TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 03:17:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check allowed origins from calling and not called application (#2106)

Browse Source 
* fix: check allowed origins from calling and not called application

* fix test
This commit is contained in:
Livio Amstutz
2021-07-30 11:30:51 +02:00
committed by GitHub
parent de9f88bf5b
commit e1a3cc732d
5 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/authz/permissions_test.go
View File

@@ -15,8 +15,8 @@ type testVerifier struct {
memberships []*Membership
}
func (v *testVerifier) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, string, string, error) {
return "userID", "agentID", "de", "orgID", nil
func (v *testVerifier) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, string, string, string, error) {
return "userID", "agentID", "clientID", "de", "orgID", nil
}
func (v *testVerifier) SearchMyMemberships(ctx context.Context) ([]*Membership, error) {
return v.memberships, nil

6
internal/api/authz/token.go
View File

@@ -20,7 +20,7 @@ type TokenVerifier struct {
}
type authZRepo interface {
VerifyAccessToken(ctx context.Context, token, clientID string) (userID, agentID, prefLang, resourceOwner string, err error)
VerifyAccessToken(ctx context.Context, token, verifierClientID string) (userID, agentID, clientID, prefLang, resourceOwner string, err error)
VerifierClientID(ctx context.Context, name string) (clientID string, err error)
SearchMyMemberships(ctx context.Context) ([]*Membership, error)
ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (projectID string, origins []string, err error)
@@ -33,11 +33,11 @@ func Start(authZRepo authZRepo) (v *TokenVerifier) {
}
func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error) {
clientID, err = v.clientIDFromMethod(ctx, method)
verifierClientID, err := v.clientIDFromMethod(ctx, method)
if err != nil {
return "", "", "", "", "", err
}
userID, agentID, prefLang, resourceOwner, err = v.authZRepo.VerifyAccessToken(ctx, token, clientID)
userID, agentID, clientID, prefLang, resourceOwner, err = v.authZRepo.VerifyAccessToken(ctx, token, verifierClientID)
return userID, clientID, agentID, prefLang, resourceOwner, err
}

4
internal/api/grpc/server/middleware/auth_interceptor_test.go
View File

@@ -21,8 +21,8 @@ var (
type verifierMock struct{}
func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, string, string, error) {
return "", "", "", "", nil
func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, string, string, string, error) {
return "", "", "", "", "", nil
}
func (v *verifierMock) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
return nil, nil