TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-23 14:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(oidc): add additional spans to userinfo code paths (#7749)

Browse Source
This commit is contained in:
Tim Möhlmann 2024-04-10 18:05:13 +03:00 committed by GitHub
parent 0267415126
commit b3e3239d76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/oidc/access_token.go
View File

@ -13,6 +13,7 @@ import (
"github.com/zitadel/zitadel/internal/command" "github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
"github.com/zitadel/zitadel/internal/user/model" "github.com/zitadel/zitadel/internal/user/model"
"github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/internal/zerrors"
) )
@ -35,7 +36,10 @@ type accessToken struct {
var ErrInvalidTokenFormat = errors.New("invalid token format") var ErrInvalidTokenFormat = errors.New("invalid token format")
func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (*accessToken, error) { func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (_ *accessToken, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
var tokenID, subject string var tokenID, subject string
if tokenIDSubject, err := s.Provider().Crypto().Decrypt(tkn); err == nil { if tokenIDSubject, err := s.Provider().Crypto().Decrypt(tkn); err == nil {

8
internal/api/oidc/userinfo.go
View File

@ -61,6 +61,9 @@ func (s *Server) UserInfo(ctx context.Context, r *op.Request[oidc.UserInfoReques
} }
func (s *Server) userInfo(ctx context.Context, userID, projectID string, projectRoleAssertion bool, scope, roleAudience []string) (_ *oidc.UserInfo, err error) { func (s *Server) userInfo(ctx context.Context, userID, projectID string, projectRoleAssertion bool, scope, roleAudience []string) (_ *oidc.UserInfo, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
roleAudience, requestedRoles := prepareRoles(ctx, projectID, projectRoleAssertion, scope, roleAudience) roleAudience, requestedRoles := prepareRoles(ctx, projectID, projectRoleAssertion, scope, roleAudience)
qu, err := s.query.GetOIDCUserInfo(ctx, userID, roleAudience) qu, err := s.query.GetOIDCUserInfo(ctx, userID, roleAudience)
if err != nil { if err != nil {
@ -211,7 +214,10 @@ func setUserInfoRoleClaims(userInfo *oidc.UserInfo, roles *projectsRoles) {
} }
} }
func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, userInfo *oidc.UserInfo) error { func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, userInfo *oidc.UserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
queriedActions, err := s.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, qu.User.ResourceOwner) queriedActions, err := s.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, qu.User.ResourceOwner)
if err != nil { if err != nil {
return err return err

10
internal/auth/repository/eventsourcing/eventstore/token.go
View File

@ -21,7 +21,10 @@ type TokenRepo struct {
View *view.View View *view.View
} }
func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) { func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (_ *usr_model.TokenView, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
instanceID := authz.GetInstance(ctx).InstanceID() instanceID := authz.GetInstance(ctx).InstanceID()
// always load the latest sequence first, so in case the token was not found by id, // always load the latest sequence first, so in case the token was not found by id,
@ -68,7 +71,10 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (
return model.TokenViewToModel(token), nil return model.TokenViewToModel(token), nil
} }
func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, changeDate time.Time, eventTypes []eventstore.EventType) ([]eventstore.Event, error) { func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, changeDate time.Time, eventTypes []eventstore.EventType) (_ []eventstore.Event, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
query, err := usr_view.UserByIDQuery(userID, instanceID, changeDate, eventTypes) query, err := usr_view.UserByIDQuery(userID, instanceID, changeDate, eventTypes)
if err != nil { if err != nil {
return nil, err return nil, err

4
internal/auth/repository/eventsourcing/view/token.go
View File

@ -5,6 +5,7 @@ import (
"github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/query" "github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
usr_view "github.com/zitadel/zitadel/internal/user/repository/view" usr_view "github.com/zitadel/zitadel/internal/user/repository/view"
"github.com/zitadel/zitadel/internal/user/repository/view/model" "github.com/zitadel/zitadel/internal/user/repository/view/model"
"github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/internal/zerrors"
@ -87,6 +88,9 @@ func (v *View) DeleteOrgTokens(event eventstore.Event) error {
} }
func (v *View) GetLatestTokenSequence(ctx context.Context, instanceID string) (_ *query.CurrentState, err error) { func (v *View) GetLatestTokenSequence(ctx context.Context, instanceID string) (_ *query.CurrentState, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
q := &query.CurrentStateSearchQueries{ q := &query.CurrentStateSearchQueries{
Queries: make([]query.SearchQuery, 2), Queries: make([]query.SearchQuery, 2),
} }