fix: correct method and path for session api activity (#6880)

* fix: correct method and path for session api activity * fix: correct method and path for session api activity * fix: correct function name for activity trigger
2025-02-28 20:57:24 +00:00 · 2023-11-22 11:12:23 +01:00 · 2023-11-22 11:12:23 +01:00 · 5fcb5568d7
commit 5fcb5568d7
parent 76fe032b5f
6 changed files with 58 additions and 13 deletions
--- a/internal/activity/activity.go
+++ b/internal/activity/activity.go
@ -44,7 +44,7 @@ func (t TriggerMethod) String() string {
 	}
 }

-func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
+func TriggerHTTP(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
 	ai := info.ActivityInfoFromContext(ctx)
 	triggerLog(
 		authz.GetInstance(ctx).InstanceID(),
@ -55,11 +55,30 @@ func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
 		ai.Method,
 		ai.Path,
 		ai.RequestMethod,
+		"",
 		authz.GetCtxData(ctx).SystemMemberships != nil,
 	)
 }

-func TriggerWithContext(ctx context.Context, trigger TriggerMethod) {
+func TriggerGRPC(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
+	ai := info.ActivityInfoFromContext(ctx)
+	// GRPC call the method is contained in the HTTP request path
+	method := ai.Path
+	triggerLog(
+		authz.GetInstance(ctx).InstanceID(),
+		orgID,
+		userID,
+		http_utils.ComposedOrigin(ctx),
+		trigger,
+		method,
+		"",
+		ai.RequestMethod,
+		ai.GRPCStatus.String(),
+		authz.GetCtxData(ctx).SystemMemberships != nil,
+	)
+}
+
+func TriggerGRPCWithContext(ctx context.Context, trigger TriggerMethod) {
 	ai := info.ActivityInfoFromContext(ctx)
 	// GRPC call the method is contained in the HTTP request path
 	method := ai.Path
@ -72,11 +91,12 @@ func TriggerWithContext(ctx context.Context, trigger TriggerMethod) {
 		method,
 		"",
 		ai.RequestMethod,
+		ai.GRPCStatus.String(),
 		authz.GetCtxData(ctx).SystemMemberships != nil,
 	)
 }

-func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, method, path, requestMethod string, isSystemUser bool) {
+func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, method, path, requestMethod, status string, isSystemUser bool) {
 	logging.WithFields(
 		"instance", instanceID,
 		"org", orgID,
@ -85,6 +105,7 @@ func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod,
 		"trigger", trigger.String(),
 		"method", method,
 		"path", path,
+		"grpcStatus", status,
 		"requestMethod", requestMethod,
 		"isSystemUser", isSystemUser,
 	).Info(Activity)
--- a/internal/api/grpc/server/middleware/activity_interceptor.go
+++ b/internal/api/grpc/server/middleware/activity_interceptor.go
@ -8,13 +8,22 @@ import (
 	"google.golang.org/grpc"

 	"github.com/zitadel/zitadel/internal/activity"
+	"github.com/zitadel/zitadel/internal/api/grpc/errors"
+	ainfo "github.com/zitadel/zitadel/internal/api/info"
 )

 func ActivityInterceptor() grpc.UnaryServerInterceptor {
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
 		resp, err := handler(ctx, req)
 		if isResourceAPI(info.FullMethod) {
-			activity.TriggerWithContext(ctx, activity.ResourceAPI)
+			code, _, _, _ := errors.ExtractCaosError(err)
+			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
+			activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI)
+		}
+		if strings.HasPrefix(info.FullMethod, "/zitadel.session.v1.SessionService/") {
+			code, _, _, _ := errors.ExtractCaosError(err)
+			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
+			activity.TriggerGRPCWithContext(ctx, activity.SessionAPI)
 		}
 		return resp, err
 	}
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@ -354,7 +354,7 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
 		}

 		// trigger activity log for session for user
-		activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
+		activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
 		sessionChecks = append(sessionChecks, command.CheckUser(user.ID, user.ResourceOwner))
 	}
 	if password := checks.GetPassword(); password != nil {
--- a/internal/api/info/info.go
+++ b/internal/api/info/info.go
@ -2,6 +2,8 @@ package info

 import (
 	"context"
+
+	"google.golang.org/grpc/codes"
 )

 type activityInfoKey struct{}
@ -10,6 +12,8 @@ type ActivityInfo struct {
 	Method        string
 	Path          string
 	RequestMethod string
+	GRPCStatus    codes.Code
+	HTTPStatus    int
 }

 func (a *ActivityInfo) IntoContext(ctx context.Context) context.Context {
@ -32,6 +36,7 @@ func (a *ActivityInfo) SetMethod(method string) *ActivityInfo {
 	a.Method = method
 	return a
 }
+
 func (a *ActivityInfo) SetPath(path string) *ActivityInfo {
 	a.Path = path
 	return a
@ -41,3 +46,13 @@ func (a *ActivityInfo) SetRequestMethod(method string) *ActivityInfo {
 	a.RequestMethod = method
 	return a
 }
+
+func (a *ActivityInfo) SetGRPCStatus(status codes.Code) *ActivityInfo {
+	a.GRPCStatus = status
+	return a
+}
+
+func (a *ActivityInfo) SetHTTPStatus(status int) *ActivityInfo {
+	a.HTTPStatus = status
+	return a
+}
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@ -198,7 +198,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
 		userOrgID = authReq.UserOrgID
 	case *AuthRequestV2:
 		// trigger activity log for authentication for user
-		activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
+		activity.TriggerHTTP(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
 		return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
 	}

@ -213,7 +213,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
 	}

 	// trigger activity log for authentication for user
-	activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
+	activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
 	return resp.TokenID, resp.Expiration, nil
 }

@ -225,11 +225,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
 	switch tokenReq := req.(type) {
 	case *AuthRequestV2:
 		// trigger activity log for authentication for user
-		activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
+		activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
 		return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
 	case *RefreshTokenRequestV2:
 		// trigger activity log for authentication for user
-		activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
+		activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
 		return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
 	}

@ -258,7 +258,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
 	}

 	// trigger activity log for authentication for user
-	activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
+	activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
 	return resp.TokenID, token, resp.Expiration, nil
 }

@ -288,7 +288,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
 			return nil, err
 		}
 		// trigger activity log for authentication for user
-		activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
+		activity.TriggerHTTP(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
 		return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
 	}

@ -298,7 +298,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
 	}

 	// trigger activity log for use of refresh token for user
-	activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
+	activity.TriggerHTTP(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
 	return RefreshTokenRequestFromBusiness(tokenView), nil
 }

--- a/internal/api/saml/storage.go
+++ b/internal/api/saml/storage.go
@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin
 	setUserinfo(user, userinfo, attributes, customAttributes)

 	// trigger activity log for authentication for user
-	activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
+	activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
 	return nil
 }