Merge branch 'main' of https://github.com/authorizerdev/authorizer
All checks were successful
deploy / deploy (push) Successful in 1m37s
All checks were successful
deploy / deploy (push) Successful in 1m37s
This commit is contained in:
commit
95fb8e67bf
|
|
@ -21,15 +21,15 @@ func DeactivateAccountResolver(ctx context.Context) (*model.Response, error) {
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": tokenData.UserID,
|
||||||
})
|
})
|
||||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get user by id: ", err)
|
log.Debug("Failed to get user by id: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,10 @@ package resolvers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/crypto"
|
|
||||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
|
|
@ -22,31 +20,18 @@ func LogoutResolver(ctx context.Context) (*model.Response, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// get fingerprint hash
|
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
fingerprintHash, err := cookie.GetSession(gc)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get fingerprint hash: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
sessionKey := tokenData.UserID
|
||||||
if err != nil {
|
if tokenData.LoginMethod != "" {
|
||||||
log.Debug("Failed to decrypt fingerprint hash: ", err)
|
sessionKey = tokenData.LoginMethod + ":" + tokenData.UserID
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var sessionData token.SessionData
|
memorystore.Provider.DeleteUserSession(sessionKey, tokenData.Nonce)
|
||||||
err = json.Unmarshal([]byte(decryptedFingerPrint), &sessionData)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
sessionKey := sessionData.Subject
|
|
||||||
if sessionData.LoginMethod != "" {
|
|
||||||
sessionKey = sessionData.LoginMethod + ":" + sessionData.Subject
|
|
||||||
}
|
|
||||||
|
|
||||||
memorystore.Provider.DeleteUserSession(sessionKey, sessionData.Nonce)
|
|
||||||
cookie.DeleteSession(gc)
|
cookie.DeleteSession(gc)
|
||||||
|
|
||||||
res := &model.Response{
|
res := &model.Response{
|
||||||
|
|
|
||||||
|
|
@ -20,15 +20,15 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": tokenData.UserID,
|
||||||
})
|
})
|
||||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get user: ", err)
|
log.Debug("Failed to get user: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
tokenData, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
|
|
@ -48,9 +48,9 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||||
return res, fmt.Errorf("please enter at least one param to update")
|
return res, fmt.Errorf("please enter at least one param to update")
|
||||||
}
|
}
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": tokenData.UserID,
|
||||||
})
|
})
|
||||||
user, err := db.Provider.GetUserByID(ctx, userID)
|
user, err := db.Provider.GetUserByID(ctx, tokenData.UserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get user by id: ", err)
|
log.Debug("Failed to get user by id: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,30 @@ func logoutTests(t *testing.T, s TestSetup) {
|
||||||
assert.NotNil(t, verifyRes)
|
assert.NotNil(t, verifyRes)
|
||||||
accessToken := *verifyRes.AccessToken
|
accessToken := *verifyRes.AccessToken
|
||||||
assert.NotEmpty(t, accessToken)
|
assert.NotEmpty(t, accessToken)
|
||||||
|
// Test logout with access token
|
||||||
|
req.Header.Set("Authorization", "Bearer "+accessToken)
|
||||||
|
logoutRes, err := resolvers.LogoutResolver(ctx)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.NotNil(t, logoutRes)
|
||||||
|
assert.NotEmpty(t, logoutRes.Message)
|
||||||
|
req.Header.Set("Authorization", "")
|
||||||
|
|
||||||
|
// Test logout with session cookie
|
||||||
|
magicLoginRes, err = resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
|
||||||
|
Email: email,
|
||||||
|
})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotNil(t, magicLoginRes)
|
||||||
|
verificationRequest, err = db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeMagicLinkLogin)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotNil(t, verificationRequest)
|
||||||
|
verifyRes, err = resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
|
||||||
|
Token: verificationRequest.Token,
|
||||||
|
})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotNil(t, verifyRes)
|
||||||
|
accessToken = *verifyRes.AccessToken
|
||||||
|
assert.NotEmpty(t, accessToken)
|
||||||
claims, err := token.ParseJWTToken(accessToken)
|
claims, err := token.ParseJWTToken(accessToken)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.NotEmpty(t, claims)
|
assert.NotEmpty(t, claims)
|
||||||
|
|
|
||||||
|
|
@ -482,8 +482,15 @@ func GetIDToken(gc *gin.Context) (string, error) {
|
||||||
return token, nil
|
return token, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SessionOrAccessTokenData is a struct to hold session or access token data
|
||||||
|
type SessionOrAccessTokenData struct {
|
||||||
|
UserID string
|
||||||
|
LoginMethod string
|
||||||
|
Nonce string
|
||||||
|
}
|
||||||
|
|
||||||
// GetUserIDFromSessionOrAccessToken returns the user id from the session or access token
|
// GetUserIDFromSessionOrAccessToken returns the user id from the session or access token
|
||||||
func GetUserIDFromSessionOrAccessToken(gc *gin.Context) (string, error) {
|
func GetUserIDFromSessionOrAccessToken(gc *gin.Context) (*SessionOrAccessTokenData, error) {
|
||||||
// First try to get the user id from the session
|
// First try to get the user id from the session
|
||||||
isSession := true
|
isSession := true
|
||||||
token, err := cookie.GetSession(gc)
|
token, err := cookie.GetSession(gc)
|
||||||
|
|
@ -493,22 +500,30 @@ func GetUserIDFromSessionOrAccessToken(gc *gin.Context) (string, error) {
|
||||||
token, err = GetAccessToken(gc)
|
token, err = GetAccessToken(gc)
|
||||||
if err != nil || token == "" {
|
if err != nil || token == "" {
|
||||||
log.Debug("Failed to get access token: ", err)
|
log.Debug("Failed to get access token: ", err)
|
||||||
return "", fmt.Errorf(`unauthorized`)
|
return nil, fmt.Errorf(`unauthorized`)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if isSession {
|
if isSession {
|
||||||
claims, err := ValidateBrowserSession(gc, token)
|
claims, err := ValidateBrowserSession(gc, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to validate session token: ", err)
|
log.Debug("Failed to validate session token: ", err)
|
||||||
return "", fmt.Errorf(`unauthorized`)
|
return nil, fmt.Errorf(`unauthorized`)
|
||||||
}
|
}
|
||||||
return claims.Subject, nil
|
return &SessionOrAccessTokenData{
|
||||||
|
UserID: claims.Subject,
|
||||||
|
LoginMethod: claims.LoginMethod,
|
||||||
|
Nonce: claims.Nonce,
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
// If not session, then validate the access token
|
// If not session, then validate the access token
|
||||||
claims, err := ValidateAccessToken(gc, token)
|
claims, err := ValidateAccessToken(gc, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to validate access token: ", err)
|
log.Debug("Failed to validate access token: ", err)
|
||||||
return "", fmt.Errorf(`unauthorized`)
|
return nil, fmt.Errorf(`unauthorized`)
|
||||||
}
|
}
|
||||||
return claims["sub"].(string), nil
|
return &SessionOrAccessTokenData{
|
||||||
|
UserID: claims["sub"].(string),
|
||||||
|
LoginMethod: claims["login_method"].(string),
|
||||||
|
Nonce: claims["nonce"].(string),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user