TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 05:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: permissin denied (#411)

Browse Source
This commit is contained in:
Fabi
2020-07-09 09:31:29 +02:00
committed by GitHub
parent c73875afbb
commit 740bab7f59
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@@ -22,14 +22,14 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
//TODO: use real key
tokenID, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32]))
if err != nil {
return "", "", caos_errs.ThrowPermissionDenied(nil, "APP-8EF0zZ", "invalid token")
return "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token")
}
token, err := repo.View.TokenByID(tokenID)
if err != nil {
return "", "", caos_errs.ThrowPermissionDenied(err, "APP-BxUSiL", "invalid token")
return "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token")
}
if !token.Expiration.After(time.Now().UTC()) {
return "", "", caos_errs.ThrowPermissionDenied(err, "APP-k9KS0", "invalid token")
return "", "", caos_errs.ThrowUnauthenticated(err, "APP-k9KS0", "invalid token")
}
for _, aud := range token.Audience {
@@ -37,7 +37,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
return token.UserID, token.UserAgentID, nil
}
}
return "", "", caos_errs.ThrowPermissionDenied(nil, "APP-Zxfako", "invalid audience")
return "", "", caos_errs.ThrowUnauthenticated(nil, "APP-Zxfako", "invalid audience")
}
func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error) {