fix: login (#242)

* password in init user only if needed * reactivate user session * set context AuthorizeClientIDSecret * fix qr code for light * fix copy * check user and org active in auth * add org view provider * handle inactive projects * translate error messages
2025-08-12 10:49:25 +00:00 · 2020-06-19 14:52:04 +02:00
parent fb89241984
commit e653eaab86
26 changed files with 327 additions and 83 deletions
--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -38,7 +38,7 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
 	return []spooler.Handler{
 		&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, orgEvents: repos.OrgEvents},
 		&UserSession{handler: handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount}, userEvents: repos.UserEvents},
-		&Token{handler: handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount}},
+		&Token{handler: handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount}, ProjectEvents: repos.ProjectEvents},
 		&Key{handler: handler{view, bulkLimit, configs.cycleDuration("Key"), errorCount}},
 		&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}},
 		&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
--- a/internal/auth/repository/eventsourcing/handler/token.go
+++ b/internal/auth/repository/eventsourcing/handler/token.go
@@ -1,21 +1,24 @@
 package handler

 import (
+	"context"
 	"encoding/json"
 	"time"

-	caos_errs "github.com/caos/zitadel/internal/errors"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
-
 	"github.com/caos/logging"

+	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/models"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/spooler"
-	"github.com/caos/zitadel/internal/user/repository/eventsourcing"
+	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
+	project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
+	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 )

 type Token struct {
 	handler
+	ProjectEvents *proj_event.ProjectEventstore
 }

 const (
@@ -33,21 +36,44 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) {
 	if err != nil {
 		return nil, err
 	}
-	return eventsourcing.UserQuery(sequence), nil
+	if err != nil {
+		return nil, err
+	}
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
+		LatestSequenceFilter(sequence), nil
 }

 func (u *Token) Process(event *models.Event) (err error) {
 	switch event.Type {
-	case es_model.SignedOut:
+	case user_es_model.SignedOut:
 		id, err := agentIDFromSession(event)
 		if err != nil {
 			return err
 		}
-		err = u.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
+		return u.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
+	case user_es_model.UserLocked,
+		user_es_model.UserDeactivated,
+		user_es_model.UserRemoved:
+		return u.view.DeleteUserTokens(event.AggregateID, event.Sequence)
+	case project_es_model.ApplicationDeactivated,
+		project_es_model.ApplicationRemoved:
+		application, err := applicationFromSession(event)
 		if err != nil {
 			return err
 		}
-		return u.view.ProcessedTokenSequence(event.Sequence)
+		return u.view.DeleteApplicationTokens(event.Sequence, application.AppID)
+	case project_es_model.ProjectDeactivated,
+		project_es_model.ProjectRemoved:
+		project, err := u.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
+		if err != nil {
+			return err
+		}
+		applicationsIDs := make([]string, 0, len(project.Applications))
+		for _, app := range project.Applications {
+			applicationsIDs = append(applicationsIDs, app.AppID)
+		}
+		return u.view.DeleteApplicationTokens(event.Sequence, applicationsIDs...)
 	default:
 		return u.view.ProcessedTokenSequence(event.Sequence)
 	}
@@ -67,3 +93,12 @@ func agentIDFromSession(event *models.Event) (string, error) {
 	}
 	return session["userAgentID"].(string), nil
 }
+
+func applicationFromSession(event *models.Event) (*project_es_model.Application, error) {
+	application := new(project_es_model.Application)
+	if err := json.Unmarshal(event.Data, &application); err != nil {
+		logging.Log("EVEN-GRE2q").WithError(err).Error("could not unmarshal event data")
+		return nil, caos_errs.ThrowInternal(nil, "MODEL-Hrw1q", "could not unmarshal data")
+	}
+	return application, nil
+}
--- a/internal/auth/repository/eventsourcing/handler/user_session.go
+++ b/internal/auth/repository/eventsourcing/handler/user_session.go
@@ -67,7 +67,9 @@ func (u *UserSession) Process(event *models.Event) (err error) {
 		return u.updateSession(session, event)
 	case es_model.UserPasswordChanged,
 		es_model.MfaOtpRemoved,
-		es_model.UserProfileChanged:
+		es_model.UserProfileChanged,
+		es_model.UserLocked,
+		es_model.UserDeactivated:
 		sessions, err := u.view.UserSessionsByUserID(event.AggregateID)
 		if err != nil {
 			return err
@@ -78,6 +80,8 @@ func (u *UserSession) Process(event *models.Event) (err error) {
 			}
 		}
 		return nil
+	case es_model.UserRemoved:
+		return u.view.DeleteUserSessions(event.AggregateID, event.Sequence)
 	default:
 		return u.view.ProcessedUserSessionSequence(event.Sequence)
 	}
@@ -89,7 +93,6 @@ func (u *UserSession) OnError(event *models.Event, err error) error {
 }

 func (u *UserSession) updateSession(session *view_model.UserSessionView, event *models.Event) error {
-	session.Sequence = event.Sequence
 	session.AppendEvent(event)
 	if err := u.fillUserInfo(session, event.AggregateID); err != nil {
 		return err