Skip to content

Commit

Permalink
fix(meta): add subject resolving before createMetadata!
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerald Baulig committed Jun 13, 2024
1 parent 7e7058e commit d9afac5
Show file tree
Hide file tree
Showing 8 changed files with 148 additions and 139 deletions.
13 changes: 5 additions & 8 deletions src/authlog_service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ import {
import { Subject } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth.js';

export class AuthenticationLogService extends ServiceBase<AuthenticationLogListResponse, AuthenticationLogList> implements AuthenticationLogServiceImplementation {

logger: Logger;
cfg: any;
authZ: ACSAuthZ;

Expand All @@ -46,7 +44,6 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
}
}
super('authentication_log', authLogTopic, logger, new ResourcesAPIBase(db, 'authentication_logs', resourceFieldConfig), isEventsEnabled);
this.logger = logger;
this.authZ = authZ;
this.cfg = cfg;
}
Expand All @@ -72,7 +69,7 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
subject: request.subject,
resources: []
}, [{ resource: 'authentication_log' }], AuthZAction.READ, Operation.whatIsAllowed) as PolicySetRQResponse;
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for authentication_log read', err);
return returnOperationStatus(err.code, err.message);
}
Expand Down Expand Up @@ -108,7 +105,7 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
subject: request.subject,
resources: items
}, [{ resource: 'authentication_log', id: items.map(e => e.id) }], AuthZAction.MODIFY, Operation.isAllowed);
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for authentication_log update', err);
return returnOperationStatus(err.code, err.message);
}
Expand Down Expand Up @@ -152,7 +149,7 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
subject: request.subject,
resources: auth_log
}, [{ resource: 'authentication_log', id: auth_log.id }], AuthZAction.MODIFY, Operation.isAllowed, false);
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for authentication_log update', err);
return returnOperationStatus(err.code, err.message);
}
Expand Down Expand Up @@ -181,7 +178,7 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
subject: request.subject,
resources: request.items
}, [{ resource: 'authentication_log', id: request?.items?.map(e => e?.id) }], AuthZAction.MODIFY, Operation.isAllowed);
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for authentication_log upsert', err);
return returnOperationStatus(err.code, err.message);
}
Expand Down Expand Up @@ -218,7 +215,7 @@ export class AuthenticationLogService extends ServiceBase<AuthenticationLogListR
subject: request.subject,
resources: acsResources
}, [{ resource: 'authentication_log', id: authLogIDs }], AuthZAction.DELETE, Operation.isAllowed);
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for authentication_log delete', err);
return returnOperationStatus(err.code, err.message);
}
Expand Down
50 changes: 0 additions & 50 deletions src/common.ts
View file

This file was deleted.

2 changes: 1 addition & 1 deletion src/jobs/implementation/delete_users_with_expired_activation_job.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ export const deleteUsersWithExpiredActivation = async (cfg: any, logger: any): P
return { operation_status: { code: 200, message: 'No inactivated user accounts found' } };
}

} catch (error) {
} catch (error: any) {
logger.error('Error in delete_expired_users_job', {code: error.code, message: error.message, stack: error.stack });
return { operation_status: { code: 500, message: 'Internal Server Error' } };
}
Expand Down
19 changes: 9 additions & 10 deletions src/oauth_service.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { Logger } from 'winston';
import { OAuth2 } from 'oauth';
import { checkAccessRequest } from './utils.js';
import { checkAccessRequest, createMetadata } from './utils.js';
import { UserService } from './service.js';
import { AuthZAction, Operation } from '@restorecommerce/acs-client';
import * as _ from 'lodash-es';
Expand All @@ -15,7 +15,6 @@ import {
} from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/oauth.js';
import { Empty } from '@restorecommerce/rc-grpc-clients/dist/generated/google/protobuf/empty.js';
import { WithRequestID } from '@restorecommerce/chassis-srv/lib/microservice/transport/provider/grpc/middlewares.js';
import { createMetadata } from './common.js';
import { FindByTokenRequest } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/user.js';
import {
Filter_Operation,
Expand Down Expand Up @@ -88,13 +87,13 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
}
}

async availableServices(request: Empty, context): Promise<DeepPartial<ServicesResponse>> {
async availableServices(request: Empty, context: any): Promise<DeepPartial<ServicesResponse>> {
return {
services: Object.keys(this.clients)
};
}

async generateLinks(request: Empty, context): Promise<DeepPartial<GenerateLinksResponse>> {
async generateLinks(request: Empty, context: any): Promise<DeepPartial<GenerateLinksResponse>> {
const nonce = 'nonce'; // TODO Generate, store and compare unique nonce
return {
links: Object.entries(this.clients).reduce((result, entry) => {
Expand All @@ -111,7 +110,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
};
}

async exchangeCode(request: ExchangeCodeRequest, context): Promise<DeepPartial<ExchangeCodeResponse>> {
async exchangeCode(request: ExchangeCodeRequest, context: any): Promise<DeepPartial<ExchangeCodeResponse>> {
const oauthService = request.service;
if (!(oauthService in this.clients)) {
throw new Error('Unknown service: ' + oauthService);
Expand Down Expand Up @@ -174,7 +173,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
{
...context,
subject: tokenTechUser,
resources: await createMetadata(request, this.cfg.get('authorization:urns'), this.userService, tokenTechUser)
resources: await createMetadata<any>(request, this.cfg.get('authorization:urns'), tokenTechUser)
},
[{ resource: 'token', id: context.id }], AuthZAction.MODIFY, Operation.isAllowed
);
Expand All @@ -189,7 +188,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
}
};
}
} catch (err) {
} catch (err: any) {
this.logger.error('Error occurred requesting access-control-srv for token upsert', err);
return { user: { status: { code: err.code, message: err.message } } };
}
Expand Down Expand Up @@ -249,7 +248,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
// append auth token on user entity
await this.userService.updateUserTokens(user.id, authToken);
this.logger.info('Token updated successfully on user entity', { id: user.id });
} catch (err) {
} catch (err: any) {
this.logger.error('Error Updating Token', err);
return { user: { status: { code: err.code, message: err.message } } };
}
Expand All @@ -259,7 +258,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
return { email, user: { payload: user, status: { code: 200, message: 'success' } }, token: authToken };
}

async getToken(request: GetTokenRequest, context): Promise<DeepPartial<GetTokenResponse>> {
async getToken(request: GetTokenRequest, context: any): Promise<DeepPartial<GetTokenResponse>> {
const oauthService = request.service;
if (!(oauthService in this.clients)) {
throw new Error('Unknown service: ' + oauthService);
Expand Down Expand Up @@ -339,7 +338,7 @@ export class OAuthService implements OAuthServiceImplementation<WithRequestID> {
// append access token on user entity
await this.userService.updateUserTokens(user.payload.id, newAccessToken, toRemove);
this.logger.info('Token updated successfully on user entity', {id: user.payload.id});
} catch (err) {
} catch (err: any) {
this.logger.error('Error Updating Token', err);
return {status: {code: err.code, message: err.message}};
}
Expand Down
28 changes: 14 additions & 14 deletions src/service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import {
getNameFilter,
marshallProtobufAny,
password,
resolveSubject,
returnCodeMessage,
returnOperationStatus,
returnStatus,
Expand Down Expand Up @@ -580,8 +581,8 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
};
// verify the assigned role_associations with the HR scope data before creating
// extract details from auth_context of request and update the context Object
let subject = request.subject;
// update meta data for owners information
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(usersList, AuthZAction.CREATE, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -1772,8 +1773,8 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
return returnOperationStatus(400, 'No items were provided for update');
}
let items = request.items;
let subject = request.subject;
// update meta data for owners information
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(request.items, AuthZAction.MODIFY, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -2093,7 +2094,7 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
}

let usersList = request.items;
let subject = request.subject;
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(request.items, AuthZAction.MODIFY, subject);
let acsResponse: PolicySetRQResponse;
try {
Expand Down Expand Up @@ -2254,7 +2255,6 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
const logger = this.logger;
const identifier = request.identifier;
logger.silly('unregister', identifier);
let subject = request.subject;

const filters = getDefaultFilter(identifier);
const users = await super.read(ReadRequest.fromPartial({ filters }), context);
Expand All @@ -2266,7 +2266,8 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
return returnOperationStatus(400, `Invalid identifier provided for unregistering, multiple users found for identifier ${identifier}`);
}

let resources = users.items.map((e) => e.payload);
const resources = users.items.map((e) => e.payload);
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(resources, AuthZAction.DELETE, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -2301,11 +2302,11 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
* Endpoint delete, to delete a user or list of users
*/
async delete(request: DeleteRequest, context: any): Promise<DeepPartial<DeleteResponse>> {
const logger = this.logger;
let userIDs = request.ids;
let resources = [];
const logger = this.logger;
const userIDs = request.ids;
let acsResources = new Array<any>();
let subject = request.subject;
const subject = await resolveSubject(request.subject);
let action;
if (userIDs) {
action = AuthZAction.DELETE;
Expand All @@ -2317,7 +2318,7 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
resources = [{ id: userIDs }];
}
Object.assign(resources, { id: userIDs });
acsResources = await this.createMetadata(resources, action, subject);
acsResources = await this.createMetadata<any>(resources, action, subject);
}
if (request.collection) {
action = AuthZAction.DROP;
Expand Down Expand Up @@ -3092,7 +3093,7 @@ export class RoleService extends ServiceBase<RoleListResponse, RoleList> impleme
if (!request || !request.items || request?.items?.length == 0) {
return returnOperationStatus(400, 'No role was provided for creation');
}
let subject = request.subject;
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(request.items, AuthZAction.CREATE, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -3158,8 +3159,7 @@ export class RoleService extends ServiceBase<RoleListResponse, RoleList> impleme
}

const items = request.items;
let subject = request.subject;
// update owners information
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(request.items, AuthZAction.MODIFY, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -3230,7 +3230,7 @@ export class RoleService extends ServiceBase<RoleListResponse, RoleList> impleme
return returnOperationStatus(400, 'No items were provided for upsert');
}

let subject = request.subject;
const subject = await resolveSubject(request.subject);
const acsResources = await this.createMetadata(request.items, AuthZAction.MODIFY, subject);
let acsResponse: DecisionResponse;
try {
Expand Down Expand Up @@ -3260,8 +3260,8 @@ export class RoleService extends ServiceBase<RoleListResponse, RoleList> impleme
const logger = this.logger;
let roleIDs = request.ids;
let resources = {};
let subject = request.subject;
let acsResources;
const subject = await resolveSubject(request.subject);
if (!_.isEmpty(roleIDs)) {
Object.assign(resources, { id: roleIDs });
acsResources = await this.createMetadata<any>({ id: roleIDs }, AuthZAction.DELETE, subject);
Expand Down
Loading

0 comments on commit d9afac5

Please sign in to comment.