mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
6398349c24
* add token exchange feature flag * allow setting reason and actor to access tokens * impersonation * set token types and scopes in response * upgrade oidc to working draft state * fix tests * audience and scope validation * id toke and jwt as input * return id tokens * add grant type token exchange to app config * add integration tests * check and deny actors in api calls * fix instance setting tests by triggering projection on write and cleanup * insert sleep statements again * solve linting issues * add translations * pin oidc v3.15.0 * resolve comments, add event translation * fix refreshtoken test * use ValidateAuthReqScopes from oidc * apparently the linter can't make up its mind * persist actor thru refresh tokens and check in tests * remove unneeded triggers
114 lines
3.0 KiB
Go
114 lines
3.0 KiB
Go
package command
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
|
)
|
|
|
|
type HumanRefreshTokenWriteModel struct {
|
|
eventstore.WriteModel
|
|
|
|
TokenID string
|
|
RefreshToken string
|
|
|
|
UserState domain.UserState
|
|
AuthTime time.Time
|
|
IdleExpiration time.Time
|
|
Expiration time.Time
|
|
UserAgentID string
|
|
AuthMethodsReferences []string
|
|
Actor *domain.TokenActor
|
|
}
|
|
|
|
func NewHumanRefreshTokenWriteModel(userID, resourceOwner, tokenID string) *HumanRefreshTokenWriteModel {
|
|
return &HumanRefreshTokenWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: userID,
|
|
ResourceOwner: resourceOwner,
|
|
},
|
|
TokenID: tokenID,
|
|
}
|
|
}
|
|
|
|
func (wm *HumanRefreshTokenWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *user.HumanRefreshTokenAddedEvent:
|
|
if wm.TokenID != e.TokenID {
|
|
continue
|
|
}
|
|
wm.WriteModel.AppendEvents(e)
|
|
case *user.HumanRefreshTokenRenewedEvent:
|
|
if wm.TokenID != e.TokenID {
|
|
continue
|
|
}
|
|
wm.WriteModel.AppendEvents(e)
|
|
case *user.HumanRefreshTokenRemovedEvent:
|
|
if wm.TokenID != e.TokenID {
|
|
continue
|
|
}
|
|
wm.WriteModel.AppendEvents(e)
|
|
default:
|
|
wm.WriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *HumanRefreshTokenWriteModel) Reduce() error {
|
|
for _, event := range wm.Events {
|
|
switch e := event.(type) {
|
|
case *user.HumanRefreshTokenAddedEvent:
|
|
wm.TokenID = e.TokenID
|
|
wm.RefreshToken = e.TokenID
|
|
wm.IdleExpiration = e.CreationDate().Add(e.IdleExpiration)
|
|
wm.Expiration = e.CreationDate().Add(e.Expiration)
|
|
wm.UserState = domain.UserStateActive
|
|
wm.AuthTime = e.AuthTime
|
|
wm.UserAgentID = e.UserAgentID
|
|
wm.AuthMethodsReferences = e.AuthMethodsReferences
|
|
wm.Actor = e.Actor
|
|
case *user.HumanRefreshTokenRenewedEvent:
|
|
if wm.UserState == domain.UserStateActive {
|
|
wm.RefreshToken = e.RefreshToken
|
|
}
|
|
wm.RefreshToken = e.RefreshToken
|
|
wm.IdleExpiration = e.CreationDate().Add(e.IdleExpiration)
|
|
case *user.HumanSignedOutEvent:
|
|
if wm.UserAgentID == e.UserAgentID {
|
|
wm.UserState = domain.UserStateDeleted
|
|
}
|
|
case *user.HumanRefreshTokenRemovedEvent,
|
|
*user.UserLockedEvent,
|
|
*user.UserDeactivatedEvent,
|
|
*user.UserRemovedEvent:
|
|
wm.UserState = domain.UserStateDeleted
|
|
}
|
|
}
|
|
return wm.WriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *HumanRefreshTokenWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
AddQuery().
|
|
AggregateTypes(user.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
user.HumanRefreshTokenAddedType,
|
|
user.HumanRefreshTokenRenewedType,
|
|
user.HumanRefreshTokenRemovedType,
|
|
user.HumanSignedOutType,
|
|
user.UserLockedType,
|
|
user.UserDeactivatedType,
|
|
user.UserRemovedType).
|
|
Builder()
|
|
|
|
if wm.ResourceOwner != "" {
|
|
query.ResourceOwner(wm.ResourceOwner)
|
|
}
|
|
return query
|
|
}
|