fix(token): filter users by instance id (#5596)

* fix(token): filter users by instance id
2025-01-06 13:07:52 +00:00 · 2023-04-03 14:56:37 +02:00 · 2023-04-03 14:56:37 +02:00 · dd84b93ac3
commit dd84b93ac3
parent e688954308
5 changed files with 12 additions and 2 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,5 +1,6 @@
 ```[tasklist]
 ### Definition of Ready
+
 - [ ] I am happy with the code
 - [ ] Short description of the feature/issue is added in the pr description
 - [ ] PR is linked to the corresponding user story
--- a/internal/auth/repository/eventsourcing/eventstore/refresh_token.go
+++ b/internal/auth/repository/eventsourcing/eventstore/refresh_token.go
@ -50,6 +50,7 @@ func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID
 		tokenView = new(model.RefreshTokenView)
 		tokenView.ID = tokenID
 		tokenView.UserID = userID
+		tokenView.InstanceID = authz.GetInstance(ctx).InstanceID()
 	}

 	events, esErr := r.getUserEvents(ctx, userID, tokenView.InstanceID, tokenView.Sequence)
--- a/internal/auth/repository/eventsourcing/eventstore/token.go
+++ b/internal/auth/repository/eventsourcing/eventstore/token.go
@ -42,6 +42,7 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (
 		token = new(model.TokenView)
 		token.ID = tokenID
 		token.UserID = userID
+		token.InstanceID = authz.GetInstance(ctx).InstanceID()
 	}

 	events, esErr := repo.getUserEvents(ctx, userID, token.InstanceID, token.Sequence)
--- a/internal/eventstore/v1/internal/repository/sql/filter.go
+++ b/internal/eventstore/v1/internal/repository/sql/filter.go
@ -3,6 +3,7 @@ package sql
 import (
 	"context"
 	"database/sql"
+	"runtime/debug"

 	"github.com/zitadel/logging"

@ -17,6 +18,9 @@ type Querier interface {
 }

 func (db *SQL) Filter(ctx context.Context, searchQuery *es_models.SearchQueryFactory) (events []*es_models.Event, err error) {
+	if !searchQuery.InstanceFiltered {
+		logging.WithFields("stack", string(debug.Stack())).Warn("instanceid not filtered")
+	}
 	return filter(ctx, db.client, searchQuery)
 }

--- a/internal/eventstore/v1/models/search_query.go
+++ b/internal/eventstore/v1/models/search_query.go
@ -13,6 +13,8 @@ type SearchQueryFactory struct {
 	limit   uint64
 	desc    bool
 	queries []*query
+
+	InstanceFiltered bool
 }

 type query struct {
@ -42,11 +44,11 @@ const (
 	Columns_Event = iota
 	Columns_Max_Sequence
 	Columns_InstanceIDs
-	//insert new columns-types before this columnsCount because count is needed for validation
+	// insert new columns-types before this columnsCount because count is needed for validation
 	columnsCount
 )

-//FactoryFromSearchQuery is deprecated because it's for migration purposes. use NewSearchQueryFactory
+// FactoryFromSearchQuery is deprecated because it's for migration purposes. use NewSearchQueryFactory
 func FactoryFromSearchQuery(q *SearchQuery) *SearchQueryFactory {
 	factory := &SearchQueryFactory{
 		columns: q.Columns,
@ -76,6 +78,7 @@ func FactoryFromSearchQuery(q *SearchQuery) *SearchQueryFactory {
 			case Field_ResourceOwner:
 				factory.queries[i] = factory.queries[i].ResourceOwner(filter.value.(string))
 			case Field_InstanceID:
+				factory.InstanceFiltered = true
 				if filter.operation == Operation_Equals {
 					factory.queries[i] = factory.queries[i].InstanceID(filter.value.(string))
 				} else if filter.operation == Operation_NotIn {