mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
feat: check if org exists (#480)
* feat: check if org exists * feat: check if org exists * Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err handling Co-authored-by: Silvan <silvan.reusser@gmail.com>
This commit is contained in:
parent
423b86a03b
commit
5e00f1c9db
@ -2,6 +2,7 @@ package authz
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"github.com/caos/zitadel/internal/errors"
|
||||||
|
|
||||||
"github.com/caos/logging"
|
"github.com/caos/logging"
|
||||||
)
|
)
|
||||||
@ -33,6 +34,10 @@ type Grant struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
|
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
|
||||||
|
err = t.ExistsOrg(ctx, orgID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
|
||||||
|
}
|
||||||
userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
|
userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -27,6 +27,10 @@ func (v *testVerifier) ProjectIDByClientID(ctx context.Context, clientID string)
|
|||||||
return "", nil
|
return "", nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (v *testVerifier) ExistsOrg(ctx context.Context, orgID string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
||||||
return "clientID", nil
|
return "clientID", nil
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,7 @@ type authZRepo interface {
|
|||||||
VerifierClientID(ctx context.Context, name string) (clientID string, err error)
|
VerifierClientID(ctx context.Context, name string) (clientID string, err error)
|
||||||
ResolveGrants(ctx context.Context) (grant *Grant, err error)
|
ResolveGrants(ctx context.Context) (grant *Grant, err error)
|
||||||
ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error)
|
ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error)
|
||||||
|
ExistsOrg(ctx context.Context, orgID string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
func Start(authZRepo authZRepo) (v *TokenVerifier) {
|
func Start(authZRepo authZRepo) (v *TokenVerifier) {
|
||||||
@ -91,6 +92,10 @@ func (v *TokenVerifier) GetProjectIDByClientID(ctx context.Context, clientID str
|
|||||||
return v.authZRepo.ProjectIDByClientID(ctx, clientID)
|
return v.authZRepo.ProjectIDByClientID(ctx, clientID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) error {
|
||||||
|
return v.authZRepo.ExistsOrg(ctx, orgID)
|
||||||
|
}
|
||||||
|
|
||||||
func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool) {
|
func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool) {
|
||||||
authOpt, ok := v.authMethods[method]
|
authOpt, ok := v.authMethods[method]
|
||||||
return authOpt, ok
|
return authOpt, ok
|
||||||
|
@ -30,6 +30,9 @@ func (v *verifierMock) ResolveGrants(ctx context.Context) (*authz.Grant, error)
|
|||||||
func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
|
func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
|
||||||
return "", nil
|
return "", nil
|
||||||
}
|
}
|
||||||
|
func (v *verifierMock) ExistsOrg(ctx context.Context, orgID string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
||||||
return "", nil
|
return "", nil
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,11 @@ func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID
|
|||||||
return app.ProjectID, nil
|
return app.ProjectID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (repo *TokenVerifierRepo) ExistsOrg(ctx context.Context, orgID string) error {
|
||||||
|
_, err := repo.View.OrgByID(orgID)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
||||||
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
|
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -37,6 +37,7 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
|
|||||||
iamEvents: repos.IamEvents,
|
iamEvents: repos.IamEvents,
|
||||||
},
|
},
|
||||||
&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}},
|
&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}},
|
||||||
|
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
67
internal/authz/repository/eventsourcing/handler/org.go
Normal file
67
internal/authz/repository/eventsourcing/handler/org.go
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
package handler
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/caos/logging"
|
||||||
|
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||||
|
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||||
|
"github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||||
|
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||||
|
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Org struct {
|
||||||
|
handler
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
orgTable = "authz.orgs"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (o *Org) MinimumCycleDuration() time.Duration { return o.cycleDuration }
|
||||||
|
|
||||||
|
func (o *Org) ViewModel() string {
|
||||||
|
return orgTable
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
|
||||||
|
sequence, err := o.view.GetLatestOrgSequence()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return eventsourcing.OrgQuery(sequence.CurrentSequence), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *Org) Reduce(event *es_models.Event) error {
|
||||||
|
org := new(org_model.OrgView)
|
||||||
|
|
||||||
|
switch event.Type {
|
||||||
|
case model.OrgAdded:
|
||||||
|
err := org.AppendEvent(event)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
case model.OrgChanged:
|
||||||
|
err := org.SetData(event)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
org, err = o.view.OrgByID(org.ID)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
err = org.AppendEvent(event)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return o.view.ProcessedOrgSequence(event.Sequence)
|
||||||
|
}
|
||||||
|
|
||||||
|
return o.view.PutOrg(org)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {
|
||||||
|
logging.LogWithFields("SPOOL-8siWS", "id", event.AggregateID).WithError(spoolerErr).Warn("something went wrong in org handler")
|
||||||
|
return spooler.HandleError(event, spoolerErr, o.view.GetLatestOrgFailedEvent, o.view.ProcessedOrgFailedEvent, o.view.ProcessedOrgSequence, o.errorCountUntilSkip)
|
||||||
|
}
|
44
internal/authz/repository/eventsourcing/view/org.go
Normal file
44
internal/authz/repository/eventsourcing/view/org.go
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
package view
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/caos/zitadel/internal/org/model"
|
||||||
|
org_view "github.com/caos/zitadel/internal/org/repository/view"
|
||||||
|
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
|
||||||
|
"github.com/caos/zitadel/internal/view/repository"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
orgTable = "authz.orgs"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (v *View) OrgByID(orgID string) (*org_model.OrgView, error) {
|
||||||
|
return org_view.OrgByID(v.Db, orgTable, orgID)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) SearchOrgs(req *model.OrgSearchRequest) ([]*org_model.OrgView, int, error) {
|
||||||
|
return org_view.SearchOrgs(v.Db, orgTable, req)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) PutOrg(org *org_model.OrgView) error {
|
||||||
|
err := org_view.PutOrg(v.Db, orgTable, org)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return v.ProcessedOrgSequence(org.Sequence)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||||
|
return v.latestFailedEvent(orgTable, sequence)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) ProcessedOrgFailedEvent(failedEvent *repository.FailedEvent) error {
|
||||||
|
return v.saveFailedEvent(failedEvent)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
|
||||||
|
return v.latestSequence(orgTable)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *View) ProcessedOrgSequence(eventSequence uint64) error {
|
||||||
|
return v.saveCurrentSequence(orgTable, eventSequence)
|
||||||
|
}
|
@ -7,4 +7,5 @@ import (
|
|||||||
type TokenVerifierRepository interface {
|
type TokenVerifierRepository interface {
|
||||||
VerifyAccessToken(ctx context.Context, appName string) (string, string, string, error)
|
VerifyAccessToken(ctx context.Context, appName string) (string, string, string, error)
|
||||||
ProjectIDByClientID(ctx context.Context, clientID string) (string, error)
|
ProjectIDByClientID(ctx context.Context, clientID string) (string, error)
|
||||||
|
ExistsOrg(ctx context.Context, orgID string) error
|
||||||
}
|
}
|
||||||
|
17
migrations/cockroach/V1.6__authz_orgs.sql
Normal file
17
migrations/cockroach/V1.6__authz_orgs.sql
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
BEGIN;
|
||||||
|
|
||||||
|
CREATE TABLE authz.orgs (
|
||||||
|
id TEXT,
|
||||||
|
creation_date TIMESTAMPTZ,
|
||||||
|
change_date TIMESTAMPTZ,
|
||||||
|
resource_owner TEXT,
|
||||||
|
org_state SMALLINT,
|
||||||
|
sequence BIGINT,
|
||||||
|
|
||||||
|
domain TEXT,
|
||||||
|
name TEXT,
|
||||||
|
|
||||||
|
PRIMARY KEY (id)
|
||||||
|
);
|
||||||
|
|
||||||
|
COMMIT;
|
Loading…
Reference in New Issue
Block a user