fix: audience in create token (#985)

This commit is contained in:
Fabi 2020-11-18 17:11:37 +01:00 committed by GitHub
parent 1e23292fc4
commit a40ec1f25b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 5 deletions

View File

@ -109,8 +109,6 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
return nil, err
}
request.Audience = appIDs
projectIDAud := request.GetScopeProjectIDsForAud()
request.Audience = append(request.Audience, projectIDAud...)
request.AppendAudIfNotExisting(app.ProjectID)
if request.LoginHint != "" {
err = repo.checkLoginName(ctx, request, request.LoginHint)

View File

@ -3,11 +3,13 @@ package eventstore
import (
"context"
"github.com/caos/logging"
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/repository/view/model"
"strings"
"time"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
@ -18,19 +20,26 @@ type TokenRepo struct {
View *view.View
}
func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) {
func (repo *TokenRepo) CreateToken(ctx context.Context, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error) {
preferredLanguage := ""
user, _ := repo.View.UserByID(userID)
if user != nil {
preferredLanguage = user.PreferredLanguage
}
for _, scope := range scopes {
if strings.HasPrefix(scope, auth_req_model.ProjectIDScope) && strings.HasSuffix(scope, auth_req_model.AudSuffix) {
audience = append(audience, strings.TrimSuffix(strings.TrimPrefix(scope, auth_req_model.ProjectIDScope), auth_req_model.AudSuffix))
}
}
now := time.Now().UTC()
token := &usr_model.Token{
ObjectRoot: models.ObjectRoot{
AggregateID: userID,
},
UserAgentID: agentID,
ApplicationID: applicationID,
ApplicationID: clientID,
Audience: audience,
Scopes: scopes,
Expiration: now.Add(lifetime),
@ -82,3 +91,12 @@ func (repo *TokenRepo) TokenByID(ctx context.Context, userID, tokenID string) (*
}
return model.TokenViewToModel(token), nil
}
func AppendAudIfNotExisting(aud string, existingAud []string) []string {
for _, a := range existingAud {
if a == aud {
return existingAud
}
}
return append(existingAud, aud)
}

View File

@ -7,7 +7,7 @@ import (
)
type TokenRepository interface {
CreateToken(ctx context.Context, agentID, applicationID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error)
CreateToken(ctx context.Context, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*usr_model.Token, error)
IsTokenValid(ctx context.Context, userID, tokenID string) (bool, error)
TokenByID(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error)
}