fix: token check and error unwrapping (#3648)

* fix: token check and error unwrapping * remove unused code
2025-01-06 13:57:41 +00:00 · 2022-05-18 10:49:16 +02:00 · 2022-05-18 10:49:16 +02:00 · 616b31c959
commit 616b31c959
parent 4ec006dd02
13 changed files with 46 additions and 33 deletions
--- a/internal/api/authz/token.go
+++ b/internal/api/authz/token.go
@ -32,11 +32,7 @@ func Start(authZRepo authZRepo) (v *TokenVerifier) {
 }

 func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error) {
-	verifierClientID, projectID, err := v.clientIDAndProjectIDFromMethod(ctx, method)
-	if err != nil {
-		return "", "", "", "", "", err
-	}
-	userID, agentID, clientID, prefLang, resourceOwner, err = v.authZRepo.VerifyAccessToken(ctx, token, verifierClientID, projectID)
+	userID, agentID, clientID, prefLang, resourceOwner, err = v.authZRepo.VerifyAccessToken(ctx, token, "", GetInstance(ctx).ProjectID())
 	return userID, clientID, agentID, prefLang, resourceOwner, err
 }

@ -56,33 +52,6 @@ func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings Me
 	}
 }

-func prefixFromMethod(method string) (string, bool) {
-	parts := strings.Split(method, "/")
-	if len(parts) < 2 {
-		return "", false
-	}
-	return parts[1], true
-}
-
-func (v *TokenVerifier) clientIDAndProjectIDFromMethod(ctx context.Context, method string) (clientID, projectID string, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	prefix, ok := prefixFromMethod(method)
-	if !ok {
-		return "", "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-GRD2Q", "Errors.Internal")
-	}
-	app, ok := v.clients.Load(prefix)
-	if !ok {
-		return "", "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-G2qrh", "Errors.Internal")
-	}
-	c := app.(*client)
-	c.id, c.projectID, err = v.authZRepo.VerifierClientID(ctx, c.name)
-	if err != nil {
-		return "", "", caos_errs.ThrowPermissionDenied(err, "AUTHZ-ptTIF2", "Errors.Internal")
-	}
-	return c.id, c.projectID, nil
-}
 func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@ -89,7 +89,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
 		return token.UserID, "", "", "", token.ResourceOwner, nil
 	}
 	for _, aud := range token.Audience {
-		if verifierClientID == aud || projectID == aud || authz.GetInstance(ctx).ProjectID() == aud {
+		if verifierClientID == aud || projectID == aud {
 			return token.UserID, token.UserAgentID, token.ApplicationID, token.PreferredLanguage, token.ResourceOwner, nil
 		}
 	}
--- a/internal/errors/already_exists.go
+++ b/internal/errors/already_exists.go
@ -38,3 +38,7 @@ func IsErrorAlreadyExists(err error) bool {
 	_, ok := err.(AlreadyExists)
 	return ok
 }
+
+func (err *AlreadyExistsError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/deadline_exceeded.go
+++ b/internal/errors/deadline_exceeded.go
@ -40,3 +40,7 @@ func (err *DeadlineExceededError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *DeadlineExceededError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/internal.go
+++ b/internal/errors/internal.go
@ -40,3 +40,7 @@ func (err *InternalError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *InternalError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/invalid_argument.go
+++ b/internal/errors/invalid_argument.go
@ -38,3 +38,7 @@ func (err *InvalidArgumentError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *InvalidArgumentError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/not_found.go
+++ b/internal/errors/not_found.go
@ -33,3 +33,7 @@ func (err *NotFoundError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *NotFoundError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/permission_denied.go
+++ b/internal/errors/permission_denied.go
@ -40,3 +40,7 @@ func (err *PermissionDeniedError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *PermissionDeniedError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/precondition_failed.go
+++ b/internal/errors/precondition_failed.go
@ -40,3 +40,7 @@ func (err *PreconditionFailedError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *PreconditionFailedError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/unauthenticated.go
+++ b/internal/errors/unauthenticated.go
@ -40,3 +40,7 @@ func (err *UnauthenticatedError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *UnauthenticatedError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/unavailable.go
+++ b/internal/errors/unavailable.go
@ -40,3 +40,7 @@ func (err *UnavailableError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *UnavailableError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/unimplemented.go
+++ b/internal/errors/unimplemented.go
@ -40,3 +40,7 @@ func (err *UnimplementedError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *UnimplementedError) Unwrap() error {
+	return err.CaosError
+}
--- a/internal/errors/unknown.go
+++ b/internal/errors/unknown.go
@ -40,3 +40,7 @@ func (err *UnknownError) Is(target error) bool {
 	}
 	return err.CaosError.Is(t.CaosError)
 }
+
+func (err *UnknownError) Unwrap() error {
+	return err.CaosError
+}