TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 20:08:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
9d5cd12cd4
zitadel/internal/command/user_human_refresh_token_model.go
Tim Möhlmann 6398349c24
feat(oidc): token exchange impersonation (#7516) 
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00

114 lines
3.0 KiB
Go
Raw Blame History

package command
import (
"time"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/repository/user"
)
type HumanRefreshTokenWriteModel struct {
eventstore.WriteModel
TokenID string
RefreshToken string
UserState domain.UserState
AuthTime time.Time
IdleExpiration time.Time
Expiration time.Time
UserAgentID string
AuthMethodsReferences []string
Actor *domain.TokenActor
}
func NewHumanRefreshTokenWriteModel(userID, resourceOwner, tokenID string) *HumanRefreshTokenWriteModel {
return &HumanRefreshTokenWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: userID,
ResourceOwner: resourceOwner,
},
TokenID: tokenID,
}
}
func (wm *HumanRefreshTokenWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *user.HumanRefreshTokenAddedEvent:
if wm.TokenID != e.TokenID {
continue
}
wm.WriteModel.AppendEvents(e)
case *user.HumanRefreshTokenRenewedEvent:
if wm.TokenID != e.TokenID {
continue
}
wm.WriteModel.AppendEvents(e)
case *user.HumanRefreshTokenRemovedEvent:
if wm.TokenID != e.TokenID {
continue
}
wm.WriteModel.AppendEvents(e)
default:
wm.WriteModel.AppendEvents(e)
}
}
}
func (wm *HumanRefreshTokenWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *user.HumanRefreshTokenAddedEvent:
wm.TokenID = e.TokenID
wm.RefreshToken = e.TokenID
wm.IdleExpiration = e.CreationDate().Add(e.IdleExpiration)
wm.Expiration = e.CreationDate().Add(e.Expiration)
wm.UserState = domain.UserStateActive
wm.AuthTime = e.AuthTime
wm.UserAgentID = e.UserAgentID
wm.AuthMethodsReferences = e.AuthMethodsReferences
wm.Actor = e.Actor
case *user.HumanRefreshTokenRenewedEvent:
if wm.UserState == domain.UserStateActive {
wm.RefreshToken = e.RefreshToken
}
wm.RefreshToken = e.RefreshToken
wm.IdleExpiration = e.CreationDate().Add(e.IdleExpiration)
case *user.HumanSignedOutEvent:
if wm.UserAgentID == e.UserAgentID {
wm.UserState = domain.UserStateDeleted
}
case *user.HumanRefreshTokenRemovedEvent,
*user.UserLockedEvent,
*user.UserDeactivatedEvent,
*user.UserRemovedEvent:
wm.UserState = domain.UserStateDeleted
}
}
return wm.WriteModel.Reduce()
}
func (wm *HumanRefreshTokenWriteModel) Query() *eventstore.SearchQueryBuilder {
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
AddQuery().
AggregateTypes(user.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
user.HumanRefreshTokenAddedType,
user.HumanRefreshTokenRenewedType,
user.HumanRefreshTokenRemovedType,
user.HumanSignedOutType,
user.UserLockedType,
user.UserDeactivatedType,
user.UserRemovedType).
Builder()
if wm.ResourceOwner != "" {
query.ResourceOwner(wm.ResourceOwner)
}
return query
}
Reference in New Issue View Git Blame Copy Permalink