fix: login (#242)

* password in init user only if needed * reactivate user session * set context AuthorizeClientIDSecret * fix qr code for light * fix copy * check user and org active in auth * add org view provider * handle inactive projects * translate error messages
2025-08-12 04:57:33 +00:00 · 2020-06-19 14:52:04 +02:00
parent fb89241984
commit e653eaab86
26 changed files with 327 additions and 83 deletions
--- a/internal/auth/repository/eventsourcing/handler/token.go
+++ b/internal/auth/repository/eventsourcing/handler/token.go
@@ -1,21 +1,24 @@
 package handler

 import (
+	"context"
 	"encoding/json"
 	"time"

-	caos_errs "github.com/caos/zitadel/internal/errors"
-	es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
-
 	"github.com/caos/logging"

+	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/models"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/spooler"
-	"github.com/caos/zitadel/internal/user/repository/eventsourcing"
+	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
+	project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
+	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 )

 type Token struct {
 	handler
+	ProjectEvents *proj_event.ProjectEventstore
 }

 const (
@@ -33,21 +36,44 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) {
 	if err != nil {
 		return nil, err
 	}
-	return eventsourcing.UserQuery(sequence), nil
+	if err != nil {
+		return nil, err
+	}
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(user_es_model.UserAggregate, project_es_model.ProjectAggregate).
+		LatestSequenceFilter(sequence), nil
 }

 func (u *Token) Process(event *models.Event) (err error) {
 	switch event.Type {
-	case es_model.SignedOut:
+	case user_es_model.SignedOut:
 		id, err := agentIDFromSession(event)
 		if err != nil {
 			return err
 		}
-		err = u.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
+		return u.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
+	case user_es_model.UserLocked,
+		user_es_model.UserDeactivated,
+		user_es_model.UserRemoved:
+		return u.view.DeleteUserTokens(event.AggregateID, event.Sequence)
+	case project_es_model.ApplicationDeactivated,
+		project_es_model.ApplicationRemoved:
+		application, err := applicationFromSession(event)
 		if err != nil {
 			return err
 		}
-		return u.view.ProcessedTokenSequence(event.Sequence)
+		return u.view.DeleteApplicationTokens(event.Sequence, application.AppID)
+	case project_es_model.ProjectDeactivated,
+		project_es_model.ProjectRemoved:
+		project, err := u.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
+		if err != nil {
+			return err
+		}
+		applicationsIDs := make([]string, 0, len(project.Applications))
+		for _, app := range project.Applications {
+			applicationsIDs = append(applicationsIDs, app.AppID)
+		}
+		return u.view.DeleteApplicationTokens(event.Sequence, applicationsIDs...)
 	default:
 		return u.view.ProcessedTokenSequence(event.Sequence)
 	}
@@ -67,3 +93,12 @@ func agentIDFromSession(event *models.Event) (string, error) {
 	}
 	return session["userAgentID"].(string), nil
 }
+
+func applicationFromSession(event *models.Event) (*project_es_model.Application, error) {
+	application := new(project_es_model.Application)
+	if err := json.Unmarshal(event.Data, &application); err != nil {
+		logging.Log("EVEN-GRE2q").WithError(err).Error("could not unmarshal event data")
+		return nil, caos_errs.ThrowInternal(nil, "MODEL-Hrw1q", "could not unmarshal data")
+	}
+	return application, nil
+}