TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
dab5d9e756
zitadel/internal/api/grpc/auth/user_grant.go
Livio Spring ca1914e235
fix: user grants deactivation (#8634) 
# Which Problems Are Solved

ZITADEL's user grants deactivation mechanism did not work correctly.
Deactivated user grants were still provided in token, which could lead
to unauthorized access to applications and resources.
Additionally, the management and auth API always returned the state as
active or did not provide any information about the state.

# How the Problems Are Solved

- Correctly check the user grant state on active for tokens and user
information (userinfo, introspection, saml attributes)
- Map state in API and display in Console
2024-09-17 12:18:29 +00:00

61 lines
1.6 KiB
Go
Raw Blame History

package auth
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/grpc/object"
"github.com/zitadel/zitadel/internal/api/grpc/user"
"github.com/zitadel/zitadel/internal/query"
auth_pb "github.com/zitadel/zitadel/pkg/grpc/auth"
)
func ListMyUserGrantsRequestToQuery(ctx context.Context, req *auth_pb.ListMyUserGrantsRequest) (*query.UserGrantsQueries, error) {
offset, limit, asc := object.ListQueryToModel(req.Query)
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}
return &query.UserGrantsQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
},
Queries: []query.SearchQuery{
userGrantUserID,
},
}, nil
}
func UserGrantsToPb(grants []*query.UserGrant) []*auth_pb.UserGrant {
userGrants := make([]*auth_pb.UserGrant, len(grants))
for i, grant := range grants {
userGrants[i] = UserGrantToPb(grant)
}
return userGrants
}
func UserGrantToPb(grant *query.UserGrant) *auth_pb.UserGrant {
return &auth_pb.UserGrant{
GrantId: grant.ID,
OrgId: grant.ResourceOwner,
OrgName: grant.OrgName,
ProjectId: grant.ProjectID,
UserId: grant.UserID,
Roles: grant.Roles,
Details: object.ToViewDetailsPb(
grant.Sequence,
grant.CreationDate,
grant.ChangeDate,
grant.ResourceOwner,
),
OrgDomain: grant.OrgPrimaryDomain,
ProjectName: grant.ProjectName,
ProjectGrantId: grant.GrantID,
RoleKeys: grant.Roles,
UserType: user.TypeToPb(grant.UserType),
State: user.UserGrantStateToPb(grant.State),
}
}
Reference in New Issue View Git Blame Copy Permalink