From 87a2e18a4d6d5e6e161a8c48a18f9f5ed719f565 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 10 Mar 2021 14:32:56 +0100 Subject: [PATCH] fix: migration, key rotation and org event reducing (#1403) * fix: migration, key rotation and org event reducing * fix oidc app * pointer receiver name --- .../eventsourcing/handler/user_membership.go | 6 +++- internal/domain/application_oidc.go | 34 +++++++++---------- internal/key/repository/view/query.go | 4 ++- .../eventsourcing/handler/notify_user.go | 6 +++- internal/repository/keypair/aggregate.go | 2 +- internal/repository/keypair/eventstore.go | 2 +- internal/repository/keypair/key_pair.go | 2 +- migrations/cockroach/V1.36__queries.sql | 2 +- 8 files changed, 34 insertions(+), 24 deletions(-) diff --git a/internal/authz/repository/eventsourcing/handler/user_membership.go b/internal/authz/repository/eventsourcing/handler/user_membership.go index 62e459688d..2da150a14a 100644 --- a/internal/authz/repository/eventsourcing/handler/user_membership.go +++ b/internal/authz/repository/eventsourcing/handler/user_membership.go @@ -276,7 +276,11 @@ func (u *UserMembership) getOrgByID(ctx context.Context, orgID string) (*org_mod return nil, err } - var esOrg *org_es_model.Org + esOrg := &org_es_model.Org{ + ObjectRoot: es_models.ObjectRoot{ + AggregateID: orgID, + }, + } err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esOrg.AppendEvents, query) if err != nil && !errors.IsNotFound(err) { return nil, err diff --git a/internal/domain/application_oidc.go b/internal/domain/application_oidc.go index 0ffa05c7dd..5a91092c62 100644 --- a/internal/domain/application_oidc.go +++ b/internal/domain/application_oidc.go @@ -41,24 +41,24 @@ type OIDCApp struct { State AppState } -func (h OIDCApp) GetApplicationName() string { - return h.AppName +func (a *OIDCApp) GetApplicationName() string { + return a.AppName } -func (h OIDCApp) GetState() AppState { - return h.State +func (a *OIDCApp) GetState() AppState { + return a.State } -func (h OIDCApp) setClientID(clientID string) { - h.ClientID = clientID +func (a *OIDCApp) setClientID(clientID string) { + a.ClientID = clientID } -func (h OIDCApp) setClientSecret(clientSecret *crypto.CryptoValue) { - h.ClientSecret = clientSecret +func (a *OIDCApp) setClientSecret(clientSecret *crypto.CryptoValue) { + a.ClientSecret = clientSecret } -func (h OIDCApp) requiresClientSecret() bool { - return h.AuthMethodType == OIDCAuthMethodTypeBasic || h.AuthMethodType == OIDCAuthMethodTypePost +func (a *OIDCApp) requiresClientSecret() bool { + return a.AuthMethodType == OIDCAuthMethodTypeBasic || a.AuthMethodType == OIDCAuthMethodTypePost } type OIDCVersion int32 @@ -112,10 +112,10 @@ const ( OIDCTokenTypeJWT ) -func (c *OIDCApp) IsValid() bool { - grantTypes := c.getRequiredGrantTypes() +func (a *OIDCApp) IsValid() bool { + grantTypes := a.getRequiredGrantTypes() for _, grantType := range grantTypes { - ok := containsOIDCGrantType(c.GrantTypes, grantType) + ok := containsOIDCGrantType(a.GrantTypes, grantType) if !ok { return false } @@ -123,10 +123,10 @@ func (c *OIDCApp) IsValid() bool { return true } -func (c *OIDCApp) getRequiredGrantTypes() []OIDCGrantType { +func (a *OIDCApp) getRequiredGrantTypes() []OIDCGrantType { grantTypes := make([]OIDCGrantType, 0) implicit := false - for _, r := range c.ResponseTypes { + for _, r := range a.ResponseTypes { switch r { case OIDCResponseTypeCode: grantTypes = append(grantTypes, OIDCGrantTypeAuthorizationCode) @@ -149,8 +149,8 @@ func containsOIDCGrantType(grantTypes []OIDCGrantType, grantType OIDCGrantType) return false } -func (c *OIDCApp) FillCompliance() { - c.Compliance = GetOIDCCompliance(c.OIDCVersion, c.ApplicationType, c.GrantTypes, c.ResponseTypes, c.AuthMethodType, c.RedirectUris) +func (a *OIDCApp) FillCompliance() { + a.Compliance = GetOIDCCompliance(a.OIDCVersion, a.ApplicationType, a.GrantTypes, a.ResponseTypes, a.AuthMethodType, a.RedirectUris) } func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance { diff --git a/internal/key/repository/view/query.go b/internal/key/repository/view/query.go index 521c5905f8..c066484186 100644 --- a/internal/key/repository/view/query.go +++ b/internal/key/repository/view/query.go @@ -3,9 +3,11 @@ package view import ( "github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/repository/iam" + "github.com/caos/zitadel/internal/repository/keypair" ) func KeyPairQuery(latestSequence uint64) *eventstore.SearchQueryBuilder { return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). - SequenceGreater(latestSequence) + SequenceGreater(latestSequence). + EventTypes(keypair.AddedEventType) } diff --git a/internal/notification/repository/eventsourcing/handler/notify_user.go b/internal/notification/repository/eventsourcing/handler/notify_user.go index 48ca62b6aa..20e406a291 100644 --- a/internal/notification/repository/eventsourcing/handler/notify_user.go +++ b/internal/notification/repository/eventsourcing/handler/notify_user.go @@ -242,7 +242,11 @@ func (u *NotifyUser) getOrgByID(ctx context.Context, orgID string) (*org_model.O return nil, err } - var esOrg *org_es_model.Org + esOrg := &org_es_model.Org{ + ObjectRoot: es_models.ObjectRoot{ + AggregateID: orgID, + }, + } err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esOrg.AppendEvents, query) if err != nil && !caos_errs.IsNotFound(err) { return nil, err diff --git a/internal/repository/keypair/aggregate.go b/internal/repository/keypair/aggregate.go index a5ed4c4e37..1fb1f1cfb8 100644 --- a/internal/repository/keypair/aggregate.go +++ b/internal/repository/keypair/aggregate.go @@ -1,4 +1,4 @@ -package usergrant +package keypair import ( "github.com/caos/zitadel/internal/eventstore" diff --git a/internal/repository/keypair/eventstore.go b/internal/repository/keypair/eventstore.go index ea7e269da8..fa222da931 100644 --- a/internal/repository/keypair/eventstore.go +++ b/internal/repository/keypair/eventstore.go @@ -1,4 +1,4 @@ -package usergrant +package keypair import ( "github.com/caos/zitadel/internal/eventstore" diff --git a/internal/repository/keypair/key_pair.go b/internal/repository/keypair/key_pair.go index 9ca2e837e3..fb825e71f9 100644 --- a/internal/repository/keypair/key_pair.go +++ b/internal/repository/keypair/key_pair.go @@ -1,4 +1,4 @@ -package usergrant +package keypair import ( "context" diff --git a/migrations/cockroach/V1.36__queries.sql b/migrations/cockroach/V1.36__queries.sql index 4ad89d35dd..a01fd8bdd0 100644 --- a/migrations/cockroach/V1.36__queries.sql +++ b/migrations/cockroach/V1.36__queries.sql @@ -1,2 +1,2 @@ CREATE USER queries WITH PASSWORD ${queriespassword}; -GRANT SELECT ON DATABASE eventstore TO queries; +GRANT SELECT ON TABLE eventstore.events TO queries;