsOrg(ctx, orgID)
 }
 func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool) {
 	authOpt, ok := v.authMethods[method]
 	return authOpt, ok
--- a/internal/api/grpc/server/middleware/auth_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor_test.go
@ -30,6 +30,9 @@ func (v *verifierMock) ResolveGrants(ctx context.Context) (*authz.Grant, error)
 func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
 	return "", nil
 }
 func (v *verifierMock) ExistsOrg(ctx context.Context, orgID string) error {
 	return nil
 }
 func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
 	return "", nil
 }
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@ -48,6 +48,11 @@ func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID
 	return app.ProjectID, nil
 }
 func (repo *TokenVerifierRepo) ExistsOrg(ctx context.Context, orgID string) error {
 	_, err := repo.View.OrgByID(orgID)
 	return err
 }
 func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
 	iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
 	if err != nil {
--- a/internal/authz/repository/eventsourcing/handler/handler.go
+++ b/internal/authz/repository/eventsourcing/handler/handler.go
@ -37,6 +37,7 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
 			iamEvents:  repos.IamEvents,
 		},
 		&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}},
 		&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
 	}
 }
--- a/internal/authz/repository/eventsourcing/handler/org.go
+++ b/internal/authz/repository/eventsourcing/handler/org.go
@ -0,0 +1,67 @@
 package handler
 import (
 	"github.com/caos/logging"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/spooler"
 	"github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	org_model "github.com/caos/zitadel/internal/org/repository/view/model"
 	"time"
 )
 type Org struct {
 	handler
 }
 const (
 	orgTable = "authz.orgs"
 )
 func (o *Org) MinimumCycleDuration() time.Duration { return o.cycleDuration }
 func (o *Org) ViewModel() string {
 	return orgTable
 }
 func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
 	sequence, err := o.view.GetLatestOrgSequence()
 	if err != nil {
 		return nil, err
 	}
 	return eventsourcing.OrgQuery(sequence.CurrentSequence), nil
 }
 func (o *Org) Reduce(event *es_models.Event) error {
 	org := new(org_model.OrgView)
 	switch event.Type {
 	case model.OrgAdded:
 		err := org.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 	case model.OrgChanged:
 		err := org.SetData(event)
 		if err != nil {
 			return err
 		}
 		org, err = o.view.OrgByID(org.ID)
 		if err != nil {
 			return err
 		}
 		err = org.AppendEvent(event)
 		if err != nil {
 			return err
 		}
 	default:
 		return o.view.ProcessedOrgSequence(event.Sequence)
 	}
 	return o.view.PutOrg(org)
 }
 func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {
 	logging.LogWithFields("SPOOL-8siWS", "id", event.AggregateID).WithError(spoolerErr).Warn("something went wrong in org handler")
 	return spooler.HandleError(event, spoolerErr, o.view.GetLatestOrgFailedEvent, o.view.ProcessedOrgFailedEvent, o.view.ProcessedOrgSequence, o.errorCountUntilSkip)
 }
--- a/internal/authz/repository/eventsourcing/view/org.go
+++ b/internal/authz/repository/eventsourcing/view/org.go
@ -0,0 +1,44 @@
 package view
 import (
 	"github.com/caos/zitadel/internal/org/model"
 	org_view "github.com/caos/zitadel/internal/org/repository/view"
 	org_model "github.com/caos/zitadel/internal/org/repository/view/model"
 	"github.com/caos/zitadel/internal/view/repository"
 )
 const (
 	orgTable = "authz.orgs"
 )
 func (v *View) OrgByID(orgID string) (*org_model.OrgView, error) {
 	return org_view.OrgByID(v.Db, orgTable, orgID)
 }
 func (v *View) SearchOrgs(req *model.OrgSearchRequest) ([]*org_model.OrgView, int, error) {
 	return org_view.SearchOrgs(v.Db, orgTable, req)
 }
 func (v *View) PutOrg(org *org_model.OrgView) error {
 	err := org_view.PutOrg(v.Db, orgTable, org)
 	if err != nil {
 		return err
 	}
 	return v.ProcessedOrgSequence(org.Sequence)
 }
 func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
 	return v.latestFailedEvent(orgTable, sequence)
 }
 func (v *View) ProcessedOrgFailedEvent(failedEvent *repository.FailedEvent) error {
 	return v.saveFailedEvent(failedEvent)
 }
 func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
 	return v.latestSequence(orgTable)
 }
 func (v *View) ProcessedOrgSequence(eventSequence uint64) error {
 	return v.saveCurrentSequence(orgTable, eventSequence)
 }
--- a/internal/authz/repository/token_verifier.go
+++ b/internal/authz/repository/token_verifier.go
@ -7,4 +7,5 @@ import (
 type TokenVerifierRepository interface {
 	VerifyAccessToken(ctx context.Context, appName string) (string, string, string, error)
 	ProjectIDByClientID(ctx context.Context, clientID string) (string, error)
 	ExistsOrg(ctx context.Context, orgID string) error
 }
--- a/migrations/cockroach/V1.6__authz_orgs.sql
+++ b/migrations/cockroach/V1.6__authz_orgs.sql
@ -0,0 +1,17 @@
 BEGIN;
 CREATE TABLE authz.orgs (
    id TEXT,
    creation_date TIMESTAMPTZ,
    change_date TIMESTAMPTZ,
    resource_owner TEXT,
    org_state SMALLINT,
    sequence BIGINT,
    domain TEXT,
    name TEXT,
    PRIMARY KEY (id)
 );
 COMMIT;