From 5fcb5568d7300863f85f4cbc729b74ef1ace3f18 Mon Sep 17 00:00:00 2001 From: Stefan Benz <46600784+stebenz@users.noreply.github.com> Date: Wed, 22 Nov 2023 11:12:23 +0100 Subject: [PATCH] fix: correct method and path for session api activity (#6880) * fix: correct method and path for session api activity * fix: correct method and path for session api activity * fix: correct function name for activity trigger --- internal/activity/activity.go | 27 ++++++++++++++++--- .../server/middleware/activity_interceptor.go | 11 +++++++- internal/api/grpc/session/v2/session.go | 2 +- internal/api/info/info.go | 15 +++++++++++ internal/api/oidc/auth_request.go | 14 +++++----- internal/api/saml/storage.go | 2 +- 6 files changed, 58 insertions(+), 13 deletions(-) diff --git a/internal/activity/activity.go b/internal/activity/activity.go index 2bea722414..1f89d8cd2b 100644 --- a/internal/activity/activity.go +++ b/internal/activity/activity.go @@ -44,7 +44,7 @@ func (t TriggerMethod) String() string { } } -func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) { +func TriggerHTTP(ctx context.Context, orgID, userID string, trigger TriggerMethod) { ai := info.ActivityInfoFromContext(ctx) triggerLog( authz.GetInstance(ctx).InstanceID(), @@ -55,11 +55,30 @@ func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) { ai.Method, ai.Path, ai.RequestMethod, + "", authz.GetCtxData(ctx).SystemMemberships != nil, ) } -func TriggerWithContext(ctx context.Context, trigger TriggerMethod) { +func TriggerGRPC(ctx context.Context, orgID, userID string, trigger TriggerMethod) { + ai := info.ActivityInfoFromContext(ctx) + // GRPC call the method is contained in the HTTP request path + method := ai.Path + triggerLog( + authz.GetInstance(ctx).InstanceID(), + orgID, + userID, + http_utils.ComposedOrigin(ctx), + trigger, + method, + "", + ai.RequestMethod, + ai.GRPCStatus.String(), + authz.GetCtxData(ctx).SystemMemberships != nil, + ) +} + +func TriggerGRPCWithContext(ctx context.Context, trigger TriggerMethod) { ai := info.ActivityInfoFromContext(ctx) // GRPC call the method is contained in the HTTP request path method := ai.Path @@ -72,11 +91,12 @@ func TriggerWithContext(ctx context.Context, trigger TriggerMethod) { method, "", ai.RequestMethod, + ai.GRPCStatus.String(), authz.GetCtxData(ctx).SystemMemberships != nil, ) } -func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, method, path, requestMethod string, isSystemUser bool) { +func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, method, path, requestMethod, status string, isSystemUser bool) { logging.WithFields( "instance", instanceID, "org", orgID, @@ -85,6 +105,7 @@ func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, "trigger", trigger.String(), "method", method, "path", path, + "grpcStatus", status, "requestMethod", requestMethod, "isSystemUser", isSystemUser, ).Info(Activity) diff --git a/internal/api/grpc/server/middleware/activity_interceptor.go b/internal/api/grpc/server/middleware/activity_interceptor.go index 7b6f050265..a75108328f 100644 --- a/internal/api/grpc/server/middleware/activity_interceptor.go +++ b/internal/api/grpc/server/middleware/activity_interceptor.go @@ -8,13 +8,22 @@ import ( "google.golang.org/grpc" "github.com/zitadel/zitadel/internal/activity" + "github.com/zitadel/zitadel/internal/api/grpc/errors" + ainfo "github.com/zitadel/zitadel/internal/api/info" ) func ActivityInterceptor() grpc.UnaryServerInterceptor { return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { resp, err := handler(ctx, req) if isResourceAPI(info.FullMethod) { - activity.TriggerWithContext(ctx, activity.ResourceAPI) + code, _, _, _ := errors.ExtractCaosError(err) + ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx) + activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI) + } + if strings.HasPrefix(info.FullMethod, "/zitadel.session.v1.SessionService/") { + code, _, _, _ := errors.ExtractCaosError(err) + ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx) + activity.TriggerGRPCWithContext(ctx, activity.SessionAPI) } return resp, err } diff --git a/internal/api/grpc/session/v2/session.go b/internal/api/grpc/session/v2/session.go index 874d9348e4..25e0c2af58 100644 --- a/internal/api/grpc/session/v2/session.go +++ b/internal/api/grpc/session/v2/session.go @@ -354,7 +354,7 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([ } // trigger activity log for session for user - activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SessionAPI) + activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SessionAPI) sessionChecks = append(sessionChecks, command.CheckUser(user.ID, user.ResourceOwner)) } if password := checks.GetPassword(); password != nil { diff --git a/internal/api/info/info.go b/internal/api/info/info.go index 53d53518b1..4909a86571 100644 --- a/internal/api/info/info.go +++ b/internal/api/info/info.go @@ -2,6 +2,8 @@ package info import ( "context" + + "google.golang.org/grpc/codes" ) type activityInfoKey struct{} @@ -10,6 +12,8 @@ type ActivityInfo struct { Method string Path string RequestMethod string + GRPCStatus codes.Code + HTTPStatus int } func (a *ActivityInfo) IntoContext(ctx context.Context) context.Context { @@ -32,6 +36,7 @@ func (a *ActivityInfo) SetMethod(method string) *ActivityInfo { a.Method = method return a } + func (a *ActivityInfo) SetPath(path string) *ActivityInfo { a.Path = path return a @@ -41,3 +46,13 @@ func (a *ActivityInfo) SetRequestMethod(method string) *ActivityInfo { a.RequestMethod = method return a } + +func (a *ActivityInfo) SetGRPCStatus(status codes.Code) *ActivityInfo { + a.GRPCStatus = status + return a +} + +func (a *ActivityInfo) SetHTTPStatus(status int) *ActivityInfo { + a.HTTPStatus = status + return a +} diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go index fa1e919f6b..1d4cad0c32 100644 --- a/internal/api/oidc/auth_request.go +++ b/internal/api/oidc/auth_request.go @@ -198,7 +198,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) userOrgID = authReq.UserOrgID case *AuthRequestV2: // trigger activity log for authentication for user - activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken) + activity.TriggerHTTP(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken) return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID()) } @@ -213,7 +213,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) } // trigger activity log for authentication for user - activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken) + activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken) return resp.TokenID, resp.Expiration, nil } @@ -225,11 +225,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok switch tokenReq := req.(type) { case *AuthRequestV2: // trigger activity log for authentication for user - activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) + activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID()) case *RefreshTokenRequestV2: // trigger activity log for authentication for user - activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) + activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken) return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes) } @@ -258,7 +258,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok } // trigger activity log for authentication for user - activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken) + activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken) return resp.TokenID, token, resp.Expiration, nil } @@ -288,7 +288,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken return nil, err } // trigger activity log for authentication for user - activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken) + activity.TriggerHTTP(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken) return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil } @@ -298,7 +298,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken } // trigger activity log for use of refresh token for user - activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken) + activity.TriggerHTTP(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken) return RefreshTokenRequestFromBusiness(tokenView), nil } diff --git a/internal/api/saml/storage.go b/internal/api/saml/storage.go index cad83d86a5..2156a347dc 100644 --- a/internal/api/saml/storage.go +++ b/internal/api/saml/storage.go @@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin setUserinfo(user, userinfo, attributes, customAttributes) // trigger activity log for authentication for user - activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse) + activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse) return nil }