TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login): ensure auth request information is up-to-date in external user check (#6060)

Browse Source
This commit is contained in:
Livio Spring 2023-06-21 07:00:03 +02:00
parent 74198b0078
commit 8041dd995c
No known key found for this signature in database
GPG Key ID: 26BB1C2FA5952CF0
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/api/ui/login/external_provider_handler.go
View File

@ -292,6 +292,13 @@ func (l *Login) handleExternalUserAuthenticated(
l.renderError(w, r, authReq, externalErr) l.renderError(w, r, authReq, externalErr)
return return
} }
var err error
// read current auth request state (incl. authorized user)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
}
externalUser, externalUserChange, err := l.runPostExternalAuthenticationActions(externalUser, tokens(session), authReq, r, user, nil) externalUser, externalUserChange, err := l.runPostExternalAuthenticationActions(externalUser, tokens(session), authReq, r, user, nil)
if err != nil { if err != nil {
l.renderError(w, r, authReq, err) l.renderError(w, r, authReq, err)
@ -302,14 +309,6 @@ func (l *Login) handleExternalUserAuthenticated(
l.externalUserNotExisting(w, r, authReq, provider, externalUser, externalUserChange) l.externalUserNotExisting(w, r, authReq, provider, externalUser, externalUserChange)
return return
} }
if provider.IsAutoUpdate || len(externalUser.Metadatas) > 0 || externalUserChange {
// read current auth request state (incl. authorized user)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
}
}
if provider.IsAutoUpdate || externalUserChange { if provider.IsAutoUpdate || externalUserChange {
err = l.updateExternalUser(r.Context(), authReq, externalUser) err = l.updateExternalUser(r.Context(), authReq, externalUser)
if err != nil { if err != nil {

2
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -247,6 +247,8 @@ func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReq
} }
err = repo.checkExternalUserLogin(ctx, request, externalUser.IDPConfigID, externalUser.ExternalUserID) err = repo.checkExternalUserLogin(ctx, request, externalUser.IDPConfigID, externalUser.ExternalUserID)
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
// clear potential user information (e.g. when username was entered but another external user was returned)
request.SetUserInfo("", "", "", "", "", request.UserOrgID)
if err := repo.setLinkingUser(ctx, request, externalUser); err != nil { if err := repo.setLinkingUser(ctx, request, externalUser); err != nil {
return err return err
} }