Livio Spring ee26f99ebf
fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)
This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
2023-07-12 12:24:01 +00:00

217 lines
5.2 KiB
Go

package oidcsession
import (
"context"
"encoding/json"
"time"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
)
const (
oidcSessionEventPrefix = "oidc_session."
AddedType = oidcSessionEventPrefix + "added"
AccessTokenAddedType = oidcSessionEventPrefix + "access_token.added"
RefreshTokenAddedType = oidcSessionEventPrefix + "refresh_token.added"
RefreshTokenRenewedType = oidcSessionEventPrefix + "refresh_token.renewed"
)
type AddedEvent struct {
eventstore.BaseEvent `json:"-"`
UserID string `json:"userID"`
SessionID string `json:"sessionID"`
ClientID string `json:"clientID"`
Audience []string `json:"audience"`
Scope []string `json:"scope"`
AuthMethods []domain.UserAuthMethodType `json:"authMethods"`
AuthTime time.Time `json:"authTime"`
}
func (e *AddedEvent) Data() interface{} {
return e
}
func (e *AddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewAddedEvent(ctx context.Context,
aggregate *eventstore.Aggregate,
userID,
sessionID,
clientID string,
audience,
scope []string,
authMethods []domain.UserAuthMethodType,
authTime time.Time,
) *AddedEvent {
return &AddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
AddedType,
),
UserID: userID,
SessionID: sessionID,
ClientID: clientID,
Audience: audience,
Scope: scope,
AuthMethods: authMethods,
AuthTime: authTime,
}
}
func AddedEventMapper(event *repository.Event) (eventstore.Event, error) {
added := &AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, added)
if err != nil {
return nil, errors.ThrowInternal(err, "OIDCS-DG4gn", "unable to unmarshal oidc session added")
}
return added, nil
}
type AccessTokenAddedEvent struct {
eventstore.BaseEvent `json:"-"`
ID string `json:"id"`
Scope []string `json:"scope"`
Lifetime time.Duration `json:"lifetime"`
}
func (e *AccessTokenAddedEvent) Data() interface{} {
return e
}
func (e *AccessTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewAccessTokenAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id string,
scope []string,
lifetime time.Duration,
) *AccessTokenAddedEvent {
return &AccessTokenAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
AccessTokenAddedType,
),
ID: id,
Scope: scope,
Lifetime: lifetime,
}
}
func AccessTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
added := &AccessTokenAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, added)
if err != nil {
return nil, errors.ThrowInternal(err, "OIDCS-DSGn5", "unable to unmarshal access token added")
}
return added, nil
}
type RefreshTokenAddedEvent struct {
eventstore.BaseEvent `json:"-"`
ID string `json:"id"`
Lifetime time.Duration `json:"lifetime"`
IdleLifetime time.Duration `json:"idleLifetime"`
}
func (e *RefreshTokenAddedEvent) Data() interface{} {
return e
}
func (e *RefreshTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewRefreshTokenAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id string,
lifetime,
idleLifetime time.Duration,
) *RefreshTokenAddedEvent {
return &RefreshTokenAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
RefreshTokenAddedType,
),
ID: id,
Lifetime: lifetime,
IdleLifetime: idleLifetime,
}
}
func RefreshTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
added := &RefreshTokenAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, added)
if err != nil {
return nil, errors.ThrowInternal(err, "OIDCS-aW3gqq", "unable to unmarshal refresh token added")
}
return added, nil
}
type RefreshTokenRenewedEvent struct {
eventstore.BaseEvent `json:"-"`
ID string `json:"id"`
IdleLifetime time.Duration `json:"idleLifetime"`
}
func (e *RefreshTokenRenewedEvent) Data() interface{} {
return e
}
func (e *RefreshTokenRenewedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewRefreshTokenRenewedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id string,
idleLifetime time.Duration,
) *RefreshTokenRenewedEvent {
return &RefreshTokenRenewedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
RefreshTokenRenewedType,
),
ID: id,
IdleLifetime: idleLifetime,
}
}
func RefreshTokenRenewedEventMapper(event *repository.Event) (eventstore.Event, error) {
added := &RefreshTokenRenewedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, added)
if err != nil {
return nil, errors.ThrowInternal(err, "OIDCS-SF3fc", "unable to unmarshal refresh token renewed")
}
return added, nil
}