TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-12 19:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: token verification (don't cache zitadel id system wide) (#3542)

Browse Source
This commit is contained in:
Livio Amstutz 2022-04-29 14:16:23 +02:00 committed by GitHub
parent a3fb49db2c
commit dc7fdb240b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/authz/token.go
View File

@ -78,14 +78,10 @@ func (v *TokenVerifier) clientIDAndProjectIDFromMethod(ctx context.Context, meth
return "", "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-G2qrh", "Errors.Internal") return "", "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-G2qrh", "Errors.Internal")
} }
c := app.(*client) c := app.(*client)
if c.id != "" {
return c.id, c.projectID, nil
}
c.id, c.projectID, err = v.authZRepo.VerifierClientID(ctx, c.name) c.id, c.projectID, err = v.authZRepo.VerifierClientID(ctx, c.name)
if err != nil { if err != nil {
return "", "", caos_errs.ThrowPermissionDenied(err, "AUTHZ-ptTIF2", "Errors.Internal") return "", "", caos_errs.ThrowPermissionDenied(err, "AUTHZ-ptTIF2", "Errors.Internal")
} }
v.clients.Store(prefix, c)
return c.id, c.projectID, nil return c.id, c.projectID, nil
} }
func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error) { func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error) {

8
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@ -90,7 +90,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
return token.UserID, "", "", "", token.ResourceOwner, nil return token.UserID, "", "", "", token.ResourceOwner, nil
} }
for _, aud := range token.Audience { for _, aud := range token.Audience {
if verifierClientID == aud || projectID == aud { if verifierClientID == aud || projectID == aud || authz.GetInstance(ctx).ProjectID() == aud {
return token.UserID, token.UserAgentID, token.ApplicationID, token.PreferredLanguage, token.ResourceOwner, nil return token.UserID, token.UserAgentID, token.ApplicationID, token.PreferredLanguage, token.ResourceOwner, nil
} }
} }
@ -236,11 +236,7 @@ func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName str
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
iam, err := repo.Query.Instance(ctx) app, err := repo.View.ApplicationByProjecIDAndAppName(ctx, authz.GetInstance(ctx).ProjectID(), appName)
if err != nil {
return "", "", err
}
app, err := repo.View.ApplicationByProjecIDAndAppName(ctx, iam.IAMProjectID, appName)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }