Merge pull request #402 from authorizerdev/fix/profile-access
fix: use session / access_token for profile related queries or mutation
This commit is contained in:
Lakhan Samani
GitHub
commit
e7c4ee5630
|
|
@ -1222,10 +1222,10 @@ error-ex@^1.3.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
is-arrayish "^0.2.1"
|
is-arrayish "^0.2.1"
|
||||||
|
|
||||||
esbuild-linux-64@0.14.9:
|
esbuild-darwin-arm64@0.14.9:
|
||||||
version "0.14.9"
|
version "0.14.9"
|
||||||
resolved "https://registry.npmjs.org/esbuild-linux-64/-/esbuild-linux-64-0.14.9.tgz"
|
resolved "https://registry.npmjs.org/esbuild-darwin-arm64/-/esbuild-darwin-arm64-0.14.9.tgz"
|
||||||
integrity sha512-WoEI+R6/PLZAxS7XagfQMFgRtLUi5cjqqU9VCfo3tnWmAXh/wt8QtUfCVVCcXVwZLS/RNvI19CtfjlrJU61nOg==
|
integrity sha512-3ue+1T4FR5TaAu4/V1eFMG8Uwn0pgAwQZb/WwL1X78d5Cy8wOVQ67KNH1lsjU+y/9AcwMKZ9x0GGNxBB4a1Rbw==
|
||||||
|
|
||||||
esbuild@^0.14.9:
|
esbuild@^0.14.9:
|
||||||
version "0.14.9"
|
version "0.14.9"
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,6 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||||
})
|
})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Error validating access token: ", err)
|
log.Debug("Error validating access token: ", err)
|
||||||
|
|
@ -30,7 +29,6 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||||
})
|
})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := claims["sub"].(string)
|
userID := claims["sub"].(string)
|
||||||
user, err := db.Provider.GetUserByID(gc, userID)
|
user, err := db.Provider.GetUserByID(gc, userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -21,17 +21,11 @@ func DeactivateAccountResolver(ctx context.Context) (*model.Response, error) {
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
accessToken, err := token.GetAccessToken(gc)
|
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get access token: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
|
||||||
if err != nil {
|
|
||||||
log.Debug("Failed to validate access token: ", err)
|
|
||||||
return res, err
|
|
||||||
}
|
|
||||||
userID := claims["sub"].(string)
|
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": userID,
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -20,21 +20,11 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
accessToken, err := token.GetAccessToken(gc)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get access token: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
|
||||||
if err != nil {
|
|
||||||
log.Debug("Failed to validate access token: ", err)
|
|
||||||
return res, err
|
|
||||||
}
|
|
||||||
|
|
||||||
userID := claims["sub"].(string)
|
|
||||||
|
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": userID,
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -35,15 +35,9 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||||
log.Debug("Failed to get GinContext: ", err)
|
log.Debug("Failed to get GinContext: ", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||||
accessToken, err := token.GetAccessToken(gc)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to get access token: ", err)
|
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||||
return res, err
|
|
||||||
}
|
|
||||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
|
||||||
if err != nil {
|
|
||||||
log.Debug("Failed to validate access token: ", err)
|
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -52,8 +46,6 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||||
log.Debug("All params are empty")
|
log.Debug("All params are empty")
|
||||||
return res, fmt.Errorf("please enter at least one param to update")
|
return res, fmt.Errorf("please enter at least one param to update")
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := claims["sub"].(string)
|
|
||||||
log := log.WithFields(log.Fields{
|
log := log.WithFields(log.Fields{
|
||||||
"user_id": userID,
|
"user_id": userID,
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ import (
|
||||||
"github.com/robertkrimen/otto"
|
"github.com/robertkrimen/otto"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/crypto"
|
"github.com/authorizerdev/authorizer/server/crypto"
|
||||||
"github.com/authorizerdev/authorizer/server/db/models"
|
"github.com/authorizerdev/authorizer/server/db/models"
|
||||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||||
|
|
@ -480,3 +481,34 @@ func GetIDToken(gc *gin.Context) (string, error) {
|
||||||
token := strings.TrimPrefix(auth, "Bearer ")
|
token := strings.TrimPrefix(auth, "Bearer ")
|
||||||
return token, nil
|
return token, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetUserIDFromSessionOrAccessToken returns the user id from the session or access token
|
||||||
|
func GetUserIDFromSessionOrAccessToken(gc *gin.Context) (string, error) {
|
||||||
|
// First try to get the user id from the session
|
||||||
|
isSession := true
|
||||||
|
token, err := cookie.GetSession(gc)
|
||||||
|
if err != nil || token == "" {
|
||||||
|
log.Debug("Failed to get session token: ", err)
|
||||||
|
isSession = false
|
||||||
|
token, err = GetAccessToken(gc)
|
||||||
|
if err != nil || token == "" {
|
||||||
|
log.Debug("Failed to get access token: ", err)
|
||||||
|
return "", fmt.Errorf(`unauthorized`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if isSession {
|
||||||
|
claims, err := ValidateBrowserSession(gc, token)
|
||||||
|
if err != nil {
|
||||||
|
log.Debug("Failed to validate session token: ", err)
|
||||||
|
return "", fmt.Errorf(`unauthorized`)
|
||||||
|
}
|
||||||
|
return claims.Subject, nil
|
||||||
|
}
|
||||||
|
// If not session, then validate the access token
|
||||||
|
claims, err := ValidateAccessToken(gc, token)
|
||||||
|
if err != nil {
|
||||||
|
log.Debug("Failed to validate access token: ", err)
|
||||||
|
return "", fmt.Errorf(`unauthorized`)
|
||||||
|
}
|
||||||
|
return claims["sub"].(string), nil
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user