mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
9ec9ad4314
# Which Problems Are Solved id_tokens issued for auth requests created through the login UI currently do not provide a sid claim. This is due to the fact that (SSO) sessions for the login UI do not have one and are only computed by the userAgent(ID), the user(ID) and the authentication checks of the latter. This prevents client to track sessions and terminate specific session on the end_session_endpoint. # How the Problems Are Solved - An `id` column is added to the `auth.user_sessions` table. - The `id` (prefixed with `V1_`) is set whenever a session is added or updated to active (from terminated) - The id is passed to the `oidc session` (as v2 sessionIDs), to expose it as `sid` claim # Additional Changes - refactored `getUpdateCols` to handle different column value types and add arguments for query # Additional Context - closes #8499 - relates to #8501
75 lines
1.9 KiB
Go
75 lines
1.9 KiB
Go
package model
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
type UserSessionView struct {
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
State domain.UserSessionState
|
|
ResourceOwner string
|
|
UserAgentID string
|
|
UserID string
|
|
UserName string
|
|
LoginName string
|
|
DisplayName string
|
|
AvatarKey string
|
|
SelectedIDPConfigID string
|
|
PasswordVerification time.Time
|
|
PasswordlessVerification time.Time
|
|
ExternalLoginVerification time.Time
|
|
SecondFactorVerification time.Time
|
|
SecondFactorVerificationType domain.MFAType
|
|
MultiFactorVerification time.Time
|
|
MultiFactorVerificationType domain.MFAType
|
|
Sequence uint64
|
|
ID string
|
|
}
|
|
|
|
type UserSessionSearchRequest struct {
|
|
Offset uint64
|
|
Limit uint64
|
|
SortingColumn UserSessionSearchKey
|
|
Asc bool
|
|
Queries []*UserSessionSearchQuery
|
|
}
|
|
|
|
type UserSessionSearchKey int32
|
|
|
|
const (
|
|
UserSessionSearchKeyUnspecified UserSessionSearchKey = iota
|
|
UserSessionSearchKeyUserAgentID
|
|
UserSessionSearchKeyUserID
|
|
UserSessionSearchKeyState
|
|
UserSessionSearchKeyResourceOwner
|
|
UserSessionSearchKeyInstanceID
|
|
UserSessionSearchKeyOwnerRemoved
|
|
)
|
|
|
|
type UserSessionSearchQuery struct {
|
|
Key UserSessionSearchKey
|
|
Method domain.SearchMethod
|
|
Value interface{}
|
|
}
|
|
|
|
type UserSessionSearchResponse struct {
|
|
Offset uint64
|
|
Limit uint64
|
|
TotalResult uint64
|
|
Result []*UserSessionView
|
|
}
|
|
|
|
func (r *UserSessionSearchRequest) EnsureLimit(limit uint64) error {
|
|
if r.Limit > limit {
|
|
return zerrors.ThrowInvalidArgument(nil, "SEARCH-27ifs", "Errors.Limit.ExceedsDefault")
|
|
}
|
|
if r.Limit == 0 {
|
|
r.Limit = limit
|
|
}
|
|
return nil
|
|
}
|